Merge branch 'master' of git://git.samba.org/samba
authorNadezhda Ivanova <nadezhda.ivanova@postpath.com>
Wed, 13 Jan 2010 10:02:31 +0000 (12:02 +0200)
committerNadezhda Ivanova <nadezhda.ivanova@postpath.com>
Wed, 13 Jan 2010 10:02:31 +0000 (12:02 +0200)
180 files changed:
WHATSNEW4.txt
docs-xml/manpages-3/eventlogadm.8.xml
docs-xml/manpages-3/pdbedit.8.xml
lib/tsocket/doxy.config [new file with mode: 0644]
lib/tsocket/tsocket.h
lib/tsocket/tsocket_helpers.c
lib/util/debug.h
libcli/auth/smbencrypt.c
libcli/util/tstream.c [new file with mode: 0644]
libcli/util/tstream.h [new file with mode: 0644]
librpc/gen_ndr/drsuapi.h
librpc/gen_ndr/ndr_drsuapi.c
librpc/idl/drsuapi.idl
selftest/selftest.pl
source3/Makefile.in
source3/auth/auth_builtin.c
source3/auth/auth_compat.c
source3/auth/auth_domain.c
source3/auth/auth_netlogond.c
source3/auth/auth_ntlmssp.c
source3/auth/auth_sam.c
source3/auth/auth_script.c
source3/auth/auth_server.c
source3/auth/auth_unix.c
source3/auth/auth_util.c
source3/auth/auth_wbc.c
source3/auth/auth_winbind.c
source3/configure.in
source3/groupdb/mapping.c
source3/include/auth.h
source3/include/proto.h
source3/include/smb.h
source3/lib/time.c
source3/lib/util_seaccess.c
source3/libnet/libnet_samsync_passdb.c
source3/libsmb/cliconnect.c
source3/libsmb/samlogon_cache.c
source3/locking/locking.c
source3/modules/vfs_acl_common.c
source3/modules/vfs_acl_tdb.c
source3/modules/vfs_acl_xattr.c
source3/modules/vfs_cap.c
source3/modules/vfs_scannedonly.c [new file with mode: 0644]
source3/modules/vfs_zfsacl.c
source3/passdb/lookup_sid.c
source3/passdb/passdb.c
source3/passdb/pdb_compat.c
source3/passdb/pdb_get_set.c
source3/passdb/pdb_interface.c
source3/passdb/pdb_ldap.c
source3/passdb/util_unixsids.c
source3/passdb/util_wellknown.c
source3/printing/nt_printing.c
source3/rpc_client/cli_netlogon.c
source3/rpc_server/srv_lsa_nt.c
source3/rpc_server/srv_netlog_nt.c
source3/rpc_server/srv_samr_nt.c
source3/rpc_server/srv_srvsvc_nt.c
source3/smbd/chgpasswd.c
source3/smbd/close.c
source3/smbd/dir.c
source3/smbd/file_access.c
source3/smbd/globals.c
source3/smbd/globals.h
source3/smbd/lanman.c
source3/smbd/password.c
source3/smbd/posix_acls.c
source3/smbd/reply.c
source3/smbd/sesssetup.c
source3/smbd/vfs.c
source3/utils/net_groupmap.c
source3/utils/net_rpc.c
source3/utils/ntlm_auth.c
source3/utils/pdbedit.c
source3/winbindd/idmap_hash/idmap_hash.c
source3/winbindd/idmap_tdb.c
source3/winbindd/winbindd_ads.c
source3/winbindd/winbindd_cache.c
source3/winbindd/winbindd_ccache_access.c
source3/winbindd/winbindd_cred_cache.c
source3/winbindd/winbindd_creds.c
source3/winbindd/winbindd_pam.c
source3/winbindd/winbindd_rpc.c
source4/VERSION
source4/auth/auth.h
source4/auth/kerberos/kerberos_pac.c
source4/dsdb/common/util.c
source4/dsdb/config.mk
source4/dsdb/repl/drepl_out_helpers.c
source4/dsdb/repl/drepl_out_pull.c
source4/dsdb/repl/drepl_partitions.c
source4/dsdb/repl/drepl_periodic.c
source4/dsdb/repl/drepl_ridalloc.c [new file with mode: 0644]
source4/dsdb/repl/drepl_service.c
source4/dsdb/repl/drepl_service.h
source4/dsdb/samdb/ldb_modules/acl.c
source4/dsdb/samdb/ldb_modules/config.mk
source4/dsdb/samdb/ldb_modules/instancetype.c
source4/dsdb/samdb/ldb_modules/lazy_commit.c
source4/dsdb/samdb/ldb_modules/partition.c
source4/dsdb/samdb/ldb_modules/pdc_fsmo.c
source4/dsdb/samdb/ldb_modules/repl_meta_data.c
source4/dsdb/samdb/ldb_modules/ridalloc.c [new file with mode: 0644]
source4/dsdb/samdb/ldb_modules/samba3sid.c [new file with mode: 0644]
source4/dsdb/samdb/ldb_modules/samba_dsdb.c
source4/dsdb/samdb/ldb_modules/samldb.c
source4/dsdb/samdb/ldb_modules/schema_data.c
source4/dsdb/samdb/ldb_modules/schema_load.c
source4/dsdb/samdb/ldb_modules/show_deleted.c
source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
source4/dsdb/samdb/ldb_modules/util.c
source4/dsdb/samdb/ldb_modules/util.h
source4/dsdb/samdb/samdb.h
source4/dsdb/schema/schema.h
source4/dsdb/schema/schema_init.c
source4/dsdb/schema/schema_query.c
source4/dsdb/schema/schema_syntax.c
source4/kdc/config.mk
source4/kdc/hdb-samba4.c
source4/kdc/kdc.c
source4/lib/events/events.h
source4/lib/events/tevent_s4.c
source4/lib/ldb-samba/ldif_handlers.c
source4/lib/ldb-samba/ldif_handlers.h
source4/lib/ldb/common/ldb_dn.c
source4/lib/ldb/ldb_tdb/ldb_index.c
source4/lib/ldb/ldb_tdb/ldb_tdb.c
source4/lib/ldb/tests/python/acl.py
source4/lib/ldb/tests/python/sec_descriptor.py
source4/lib/ldb/tools/cmdline.c
source4/lib/messaging/messaging.c
source4/lib/messaging/messaging.h
source4/libcli/config.mk
source4/libnet/libnet_become_dc.c
source4/libnet/libnet_vampire.c
source4/rpc_server/config.mk
source4/rpc_server/drsuapi/addentry.c
source4/rpc_server/drsuapi/dcesrv_drsuapi.c
source4/rpc_server/drsuapi/dcesrv_drsuapi.h
source4/rpc_server/drsuapi/getncchanges.c
source4/rpc_server/drsuapi/writespn.c [new file with mode: 0644]
source4/scripting/bin/setup_dns.sh
source4/scripting/bin/upgradeprovision
source4/scripting/devel/tmpfs.sh [new file with mode: 0755]
source4/scripting/python/samba/__init__.py
source4/scripting/python/samba/ms_schema.py
source4/scripting/python/samba/provision.py
source4/scripting/python/samba/schema.py
source4/selftest/knownfail
source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt [new file with mode: 0644]
source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt [new file with mode: 0644]
source4/setup/aggregate_schema.ldif
source4/setup/provision.ldif
source4/setup/provision_schema_basedn.ldif
source4/setup/provision_self_join.ldif
source4/setup/provision_self_join_modify.ldif
source4/setup/schema_samba4.ldif
source4/smbd/process_prefork.c
source4/smbd/process_single.c
source4/smbd/process_standard.c
source4/smbd/server.c
source4/torture/raw/lock.c
source4/torture/raw/open.c
source4/torture/rpc/rpc.c
source4/torture/rpc/samr.c
source4/torture/smbtorture.c
source4/torture/smbtorture.h
testprogs/win32/spoolss/Makefile [new file with mode: 0644]
testprogs/win32/spoolss/Makefile.mingw [new file with mode: 0644]
testprogs/win32/spoolss/README [new file with mode: 0644]
testprogs/win32/spoolss/error.c [new file with mode: 0644]
testprogs/win32/spoolss/error.h [new file with mode: 0644]
testprogs/win32/spoolss/printlib.c [new file with mode: 0644]
testprogs/win32/spoolss/printlib_proto.h [new file with mode: 0644]
testprogs/win32/spoolss/spoolss.c [new file with mode: 0644]
testprogs/win32/spoolss/spoolss.h [new file with mode: 0644]
testprogs/win32/spoolss/string.h [new file with mode: 0644]
testprogs/win32/spoolss/torture.c [new file with mode: 0644]
testprogs/win32/spoolss/torture.h [new file with mode: 0644]
testprogs/win32/spoolss/torture_proto.h [new file with mode: 0644]

index 7becef544fbac79a8d86f1906dd44b7ad09d049e..b4c6e7de10650e7bb748607a11088c6dc40a8770 100644 (file)
@@ -1,4 +1,4 @@
-What's new in Samba 4 alpha10
+What's new in Samba 4 alpha11
 ============================
 
 Samba 4 is the ambitious next version of the Samba suite that is being
@@ -6,13 +6,13 @@ developed in parallel to the stable 3.x series. The main emphasis in
 this branch is support for the Active Directory logon protocols used
 by Windows 2000 and above.
 
