- WHATS NEW IN Samba 3.0.0
- September 24, 2003
+ =================================
+ Release Notes for Samba 3.0.3pre1
+ March 19, 2004
+ =================================
+
+This is a preview release of the Samba 3.0.3 code base and is
+provided for testing only. This release is *not* intended for
+production servers. Use at your own risk.
+
+There have been several bug fixes since the 3.0.2a release that
+we feel are important to make available to the Samba community
+for wider testings. See the "Changes" section for details on
+exact updates.
+
+Common bugs fixed in this preview release include:
+
+ o Crash bugs and change notify issues in Samba's
+ printing code.
+ o Honoring secondary group membership on domain
+ member servers.
+ o TDB scalability issue surrounding the TDB_CLEAR_IF_FIRST
+ flag.
+
+New features introduced in this preview release include:
+
+ o Improved support for i18n character sets.
+ o Support for account lockout policy based on
+ bad password attempts.
+ o Improved support for long password changes (>14
+ characters) and strong password enforcement.
+ o Continued work on support Windows aliases (i.e.
+ nested groups).
+
+
+
+######################################################################
+Changes
+#######
+Changes since 3.0.2a
+--------------------
+smb.conf changes
+----------------
+
+ Parameter Name Action
+ -------------- ------
+ only user Deprecated
+ use cracklib New
+
+
+Please refer to the CVS log for the SAMBA_3_0 branch for complete
+details. The list of changes per contributor are as follows:
+
+
+commits
+-------
+
+o Jeremy Allison <jra@samba.org>
+ * Ensure that Kerberos mutex is always properly unlocked.
+ * Removed Heimdal "in-memory keytab" support.
+ * Fixup the 'multiple-vuids' bugs in our server code.
+ * Correct return code from lsa_lookup_sids() on unmapped
+ sids (based on work by vl@samba.org).
+ * Fix the "too many fcntl locks" scalability problem
+ raised by tridge.
+ * Fixup correct (as per W2K3) returns for lookupsids
+ as well as lookupnames.
+ * Fixups for delete-on-close semantics as per Win2k3 behavior.
+ * Make SMB_FILE_ACCESS_INFORMATION call work correctly.
+ * Fix "unable to initialize" bug when smbd hasn't been run with
+ new system and a user is being added via pdbedit/smbpasswd.
+ * Added NTrename SMB (0xA5).
+ * Fixup correct timeout values for blocking lock timeouts.
+ * Fix various bugs reported by 'gentest'.
+ * More locking fixes in the case where we own the lock.
+ * Fix up regression in IS_NAME_VALID and renames.
+ * Don't set allocation size on directories.
+ * Return correct error code on fail if file exists and target
+ is a directory.
+ * Added client "hardlink" comment to test doing NT rename with
+ hard links. Added hardlink_internals() code - UNIX extensions
+ now use this as well.
+ * Use a common function to parse all pathnames from the wire for
+ much closer emulation of Win2k3 error return codes.
+ * Implement check_path_syntax() and rewrite string sub
+ functions for better multibyte support.
+ * Ensure msdfs referrals are multibyte safe.
+ * Allow msdfs symlink syntax to be more forgiving.
+ eg. sym_link -> msdfs://server/share/path/in/share
+ or sym_link -> msdfs:\\server\share\path\in\share.
+ * Cleanup multibyte netbios name support in nmbd ( based on patch
+ by MORIYAMA Masayuki <moriyama@miraclelinux.com>).
+ * Fix check_path_syntax() for multibyte encodings which have
+ no '\' as second byte (based on work by ab@samba.org.
+ * Fix the "dfs self-referrals as anonymous user" problem
+ (based on patch from vl@samba.org).
+
+
+o Timur Bakeyev <timur@com.bat.ru>
+ * BUG 1144: only set --with-fhs when the argument is 'yes'
+
+
+o Andrew Bartlet <abartlet@samba.org>
+ * Include support for linking with cracklib for enforcing strong
+ password changes.
+ * Add support for >14 character password changes from Windows
+ clients.
+ * Add 'admin set password' capability to 'net rpc'.
+ * Allow 'net rpc samdump' to work with any joined domain
+ regardless of smb.conf settings.
+ * Use an allocated buffer for count_chars.
+ * Add sanity checks for changes in the domain SID in an
+ LDAP DIT.
+ * Implement python unit tests for Samba's multibyte string
+ support.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * Fix incorrect size calculation of the directory name
+ in recycle.so.
+ * Fix problems with very long filenames in both smbd and smbclient
+ caused by truncating paths during character conversions.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Fix 'make installmodules' bug on True64.
+ * BUG 66: mark 'only user' deprecated.
+ * Remove corrupt tdb and shutdown (only for printing tdbs,
+ connections, sessionid & locking).
+ * decrement smbd counter in connections.tdb in smb_panic().
+ * RedHat specfile updates.
+ * Fix xattr.h build issue on Debian testing and SuSE 8.2.
+ * BUG 1147; bad pointer case in get_stored_queue_info()
+ causing seg fault.
+ * BUG 761: read the config file before initialized default
+ values for printing options; don't default to bsd printing
+ Linux.
+ * Allow the 'printing' parameter to be set on a per share basis.
+ * BUG 503: RedHat/Fedora packaging fixes regarding logrotate.
+ * BUG 848: don't create winbind local users/groups that already
+ exist in the tdb.
+ * BUG 1080: fix declaration of SMB_BIG_UINT (broke compile on
+ LynxOS/ppc).
+ * BUG 488: fix the 'show client in col 1' button and correctly
+ enumerate active connections.
+ * BUG 1007 (partial): Fix abort in smbd caused by byte ordering
+ problem when storing the updating pid for the lpq cache.
+ * BUG 1007 (partial): Fix print change notify bugs.
+ * BUG 1165, 1126: Fix bug with secondary groups (security = ads)
+ and winbind use default domain = yes. Also ensures that
+ * BUG 1151: Ensure that winbindd users are passed through
+ the username map.
+ * Fix client rpc binds for ASU derived servers (pc netlink,
+ etc...).
+
+
+o Robert Dahlem <Robert.Dahlem@gmx.net>
+ * BUG 1048: Don't return short names when when 'mangled names = no'
+
+
+o Guenther Deschner <gd@suse.com>
+ * Remove hard coded attribute name in the ads ranged retrieval
+ code.
+
+
+o Bostjan Golob <golob@gimb.org>
+ * BUG 1046: Fix getpwent_list() so that the username is not
+ overwritten by other fields.
+
+
+o Steve French <sfrench@us.ibm.com>
+ * Update mount.cifs to version 1.1.
+ * Disable dev (MS_NODEV) on user mounts from cifs vfs.
+ * Fixes to minor security bug in the mount helper.
+
+
+o SATOH Fumiyasu <fumiya@miraclelinux.com>
+ * BUG 1055; formatting fixes for 'net share'.
+ * BUG 692: correct truncation of share names and workgroup
+ names in smbclient.
+ * BUG 1088: use strchr_m() for query_host (smbclient -L).
+
+
+o Chris Hertel <crh@samba.org>
+ * fix enumeration of shares 12 characters in length via
+ smbclient.
+
+
+o John Klinger <john.klinger@lmco.com>
+ * Return NSS_SUCCESS once the max number of gids possible
+ has been found in initgroups() on Solaris.
+ * BUG 1182: Re-enable the -n 'no cache' option for winbindd.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Fix success message for net groupmap modify.
+ * Fix errors when enumerating members of groups in 'net rpc'.
+ * Match Windows behavior in samr_lookup_names() by returning
+ ALIAS(4) when you search in BUILTIN.
+ * Fix server SAMR code to be able to set alias info for
+ builtin as well.
+ * Fix duplication of logic when creating groups via smbd.
+ * Ensure that the HWM values are set correctly after running
+ 'net idmap'.
+ * Add 'net rpc group add'.
+ * Implement 'net groupmap set' and 'net groupmap cleanup'.
+ * Add 'net rpc group [add|del]mem' for domain groups and aliases.
+ * Fix wb_delgrpmem (wbinfo -o).
+ * As a DC we should not reply to lsalookupnames on DCNAME\\user.
+ * Fix sambaUserWorkstations on a Samba DC.
+
+
+o Herb Lewis <herb@samba.org>
+ * Fix typo for tag in proto file.
+ * Add missing #ifdef HAVE_BICONV stuff.
+ * Truncate Samba's netbios name at the first '.' (not
+ right to left).
+
+
+o Jianliang Lu <j.lu@tiesse.com>
+ * Enforce the 'user must change password at next login' flag.
+ * Decode meaning of 'fields present' flags (improves support
+ for usrmgr.exe).
+
+
+o L. Lucius <ib@digicron.com>.
+ * type fixes.
+
+
+o Jim McDonough <jmcd@us.ibm.com>
+ * Add versioning support to tdbsam.
+ * Update the IBM Directory Server schema with the OpenLDAP
+ file.
+ * Various decoding fixes to improve usrmgr.exe support.
+ * Fix statfs redeclaration of statfs struct on ppc
+ * Implement support for password lockout of Samba domain
+ controllers and standalone servers.
+ * Get MungedDial attribute actually working with full TS
+ strings in it for pdb_ldap.
+
+
+o Heinrich Mislik <Heinrich.Mislik@univie.ac.at>
+ o BUG 979 -- Fix quota display on AIX.
+
+
+o James Peach <jpeach@sgi.com>
+ * Correct check for printf() format when using the SGI MIPSPro
+ compiler.
+ * BUG 1038: support backtrace for 'panic action' on IRIX.
+ * BUG 768: Accept profileing arg to IRIX init script.
+ * BUG 748: Relax arg parsing to sambalp script (IRIX).
+ * BUG 758: Fix pdma build.
+
+
+o Tim Potter <tpot@samba.org>
+ * Fix logic bug in tdb non-blocking lock routines when
+ errno == EAGAIN.
+ * BUG 1025: Include sys/acl.h in check for broken nisplus
+ include files.
+ * BUG 1066: s/printf/d_printf/g in SWAT.
+ * BUG 1098: rename internal msleep() function to fix build
+ problems on AIX.
+ * BUG 1112: Fix for writable printerdata problem in python bindings.
+ * BUG 1154: Remove reference to <sys/mman.h> in tdbdump.c.
+ * BUG 1155: enclose use of fchown() with guards.
+
+
+o Simo Source <idra@samba.org>
+ * Replace unknown_3 with fields_present in SAMR code.
+
+
+o Richard Sharpe <rsharpe@samba.org>
+ * Add support to smbclient for multiple logins on the same
+ session (based on work by abartlet@samba.org).
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Rewrote the AIX UESS backend for winbindd.
+ * Fixed compilation with --enable-dmalloc.
+
+
+o Jelmer Vernooij <jelmer@samba.org>
+ * Fix ETA Calculation when resuming downloads in smbget.
+ * Add -O (for writing downloaded files to standard out)
+ based on patch by Bas van Sisseren <bas@dnd.utwente.nl>.
+
+
+o TAKEDA yasuma <yasuma@miraclelinux.com>
+ * BUG 900: fix token processing in cmd_symlink, cmd_link,
+ cmd_chown, cmd_chmod smbclient functions.
+
+
+o Shiro Yamada <shiro@miraclelinux.com>
+ * BUG 1129: install image files for SWAT.
+
+
+Changes for older versions follow below:
+
+ --------------------------------------------------
+
+ ==============================
+ Release Notes for Samba 3.0.2a
+ February 13, 2004
==============================
-This is the first official release of Samba 3.0.0 code base. Work
-on the SAMBA_3_0 CVS branch continues. Please refer to the section
-on "Known Issues" for more details.
+Samba 3.0.2a is a minor patch release for the 3.0.2 code base
+to address, in particular, a problem when using pdbedit to
+sanitize (--force-initialized-passwords) Samba's tdbsam
+backend. This is the latest stable release of Samba. This
+is the version that all production Samba servers should be
+running for all current bug-fixes.
+
+******************* Attention! Achtung! Kree! *********************
+
+Beginning with Samba 3.0.2, passwords for accounts with a last
+change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in
+ldapsam, etc...) of zero (0) will be regarded as uninitialized
+strings. This will cause authentication to fail for such
+accounts. If you have valid passwords that meet this criteria,
+you must update the last change time to a non-zero value. If you
+do not, then 'pdbedit --force-initialized-passwords' will disable
+these accounts and reset the password hashes to a string of X's.
+
+******************* Attention! Achtung! Kree! *********************
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.2
+-------------------
+
+commits
+-------
+
+Please refer to the CVS log for the SAMBA_3_0 branch for complete
+details. The list of changes per contributor are as follows:
+
+
+o Jeremy Allison <jra@samba.org>
+ * Added paranoia checks in parsing code.
+
+
+o Andrew Bartlet <abartlet@samba.org>
+ * Ensure that changes to uninitialized passwords in ldapsam
+ are written to the DIT.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Fixed iterator in tdbsam.
+ * Fix bug that disabled accounts with a valid NT password
+ hash, but no LanMan hash.
+
+
+o Steve French <sfrench@us.ibm.com>
+ * Added missing nosetuid and noexec options.
+
+
+o Bostjan Golob <golob@gimb.org>
+ * BUG 1046: Don't overwrite usernames of entries returned
+ by getpwent_list().
+
+
+o Sebastian Krahmer <krahmer@suse.de>
+ * Fixed potential crash bug in NTLMSSP parsing code.
+
+
+o Tim Potter <tpot@samba.org>
+ * Fixed logic in tdb_brlock error checking.
+
+
+o Urban Widmark <urban@teststation.com>
+ * Set nosuid,nodev flags in smbmnt by default.
+
+
+ --------------------------------------------------
+
+ =============================
+ Release Notes for Samba 3.0.2
+ February 9, 2004
+ =============================
+
+It has been confirmed that previous versions of Samba 3.0 are
+susceptible to a password initialization bug that could grant an
+attacker unauthorized access to a user account created by the
+mksmbpasswd.sh shell script.
+
+The Common Vulnerabilities and Exposures project (cve.mitre.org)
+has assigned the name CAN-2004-0082 to this issue.
+
+Samba administrators not wishing to upgrade to the current
+version should download the 3.0.2 release, build the pdbedit
+tool, and run
+
+ root# pdbedit-3.0.2 --force-initialized-passwords
+
+This will disable all accounts not possessing a valid password
+(e.g. the password field has been set a string of X's).
+
+Samba servers running 3.0.2 are not vulnerable to this bug
+regardless of whether or not pdbedit has been used to sanitize
+the passdb backend.
+
+Some of the more visible bugs in 3.0.1 addressed in the 3.0.2
+release include:
+
+ o Joining a Samba domain from Pre-SP2 Windows 2000 clients.
+ o Logging onto a Samba domain from Windows XP clients.
+ o Problems with the %U and %u smb.conf variables in relation to
+ Windows 9x/ME clients.
+ o Kerberos failures due to an invalid in memory keytab detection
+ test.
+ o Updates to the ntlm_auth tool.
+ o Fixes for various SMB signing errors.
+ o Better separation of WINS and DNS queries for domain controllers.
+ o Issues with nss_winbind FreeBSD and Solaris.
+ o Several crash bugs in smbd and winbindd.
+ o Output formatting fixes for smbclient for better compatibility
+ with scripts based on the 2.2 version.
+
+
+Changes since 3.0.1
+-------------------
+
+smb.conf changes
+----------------
+
+ Parameter Name Action
+ -------------- ------
+ ldap replication sleep New
+ read size removed (unused)
+ source environment removed (unused)
+
+
+commits
+-------
+
+Please refer to the CVS log for the SAMBA_3_0 branch for complete
+details. The list of changes per contributor are as follows:
+
+o Jeremy Allison <jra@samba.org>
+ * Revert change that broke Exchange clear text samlogons.
+ * Fix gcc 3.4 warning in MS-DFS code.
+ * Tidy up of NTLMSSP code.
+ * Fixes for SMB signing errors
+ * BUG 815: Workaround NT4 bug to support plaintext
+ password logins and UNICODE.
+ * Fix SMB signing bug when copying large files.
+ * Correct error logic in mkdir_internals() (caused a panic
+ when combined with --enable-developer).
+ * BUG 830: Protect against crashes due to bad character
+ conversions.
+
+
+o Petri Asikainen <paca@sci.fi>
+ * BUG 330, 387:Fix single valued attribute updates when
+ working with Novell NDS.
+
+
+o Andrew Bartlet <abartlet@samba.org>
+ * Correctly handle per-pipe NTLMSSP inside a NULL session.
+ * Fix segfault in gencache
+ * Fix early free() of encrypted_session_key.
+ * Change DC lookup routines to more carefully separate
+ DNS names (realms) from NetBIOS domain names.
+ * Add new sid_to_dn() function for internal winbindd use.
+ * Refactor cli_ds_enum_domain_trusts().
+ * BUG 707: Implement range retrieval of ADS attributes (based
+ on work from Volker <vl@samba.org> and Guenther Deschner
+ <gd@suse.com>).
+ * Automatically initialize the signing engine if a session key
+ is available.
+ * BUG 916: Do not perform a + -> ' ' substitution for squid URL
+ encoded strings, only form input in SWAT.
+ * Resets the NTLMSSP state for new negotiate packets.
+ * Add 2-byte alignments in net_samlogon() queries to parse
+ odd-length plain text passwords.
+ * Allow Windows groups with no members in winbindd.
+ * Allow normal authentication in the absence of a server
+ generated session key.
+ * More optimizations for looking up UNIX group lists.
+ * Clean up error codes and return values for pam_winbindd
+ and winbindd PAM interface.
+ * Fix string return values in ntlm_auth tool.
+ * Fix segfault when 'security = ads' but no realm is defined.
+ * BUG 722: Allow winbindd to map machine accounts to uids.
+ * More cleanups for winbindd's find_our_domain().
+ * More clearly detect whether a domain controller is an NT4
+ or mixed-mode AD DC (additional bug fixes by jerry & jmcd).
+ * Increase separation between DNS queries for hosts and queries
+ for AD domain controllers.
+ * Include additional NT_STATUS to PAM error mappings.
+ * Password initialization fixes.
+
+
+o Justin Baugh <justin.baugh@request.com>
+ * BUG 948: Implement missing functions required for FreeBSD
+ nss_winbind support.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * BUG 922: Make sure enable fast path for strlower_m() and
+ strupper_m().
+
+
+o Luca Bolcioni <Luca.Bolcioni@yacme.com>
+ * Fix crash when using 'security = server' and 'encrypt
+ passwords = no' by always initializing the session key.
+
+
+o Dmitry Butskoj <buc@odusz.elektra.ru>
+ * Fix for special files being hidden from admins.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Fix bug in the lanman session key generation. Caused
+ "decode_pw: incorrect password length" error messages.
+ * Save the right case for the located user name in
+ fill_sam_account(). Fixes %U/%u expansion for win9x clients.
+ * BUG 897: Add well known rid for pre win2k compatible access
+ group.
+ * BUG 887: Correct typo in delete user script example.
+ * Use short lived TALLOC_CTX* for allocating printer objects
+ from the print handle cache.
+ * BUG 912: Fix check for HAVE_MEMORY_KEYTAB.
+ * Fix several warnings reported by the SUN Forte C compiler.
+ * Fully control DNS queries for AD DC's using 'name resolve order'.
+ * BUG 770: Send the SMBjobid for UNIX jobs back to the client.
+ * BUG 972: Fix segfault in cli_ds_getprimarydominfo().
+ * BUG 936: fix bind credentials for schannel binds in smbd.
+ * BUG 446: Fix output of smbclient for better compatibility
+ with scripts based on the 2.2 version (including Amanda).
+ * BUG 891, 949: Fedora packaging fixes.
+ * Fix bug that caused rpcclient to incorrectly retrieve
+ the SID for a server (this causing all calls that required
+ this information to fail).
+ * BUG 977: Don't create a homes share for a user if a static
+ share already exists by the same name.
+ * Removed unused smb.conf options.
+ * Password initialization fixes.
+ * Set the disable flag for template accounts created by
+ mksmbpasswd.sh.
+ * Disable any account has no passwords and does not have the
+ ACB_PWNOTREQ bit set.
+
+
+o Guenther Deschner <gd@suse.com>
+ * Install smbwrapper.so should be put into the $(libdir)
+ and not $(bindir).
+ * Add the capability to specify the new user password
+ for "net ads password" on the command line.
+ * Correctly detect AFS headers on SuSE.
+
+
+o James Flemer <jflemer@uvm.edu>
+ * Fix AIX compile bug by linking HAVE_ATTR_LIST to
+ HAVE_SYS_ATTRIBUTES_H.
+
+
+o Luke Howard <lukeh@PADL.COM>
+ * Fix segfault in session setup reply caused by a early free().
+
+
+o Stoian Ivanov <sdr@bultra.com>
+ * Implement grepable output for smbclient -L.
+
+
+o LaMont Jones <lamont@debian.org>
+ * BUG 225328 (Debian): Correct false failure LFS test that resulted
+ in _GNU_SOURCE not being defined (thus resulting in strndup()
+ not being defined).
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 583: Ensure that user names always contain the short
+ version of the domain name.
+ * Fix our parsing of the LDAP uri.
+ * Don't show the 'afs username map' in the SWAT basic view.
+ * Fix SMB signing issues in relation to failed NTLMSSP logins.
+ * BUG 924: Fix return codes in smbtorture harness.
+ * Always lower-case usernames before handing it to AFS code.
+ * Add a German translation for SWAT.
+ * Fix a segfaults in winbindd.
+ * Fix the user's domain passed to register_vuid() from
+ reply_spnego_kerberos().
+ * Add NSS example code in nss_winbind to convert UNIX
+ id's <-> Windows SIDs.
+ * Display more descriptive error messages for login via 'net'.
+ * Fix compiler warning in the net tool.
+ * Fix length bug when decoding base64 strings.
+ * Ensure we don't call getpwnam() inside a loop that is iterating
+ over users with getpwent(). This broke on glibc 2.3.2.
+
+
+o Herb Lewis <herb@samba.org>
+ * Fix bit rot in psec.
+
+
+o Jianliang Lu <j.lu@tiesse.com>
+ * Ensure we delete the group mapping before calling the delete
+ group script.
+ * Define well known RID for managing the "Power Users" group.
+ * BUG 381: check builtin (not local) group SID when updating
+ group membership.
+ * BUG 101: set the SV_TYPE_PRINTQ_SERVER flag in host announcement
+ packet.
+
+
+o John Klinger <john.klinger@lmco.com>
+ * Implement initgroups() call in nss_winbind on Solaris.
+
+
+o Jim McDonough <jmcd@us.ibm.com>
+ * Fix regression in net rpc join caused by recent changes
+ to cli_lsa_query_info_policy().
+ * BUG 964: Fix crash bug in 'net rpc join' using a preexisting
+ machine account.
+
+
+o MORIYAMA Masayuki <moriyama@miraclelinux.com>
+ * BUG 570: Ensure that configure honors the LDFLAGS variable.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Implement LDAP rebind sleep patch.
+ * Revert to 2.2 quota code because of so many broken quota files
+ out there.
+ * Fix XFS quotas: HAVE_XFS_QUOTA -> HAVE_XFS_QUOTAS
+ XFS_USER_QUOTA -> USRQUOTA
+ XFS_GROUP_QUOTA -> GRPQUOTA
+ * Fix disk_free calculation with group quotas.
+ * Add debug class 'quota' and a lot of DEBUG()'s
+ to the quota code.
+ * Fix sys_chown() when no chown() is present.
+ * Add SIGABRT to fault handling in order to catch got a
+ backtrace if an error occurs the OpenLDAP client libs.
+
+
+o <ndb@theghet.to>
+ * Allow an existing LDAP machine account to be re-used when
+ joining an AD domain.
+
+
+o James Peach <jpeach@sgi.com>
+ * BUG 889: Change smbd to use pread/pwrite on platforms that
+ support these calls. Can lead to a significant speed increase.
+
+
+o Tim Potter <tpot@samba.org>
+ * BUG 905: Remove POBAD_CC to fix Solaris Forte compiles.
+ * BUG 924: Fix typo in RW2 torture test.
+
+
+o Richard Sharpe <shape@samba.org>
+ * Small fixes to torture.c to cleanup the error handling
+ and prevent crashes.
+
+
+o J. Tournier <jerome.tournier@IDEALX.com>
+ * Small fixes for the smbldap-tool scripts.
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Fix src len check in pull_usc2().
+
+
+o Jelmer Vernooij <jelmer@samba.org>
+ * Put functions for generating SQL queries in pdb_sql.c
+ * Add pgSQL backend (based on patch by Hamish Friedlander)
+ * BUG 908: Fix -s option to smbcontrol.
+ * Add smbget utility - a wget-clone for the SMB/CIFS protocol.
+ * Fix for libnss_wins on IRIX platforms.
+ * Fix swatdir for --with-fhs.
+
+
+ --------------------------------------------------
+
+ =============================
+ Release Notes for Samba 3.0.1
+ December 15, 2003
+ =============================
+
+Some of the more common bugs in 3.0.0 addressed in the release
+include:
+
+ o Substitution problems with smb.conf variables.
+ o Errors in return codes which caused some applications
+ to fail to open files.
+ o General Protection Faults on Windows 2000/XP clients
+ using Samba point-n-print features.
+ o Several miscellaneous crash bugs.
+ o Access problems when enumerating group mappings are
+ stored in an LDAP Directory.
+ o Several common SWAT bugs when writing changes to
+ smb.conf.
+ o Internal inconsistencies when 'winbind use default
+ domain = yes'
+
+
+
+Changes since 3.0.0
+----------------------
+
+ Parameter Name Action
+ -------------- ------
+ hide local users Removed
+ mangled map Deprecated
+ mangled stack Removed
+ passwd chat timeout New
+
+
+commits
+-------
+
+o Change the interface for init_unistr2 to not take a length
+ but a flags field. We were assuming that
+ 2*strlen(mb_string) == length of ucs2-le string. (bug 480).
+o Allow d_printf() to handle strings with escaped quotation
+ marks since the msg file includes the escape character (bug 489).
+o Fix bad html table row termination in SWAT wizard code (bug 413).
+o Fix to parse the level-2 strings.
+o Fix for "valid users = %S" in [homes]. Fix read/write
+ list as well.
+o Change AC_CHECK_LIB_EXT to prepend libraries instead of append.
+ This is the same way AC_CHECK_LIB works (bug 508).
+o Testparm output fixes for clarity.
+o Fix broken wins hook functionality -- i18n bug (bug 528).
+o Take care of condition where DOS and NT error codes must differ.
+o Default to using only built-in charsets when a working iconv
+ implementation cannot be located.
+o Wrap internals of sys_setgroups() so the sys_XX() call can
+ be done unconditionally (bug 550).
+o Remove duplicate smbspool link on SWAT's front page (bug 541).
+o Save and restore CFLAGS before/after AC_PROG_CC. Ensures that
+ --enable-debug=[yes|no] works correctly.
+o Allow ^C to interrupt smbpasswd if using our getpass
+ (e.g. smbpasswd command).
+o Support signing only on RPC's (bug 167).
+o Correct bug that prevented Excel 2000 clients from opening
+ files marked as read-only.
+o Portability fix bugs 546 - 549).
+o Explicitly initialize the value of AR for vendor makes that don't
+ do this (e.g. HPUX 11). (bug 552).
+o More i18n fixes for SWAT (bug 413).
+o Change the cwd before the postexec script to ensure that a
+ umount will succeed.
+o Correct double free that caused winbindd to crash when a DC
+ is rebooted (bug 437).
+o Fix incorrect mode sum (bug 562).
+o Canonicalize SMB_INFO_ALLOCATION in the same was as
+ SMB_FS_FULL_SIZE_INFORMATION (bug 564).
+o Add script to generate *msg files.
+o Add Dutch SWAT translation file.
+o Make sure to call get_user_groups() with the full winbindd
+ name for a user if he/she has one (bug 406).
+o Fix up error code returns from Samba4 tester. Ensure invalid
+ paths are validated the same way.
+o Allow Samba3 to pass the Samba4 RAW-READ tests.
+o Refuse to configure if --with-expsam=$BACKEND was used but no
+ libraries were found for $BACKEND.
+o Move sysquotas autoconf tests to a separate file.
+o Match W2K w.r.t. writelock and writeclose. Samba4 torture
+ tester
+o Make sure that the files that contain the static_init_$subsystem;
+ macro get recompiled after configure by removing the object
+ files.
+o Ensure canceling a blocking lock returns the correct error
+ message.
+o Match Samba 2.2 behavior; make ACB_NORMAL the default ACB value.
+o Updated Japanese welcome file in SWAT.
+o Fix to nt-time <-> unix-time functions reversible.
+o Ensure that winbindd uses the the escaped DN when querying
+ an AD ldap server.
+o Fix portability issues when compiling (bug 505, 550)
+o Compile fix for tdbbackup when Samba needs to override
+ non-C99 compliant implementations of snprintf().
+o Use @PICSUFFIX@ instead of .po in Makefile.in (bug 574).
+o Make sure we break out of samsync loop on error.
+o Ensure error code path doesn't free unmalloc()'d memory
+ (bug 628).
+o Add configure test for krb5_keytab_entry keyblock vs key
+ member (bug 636).
+o Fixed spinlocks.
+o Modified testparm so that all output so all debug output goes
+ to stderr, and all file processing goes to stdout.
+o Fix error return code for BUFFER_TOO_SMALL in smbcacls
+ and smbcquotas.
+o Fix "NULL dest in safe_strcpy()" log message by ensuring that
+ we have a devmode before copying a string to the devicename.
+o Support mapping REALM.COM\user to a local user account (without
+ running winbindd) for compatibility with 2.2.x release.
+o Ensure we don't use mmap() on blacklisted systems.