-Samba4 alpha10 follows on from the alpha release series we have been
+Samba4 alpha11 follows on from the alpha release series we have been
 publishing since September 2007
 
 WARNINGS
 ========
 
-Samba4 alpha10 is not a final Samba release.  That is more a reference
+Samba4 alpha11 is not a final Samba release.  That is more a reference
 to Samba4's lack of the features we expect you will need than a
 statement of code quality, but clearly it hasn't seen a broad
 deployment yet.  If you were to upgrade Samba3 (or indeed Windows) to
@@ -62,12 +62,29 @@ working on modules to map between AD-like behaviours and this backend.
 We are aiming for Samba 4 to be powerful frontend to large
 directories.
 
-CHANGES SINCE alpha9
+CHANGES SINCE alpha10
 =====================
 
-Alpha9 was released last week, but in the time since the release we
-have found and fixed an important segfault, and improved the
-experimental DRS replication. 
+Since the alpha10 release, we have fixed a number of serious bugs in
+the implementation of AD-compatible 'Directory Replication Services'.
+We can now join an AD domain as a read-write DC
+
+Importantly, since alpha10, the following serious issues were
+addressed:
+ - We now allocate RID values safely (previous implementations would
+ add users and groups without regard to allocated RID pools, possibly
+ creating duplicates)
+ - In previous Samba4 versions, a failure to 'prepare' a transaction
+ would silently commit the transaction. 
+
+Any deployments of Samba4 before this alpha are very strongly
+encouraged to upgrade.  Assistance may be found in the
+upgradeprovision script, and the advice of the Samba Team should be
+sought to determine the impact of these issues in your particular
+deployment. 
+
+Our progress on DRS is being tracked in the Samba wiki:
+http://wiki.samba.org/index.php/Samba4_DRS_TODO_List
 
 CHANGES
 =======
@@ -103,7 +120,7 @@ KNOWN ISSUES
   since it's completely experimental!
 
 - ACL are not set by default on shares created by the provision.
-  Work is underway on this subject and it should be fixed in Alpha10.
+  Work is underway on this subject and it should be fixed in Alpha12.
 
 RUNNING Samba4
 ==============
index 4c399a30cfd8015f7393bac8167d4ef3d47993b4..c104120598d431439f5d13b4e6e7b052325b07f4 100644 (file)
                <varlistentry>
                <term>
                <option>-o</option>
-               <literal>write</literal>
+               <literal>dump</literal>
                <replaceable>EVENTLOG</replaceable>
                <replaceable>RECORD_NUMBER</replaceable>
                </term>
index 2d074d922d7f6c046df6695989e62e9604c2c420..fa8cabcdde5a2e0a53c14e8e2941c11f7ccc04ce 100644 (file)
@@ -32,6 +32,7 @@
                <arg choice="opt">-h homedir</arg>
                <arg choice="opt">-i passdb-backend</arg>
                <arg choice="opt">-I domain</arg>
+               <arg choice="opt">-K</arg>
                <arg choice="opt">-L </arg>
                <arg choice="opt">-m</arg>
                <arg choice="opt">-M SID|RID</arg>
diff --git a/lib/tsocket/doxy.config b/lib/tsocket/doxy.config
new file mode 100644 (file)
index 0000000..584ae73
--- /dev/null
@@ -0,0 +1,1538 @@
+# Doxyfile 1.6.1
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+#       TAG = value [value, ...]
+# For lists items can also be appended using:
+#       TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the config file
+# that follow. The default is UTF-8 which is also the encoding used for all
+# text before the first occurrence of this tag. Doxygen uses libiconv (or the
+# iconv built into libc) for the transcoding. See
+# http://www.gnu.org/software/libiconv for the list of possible encodings.
+
+DOXYFILE_ENCODING      = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
+# by quotes) that should identify the project.
+
+PROJECT_NAME           = tsocket
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number.
+# This could be handy for archiving the generated documentation or
+# if some version control system is used.
+
+PROJECT_NUMBER         = 0.1
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
+# base path where the generated documentation will be put.
+# If a relative path is entered, it will be relative to the location
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY       = doc
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
+# 4096 sub-directories (in 2 levels) under the output directory of each output
+# format and will distribute the generated files over these directories.
+# Enabling this option can be useful when feeding doxygen a huge amount of
+# source files, where putting all generated files in the same directory would
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS         = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# The default language is English, other supported languages are:
+# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
+# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German,
+# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English
+# messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian,
+# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrilic, Slovak,
+# Slovene, Spanish, Swedish, Ukrainian, and Vietnamese.
+
+OUTPUT_LANGUAGE        = English
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
+# include brief member descriptions after the members that are listed in
+# the file and class documentation (similar to JavaDoc).
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC      = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
+# the brief description of a member or function before the detailed description.
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF           = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator
+# that is used to form the text in various listings. Each string
+# in this list, if found as the leading text of the brief description, will be
+# stripped from the text and the result after processing the whole list, is
+# used as the annotated text. Otherwise, the brief description is used as-is.
+# If left blank, the following values are used ("$name" is automatically
+# replaced with the name of the entity): "The $name class" "The $name widget"
+# "The $name file" "is" "provides" "specifies" "contains"
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF       = "The $name class" \
+                         "The $name widget" \
+                         "The $name file" \
+                         is \
+                         provides \
+                         specifies \
+                         contains \
+                         represents \
+                         a \
+                         an \
+                         the
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# Doxygen will generate a detailed section even if there is only a brief
+# description.
+
+ALWAYS_DETAILED_SEC    = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
+# inherited members of a class in the documentation of that class as if those
+# members were ordinary class members. Constructors, destructors and assignment
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB  = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
+# path before files name in the file list and in the header files. If set
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES        = YES
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
+# can be used to strip a user-defined part of the path. Stripping is
+# only done if one of the specified strings matches the left-hand part of
+# the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the
+# path to strip.
+
+STRIP_FROM_PATH        =
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
+# the path mentioned in the documentation of a class, which tells
+# the reader which header file to include in order to use a class.
+# If left blank only the name of the header file containing the class
+# definition is used. Otherwise one should specify the include paths that
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH    =
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
+# (but less readable) file names. This can be useful is your file systems
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES            = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
+# will interpret the first line (until the first dot) of a JavaDoc-style
+# comment as the brief description. If set to NO, the JavaDoc
+# comments will behave just like regular Qt-style comments
+# (thus requiring an explicit @brief command for a brief description.)
+
+JAVADOC_AUTOBRIEF      = YES
+
+# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
+# interpret the first line (until the first dot) of a Qt-style
+# comment as the brief description. If set to NO, the comments
+# will behave just like regular Qt-style comments (thus requiring
+# an explicit \brief command for a brief description.)
+
+QT_AUTOBRIEF           = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
+# treat a multi-line C++ special comment block (i.e. a block of //! or ///
+# comments) as a brief description. This used to be the default behaviour.
+# The new default is to treat a multi-line C++ comment block as a detailed
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
+# member inherits the documentation from any documented member that it
+# re-implements.
+
+INHERIT_DOCS           = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
+# a new page for each member. If set to NO, the documentation of a member will
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES  = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab.
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE               = 8
+
+# This tag can be used to specify a number of aliases that acts
+# as commands in the documentation. An alias has the form "name=value".
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to
+# put the command \sideeffect (or @sideeffect) in the documentation, which
+# will result in a user-defined paragraph with heading "Side Effects:".
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES                =
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
+# sources only. Doxygen will then generate output that is more tailored for C.
+# For instance, some of the names that are used will be different. The list
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C  = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
+# sources only. Doxygen will then generate output that is more tailored for
+# Java. For instance, namespaces will be presented as packages, qualified
+# scopes will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA   = NO
+
+# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
+# sources only. Doxygen will then generate output that is more tailored for
+# Fortran.
+
+OPTIMIZE_FOR_FORTRAN   = NO
+
+# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
+# sources. Doxygen will then generate output that is tailored for
+# VHDL.
+
+OPTIMIZE_OUTPUT_VHDL   = NO
+
+# Doxygen selects the parser to use depending on the extension of the files it parses.
+# With this tag you can assign which parser to use for a given extension.
+# Doxygen has a built-in mapping, but you can override or extend it using this tag.
+# The format is ext=language, where ext is a file extension, and language is one of
+# the parsers supported by doxygen: IDL, Java, Javascript, C#, C, C++, D, PHP,
+# Objective-C, Python, Fortran, VHDL, C, C++. For instance to make doxygen treat
+# .inc files as Fortran files (default is PHP), and .f files as C (default is Fortran),
+# use: inc=Fortran f=C. Note that for custom extensions you also need to set FILE_PATTERNS otherwise the files are not read by doxygen.
+
+EXTENSION_MAPPING      =
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
+# to include (a tag file for) the STL sources as input, then you should
+# set this tag to YES in order to let doxygen match functions declarations and
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
+# func(std::string) {}). This also make the inheritance and collaboration
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT    = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to
+# enable parsing support.
+
+CPP_CLI_SUPPORT        = NO
+
+# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only.
+# Doxygen will parse them like normal C++ but will assume all classes use public
+# instead of private inheritance when no explicit protection keyword is present.
+
+SIP_SUPPORT            = NO
+
+# For Microsoft's IDL there are propget and propput attributes to indicate getter
+# and setter methods for a property. Setting this option to YES (the default)
+# will make doxygen to replace the get and set methods by a property in the
+# documentation. This will only work if the methods are indeed getting or
+# setting a simple type. If this is not the case, or you want to show the
+# methods anyway, you should set this option to NO.
+
+IDL_PROPERTY_SUPPORT   = YES
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES, then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC   = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
+# the same type (for instance a group of public functions) to be put as a
+# subgroup of that type (e.g. under the Public Functions section). Set it to
+# NO to prevent subgrouping. Alternatively, this can be done per class using
+# the \nosubgrouping command.
+
+SUBGROUPING            = YES
+
+# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum
+# is documented as struct, union, or enum with the name of the typedef. So
+# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
+# with name TypeT. When disabled the typedef will appear as a member of a file,
+# namespace, or class. And the struct will be named TypeS. This can typically
+# be useful for C code in case the coding convention dictates that all compound
+# types are typedef'ed and only the typedef is referenced, never the tag name.
+
+TYPEDEF_HIDES_STRUCT   = NO
+
+# The SYMBOL_CACHE_SIZE determines the size of the internal cache use to
+# determine which symbols to keep in memory and which to flush to disk.
+# When the cache is full, less often used symbols will be written to disk.
+# For small to medium size projects (<1000 input files) the default value is
+# probably good enough. For larger projects a too small cache size can cause
+# doxygen to be busy swapping symbols to and from disk most of the time
+# causing a significant performance penality.
+# If the system has enough physical memory increasing the cache will improve the
+# performance by keeping more symbols in memory. Note that the value works on
+# a logarithmic scale so increasing the size by one will rougly double the
+# memory usage. The cache size is given by this formula:
+# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0,
+# corresponding to a cache size of 2^16 = 65536 symbols
+
+SYMBOL_CACHE_SIZE      = 0
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
+# documentation are documented, even if no documentation was available.
+# Private class members and static file members will be hidden unless
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL            = NO
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
+# will be included in the documentation.
+
+EXTRACT_PRIVATE        = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file
+# will be included in the documentation.
+
+EXTRACT_STATIC         = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
+# defined locally in source files will be included in the documentation.
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES  = NO
+
+# This flag is only useful for Objective-C code. When set to YES local
+# methods, which are defined in the implementation section but not in
+# the interface are included in the documentation.
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS  = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be
+# extracted and appear in the documentation as a namespace called
+# 'anonymous_namespace{file}', where file will be replaced with the base
+# name of the file that contains the anonymous namespace. By default
+# anonymous namespace are hidden.
+
+EXTRACT_ANON_NSPACES   = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
+# undocumented members of documented classes, files or namespaces.
+# If set to NO (the default) these members will be included in the
+# various overviews, but no documentation section is generated.
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS     = YES
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy.
+# If set to NO (the default) these classes will be included in the various
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES     = YES
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
+# friend (class|struct|union) declarations.
+# If set to NO (the default) these declarations will be included in the
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS  = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
+# documentation blocks found inside the body of a function.
+# If set to NO (the default) these blocks will be appended to the
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS      = NO
+
+# The INTERNAL_DOCS tag determines if documentation
+# that is typed after a \internal command is included. If the tag is set
+# to NO (the default) then the documentation will be excluded.
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS          = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
+# file names in lower-case letters. If set to YES upper-case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES       = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
+# will show members with their full class and namespace scopes in the
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES       = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
+# will put a list of the files that are included by a file in the documentation
+# of that file.
+
+SHOW_INCLUDE_FILES     = YES
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
+# is inserted in the documentation for inline members.
+
+INLINE_INFO            = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
+# will sort the (detailed) documentation of file and class members
+# alphabetically by member name. If set to NO the members will appear in
+# declaration order.
+
+SORT_MEMBER_DOCS       = YES
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
+# brief documentation of file, namespace and class members alphabetically
+# by member name. If set to NO (the default) the members will appear in
+# declaration order.
+
+SORT_BRIEF_DOCS        = NO
+
+# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the (brief and detailed) documentation of class members so that constructors and destructors are listed first. If set to NO (the default) the constructors will appear in the respective orders defined by SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO.
+
+SORT_MEMBERS_CTORS_1ST = NO
+
+# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the
+# hierarchy of group names into alphabetical order. If set to NO (the default)
+# the group names will appear in their defined order.
+
+SORT_GROUP_NAMES       = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
+# sorted by fully-qualified names, including namespaces. If set to
+# NO (the default), the class list will be sorted only by class name,
+# not including the namespace part.
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME     = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or
+# disable (NO) the todo list. This list is created by putting \todo
+# commands in the documentation.
+
+GENERATE_TODOLIST      = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or
+# disable (NO) the test list. This list is created by putting \test
+# commands in the documentation.
+
+GENERATE_TESTLIST      = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or
+# disable (NO) the bug list. This list is created by putting \bug
+# commands in the documentation.
+
+GENERATE_BUGLIST       = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
+# disable (NO) the deprecated list. This list is created by putting
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS       =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
+# the initial value of a variable or define consists of for it to appear in
+# the documentation. If the initializer consists of more lines than specified
+# here it will be hidden. Use a value of 0 to hide initializers completely.
+# The appearance of the initializer of individual variables and defines in the
+# documentation can be controlled using \showinitializer or \hideinitializer
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES  = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
+# at the bottom of the documentation of classes and structs. If set to YES the
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES        = YES
+
+# If the sources in your project are distributed over multiple directories
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
+# in the documentation. The default is NO.
+
+SHOW_DIRECTORIES       = NO
+
+# Set the SHOW_FILES tag to NO to disable the generation of the Files page.
+# This will remove the Files entry from the Quick Index and from the
+# Folder Tree View (if specified). The default is YES.
+
+SHOW_FILES             = YES
+
+# Set the SHOW_NAMESPACES tag to NO to disable the generation of the
+# Namespaces page.
+# This will remove the Namespaces entry from the Quick Index
+# and from the Folder Tree View (if specified). The default is YES.
+
+SHOW_NAMESPACES        = YES
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that
+# doxygen should invoke to get the current version for each file (typically from
+# the version control system). Doxygen will invoke the program by executing (via
+# popen()) the command <command> <input-file>, where <command> is the value of
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
+# provided by doxygen. Whatever the program writes to standard output
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER    =
+
+# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed by
+# doxygen. The layout file controls the global structure of the generated output files
+# in an output format independent way. The create the layout file that represents
+# doxygen's defaults, run doxygen with the -l option. You can optionally specify a
+# file name after the option, if omitted DoxygenLayout.xml will be used as the name
+# of the layout file.
+
+LAYOUT_FILE            =
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET                  = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated by doxygen. Possible values are YES and NO. If left blank
+# NO is used.
+
+WARNINGS               = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED   = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some
+# parameters in a documented function, or documenting parameters that
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR      = YES
+
+# This WARN_NO_PARAMDOC option can be abled to get warnings for
+# functions that are documented, but have no documentation for their parameters
+# or return value. If set to NO (the default) doxygen will only warn about
+# wrong or incomplete parameter documentation, but not about the absence of
+# documentation.
+
+WARN_NO_PARAMDOC       = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that
+# doxygen can produce. The string should contain the $file, $line, and $text
+# tags, which will be replaced by the file and line number from which the
+# warning originated and the warning text. Optionally the format may contain
+# $version, which will be replaced by the version of the file (if it could
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT            = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning
+# and error messages should be written. If left blank the output is written
+# to stderr.
+
+WARN_LOGFILE           =
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain
+# documented source files. You may enter file names like "myfile.cpp" or
+# directories like "/usr/src/myproject". Separate the files or directories
+# with spaces.
+
+INPUT                  =
+
+# This tag can be used to specify the character encoding of the source files
+# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
+# also the default input encoding. Doxygen uses libiconv (or the iconv built
+# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for
+# the list of possible encodings.
+
+INPUT_ENCODING         = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank the following patterns are tested:
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx
+# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90
+
+FILE_PATTERNS          = *.cpp \
+                         *.cc \
+                         *.c \
+                         *.h \
+                         *.hh \
+                         *.hpp \
+                         *.dox
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories
+# should be searched for input files as well. Possible values are YES and NO.
+# If left blank NO is used.
+
+RECURSIVE              = NO
+
+# The EXCLUDE tag can be used to specify files and/or directories that should
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE                =
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
+# directories that are symbolic links (a Unix filesystem feature) are excluded
+# from the input.
+
+EXCLUDE_SYMLINKS       = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories. Note that the wildcards are matched
+# against the file with absolute path, so to exclude all test directories
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS       = */.git/* \
+                         */.svn/* \
+                         */cmake/* \
+                         */build/*
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
+# (namespaces, classes, functions, etc.) that should be excluded from the
+# output. The symbol name can be a fully qualified name, a word, or if the
+# wildcard * is used, a substring. Examples: ANamespace, AClass,
+# AClass::ANamespace, ANamespace::*Test
+
+EXCLUDE_SYMBOLS        =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or
+# directories that contain example code fragments that are included (see
+# the \include command).
+
+EXAMPLE_PATH           =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank all files are included.
+
+EXAMPLE_PATTERNS       =
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude
+# commands irrespective of the value of the RECURSIVE tag.
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE      = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or
+# directories that contain image that are included in the documentation (see
+# the \image command).
+
+IMAGE_PATH             =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command <filter> <input-file>, where <filter>
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
+# input file. Doxygen will then use the output that the filter program writes
+# to standard output.
+# If FILTER_PATTERNS is specified, this tag will be
+# ignored.
+
+INPUT_FILTER           =
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
+# basis.
+# Doxygen will compare the file name with each pattern and apply the
+# filter if there is a match.
+# The filters are a list of the form:
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER
+# is applied to all files.
+
+FILTER_PATTERNS        =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will be used to filter the input files when producing source
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES    = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will