+o fixed a number of bugs and memory leaks in the AIX
+ winbindd shim
+o Call initgroups() in SWAT before becomming the user so that
+ secondary group permissions can be used when writing to
+ smb.conf.
+o Fix signing problems when reverse connecting back to a
+ client for printer notify
+o Fix signing problems caused by a miss-sequence bug.
+o Missing map in errormap for ERROR_MORE_DATA -> ERRDOS, ERRmoredata.
+ Fixes NEXUS tools running on Win9x clients (bug 64).
+o Don't leave the domain field uninitialized in cli_lsa.c if some
+ SID could not be mapped.
+o Fix segfault in mount.cifs helper when there is no options
+ specified during mount.
+o Change the \n after the password prompt to go to tty instead
+ of stdout (bug 668).
+o Stop net -P from prompting for machine account password (bug 451).
+o Change in behavior to Not only change the effective uid but also
+ the real uid when becoming unprivileged.
+o Cope with Exchange 5.5 cleartext pop password auth.
+o New files for support of initshutdown pipe. Win2k doesn't
+ respond properly to all requests on the winreg pipe, so we need
+ to handle this new pipe (bug 534).
+o Added more va_copy() checks in configure.in.
+o Include fixes for libsmbclient build problems.
+o Missing UNIX -> DOS codepage conversion in lanman.c.
+o Allow DFMS-S filenames can now have arbitrary case (bug 667).
+o Parameterize the listen backlog in smbd and make it larger by
+ default. A backlog of 5 is way too small these days.
+o Check for an invalid fid before dereferencing the fsp pointer
+ (bug 696).
+o Remove invalid memory frees and return codes in pdb_ldap.c.
+o Prompt for password when invoking --set-auth-user and no
+ password is given.
+o Bind the nmbd sending socket to the 'socket address'.
+o Re-order link command for smbd, rpcclient and smbpasswd to ensure
+ $LDFLAGS occurs before any library specification (bug 661).
+o Fix large number of printf() calls for 64-bit size_t.
+o Fix AC_CHECK_MEMBER so that SLES8 does correctly finds the
+ keyblock in the krb5 structs.
+o Remove #include <compat.h> in hopes to avoid problems with
+ apache header files.
+o Correct winbindd build problems on HP-UX 11.
+o Lowercase netgroups lookups (bug 703).
+o Use the actual size of the buffer in strftime instead of a made
+ up value which just happens to be less than sizeof(fstring).
+ (bug 713).
+o Add ldaplibs to pdbedit link line (bug 651).
+o Fix crash bug in smbclient completion (bug 659).
+o Fix packet length for browse list reply (bug 771).
+o Fix coredump in cli_get_backup_list().
+o Make sure that we expand %N (bug 612).
+o Allow rpcclient adddriver command to specify printer driver
+ version (bug 514).
+o Compile tdbdump by default.
+o Apply patches to fix iconv detection for FreeBSD.
+o Do not allow the 'guest account' to be added to a passdb backend
+ using smbpasswd or pdbedit (bug 624).
+o Save LDFLAGS during iconv detection (bug 57).
+o Run krb5 logins through the username map if the winbindd
+ lookup fails (bug 698).
+o Add const for lp_set_name_resolve_order() to avoid compiler
+ warnings (bug 471).
+o Add support for the %i macro in smb.conf to stand in for the for
+ the local IP address to which a client connected.
+o Allow winbindd to match local accounts to domain SID when
+ 'winbind trusted domains only = yes' (bug 680).
+o Remove code in idmap_ldap that searches the user suffix and group
+ suffix. It's not needed and provides inconsistent functionality
+ from the tdb backend.
+o Patch to handle munged dial string for Windows 2000 TSE.
+ Thanks to Gaz de France, Direction de la Recherche, Service
+ Informatique Métier for their supporting this work by Aurelien
+ Degrémont <adegremont@idealx.com>.
+o Correct the "smbldap_open: cannot access when not root error"
+ messages when looking up group information (bug 281).
+o Skip over the winbind separator when looking up a user.
+ This fixes the bug that prevented local users from
+ matching an AD user when not running winbindd (bug 698).
+o Fix a problem with configure on *BSD systems. Make sure
+ we add -liconv etc to LDFLAGS.
+o Fix core dump bug when "security = server" and the authentication
+ server goes away.
+o Correct crash bug due to an empty munged dial string.
+o Show files locked by a specific user (smbstatus -u 'user')
+ (bug 590).
+o Fix bug preventing print jobs from display in the queue
+ monitor used by Windows NT and later clients (bug 660).
+o Fix several reported problems with point-n-print from
+ Windows 2000/XP clients due to a bug in the EnumPrinterDataEx()
+ reply (bug 338, 527 & 643).
+o Fix a handful of potential memory leaks in the LDAP code used
+ by ldapsam[_compat] and the LDAP idmap backend.
+o Fix for pdbedit error code returns (bug 763).
+o Make sure we only enumerate group mapping entries (not
+ /etc/group) even when doing local aliases.
+o Relax check on the pipe name in a dce/rpc bind response to work
+ around issues with establishing trusts to a Windows 2003 domain.
+o Ensure we mangle names ending in '.' in hash2 mangling method.
+o Correct parsing issues with munged dial string.
+o Fix bugs in quota support for XFS.
+o Add a cleaner method for applications that need to provide
+ name->SID mappings to do this via NSS rather than having to
+ know the winbindd pipe protocol.
+o Adds a variant of the winbindd_getgroups() call called
+ winbindd_getusersids() that provides direct SID->SIDs listing of
+ a users supplementary groups. This is enough to allow non-Samba
+ applications to do ACL checking.
+o Make sure we don't append the 'ldap suffix' when writing out the
+ 'ldap XXX suffix' values in SWAT (bug 328).
+o Fix renames across file systems.
+o Ensure that items in a list of strings containing whitespace are
+ written out surrounded by single quotes. This means that both
+ double and single quotes are now used to surround strings in
+ smb.conf (bug 481).
+o Enable SWAT to correctly determine if winbindd is running (bug
+ 398).
+o Include WWW-Authenticate field in 401 response for bad auth
+ attempt (bug 629).
+o Add support for NTLM2 (NTLMv2 session security).
+o Add support for variable-length session keys.
+o More privilege fixes for group enumeration in LDAP (bug 281).
+o Use the dns name (or IP) as the originating client name when
+ using CUPS (bug 467).
+o Fix various SMB signing bugs.
+o Fix ACL propagation on a DFS root (bug 263).
+o Disable NTLM2 for RPC pipes.
+o Allow the client to specify the NTLM2 flags got NTLMSSP
+ authentication.
+o Change the name of the job passed off to cups from "Test Page"
+ to "smbprn.00000033 Test Page" so that we can get the smb
+ jobid back. This allow users to delete jobs with cups printing
+ backend (partial work on bug 770).
+o Fix build of winbindd with static pdb modules.
+o Retrieve the correct ACL group bits if the file has an ACL
+ (bug 802).
+o Implement "net rpc group members": Get members of a domain group
+ in human-readable format.
+o Add MacOSX (Darwin) specific charset module code.
+o Use samr_dispinfo(level == 1) for enumerating domain users so we
+ can include the full name in gecos field (bug 587).
+o Add support for winbind's NSS library on FeeeBSD 5.1 (bug 797).
+o Implement 'net rpc group list [global|local|builtin]*' for a
+ select listing of the respective user databases.
+o Don't automatically set NT status code flag unless client tells
+ us it can cope.
+o Add 'net status [sessions|shares] [parseable]'.
+o Don't mistake pre-existing UNIX jobs for smb jobs (remainder of
+ bug 770).
+o Add 'Replicator' and 'RAS Servers' to list of builtin SIDs
+ (bug 608).
+o Fix inverted logic in hosts allow/deny checks caused by
+ s/strcmp/strequal/ (bug 846).
+o Implement correct version SamrRemoveSidForeignDomain() (bug 252).
+o Fix typo in 'hash' mangling algorithm.
+o Support munged dial for ldapsam (bug 800).
+o Fix process_incoming_data() to return the number of bytes handled
+ this call whether we have a complete PDU or not; fixes bug
+ with multiple PDU request rpc's broken over SMBwriteX calls
+ each.
+o Fix incorrect smb flags2 for connections to pre-NT servers
+ (causes smbclient to fail to OS2 for example) (bug 821).
+o Update version string in smbldap-tools Makefile to 0.8.2.
+o Correct a problem with "net rpc vampire" mis-parsing the
+ alias member info reply.
+o Ensure the ${libdir} is created by the installclientlib script.
+o Fix detection of Windows 2003 client architecture in the smb.conf
+ %a variable.
+o Ensure that smbd calls the add user script for a missing UNIX
+ user on kerberos auth call (bug 445).
+o Fix bugs in hosts allow/deny when using a mismatched
+ network/netmask pair.
+o Protect alloc_sub_basic() from crashing when the source string
+ is NULL (partial work on bug 687).
+o Fix spinlocks on IRIX.
+o Corrected some bad destination paths when running "configure
+ --with-fhs".
+o Add packaging files for Fedora Core 1.
+o Correct bug in SWAT install script for non-english languages.
+o Support character set ISO-8859-1 internally (bug 558).
+o Fixed more LDAP access errors when looking up group mappings
+ (bug 281).
+o Fix UNISTR2 length bug in LsaQueryInfo(3) that caused SID
+ resolution to fail on local files on on domain members
+ (bug 875).
+o Fix uninitialized variable in passdb.c.
+o Fix formal parameter type in get_static() in nsswitch/wins.c.
+o Fix problem mounting directories when mount.cifs is installed
+ with the setuid bit on.
+o Fix bug that prevent --mandir from overriding the defaults
+ given in the --with-fhs macro.
+o Fix bug in in-memory Kerberos keytab detection routines
+ in configure.in
+
+
+
+######################################################################
+
+ The original 3.0.0 release notes follow
+ =======================================
+ WHATS NEW IN Samba 3.0.0
+ September 24, 2003
+ =======================================
Major new features:
License.
-######################################################################
-Changes since 3.0rc4
-####################
-
-Please refer to the CVS log for the SAMBA_3_0 branch for complete
-details:
-
-1) Fix bug that prevented restoring filenames of length
- >100 characters.
-2) Fix bug that prevented fast path code in strchr_m
- from being used.
-3) Make sure we store the desired access flag on incoming
- SAMR rpc calls.
-4) Fix smbd crash when dealing with mangled file names.
-5) Ensure that the group comment field is not overwritten
- if it already exists.
-6) Fix bug that prevented 'net rpc join' from working
- with mixed mode AD domains (bug 442).
-7) Fix crash in smbd when a Samba PDC is not able to
- enumerate trusted domains (bug 450).
-8) Fix crash bug found by the Samba4 testsuite.
-9) Fix bug that prevented smbd from returning an ACL list
- if one of the SIDs could not be resolved (bug 470).
-10) Remove -P option from smbclient printing scripts since it
- has a different meaning in Samba 3.0 (bug 473).
-11) Sync smbldap-tools with latest version
-12) Cleanup some warnings produced by the Sun C compiler.
-13) Several fixes for SWAT relating to international character
- sets.
-
-
-Changes since 3.0rc3
-####################
-
-1) Fix incorrect error message in testparm.c regarding 'map system'.
-2) Protect against core dump if ioctl for print job sends invalid
- fid.
-3) Fix bug in generic hash cacluation.
-4) Remove references to unused 'strip dot' parameter
-5) Fix CPU burn bug in multi-byte character conversion.
-6) Use opt_target_workgroup instead of lp_workgroup() in vampire
- code so we can override the value in smb.conf with the -w option.
-7) Display an error if we can't create a posix account for the
- user when running 'net rpc vampire' (bug 323).
-8) Fix UTF8 conversion bugs in LDAP passdb and idmap code (bug 296).
-9) Fix smbd crash when changing the machine trust account password
- (bug 273).
-10) Remove getpwnam() calls from init_sam_from_xxx(). This means
- that %u & %g will no longer expand in the "login ..." set of
- smb.conf options, but %U and %G still do. The payback is that
- winbindd local accounts for users work with 'wbinfo -u'
- when winbind is running on a Samba PDC.
-11) Fix unitiailized timestamp where merging print_jobs and
- lpq listing.
-12) Fix bug in debian packaging files affecting non-i386 platforms.
-
-
-Changes since 3.0rc2
-####################
-
-1) Remove Perl module dependencies in generated RedHat 8/9 RPMS.
-2) Update mount helper to take synonyms for file_mode and
- dir_mode (fmask and dmask).
-3) Fix portability bug with log2pcaphex.
-4) Use different algorithm to generate codepages source code which
- allows to take gaps into account thus making unnecessary
- extended [index] = value, syntax in to_ucs2 array (bug 380).
-5) Fix comment strings to 43 bytes as per spec.
-6) Fix pam_winbind compile bug on FreeBSD (bug 261).
-7) Support for in-memory keytabs, which are needed to make heimdal
- work properly. MIT does not support them, so this check will be
- used to decide whether to use them. (partial fix for bug 372).
-8) Disable RC4-HMAC on broken heimdal setups. (remainder of bug
- 372).
-9) Correct bug in smbclient that resulted in errors when untarring
- long filenames (bug 308).
-10) Improve autoconf checks for PAM header files and libs.
-11) Added fast path to convert_string() when dealing with
- ASCII->ASCII, UCS2-LE->ASCII, and ASCII->UCS2-LE with
- values <= 0x7F.
-12) Quiet debug messages when we don't find a module and it is not
- a critical error (bug 375).
-13) Fix UNIX passwd sync properly.
-14) Fix more transitive trust issues in winbindd (bug 305).
-15) Ensure that winbindd functions with 'disable netbios = yes'
-16) Store the real short domain name in secrets.tdb as soon as we
- know it. Also display an error message when joining an AD
- domain and the 'workgroup' parameter has not been specified.
-17) Return 0 DFS links instead of -1 when dfs support is not enabled.
-18) Update LDAP schema for Netscape DS 4.x and Novell eDirectory 8.7
-19) Ensure that name types can be specified using name#type notation
- in the 'net' command (bug 73).
-20) Add retry looks to ADS sequence number and domain SID lookups
- (bug 364).
-21) use a variant of alloc_sub_basic() for string lists such as
- 'valid users', 'write list', and 'read list' (bug 397).
-22) Fix seg fault when winbindd receives an error from the AD server
- in response to an LDAP search (bug 282).
-23) Update findsmb to use the new syntax for smbclient and nmblookup.
-24) Fix bug that prevented variables from being used in explicitly
- defined path in [homes].
-25) Only set SIDs when they're returned by the MySQL query
- (pdb_mysql.so).
-26) Include support for NTLMv2 key exchange.
-27) Revert default for 'client ntlmv2 auth' to off (bug 359).
-28) Fix crash in winbindd when the trust account password gets
- changed underneath us via 'net rpc changetrustpw' (bug 382).
-29) Use djb-algorithm string hash - faster than the tdb one we
- used to use. Does not change on disk format or hashing location.
-30) Implements some kind of improved AFS support for Samba on
- Linux with OpenAFS 1.2.10. './configure --with-fake-kaserver'
- assumes that you have OpenAFS on your machine.
-31) When enumerating dfs shares loop from 0 to lp_numservices() instead
- of relying on lp_servicename(n) to return an empty string for
- invalid service numbers (bug 403).
-32) Fix crash bug in 'net rpc samdump' (bug 334).
-33) Fix crash bug in WINS NSS module (bug 299).
-34) Fix a few minor compile errors on HP-UX.
-
-
-
-Changes since 3.0rc1
-####################
-
-1) Add levels 261 and 262 to search. Found using Samba4 tester.
-2) Correct bad error return code in session setup reply
-3) Fix bug where smbd returned DOS error codes from SMBsearch
- even when NT1 protocol was negotiated.
-4) Implement SMBexit properly.
-5) Return group lists from a Samba PDC to a Windows 9x/ME box
- in implementing user level access control (bug 314).
-6) Prevent SWAT from crashing when adding shares (bug 254)
-7) Fix various documentation issues (bugs 304 & 214)
-8) Fix wins server listing in SWAT (bug 197)
-9) Fix problem in rpcclient that caused enumerating printer
- drivers to report failure (bug 294).
-10) Use kerberos 5 authentication in our client code whenever possible
-11) Fix schannel bug that caused Active Directory DC's to downgrade our
- machine account to an NT member.
-12) Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAIN call (bug 252).
-13) Implement automatic generation of include/version.h
-14) Include initial version of smbldap-tool scripts for the Samba
- 3.0 schema.
-15) Implement numerous fixes for multi-byte character strings.
-16) Enable 'unix extensions' parameter by default.
-17) Make sure we set the SID type when falling back to the rid
- algorithm (bug 245).
-18) Correct linking problems with pam_smbpass (bug 327).
-19) Add SYSV defines for Irix and Solaris to ensure the 'printing'
- parameter default to the correct value (bug 230)
-20) Fix recursion bug in alloc_string_sub() (bug 289, et. al.)
-21) Ensure that 'make install' includes the static and shared
- versions of the libsmbclient libraries.
-22) Add CP850 and CP437 internal character set support (bug 150).
-23) Add support to examples/LDAP/convertSambaAccount for generating
- LDIF modify files instead of just add (303).
-24) Fix support for -W option in smbclient (bug 39)
-25) Remove 'ldap trust ids' parameter since it could not be supported
- by the current architecture.
-26) Don't crash when no argument is given to -T in smbclient (bug 345).
-27) Ensure smbadduser contains the same paths for the smbpasswd file
- as the other Samba tools (bug 290).
-28) Port of 'available = no' fix for [homes] from SAMBA_2_2 cvs tree.
-29) Add sanity checks to DeletePrinterData[Ex]() and ensure that the
- modified printer is written to disk.
-30) Force winbindd to periodically update the trusted domain cache.
-31) Remove outdated import/export script to convert an smbpasswd file
- to and from and LDAP directory. Use the pdbedit tool instead.
-32) Ensure that %U substitution is restored on next valid packet
- if a logon fails.
-
-
-Changes since 3.0beta3
-######################
-
-1) Various memory leak fixes.
-2) Provide full support for SMB signing (server and client)
-3) Check for broken getgrouplist() in glibc.
-4) Don't get stuck in an infinite loop listing directories
- recursively if the server returns an empty directory name
- (bug 222).
-5) Idle LDAP connections after 150 seconds.
-6) Patched make uninstallmodules (bug 236).
-7) Fix bug that caused smbd to return incomplete directory listings
- when UNIX files contained MS wildcard characters.
-8) Quiet default debug messages in command line tools.
-9) Fixes to avoid panics on invalid multi-byte strings.
-10) Fix error messages when creating a new smbpasswd file (bug 198).
-11) Implemented better detection routines in autoconf scripts for
- locating ads support on the host OS.
-12) Fix bug that caused libraries in /usr/local/lib to be ignored
- (bug 174).
-13) Ensure winbindd_ads uses the correct realm or domain name when
- connecting to trusted DC.
-14) Ensure a correct prototype is created for snprintf() (bug 187)
-15) Stop files being created on read-only shares in some circumstances.
-16) Fix wbinfo -p (bug 251)
-17) Support schannel on any tcp/ip connection if necessary
-18) Correct bug in user_in_list() so that it works with winbind groups
- again.
-19) Ensure the schannel bind credentials default to the domain
- of the destination host.
-20) Default password expiration time in account_pol.tdb to never
- expire. Remove any existing account_pol.tdb file to reset
- the new default policy (bug 184).
-21) Add buttons to SWAT to change the view of smb.conf (bug 212)
-22) Fix incorrect checks that determine whether or not the 'add user
- script' has been set.
-23) More cleanup for internal character set conversions.
-24) Fixes for multi-byte strings in stat cache code.
-25) Ensure that the net command honors the 'workgroup' parameter
- in smb.conf when not overridden from the command line.
-26) Add gss-spnego support to the ntlm_auth tool.
-27) Add vfs_default_quota VFS module.
-28) Added server support for NT quota interfaces.
-29) Prevent Krb5 replay attacks by adding a replay_cache.
-30) Fix problems with winbindd and transitive trusts in AD domains.
-31) Added -S to client tools for setting SMB signing options on the
- command line.
-32) Fix bug causing the 'passwd change program' to be called as the
- connected user and not root.
-33) Fixed data corruption bug in byte-range locking (e.g. affected MS Excel).
-34) Support winbindd on FreeBSD is possible.
-35) Look at only the first OID in the security blob sent in the session
- setup request to determine the token type.
-36) Only push locks onto a blocking lock queue if the posix lock failed with
- EACCES or EAGAIN (this means another lock conflicts). Else return an
- error and don't queue the request.
-37) Fix command line argument processing for smbtar.
-38) Correct issue that caused smbd to return generic unix_user.<uid>
- for lookupsid().
-39) Default to algorithmic mapping when generating a rid for a group
- mapping.
-40) Expand %g and %G in logon script, profile path, etc... during
- a domain logon (bug 208).
-41) Make sure smbclient obeys '-s <config>'
-42) Added win2k3 shadow copy operations to VFS interface.
-43) Allow connections to samba domain member as SERVER\user (don't
- always default to DOMAIN\user).
-44) Remove checks in winbindd that caused it to attempt to use
- non-transitive trust relationships.
-45) Remove delays in winbindd caused by invalid DNS lookups.
-46) Fix supplementary group memberships on systems with slightly
- broken NSS implementations (bug 267).
-47) Correct issue that prevented smbclient from viewing shares on
- a win2k server when using a non-anonymous connection (bug 284).
-48) Add --domain=DOMAIN_NAME to wbinfo for limiting operations like
- 'wbinfo -u' to a single domain. The '.' character represents
- our domain.
-49) Fix group enumeration bug when using an LDAP directory for
- storing group mappings.
-50) Default to use NTLMv2 if available. Fallback to not use LM/NTLM
- when the extended security capability bit is not set.
-51) Fix crash in 'wbinfo -a' when using extended characters in the
- username (bug 269).
-52) Fix multi-byte strupper() panics (bug 205).
-53) Add vfs_readonly VFS module.
-54) Make sure to initialize the sambaNextUserRid and sambaNextGroupRid
- attributes when using 'idmap backend = ldap' (bug 280).
-55) Make sure that users shared between a Samba PDC and member
- samba server are seen as domain users and not local users on the
- domain member.
-56) Fix Query FS Info level 2.
-57) Allow enumeration of users and groups by win9x "file server" (bug
- 286).
-58) Create symlinks during install for modules that support mutliple
- functions (bug 91).
-59) More iconv detection fixes.
-60) Fix path length error in vfs_recycle module (bug 291).
-61) Added server support for the LSA_DS UUID on the \lsarpc pipe.
- (server DsRoleGetPrimaryDomainInfo() is currently disabled).
-62) Fix SMBseek and get/set position calls.
-62) Fix SetFileInfo level 1.
-63) Added tool to convert smbd log file to a pcap file (log2pcaphex).
-
-
-
-Changes since 3.0beta2
-######################
-
-1) Added fix for Japanese case names in statcache code;
- these can change size on upper casing.
-2) Correct issues with iconv detection in configure script
- (support needed to find iconv libraries on FreeBSD).
-3) Fix bug that caused a WINS server to be marked as dead
- incorrectly (bug #190).
-4) Removing additional deadlocks conditions that prevented
- winbindd from running on a Samba PDC (used for trust
- relationships).
-5) Add support for searching for Active Directory for
- published printers (net ads printer search).
-6) Separate UNIX username from DOMAIN\username in pipe
- credentials.
-7) Auth modules now support returning NT_STATUS_NOT_IMPLEMENTED
- for cases that they cannot handle.
-8) Flush winbindd connection cache when the machine trust account
- password is changed while a connection is open (bug #200).
-9) Add support for 'OSVersion' server printer data string
- (corrects problem with uploading printer drivers from
- WinXP clients).
-10) Numerous memory leak fixes.
-11) LDAP fixes ("passdb backend = ldapsam" & "idmap backend = ldap"):
- - Store domain SID in LDAP directory.
- - store idmap information in existing entries (use sambaSID=...
- if adding a new entry).
-12) Fix incorrect usage of primary group SID when looking up user
- groups (bug #109).
-13) Remove idmap_XX_to_XX calls from smbd. Move back to the the
- winbind_XXX and local_XXX calls used in 2.2.
-14) All uid/gid allocation must involve winbindd now (we do not
- attempt to map unknown SIDs to a UNIX identify).
-15) Add 'winbind trusted domains only' parameter to force a domain
- member. The server to use matching users names from /etc/passwd
- for its domain (needed for domain member of a Samba domain).
-16) Rename 'idmap only' to 'enable rid algorithm' for better clarity
- (defaults to "yes").
-17) Add support for multi-byte statcache code (bug #185)
-18) Fix open mode race condition.
-19) Implement winbindd local account management functions. Refer to
- the "Winbind Changes" section for details.
-20) Move RID allocation functions into idmap backend.
-21) Fix parsing error that prevented publishing printers from a
- Samba server in an AD domain.
-22) Revive NTLMSSP support for named pipes.
-23) More SCHANNEL fixes.
-24) Correct SMB signing with NTLMSSP.
-25) Fix coherency bug in print handle/printer object caching code
- that could cause XP clients to infinitely loop while updating
- their local printer cache.
-26) Make winbindd use its dual-daemon mode by default (use -Y to
- start as a single process).
-27) Add support to nmbd and winbindd for 'smbcontrol <pid>
- reload-config'.
-28) Correct problem with smbtar when dealing with files > 8Gb
- (bug #102).
-
-
-
-Changes since 3.0beta1
-######################
-
-1) Rework our smb signing code again, this factors out some of
- the common MAC calculation code, and now supports multiple
- outstanding packets (bug #40).
-2) Enforce 'client plaintext auth', 'client lanman auth' and 'client
- ntlmv2 auth'.
-3) Correct timestamp problem on 64-bit machines (bug #140).
-4) Add extra debugging statements to winbindd for tracking down
- failures.
-5) Fix bug when aliased 'winbind uid/gid' parameters are used.
- ('winbind uid/gid' are now replaced with 'idmap uid/gid').
-6) Added an auth flag that indicates if we should be allowed
- to fall back to NTLMSSP for SASL if krb5 fails.
-7) Fixed the bug that forced us not to use the winbindd cache when
- we have a primary ADS domain and a secondary (trusted) NT4
- domain.
-8) Use lp_realm() to find the default realm for 'net ads password'.
-9) Removed editreg from standard build until it is portable..
-10) Fix domain membership for servers not running winbindd.
-11) Correct race condition in determining the high water mark
- in the idmap backend (bug #181).
-12) Set the user's primary unix group from usrmgr.exe (partial
- fix for bug #45).
-13) Show comments when doing 'net group -l' (bug #3).
-14) Add trivial extension to 'net' to dump current local idmap
- and restore mappings as well.
-15) Modify 'net rpc vampire' to add new and existing users to
- both the idmap and the SAM. This code needs further testing.
-16) Fix crash bug in ADS searches.
-17) Build libnss_wins.so as part of nsswitch target (bug #160).
-18) Make net rpc vampire return an error if the sam sync RPC
- returns an error.
-19) Fail to join an NT 4 domain as a BDC if a workstation account
- using our name exists.
-20) Fix various memory leaks in server and client code
-21) Remove the short option to --set-auth-user for wbinfo (-A) to
- prevent confusion with the -a option (bug #158).
-22) Added new 'map acl inherit' parameter.
-23) Removed unused 'privileges' code from group mapping database.
-24) Don't segfault on empty passdb backend list (bug #136).
-25) Fixed acl sorting algorithm for Windows 2000 clients.
-26) Replace universal group cache with netsamlogon_cache
- from APPLIANCE_HEAD branch.
-27) Fix autoconf detection issues surrounding --with-ads=yes
- but no Krb5 header files installed (bug #152).
-28) Add LDAP lookup for domain sequence number in case we are
- joined using NT4 protocols to a native mode AD domain.
-29) Fix backend method selection for trusted NT 4 (or 2k
- mixed mode) domains.
-30) Fixed bug that caused us to enumerate domain local groups
- from native mode AD domains other than our own.
-31) Correct group enumeration for viewing in the Windows
- security tab (bug #110).
-32) Consolidate the DC location code.
-33) Moved 'ads server' functionality into 'password server' for
- backwards compatibility.
-34) Fix winbindd_idmap tdb upgrades from a 2.2 installation.
- ( if you installed beta1, be sure to
- 'mv idmap.tdb winbindd_idmap.tdb' ).
-35) Fix pdb_ldap segfaults, and wrong default values for
- ldapsam_compat.
-36) Enable negative connection cache for winbindd's ADS backend
- functions.
-37) Enable address caching for active directory DC's so we don't
- have to hit DNS so much.
-38) Fix bug in idmap code that caused mapping to randomly be
- redefined.
-39) Add tdb locking code to prevent race condition when adding a
- new mapping to idmap.
-40) Fix 'map to guest = bad user' when acting as a PDC supporting
- trust relationships.
-41) Prevent deadlock issues when running winbindd on a Samba PDC
- to handle allocating uids & gids for trusted users and groups
-42) added LOCALE patch from Steve Langasek (bug #122).
-43) Add the 'guest' passdb backend automatically to the end of
- the 'passdb backend' list if 'guest account' has a valid
- username.
-44) Remove samstrict_dc auth method. Rework 'samstrict' to only
- handle our local names (or domain name if we are a PDC).
- Move existing permissive 'sam' method to 'sam_ignoredomain'
- and make 'samstrict' the new default 'sam' auth method.
-45) Match Windows NT4/2k behavior when authenticating a user with
- and unknown domain (default to our domain if we are a DC or
- domain member; default to our local name if we are a
- standalone server).
-46) Fix Get_Pwnam() to always fall back to lookup 'user' if the
- 'DOMAIN\user' lookup fails. This matches 2.2. behavior.
-47) Fix the trustdom_cache code to update the list of trusted
- domains when operating as a domain member and not using
- winbindd.