+# be generated. Documented entities will be cross-referenced with these sources.
+# Note: To get rid of all source code in the generated output, make sure also
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER         = NO
+
+# Setting the INLINE_SOURCES tag to YES will include the body
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES         = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
+# doxygen to hide any special comment blocks from generated source code
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS    = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES
+# then for each documented function all documented
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = NO
+
+# If the REFERENCES_RELATION tag is set to YES
+# then for each documented function all documented entities
+# called/used by that function will be listed.
+
+REFERENCES_RELATION    = NO
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
+# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
+# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
+# link to the source code.
+# Otherwise they will link to the documentation.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code
+# will point to the HTML generated by the htags(1) tool instead of doxygen
+# built-in source browser. The htags tool is part of GNU's global source
+# tagging system (see http://www.gnu.org/software/global/global.html). You
+# will need version 4.8.6 or higher.
+
+USE_HTAGS              = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
+# will generate a verbatim copy of the header file for each class for
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS       = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
+# of all compounds will be generated. Enable this if the project
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX     = NO
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX    = 5
+
+# In case all classes in a project start with a common prefix, all
+# classes will be put under the same header in the alphabetical index.
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX          =
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
+# generate HTML output.
+
+GENERATE_HTML          = YES
+
+# If the HTML_FOOTER_DESCRIPTION tag is set to YES, Doxygen will
+# add generated date, project name and doxygen version to HTML footer.
+
+HTML_FOOTER_DESCRIPTION= NO
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT            = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION    = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard header.
+
+HTML_HEADER            =
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard footer.
+
+HTML_FOOTER            =
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
+# style sheet that is used by each HTML page. It can be used to
+# fine-tune the look of the HTML output. If the tag is left blank doxygen
+# will generate a default style sheet. Note that doxygen will try to copy
+# the style sheet file to the HTML output directory, so don't put your own
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET        =
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
+# files or namespaces will be aligned in HTML using tables. If set to
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS     = YES
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
+# documentation will contain sections that can be hidden and shown after the
+# page has loaded. For this to work a browser that supports
+# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox
+# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari).
+
+HTML_DYNAMIC_SECTIONS  = NO
+
+# If the GENERATE_DOCSET tag is set to YES, additional index files
+# will be generated that can be used as input for Apple's Xcode 3
+# integrated development environment, introduced with OSX 10.5 (Leopard).
+# To create a documentation set, doxygen will generate a Makefile in the
+# HTML output directory. Running make will produce the docset in that
+# directory and running "make install" will install the docset in
+# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find
+# it at startup.
+# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html for more information.
+
+GENERATE_DOCSET        = NO
+
+# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the
+# feed. A documentation feed provides an umbrella under which multiple
+# documentation sets from a single provider (such as a company or product suite)
+# can be grouped.
+
+DOCSET_FEEDNAME        = "Doxygen generated docs"
+
+# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that
+# should uniquely identify the documentation set bundle. This should be a
+# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen
+# will append .docset to the name.
+
+DOCSET_BUNDLE_ID       = org.doxygen.Project
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files
+# will be generated that can be used as input for tools like the
+# Microsoft HTML help workshop to generate a compiled HTML help file (.chm)
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP      = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
+# be used to specify the file name of the resulting .chm file. You
+# can add a path in front of the file if the result should not be
+# written to the html output directory.
+
+CHM_FILE               =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
+# be used to specify the location (absolute path including file name) of
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION           =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
+# controls if a separate .chi index file is generated (YES) or that
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI           = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING
+# is used to encode HtmlHelp index (hhk), content (hhc) and project file
+# content.
+
+CHM_INDEX_ENCODING     =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
+# controls whether a binary table of contents is generated (YES) or a
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC             = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND             = NO
+
+# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and QHP_VIRTUAL_FOLDER
+# are set, an additional index file will be generated that can be used as input for
+# Qt's qhelpgenerator to generate a Qt Compressed Help (.qch) of the generated
+# HTML documentation.
+
+GENERATE_QHP           = NO
+
+# If the QHG_LOCATION tag is specified, the QCH_FILE tag can
+# be used to specify the file name of the resulting .qch file.
+# The path specified is relative to the HTML output folder.
+
+QCH_FILE               =
+
+# The QHP_NAMESPACE tag specifies the namespace to use when generating
+# Qt Help Project output. For more information please see
+# http://doc.trolltech.com/qthelpproject.html#namespace
+
+QHP_NAMESPACE          =
+
+# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating
+# Qt Help Project output. For more information please see
+# http://doc.trolltech.com/qthelpproject.html#virtual-folders
+
+QHP_VIRTUAL_FOLDER     = doc
+
+# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to add.
+# For more information please see
+# http://doc.trolltech.com/qthelpproject.html#custom-filters
+
+QHP_CUST_FILTER_NAME   =
+
+# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the custom filter to add.For more information please see
+# <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters">Qt Help Project / Custom Filters</a>.
+
+QHP_CUST_FILTER_ATTRS  =
+
+# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this project's
+# filter section matches.
+# <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes">Qt Help Project / Filter Attributes</a>.
+
+QHP_SECT_FILTER_ATTRS  =
+
+# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can
+# be used to specify the location of Qt's qhelpgenerator.
+# If non-empty doxygen will try to run qhelpgenerator on the generated
+# .qhp file.
+
+QHG_LOCATION           =
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
+# top of each HTML page. The value NO (the default) enables the index and
+# the value YES disables it.
+
+DISABLE_INDEX          = NO
+
+# This tag can be used to set the number of enum values (range [1..20])
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE   = 4
+
+# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
+# structure should be generated to display hierarchical information.
+# If the tag value is set to YES, a side panel will be generated
+# containing a tree-like index structure (just like the one that
+# is generated for HTML Help). For this to work a browser that supports
+# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser).
+# Windows users are probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW      = NONE
+
+# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories,
+# and Class Hierarchy pages using a tree view instead of an ordered list.
+
+USE_INLINE_TREES       = NO
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
+# used to set the initial width (in pixels) of the frame in which the tree
+# is shown.
+
+TREEVIEW_WIDTH         = 250
+
+# Use this tag to change the font size of Latex formulas included
+# as images in the HTML documentation. The default is 10. Note that
+# when you change the font size after a successful doxygen run you need
+# to manually remove any form_*.png images from the HTML output directory
+# to force them to be regenerated.
+
+FORMULA_FONTSIZE       = 10
+
+# When the SEARCHENGINE tag is enable doxygen will generate a search box for the HTML output. The underlying search engine uses javascript
+# and DHTML and should work on any modern browser. Note that when using HTML help (GENERATE_HTMLHELP) or Qt help (GENERATE_QHP)
+# there is already a search function so this one should typically
+# be disabled.
+
+SEARCHENGINE           = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
+# generate Latex output.
+
+GENERATE_LATEX         = YES
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT           = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME         = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
+# generate index for LaTeX. If left blank `makeindex' will be used as the
+# default command name.
+
+MAKEINDEX_CMD_NAME     = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
+# LaTeX documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_LATEX          = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used
+# by the printer. Possible values are: a4, a4wide, letter, legal and
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE             = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES         =
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
+# the generated latex document. The header should contain everything until
+# the first chapter. If it is left blank doxygen will generate a
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER           =
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will
+# contain links (just like the HTML output) instead of page references
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS         = YES
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
+# plain latex in the generated Makefile. Set this option to YES to get a
+# higher quality PDF documentation.
+
+USE_PDFLATEX           = YES
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
+# command to the generated LaTeX files. This will instruct LaTeX to keep
+# running if errors occur, instead of asking the user for help.
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE        = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not
+# include the index chapters (such as File Index, Compound Index, etc.)
+# in the output.
+
+LATEX_HIDE_INDICES     = NO
+
+# If LATEX_SOURCE_CODE is set to YES then doxygen will include source code with syntax highlighting in the LaTeX output. Note that which sources are shown also depends on other settings such as SOURCE_BROWSER.
+
+LATEX_SOURCE_CODE      = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
+# The RTF output is optimized for Word 97 and may not look very pretty with
+# other RTF readers or editors.
+
+GENERATE_RTF           = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT             = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
+# RTF documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_RTF            = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
+# will contain hyperlink fields. The RTF file will
+# contain links (just like the HTML output) instead of page references.
+# This makes the output suitable for online browsing using WORD or other
+# programs which support those fields.
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS         = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's
+# config file, i.e. a series of assignments. You only have to provide
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE    =
+
+# Set optional variables used in the generation of an rtf document.
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE    =
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
+# generate man pages
+
+GENERATE_MAN           = YES
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT             = man
+
+# The MAN_EXTENSION tag determines the extension that is added to
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION          = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
+# then it will generate one additional man file for each entity
+# documented in the real man page(s). These additional files
+# only source the real man page, but without them the man command
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS              = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will
+# generate an XML file that captures the structure of
+# the code including all documentation.
+
+GENERATE_XML           = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT             = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_SCHEMA             =
+
+# The XML_DTD tag can be used to specify an XML DTD,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_DTD                =
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
+# dump the program listings (including syntax highlighting
+# and cross-referencing information) to the XML output. Note that
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING     = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
+# generate an AutoGen Definitions (see autogen.sf.net) file
+# that captures the structure of the code including all
+# documentation. Note that this feature is still experimental
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF   = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will
+# generate a Perl module file that captures the structure of
+# the code including all documentation. Note that this
+# feature is still experimental and incomplete at the
+# moment.
+
+GENERATE_PERLMOD       = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX          = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
+# nicely formatted so it can be parsed by a human reader.
+# This is useful
+# if you want to understand what is going on.
+# On the other hand, if this
+# tag is set to NO the size of the Perl module output will be much smaller
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY         = YES
+
+# The names of the make variables in the generated doxyrules.make file
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
+# This is useful so different doxyrules.make files included by the same
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
+# evaluate all C-preprocessor directives found in the sources and include
+# files.
+
+ENABLE_PREPROCESSING   = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
+# names in the source code. If set to NO (the default) only conditional
+# compilation will be performed. Macro expansion can be done in a controlled
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION        = NO
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
+# then the macro expansion is limited to the macros specified with the
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF     = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES        = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that
+# contain include files that are not input files but should be processed by
+# the preprocessor.
+
+INCLUDE_PATH           =
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
+# patterns (like *.h and *.hpp) to filter out the header-files in the
+# directories. If left blank, the patterns specified with FILE_PATTERNS will
+# be used.
+
+INCLUDE_FILE_PATTERNS  =
+
+# The PREDEFINED tag can be used to specify one or more macro names that
+# are defined before the preprocessor is started (similar to the -D option of
+# gcc). The argument of the tag is a list of macros of the form: name
+# or name=definition (no spaces). If the definition and the = are
+# omitted =1 is assumed. To prevent a macro definition from being
+# undefined via #undef or recursively expanded use the := operator
+# instead of the = operator.
+
+PREDEFINED             = DOXYGEN
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
+# this tag can be used to specify a list of macro names that should be expanded.
+# The macro definition that is found in the sources will be used.
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED      =
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
+# doxygen's preprocessor will remove all function-like macros that are alone
+# on a line, have an all uppercase name, and do not end with a semicolon. Such
+# function macros are typically used for boiler-plate code, and will confuse
+# the parser if not removed.
+
+SKIP_FUNCTION_MACROS   = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles.
+# Optionally an initial location of the external documentation
+# can be added for each tagfile. The format of a tag file without
+# this location is as follows:
+#
+# TAGFILES = file1 file2 ...
+# Adding location for the tag files is done as follows:
+#
+# TAGFILES = file1=loc1 "file2 = loc2" ...
+# where "loc1" and "loc2" can be relative or absolute paths or
+# URLs. If a location is present for each tag, the installdox tool
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES               =
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE       =
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed
+# in the class index. If set to NO only the inherited external classes
+# will be listed.
+
+ALLEXTERNALS           = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
+# in the modules index. If set to NO, only the current project's groups will
+# be listed.
+
+EXTERNAL_GROUPS        = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH              = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
+# or super classes. Setting the tag to NO turns the diagrams off. Note that
+# this option is superseded by the HAVE_DOT option below. This is only a
+# fallback. It is recommended to install and use dot, since it yields more
+# powerful graphs.
+
+CLASS_DIAGRAMS         = YES
+
+# You can define message sequence charts within doxygen comments using the \msc
+# command. Doxygen will then run the mscgen tool (see
+# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
+# documentation. The MSCGEN_PATH tag allows you to specify the directory where
+# the mscgen tool resides. If left empty the tool is assumed to be found in the
+# default search path.
+
+MSCGEN_PATH            =
+
+# If set to YES, the inheritance and collaboration graphs will hide
+# inheritance and usage relations if the target is undocumented
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS   = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
+# available from the path. This tool is part of Graphviz, a graph visualization
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT               = NO
+
+# By default doxygen will write a font called FreeSans.ttf to the output
+# directory and reference it in all dot files that doxygen generates. This
+# font does not include all possible unicode characters however, so when you need
+# these (or just want a differently looking font) you can specify the font name
+# using DOT_FONTNAME. You need need to make sure dot is able to find the font,
+# which can be done by putting it in a standard location or by setting the
+# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory
+# containing the font.
+
+DOT_FONTNAME           = FreeSans
+
+# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs.
+# The default size is 10pt.
+
+DOT_FONTSIZE           = 10
+
+# By default doxygen will tell dot to use the output directory to look for the
+# FreeSans.ttf font (which doxygen will put there itself). If you specify a
+# different font using DOT_FONTNAME you can set the path where dot
+# can find it using this tag.
+
+DOT_FONTPATH           =
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect inheritance relations. Setting this tag to YES will force the
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH            = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect implementation dependencies (inheritance, containment, and
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH    = YES
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS           = YES
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
+# collaboration diagrams in a style similar to the OMG's Unified Modeling
+# Language.
+
+UML_LOOK               = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS     = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
+# tags are set to YES then doxygen will generate a graph for each documented
+# file showing the direct and indirect include dependencies of the file with
+# other documented files.
+
+INCLUDE_GRAPH          = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
+# documented header file showing the documented files that directly or
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH      = YES
+
+# If the CALL_GRAPH and HAVE_DOT options are set to YES then
+# doxygen will generate a call dependency graph for every global function
+# or class method. Note that enabling this option will significantly increase
+# the time of a run. So in most cases it will be better to enable call graphs
+# for selected functions only using the \callgraph command.
+
+CALL_GRAPH             = NO
+
+# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then
+# doxygen will generate a caller dependency graph for every global function
+# or class method. Note that enabling this option will significantly increase
+# the time of a run. So in most cases it will be better to enable caller
+# graphs for selected functions only using the \callergraph command.
+
+CALLER_GRAPH           = NO
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY    = YES
+
+# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
+# then doxygen will show the dependencies a directory has on other directories
+# in a graphical way. The dependency relations are determined by the #include
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH        = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT       = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH               =
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that
+# contain dot files that are included in the documentation (see the
+# \dotfile command).
+
+DOTFILE_DIRS           =
+
+# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
+# nodes that will be shown in the graph. If the number of nodes in a graph
+# becomes larger than this value, doxygen will truncate the graph, which is
+# visualized by representing a node as a red box. Note that doxygen if the
+# number of direct children of the root node in a graph is already larger than
+# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note
+# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
+
+DOT_GRAPH_MAX_NODES    = 50
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
+# graphs generated by dot. A depth value of 3 means that only nodes reachable
+# from the root by following a path via at most 3 edges will be shown. Nodes
+# that lay further from the root node will be omitted. Note that setting this
+# option to 1 or 2 may greatly reduce the computation time needed for large
+# code bases. Also note that the size of a graph can be further restricted by
+# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
+
+MAX_DOT_GRAPH_DEPTH    = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
+# background. This is disabled by default, because dot on Windows does not
+# seem to support this out of the box. Warning: Depending on the platform used,
+# enabling this option may lead to badly anti-aliased labels on the edges of
+# a graph (i.e. they become hard to read).
+
+DOT_TRANSPARENT        = YES
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
+# files in one run (i.e. multiple -o and -T options on the command line). This
+# makes dot run faster, but since only newer versions of dot (>1.8.10)
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS      = NO
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
+# generate a legend page explaining the meaning of the various boxes and
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND        = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
+# remove the intermediate dot files that are used to generate
+# the various graphs.
+
+DOT_CLEANUP            = YES
index 7e9cf9eb19ffcb3f2380c8d47e3d269ab4ae5118..b9b9dc39d9349f8d1b0668158f0f98d370c1e4be 100644 (file)
@@ -32,102 +32,593 @@ struct tdgram_context;
 struct tstream_context;
 struct iovec;
 
-/*
- * tsocket_address related functions
+/**
+ * @mainpage
+ *
+ * The tsocket abstraction is an API ...
+ */
+
+/**
+ * @defgroup tsocket The tsocket API
+ *
+ * The tsocket abstraction is splitted into two different kinds of
+ * communitation interfaces.
+ *
+ * There's the "tstream_context" interface with abstracts the communication
+ * through a bidirectional byte stream between two endpoints.
+ *
+ * And there's the "tdgram_context" interface with abstracts datagram based
+ * communication between any number of endpoints.
+ *
+ * Both interfaces share the "tsocket_address" abstraction for endpoint
+ * addresses.
+ *
+ * The whole library is based on the talloc(3) and 'tevent' libraries and
+ * provides "tevent_req" based "foo_send()"/"foo_recv()" functions pairs for
+ * all abstracted methods that need to be async.
+ *
+ * @section vsock Virtual Sockets
+ *
+ * The abstracted layout of tdgram_context and tstream_context allow
+ * implementations arround virtual sockets for encrypted tunnels (like TLS,
+ * SASL or GSSAPI) or named pipes over smb.
+ *
+ * @section npa Named Pipe Auth (NPA) Sockets
+ *
+ * Samba has an implementation to abstract named pipes over smb (within the
+ * server side). See libcli/named_pipe_auth/npa_tstream.[ch] for the core code.
+ * The current callers are located in source4/ntvfs/ipc/vfs_ipc.c and
+ * source4/rpc_server/service_rpc.c for the users.
+ */
+
+/**
+ * @defgroup tsocket_address The tsocket_address abstraction
+ * @ingroup tsocket
+ *
+ * The tsocket_address represents an socket endpoint genericly.
+ * As it's like an abstract class it has no specific constructor.
+ * The specific constructors are descripted in later sections.
+ *
+ * @{
+ */
+
+/**
+ * @brief Get a string representaion of the endpoint.
+ *
+ * This function creates a string representation of the endpoint for debugging.
+ * The output will look as followed:
+ *      prefix:address:port
+ *
+ * e.g.
+ *      ipv4:192.168.1.1:143
+ *
+ * Callers should not try to parse the string! The should use additional methods
+ * of the specific tsocket_address implemention to get more details.
+ *
+ * @param[in]  addr     The address to convert.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to allocate the memory.
+ *
+ * @return              The address as a string representation, NULL on error.
+ *
+ * @see tsocket_address_inet_addr_string()
+ * @see tsocket_address_inet_port()
  */
 char *tsocket_address_string(const struct tsocket_address *addr,
                             TALLOC_CTX *mem_ctx);
 