-48) Remove 'nisplussam' passdb backend since it has suffered for
- too long without a maintainer.
-
-
-
-
######################################################################
Upgrading from a previous Samba 3.0 beta
########################################
* domain admin group
* domain guest group
* force unknown acl user
+ * hide local users
+ * mangled stack
* nt smb support
* postscript
* printer driver
* printer driver file
* printer driver location
+ * read size
+ * source environment
* status
* strip dot
* total print jobs
--------------
* auth methods
* realm
+ * passwd chat timeout
Protocol Options
----------------
* ldap idmap suffix
* ldap machine suffix
* ldap passwd sync
+ * ldap replication sleep
* ldap user suffix
General Configuration
----------
A new object class (sambaSamAccount) has been introduced to replace
-the old sambaAccount. This change aids us in the renaming of attributes
-to prevent clashes with attributes from other vendors. There is a
-conversion script (examples/LDAP/convertSambaAccount) to modify and LDIF
-file to the new schema.
+the old sambaAccount. This change aids us in the renaming of
+attributes to prevent clashes with attributes from other vendors.
+There is a conversion script (examples/LDAP/convertSambaAccount) to
+modify and LDIF file to the new schema.
Example:
- $ ldapsearch .... -b "ou=people,dc=..." > old.ldif
- $ convertSambaAccount <DOM SID> old.ldif new.ldif
+ $ ldapsearch .... -b "ou=people,dc=..." > sambaAcct.ldif
+ $ convertSambaAccount --sid=<Domain SID> \
+ --input=sambaAcct.ldif --output=sambaSamAcct.ldif \
+ --changetype=[modify|add]
-The <DOM SID> can be obtained by running 'net getlocalsid <DOMAINNAME>'
-on the Samba PDC as root.
+The <DOM SID> can be obtained by running 'net getlocalsid
+<DOMAINNAME>' on the Samba PDC as root. The changetype determines
+the format of the generated LDIF output--either create new entries
+or modify existing entries.
The old sambaAccount schema may still be used by specifying the
"ldapsam_compat" passdb backend. However, the sambaAccount and
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
- DESC 'Share Name'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
- DESC 'Option Name'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
- DESC 'A boolean option'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
- DESC 'An integer option'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
- DESC 'A string option'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
- DESC 'A string list option'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
#######################################################################
## objectClasses used by Samba 3.0 schema ##
#######################################################################
DESC 'Structural Class for a SID'
MUST ( sambaSID ) )
-
-
-
-objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
- DESC 'Samba Configuration Section'
- MAY ( description ) )
-
-objectclass ( 1.3.6.1.4.1.7165.1.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
- DESC 'Samba Share Section'
- MUST ( sambaShareName )
- MAY ( description ) )
-
-objectclass ( 1.3.6.1.4.1.7165.1.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
- DESC 'Samba Configuration Option'
- MUST ( sambaOptionName )
- MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) )
attributetypes=( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributetypes=( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetypes=( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-attributetypes=( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
-
-attributetypes=( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetypes=( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetypes=( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
attributetypes=( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
objectclasses=( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) )
-objectclasses=( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY DESC 'Samba Configuration Section' MAY ( description ) )
-objectclasses=( 1.3.6.1.4.1.7165.1.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL DESC 'Samba Share Section' MUST ( sambaShareName ) MAY ( description ) )
-
-objectclasses=( 1.3.6.1.4.1.7165.1.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL DESC 'Samba Configuration Option' MUST ( sambaOptionName ) MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) )
LDFLAGS = -L/usr/lib
-all: testsmbc tree testacl testbrowse
+all: testsmbc tree testacl
testsmbc: testsmbc.o
@echo Linking testsmbc
@echo Linking testacl
@$(CC) `gtk-config --cflags` $(CFLAGS) $(LDFLAGS) -o $@ `gtk-config --libs` -lsmbclient -lpopt $<
-testbrowse: testbrowse.o
- @echo Linking testbrowse
- @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ -lsmbclient -lpopt $<
-
clean:
@rm -f *.o *~
--- /dev/null
+/*
+ nss sample code for extended winbindd functionality
+
+ Copyright (C) Andrew Tridgell (tridge@samba.org)
+
+ you are free to use this code in any way you see fit, including
+ without restriction, using this code in your own products. You do
+ not need to give any attribution.
+*/
+
+#define _GNU_SOURCE
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <nss.h>
+#include <dlfcn.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+
+#include "nss_winbind.h"
+
+/*
+ find a function in the nss library
+*/
+static void *find_fn(struct nss_state *nss, const char *name)
+{
+ void *res;
+ char *s = NULL;
+
+ asprintf(&s, "_nss_%s_%s", nss->nss_name, name);
+ if (!s) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ res = dlsym(nss->dl_handle, s);
+ free(s);
+ if (!res) {
+ errno = ENOENT;
+ return NULL;
+ }
+ return res;
+}
+
+/*
+ establish a link to the nss library
+ Return 0 on success and -1 on error
+*/
+int nss_open(struct nss_state *nss, const char *nss_path)
+{
+ char *p;
+ p = strrchr(nss_path, '_');
+ if (!p) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ nss->nss_name = strdup(p+1);
+ p = strchr(nss->nss_name, '.');
+ if (p) *p = 0;
+
+ nss->dl_handle = dlopen(nss_path, RTLD_LAZY);
+ if (!nss->dl_handle) {
+ free(nss->nss_name);
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ close and cleanup a nss state
+*/
+void nss_close(struct nss_state *nss)
+{
+ free(nss->nss_name);
+ dlclose(nss->dl_handle);
+}
+
+/*
+ make a getpwnam call.
+ Return 0 on success and -1 on error
+*/
+int nss_getpwent(struct nss_state *nss, struct passwd *pwd)
+{
+ enum nss_status (*_nss_getpwent_r)(struct passwd *, char *,
+ size_t , int *);
+ enum nss_status status;
+ int nss_errno = 0;
+
+ _nss_getpwent_r = find_fn(nss, "getpwent_r");
+
+ if (!_nss_getpwent_r) {
+ return -1;
+ }
+
+ status = _nss_getpwent_r(pwd, nss->pwnam_buf, sizeof(nss->pwnam_buf),
+ &nss_errno);
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ make a setpwent call.
+ Return 0 on success and -1 on error
+*/
+int nss_setpwent(struct nss_state *nss)
+{
+ enum nss_status (*_nss_setpwent)(void) = find_fn(nss, "setpwent");
+ enum nss_status status;
+ if (!_nss_setpwent) {
+ return -1;
+ }
+ status = _nss_setpwent();
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = EINVAL;
+ return -1;
+ }
+ return 0;
+}
+
+/*
+ make a endpwent call.
+ Return 0 on success and -1 on error
+*/
+int nss_endpwent(struct nss_state *nss)
+{
+ enum nss_status (*_nss_endpwent)(void) = find_fn(nss, "endpwent");
+ enum nss_status status;
+ if (!_nss_endpwent) {
+ return -1;
+ }
+ status = _nss_endpwent();
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = EINVAL;
+ return -1;
+ }
+ return 0;
+}
+
+
+/*
+ convert a name to a SID
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_nametosid(struct nss_state *nss, const char *name, char **sid)
+{
+ enum nss_status (*_nss_nametosid)(const char *, char **, char *,
+ size_t, int *);
+ enum nss_status status;
+ int nss_errno = 0;
+ char buf[200];
+
+ _nss_nametosid = find_fn(nss, "nametosid");
+
+ if (!_nss_nametosid) {
+ return -1;
+ }
+
+ status = _nss_nametosid(name, sid, buf, sizeof(buf), &nss_errno);
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ *sid = strdup(*sid);
+
+ return 0;
+}
+
+/*
+ convert a SID to a name
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_sidtoname(struct nss_state *nss, const char *sid, char **name)
+{
+ enum nss_status (*_nss_sidtoname)(const char *, char **, char *,
+ size_t, int *);
+ enum nss_status status;
+ int nss_errno = 0;
+ char buf[200];
+
+ _nss_sidtoname = find_fn(nss, "sidtoname");
+
+ if (!_nss_sidtoname) {
+ return -1;
+ }
+
+ status = _nss_sidtoname(sid, name, buf, sizeof(buf), &nss_errno);
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ *name = strdup(*name);
+
+ return 0;
+}
+
+/*
+ return a list of group SIDs for a user SID
+ the returned list is NULL terminated
+ Return 0 on success and -1 on error
+*/
+int nss_getusersids(struct nss_state *nss, const char *user_sid, char ***sids)
+{
+ enum nss_status (*_nss_getusersids)(const char *, char **, int *,
+ char *, size_t, int *);
+ enum nss_status status;
+ int nss_errno = 0;
+ char *s;
+ int i, num_groups = 0;
+ unsigned bufsize = 10;
+ char *buf;
+
+ _nss_getusersids = find_fn(nss, "getusersids");
+
+ if (!_nss_getusersids) {
+ return -1;
+ }
+
+again:
+ buf = malloc(bufsize);
+ if (!buf) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ status = _nss_getusersids(user_sid, &s, &num_groups, buf, bufsize,
+ &nss_errno);
+
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ free(buf);
+ return -1;
+ }
+
+ if (status == NSS_STATUS_TRYAGAIN) {
+ bufsize *= 2;
+ free(buf);
+ goto again;
+ }
+
+ if (status != NSS_STATUS_SUCCESS) {
+ free(buf);
+ errno = nss_errno;
+ return -1;
+ }
+
+ if (num_groups == 0) {
+ free(buf);
+ return 0;
+ }
+
+ *sids = (char **)malloc(sizeof(char *) * (num_groups+1));
+ if (! *sids) {
+ errno = ENOMEM;
+ free(buf);
+ return -1;
+ }
+
+ for (i=0;i<num_groups;i++) {
+ (*sids)[i] = strdup(s);
+ s += strlen(s) + 1;
+ }
+ (*sids)[i] = NULL;
+
+ free(buf);
+
+ return 0;
+}
+
+/*
+ convert a sid to a uid
+ Return 0 on success and -1 on error
+*/
+int nss_sidtouid(struct nss_state *nss, const char *sid, uid_t *uid)
+{
+ enum nss_status (*_nss_sidtouid)(const char*, uid_t *, int*);
+
+ enum nss_status status;
+ int nss_errno = 0;
+
+ _nss_sidtouid = find_fn(nss, "sidtouid");
+
+ if (!_nss_sidtouid) {
+ return -1;
+ }
+
+ status = _nss_sidtouid(sid, uid, &nss_errno);
+
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ convert a sid to a gid
+ Return 0 on success and -1 on error
+*/
+int nss_sidtogid(struct nss_state *nss, const char *sid, gid_t *gid)
+{
+ enum nss_status (*_nss_sidtogid)(const char*, gid_t *, int*);
+
+ enum nss_status status;
+ int nss_errno = 0;
+
+ _nss_sidtogid = find_fn(nss, "sidtogid");
+
+ if (!_nss_sidtogid) {
+ return -1;
+ }
+
+ status = _nss_sidtogid(sid, gid, &nss_errno);
+
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ convert a uid to a sid
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_uidtosid(struct nss_state *nss, uid_t uid, char **sid)
+{
+ enum nss_status (*_nss_uidtosid)(uid_t, char **, char *,
+ size_t, int *);
+ enum nss_status status;
+ int nss_errno = 0;
+ char buf[200];
+
+ _nss_uidtosid = find_fn(nss, "uidtosid");
+
+ if (!_nss_uidtosid) {
+ return -1;
+ }
+
+ status = _nss_uidtosid(uid, sid, buf, sizeof(buf), &nss_errno);
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ *sid = strdup(*sid);
+
+ return 0;
+}
+
+/*
+ convert a gid to a sid
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_gidtosid(struct nss_state *nss, gid_t gid, char **sid)
+{
+ enum nss_status (*_nss_gidtosid)(gid_t, char **, char *,
+ size_t, int *);
+ enum nss_status status;
+ int nss_errno = 0;
+ char buf[200];
+
+ _nss_gidtosid = find_fn(nss, "gidtosid");
+
+ if (!_nss_gidtosid) {
+ return -1;
+ }
+
+ status = _nss_gidtosid(gid, sid, buf, sizeof(buf), &nss_errno);
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ *sid = strdup(*sid);
+
+ return 0;
+}
+
--- /dev/null
+/*
+ nss sample code for extended winbindd functionality
+
+ Copyright (C) Andrew Tridgell (tridge@samba.org)
+ Copyright (C) Volker Lendecke (vl@samba.org)
+
+ you are free to use this code in any way you see fit, including
+ without restriction, using this code in your own products. You do
+ not need to give any attribution.
+*/
+
+#define _GNU_SOURCE
+
+#include <pwd.h>
+#include <grp.h>
+
+struct nss_state {
+ void *dl_handle;
+ char *nss_name;
+ char pwnam_buf[512];
+};
+
+/*
+ establish a link to the nss library
+ Return 0 on success and -1 on error
+*/
+int nss_open(struct nss_state *nss, const char *nss_path);
+
+/*
+ close and cleanup a nss state
+*/
+void nss_close(struct nss_state *nss);
+
+/*
+ make a getpwnam call.
+ Return 0 on success and -1 on error
+*/
+int nss_getpwent(struct nss_state *nss, struct passwd *pwd);
+
+/*
+ make a setpwent call.
+ Return 0 on success and -1 on error
+*/
+int nss_setpwent(struct nss_state *nss);
+
+/*
+ make a endpwent call.
+ Return 0 on success and -1 on error
+*/
+int nss_endpwent(struct nss_state *nss);
+
+/*
+ convert a name to a SID
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_nametosid(struct nss_state *nss, const char *name, char **sid);
+
+/*
+ convert a SID to a name
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_sidtoname(struct nss_state *nss, const char *sid, char **name);
+
+/*
+ return a list of group SIDs for a user SID
+ the returned list is NULL terminated
+ Return 0 on success and -1 on error
+*/
+int nss_getusersids(struct nss_state *nss, const char *user_sid, char ***sids);
+
+/*
+ convert a sid to a uid
+ Return 0 on success and -1 on error
+*/
+int nss_sidtouid(struct nss_state *nss, const char *sid, uid_t *uid);
+
+/*
+ convert a sid to a gid
+ Return 0 on success and -1 on error
+*/
+int nss_sidtogid(struct nss_state *nss, const char *sid, gid_t *gid);
+
+/*
+ convert a uid to a sid
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_uidtosid(struct nss_state *nss, uid_t uid, char **sid);
+
+/*
+ convert a gid to a sid
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_gidtosid(struct nss_state *nss, gid_t gid, char **sid);
/*
compile like this:
- cc -o wbtest wbtest.c -ldl
+ cc -o wbtest wbtest.c nss_winbind.c -ldl
and run like this:
#include <string.h>
#include <sys/types.h>
-typedef enum nss_status NSS_STATUS;
-
-struct nss_state {
- void *dl_handle;
- char *nss_name;
- char pwnam_buf[512];
-};
-
-/*
- find a function in the nss library
-*/
-static void *find_fn(struct nss_state *nss, const char *name)
-{
- void *res;
- char *s = NULL;
-
- asprintf(&s, "_nss_%s_%s", nss->nss_name, name);
- if (!s) {
- errno = ENOMEM;
- return NULL;
- }
- res = dlsym(nss->dl_handle, s);
- free(s);
- if (!res) {
- errno = ENOENT;
- return NULL;
- }
- return res;
-}
-
-/*
- establish a link to the nss library
- Return 0 on success and -1 on error
-*/
-int nss_open(struct nss_state *nss, const char *nss_path)
-{
- char *p;
- p = strrchr(nss_path, '_');
- if (!p) {
- errno = EINVAL;
- return -1;
- }
-
- nss->nss_name = strdup(p+1);
- p = strchr(nss->nss_name, '.');
- if (p) *p = 0;
-
- nss->dl_handle = dlopen(nss_path, RTLD_LAZY);
- if (!nss->dl_handle) {
- free(nss->nss_name);
- return -1;
- }
-
- return 0;
-}
-
-/*
- close and cleanup a nss state
-*/
-void nss_close(struct nss_state *nss)
-{
- free(nss->nss_name);
- dlclose(nss->dl_handle);
-}
-
-/*
- make a getpwnam call.
- Return 0 on success and -1 on error
-*/
-int nss_getpwent(struct nss_state *nss, struct passwd *pwd)
-{
- NSS_STATUS (*_nss_getpwent_r)(struct passwd *, char *,
- size_t , int *) = find_fn(nss, "getpwent_r");
- NSS_STATUS status;
- int nss_errno = 0;
-
- if (!_nss_getpwent_r) {
- return -1;
- }
-
- status = _nss_getpwent_r(pwd, nss->pwnam_buf, sizeof(nss->pwnam_buf), &nss_errno);
- if (status == NSS_STATUS_NOTFOUND) {
- errno = ENOENT;
- return -1;
- }
- if (status != NSS_STATUS_SUCCESS) {
- errno = nss_errno;
- return -1;
- }
-
- return 0;
-}
-
-/*
- make a setpwent call.
- Return 0 on success and -1 on error
-*/
-int nss_setpwent(struct nss_state *nss)
-{
- NSS_STATUS (*_nss_setpwent)(void) = find_fn(nss, "setpwent");
- NSS_STATUS status;
- if (!_nss_setpwent) {
- return -1;
- }
- status = _nss_setpwent();
- if (status != NSS_STATUS_SUCCESS) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-/*
- make a endpwent call.
- Return 0 on success and -1 on error
-*/
-int nss_endpwent(struct nss_state *nss)
-{
- NSS_STATUS (*_nss_endpwent)(void) = find_fn(nss, "endpwent");
- NSS_STATUS status;
- if (!_nss_endpwent) {
- return -1;
- }
- status = _nss_endpwent();
- if (status != NSS_STATUS_SUCCESS) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-
-/*
- convert a name to a SID
- caller frees
- Return 0 on success and -1 on error
-*/
-int nss_nametosid(struct nss_state *nss, const char *name, char **sid)
-{
- NSS_STATUS (*_nss_nametosid)(const char *, char **, char *, size_t, int *) =
- find_fn(nss, "nametosid");
- NSS_STATUS status;
- int nss_errno = 0;
- char buf[200];
-
- if (!_nss_nametosid) {
- return -1;
- }
-
- status = _nss_nametosid(name, sid, buf, sizeof(buf), &nss_errno);
- if (status == NSS_STATUS_NOTFOUND) {
- errno = ENOENT;
- return -1;
- }
- if (status != NSS_STATUS_SUCCESS) {
- errno = nss_errno;
- return -1;
- }
-
- *sid = strdup(*sid);
-
- return 0;
-}
-
-/*
- convert a SID to a name
- caller frees
- Return 0 on success and -1 on error
-*/
-int nss_sidtoname(struct nss_state *nss, char *sid, char **name)
-{
- NSS_STATUS (*_nss_sidtoname)(const char *, char **, char *, size_t, int *) =
- find_fn(nss, "sidtoname");
- NSS_STATUS status;
- int nss_errno = 0;
- char buf[200];
-
- if (!_nss_sidtoname) {
- return -1;
- }
-
- status = _nss_sidtoname(sid, name, buf, sizeof(buf), &nss_errno);
- if (status == NSS_STATUS_NOTFOUND) {
- errno = ENOENT;
- return -1;
- }
- if (status != NSS_STATUS_SUCCESS) {
- errno = nss_errno;
- return -1;
- }
-
- *name = strdup(*name);
-
- return 0;
-}
-
-/*
- return a list of group SIDs for a user SID
- the returned list is NULL terminated
- Return 0 on success and -1 on error
-*/
-int nss_getusersids(struct nss_state *nss, const char *user_sid, char ***sids)
-{
- NSS_STATUS (*_nss_getusersids)(const char *, char **, int *, char *, size_t, int *) =
- find_fn(nss, "getusersids");
- NSS_STATUS status;
- int nss_errno = 0;
- char *s;
- int i, num_groups = 0;
- unsigned bufsize = 10;
- char *buf;
-
- if (!_nss_getusersids) {
- return -1;
- }
-
-again:
- buf = malloc(bufsize);
- if (!buf) {
- errno = ENOMEM;
- return -1;
- }
-
- status = _nss_getusersids(user_sid, &s, &num_groups, buf, bufsize, &nss_errno);
- if (status == NSS_STATUS_NOTFOUND) {
- errno = ENOENT;
- free(buf);
- return -1;
- }
-
- if (status == NSS_STATUS_TRYAGAIN) {
- bufsize *= 2;
- free(buf);
- goto again;
- }
-
- if (status != NSS_STATUS_SUCCESS) {
- free(buf);
- errno = nss_errno;
- return -1;
- }
-
- if (num_groups == 0) {
- free(buf);
- return 0;
- }
-
- *sids = (char **)malloc(sizeof(char *) * (num_groups+1));
- if (! *sids) {
- errno = ENOMEM;
- free(buf);
- return -1;
- }
-
- for (i=0;i<num_groups;i++) {
- (*sids)[i] = strdup(s);
- s += strlen(s) + 1;
- }
- (*sids)[i] = NULL;
-
- free(buf);
-
- return 0;
-}
-
+#include "nss_winbind.h"
static int nss_test_users(struct nss_state *nss)
{
+++ /dev/null
-#!/bin/sh
-
-# This script is an input filter for printcap printing on a unix machine. It
-# uses the smbclient program to print the file to the specified smb-based
-# server and service.
-# For example you could have a printcap entry like this
-#
-# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint
-#
-# which would create a unix printer called "smb" that will print via this
-# script. You will need to create the spool directory /usr/spool/smb with
-# appropriate permissions and ownerships for your system.
-
-# Set these to the server and service you wish to print to
-# In this example I have a WfWg PC called "lapland" that has a printer
-# exported called "printer" with no password.
-
-#
-# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton)
-# so that the server, service, and password can be read from
-# a /usr/var/spool/lpd/PRINTNAME/.config file.
-#
-# Script further modified by Richard Sharpe to fix some things.
-# Get rid of the -x on the first line, and add parameters
-#
-# -t now causes translate to be used when sending files
-#
-# In order for this to work the /etc/printcap entry must include an
-# accounting file (af=...):
-#
-# cdcolour:\
-# :cm=CD IBM Colorjet on 6th:\
-# :sd=/var/spool/lpd/cdcolour:\
-# :af=/var/spool/lpd/cdcolour/acct:\
-# :if=/usr/local/etc/smbprint:\
-# :mx=0:\
-# :lp=/dev/null:
-#
-# The /usr/var/spool/lpd/PRINTNAME/.config file should contain:
-# server=PC_SERVER
-# service=PR_SHARENAME
-# password="password"
-#
-# E.g.
-# server=PAULS_PC
-# service=CJET_371
-# password=""
-
-#
-# Debugging log file, change to /dev/null if you like.
-#
-logfile=/tmp/smb-print.log
-# logfile=/dev/null
-
-
-#
-# The last parameter to the filter is the accounting file name.
-# Extract the directory name from the file name.
-# Concat this with /.config to get the config file.
-#
-TRANS=0
-eval acct_file=\${$#}
-spool_dir=`dirname $acct_file`
-config_file=$spool_dir/.config
-
-# Should read the following variables set in the config file:
-# server
-# service
-# password
-eval `cat $config_file`
-
-while getopts t c; do
- case $c in
- t)
- TRANS=1
- ;;
-
- '?') # Bad parameters, ignore it ...
- ;;
- esac
-done
-#
-# Some debugging help, change the >> to > if you want to same space.
-#
-echo "server $server, service $service" >> $logfile
-
-(
-# NOTE You may wish to add the line `echo translate' if you want automatic
-# CR/LF translation when printing.
- if [ $TRANS -eq 1 ]; then
- echo translate
- fi
- echo "print -"
- cat
-) | /usr/local/samba/bin/smbclient "\\\\$server\\$service" $password -U $server -N -P >> $logfile
##
## Usgae: ./make-tarball.sh
+DOCSDIR=../samba-docs/
USING_SAMBA=../using_samba/
SRCDIR=`pwd`
fi
+if [ ! -d $DOCSDIR ]; then
+
+ echo Cannot find samba-docs \(assuming $DOCSDIR\).
+ echo Please set the DOCSDIR variable in this script
+ echo to the correct path.
+
+ exit 1
+
+fi
+
+
VERSION=`grep SAMBA_VERSION_OFFICIAL_STRING source/include/version.h | cut -d\" -f2 | sed 's/ /_/g'`
TARBALLDIR=/tmp/samba-$VERSION
mkdir $TARBALLDIR
rsync -aC ./ $TARBALLDIR
+/bin/rm -rf $TARBALLDIR/docs/*
+rsync -aC $DOCSDIR/ $TARBALLDIR/docs/
rsync -aC $USING_SAMBA $TARBALLDIR/docs/htmldocs/
echo Creating packaging scripts...
Building Debian packages is not as hard as some people might think.
The following instructions will allow you to build your own Samba
Debian packages. These instructions and the files in packaging/Debian/
-are current as of Samba 3.0.0, and allow you to build Debian packages
-for Debian unstable (so you need some development packages available
-only in Debian unstable.) If you are using something newer than 3.0.0
-you might want to try to follow the instructions to see if patches
-apply cleanly. If some patches don't apply cleanly please e-mail
+should be current as of Samba 3.0.2, and allow you to build Debian
+packages for Debian unstable (so you need some development packages
+available only in Debian unstable.) If you are using something newer
+than 3.0.2 you might want to try to follow the instructions to see if
+patches apply cleanly. If some patches don't apply cleanly please e-mail
samba@packages.debian.org since we might have fixed patches that we have
not yet integrated into upstream Samba.
devscripts, etc.):
autoconf
- debhelper
+ debhelper (>= 4.1.13)
libpam0g-dev
libreadline4-dev
libcupsys2-dev
build the samba packages on Debian is to look for the Build-Depends:
field in the file debian/control.
-1) cd samba[-<version>]. For example, "cd samba-3.0.0rc2".
-2) cp -a packaging/Debian/debian/ debian
+1) cd samba[-<version>]. For example, "cd samba-3.0.2".
+2) cp -a packaging/Debian/debian/ .
It's important that you copy instead of symlink because the build
tools in Potato have a problem that prevents the build to work with
- a symlink.
+ a symlink. If you are running a recent Debian distribution you don't
+ have to copy the directory and you can use a symlink instead:
+ "ln -s packaging/Debian/debian/ ."
3) dch -i (this is completely optional - only do it if you understand
Debian version numbers! Don't complain later if you can't upgrade
to official versions of the Samba packages for Debian.)
- Edit the changelog and make sure the version is right. For example,
- for Samba 3.0.0beta3, the version number should something like
- 3.0.0beta3-0.1.
-4) Run 'debian/rules binary'.
- - It is better that you prefix the above command with 'fakeroot'.
- If you have problems you might try building as root.
+ for Samba 3.0.2, the version number should something like 3.0.2-0.1.
+4) Run 'fakeroot debian/rules binary'.
5) That's it. Your new packages should be in ../. Install with dpkg.
Please e-mail samba@packages.debian.org with comments, questions or
Building Debian packages is not as hard as some people might think.
The following instructions will allow you to build your own Samba
Debian packages. These instructions and the files in packaging/Debian/
-are current as of Samba 3.0.0, and allow you to build Debian packages
-for Debian unstable (so you need some development packages available
-only in Debian unstable.) If you are using something newer than 3.0.0
-you might want to try to follow the instructions to see if patches
-apply cleanly. If some patches don't apply cleanly please e-mail
+should be current as of Samba 3.0.2, and allow you to build Debian
+packages for Debian unstable (so you need some development packages
+available only in Debian unstable.) If you are using something newer
+than 3.0.2 you might want to try to follow the instructions to see if
+patches apply cleanly. If some patches don't apply cleanly please e-mail
samba@packages.debian.org since we might have fixed patches that we have
not yet integrated into upstream Samba.
devscripts, etc.):
autoconf
- debhelper
+ debhelper (>= 4.1.13)
libpam0g-dev
libreadline4-dev
libcupsys2-dev
build the samba packages on Debian is to look for the Build-Depends:
field in the file debian/control.
-1) cd samba[-<version>]. For example, "cd samba-3.0.0rc2".
-2) cp -a packaging/Debian/debian/ debian
+1) cd samba[-<version>]. For example, "cd samba-3.0.2".
+2) cp -a packaging/Debian/debian/ .
It's important that you copy instead of symlink because the build
tools in Potato have a problem that prevents the build to work with
- a symlink.
+ a symlink. If you are running a recent Debian distribution you don't
+ have to copy the directory and you can use a symlink instead:
+ "ln -s packaging/Debian/debian/ ."
3) dch -i (this is completely optional - only do it if you understand
Debian version numbers! Don't complain later if you can't upgrade
to official versions of the Samba packages for Debian.)
- Edit the changelog and make sure the version is right. For example,
- for Samba 3.0.0beta3, the version number should something like
- 3.0.0beta3-0.1.
-4) Run 'debian/rules binary'.
- - It is better that you prefix the above command with 'fakeroot'.
- If you have problems you might try building as root.
+ for Samba 3.0.2, the version number should something like 3.0.2-0.1.
+4) Run 'fakeroot debian/rules binary'.
5) That's it. Your new packages should be in ../. Install with dpkg.
Please e-mail samba@packages.debian.org with comments, questions or
-samba (3.0.0-1) unstable; urgency=low
+samba (3.0.2-0.1) unstable; urgency=low
- * Local build.
+ * New upstream release.
+
+ -- Debian User <debian-user@somewhere.net> Wed, 4 Feb 2004 23:15:46 -0500
+
+samba (3.0.1-2) unstable; urgency=low
+
+ * Include ntlm_auth's man page.
+ * Don't create directories outside of the source directory during
+ package build time. (closes: #227221, #227238, #225862)
+ * Don't include the "Using Samba" book in the swat package, just a
+ symlink that points to the book included in the samba-doc package.