+#ifdef DOXYGEN
+/**
+ * @brief This creates a copy of a tsocket_address.
+ *
+ * This is useful when before doing modifications to a socket via additional
+ * methods of the specific tsocket_address implementation.
+ *
+ * @param[in]  addr     The address to create the copy from.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @return              A newly allocated copy of addr (tsocket_address *), NULL
+ *                      on error.
+ */
+struct tsocket_address *tsocket_address_copy(const struct tsocket_address *addr,
+               TALLOC_CTX *mem_ctx);
+#else
 struct tsocket_address *_tsocket_address_copy(const struct tsocket_address *addr,
                                              TALLOC_CTX *mem_ctx,
                                              const char *location);
 
 #define tsocket_address_copy(addr, mem_ctx) \
        _tsocket_address_copy(addr, mem_ctx, __location__)
+#endif
 
-/*
- * tdgram_context related functions
+/**
+ * @}
+ */
+
+/**
+ * @defgroup tdgram_context The tdgram_context abstraction
+ * @ingroup tsocket
+ *
+ * The tdgram_context is like an abstract class for datagram based sockets. The
+ * interface provides async 'tevent_req' based functions on top functionality
+ * is similar to the recvfrom(2)/sendto(2)/close(2) syscalls.
+ *
+ * @note You can always use talloc_free(tdgram) to cleanup the resources
+ * of the tdgram_context on a fatal error.
+ * @{
+ */
+
+/**
+ * @brief Ask for next available datagram on the abstracted tdgram_context.
+ *
+ * It returns a 'tevent_req' handle, where the caller can register
+ * a callback with tevent_req_set_callback(). The callback is triggered
+ * when a datagram is available or an error happened.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  ev       The tevent_context to run on.
+ *
+ * @param[in]  dgram    The dgram context to work on.
+ *
+ * @return              Returns a 'tevent_req' handle, where the caller can
+ *                      register a callback with tevent_req_set_callback().
+ *                      NULL on fatal error.
+ *
+ * @see tdgram_inet_udp_socket()
+ * @see tdgram_unix_socket()
  */
 struct tevent_req *tdgram_recvfrom_send(TALLOC_CTX *mem_ctx,
                                        struct tevent_context *ev,
                                        struct tdgram_context *dgram);
+
+/**
+ * @brief Receive the next available datagram on the abstracted tdgram_context.
+ *
+ * This function should be called by the callback when a datagram is available
+ * or an error happened.
+ *
+ * The caller can only have one outstanding tdgram_recvfrom_send() at a time
+ * otherwise the caller will get '*perrno = EBUSY'.
+ *
+ * @param[in]  req      The tevent request from tdgram_recvfrom_send().
+ *
+ * @param[out] perrno   The error number, set if an error occured.
+ *
+ * @param[in]  mem_ctx  The memory context to use.
+ *
+ * @param[out] buf      This will hold the buffer of the datagram.
+ *
+ * @param[out] src      The abstracted tsocket_address of the sender of the
+ *                      received datagram.
+ *
+ * @return              The length of the datagram (0 is never returned!),
+ *                      -1 on error with perrno set to the actual errno.
+ *
+ * @see tdgram_recvfrom_send()
+ */
 ssize_t tdgram_recvfrom_recv(struct tevent_req *req,
                             int *perrno,
                             TALLOC_CTX *mem_ctx,
                             uint8_t **buf,
                             struct tsocket_address **src);
 
+/**
+ * @brief Send a datagram to a destination endpoint.
+ *
+ * The function can be called to send a datagram (specified by a buf/len) to a
+ * destination endpoint (specified by dst). It's not allowed for len to be 0.
+ *
+ * It returns a 'tevent_req' handle, where the caller can register a callback
+ * with tevent_req_set_callback(). The callback is triggered when the specific
+ * implementation (assumes it) has delivered the datagram to the "wire".
+ *
+ * The callback is then supposed to get the result by calling
+ * tdgram_sendto_recv() on the 'tevent_req'.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  ev       The tevent_context to run on.
+ *
+ * @param[in]  dgram    The dgram context to work on.
+ *
+ * @param[in]  buf      The buffer to send.
+ *
+ * @param[in]  len      The length of the buffer to send. It has to be bigger
+ *                      than 0.
+ *
+ * @param[in]  dst      The destination to send the datagram to in form of a
+ *                      tsocket_address.
+ *
+ * @return              Returns a 'tevent_req' handle, where the caller can
+ *                      register a callback with tevent_req_set_callback().
+ *                      NULL on fatal error.
+ *
+ * @see tdgram_inet_udp_socket()
+ * @see tdgram_unix_socket()
+ * @see tdgram_sendto_recv()
+ */
 struct tevent_req *tdgram_sendto_send(TALLOC_CTX *mem_ctx,
                                      struct tevent_context *ev,
                                      struct tdgram_context *dgram,
                                      const uint8_t *buf, size_t len,
                                      const struct tsocket_address *dst);
+
+/**
+ * @brief Receive the result of the sent datagram.
+ *
+ * The caller can only have one outstanding tdgram_sendto_send() at a time
+ * otherwise the caller will get '*perrno = EBUSY'.
+ *
+ * @param[in]  req      The tevent request from tdgram_sendto_send().
+ *
+ * @param[out] perrno   The error number, set if an error occured.
+ *
+ * @return              The length of the datagram (0 is never returned!), -1 on
+ *                      error with perrno set to the actual errno.
+ *
+ * @see tdgram_sendto_send()
+ */
 ssize_t tdgram_sendto_recv(struct tevent_req *req,
                           int *perrno);
 
+/**
+ * @brief Shutdown/close an abstracted socket.
+ *
+ * It returns a 'tevent_req' handle, where the caller can register a callback
+ * with tevent_req_set_callback(). The callback is triggered when the specific
+ * implementation (assumes it) has delivered the datagram to the "wire".
+ *
+ * The callback is then supposed to get the result by calling
+ * tdgram_sendto_recv() on the 'tevent_req'.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  ev       The tevent_context to run on.
+ *
+ * @param[in]  dgram    The dgram context diconnect from.
+ *
+ * @return              Returns a 'tevent_req' handle, where the caller can
+ *                      register a callback with tevent_req_set_callback().
+ *                      NULL on fatal error.
+ *
+ * @see tdgram_disconnect_recv()
+ */
 struct tevent_req *tdgram_disconnect_send(TALLOC_CTX *mem_ctx,
                                          struct tevent_context *ev,
                                          struct tdgram_context *dgram);
+
+/**
+ * @brief Receive the result from a tdgram_disconnect_send() request.
+ *
+ * The caller should make sure there're no outstanding tdgram_recvfrom_send()
+ * and tdgram_sendto_send() calls otherwise the caller will get
+ * '*perrno = EBUSY'.
+ *
+ * @param[in]  req      The tevent request from tdgram_disconnect_send().
+ *
+ * @param[out] perrno   The error number, set if an error occured.
+ *
+ * @return              The length of the datagram (0 is never returned!), -1 on
+ *                      error with perrno set to the actual errno.
+ *
+ * @see tdgram_disconnect_send()
+ */
 int tdgram_disconnect_recv(struct tevent_req *req,
                           int *perrno);
 
-/*
- * tstream_context related functions
+/**
+ * @}
+ */
+
+/**
+ * @defgroup tstream_context The tstream_context abstraction
+ * @ingroup tsocket
+ *
+ * The tstream_context is like an abstract class for stream based sockets. The
+ * interface provides async 'tevent_req' based functions on top functionality
+ * is similar to the readv(2)/writev(2)/close(2) syscalls.
+ *
+ * @note You can always use talloc_free(tstream) to cleanup the resources
+ * of the tstream_context on a fatal error.
+ *
+ * @{
+ */
+
+/**
+ * @brief Report the number of bytes received but not consumed yet.
+ *
+ * The tstream_pending_bytes() function reports how much bytes of the incoming
+ * stream have been received but not consumed yet.
+ *
+ * @param[in]  stream   The tstream_context to check for pending bytes.
+ *
+ * @return              The number of bytes received, -1 on error with errno
+ *                      set.
  */
 ssize_t tstream_pending_bytes(struct tstream_context *stream);
 
+/**
+ * @brief Read a specific amount of bytes from a stream socket.
+ *
+ * The function can be called to read for a specific amount of bytes from the
+ * stream into given buffers. The caller has to preallocate the buffers.
+ *
+ * The caller might need to use tstream_pending_bytes() if the protocol doesn't
+ * have a fixed pdu header containing the pdu size.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  ev       The tevent_context to run on.
+ *
+ * @param[in]  stream   The tstream context to work on.
+ *
+ * @param[out] vector   A preallocated iovec to store the data to read.
+ *
+ * @param[in]  count    The number of buffers in the vector allocated.
+ *
+ * @return              A 'tevent_req' handle, where the caller can register
+ *                      a callback with tevent_req_set_callback(). NULL on
+ *                      fatal error.
+ *
+ * @see tstream_unix_connect_send()
+ * @see tstream_inet_tcp_connect_send()
+ */
 struct tevent_req *tstream_readv_send(TALLOC_CTX *mem_ctx,
                                      struct tevent_context *ev,
                                      struct tstream_context *stream,
                                      struct iovec *vector,
                                      size_t count);
+
+/**
+ * @brief Get the result of a tstream_readv_send().
+ *
+ * The caller can only have one outstanding tstream_readv_send()
+ * at a time otherwise the caller will get *perrno = EBUSY.
+ *
+ * @param[in]  req      The tevent request from tstream_readv_send().
+ *
+ * @param[out] perrno   The error number, set if an error occured.
+ *
+ * @return              The length of the stream (0 is never returned!), -1 on
+ *                      error with perrno set to the actual errno.
+ */
 int tstream_readv_recv(struct tevent_req *req,
                       int *perrno);
 
+/**
+ * @brief Write buffers from a vector into a stream socket.
+ *
+ * The function can be called to write buffers from a given vector
+ * to a stream socket.
+ *
+ * You have to ensure that the vector is not empty.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  ev       The tevent_context to run on.
+ *
+ * @param[in]  stream   The tstream context to work on.
+ *
+ * @param[in]  vector   The iovec vector with data to write on a stream socket.
+ *
+ * @param[in]  count    The number of buffers in the vector to write.
+ *
+ * @return              A 'tevent_req' handle, where the caller can register
+ *                      a callback with tevent_req_set_callback(). NULL on
+ *                      fatal error.
+ */
 struct tevent_req *tstream_writev_send(TALLOC_CTX *mem_ctx,
                                       struct tevent_context *ev,
                                       struct tstream_context *stream,
                                       const struct iovec *vector,
                                       size_t count);
+
+/**
+ * @brief Get the result of a tstream_writev_send().
+ *
+ * The caller can only have one outstanding tstream_writev_send()
+ * at a time otherwise the caller will get *perrno = EBUSY.
+ *
+ * @param[in]  req      The tevent request from tstream_writev_send().
+ *
+ * @param[out] perrno   The error number, set if an error occured.
+ *
+ * @return              The length of the stream (0 is never returned!), -1 on
+ *                      error with perrno set to the actual errno.
+ */
 int tstream_writev_recv(struct tevent_req *req,
                        int *perrno);
 
+/**
+ * @brief Shutdown/close an abstracted socket.
+ *
+ * It returns a 'tevent_req' handle, where the caller can register a callback
+ * with tevent_req_set_callback(). The callback is triggered when the specific
+ * implementation (assumes it) has delivered the stream to the "wire".
+ *
+ * The callback is then supposed to get the result by calling
+ * tdgram_sendto_recv() on the 'tevent_req'.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  ev       The tevent_context to run on.
+ *
+ * @param[in]  stream   The tstream context to work on.
+ *
+ * @return              A 'tevent_req' handle, where the caller can register
+ *                      a callback with tevent_req_set_callback(). NULL on
+ *                      fatal error.
+ */
 struct tevent_req *tstream_disconnect_send(TALLOC_CTX *mem_ctx,
                                           struct tevent_context *ev,
                                           struct tstream_context *stream);
+
+/**
+ * @brief Get the result of a tstream_disconnect_send().
+ *
+ * The caller can only have one outstanding tstream_writev_send()
+ * at a time otherwise the caller will get *perrno = EBUSY.
+ *
+ * @param[in]  req      The tevent request from tstream_disconnect_send().
+ *
+ * @param[out] perrno   The error number, set if an error occured.
+ *
+ * @return              The length of the stream (0 is never returned!), -1 on
+ *                      error with perrno set to the actual errno.
+ */
 int tstream_disconnect_recv(struct tevent_req *req,
                            int *perrno);
 
-/*
- * BSD sockets: inet, inet6 and unix
+/**
+ * @}
+ */
+
+
+/**
+ * @defgroup tsocket_bsd  tsocket_bsd - inet, inet6 and unix
+ * @ingroup tsocket
+ *
+ * The main tsocket library comes with implentations for BSD style ipv4, ipv6
+ * and unix sockets.
+ *
+ * @{
  */
 
+#if DOXYGEN
+/**
+ * @brief Create a tsocket_address for ipv4 and ipv6 endpoint addresses.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  fam      The family can be can be "ipv4", "ipv6" or "ip". With
+ *                      "ip" is autodetects "ipv4" or "ipv6" based on the
+ *                      addr.
+ *
+ * @param[in]  addr     A valid ip address string based on the selected family
+ *                      (dns names are not allowed!). It's valid to pass NULL,
+ *                      which gets mapped to "0.0.0.0" or "::".
+ *
+ * @param[in]  port     A valid port number.
+ *
+ * @param[out] _addr    A tsocket_address pointer to store the information.
+ *
+ * @return              0 on success, -1 on error with errno set.
+ */
+int tsocket_address_inet_from_strings(TALLOC_CTX *mem_ctx,
+                                     const char *fam,
+                                     const char *addr,
+                                     uint16_t port,
+                                     struct tsocket_address **_addr);
+#else
 int _tsocket_address_inet_from_strings(TALLOC_CTX *mem_ctx,
                                       const char *fam,
                                       const char *addr,
                                       uint16_t port,
                                       struct tsocket_address **_addr,
                                       const char *location);
+
 #define tsocket_address_inet_from_strings(mem_ctx, fam, addr, port, _addr) \
        _tsocket_address_inet_from_strings(mem_ctx, fam, addr, port, _addr, \
                                           __location__)
+#endif
 
+/**
+ * @brief Get the address of an 'inet' tsocket_address as a string.
+ *
+ * @param[in]  addr     The address to convert to a string.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @return              A newly allocated string of the address, NULL on error
+ *                      with errno set.
+ */
 char *tsocket_address_inet_addr_string(const struct tsocket_address *addr,
                                       TALLOC_CTX *mem_ctx);
+
+/**
+ * @brief Get the port number as an integer from an 'inet' tsocket_address.
+ *
+ * @param[in]  addr     The tsocket address to use.
+ *
+ * @return              The port number, 0 on error with errno set.
+ */
 uint16_t tsocket_address_inet_port(const struct tsocket_address *addr);
+
+/**
+ * @brief Set the port number of an existing 'inet' tsocket_address.
+ *
+ * @param[in]  addr     The existing tsocket_address to use.
+ *
+ * @param[in]  port     The valid port number to set.
+ *
+ * @return              0 on success, -1 on error with errno set.
+ */
 int tsocket_address_inet_set_port(struct tsocket_address *addr,
                                  uint16_t port);
 
+#ifdef DOXYGEN
+/**
+ * @brief Create a tsocket_address for a unix domain endpoint addresses.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  path     The filesystem path, NULL will map "".
+ *
+ * @param[in]  _addr    The tsocket_address pointer to store the information.
+ *
+ * @return              0 on success, -1 on error with errno set.
+ */
+int tsocket_address_unix_from_path(TALLOC_CTX *mem_ctx,
+                                  const char *path,
+                                  struct tsocket_address **_addr);
+#else
 int _tsocket_address_unix_from_path(TALLOC_CTX *mem_ctx,
                                    const char *path,
                                    struct tsocket_address **_addr,
                                    const char *location);
+
 #define tsocket_address_unix_from_path(mem_ctx, path, _addr) \
        _tsocket_address_unix_from_path(mem_ctx, path, _addr, \
                                        __location__)
+#endif
+
+/**
+ * @brief Get the address of an 'unix' tsocket_address.
+ *
+ * @param[in]  addr     A valid 'unix' tsocket_address.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @return              The path of the unix domain socket, NULL on error or if
+ *                      the tsocket_address doesn't represent an unix domain
+ *                      endpoint path.
+ */
 char *tsocket_address_unix_path(const struct tsocket_address *addr,
                                TALLOC_CTX *mem_ctx);
 