+
+ -- Eloy A. Paris <peloy@debian.org> Tue, 13 Jan 2004 13:48:13 -0500
+
+samba (3.0.1-1) unstable; urgency=low
+
+ * New upstream version (closes: #225565)
+ * Add support in the dhcp hook for netbios scope, and handle better
+ the case of multiple DHCP-using interfaces (closes: #224109).
+ * Use "tail -n 1 ..." instead of "tail -1 ..." so POSIX-compliant
+ tail works. Thanks to Paul Eggert <eggert@twinsun.com>.
+ * Include /usr/bin/ntlm_auth in the winbind package.
+ * Run configure with "--with-piddir=/var/run/samba" since the
+ default got changed to /var/run in this new upstream version.
+
+ -- Eloy A. Paris <peloy@debian.org> Tue, 30 Dec 2003 16:21:31 -0500
+
+samba (3.0.0final-1) unstable; urgency=low
+
+ * It's here, it's here, it's here, Samba 3.0.0 is here!
+ * Incorporate Japanese debconf translations; thanks to Kenshi Muto
+ <kmuto@debian.org>. (closes: #209291)
- -- Debian User <somebody@somewhere.com> Tue, 23 Sep 2003 21:50:26 -0400
+ -- Eloy A. Paris <peloy@debian.org> Thu, 25 Sep 2003 13:39:28 -0400
samba (3.0.0beta2+3.0.0rc4-1) unstable; urgency=low
samba (3.0.0beta2+3.0.0rc2-1) unstable; urgency=low
* New upstream release.
- * Incorporate Dutch debconf translations; thanks to Bart Cornelis
- <cobaco@linux.be>. (closes: #207824)
* Link against libgnutls7 instead of libgnutls5. (closes: #208151)
-- Eloy A. Paris <peloy@debian.org> Tue, 2 Sep 2003 21:37:13 -0400
--- samba_3_0/docs/manpages/swat.8.orig 2003-06-06 16:16:24.000000000 -0400
+++ samba_3_0/docs/manpages/swat.8 2003-06-06 16:25:13.000000000 -0400
-@@ -89,6 +89,13 @@
+@@ -91,6 +91,13 @@
.SH "INSTALLATION"
.PP
Swat is included as binary package with most distributions\&. The package manager in this case takes care of the installation and configuration\&. This section is only for those who have compiled swat from scratch\&.
.PP
-@@ -96,15 +103,15 @@
+@@ -98,15 +105,15 @@
.TP 3
\(bu
.LP
-@@ -114,7 +121,7 @@
+@@ -116,7 +123,7 @@
You need to edit your \fI/etc/inetd\&.conf \fR and \fI/etc/services\fR to enable SWAT to be launched via \fBinetd\fR\&.
.PP
.PP
\fBswat 901/tcp\fR
-@@ -126,10 +133,10 @@
+@@ -128,10 +135,10 @@
the choice of port number isn't really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your\fBinetd\fR daemon)\&.
.PP
+In \fI/etc/inetd\&.conf\fR you should add a line like this (not needed for Debian since the maintainer scripts do it. You need to uncomment the line, though, because it is added commented out for security reasons):
.PP
--\fBswat stream tcp nowait.400 root /usr/local/samba/bin/swat swat\fR
+-\fBswat stream tcp nowait\&.400 root /usr/local/samba/bin/swat swat\fR
+\fBswat stream tcp nowait.400 root /usr/sbin/swat swat\fR
.PP
- One you have edited \fI/etc/services\fR and \fI/etc/inetd\&.conf\fR you need to send a HUP signal to inetd\&. To do this use \fBkill -1 PID \fR where PID is the process ID of the inetd daemon\&.
-@@ -155,8 +162,8 @@
+ One you have edited \fI/etc/services\fR and \fI/etc/inetd\&.conf\fR you need to send a HUP signal to inetd\&. To do this use \fBkill \-1 PID \fR where PID is the process ID of the inetd daemon\&.
+@@ -157,8 +164,8 @@
.TP
-\fI/usr/local/samba/lib/smb\&.conf\fR
--This is the default location of the \fBsmb.conf\fR(5) server configuration file that swat edits\&. Other common places that systems install this file are \fI /usr/samba/lib/smb\&.conf\fR and \fI/etc/smb\&.conf \fR\&. This file describes all the services the server is to make available to clients\&.
+-This is the default location of the \fBsmb\&.conf\fR(5) server configuration file that swat edits\&. Other common places that systems install this file are \fI /usr/samba/lib/smb\&.conf\fR and \fI/etc/smb\&.conf \fR\&. This file describes all the services the server is to make available to clients\&.
+\fI/etc/samba/smb\&.conf\fR
+This is the default location of the \fBsmb.conf\fR(5) server configuration file that swat edits\&. This file describes all the services the server is to make available to clients\&.
diff -uNr samba-3.0.0beta2.orig/source/Makefile.in samba-3.0.0beta2/source/Makefile.in
--- samba-3.0.0beta2.orig/source/Makefile.in 2003-07-02 23:26:46.000000000 -0500
+++ samba-3.0.0beta2/source/Makefile.in 2003-07-02 23:19:46.000000000 -0500
-@@ -67,6 +67,7 @@
- CONFIGDIR = @configdir@
- VARDIR = @localstatedir@
- MANDIR = @mandir@
-+DATADIR = @datadir@
-
- # The permissions to give the executables
- INSTALLPERMS = 0755
-@@ -90,6 +91,13 @@
+@@ -92,6 +93,13 @@
# the directory where lock files go
LOCKDIR = @lockdir@
# the directory where pid files go
PIDDIR = @piddir@
# man pages language(s)
-@@ -114,7 +122,7 @@
+@@ -116,7 +124,7 @@
PATH_FLAGS4 = $(PATH_FLAGS3) -DSWATDIR=\"$(SWATDIR)\" -DLOCKDIR=\"$(LOCKDIR)\" -DPIDDIR=\"$(PIDDIR)\"
PATH_FLAGS5 = $(PATH_FLAGS4) -DLIBDIR=\"$(LIBDIR)\" \
-DLOGFILEBASE=\"$(LOGFILEBASE)\" -DSHLIBEXT=\"@SHLIBEXT@\"
PATH_FLAGS = $(PATH_FLAGS6) $(PASSWD_FLAGS)
# Note that all executable programs now provide for an optional executable suffix.
-@@ -1203,7 +1211,7 @@
+@@ -1234,7 +1242,7 @@
@$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS) $(DESTDIR)$(BINDIR) $(SCRIPTS)
installdat: installdirs
installswat: installdirs
@$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir)
-diff -uNr samba-3.0.0beta2.orig/source/configure.in samba-3.0.0beta2/source/configure.in
---- samba-3.0.0beta2.orig/source/configure.in 2003-07-02 23:26:47.000000000 -0500
-+++ samba-3.0.0beta2/source/configure.in 2003-07-02 23:19:02.000000000 -0500
-@@ -17,18 +17,25 @@
+--- samba-3.0.1/source/configure.in.orig 2003-12-17 11:05:40.000000000 -0500
++++ samba-3.0.1/source/configure.in 2003-12-17 11:05:42.000000000 -0500
+@@ -17,19 +17,26 @@
AC_ARG_WITH(fhs,
[ --with-fhs Use FHS-compliant paths (default=no)],
configdir="${sysconfdir}/samba"
-- lockdir="\${VARDIR}/cache/samba"
+- lockdir="\${VARDIR}/lib/samba"
+ lockdir="\${VARDIR}/run/samba"
- piddir="\${VARDIR}/run/samba"
+ piddir="\${VARDIR}/run"
+ mandir="\${prefix}/share/man"
logfilebase="\${VARDIR}/log/samba"
privatedir="\${CONFIGDIR}/private"
libdir="\${prefix}/lib/samba"
#################################################
# set private directory location
-@@ -134,6 +141,9 @@
+@@ -154,6 +161,9 @@
AC_SUBST(swatdir)
AC_SUBST(bindir)
AC_SUBST(sbindir)
diff -uNr samba-3.0.0beta2.orig/source/intl/lang_tdb.c samba-3.0.0beta2/source/intl/lang_tdb.c
--- samba-3.0.0beta2.orig/source/intl/lang_tdb.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/intl/lang_tdb.c 2003-07-02 23:19:02.000000000 -0500
-@@ -123,7 +123,7 @@
+@@ -128,7 +128,7 @@
/* if no lang then we don't translate */
if (!lang) return True;
if (stat(msg_path, &st) != 0) {
/* the msg file isn't available */
free(msg_path);
-@@ -131,7 +131,7 @@
+@@ -136,7 +136,7 @@
}
diff -uNr samba-3.0.0beta2.orig/source/lib/util.c samba-3.0.0beta2/source/lib/util.c
--- samba-3.0.0beta2.orig/source/lib/util.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/lib/util.c 2003-07-02 23:19:02.000000000 -0500
-@@ -2190,6 +2190,61 @@
+@@ -2195,6 +2195,61 @@
}
/**
pstrcat(fname,SERVER_LIST);
--- samba-3.0.0rc2/source/nmbd/nmbd_winsserver.c.orig 2003-08-28 17:42:44.000000000 -0400
+++ samba-3.0.0rc2/source/nmbd/nmbd_winsserver.c 2003-08-31 08:09:11.000000000 -0400
-@@ -228,7 +228,7 @@
+@@ -234,7 +234,7 @@
add_samba_names_to_subnet(wins_server_subnet);
DEBUG(2,("initialise_wins: Can't open wins database file %s. Error was %s\n",
WINS_LIST, strerror(errno) ));
return True;
-@@ -1759,7 +1759,7 @@
+@@ -1765,7 +1765,7 @@
}
}
diff -uNr samba-3.0.0beta2.orig/source/nsswitch/winbindd_cache.c samba-3.0.0beta2/source/nsswitch/winbindd_cache.c
--- samba-3.0.0beta2.orig/source/nsswitch/winbindd_cache.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/nsswitch/winbindd_cache.c 2003-07-02 23:19:02.000000000 -0500
-@@ -56,7 +56,7 @@
+@@ -57,7 +57,7 @@
if (opt_nocache)
return;
diff -uNr samba-3.0.0beta2.orig/source/nsswitch/winbindd_util.c samba-3.0.0beta2/source/nsswitch/winbindd_util.c
--- samba-3.0.0beta2.orig/source/nsswitch/winbindd_util.c 2003-07-01 15:44:25.000000000 -0500
+++ samba-3.0.0beta2/source/nsswitch/winbindd_util.c 2003-07-02 23:19:02.000000000 -0500
-@@ -813,7 +813,7 @@
+@@ -874,7 +874,7 @@
SMB_STRUCT_STAT stbuf;
TDB_CONTEXT *idmap_tdb;
diff -uNr samba-3.0.0beta2.orig/source/passdb/secrets.c samba-3.0.0beta2/source/passdb/secrets.c
--- samba-3.0.0beta2.orig/source/passdb/secrets.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/passdb/secrets.c 2003-07-02 23:19:02.000000000 -0500
-@@ -37,8 +37,7 @@
+@@ -38,8 +38,7 @@
if (tdb)
return True;
diff -uNr samba-3.0.0beta2.orig/source/printing/printing.c samba-3.0.0beta2/source/printing/printing.c
--- samba-3.0.0beta2.orig/source/printing/printing.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/printing/printing.c 2003-07-02 23:19:02.000000000 -0500
-@@ -174,8 +174,8 @@
+@@ -175,8 +175,8 @@
if (local_pid == sys_getpid())
return True;
diff -uNr samba-3.0.0beta2.orig/source/printing/printing_db.c samba-3.0.0beta2/source/printing/printing_db.c
--- samba-3.0.0beta2.orig/source/printing/printing_db.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/printing/printing_db.c 2003-07-02 23:19:02.000000000 -0500
-@@ -86,7 +86,7 @@
+@@ -87,7 +87,7 @@
DLIST_ADD(print_db_head, p);
}
diff -uNr samba-3.0.0beta2.orig/source/smbd/lanman.c samba-3.0.0beta2/source/smbd/lanman.c
--- samba-3.0.0beta2.orig/source/smbd/lanman.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/smbd/lanman.c 2003-07-02 23:19:02.000000000 -0500
-@@ -966,9 +966,9 @@
+@@ -970,9 +970,9 @@
BOOL local_list_only;
int i;
---- samba_3_0/source/script/installswat.sh.orig 2003-08-28 18:03:10.000000000 -0400
-+++ samba_3_0/source/script/installswat.sh 2003-08-28 18:11:14.000000000 -0400
-@@ -9,7 +9,7 @@
- echo Installing the Samba Web Administration Tool
+--- samba-3.0.1/source/script/installswat.sh.orig 2004-01-13 13:43:42.000000000 -0500
++++ samba-3.0.1/source/script/installswat.sh 2004-01-13 12:56:49.000000000 -0500
+@@ -85,7 +85,11 @@
- LANGS=". `cd $SRCDIR../swat/; /bin/echo lang/??`"
--echo Installing langs are `cd $SRCDIR../swat/lang/; /bin/echo ??`
-+echo Installing the following additional langs: `cd $SRCDIR../swat/lang/; /bin/echo ??`
-
- for ln in $LANGS; do
- SWATLANGDIR=$SWATDIR/$ln
-@@ -23,21 +23,17 @@
- fi
- fi
- done
--done
--
--# Install images
--for ln in $LANGS; do
-
--for f in $SRCDIR../swat/$ln/images/*.gif; do
-+ # Install images
-+ for f in $SRCDIR../swat/$ln/images/*.gif; do
- FNAME=$SWATDIR/$ln/images/`basename $f`
- echo $FNAME
- cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
- chmod 0644 $FNAME
--done
--
--# Install html help
-+ done
-
--for f in $SRCDIR../swat/$ln/help/*.html; do
-+ # Install html help
-+ for f in $SRCDIR../swat/$ln/help/*.html; do
- FNAME=$SWATDIR/$ln/help/`basename $f`
- echo $FNAME
- if [ "x$BOOKDIR" = "x" ]; then
-@@ -49,26 +45,24 @@
- cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
- rm -f $f
- chmod 0644 $FNAME
--done
--
--# Install html documentation
--
--for f in $SRCDIR../docs/htmldocs/*.html; do
-- FNAME=$SWATDIR/help/`basename $f`
-- echo $FNAME
-- cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
-- chmod 0644 $FNAME
--done
--
--# Install "server-side" includes
-+ done
+ # Install Using Samba book (but only if it is there)
--for f in $SRCDIR../swat/$ln/include/*.html; do
-+ # Install "server-side" includes
-+ for f in $SRCDIR../swat/$ln/include/*.html; do
- FNAME=$SWATDIR/$ln/include/`basename $f`
- echo $FNAME
- cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
- chmod 0644 $FNAME
-+ done
-+
- done
+-if [ "x$BOOKDIR" != "x" -a -f $SRCDIR../docs/htmldocs/using_samba/toc.html ]; then
++# Under Debian we don't actually install the book. The book is part of
++# the samba-doc package, so we just provide a symlink that points to
++# where the book is actually installed. The symlink is created in
++# debian/rules.
++if /bin/false; then
-+# Install html documentation
-+for f in $SRCDIR../docs/htmldocs/*.html; do
-+ FNAME=$SWATDIR/help/`basename $f`
-+ echo $FNAME
-+ ln -s ../../../doc/samba-doc/htmldocs/`basename $f` $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
-+ chmod 0644 $FNAME
- done
+ # Create directories
- # Install Using Samba book (but only if it is there)
}
strupper_m(username);
}
-diff -uNr samba-3.0.0beta1.orig/source/script/installbin.sh samba-3.0.0beta1/source/script/installbin.sh
---- samba-3.0.0beta1.orig/source/script/installbin.sh 2002-04-22 13:16:20.000000000 -0500
-+++ samba-3.0.0beta1/source/script/installbin.sh 2003-06-30 20:12:22.000000000 -0500
-@@ -22,9 +22,11 @@
+diff -uNr samba-3.0.0beta1.orig/source/web/diagnose.c samba-3.0.0beta1/source/web/diagnose.c
+--- samba-3.0.0beta1.orig/source/web/diagnose.c 2003-06-07 12:57:41.000000000 -0500
++++ samba-3.0.0beta1/source/web/diagnose.c 2003-06-30 20:12:22.000000000 -0500
+@@ -66,6 +66,7 @@
+ static struct cli_state cli;
+ extern struct in_addr loopback_ip;
+
++ loopback_ip.s_addr = htonl((127 << 24) + 1);
+ if (!cli_initialise(&cli))
+ return False;
+
+--- samba-3.0.1/source/script/installbin.sh.orig 2003-10-10 14:08:36.000000000 -0400
++++ samba-3.0.1/source/script/installbin.sh 2003-12-17 10:51:45.000000000 -0500
+@@ -24,12 +24,14 @@
chmod $INSTALLPERMS $BINDIR/$p2
# this is a special case, mount needs this in a specific location
- if [ $p2 = smbmount ]; then
-- ln -sf $BINDIR/$p2 /sbin/mount.smbfs
+- if [ ! -d $DESTDIR/sbin ]; then
+- mkdir $DESTDIR/sbin
+- fi
+- ln -sf $BINDIR/$p2 $DESTDIR/sbin/mount.smbfs
- fi
+# Commented out for the Debian Samba package. We take care of this
-+# important symlink in debian/rules. (peloy@debian.org)
++# important symlink in debian/rules. (peloy@debian.org)
+# if [ $p2 = smbmount ]; then
-+# ln -sf $BINDIR/$p2 /sbin/mount.smbfs
++# if [ ! -d $DESTDIR/sbin ]; then
++# mkdir $DESTDIR/sbin
++# fi
++# ln -sf $BINDIR/$p2 $DESTDIR/sbin/mount.smbfs
+# fi
done
-diff -uNr samba-3.0.0beta1.orig/source/smbd/service.c samba-3.0.0beta1/source/smbd/service.c
---- samba-3.0.0beta1.orig/source/smbd/service.c 2003-06-07 12:57:39.000000000 -0500
-+++ samba-3.0.0beta1/source/smbd/service.c 2003-06-30 20:12:57.000000000 -0500
-@@ -887,6 +887,9 @@
- file_close_conn(conn);
- dptr_closecnum(conn);
-
-+ /* make sure we leave the directory available for unmount */
-+ vfs_ChDir(conn, "/");
-+
- /* execute any "postexec = " line */
- if (*lp_postexec(SNUM(conn)) &&
- change_to_user(conn, vuid)) {
-@@ -906,8 +909,5 @@
- smbrun(cmd,NULL);
- }
-
-- /* make sure we leave the directory available for unmount */
-- vfs_ChDir(conn, "/");
--
- conn_free(conn);
- }
-diff -uNr samba-3.0.0beta1.orig/source/smbwrapper/smbsh.c samba-3.0.0beta1/source/smbwrapper/smbsh.c
---- samba-3.0.0beta1.orig/source/smbwrapper/smbsh.c 2003-06-07 12:57:40.000000000 -0500
-+++ samba-3.0.0beta1/source/smbwrapper/smbsh.c 2003-06-30 20:12:22.000000000 -0500
-@@ -36,7 +36,7 @@
- int main(int argc, char *argv[])
- {
- char *p, *u;
-- const char *libd = dyn_BINDIR;
-+ const char *libd = dyn_LIBDIR;
- pstring line, wd;
- int opt;
- extern char *optarg;
-diff -uNr samba-3.0.0beta1.orig/source/web/diagnose.c samba-3.0.0beta1/source/web/diagnose.c
---- samba-3.0.0beta1.orig/source/web/diagnose.c 2003-06-07 12:57:41.000000000 -0500
-+++ samba-3.0.0beta1/source/web/diagnose.c 2003-06-30 20:12:22.000000000 -0500
-@@ -70,6 +70,7 @@
- static struct cli_state cli;
- extern struct in_addr loopback_ip;
-
-+ loopback_ip.s_addr = htonl((127 << 24) + 1);
- if (!cli_initialise(&cli))
- return False;
-
diff -uNr samba-2.999+3.0.alpha21.orig/source/utils/status.c samba-2.999+3.0.alpha21/source/utils/status.c
--- samba-2.999+3.0.alpha21.orig/source/utils/status.c 2002-11-26 20:54:22.000000000 -0600
+++ samba-2.999+3.0.alpha21/source/utils/status.c 2002-12-16 23:37:14.000000000 -0600
-@@ -630,6 +630,16 @@
+@@ -667,6 +667,16 @@
if (!shares_only) {
int ret;
--- /dev/null
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2003-08-30 19:08-0500\n"
+"PO-Revision-Date: 2003-09-09 09:26+0900\n"
+"Last-Translator: Kenshi Muto <kmuto@debian.org>\n"
+"Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=EUC-JP\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Description
+#: ../samba-common.templates:3
+msgid "Character Set for Unix filesystem"
+msgstr "Unix ¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¸þ¤±¤Îʸ»ú¥»¥Ã¥È"
+
+#. Description
+#: ../samba-common.templates:3
+msgid ""
+"You currently have a \"character set\" configured in your smb.conf. In "
+"Samba 3.0, this option is replaced by a new option, \"unix charset\". Please "
+"specify the character set you wish to use for theis new option, which "
+"controls how Samba interprets filenames on the file system."
+msgstr "¸½ºß¡¢smb.conf ¤ËÀßÄêºÑ¤ß¤Î \"character set\" ¤¬¤¢¤ê¤Þ¤¹¡£Samba 3.0 ¤Ç¤Ï¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¿·¤·¤¤¥ª¥×¥·¥ç¥ó \"unix charset\" ¤ËÃÖ¤´¹¤¨¤é¤ì¤Æ¤¤¤Þ¤¹¡£Samba ¤¬¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î¥Õ¥¡¥¤¥ë̾¤ò¤É¤Î¤è¤¦¤Ë²ò¼á¤¹¤ë¤«¤òÀ©¸æ¤¹¤ë¤³¤Î¿·¤·¤¤¥ª¥×¥·¥ç¥ó¤Î¤¿¤á¤Ë¡¢´õ˾¤¹¤ëʸ»ú¥»¥Ã¥È¤ò»ØÄꤷ¤Æ¤¯¤À¤µ¤¤¡£"
+
+#. Description
+#: ../samba-common.templates:3
+msgid "If you leave this option blank, your smb.conf will not be changed."
+msgstr "¤³¤Î¥ª¥×¥·¥ç¥ó¤ò¶õ¤Î¤Þ¤Þ¤Ë¤¹¤ë¤È¡¢smb.conf ¤ÏÊѹ¹¤µ¤ì¤Þ¤»¤ó¡£"
+
+#. Description
+#: ../samba-common.templates:13
+msgid "Character Set for DOS clients"
+msgstr "DOS ¥¯¥é¥¤¥¢¥ó¥È¸þ¤±¤Îʸ»ú¥»¥Ã¥È"
+
+#. Description
+#: ../samba-common.templates:13
+msgid ""
+"You currently have a \"client code page\" set in your smb.conf. In Samba "
+"3.0, this option is replaced by the option \"dos charset\". Please specify "
+"the character set you wish to use for this new option. In most cases, the "
+"default chosen for you will be sufficient. Note that this option is not "
+"needed to support Windows clients, it is only for DOS clients. If you leave "
+"this option blank, your smb.conf will not be changed."
+msgstr "¸½ºß¡¢smb.conf ¤ËÀßÄêºÑ¤ß¤Î \"client code page\" ¤¬¤¢¤ê¤Þ¤¹¡£Samba 3.0 ¤Ç¤Ï¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¿·¤·¤¤¥ª¥×¥·¥ç¥ó \"dos charset\" ¤ËÃÖ¤´¹¤¨¤é¤ì¤Æ¤¤¤Þ¤¹¡£¤³¤Î¿·¤·¤¤¥ª¥×¥·¥ç¥ó¤Î¤¿¤á¤Ë¡¢´õ˾¤¹¤ëʸ»ú¥»¥Ã¥È¤ò»ØÄꤷ¤Æ¤¯¤À¤µ¤¤¡£¤Û¤È¤ó¤É¤Î¾ì¹ç¡¢¥Ç¥Õ¥©¥ë¥È¤ÎÁªÂò¤Î¤Þ¤Þ¤Ç½½Ê¬¤Ç¤·¤ç¤¦¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï Windows ¥¯¥é¥¤¥¢¥ó¥È¥µ¥Ý¡¼¥È¤Ë¤ÏɬÍפʤ¯¡¢DOS ¥¯¥é¥¤¥¢¥ó¥È¤Î¤ß¤Î¤¿¤á¤Ç¤¢¤ë¤³¤È¤òÃí°Õ¤·¤Æ¤ª¤¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤ò¶õ¤Î¤Þ¤Þ¤Ë¤¹¤ë¤È¡¢smb.conf ¤ÏÊѹ¹¤µ¤ì¤Þ¤»¤ó¡£"
+
+#. Description
+#: ../samba-common.templates:24
+msgid "Modify smb.conf to use WINS settings from DHCP?"
+msgstr "DHCP ¤«¤é WINS ÀßÄê¤ò»È¤¦¤è¤¦ smb.conf ¤òÊѹ¹¤·¤Þ¤¹¤«?"
+
+#. Description
+#: ../samba-common.templates:24
+msgid ""
+"If your computer gets IP address information from a DHCP server on the "
+"network, the DHCP server may also provide information about WINS servers "
+"(\"NetBIOS name servers\") present on the network. This requires a change "
+"to your smb.conf file so that DHCP-provided WINS settings will automatically "
+"be read from /etc/samba/dhcp.conf."
+msgstr "¤¢¤Ê¤¿¤Î¥³¥ó¥Ô¥å¡¼¥¿¤¬¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î DHCP ¥µ¡¼¥Ð¤«¤é IP ¥¢¥É¥ì¥¹¾ðÊó¤ò¼èÆÀ¤·¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢DHCP ¥µ¡¼¥Ð¤Ï¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Ë¤¢¤ë WINS ¥µ¡¼¥Ð (NetBIOS ¥Í¡¼¥à¥µ¡¼¥Ð) ¤Ë¤Ä¤¤¤Æ¤Î¾ðÊó¤òÄ󶡤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£DHCP ¤ÇÄ󶡤µ¤ì¤ë WINS ÀßÄê¤Ï /etc/samba/dhcp.conf ¤«¤é¼«Æ°Åª¤ËÆɤ߹þ¤Þ¤ì¤ë¤¿¤á¡¢smb.conf ¥Õ¥¡¥¤¥ë¤òÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£"
+
+#. Description
+#: ../samba-common.templates:24
+msgid ""
+"You must have the dhcp3-client package installed to take advantage of this "
+"feature."
+msgstr "¤³¤Îµ¡Ç½¤ò»È¤¦¤¿¤á¤Ë¤Ï¡¢dhcp3-client ¥Ñ¥Ã¥±¡¼¥¸¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£"
+
+#. Description
+#: ../samba-common.templates:37
+msgid "Configure smb.conf through debconf?"
+msgstr "debconf ¤òÄ̤·¤Æ smb.conf ¤òÀßÄꤷ¤Þ¤¹¤«?"
+
+#. Description
+#: ../samba-common.templates:37
+msgid ""
+"The rest of the configuration of Samba deals with questions that affect "
+"parameters in /etc/samba/smb.conf, which is the file used to configure the "
+"Samba programs (nmbd and smbd.) Your current smb.conf contains an 'include' "
+"line or an option that spans multiple lines, which could confuse debconf and "
+"require you to edit your smb.conf by hand to get it working again."
+msgstr "Samba ¤ÎÀßÄê¤Î»Ä¤ê¤ÎÉôʬ¤Ï¡¢Samba ¥×¥í¥°¥é¥à (nmbd ¤ª¤è¤Ó smbd) ¤òÀßÄꤹ¤ë¤Î¤Ë»È¤¦¥Õ¥¡¥¤¥ë /etc/samba/smb.conf ¤Ë¤¢¤ë¥Ñ¥é¥á¡¼¥¿¤Ë±Æ¶Á¤¹¤ë¼ÁÌä¤Ç¤¹¡£¸½ºß¤Î smb.conf ¤Ï¡¢'include' ¹Ô¤Þ¤¿¤ÏÊ£¿ô¹Ô¤Ë¤Þ¤¿¤¬¤ë¥ª¥×¥·¥ç¥ó¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¡£¤³¤ì¤Ï debconf ¤òº®Í𤵤»¤ë²ÄǽÀ¤¬¤¢¤ê¡¢ºÆ¤Ó debconf ¤¬ºîÆ°¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤¯ smb.conf ¤Î¼êÆ°¤Ç¤Î½¤Àµ¤òɬÍפȤ·¤Þ¤¹¡£"
+
+#. Description
+#: ../samba-common.templates:37
+msgid ""
+"If you don't use debconf to configure smb.conf, you will have to handle any "
+"configuration changes yourself, and will not be able to take advantage of "
+"periodic configuration enhancements. Therefore, use of debconf is "
+"recommended if possible."
+msgstr "smb.conf ¤ÎÀßÄê¤Ë debconf ¤ò»È¤ï¤Ê¤¤¾ì¹ç¡¢¤¹¤Ù¤Æ¤ÎÀßÄê¤ÎÊѹ¹¤ò¤¢¤Ê¤¿¼«¿È¤¬ÌÌÅݤò¸«¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤³¤ì¤ÏÄê´üŪ¤ÊÀßÄê²þÁ±¤Ë¤Ï¸þ¤¤¤Æ¤¤¤Þ¤»¤ó¡£¤½¤Î¤¿¤á¡¢²Äǽ¤Ê¤é debconf ¤ò»È¤¦¤Î¤¬¤ª´«¤á¤Ç¤¹¡£"
+
+#. Description
+#: ../samba-common.templates:52
+msgid "Workgroup/Domain Name?"
+msgstr "¥ï¡¼¥¯¥°¥ë¡¼¥×/¥É¥á¥¤¥ó̾¤Ï²¿¤Ç¤¹¤«?"
+
+#. Description
+#: ../samba-common.templates:52
+msgid ""
+"This controls what workgroup your server will appear to be in when queried "
+"by clients. Note that this parameter also controls the Domain name used with "
+"the security=domain setting."
+msgstr "¤³¤ì¤Ï¥¯¥é¥¤¥¢¥ó¥È¤«¤é¾È²ñ¤µ¤ì¤¿ºÝ¤Ë¤¢¤Ê¤¿¤Î¥µ¡¼¥Ð¤¬¸½¤ì¤ë¥ï¡¼¥¯¥°¥ë¡¼¥×¤òÀ©¸æ¤·¤Þ¤¹¡£¤³¤Î¥Ñ¥é¥á¡¼¥¿¤Ï security=domain ÀßÄ꤬»È¤ï¤ì¤¿¤È¤¤Î¥É¥á¥¤¥ó̾¤âÀ©¸æ¤·¤Þ¤¹¡£"
+
+#. Description
+#: ../samba-common.templates:60
+msgid "Use password encryption?"
+msgstr "¥Ñ¥¹¥ï¡¼¥É¤Î°Å¹æ²½¤ò»È¤¤¤Þ¤¹¤«?"
+
+#. Description
+#: ../samba-common.templates:60
+msgid ""
+"Recent Windows clients communicate with SMB servers using encrypted "
+"passwords. If you want to use clear text passwords you will need to change a "
+"parameter in your Windows registry. It is recommended that you use encrypted "
+"passwords. If you do, make sure you have a valid /etc/samba/smbpasswd file "
+"and that you set passwords in there for each user using the smbpasswd "
+"command."
+msgstr "ºÇ¶á¤Î Windows ¥¯¥é¥¤¥¢¥ó¥È¤Ï°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤ò»È¤Ã¤Æ SMB ¥µ¡¼¥Ð¤È¤ä¤ê¼è¤ê¤·¤Þ¤¹¡£¥¯¥ê¥¢¥Æ¥¥¹¥È¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¤¤¿¤¤¾ì¹ç¤Ï¡¢¤¢¤Ê¤¿¤Î Windows ¤Î¥ì¥¸¥¹¥È¥ê¤Î¥Ñ¥é¥á¡¼¥¿¤òÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¦¤³¤È¤ò¿ä¾©¤·¤Þ¤¹¡£¤³¤¦¤¹¤ë¾ì¹ç¡¢Í¸ú¤Ê /etc/samba/smbpasswd ¥Õ¥¡¥¤¥ë¤¬¤¢¤ë¤³¤È¤ò³Îǧ¤·¡¢³Æ¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï smbpasswd ¥³¥Þ¥ó¥É¤ò»È¤Ã¤ÆÀßÄꤷ¤Þ¤¹¡£"
+
+#. Description
+#: ../samba.templates:4
+msgid "Create samba password database, /var/lib/samba/passdb.tdb?"
+msgstr "Samba ¥Ñ¥¹¥ï¡¼¥É¥Ç¡¼¥¿¥Ù¡¼¥¹ /var/lib/samba/passdb.tdb ¤òºîÀ®¤·¤Þ¤¹¤«?"
+
+#. Description
+#: ../samba.templates:4
+msgid ""
+"To be compatible with the defaults in most versions of Windows, Samba must "
+"be configured to use encrypted passwords. This requires user passwords to "
+"be stored in a file separate from /etc/passwd. This file can be created "
+"automatically, but the passwords must be added manually (by you or the user) "
+"by running smbpasswd, and you must arrange to keep it up-to-date in the "
+"future. If you do not create it, you will have to reconfigure samba (and "
+"probably your client machines) to use plaintext passwords. See /usr/share/"
+"doc/samba-doc/htmldocs/ENCRYPTION.html from the samba-doc package for more "
+"details."
+msgstr "Windows ¤Î¤Û¤È¤ó¤É¤Î¥Ð¡¼¥¸¥ç¥ó¤Î¥Ç¥Õ¥©¥ë¥È¤È¸ß´¹À¤òÊݤĤ¿¤á¡¢Samba ¤Ï°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤ò»È¤Ã¤ÆÀßÄꤵ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤ò /etc/passwd ¤È¤ÏÊ̤Υե¡¥¤¥ë¤Ë³ÊǼ¤¹¤ë¤³¤È¤òɬÍפȤ·¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤Ï¼«Æ°Åª¤ËºîÀ®¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¤¬¡¢¥Ñ¥¹¥ï¡¼¥É¤Ï smbpasswd ¤ò¼Â¹Ô¤·¤Æ¼êÆ°¤Ç (¤¢¤Ê¤¿¤¢¤ë¤¤¤Ï¥æ¡¼¥¶¤¬) Äɲ䷤ʤ±¤ì¤Ð¤Ê¤é¤º¡¢¾Íè¤ËÅϤäƺǿ·¾õÂÖ¤òÊݤÁ³¤±¤ë¤è¤¦À°¤¨¤Æ¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤òºîÀ®¤·¤Ê¤¤¾ì¹ç¡¢¥×¥ì¥¤¥ó¥Æ¥¥¹¥È¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¦¤è¤¦ Samba (¤ª¤è¤Ó¤ª¤½¤é¤¯¤¢¤Ê¤¿¤Î¥¯¥é¥¤¥¢¥ó¥È¥Þ¥·¥ó) ¤ÎºÆÀßÄ꤬ɬÍפǤ¹¡£¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï¡¢samba-doc ¥Ñ¥Ã¥±¡¼¥¸¤Ë¤¢¤ë /usr/share/doc/samba-doc/htmldocs/ENCRYPTION.html ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£"
+
+#. Description
+#: ../samba.templates:17
+msgid "Samba's log files have moved."
+msgstr "Samba ¤Î¥í¥°¥Õ¥¡¥¤¥ë¤Ï°ÜÆ°¤µ¤ì¤Þ¤·¤¿¡£"
+
+#. Description
+#: ../samba.templates:17
+msgid ""
+"Starting with the first packages of Samba 2.2 for Debian the log files for "
+"both Samba daemons (nmbd and smbd) are now stored in /var/log/samba/. The "
+"names of the files are log.nmbd and log.smbd, for nmbd and smbd respectively."
+msgstr "Debian ¸þ¤±¤Î Samba 2.2 ¤Î½é´ü¥Ñ¥Ã¥±¡¼¥¸¤«¤é¡¢Î¾ Samba ¥Ç¡¼¥â¥ó (nmbd ¤ª¤è¤Ó smbd) ¤Î¥í¥°¥Õ¥¡¥¤¥ë¤Ï /var/log/samba ¤Ë³ÊǼ¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¥Õ¥¡¥¤¥ë̾¤Ï nmbd ¤È smbd ¤ÇÊ̸Ĥˤʤë¤è¤¦¡¢log.nmbd ¤ª¤è¤Ó log.smbd ¤È¤Ê¤ê¤Þ¤¹¡£"
+
+#. Description
+#: ../samba.templates:17
+msgid ""
+"The old log files that were in /var/log/ will be moved to the new location "
+"for you."
+msgstr "/var/log/ ¤Ë¤¢¤Ã¤¿¸Å¤¤¥í¥°¥Õ¥¡¥¤¥ë¤Ï¿·¤·¤¤¾ì½ê¤Ë°ÜÆ°¤µ¤ì¤Þ¤¹¡£"
+
+#. Description
+#: ../samba.templates:28
+msgid "Running nmbd from inetd is no longer supported"
+msgstr "inetd ¤«¤é¤Î nmbd ¤Î¼Â¹Ô¤Ï¤â¤¦¥µ¥Ý¡¼¥È¤µ¤ì¤Þ¤»¤ó"
+
+#. Description
+#: ../samba.templates:28
+msgid ""
+"Your system was previously configured to start nmbd and smbd from inetd. As "
+"of version 2.999+3.0.alpha20-4, nmbd will no longer be started from inetd. "
+"If you have modified your /etc/init.d/samba startup script, you may need to "
+"adjust it by hand now so that nmbd will start."
+msgstr "¤¢¤Ê¤¿¤Î¥·¥¹¥Æ¥à¤Ë¤Ï inetd ¤«¤é nmbd ¤ª¤è¤Ó smbd ¤òµ¯Æ°¤¹¤ë°ÊÁ°¤ÎÀßÄ꤬¤¢¤ê¤Þ¤¹¡£¥Ð¡¼¥¸¥ç¥ó 2.999+3.0.alpha20-4 °Ê¹ß¤Ç¤Ï¡¢nmbd ¤Ï inetd ¤«¤é¤Ï¤â¤¦µ¯Æ°¤·¤Þ¤»¤ó¡£/etc/init.d/samba ¥¹¥¿¡¼¥È¥¢¥Ã¥×¥¹¥¯¥ê¥×¥È¤òÊѹ¹¤·¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢nmbd ¤¬µ¯Æ°¤¹¤ë¤è¤¦¼êÆ°¤ÇÄ´À°¤¹¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£"
+
+#. Choices
+#: ../samba.templates:36
+msgid "daemons, inetd"
+msgstr "¥Ç¡¼¥â¥ó, inetd"
+
+#. Description
+#: ../samba.templates:38
+msgid "How do you want to run Samba?"
+msgstr "¤É¤Î¤è¤¦¤Ë Samba ¤ò¼Â¹Ô¤·¤¿¤¤¤Ç¤¹¤«?"
+
+#. Description
+#: ../samba.templates:38
+msgid ""
+"The Samba daemon smbd can run as a normal daemon or from inetd. Running as a "
+"daemon is the recommended approach."
+msgstr "Samba ¥Ç¡¼¥â¥ó smbd ¤ÏÄ̾ï¤Î¥Ç¡¼¥â¥ó¤È¤·¤Æ¤Î¼Â¹Ô¤Þ¤¿¤Ï inetd ¤«¤é¤Î¼Â¹Ô¤¬¤Ç¤¤Þ¤¹¡£¥Ç¡¼¥â¥ó¤È¤·¤Æ¼Â¹Ô¤¹¤ë¤Î¤¬¤ª´«¤á¤Î¼êÃʤǤ¹¡£"
+
+#. Description
+#: ../samba.templates:45
+msgid "Move /etc/samba/smbpasswd to /var/lib/samba/passdb.tdb?"
+msgstr "/etc/samba/smbpasswd ¤ò /var/lib/samba/passdb.tdb ¤Ë°ÜÆ°¤·¤Þ¤¹¤«?"
+
+#. Description
+#: ../samba.templates:45
+msgid ""
+"Samba 3.0 introduces a newer, more complete SAM database interface which "
+"supersedes the /etc/samba/smbpasswd file. Would you like your existing "
+"smbpasswd file to be migrated to /var/lib/samba/passdb.tdb for you? If you "
+"plan to use another pdb backend (e.g., LDAP) instead, you should answer 'no' "
+"here."
+msgstr "Samba 3.0 ¤Ç¤Ï¡¢/etc/samba/smbpasswd ¥Õ¥¡¥¤¥ë¤ËÂå¤ï¤ë¡¢¤è¤ê¿·¤·¤¤¡¢¤è¤ê´°Á´¤Ê SAM ¥Ç¡¼¥¿¥Ù¡¼¥¹¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¤¬Æ³Æþ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£´û¸¤Î smbpasswd ¥Õ¥¡¥¤¥ë¤ò /var/lib/samba/passdb.tdb ¤Ë°Ü¹Ô¤·¤Þ¤¹¤«? Ê̤Πpdb ¥Ð¥Ã¥¯¥¨¥ó¥É (LDAP ¤Ê¤É) ¤òÂå¤ï¤ê¤Ë·×²è¤·¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢¤³¤³¤Ç¤Ï '¤¤¤¤¤¨' ¤ÈÅú¤¨¤ë¤Ù¤¤Ç¤¹¡£"
+
+#. Description
+#: ../swat.templates:3
+msgid "Your smb.conf will be re-written!"
+msgstr "¤¢¤Ê¤¿¤Î smb.conf ¤Ï½ñ¤Ä¾¤µ¤ì¤Þ¤¹!"
+
+#. Description
+#: ../swat.templates:3
+msgid ""
+"SWAT will rewrite your smb.conf file. It will rearrange the entries and "
+"delete all comments, include= and copy= options. If you have a carefully "
+"crafted smb.conf then back it up or don't use SWAT!"
+msgstr "SWAT ¤Ï¤¢¤Ê¤¿¤Î smb.conf ¥Õ¥¡¥¤¥ë¤ò½ñ¤Ä¾¤·¤Þ¤¹¡£SWAT ¤Ï¥¨¥ó¥È¥ê¤òºÆÊÔÀ®¤·¡¢¤¹¤Ù¤Æ¤Î¥³¥á¥ó¥È¤ª¤è¤Ó include= ¤È copy= ¥ª¥×¥·¥ç¥ó¤òºï½ü¤·¤Þ¤¹¡£¿µ½Å¤ËºîÀ®¤µ¤ì¤¿ smb.conf ¤ò»ý¤Ã¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢¥Ð¥Ã¥¯¥¢¥Ã¥×¤·¤Æ¤ª¤¯¤«¡¢SWAT ¤ò»È¤ï¤Ê¤¤¤Ç¤¯¤À¤µ¤¤!"
DESTDIR=`pwd`/debian/tmp
-SWATDIR=`pwd`/debian/swat
-
-IVARS = BASEDIR=$(DESTDIR)/usr \
- prefix=$(DESTDIR)/usr \
- BINDIR=$(DESTDIR)/usr/bin \
- SBINDIR=$(DESTDIR)/usr/sbin \
- MANDIR=$(DESTDIR)/usr/share/man \
- LIBDIR=$(DESTDIR)/usr/lib/samba \
- VARDIR=$(DESTDIR)/var \
- INCLUDEDIR=$(DESTDIR)/usr/include \
- SWATDIR=$(SWATDIR)/usr/share/samba/swat \
- CODEPAGEDIR=$(DESTDIR)/usr/share/samba/ \
- PRIVATEDIR=$(DESTDIR)/etc/samba \
- CONFIGDIR=$(DESTDIR)/etc/samba
patch: patch-stamp
patch-stamp:
--sysconfdir=/etc \
--libdir=/etc/samba \
--with-privatedir=/etc/samba \
+ --with-piddir=/var/run/samba \
--localstatedir=/var \
--with-netatalk \
--with-smbmount \
$(DESTDIR)/usr/lib/python2.3/site-packages
# Add here commands to install the package into debian/tmp.
- $(MAKE) -C source install $(IVARS)
+ $(MAKE) -C source install DESTDIR=$(DESTDIR)
# libsmbclient files are not installed by the standard
# 'make install' - do it manually.
- $(MAKE) -C source installclientlib $(IVARS)
+ $(MAKE) -C source installclientlib DESTDIR=$(DESTDIR)
mv $(DESTDIR)/usr/lib/libsmbclient.so $(DESTDIR)/usr/lib/libsmbclient.so.0.1
ln -s libsmbclient.so.0.1 $(DESTDIR)/usr/lib/libsmbclient.so.0
ln -s libsmbclient.so.0.1 $(DESTDIR)/usr/lib/libsmbclient.so
# right location in the libpam-smbpass package.
install -m 0644 source/bin/pam_smbpass.so $(DESTDIR)/lib/security/
- # Create the symlink that will allow us to do "mount -t smbfs ...".
- # Create also a symlink that will allow "mount -t smb ..." to
- # work too. The symlink is created in $(DESTDIR)/sbin/ but
- # will be moved by dh_movefiles to the smbfs package later on.
+ # Create the symlinks that will allow us to do "mount -t smbfs ..."
+ # and "mount -t smb ...". Note that the source/script/installbin.sh
+ # tries to create the first symlink, but we have commented
+ # that code out and do everything here. We also create
+ # symlinks for the man pages.
ln -s /usr/bin/smbmount $(DESTDIR)/sbin/mount.smbfs
ln -s /usr/bin/smbmount $(DESTDIR)/sbin/mount.smb
ln -s smbmount.8 $(DESTDIR)/usr/share/man/man8/mount.smb.8
# Install man pages for files without man pages in the upstream sources
install -m 0644 debian/mksmbpasswd.8 $(DESTDIR)/usr/share/man/man8/mksmbpasswd.8
+ # We don't provide the "Using Samba" book in the swat package.
+ # It's provided in the samba-doc package so in the swat package
+ # we just provide a symlink to the real book.
+ ln -s ../../doc/samba-doc/htmldocs/using_samba \
+ $(DESTDIR)/usr/share/samba/swat/using_samba
+
# Delete unwanted stuff leftover from "make install"
# The smbwrapper package is not being generated anymore, so we must
/^\[global\]/,/^[[:space:]]*\[/ {
s/^[[:space:]]*$1[[:space:]]*=[[:space:]]*//pi
}" $FILE \
- | tail -1
+ | tail -n 1
}
FILE=/etc/samba/smb.conf
#!/bin/sh
+SAMBA_DHCP_CONF=/etc/samba/dhcp.conf
+
netbios_setup() {
# No need to continue if we're called with an unsupported option
return
fi
+ # Nor should we continue if no settings have changed
+ if [ "$new_netbios_name_servers" = "$old_netbios_name_servers" ] \
+ && [ "$new_netbios_scope" = "$old_netbios_scope" ]
+ then
+ return
+ fi
+
+ # reparse our own file
+ local other_servers=`sed -n -e"s/[[:space:]]$interface:[^[:space:]]*//g; \
+ s/^[[:space:]]*wins server[[:space:]]*=[[:space:]]*//pi" \
+ $SAMBA_DHCP_CONF`
+
umask 022
- if [ -z "$new_netbios_name_servers" ] || [ "$reason" = FAIL ] \
- || [ "$reason" = EXPIRE ]
+ local serverlist="$other_servers"
+ for server in $new_netbios_name_servers
+ do
+ serverlist="$serverlist $interface:$server"
+ done
+
+ echo -n > $SAMBA_DHCP_CONF
+
+ # If we're updating on failure/expire, AND there are no WINS
+ # servers for other interfaces, leave the file empty.
+ if [ -z "$other_servers" ]
+ then
+ if [ "$reason" = FAIL ] || [ "$reason" = EXPIRE ]
+ then
+ return
+ fi
+ fi
+
+ if [ -n "$serverlist" ]
then
- # FIXME: add sed magic to only remove wins servers
- # associated with this interface
- echo -n > /etc/samba/dhcp.conf
- elif [ "$new_netbios_name_servers" != "$old_netbios_name_servers" ]
+ echo " wins server =$serverlist" >> $SAMBA_DHCP_CONF
+ fi
+ if [ -n "$new_netbios_scope" ]
then
- local serverlist=""
- for server in $new_netbios_name_servers
- do
- serverlist="$serverlist $interface:$server"
- done
- # FIXME: add sed magic to only update wins servers
- # associated with this interface
- echo " wins server =$serverlist" > /etc/samba/dhcp.conf
+ echo " netbios scope = $new_netbios_scope" >> $SAMBA_DHCP_CONF
fi
}
usr/share/man/man7/samba.7
usr/share/man/man8/net.8
usr/share/man/man8/smbpasswd.8
-usr/share/samba/
+usr/share/samba/lowcase.dat
+usr/share/samba/panic-action
+usr/share/samba/smb.conf
+usr/share/samba/upcase.dat
+usr/share/samba/valid.dat
/^\[global\]/,/^[[:space:]]*\[/ {
s/^[[:space:]]*$1[[:space:]]*=[[:space:]]*//pi
}" $FILE \
- | tail -1
+ | tail -n 1
}
FILE=/etc/samba/smb.conf
/^\[global\]/,/^[[:space:]]*\[/ \
s/^[[:space:]]*passdb backend[[:space:]]*=[[:space:]]*//pi" \
< /etc/samba/smb.conf \
- | tail -1`
+ | tail -n 1`
if echo "$PASSDB" | egrep -q "(^|[[:space:]])smbpasswd"; then
if ! echo "$PASSDB" | egrep -q "(^|[[:space:]])tdbsam"; then
PASSDB=`echo $PASSDB | sed -e's/\(^\|[[:space:]]\)smbpasswd/\1tdbsam/'`
usr/sbin/swat
+usr/share/samba/swat
usr/share/man/man8/swat.8
usr/sbin/winbindd
usr/bin/wbinfo
+usr/bin/ntlm_auth
usr/share/man/man1/wbinfo.1
+usr/share/man/man1/ntlm_auth.1
usr/share/man/man8/winbindd.8
lib/security/pam_winbind.so
lib/libnss_winbind.so.2
# this tells Samba to use a separate log file for each machine
# that connects
- log file = /var/log/samba/log.%m
+ #log file = /var/log/samba/log.%m
+# all information in one file
+ log file = /var/log/samba/log.smbd
# Put a capping on the size of the log files (in Kb).
max log size = 50
installman installswat installdat installmodules
cd ..
+## work around a temporary bug in the installswat script
+## copy the images
+mv docs/htmldocs/images $RPM_BUILD_ROOT/%{prefix}/share/swat/help
+
+## don't duplicate the docs. These are installed with SWAT
+rm -rf docs/htmldocs
+rm -rf docs/manpages
+( cd docs; ln -s %{prefix}/share/swat/help htmldocs )
+
+
+
# Install the nsswitch wins library
install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib
( cd $RPM_BUILD_ROOT/lib; ln -sf libnss_wins.so libnss_wins.so.2 )
# this tells Samba to use a separate log file for each machine
# that connects
- log file = /var/log/samba/log.%m
+ # log file = /var/log/samba/log.%m
+# all log information in one file
+ log file = /var/log/samba/smbd.log
# Put a capping on the size of the log files (in Kb).
max log size = 50
KILLALL=/sbin/killall
SAMBAD=/usr/samba/bin/smbd
+PROFILE_SAMBAD=/usr/samba/bin/smbd.profile
#SAMBA_OPTS=-d2
NMBD=/usr/samba/bin/nmbd
+PROFILE_NMBD=/usr/samba/bin/nmbd.profile
#NMBD_OPTS=-d1
+SMBCONTROL=/usr/samba/bin/smbcontrol
+
if test ! -x $IS_ON ; then
IS_ON=true
fi
ECHO=:
fi
+if $IS_ON sambaprofiling ; then
+ enable_profiling=yes
+fi
+
+if test "$enable_profiling" -o "$1" = "profile" ; then
+ SAMBAD=$PROFILE_SAMBAD
+ NMBD=$PROFILE_NMBD
+ enable_profiling="yes"
+fi
+
case $1 in
-'start')
+start|profile)
if $IS_ON samba && test -x $SAMBAD; then
- $KILLALL -15 smbd nmbd
+ /etc/init.d/samba stop
$ECHO "Samba:\c"
$SAMBAD $SAMBA_OPTS -D; $ECHO " smbd\c"
$NMBD $NMBD_OPTS -D; $ECHO " nmbd\c"
$ECHO "."
fi
+ if $IS_ON samba && test "$enable_profiling" ; then
+ if test -x $SMBCONTROL; then
+ $ECHO "Enabling Samba profiling."
+ $SMBCONTROL smbd profile on > /dev/null 2>&1
+ $SMBCONTROL nmbd profile on > /dev/null 2>&1
+ fi
+ $KILLALL -HUP pmcd
+ fi
;;
-'stop')
+stop)
$ECHO "Stopping Samba Servers."
$KILLALL -15 smbd nmbd
+ $KILLALL -15 smbd.profile nmbd.profile
+ $KILLALL -15 pmdasamba
exit 0
;;
*)
- echo "usage: /etc/init.d/samba {start|stop}"
+ echo "usage: /etc/init.d/samba {start|stop|profile}"
;;
esac
EOF
$ENV{'PATH'} = join(':',@PATH);
-if ($#ARGV < 3) {
- print STDERR "usage: $PROG printer file user system\n";
+ print "$#ARGV ".scalar(@ARGV)."\n";
+if (scalar(@ARGV) < 2) {
+ print STDERR "usage: $PROG printer file [user] [system]\n";
exit;
}
$user = $ARGV[2];
$system = $ARGV[3];
+$user = "nobody" unless($user);
+$system = `hostname` unless($system);
+
open(LPSTAT,"/usr/bin/lpstat -t|") || die("Can't get printer list.\n");
@printers = ();
while (<LPSTAT>) {
IDMAPLIBDIR = $(LIBDIR)/idmap
CHARSETLIBDIR = $(LIBDIR)/charset
AUTHLIBDIR = $(LIBDIR)/auth
-CONFIGLIBDIR = $(LIBDIR)/config
CONFIGDIR = @configdir@
VARDIR = @localstatedir@
MANDIR = @mandir@
IDMAP_MODULES = @IDMAP_MODULES@
CHARSET_MODULES = @CHARSET_MODULES@
AUTH_MODULES = @AUTH_MODULES@
-CONFIG_MODULES = @CONFIG_MODULES@
-MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSET_MODULES) $(AUTH_MODULES) $(CONFIG_MODULES)
+MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSET_MODULES) $(AUTH_MODULES)
######################################################################
# object file lists
TDBBASE_OBJ = tdb/tdb.o tdb/spinlock.o
TDB_OBJ = $(TDBBASE_OBJ) tdb/tdbutil.o tdb/tdbback.o
-SMBLDAP_OBJ = @SMBLDAP@ @SMBLDAPUTIL@
+SMBLDAP_OBJ = @SMBLDAP@
LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \
lib/getsmbpass.o lib/interface.o lib/md4.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
lib/module.o lib/ldap_escape.o @CHARSET_STATIC@ \
- lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o \
- lib/genparser.o lib/genparser_samba.o
+ lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o
LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o
UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \
ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o
-PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o param/modconf.o
+PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o
KRBCLIENT_OBJ = libads/kerberos.o libads/ads_status.o
rpc_client/cli_reg.o rpc_client/cli_pipe.o \
rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o \
rpc_client/cli_ds.o rpc_client/cli_echo.o \
- rpc_client/cli_shutdown.o rpc_client/cli_epmapper.o
+ rpc_client/cli_shutdown.o
REGOBJS_OBJ = registry/reg_objects.o
REGISTRY_OBJ = registry/reg_frontend.o registry/reg_cachehook.o registry/reg_printing.o \
RPC_ECHO_OBJ = rpc_server/srv_echo.o rpc_server/srv_echo_nt.o
-RPC_EPMAPPER_OBJ = rpc_server/srv_epmapper.o rpc_server/srv_epmapper_nt.o
-
RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ)
# this includes only the low level parse code, not stuff
rpc_parse/parse_wks.o rpc_parse/parse_ds.o \
rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o \
rpc_parse/parse_echo.o rpc_parse/parse_shutdown.o \
- rpc_parse/parse_epmapper.o $(REGOBJS_OBJ)
+ $(REGOBJS_OBJ)
RPC_CLIENT_OBJ = rpc_client/cli_pipe.o
LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o smbd/tdbutil.o
-GUMS_OBJ = sam/gums.o sam/gums_api.o sam/gums_helper.o @GUMS_STATIC@
-
PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o
-CONFIG_LDAP_OBJ = param/config_ldap.o
-
SMBD_OBJ_MAIN = smbd/server.o
BUILDOPT_OBJ = smbd/build_options.o
$(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \
$(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_OBJ) lib/dummyroot.o
-PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) \
+PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSAMBA_OBJ) \
$(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \
- $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(KRBCLIENT_OBJ) $(RPC_PARSE_OBJ) lib/dummyroot.o
+ $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) lib/dummyroot.o
SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ) $(SECRETS_OBJ)
rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \
rpcclient/cmd_dfs.o rpcclient/cmd_reg.o \
rpcclient/display_sec.o rpcclient/cmd_ds.o \
- rpcclient/cmd_echo.o rpcclient/cmd_shutdown.o \
- rpcclient/cmd_epmapper.o
+ rpcclient/cmd_echo.o rpcclient/cmd_shutdown.o
RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) \
utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \
utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \
utils/net_cache.o utils/net_groupmap.o utils/net_idmap.o \
- utils/net_status.o utils/net_privileges.o
+ utils/net_status.o
NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \
$(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
$(LIB_SMBD_OBJ) $(AUTH_SAM_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) \
- $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) \
- $(RPC_LSA_DS_OBJ) $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) \
- $(RPC_SPOOLSS_OBJ) $(RPC_ECHO_OBJ) $(RPC_EPMAPPER_OBJ) \
- $(SMBLDAP_OBJ) $(IDMAP_OBJ) libsmb/spnego.o libsmb/passchange.o
+ $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) $(RPC_LSA_DS_OBJ) \
+ $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \
+ $(RPC_ECHO_OBJ) $(SMBLDAP_OBJ) $(IDMAP_OBJ) libsmb/spnego.o libsmb/passchange.o
WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) \
$(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ)
nsswitch/winbindd_wins.o \
nsswitch/winbindd_rpc.o \
nsswitch/winbindd_ads.o \
- nsswitch/winbindd_passdb.o \
nsswitch/winbindd_dual.o \
nsswitch/winbindd_acct.o
bin/pdbedit@EXEEXT@: $(PDBEDIT_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS) $(KRB5LIBS)
+ @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS)
bin/smbget@EXEEXT@: $(SMBGET_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@$(SHLD) $(LDSHFLAGS) -o $@ $(RPC_ECHO_OBJ) -lc \
@SONAMEFLAG@`basename $@`
-bin/librpc_epmapper.@SHLIBEXT@: $(RPC_EPMAPPER_OBJ)
- @echo "Linking $@"
- @$(SHLD) $(LDSHFLAGS) -o $@ $(RPC_EPMAPPER_OBJ) -lc \
- @SONAMEFLAG@`basename $@`
-
bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy
@echo "Linking $@"
@$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS)
@$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_CAP_OBJ:.o=.@PICSUFFIX@) \
@SONAMEFLAG@`basename $@`
-bin/config_ldap.@SHLIBEXT@: $(CONFIG_LDAP_OBJ:.o=.@PICSUFFIX@)
- @echo "Building plugin $@"
- @$(SHLD) $(LDSHFLAGS) -o $@ $(CONFIG_LDAP_OBJ:.o=.@PICSUFFIX@) \
- @SMBLDAP@ @LDAP_LIBS@ @SONAMEFLAG@`basename $@`
-
bin/wbinfo@EXEEXT@: $(WBINFO_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@$(LINK) -o $@ $(WBINFO_OBJ) $(LIBS) @POPTLIBS@
-h _NET_PROTO_H_ $(builddir)/utils/net_proto.h \
$(NET_OBJ1)
-include/tdbsam2_parse_info.h:
- @if test -n "$(PERL)"; then \
- cd $(srcdir) && @PERL@ -w script/genstruct.pl \
- -o include/tdbsam2_parse_info.h $(CC) -E -O2 -g \
- include/gums.h; \
- else \
- echo Unable to build $@, continuing; \
- fi
-
# "make headers" or "make proto" calls a subshell because we need to
# make sure these commands are executed in sequence even for a
# parallel make.
$(MAKE) nsswitch/winbindd_proto.h; \
$(MAKE) web/swat_proto.h; \
$(MAKE) client/client_proto.h; \
- $(MAKE) utils/net_proto.h;
-
-prebuiltheaders:
- $(MAKE) include/tdbsam2_parse_info.h
-
-genparse: prebuiltheaders
+ $(MAKE) utils/net_proto.h
proto: headers
# -> "3.0.0" #
########################################################
SAMBA_VERSION_MAJOR=3
-SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_MINOR=0
+SAMBA_VERSION_RELEASE=3
########################################################
# If a official release has a serious bug #
# e.g. SAMBA_VERSION_PRE_RELEASE=1 #
# -> "2.2.9pre1" #
########################################################
-SAMBA_VERSION_PRE_RELEASE=
+SAMBA_VERSION_PRE_RELEASE=2
########################################################
# For 'rc' releases the version will be #
# e.g. SAMBA_VERSION_ALPHA_RELEASE=1 #
# -> "4.0.0alpha1" #
########################################################
-SAMBA_VERSION_ALPHA_RELEASE=1
+SAMBA_VERSION_ALPHA_RELEASE=
########################################################
# For 'test' releases the version will be #
return nt_status;
}
-/***************************************************************************
-Fill a server_info struct from a SAM_ACCOUNT with its privileges
-***************************************************************************/
-
-static NTSTATUS add_privileges(auth_serversupplied_info **server_info)
-{
- PRIVILEGE_SET *privs = NULL;
-
- init_privilege(&privs);
- if (!pdb_get_privilege_set((*server_info)->ptok, privs))
- DEBUG(1, ("Could not add privileges\n"));
-
- (*server_info)->privs = privs;
-
- return NT_STATUS_OK;
-}
-
/***************************************************************************
Make (and fill) a user_info struct from a SAM_ACCOUNT
***************************************************************************/
return nt_status;
}
- if (!NT_STATUS_IS_OK(nt_status = add_privileges(server_info))) {
- free_server_info(server_info);
- return nt_status;
- }
-
(*server_info)->sam_fill_level = SAM_FILL_ALL;
DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
pdb_get_username(sampass),
-debug2html
+*.so
.dummy
-editreg
.libs
+debug2html
+editreg
locktest
locktest2
log2pcap
smbtorture
smbtree
smbumount
-*.so
swat
+t_push_ucs2
+t_snprintf
+t_strcmp
+t_stringoverflow
talloctort
tdbbackup
tdbdump
testparm
testprns
-t_push_ucs2
-t_snprintf
-t_strcmp
-t_stringoverflow
vfstest
wbinfo
winbindd
#include <fcntl.h>
#define MOUNT_CIFS_VERSION_MAJOR "1"
-#define MOUNT_CIFS_VERSION_MINOR "0"
+#define MOUNT_CIFS_VERSION_MINOR "1"
#ifndef MOUNT_CIFS_VENDOR_SUFFIX
#define MOUNT_CIFS_VENDOR_SUFFIX ""
#endif
+#ifndef MS_MOVE
+#define MS_MOVE 8192
+#endif
+
char * thisprogram;
int verboseflag = 0;
static int got_password = 0;
return rc;
}
-static int parse_options(char * options)
+static int parse_options(char * options, int * filesys_flags)
{
char * data;
char * percent_char = 0;
if (strcmp (data, "fmask") == 0) {
printf ("WARNING: CIFS mount option 'fmask' is deprecated. Use 'file_mode' instead.\n");
- data = "file_mode";
+ data = "file_mode"; /* BB fix this */
}
} else if (strcmp(data, "dir_mode") == 0 || strcmp(data, "dmask")==0) {
if (!value || !*value) {
printf ("WARNING: CIFS mount option 'dmask' is deprecated. Use 'dir_mode' instead.\n");
data = "dir_mode";
}
+ /* the following eight mount options should be
+ stripped out from what is passed into the kernel
+ since these eight options are best passed as the
+ mount flags rather than redundantly to the kernel
+ and could generate spurious warnings depending on the
+ level of the corresponding cifs vfs kernel code */
+ } else if (strncmp(data, "nosuid", 6) == 0) {
+ *filesys_flags |= MS_NOSUID;
+ } else if (strncmp(data, "suid", 4) == 0) {
+ *filesys_flags &= ~MS_NOSUID;
+ } else if (strncmp(data, "nodev", 5) == 0) {
+ *filesys_flags |= MS_NODEV;
+ } else if (strncmp(data, "dev", 3) == 0) {
+ *filesys_flags &= ~MS_NODEV;
+ } else if (strncmp(data, "noexec", 6) == 0) {
+ *filesys_flags |= MS_NOEXEC;
+ } else if (strncmp(data, "exec", 4) == 0) {
+ *filesys_flags &= ~MS_NOEXEC;
+ } else if (strncmp(data, "ro", 2) == 0) {
+ *filesys_flags |= MS_RDONLY;
+ } else if (strncmp(data, "rw", 2) == 0) {
+ *filesys_flags &= ~MS_RDONLY;
} /* else if (strnicmp(data, "port", 4) == 0) {
- if (value && *value) {
- vol->port =
- simple_strtoul(value, &value, 0);
- }
- } else if (strnicmp(data, "rsize", 5) == 0) {
- if (value && *value) {
- vol->rsize =
- simple_strtoul(value, &value, 0);
- }
- } else if (strnicmp(data, "wsize", 5) == 0) {
- if (value && *value) {
- vol->wsize =
- simple_strtoul(value, &value, 0);
- }
- } else if (strnicmp(data, "version", 3) == 0) {
-
- } else if (strnicmp(data, "rw", 2) == 0) {
-
- } else
- printf("CIFS: Unknown mount option %s\n",data); */
+ if (value && *value) {
+ vol->port =
+ simple_strtoul(value, &value, 0);
+ }
+ } else if (strnicmp(data, "rsize", 5) == 0) {
+ if (value && *value) {
+ vol->rsize =
+ simple_strtoul(value, &value, 0);
+ }
+ } else if (strnicmp(data, "wsize", 5) == 0) {
+ if (value && *value) {
+ vol->wsize =
+ simple_strtoul(value, &value, 0);
+ }
+ } else if (strnicmp(data, "version", 3) == 0) {
+ } else {
+ printf("CIFS: Unknown mount option %s\n",data);
+ } */ /* nothing to do on those four mount options above.
+ Just pass to kernel and ignore them here */
- /* move to next option */
+ /* move to next option */
data = next_keyword+1;
/* put overwritten equals sign back */
value--;
*value = '=';
}
-
+
/* put previous overwritten comma back */
if(next_keyword)
*next_keyword = ',';
static struct option longopts[] = {
{ "all", 0, 0, 'a' },
- { "help", 0, 0, 'h' },
+ { "help",0, 0, 'h' },
+ { "move",0, 0, 'm' },
+ { "bind",0, 0, 'b' },
{ "read-only", 0, 0, 'r' },
{ "ro", 0, 0, 'r' },
{ "verbose", 0, 0, 'v' },
{ "read-write", 0, 0, 'w' },
{ "rw", 0, 0, 'w' },
{ "options", 1, 0, 'o' },
- { "types", 1, 0, 't' },
+ { "type", 1, 0, 't' },
{ "rsize",1, 0, 'R' },
{ "wsize",1, 0, 'W' },
{ "uid", 1, 0, '1'},
{ "gid", 1, 0, '2'},
- { "uuid",1,0,'U' },
{ "user",1,0,'u'},
{ "username",1,0,'u'},
{ "dom",1,0,'d'},
{ "pass",1,0,'p'},
{ "credentials",1,0,'c'},
{ "port",1,0,'P'},
+ /* { "uuid",1,0,'U'}, */ /* BB unimplemented */
{ NULL, 0, 0, 0 }
};
int main(int argc, char ** argv)
{
int c;
- int flags = MS_MANDLOCK | MS_MGC_VAL;
+ int flags = MS_MANDLOCK; /* no need to set legacy MS_MGC_VAL */
char * orgoptions = NULL;
char * share_name = NULL;
char * domain_name = NULL;
case 'n':
++nomtab;
break;
+ case 'b':
+ flags |= MS_BIND;
+ break;
+ case 'm':
+ flags |= MS_MOVE;
+ break;
case 'o':
orgoptions = strdup(optarg);
break;
ipaddr = parse_server(share_name);
- if (orgoptions && parse_options(orgoptions))
+ if (orgoptions && parse_options(orgoptions, &flags))
return 1;
/* BB save off path and pop after mount returns? */
if(chdir(mountpoint)) {
printf("mount error: can not change directory into mount target %s\n",mountpoint);
+ return -1;
}
- if(stat (mountpoint, &statbuf)) {
+ if(stat (".", &statbuf)) {
printf("mount error: mount point %s does not exist\n",mountpoint);
return -1;
}
if((getuid() != 0) && (geteuid() == 0)) {
if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) {
- printf("setuid mount allowed\n");
+#ifndef CIFS_ALLOW_USR_SUID
+ /* Do not allow user mounts to control suid flag
+ for mount unless explicitly built that way */
+ flags |= MS_NOSUID | MS_NODEV;
+#endif
} else {
printf("mount error: permission denied or not superuser and cifs.mount not installed SUID\n");
return -1;
optlen += strlen(mountpassword) + 6;
options = malloc(optlen + 10);
+ if(options == NULL) {
+ printf("Could not allocate memory for mount options\n");
+ return -1;
+ }
+
+
options[0] = 0;
strncat(options,"unc=",4);
strcat(options,share_name);
AC_SUBST(EXTRA_BIN_PROGS)
AC_SUBST(EXTRA_SBIN_PROGS)
AC_SUBST(EXTRA_ALL_TARGETS)
-AC_SUBST(CONFIG_LIBS)
AC_ARG_ENABLE(debug,
[ --enable-debug Turn on compiler debugging information (default=no)],
dnl Add modules that have to be built by default here
dnl These have to be built static:
-default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_epmapper auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin"
+default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin"
dnl These are preferably build shared, and static if dlopen() is not available
default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap charset_CP850 charset_CP437"
LDFLAGS=$save_LDFLAGS
LIB_ADD_DIR(LDFLAGS, "$i/lib")
CFLAGS_ADD_DIR(CPPFLAGS, "$i/include")
- LIBS="$save_LIBS"
+ LIBS="$save_LIBS"
ICONV_LOCATION=$i
export LDFLAGS LIBS CPPFLAGS
dnl Now, check for a working iconv ... we want to do it here because
SMBLDAP=""
AC_SUBST(SMBLDAP)
-SMBLDAPUTIL=""
-AC_SUBST(SMBLDAPUTIL)
if test x"$with_ldap_support" != x"no"; then
##################################################################
if test x"$ac_cv_lib_ext_ldap_ldap_init" = x"yes" -a x"$ac_cv_func_ext_ldap_domain2hostlist" = x"yes"; then
AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available])
default_static_modules="$default_static_modules pdb_ldap idmap_ldap";
- default_shared_modules="$default_shared_modules config_ldap";
SMBLDAP="lib/smbldap.o"
- SMBLDAPUTIL="lib/smbldap_util.o"
with_ldap_support=yes
AC_MSG_CHECKING(whether LDAP support is used)
AC_MSG_RESULT(yes)
MODULE_rpc_spoolss=STATIC
MODULE_rpc_srv=STATIC
MODULE_idmap_tdb=STATIC
-MODULE_gums_tdbsam2=STATIC
AC_ARG_WITH(static-modules,
[ --with-static-modules=MODULES Comma-seperated list of names of modules to statically link in],
SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB)
SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB)
SMB_MODULE(pdb_guest, passdb/pdb_guest.o, "bin/guest.$SHLIBEXT", PDB)
-SMB_MODULE(pdb_gums, [passdb/pdb_gums.o \$(GUMS_OBJ)], "bin/gums.$SHLIBEXT", PDB)
SMB_SUBSYSTEM(PDB,passdb/pdb_interface.o)
-SMB_MODULE(gums_tdbsam2, sam/gums_tdbsam2.o, "bin/tdbsam2.$SHLIBEXT", GUMS)
-SMB_SUBSYSTEM(GUMS)
-
SMB_MODULE(rpc_lsa, \$(RPC_LSA_OBJ), "bin/librpc_lsarpc.$SHLIBEXT", RPC)
SMB_MODULE(rpc_reg, \$(RPC_REG_OBJ), "bin/librpc_winreg.$SHLIBEXT", RPC)
SMB_MODULE(rpc_lsa_ds, \$(RPC_LSA_DS_OBJ), "bin/librpc_lsa_ds.$SHLIBEXT", RPC)
SMB_MODULE(rpc_spoolss, \$(RPC_SPOOLSS_OBJ), "bin/librpc_spoolss.$SHLIBEXT", RPC)
SMB_MODULE(rpc_samr, \$(RPC_SAMR_OBJ), "bin/librpc_samr.$SHLIBEXT", RPC)
SMB_MODULE(rpc_echo, \$(RPC_ECHO_OBJ), "bin/librpc_echo.$SHLIBEXT", RPC)
-SMB_MODULE(rpc_epmapper, \$(RPC_EPMAPPER_OBJ), "bin/librpc_epmapper.$SHLIBEXT",
- RPC)
SMB_SUBSYSTEM(RPC,smbd/server.o)
SMB_MODULE(idmap_ldap, sam/idmap_ldap.o, "bin/idmap_ldap.$SHLIBEXT", IDMAP)
SMB_MODULE(vfs_cap, \$(VFS_CAP_OBJ), "bin/cap.$SHLIBEXT", VFS)
SMB_SUBSYSTEM(VFS,smbd/vfs.o)
-SMB_MODULE(config_ldap, param/config_ldap.o, "bin/config_ldap.$SHLIBEXT", CONFIG, [ CONFIG_LIBS="$CONFIG_LIBS $LDAP_LIBS" "$SMBLDAP" ])
-SMB_SUBSYSTEM(CONFIG, param/modconf.o)
-
AC_DEFINE_UNQUOTED(STRING_STATIC_MODULES, "$string_static_modules", [String list of builtin modules])
#################################################
#define DATABASE_VERSION_V2 2 /* le format. */
#define GROUP_PREFIX "UNIXGROUP/"
-#define ALIASMEM_PREFIX "ALIASMEMBERS/"
+
+PRIVS privs[] = {
+ {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */
+ {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" },
+ {SE_PRIV_SEC_PRIV, "SeSecurityPrivilege", "Manage the audit logs" },
+ {SE_PRIV_TAKE_OWNER, "SeTakeOwnershipPrivilege", "Take ownership of file" },
+ {SE_PRIV_ADD_USERS, "SaAddUsers", "Add users to the domain - Samba" },
+ {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" },
+ {SE_PRIV_ALL, "SaAllPrivs", "all privileges" }
+};
+
/****************************************************************************
dump the mapping group mapping to a text file
Remove a group mapping entry.
****************************************************************************/
-static BOOL group_map_remove(const DOM_SID *sid)
+static BOOL group_map_remove(DOM_SID sid)
{
TDB_DATA kbuf, dbuf;
pstring key;
/* the key is the SID, retrieving is direct */
- sid_to_string(string_sid, sid);
+ sid_to_string(string_sid, &sid);
slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
kbuf.dptr = key;
return True;
}
-static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
-{
- GROUP_MAP map;
- TDB_DATA kbuf, dbuf;
- pstring key;
- fstring string_sid;
- char *new_memberstring;
- int result;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!get_group_map_from_sid(*alias, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- if ( (map.sid_name_use != SID_NAME_ALIAS) &&
- (map.sid_name_use != SID_NAME_WKN_GRP) )
- return NT_STATUS_NO_SUCH_ALIAS;
-
- sid_to_string(string_sid, alias);
- slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid);
-
- kbuf.dsize = strlen(key)+1;
- kbuf.dptr = key;
-
- dbuf = tdb_fetch(tdb, kbuf);
-
- sid_to_string(string_sid, member);
-
- if (dbuf.dptr != NULL) {
- asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr),
- string_sid);
- } else {
- new_memberstring = strdup(string_sid);
- }
-
- if (new_memberstring == NULL)
- return NT_STATUS_NO_MEMORY;
-
- SAFE_FREE(dbuf.dptr);
- dbuf.dsize = strlen(new_memberstring)+1;
- dbuf.dptr = new_memberstring;
-
- result = tdb_store(tdb, kbuf, dbuf, 0);
-
- SAFE_FREE(new_memberstring);
-
- return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED);
-}
-
-static void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
-{
- *sids = Realloc(*sids, ((*num)+1) * sizeof(DOM_SID));
-
- if (*sids == NULL)
- return;
-
- sid_copy(&((*sids)[*num]), sid);
- *num += 1;
-
- return;
-}
-
-static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num)
-{
- GROUP_MAP map;
- TDB_DATA kbuf, dbuf;
- pstring key;
- fstring string_sid;
- const char *p;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!get_group_map_from_sid(*alias, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- if ( (map.sid_name_use != SID_NAME_ALIAS) &&
- (map.sid_name_use != SID_NAME_WKN_GRP) )
- return NT_STATUS_NO_SUCH_ALIAS;
-
- *sids = NULL;
- *num = 0;
-
- sid_to_string(string_sid, alias);
- slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid);
-
- kbuf.dsize = strlen(key)+1;
- kbuf.dptr = key;
-
- dbuf = tdb_fetch(tdb, kbuf);
-
- if (dbuf.dptr == NULL) {
- return NT_STATUS_OK;
- }
-
- p = dbuf.dptr;
-
- while (next_token(&p, string_sid, " ", sizeof(string_sid))) {
-
- DOM_SID sid;
-
- if (!string_to_sid(&sid, string_sid))
- continue;
-
- add_sid_to_array(&sid, sids, num);
-
- if (sids == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- SAFE_FREE(dbuf.dptr);
-
- return NT_STATUS_OK;
-}
-
-/* This is racy as hell, but hey, it's only a prototype :-) */
-
-static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
-{
- NTSTATUS result;
- DOM_SID *sids;
- int i, num;
- BOOL found = False;
- char *member_string;
- TDB_DATA kbuf, dbuf;
- pstring key;
- fstring sid_string;
-
- result = enum_aliasmem(alias, &sids, &num);
-
- if (!NT_STATUS_IS_OK(result))
- return result;
-
- for (i=0; i<num; i++) {
- if (sid_compare(&sids[i], member) == 0) {
- found = True;
- break;
- }
- }
-
- if (!found) {
- SAFE_FREE(sids);
- return NT_STATUS_MEMBER_NOT_IN_ALIAS;
- }
-
- if (i < num)
- sids[i] = sids[num-1];
-
- num -= 1;
-
- member_string = strdup("");
-
- if (member_string == NULL) {
- SAFE_FREE(sids);
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i<num; i++) {
- char *s = member_string;
-
- sid_to_string(sid_string, &sids[i]);
- asprintf(&member_string, "%s %s", s, sid_string);
-
- SAFE_FREE(s);
- if (member_string == NULL) {
- SAFE_FREE(sids);
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- sid_to_string(sid_string, alias);
- slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, sid_string);
-
- kbuf.dsize = strlen(key)+1;
- kbuf.dptr = key;
- dbuf.dsize = strlen(member_string)+1;
- dbuf.dptr = member_string;
-
- result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ?
- NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
-
- SAFE_FREE(sids);
- SAFE_FREE(member_string);
-
- return result;
-}
-
-static BOOL is_foreign_alias_member(const DOM_SID *sid, const DOM_SID *alias)
-{
- DOM_SID *members;
- int i, num;
- BOOL result = False;
-
- if (!NT_STATUS_IS_OK(enum_aliasmem(alias, &members, &num)))
- return False;
-
- for (i=0; i<num; i++) {
-
- if (sid_compare(&members[i], sid) == 0) {
- result = True;
- break;
- }
- }
-
- SAFE_FREE(members);
- return result;
-}
-
-static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num)
-{
- GROUP_MAP *maps;
- int i, num_maps;
-
- *num = 0;
- *sids = NULL;
-
- if (!enum_group_mapping(SID_NAME_WKN_GRP, &maps, &num_maps, False))
- return NT_STATUS_NO_MEMORY;
-
- for (i=0; i<num_maps; i++) {
-
- if (is_foreign_alias_member(sid, &maps[i].sid)) {
-
- add_sid_to_array(&maps[i].sid, sids, num);
-
- if (sids == NULL) {
- SAFE_FREE(maps);
- return NT_STATUS_NO_MEMORY;
- }
- }
- }
- SAFE_FREE(maps);
-
- if (!enum_group_mapping(SID_NAME_ALIAS, &maps, &num_maps, False))
- return NT_STATUS_NO_MEMORY;
-
- for (i=0; i<num_maps; i++) {
- if (is_foreign_alias_member(sid, &maps[i].sid)) {
-
- add_sid_to_array(&maps[i].sid, sids, num);
-
- if (sids == NULL) {
- SAFE_FREE(maps);
- return NT_STATUS_NO_MEMORY;
- }
- }
- }
- SAFE_FREE(maps);
-
- return NT_STATUS_OK;
-}
-
/*
*
* High level functions
if ( !ret )
return False;
- if ( ( (map->sid_name_use != SID_NAME_ALIAS) &&
- (map->sid_name_use != SID_NAME_WKN_GRP) )
+ if ( (map->sid_name_use != SID_NAME_ALIAS)
|| (map->gid == -1)
|| (getgrgid(map->gid) == NULL) )
{
int i=0;
char *gr;
DOM_SID *s;
- DOM_SID sid;
- DOM_SID *members;
- int num_members;
struct sys_pwent *userlist;
struct sys_pwent *user;
DEBUG(10, ("got primary groups, members: [%d]\n", *num_sids));
winbind_on();
-
- if ( NT_STATUS_IS_OK(gid_to_sid(&sid, gid)) &&
- NT_STATUS_IS_OK(enum_aliasmem(&sid, &members, &num_members)) ) {
-
- for (i=0; i<num_members; i++) {
- add_sid_to_array(&members[i], sids, num_sids);
-
- if (sids == NULL)
- return False;
- }
- }
-
return True;
}
NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
DOM_SID sid)
{
- return group_map_remove(&sid) ?
+ return group_map_remove(sid) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-NTSTATUS pdb_default_find_alias(struct pdb_methods *methods,
- const char *name, DOM_SID *sid)
-{
- GROUP_MAP map;
-
- if (!get_group_map_from_ntname(name, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- if ((map.sid_name_use != SID_NAME_WKN_GRP) &&
- (map.sid_name_use != SID_NAME_ALIAS))
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- sid_copy(sid, &map.sid);
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
- const char *name, uint32 *rid)
-{
- DOM_SID sid;
- enum SID_NAME_USE type;
- uint32 new_rid;
- gid_t gid;
-
- if (lookup_name(get_global_sam_name(), name, &sid, &type))
- return NT_STATUS_ALIAS_EXISTS;
-
- if (!winbind_allocate_rid(&new_rid))
- return NT_STATUS_ACCESS_DENIED;
-
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, new_rid);
-
- /* Here we allocate the gid */
- if (!winbind_sid_to_gid(&gid, &sid)) {
- DEBUG(0, ("Could not get gid for new RID\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!add_initial_entry(gid, sid_string_static(&sid), SID_NAME_ALIAS,
- name, "")) {
- DEBUG(0, ("Could not add group mapping entry for alias %s\n",
- name));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- *rid = new_rid;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
- const DOM_SID *sid)
-{
- if (!group_map_remove(sid))
- return NT_STATUS_ACCESS_DENIED;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_default_enum_aliases(struct pdb_methods *methods,
- const DOM_SID *sid,
- uint32 start_idx, uint32 max_entries,
- uint32 *num_aliases,
- struct acct_info **info)
-{
- extern DOM_SID global_sid_Builtin;
-
- GROUP_MAP *map;
- int i, num_maps;
- enum SID_NAME_USE type = SID_NAME_UNKNOWN;
-
- if (sid_compare(sid, get_global_sam_sid()) == 0)
- type = SID_NAME_ALIAS;
-
- if (sid_compare(sid, &global_sid_Builtin) == 0)
- type = SID_NAME_WKN_GRP;
-
- if (!enum_group_mapping(type, &map, &num_maps, False) ||
- (num_maps == 0)) {
- *num_aliases = 0;
- *info = NULL;
- goto done;
- }
-
- if (start_idx > num_maps) {
- *num_aliases = 0;
- *info = NULL;
- goto done;
- }
-
- *num_aliases = num_maps - start_idx;
-
- if (*num_aliases > max_entries)
- *num_aliases = max_entries;
-
- *info = malloc(sizeof(struct acct_info) * (*num_aliases));
-
- for (i=0; i<*num_aliases; i++) {
- fstrcpy((*info)[i].acct_name, map[i+start_idx].nt_name);
- fstrcpy((*info)[i].acct_desc, map[i+start_idx].comment);
- sid_peek_rid(&map[i].sid, &(*info)[i+start_idx].rid);
- }
-
- done:
- SAFE_FREE(map);
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
- const DOM_SID *sid,
- struct acct_info *info)
-{
- GROUP_MAP map;
-
- if (!get_group_map_from_sid(*sid, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- fstrcpy(info->acct_name, map.nt_name);
- fstrcpy(info->acct_desc, map.comment);
- sid_peek_rid(&map.sid, &info->rid);
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
- const DOM_SID *sid,
- struct acct_info *info)
-{
- GROUP_MAP map;
-
- if (!get_group_map_from_sid(*sid, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- fstrcpy(map.comment, info->acct_desc);
-
- if (!add_mapping_entry(&map, TDB_REPLACE))
- return NT_STATUS_ACCESS_DENIED;
-
- return NT_STATUS_OK;
-}
-
NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
enum SID_NAME_USE sid_name_use,
GROUP_MAP **rmap, int *num_entries,
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member)
-{
- return add_aliasmem(alias, member);
-}
-
-NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member)
-{
- return del_aliasmem(alias, member);
-}
-
-NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, DOM_SID **members,
- int *num_members)
-{
- return enum_aliasmem(alias, members, num_members);
-}
-
-NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
- const DOM_SID *sid,
- DOM_SID **aliases, int *num)
-{
- return alias_memberships(sid, aliases, num);
-}
-
/**********************************************************************
no ops for passdb backends that don't implement group mapping
*********************************************************************/
/* NT group information taken from the info3 structure */
NT_USER_TOKEN *ptok;
- PRIVILEGE_SET *privs;
DATA_BLOB nt_session_key;
DATA_BLOB lm_session_key;
+++ /dev/null
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GENPARSER_H
-#define _GENPARSER_H
-
-/* these macros are needed for genstruct auto-parsers */
-#ifndef GENSTRUCT
-#define GENSTRUCT
-#define _LEN(x)
-#define _NULLTERM
-#endif
-
-/*
- automatic marshalling/unmarshalling system for C structures
-*/
-
-/* flag to mark a fixed size array as actually being null terminated */
-#define FLAG_NULLTERM 1
-#define FLAG_ALWAYS 2
-
-struct enum_struct {
- const char *name;
- unsigned value;
-};
-
-/* intermediate dumps are stored in one of these */
-struct parse_string {
- unsigned allocated;
- unsigned length;
- char *s;
-};
-
-typedef int (*gen_dump_fn)(TALLOC_CTX *, struct parse_string *, const char *ptr, unsigned indent);
-typedef int (*gen_parse_fn)(TALLOC_CTX *, char *ptr, const char *str);
-
-/* genstruct.pl generates arrays of these */
-struct parse_struct {
- const char *name;
- unsigned ptr_count;
- unsigned size;
- unsigned offset;
- unsigned array_len;
- const char *dynamic_len;
- unsigned flags;
- gen_dump_fn dump_fn;
- gen_parse_fn parse_fn;
-};
-
-#define DUMP_PARSE_DECL(type) \
- int gen_dump_ ## type(TALLOC_CTX *, struct parse_string *, const char *, unsigned); \
- int gen_parse_ ## type(TALLOC_CTX *, char *, const char *);
-
-DUMP_PARSE_DECL(char)
-DUMP_PARSE_DECL(int)
-DUMP_PARSE_DECL(unsigned)
-DUMP_PARSE_DECL(double)
-DUMP_PARSE_DECL(float)
-
-#define gen_dump_unsigned_char gen_dump_char
-#define gen_parse_unsigned_char gen_parse_char
-
-#endif /* _GENPARSER_H */
+++ /dev/null
-/*
- Copyright (C) Simo Sorce <idra@samba.org> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GENPARSER_SAMBA_H
-#define _GENPARSER_SAMBA_H
-
-const struct parse_struct pinfo_security_ace_info[] = {
-{"type", 0, sizeof(uint8), offsetof(struct security_ace_info, type), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8},
-{"flags", 0, sizeof(uint8), offsetof(struct security_ace_info, flags), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8},
-{"size", 0, sizeof(uint16), offsetof(struct security_ace_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"info", 0, sizeof(char), offsetof(struct security_ace_info, info), 0, NULL, 0, gen_dump_SEC_ACCESS, gen_parse_SEC_ACCESS},
-{"obj_flags", 0, sizeof(uint32), offsetof(struct security_ace_info, obj_flags), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"obj_guid", 0, sizeof(char), offsetof(struct security_ace_info, obj_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID},
-{"inh_guid", 0, sizeof(char), offsetof(struct security_ace_info, inh_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID},
-{"trustee", 0, sizeof(char), offsetof(struct security_ace_info, trustee), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_security_acl_info[] = {
-{"revision", 0, sizeof(uint16), offsetof(struct security_acl_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"size", 0, sizeof(uint16), offsetof(struct security_acl_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"num_aces", 0, sizeof(uint32), offsetof(struct security_acl_info, num_aces), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"ace", 1, sizeof(struct security_ace_info), offsetof(struct security_acl_info, ace), 0, "size", 0, gen_dump_SEC_ACE, gen_parse_SEC_ACE},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_security_descriptor_info[] = {
-{"revision", 0, sizeof(uint16), offsetof(struct security_descriptor_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"type", 0, sizeof(uint16), offsetof(struct security_descriptor_info, type), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"off_owner_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_owner_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_grp_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_grp_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_sacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_sacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_dacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_dacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"dacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, dacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL},
-{"sacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, sacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL},
-{"owner_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, owner_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{"grp_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, grp_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_luid_attr_info[] = {
-{"attr", 0, sizeof(uint32), offsetof(struct LUID_ATTR, attr), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"luid", 1, sizeof(LUID), offsetof(struct LUID_ATTR, luid), 0, NULL, 0, gen_dump_LUID, gen_parse_LUID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_data_blob_info[] = {
-{"length", 0, sizeof(int), offsetof(DATA_BLOB, length), 0, NULL, 0, gen_dump_int, gen_parse_int},
-{"data", 1, sizeof(char), offsetof(DATA_BLOB, data), 0, "length", 0, gen_dump_char, gen_parse_char},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-#endif /* _GENPARSER_SAMBA_H */
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- GUMS structures
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GUMS_H
-#define _GUMS_H
-
-#define GUMS_VERSION_MAJOR 0
-#define GUMS_VERSION_MINOR 1
-#define GUMS_OBJECT_VERSION 1
-#define GUMS_PRIVILEGE_VERSION 1
-#define GUMS_INTERFACE_VERSION 1
-
-#define GUMS_OBJ_DOMAIN 0x10
-#define GUMS_OBJ_NORMAL_USER 0x20
-#define GUMS_OBJ_GROUP 0x30
-#define GUMS_OBJ_ALIAS 0x31
-
-/* define value types */
-#define GUMS_SET_PRIMARY_GROUP 0x1
-#define GUMS_SET_SEC_DESC 0x2
-
-#define GUMS_SET_NAME 0x10
-#define GUMS_SET_DESCRIPTION 0x11
-#define GUMS_SET_FULL_NAME 0x12
-
-/* user specific type values */
-#define GUMS_SET_LOGON_TIME 0x20
-#define GUMS_SET_LOGOFF_TIME 0x21
-#define GUMS_SET_KICKOFF_TIME 0x23
-#define GUMS_SET_PASS_LAST_SET_TIME 0x24
-#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25
-#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26
-
-
-#define GUMS_SET_HOME_DIRECTORY 0x31
-#define GUMS_SET_DRIVE 0x32
-#define GUMS_SET_LOGON_SCRIPT 0x33
-#define GUMS_SET_PROFILE_PATH 0x34
-#define GUMS_SET_WORKSTATIONS 0x35
-#define GUMS_SET_UNKNOWN_STRING 0x36
-#define GUMS_SET_MUNGED_DIAL 0x37
-
-#define GUMS_SET_LM_PASSWORD 0x40
-#define GUMS_SET_NT_PASSWORD 0x41
-#define GUMS_SET_PLAINTEXT_PASSWORD 0x42
-#define GUMS_SET_UNKNOWN_3 0x43
-#define GUMS_SET_LOGON_DIVS 0x44
-#define GUMS_SET_HOURS_LEN 0x45
-#define GUMS_SET_HOURS 0x46
-#define GUMS_SET_BAD_PASSWORD_COUNT 0x47
-#define GUMS_SET_LOGON_COUNT 0x48
-#define GUMS_SET_UNKNOWN_6 0x49
-
-#define GUMS_SET_MUST_CHANGE_PASS 0x50
-#define GUMS_SET_CANNOT_CHANGE_PASS 0x51
-#define GUMS_SET_PASS_NEVER_EXPIRE 0x52
-#define GUMS_SET_ACCOUNT_DISABLED 0x53
-#define GUMS_SET_ACCOUNT_LOCKOUT 0x54
-
-/*group specific type values */
-#define GUMS_ADD_SID_LIST 0x60
-#define GUMS_DEL_SID_LIST 0x61
-#define GUMS_SET_SID_LIST 0x62
-
-GENSTRUCT struct gums_user
-{
- DOM_SID *group_sid; /* Primary Group SID */
-
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
-
- char *full_name; _NULLTERM /* user's full name string */
- char *home_dir; _NULLTERM /* home directory string */
- char *dir_drive; _NULLTERM /* home directory drive string */
- char *logon_script; _NULLTERM /* logon script string */
- char *profile_path; _NULLTERM /* profile path string */
- char *workstations; _NULLTERM /* login from workstations string */
- char *unknown_str; _NULLTERM /* don't know what this is, yet. */
- char *munged_dial; _NULLTERM /* munged path name and dial-back tel number */
-
- DATA_BLOB lm_pw; /* .data is Null if no password */
- DATA_BLOB nt_pw; /* .data is Null if no password */
-
- uint16 acct_ctrl; /* account type & status flags */
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 *hours; _LEN(hours_len) /* normally 21 bytes (depends on hours_len) */
-
- uint16 bad_password_count; /* 0 */
- uint16 logon_count; /* 0 */
- uint32 unknown_3; /* 0x00ff ffff */
- uint32 unknown_6; /* 0x0000 04ec */
-
-};
-
-GENSTRUCT struct gums_group
-{
- uint32 count; /* Number of SIDs */
- DOM_SID *members; _LEN(count) /* SID array */
-
-};
-
-GENSTRUCT struct gums_domain
-{
- uint32 next_rid;
-
-};
-
-GENSTRUCT struct gums_object
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object Type */
- uint32 version; /* Object Version */
- uint32 seq_num; /* Object Sequence Number */
-
- SEC_DESC *sec_desc; /* Security Descriptor */
-
- DOM_SID *sid; /* Object Sid */
- char *name; _NULLTERM /* Object Name - it should be in DOMAIN\NAME format */
- char *description; _NULLTERM /* Object Description */
-
- struct gums_user *user;
- struct gums_group *group;
- struct gums_domain *domain;
-
-};
-
-GENSTRUCT struct gums_privilege
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 version; /* Object Version */
- uint32 seq_num; /* Object Sequence Number */
-
- char *name; _NULLTERM /* Object Name */
- char *description; _NULLTERM /* Object Description */
-
- LUID_ATTR *privilege; /* Privilege Type */
-
- uint32 count;
- DOM_SID *members; _LEN(count)
-
-};
-
-typedef struct gums_user GUMS_USER;
-typedef struct gums_group GUMS_GROUP;
-typedef struct gums_domain GUMS_DOMAIN;
-typedef struct gums_object GUMS_OBJECT;
-typedef struct gums_privilege GUMS_PRIVILEGE;
-
-typedef struct gums_data_set
-{
- int type; /* GUMS_SET_xxx */
- void *data;
-
-} GUMS_DATA_SET;
-
-typedef struct gums_commit_set
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object type */
- DOM_SID sid; /* Object Sid */
- uint32 count; /* number of changes */
- GUMS_DATA_SET *data;
-
-} GUMS_COMMIT_SET;
-
-typedef struct gums_priv_commit_set
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object type */
- char *name; /* Object Sid */
- uint32 count; /* number of changes */
- GUMS_DATA_SET *data;
-
-} GUMS_PRIV_COMMIT_SET;
-
-
-typedef struct gums_functions
-{
- /* module data */
- TALLOC_CTX *mem_ctx;
- char *name;
- void *private_data;
- void (*free_private_data)(void **);
-
- /* Generic object functions */
-
- NTSTATUS (*get_domain_sid) (DOM_SID *sid, const char* name);
- NTSTATUS (*set_domain_sid) (const DOM_SID *sid);
-
- NTSTATUS (*get_sequence_number) (void);
-
- NTSTATUS (*new_object) (DOM_SID *sid, const char *name, const int obj_type);
- NTSTATUS (*delete_object) (const DOM_SID *sid);
-
- NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *domain, const char *name, const int obj_type);
- /* This function is used to get the list of all objects changed since b_time, it is
- used to support PDC<->BDC synchronization */
- NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
-
- NTSTATUS (*enumerate_objects_start) (void **handle, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle);
- NTSTATUS (*enumerate_objects_stop) (void *handle);
-
- /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
- Never use this function to update an object in the database, use set_object_values() */
- NTSTATUS (*set_object) (GUMS_OBJECT *object);
-
- /* set object values function */
- NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
-
- /* Group related functions */
- NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
-
- NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid);
-
- NTSTATUS (*lock_sid) (const DOM_SID *sid);
- NTSTATUS (*unlock_sid) (const DOM_SID *sid);
-
- /* privileges related functions */
-
- NTSTATUS (*get_privilege) (GUMS_OBJECT **object, const char *name);
- NTSTATUS (*add_members_to_privilege) (const char *name, const DOM_SID **members);
- NTSTATUS (*delete_members_from_privilege) (const char *name, const DOM_SID **members);
- NTSTATUS (*enumerate_privilege_members) (const char *name, DOM_SID **members);
- NTSTATUS (*get_sid_privileges) (const DOM_SID *sid, const char **privs);
-
- /* warning!: set_privilege will overwrite a prior existing privilege if such exist */
- NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
-
-} GUMS_FUNCTIONS;
-
-typedef NTSTATUS (*gums_init_function)(
- struct gums_functions *,
- const char *);
-
-struct gums_init_function_entry {
-
- const char *name;
- gums_init_function init_fn;
- struct gums_init_function_entry *prev, *next;
-};
-
-#endif /* _GUMS_H */
#include "version.h"
-#include "privileges.h"
-
#include "smb.h"
#include "nameserv.h"
#include "byteorder.h"
+#include "privileges.h"
+
#include "rpc_creds.h"
#include "mapping.h"
#include "rpc_secdes.h"
-#include "genparser.h"
-
-#include "gums.h"
-
#include "nt_printing.h"
#include "msdfs.h"
/* forward declarations from smbldap.c */
#include "smbldap.h"
-#include "modconf.h"
/***** automatically generated prototypes *****/
#ifndef NO_PROTO_H
enum SID_NAME_USE sid_name_use;
fstring nt_name;
fstring comment;
-
- /* Here we store SIDs that we can be sure of to be of type
- * SID_NAME_DOM_GRP, so it's a Domain Group which can not be
- * represented via /etc/group memberships. */
-
- int num_member;
- DOM_SID *alias_members;
} GROUP_MAP;
+++ /dev/null
-#ifndef _MODCONF_H_
-#define _MODCONF_H_
-/*
- Unix SMB/CIFS implementation.
-
- ModConf headers
-
- Copyright (C) Simo Sorce 2003
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Library General Public
- License as published by the Free Software Foundation; either
- version 2 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Library General Public
- License along with this library; if not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
-*/
-
-#define SAMBA_CONFIG_INTERFACE_VERSION 1
-
-/* Filled out by config backends */
-struct config_functions {
- NTSTATUS (*init)(char *params);
- NTSTATUS (*load)(BOOL (*sfunc)(const char *),BOOL (*pfunc)(const char *, const char *));
- NTSTATUS (*close)(void);
-};
-#endif /* _MODCONF_H_ */
#ifndef _NT_DOMAIN_H /* _NT_DOMAIN_H */
#define _NT_DOMAIN_H
-struct uuid
-{
- uint32 time_low;
- uint16 time_mid;
- uint16 time_hi_and_version;
- uint8 clock_seq[2];
- uint8 node[6];
-};
-#define UUID_SIZE 16
-
-#define UUID_FLAT_SIZE 16
-typedef struct uuid_flat
-{
- uint8 info[UUID_FLAT_SIZE];
-} UUID_FLAT;
-
/* dce/rpc support */
#include "rpc_dce.h"
} rid_name;
+struct acct_info
+{
+ fstring acct_name; /* account name */
+ fstring acct_desc; /* account name */
+ uint32 rid; /* domain-relative RID */
+};
+
/*
* higher order functions for use with msrpc client code
*/
#include "rpc_dfs.h"
#include "rpc_ds.h"
#include "rpc_echo.h"
-#include "rpc_epmapper.h"
#include "rpc_shutdown.h"
#endif /* _NT_DOMAIN_H */
PDB_GROUP_COUNT
};
-enum pdb_trust_passwd_elements {
- PDB_TRUST_PASS,
- PDB_TRUST_SID,
- PDB_TRUST_NAME,
- PDB_TRUST_MODTIME,
- PDB_TRUST_FLAGS,
-
- PDB_TRUST_COUNT
-};
enum pdb_value_state {
PDB_DEFAULT=0,
} SAM_GROUP;
-typedef struct _GROUP_INFO {
- struct pdb_methods *methods;
- DOM_SID sid;
- enum SID_NAME_USE sid_name_use;
- fstring nt_name;
- fstring comment;
-} GROUP_INFO;
-
-struct acct_info
-{
- fstring acct_name; /* account name */
- fstring acct_desc; /* account name */
- uint32 rid; /* domain-relative RID */
-};
-
-typedef struct sam_trust_passwd {
- TALLOC_CTX *mem_ctx;
-
- void (*free_fn)(struct sam_trust_passwd **);
-
- struct pdb_methods *methods;
-
- struct trust_passwd_data {
- uint16 flags; /* flags */
- size_t uni_name_len; /* unicode name length */
- smb_ucs2_t uni_name[32]; /* unicode domain name */
- fstring pass; /* trust password */
- time_t mod_time; /* last change time */
- DOM_SID domain_sid; /* trusted domain sid */
- } private;
-
-} SAM_TRUST_PASSWD;
-
-
-
/*****************************************************************
Functions to be implemented by the new (v2) passdb API
****************************************************************/
* this SAMBA will load. Increment this if *ANY* changes are made to the interface.
*/
-#define PASSDB_INTERFACE_VERSION 7
+#define PASSDB_INTERFACE_VERSION 4
typedef struct pdb_context
{
NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username);
- /* group mapping functions: to be removed */
-
NTSTATUS (*pdb_getgrsid)(struct pdb_context *context, GROUP_MAP *map, DOM_SID sid);
NTSTATUS (*pdb_getgrgid)(struct pdb_context *context, GROUP_MAP *map, gid_t gid);
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only);
- NTSTATUS (*pdb_find_alias)(struct pdb_context *context,
- const char *name, DOM_SID *sid);
-
- NTSTATUS (*pdb_create_alias)(struct pdb_context *context,
- const char *name, uint32 *rid);
-
- NTSTATUS (*pdb_delete_alias)(struct pdb_context *context,
- const DOM_SID *sid);
-
- NTSTATUS (*pdb_enum_aliases)(struct pdb_context *context,
- const DOM_SID *domain_sid,
- uint32 start_idx, uint32 num_entries,
- uint32 *num_aliases,
- struct acct_info **aliases);
-
- NTSTATUS (*pdb_get_aliasinfo)(struct pdb_context *context,
- const DOM_SID *sid,
- struct acct_info *info);
-
- NTSTATUS (*pdb_set_aliasinfo)(struct pdb_context *context,
- const DOM_SID *sid,
- struct acct_info *info);
-
- NTSTATUS (*pdb_add_aliasmem)(struct pdb_context *context,
- const DOM_SID *alias,
- const DOM_SID *member);
-
- NTSTATUS (*pdb_del_aliasmem)(struct pdb_context *context,
- const DOM_SID *alias,
- const DOM_SID *member);
-
- NTSTATUS (*pdb_enum_aliasmem)(struct pdb_context *context,
- const DOM_SID *alias,
- DOM_SID **members, int *num_members);
-
- NTSTATUS (*pdb_enum_alias_memberships)(struct pdb_context *context,
- const DOM_SID *alias,
- DOM_SID **aliases,
- int *num);
-
- /* group functions */
-
- NTSTATUS (*pdb_get_group_info_by_sid)(struct pdb_context *context, GROUP_INFO *info, const DOM_SID *group);
-
- NTSTATUS (*pdb_get_group_list)(struct pdb_context *context, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups);
-
- NTSTATUS (*pdb_get_group_sids)(struct pdb_context *context, const DOM_SID *group, DOM_SID **members, int *num_members);
-
- NTSTATUS (*pdb_add_group)(struct pdb_context *context, const SAM_GROUP *group);
-
- NTSTATUS (*pdb_update_group)(struct pdb_context *context, const SAM_GROUP *group);
-
- NTSTATUS (*pdb_delete_group)(struct pdb_context *context, const DOM_SID *group);
-
- NTSTATUS (*pdb_add_sid_to_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member);
-
- NTSTATUS (*pdb_remove_sid_from_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member);
-
- NTSTATUS (*pdb_get_group_info_by_name)(struct pdb_context *context, GROUP_INFO *info, const char *name);
-
- NTSTATUS (*pdb_get_group_info_by_nt_name)(struct pdb_context *context, GROUP_INFO *info, const char *nt_name);
-
- NTSTATUS (*pdb_get_group_uids)(struct pdb_context *context, const DOM_SID *group, uid_t **members, int *num_members);
-
- /* trust password functions */
-
- NTSTATUS (*pdb_settrustpwent)(struct pdb_context *context);
-
- NTSTATUS (*pdb_gettrustpwent)(struct pdb_context *context, SAM_TRUST_PASSWD *trust);
-
- NTSTATUS (*pdb_gettrustpwnam)(struct pdb_context *context, SAM_TRUST_PASSWD *trust, const char *dom_name);
-
- NTSTATUS (*pdb_gettrustpwsid)(struct pdb_context *context, SAM_TRUST_PASSWD *trust, const DOM_SID *sid);
-
- NTSTATUS (*pdb_add_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust);
-
- NTSTATUS (*pdb_update_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust);
-
- NTSTATUS (*pdb_delete_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust);
-
- /* privileges functions */
-
- NTSTATUS (*pdb_add_sid_to_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid);
-
- NTSTATUS (*pdb_remove_sid_from_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid);
-
- NTSTATUS (*pdb_get_privilege_set)(struct pdb_context *context, NT_USER_TOKEN *token, PRIVILEGE_SET *privs);
-
- NTSTATUS (*pdb_get_privilege_entry)(struct pdb_context *context, const char *privname, char **sid_list);
-
void (*free_fn)(struct pdb_context **);
TALLOC_CTX *mem_ctx;
NTSTATUS (*update_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass);
NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username);
-
- /* group mapping functions: to be removed */
-
+
NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid);
NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid);
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only);
- NTSTATUS (*find_alias)(struct pdb_methods *methods,
- const char *name, DOM_SID *sid);
-
- NTSTATUS (*create_alias)(struct pdb_methods *methods,
- const char *name, uint32 *rid);
-
- NTSTATUS (*delete_alias)(struct pdb_methods *methods,
- const DOM_SID *sid);
-
- NTSTATUS (*enum_aliases)(struct pdb_methods *methods,
- const DOM_SID *domain_sid,
- uint32 start_idx, uint32 max_entries,
- uint32 *num_aliases, struct acct_info **info);
-
- NTSTATUS (*get_aliasinfo)(struct pdb_methods *methods,
- const DOM_SID *sid,
- struct acct_info *info);
-
- NTSTATUS (*set_aliasinfo)(struct pdb_methods *methods,
- const DOM_SID *sid,
- struct acct_info *info);
-
- NTSTATUS (*add_aliasmem)(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member);
- NTSTATUS (*del_aliasmem)(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member);
- NTSTATUS (*enum_aliasmem)(struct pdb_methods *methods,
- const DOM_SID *alias, DOM_SID **members,
- int *num_members);
- NTSTATUS (*enum_alias_memberships)(struct pdb_methods *methods,
- const DOM_SID *sid,
- DOM_SID **aliases, int *num);
-
- /* group functions */
-
- NTSTATUS (*get_group_info_by_sid)(struct pdb_methods *methods, GROUP_INFO *info, const DOM_SID *group);
-
- NTSTATUS (*get_group_list)(struct pdb_methods *methods, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups);
-
- NTSTATUS (*get_group_sids)(struct pdb_methods *methods, const DOM_SID *group, DOM_SID **members, int *num_members);
-
- NTSTATUS (*add_group)(struct pdb_methods *methods, const SAM_GROUP *group);
-
- NTSTATUS (*update_group)(struct pdb_methods *methods, const SAM_GROUP *group);
-
- NTSTATUS (*delete_group)(struct pdb_methods *methods, const DOM_SID *group);
-
- NTSTATUS (*add_sid_to_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member);
-
- NTSTATUS (*remove_sid_from_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member);
-
- NTSTATUS (*get_group_info_by_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *name);
-
- NTSTATUS (*get_group_info_by_nt_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *nt_name);
-
- NTSTATUS (*get_group_uids)(struct pdb_methods *methods, const DOM_SID *group, uid_t **members, int *num_members);
-
void *private_data; /* Private data of some kind */
void (*free_private_data)(void **);
-
- /* trust password functions */
-
- NTSTATUS (*settrustpwent)(struct pdb_methods *methods);
-
- NTSTATUS (*gettrustpwent)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust);
-
- NTSTATUS (*gettrustpwnam)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, const char *name);
-
- NTSTATUS (*gettrustpwsid)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, const DOM_SID *sid);
-
- NTSTATUS (*add_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust);
-
- NTSTATUS (*update_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust);
-
- NTSTATUS (*delete_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust);
-
- /* privileges functions */
-
- NTSTATUS (*add_sid_to_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid);
-
- NTSTATUS (*remove_sid_from_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid);
-
- NTSTATUS (*get_privilege_set)(struct pdb_methods *methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privs);
-
- NTSTATUS (*get_privilege_entry)(struct pdb_methods *methods, const char *privname, char **sid_list);
} PDB_METHODS;
#ifndef PRIVILEGES_H
#define PRIVILEGES_H
-#define PRIV_ALL_INDEX 30
+#define PRIV_ALL_INDEX 5
-#define SE_NONE 0
-#define SE_ASSIGN_PRIMARY_TOKEN 1
-#define SE_CREATE_TOKEN 2
-#define SE_LOCK_MEMORY 3
-#define SE_INCREASE_QUOTA 4
-#define SE_UNSOLICITED_INPUT 5
-#define SE_MACHINE_ACCOUNT 6
-#define SE_TCB 7
-#define SE_SECURITY 8
-#define SE_TAKE_OWNERSHIP 9
-#define SE_LOAD_DRIVER 10
-#define SE_SYSTEM_PROFILE 11
-#define SE_SYSTEM_TIME 12
-#define SE_PROF_SINGLE_PROCESS 13
-#define SE_INC_BASE_PRIORITY 14
-#define SE_CREATE_PAGEFILE 15
-#define SE_CREATE_PERMANENT 16
-#define SE_BACKUP 17
-#define SE_RESTORE 18
-#define SE_SHUTDOWN 19
-#define SE_DEBUG 20
-#define SE_AUDIT 21
-#define SE_SYSTEM_ENVIRONMENT 22
-#define SE_CHANGE_NOTIFY 23
-#define SE_REMOTE_SHUTDOWN 24
-#define SE_UNDOCK 25
-#define SE_SYNC_AGENT 26
-#define SE_ENABLE_DELEGATION 27
-#define SE_PRINT_OPERATOR 28
-#define SE_ADD_USERS 29
-#define SE_ALL_PRIVS 0xffff
+#define SE_PRIV_NONE 0x0000
+#define SE_PRIV_ADD_MACHINES 0x0006
+#define SE_PRIV_SEC_PRIV 0x0008
+#define SE_PRIV_TAKE_OWNER 0x0009
+#define SE_PRIV_ADD_USERS 0xff01
+#define SE_PRIV_PRINT_OPERATOR 0xff03
+#define SE_PRIV_ALL 0xffff
#define PR_NONE 0x0000
#define PR_LOG_ON_LOCALLY 0x0001
#define PR_LOG_ON_BATCH_JOB 0x0004
#define PR_LOG_ON_SERVICE 0x0010
-#ifndef _BOOL
-typedef int BOOL;
-#define _BOOL /* So we don't typedef BOOL again in vfs.h */
-#endif
-
typedef struct LUID
{
uint32 low;
{
LUID luid;
uint32 attr;
-} LUID_ATTR;
+} LUID_ATTR ;
typedef struct privilege_set
{
+++ /dev/null
-#ifndef _RPC_CLIENT_PROTO_H_
-#define _RPC_CLIENT_PROTO_H_
-/* This file is automatically generated with "make proto". DO NOT EDIT */
-
-
-/*The following definitions come from lib/util_list.c */
-
-BOOL copy_policy_hnd (POLICY_HND *dest, const POLICY_HND *src);
-BOOL compare_rpc_hnd_node(const RPC_HND_NODE *x,
- const RPC_HND_NODE *y);
-BOOL RpcHndList_set_connection(const POLICY_HND *hnd,
- struct cli_connection *con);
-BOOL RpcHndList_del_connection(const POLICY_HND *hnd);
-struct cli_connection* RpcHndList_get_connection(const POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_connect.c */
-
-void init_connections(void);
-void free_connections(void);
-void cli_connection_free(struct cli_connection *con);
-void cli_connection_unlink(struct cli_connection *con);
-BOOL cli_connection_init(const char *srv_name, char *pipe_name,
- struct cli_connection **con);
-BOOL cli_connection_init_auth(const char *srv_name, char *pipe_name,
- struct cli_connection **con,
- cli_auth_fns * auth, void *auth_creds);
-struct _cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con);
-void *cli_conn_get_auth_creds(struct cli_connection *con);
-BOOL rpc_hnd_pipe_req(const POLICY_HND * hnd, uint8 op_num,
- prs_struct * data, prs_struct * rdata);
-BOOL rpc_con_pipe_req(struct cli_connection *con, uint8 op_num,
- prs_struct * data, prs_struct * rdata);
-BOOL rpc_con_ok(struct cli_connection *con);
-
-/*The following definitions come from rpc_client/cli_login.c */
-
-BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]);
-BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd);
-BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username,
- uint32 smb_userid_low, char *password,
- NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
- uint32 smb_userid_low, char lm_chal[8],
- char *lm_chal_resp, char *nt_chal_resp,
- NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
-
-/*The following definitions come from rpc_client/cli_lsarpc.c */
-
-BOOL do_lsa_open_policy(struct cli_state *cli,
- char *system_name, POLICY_HND *hnd,
- BOOL sec_qos);
-BOOL do_lsa_query_info_pol(struct cli_state *cli,
- POLICY_HND *hnd, uint16 info_class,
- fstring domain_name, DOM_SID *domain_sid);
-BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd);
-BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server);
-uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd,
- BOOL sec_qos, uint32 des_access);
-uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids,
- char ***names, uint32 **types, int *num_names);
-uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
- DOM_SID **sids, uint32 **types, int *num_sids);
-
-/*The following definitions come from rpc_client/cli_netlogon.c */
-
-BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint32 status_level);
-BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan,
- uint32 neg_flags, DOM_CHAL *srv_chal);
-BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal);
-BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16]);
-BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
-BOOL change_trust_account_password( char *domain, char *remote_machine_list);
-
-/*The following definitions come from rpc_client/cli_pipe.c */
-
-BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
- prs_struct *data, prs_struct *rdata);
-BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, char *my_name);
-void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs);
-BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name);
-void cli_nt_session_close(struct cli_state *cli);
-
-/*The following definitions come from rpc_client/cli_reg.c */
-
-BOOL do_reg_connect(struct cli_state *cli, char *full_keyname, char *key_name,
- POLICY_HND *reg_hnd);
-BOOL do_reg_open_hklm(struct cli_state *cli, uint16 unknown_0, uint32 level,
- POLICY_HND *hnd);
-BOOL do_reg_open_hku(struct cli_state *cli, uint16 unknown_0, uint32 level,
- POLICY_HND *hnd);
-BOOL do_reg_flush_key(struct cli_state *cli, POLICY_HND *hnd);
-BOOL do_reg_query_key(struct cli_state *cli, POLICY_HND *hnd,
- char *class, uint32 *class_len,
- uint32 *num_subkeys, uint32 *max_subkeylen,
- uint32 *max_subkeysize, uint32 *num_values,
- uint32 *max_valnamelen, uint32 *max_valbufsize,
- uint32 *sec_desc, NTTIME *mod_time);
-BOOL do_reg_unknown_1a(struct cli_state *cli, POLICY_HND *hnd, uint32 *unk);
-BOOL do_reg_query_info(struct cli_state *cli, POLICY_HND *hnd,
- char *key_value, uint32* key_type);
-BOOL do_reg_set_key_sec(struct cli_state *cli, POLICY_HND *hnd, SEC_DESC_BUF *sec_desc_buf);
-BOOL do_reg_get_key_sec(struct cli_state *cli, POLICY_HND *hnd, uint32 *sec_buf_size, SEC_DESC_BUF **ppsec_desc_buf);
-BOOL do_reg_delete_val(struct cli_state *cli, POLICY_HND *hnd, char *val_name);
-BOOL do_reg_delete_key(struct cli_state *cli, POLICY_HND *hnd, char *key_name);
-BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
- char *key_name, char *key_class,
- SEC_ACCESS *sam_access,
- POLICY_HND *key);
-BOOL do_reg_enum_key(struct cli_state *cli, POLICY_HND *hnd,
- int key_index, char *key_name,
- uint32 *unk_1, uint32 *unk_2,
- time_t *mod_time);
-BOOL do_reg_create_val(struct cli_state *cli, POLICY_HND *hnd,
- char *val_name, uint32 type, BUFFER3 *data);
-BOOL do_reg_enum_val(struct cli_state *cli, POLICY_HND *hnd,
- int val_index, int max_valnamelen, int max_valbufsize,
- fstring val_name,
- uint32 *val_type, BUFFER2 *value);
-BOOL do_reg_open_entry(struct cli_state *cli, POLICY_HND *hnd,
- char *key_name, uint32 unk_0,
- POLICY_HND *key_hnd);
-BOOL do_reg_close(struct cli_state *cli, POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_samr.c */
-
-BOOL get_samr_query_usergroups(struct cli_state *cli,
- POLICY_HND *pol_open_domain, uint32 user_rid,
- uint32 *num_groups, DOM_GID *gid);
-BOOL get_samr_query_userinfo(struct cli_state *cli,
- POLICY_HND *pol_open_domain,
- uint32 info_level,
- uint32 user_rid, SAM_USER_INFO_21 *usr);
-BOOL do_samr_chgpasswd_user(struct cli_state *cli,
- char *srv_name, char *user_name,
- char nt_newpass[516], uchar nt_oldhash[16],
- char lm_newpass[516], uchar lm_oldhash[16]);
-BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name);
-BOOL do_samr_query_dom_info(struct cli_state *cli,
- POLICY_HND *domain_pol, uint16 switch_value);
-BOOL do_samr_enum_dom_users(struct cli_state *cli,
- POLICY_HND *pol, uint16 num_entries, uint16 unk_0,
- uint16 acb_mask, uint16 unk_1, uint32 size,
- struct acct_info **sam,
- int *num_sam_users);
-BOOL do_samr_connect(struct cli_state *cli,
- char *srv_name, uint32 unknown_0,
- POLICY_HND *connect_pol);
-BOOL do_samr_open_user(struct cli_state *cli,
- POLICY_HND *pol, uint32 unk_0, uint32 rid,
- POLICY_HND *user_pol);
-BOOL do_samr_open_domain(struct cli_state *cli,
- POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid,
- POLICY_HND *domain_pol);
-BOOL do_samr_query_unknown_12(struct cli_state *cli,
- POLICY_HND *pol, uint32 rid, uint32 num_gids, uint32 *gids,
- uint32 *num_aliases,
- fstring als_names [MAX_LOOKUP_SIDS],
- uint32 num_als_users[MAX_LOOKUP_SIDS]);
-BOOL do_samr_query_usergroups(struct cli_state *cli,
- POLICY_HND *pol, uint32 *num_groups, DOM_GID *gid);
-BOOL do_samr_query_userinfo(struct cli_state *cli,
- POLICY_HND *pol, uint16 switch_value, void* usr);
-BOOL do_samr_close(struct cli_state *cli, POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_spoolss_notify.c */
-
-BOOL spoolss_disconnect_from_client( struct cli_state *cli);
-BOOL spoolss_connect_to_client( struct cli_state *cli, char *remote_machine);
-BOOL cli_spoolss_reply_open_printer(struct cli_state *cli, char *printer, uint32 localprinter, uint32 type, uint32 *status, POLICY_HND *handle);
-BOOL cli_spoolss_reply_rrpcn(struct cli_state *cli, POLICY_HND *handle,
- uint32 change_low, uint32 change_high, uint32 *status);
-BOOL cli_spoolss_reply_close_printer(struct cli_state *cli, POLICY_HND *handle, uint32 *status);
-
-/*The following definitions come from rpc_client/cli_srvsvc.c */
-
-BOOL do_srv_net_srv_conn_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_CONN_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_sess_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_SESS_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_share_enum(struct cli_state *cli,
- char *server_name,
- uint32 switch_value, SRV_R_NET_SHARE_ENUM *r_o,
- uint32 preferred_len, ENUM_HND *hnd);
-BOOL do_srv_net_srv_file_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_FILE_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_get_info(struct cli_state *cli,
- char *server_name, uint32 switch_value, SRV_INFO_CTR *ctr);
-
-/*The following definitions come from rpc_client/cli_use.c */
-
-void init_cli_use(void);
-void free_cli_use(void);
-struct cli_state *cli_net_use_add(const char *srv_name,
- const struct ntuser_creds *usr_creds,
- BOOL reuse, BOOL *is_new);
-BOOL cli_net_use_del(const char *srv_name,
- const struct ntuser_creds *usr_creds,
- BOOL force_close, BOOL *connection_closed);
-void cli_net_use_enum(uint32 *num_cons, struct use_info ***use);
-void cli_use_wait_keyboard(void);
-
-/*The following definitions come from rpc_client/cli_wkssvc.c */
-
-BOOL do_wks_query_info(struct cli_state *cli,
- char *server_name, uint32 switch_value,
- WKS_INFO_100 *wks100);
-
-/*The following definitions come from rpc_client/ncacn_np_use.c */
-
-BOOL ncacn_np_use_del(const char *srv_name, const char *pipe_name,
- const vuser_key * key,
- BOOL force_close, BOOL *connection_closed);
-struct ncacn_np *ncacn_np_initialise(struct ncacn_np *msrpc,
- const vuser_key * key);
-struct ncacn_np *ncacn_np_use_add(const char *pipe_name,
- const vuser_key * key,
- const char *srv_name,
- const struct ntuser_creds *ntc,
- BOOL reuse, BOOL *is_new_connection);
-#endif /* _PROTO_H_ */
/* #define MAX_PDU_FRAG_LEN 0x1630 this is what wnt sets */
#define MAX_PDU_FRAG_LEN 0x10b8 /* this is what w2k sets */
+/*
+ * Actual structure of a DCE UUID
+ */
+
+typedef struct rpc_uuid
+{
+ uint32 time_low;
+ uint16 time_mid;
+ uint16 time_hi_and_version;
+ uint8 remaining[8];
+} RPC_UUID;
+
+#define RPC_UUID_LEN 16
+
/* RPC_IFACE */
typedef struct rpc_iface_info
{
- struct uuid uuid; /* 16 bytes of rpc interface identification */
+ RPC_UUID uuid; /* 16 bytes of rpc interface identification */
uint32 version; /* the interface version number */
} RPC_IFACE;
-#define RPC_IFACE_LEN (UUID_SIZE + 4)
+#define RPC_IFACE_LEN (RPC_UUID_LEN + 4)
struct pipe_id_info
{
uint32 dnsname_ptr;
uint32 forestname_ptr;
- struct uuid domain_guid;
+ GUID domain_guid;
UNISTR2 netbios_domain;
uint32 trust_type;
uint32 trust_attributes;
uint32 sid_ptr;
- struct uuid guid;
+ GUID guid;
UNISTR2 netbios_domain;
UNISTR2 dns_domain;
uint32 parent_index;
uint32 trust_type;
uint32 trust_attributes;
- struct uuid guid;
+ GUID guid;
DOM_SID sid;
char *netbios_domain;
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Endpoint mapper data definitions
- Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#define EPM_HANDLE_LEN 20
-
-/* ordinal for the mapping interface */
-
-#define EPM_MAP_PIPE_NAME 0x03
-
-/* some of the different connection protocols and their IDs from Windows */
-
-#define EPM_FLOOR_UUID 0x0d /* floor contains UUID */
-#define EPM_FLOOR_RPC 0x0b /* tower is for connection-oriented rpc */
-#define EPM_FLOOR_TCP 0x07 /* floor contains tcp port number */
-#define EPM_FLOOR_IP 0x09 /* floor contains IP address */
-#define EPM_FLOOR_NMPIPES 0x0f /* floor contains remote named pipe name */
-#define EPM_FLOOR_LRPC 0x10 /* floor contains local named pipe name */
-#define EPM_FLOOR_NETBIOS 0x11 /* floor contains netbios address */
-#define EPM_FLOOR_NETBEUI 0x12 /* floor contains netbeui address */
-#define EPM_FLOOR_SOCKET 0x20
-
-#define EPM_PIPE_NM "epmapper"
-
-#define MAX_TOWERS 1
-
-typedef struct
-{
- uint8 data[EPM_HANDLE_LEN];
-} EPM_HANDLE;
-
-typedef struct
-{
- struct {
- uint16 length;
- uint8 protocol;
- struct {
- struct uuid uuid;
- uint16 version;
- } uuid;
- } lhs;
- struct {
- uint16 length;
- uint16 unknown;
- struct {
- uint16 port;
- } tcp;
- struct {
- uint8 addr[4];
- } ip;
- char string[MAXHOSTNAMELEN+3]; /* hostname + \\ + null term */
- } rhs;
-} EPM_FLOOR;
-
-typedef struct
-{
- uint32 max_length;
- uint32 length;
- uint16 num_floors;
- EPM_FLOOR *floors;
- uint8 unknown;
-} EPM_TOWER;
-
-typedef struct
-{
- EPM_HANDLE handle;
- uint32 tower_ref_id;
- EPM_TOWER *tower;
- EPM_HANDLE term_handle; /* in/out */
- uint32 max_towers;
-} EPM_Q_MAP;
-
-typedef struct
-{
- uint32 max_count;
- uint32 offset;
- uint32 count;
- uint32 *tower_ref_ids;
- EPM_TOWER *towers;
-} EPM_TOWER_ARRAY;
-
-typedef struct
-{
- EPM_HANDLE handle;
- uint32 num_results;
- EPM_TOWER_ARRAY *results;
- uint32 status;
-} EPM_R_MAP;
-
-
-/* port mapping entries to be read */
-
-typedef struct _mapper_entries{
- uint8 protocol ;
- RPC_IFACE uuid_info ; /* needs to be zeroed if no specific uuid */
- uint16 port ;
- char pipe_name[40] ;
- char srv_name[20] ;
- uint8 srv_port[4] ;
- char func_name[16][16]; /* array of up to 16 functions available */
-} mapper_entries;
-
UNIHDR hdr_dns_dom_name;
UNIHDR hdr_forest_name;
- struct uuid dom_guid; /* domain GUID */
+ GUID dom_guid; /* domain GUID */
UNISTR2 uni_nb_dom_name;
UNISTR2 uni_dns_dom_name;
PROTECTED_SACL_SECURITY_INFORMATION|\
PROTECTED_DACL_SECURITY_INFORMATION)
+/* Globally Unique ID */
+#define GUID_SIZE 16
+typedef struct guid_info
+{
+ uint8 info[GUID_SIZE];
+} GUID;
+
/* SEC_ACCESS */
typedef struct security_info_info
{
/* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
uint32 obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
- struct uuid obj_guid; /* object GUID */
- struct uuid inh_guid; /* inherited object GUID */
+ GUID obj_guid; /* object GUID */
+ GUID inh_guid; /* inherited object GUID */
/* eof object stuff */
DOM_SID trustee;
#define SECRETS_AUTH_DOMAIN "SECRETS/AUTH_DOMAIN"
#define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD"
-/* Trust password type flags */
-#define PASS_MACHINE_TRUST_NT 0x0001
-#define PASS_SERVER_TRUST_NT 0x0002
-#define PASS_DOMAIN_TRUST_NT 0x0004
-#define PASS_MACHINE_TRUST_ADS 0x0008
-#define PASS_DOMAIN_TRUST_ADS 0x0010
-
/* structure for storing machine account password
(ie. when samba server is member of a domain */
struct machine_acct_pass {
#define PIPE_NETDFS "\\PIPE\\netdfs"
#define PIPE_ECHO "\\PIPE\\rpcecho"
#define PIPE_SHUTDOWN "\\PIPE\\initshutdown"
-#define PIPE_EPM "\\PIPE\\epmapper"
#define PIPE_NETLOGON_PLAIN "\\NETLOGON"
#define PI_NETDFS 8
#define PI_ECHO 9
#define PI_SHUTDOWN 10
-#define PI_EPM 11
-#define PI_MAX_PIPES 12
+#define PI_MAX_PIPES 11
/* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */
typedef struct nttime_info
int ngroups;
gid_t *groups;
NT_USER_TOKEN *nt_user_token;
- PRIVILEGE_SET *privs;
time_t lastused;
BOOL used;
int ngroups;
gid_t *groups;
NT_USER_TOKEN *nt_user_token;
- PRIVILEGE_SET *privs;
};
/* Defines for the sent_oplock_break field above. */
gid_t *groups;
NT_USER_TOKEN *nt_user_token;
- PRIVILEGE_SET *privs;
DATA_BLOB session_key;
typedef struct smb_sign_info {
void (*sign_outgoing_message)(char *outbuf, struct smb_sign_info *si);
- BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si, BOOL expected_ok);
+ BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si);
void (*free_signing_context)(struct smb_sign_info *si);
void *signing_context;
BOOL allow_smb_signing;
BOOL doing_signing;
BOOL mandatory_signing;
- BOOL seen_valid; /* Have I ever seen a validly signed packet? */
} smb_sign_info;
#endif /* _SMB_H */
#define LDAP_OBJ_IDPOOL "sambaUnixIdPool"
#define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry"
#define LDAP_OBJ_SID_ENTRY "sambaSidEntry"
-#define LDAP_OBJ_PRIVILEGE "sambaPrivilege"
#define LDAP_OBJ_ACCOUNT "account"
#define LDAP_OBJ_POSIXACCOUNT "posixAccount"
#define LDAP_ATTRIBUTE_SID "sambaSID"
#define LDAP_ATTRIBUTE_UIDNUMBER "uidNumber"
#define LDAP_ATTRIBUTE_GIDNUMBER "gidNumber"
-#define LDAP_ATTRIBUTE_SID_LIST "sambaSIDList"
/* attribute map table indexes */
#define LDAP_ATTR_MUNGED_DIAL 37
#define LDAP_ATTR_BAD_PASSWORD_TIME 38
#define LDAP_ATTR_MOD_TIMESTAMP 39
-#define LDAP_ATTR_SID_LIST 40
typedef struct _attrib_map_entry {
int attrib;
extern ATTRIB_MAP_ENTRY attrib_map_v30[];
extern ATTRIB_MAP_ENTRY dominfo_attr_list[];
extern ATTRIB_MAP_ENTRY groupmap_attr_list[];
-extern ATTRIB_MAP_ENTRY privilege_attr_list[];
extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[];
extern ATTRIB_MAP_ENTRY idpool_attr_list[];
extern ATTRIB_MAP_ENTRY sidmap_attr_list[];
+++ /dev/null
-/* This is an automatically generated file - DO NOT EDIT! */
-
+++ /dev/null
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- Groupname handling
- Copyright (C) Jeremy Allison 1998.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/*
- * UNIX gid and Local or Domain SID resolution. This module resolves
- * only those entries in the map files, it is *NOT* responsible for
- * resolving UNIX groups not listed: that is an entirely different
- * matter, altogether...
- */
-
-/*
- *
- *
-
- format of the file is:
-
- unixname NT Group name
- unixname Domain Admins (well-known Domain Group)
- unixname DOMAIN_NAME\NT Group name
- unixname OTHER_DOMAIN_NAME\NT Group name
- unixname DOMAIN_NAME\Domain Admins (well-known Domain Group)
- ....
-
- if the DOMAIN_NAME\ component is left off, then your own domain is assumed.
-
- *
- *
- */
-
-
-#include "includes.h"
-extern int DEBUGLEVEL;
-
-extern fstring global_myworkgroup;
-extern DOM_SID global_member_sid;
-extern fstring global_sam_name;
-extern DOM_SID global_sam_sid;
-extern DOM_SID global_sid_S_1_5_20;
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uid_t pwdb_user_rid_to_uid(uint32 user_rid)
-{
- return ((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_group_rid_to_gid(uint32 group_rid)
-{
- return ((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_alias_rid_to_gid(uint32 alias_rid)
-{
- return ((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_group_rid(uint32 gid)
-{
- uint32 grp_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
- return grp_rid;
-}
-
-/******************************************************************
- converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_alias_rid(uint32 gid)
-{
- uint32 alias_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
- return alias_rid;
-}
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_uid_to_user_rid(uint32 uid)
-{
- uint32 user_rid = ((((uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
- return user_rid;
-}
-
-/******************************************************************
- converts SID + SID_NAME_USE type to a UNIX id. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_sam_sid_to_unixid(DOM_SID *sid, uint8 type, uint32 *id)
-{
- DOM_SID tmp_sid;
- uint32 rid;
-
- sid_copy(&tmp_sid, sid);
- sid_split_rid(&tmp_sid, &rid);
- if (!sid_equal(&global_sam_sid, &tmp_sid))
- {
- return False;
- }
-
- switch (type)
- {
- case SID_NAME_USER:
- {
- *id = pwdb_user_rid_to_uid(rid);
- return True;
- }
- case SID_NAME_ALIAS:
- {
- *id = pwdb_alias_rid_to_gid(rid);
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- *id = pwdb_group_rid_to_gid(rid);
- return True;
- }
- }
- return False;
-}
-
-/******************************************************************
- converts UNIX gid + SID_NAME_USE type to a SID. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_unixid_to_sam_sid(uint32 id, uint8 type, DOM_SID *sid)
-{
- sid_copy(sid, &global_sam_sid);
- switch (type)
- {
- case SID_NAME_USER:
- {
- sid_append_rid(sid, pwdb_uid_to_user_rid(id));
- return True;
- }
- case SID_NAME_ALIAS:
- {
- sid_append_rid(sid, pwdb_gid_to_alias_rid(id));
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- sid_append_rid(sid, pwdb_gid_to_group_rid(id));
- return True;
- }
- }
- return False;
-}
-
-/*******************************************************************
- Decides if a RID is a well known RID.
- ********************************************************************/
-static BOOL pwdb_rid_is_well_known(uint32 rid)
-{
- return (rid < 1000);
-}
-
-/*******************************************************************
- determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_rid_type(uint32 rid)
-{
- /* lkcl i understand that NT attaches an enumeration to a RID
- * such that it can be identified as either a user, group etc
- * type: SID_ENUM_TYPE.
- */
- if (pwdb_rid_is_well_known(rid))
- {
- /*
- * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
- * and DOMAIN_USER_RID_GUEST.
- */
- if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
- {
- return RID_TYPE_USER;
- }
- if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
- {
- return RID_TYPE_GROUP;
- }
- if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
- {
- return RID_TYPE_ALIAS;
- }
- }
- return (rid & RID_TYPE_MASK);
-}
-
-/*******************************************************************
- checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-BOOL pwdb_rid_is_user(uint32 rid)
-{
- return pwdb_rid_type(rid) == RID_TYPE_USER;
-}
-
-/**************************************************************************
- Groupname map functionality. The code loads a groupname map file and
- (currently) loads it into a linked list. This is slow and memory
- hungry, but can be changed into a more efficient storage format
- if the demands on it become excessive.
-***************************************************************************/
-
-typedef struct name_map
-{
- ubi_slNode next;
- DOM_NAME_MAP grp;
-
-} name_map_entry;
-
-static ubi_slList groupname_map_list;
-static ubi_slList aliasname_map_list;
-static ubi_slList ntusrname_map_list;
-
-static void delete_name_entry(name_map_entry *gmep)
-{
- if (gmep->grp.nt_name)
- {
- free(gmep->grp.nt_name);
- }
- if (gmep->grp.nt_domain)
- {
- free(gmep->grp.nt_domain);
- }
- if (gmep->grp.unix_name)
- {
- free(gmep->grp.unix_name);
- }
- free((char*)gmep);
-}
-
-/**************************************************************************
- Delete all the entries in the name map list.
-***************************************************************************/
-
-static void delete_map_list(ubi_slList *map_list)
-{
- name_map_entry *gmep;
-
- while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL)
- {
- delete_name_entry(gmep);
- }
-}
-
-
-/**************************************************************************
- makes a group sid out of a domain sid and a _unix_ gid.
-***************************************************************************/
-static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
-{
- int ret = False;
- fstring sid_str;
-
- if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
- {
- DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
- grp->nt_domain));
- return False;
- }
-
- if (sid_equal(&grp->sid, &global_sid_S_1_5_20))
- {
- /*
- * only builtin aliases are recognised in S-1-5-20
- */
- DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n",
- grp->nt_name));
-
- if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0)
- {
- DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n",
- grp->unix_name, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_USER)
- {
- DEBUG(0,("well-known NT user %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_DOMAIN)
- {
- DEBUG(0,("well-known NT group %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else
- {
- switch (type)
- {
- case DOM_MAP_USER:
- {
- grp->type = SID_NAME_USER;
- break;
- }
- case DOM_MAP_DOMAIN:
- {
- grp->type = SID_NAME_DOM_GRP;
- break;
- }
- case DOM_MAP_LOCAL:
- {
- grp->type = SID_NAME_ALIAS;
- break;
- }
- }
-
- ret = pwdb_unixid_to_sam_sid(grp->unix_id, grp->type, &grp->sid);
- }
-
- sid_to_string(sid_str, &grp->sid);
- DEBUG(10,("nt name %s\\%s gid %d mapped to %s\n",
- grp->nt_domain, grp->nt_name, grp->unix_id, sid_str));
- return ret;
-}
-
-/**************************************************************************
- makes a group sid out of an nt domain, nt group name or a unix group name.
-***************************************************************************/
-static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP *map, DOM_MAP_TYPE type)
-{
- /*
- * Attempt to get the unix gid_t for this name.
- */
-
- DEBUG(5,("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name));
-
- if (type == DOM_MAP_USER)
- {
- const struct passwd *pwptr = Get_Pwnam(map->unix_name, False);
- if (pwptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: Get_Pwnam for user %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)pwptr->pw_uid;
- }
- else
- {
- struct group *gptr = getgrnam(map->unix_name);
- if (gptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: getgrnam for group %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)gptr->gr_gid;
- }
-
- DEBUG(5,("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id));
-
- /*
- * Now map the name to an NT SID+RID.
- */
-
- if (map->nt_domain != NULL && !strequal(map->nt_domain, global_sam_name))
- {
- /* Must add client-call lookup code here, to
- * resolve remote domain's sid and the group's rid,
- * in that domain.
- *
- * NOTE: it is _incorrect_ to put code here that assumes
- * we are responsible for lookups for foriegn domains' RIDs.
- *
- * for foriegn domains for which we are *NOT* the PDC, all
- * we can be responsible for is the unix gid_t to which
- * the foriegn SID+rid maps to, on this _local_ machine.
- * we *CANNOT* make any short-cuts or assumptions about
- * RIDs in a foriegn domain.
- */
-
- if (!map_domain_name_to_sid(&map->sid, &(map->nt_domain)))
- {
- DEBUG(0,("unix_name_to_nt_name_info: no known sid for %s\n",
- map->nt_domain));
- return False;
- }
- }
-
- return make_mydomain_sid(map, type);
-}
-
-static BOOL make_name_entry(name_map_entry **new_ep,
- char *nt_domain, char *nt_group, char *unix_group,
- DOM_MAP_TYPE type)
-{
- /*
- * Create the list entry and add it onto the list.
- */
-
- DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group));
-
- (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry));
- if ((*new_ep) == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n"));
- return False;
- }
-
- ZERO_STRUCTP(*new_ep);
-
- (*new_ep)->grp.nt_name = strdup(nt_group );
- (*new_ep)->grp.nt_domain = strdup(nt_domain );
- (*new_ep)->grp.unix_name = strdup(unix_group);
-
- if ((*new_ep)->grp.nt_name == NULL ||
- (*new_ep)->grp.unix_name == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n"));
- delete_name_entry((*new_ep));
- return False;
- }
-
- /*
- * look up the group names, make the Group-SID and unix gid
- */
-
- if (!unix_name_to_nt_name_info(&(*new_ep)->grp, type))
- {
- delete_name_entry((*new_ep));
- return False;
- }
-
- return True;
-}
-
-/**************************************************************************
- Load a name map file. Sets last accessed timestamp.
-***************************************************************************/
-static ubi_slList *load_name_map(DOM_MAP_TYPE type)
-{
- static time_t groupmap_file_last_modified = (time_t)0;
- static time_t aliasmap_file_last_modified = (time_t)0;
- static time_t ntusrmap_file_last_modified = (time_t)0;
- static BOOL initialised_group = False;
- static BOOL initialised_alias = False;
- static BOOL initialised_ntusr = False;
- char *groupname_map_file = lp_groupname_map();
- char *aliasname_map_file = lp_aliasname_map();
- char *ntusrname_map_file = lp_ntusrname_map();
-
- FILE *fp;
- char *s;
- pstring buf;
- name_map_entry *new_ep;
-
- time_t *file_last_modified = NULL;
- int *initialised = NULL;
- char *map_file = NULL;
- ubi_slList *map_list = NULL;
-
- switch (type)
- {
- case DOM_MAP_DOMAIN:
- {
- file_last_modified = &groupmap_file_last_modified;
- initialised = &initialised_group;
- map_file = groupname_map_file;
- map_list = &groupname_map_list;
-
- break;
- }
- case DOM_MAP_LOCAL:
- {
- file_last_modified = &aliasmap_file_last_modified;
- initialised = &initialised_alias;
- map_file = aliasname_map_file;
- map_list = &aliasname_map_list;
-
- break;
- }
- case DOM_MAP_USER:
- {
- file_last_modified = &ntusrmap_file_last_modified;
- initialised = &initialised_ntusr;
- map_file = ntusrname_map_file;
- map_list = &ntusrname_map_list;
-
- break;
- }
- }
-
- if (!(*initialised))
- {
- DEBUG(10,("initialising map %s\n", map_file));
- ubi_slInitList(map_list);
- (*initialised) = True;
- }
-
- if (!*map_file)
- {
- return map_list;
- }
-
- /*
- * Load the file.
- */
-
- fp = open_file_if_modified(map_file, "r", file_last_modified);
- if (!fp)
- {
- return map_list;
- }
-
- /*
- * Throw away any previous list.
- */
- delete_map_list(map_list);
-
- DEBUG(4,("load_name_map: Scanning name map %s\n",map_file));
-
- while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL)
- {
- pstring unixname;
- pstring nt_name;
- fstring nt_domain;
- fstring ntname;
- char *p;
-
- DEBUG(10,("Read line |%s|\n", s));
-
- memset(nt_name, 0, sizeof(nt_name));
-
- if (!*s || strchr("#;",*s))
- continue;
-
- if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
- continue;
-
- if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name)))
- continue;
-
- trim_string(unixname, " ", " ");
- trim_string(nt_name, " ", " ");
-
- if (!*nt_name)
- continue;
-
- if (!*unixname)
- continue;
-
- p = strchr(nt_name, '\\');
-
- if (p == NULL)
- {
- memset(nt_domain, 0, sizeof(nt_domain));
- fstrcpy(ntname, nt_name);
- }
- else
- {
- *p = 0;
- p++;
- fstrcpy(nt_domain, nt_name);
- fstrcpy(ntname , p);
- }
-
- if (make_name_entry(&new_ep, nt_domain, ntname, unixname, type))
- {
- ubi_slAddTail(map_list, (ubi_slNode *)new_ep);
- DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n",
- new_ep->grp.unix_name,
- new_ep->grp.nt_domain,
- new_ep->grp.nt_name,
- new_ep->grp.type));
- }
- }
-
- DEBUG(10,("load_name_map: Added %ld entries to name map.\n",
- ubi_slCount(map_list)));
-
- fclose(fp);
-
- return map_list;
-}
-
-static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from)
-{
- sid_copy(&grp->sid, &from->sid);
- grp->unix_id = from->unix_id;
- grp->nt_name = from->nt_name;
- grp->nt_domain = from->nt_domain;
- grp->unix_name = from->unix_name;
- grp->type = from->type;
-}
-
-#if 0
-/***********************************************************
- Lookup unix name.
-************************************************************/
-static BOOL map_unixname(DOM_MAP_TYPE type,
- char *unixname, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.unix_name, unixname))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixname: Mapping unix name %s to nt group %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-#endif
-
-/***********************************************************
- Lookup nt name.
-************************************************************/
-static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain,
- DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.nt_name , ntname) &&
- strequal(gmep->grp.nt_domain, ntdomain))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_ntname: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-
-/***********************************************************
- Lookup by SID
-************************************************************/
-static BOOL map_sid(DOM_MAP_TYPE type,
- DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (sid_equal(&gmep->grp.sid, psid))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_sid: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- Lookup by gid_t.
-************************************************************/
-static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- fstring sid_str;
- sid_to_string(sid_str, &gmep->grp.sid);
- DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n",
- gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str));
- if (gmep->grp.unix_id == unix_id)
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixid: Mapping unix name %s to nt name %s type %d\n",
- gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- *
- * Call four functions to resolve unix group ids and either
- * local group SIDs or domain group SIDs listed in the local group
- * or domain group map files.
- *
- * Note that it is *NOT* the responsibility of these functions to
- * resolve entries that are not in the map files.
- *
- * Any SID can be in the map files (i.e from any Domain).
- *
- ***********************************************************/
-
-#if 0
-
-/***********************************************************
- Lookup a UNIX Group entry by name.
-************************************************************/
-BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info);
-}
-
-/***********************************************************
- Lookup a UNIX Alias entry by name.
-************************************************************/
-BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias name entry
-************************************************************/
-BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info);
-}
-
-/***********************************************************
- Lookup a Group entry
-************************************************************/
-BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info);
-}
-
-#endif
-
-/***********************************************************
- Lookup a Username entry by name.
-**********************
git.samba.org / ira / wip.git / commitdiff