+#ifdef DOXYGEN
+/**
+ * @brief Create a tdgram_context for a ipv4 or ipv6 UDP communication.
+ *
+ * @param[in]  local    An 'inet' tsocket_address for the local endpoint.
+ *
+ * @param[in]  remote   An 'inet' tsocket_address for the remote endpoint or
+ *                      NULL (??? to create a listener?).
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  dgram    The tdgram_context pointer to setup the udp
+ *                      communication. The function will allocate the memory.
+ *
+ * @return              0 on success, -1 on error with errno set.
+ */
+int tdgram_inet_udp_socket(const struct tsocket_address *local,
+                           const struct tsocket_address *remote,
+                           TALLOC_CTX *mem_ctx,
+                           struct tdgram_context **dgram);
+#else
 int _tdgram_inet_udp_socket(const struct tsocket_address *local,
                            const struct tsocket_address *remote,
                            TALLOC_CTX *mem_ctx,
@@ -135,19 +626,85 @@ int _tdgram_inet_udp_socket(const struct tsocket_address *local,
                            const char *location);
 #define tdgram_inet_udp_socket(local, remote, mem_ctx, dgram) \
        _tdgram_inet_udp_socket(local, remote, mem_ctx, dgram, __location__)
+#endif
 
+#ifdef DOXYGEN
+/**
+ * @brief Create a tdgram_context for unix domain datagram communication.
+ *
+ * @param[in]  local    An 'unix' tsocket_address for the local endpoint.
+ *
+ * @param[in]  remote   An 'unix' tsocket_address for the remote endpoint or
+ *                      NULL (??? to create a listener?).
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  dgram    The tdgram_context pointer to setup the udp
+ *                      communication. The function will allocate the memory.
+ *
+ * @return              0 on success, -1 on error with errno set.
+ */
+int tdgram_unix_socket(const struct tsocket_address *local,
+                       const struct tsocket_address *remote,
+                       TALLOC_CTX *mem_ctx,
+                       struct tdgram_context **dgram);
+#else
 int _tdgram_unix_socket(const struct tsocket_address *local,
                        const struct tsocket_address *remote,
                        TALLOC_CTX *mem_ctx,
                        struct tdgram_context **dgram,
                        const char *location);
+
 #define tdgram_unix_socket(local, remote, mem_ctx, dgram) \
        _tdgram_unix_socket(local, remote, mem_ctx, dgram, __location__)
+#endif
 
-struct tevent_req * tstream_inet_tcp_connect_send(TALLOC_CTX *mem_ctx,
+/**
+ * @brief Connect async to a TCP endpoint and create a tstream_context for the
+ * stream based communication.
+ *
+ * Use this function to connenct asynchronously to a remote ipv4 or ipv6 TCP
+ * endpoint and create a tstream_context for the stream based communication.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  ev       The tevent_context to run on.
+ *
+ * @param[in]  local    An 'inet' tsocket_address for the local endpoint.
+ *
+ * @param[in]  remote   An 'inet' tsocket_address for the remote endpoint.
+ *
+ * @return              A 'tevent_req' handle, where the caller can register a
+ *                      callback with tevent_req_set_callback(). NULL on a fatal
+ *                      error.
+ *
+ * @see tstream_inet_tcp_connect_recv()
+ */
+struct tevent_req *tstream_inet_tcp_connect_send(TALLOC_CTX *mem_ctx,
                                        struct tevent_context *ev,
                                        const struct tsocket_address *local,
                                        const struct tsocket_address *remote);
+
+#ifdef DOXYGEN
+/**
+ * @brief Receive the result from a tstream_inet_tcp_connect_send().
+ *
+ * @param[in]  req      The tevent request from tstream_inet_tcp_connect_send().
+ *
+ * @param[out] perrno   The error number, set if an error occured.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  stream   A tstream_context pointer to setup the tcp communication
+ *                      on. This function will allocate the memory.
+ *
+ * @return              0 on success, -1 on error with perrno set.
+ */
+int tstream_inet_tcp_connect_recv(struct tevent_req *req,
+                                 int *perrno,
+                                 TALLOC_CTX *mem_ctx,
+                                 struct tstream_context **stream);
+#else
 int _tstream_inet_tcp_connect_recv(struct tevent_req *req,
                                   int *perrno,
                                   TALLOC_CTX *mem_ctx,
@@ -156,11 +713,56 @@ int _tstream_inet_tcp_connect_recv(struct tevent_req *req,
 #define tstream_inet_tcp_connect_recv(req, perrno, mem_ctx, stream) \
        _tstream_inet_tcp_connect_recv(req, perrno, mem_ctx, stream, \
                                       __location__)
+#endif
 
+/**
+ * @brief Connect async to a unix domain endpoint and create a tstream_context
+ * for the stream based communication.
+ *
+ * Use this function to connenct asynchronously to a unix domainendpoint and
+ * create a tstream_context for the stream based communication.
+ *
+ * The callback is triggered when a socket is connected and ready for IO or an
+ * error happened.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  ev       The tevent_context to run on.
+ *
+ * @param[in]  local    An 'unix' tsocket_address for the local endpoint.
+ *
+ * @param[in]  remote   An 'unix' tsocket_address for the remote endpoint.
+ *
+ * @return              A 'tevent_req' handle, where the caller can register a
+ *                      callback with tevent_req_set_callback(). NULL on a falal
+ *                      error.
+ *
+ * @see tstream_unix_connect_recv()
+ */
 struct tevent_req * tstream_unix_connect_send(TALLOC_CTX *mem_ctx,
                                        struct tevent_context *ev,
                                        const struct tsocket_address *local,
                                        const struct tsocket_address *remote);
+
+#ifdef DOXYGEN
+/**
+ * @brief Receive the result from a tstream_unix_connect_send().
+ *
+ * @param[in]  req      The tevent request from tstream_inet_tcp_connect_send().
+ *
+ * @param[out] perrno   The error number, set if an error occured.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  stream   The tstream context to work on.
+ *
+ * @return              0 on success, -1 on error with perrno set.
+ */
+int tstream_unix_connect_recv(struct tevent_req *req,
+                             int *perrno,
+                             TALLOC_CTX *mem_ctx,
+                             struct tstream_context **stream);
+#else
 int _tstream_unix_connect_recv(struct tevent_req *req,
                               int *perrno,
                               TALLOC_CTX *mem_ctx,
@@ -169,31 +771,121 @@ int _tstream_unix_connect_recv(struct tevent_req *req,
 #define tstream_unix_connect_recv(req, perrno, mem_ctx, stream) \
        _tstream_unix_connect_recv(req, perrno, mem_ctx, stream, \
                                          __location__)
+#endif
 
+#ifdef DOXYGEN
+/**
+ * @brief Create two connected 'unix' tsocket_contexts for stream based
+ *        communication.
+ *
+ * @param[in]  mem_ctx1 The talloc memory context to use for stream1.
+ *
+ * @param[in]  stream1  The first stream to connect.
+ *
+ * @param[in]  mem_ctx2 The talloc memory context to use for stream2.
+ *
+ * @param[in]  stream2  The second stream to connect.
+ *
+ * @return              0 on success, -1 on error with errno set.
+ */
+int tstream_unix_socketpair(TALLOC_CTX *mem_ctx1,
+                           struct tstream_context **stream1,
+                           TALLOC_CTX *mem_ctx2,
+                           struct tstream_context **stream2);
+#else
 int _tstream_unix_socketpair(TALLOC_CTX *mem_ctx1,
                             struct tstream_context **_stream1,
                             TALLOC_CTX *mem_ctx2,
                             struct tstream_context **_stream2,
                             const char *location);
+
 #define tstream_unix_socketpair(mem_ctx1, stream1, mem_ctx2, stream2) \
        _tstream_unix_socketpair(mem_ctx1, stream1, mem_ctx2, stream2, \
                                 __location__)
+#endif
 
 struct sockaddr;
 
+#ifdef DOXYGEN
+/**
+ * @brief Convert a tsocket address to a bsd socket address.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  sa       The sockaddr structure to convert.
+ *
+ * @param[in]  sa_socklen   The lenth of the sockaddr sturucte.
+ *
+ * @param[out] addr     The tsocket pointer to allocate and fill.
+ *
+ * @return              0 on success, -1 on error with errno set.
+ */
+int tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
+                                     struct sockaddr *sa,
+                                     size_t sa_socklen,
+                                     struct tsocket_address **addr);
+#else
 int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
                                       struct sockaddr *sa,
                                       size_t sa_socklen,
                                       struct tsocket_address **_addr,
                                       const char *location);
+
 #define tsocket_address_bsd_from_sockaddr(mem_ctx, sa, sa_socklen, _addr) \
        _tsocket_address_bsd_from_sockaddr(mem_ctx, sa, sa_socklen, _addr, \
                                           __location__)
+#endif
 
+/**
+ * @brief Fill a bsd sockaddr structure.
+ *
+ * @param[in]  addr     The tsocket address structure to use.
+ *
+ * @param[in]  sa       The bsd sockaddr structure to fill out.
+ *
+ * @param[in]  sa_socklen   The length of the  bsd sockaddr structure to fill out.
+ *
+ * @return              The actual size of the sockaddr structure, -1 on error
+ *                      with errno set. The size could differ from sa_socklen.
+ *
+ * @code
+ *   ssize_t socklen;
+ *   struct sockaddr_storage ss;
+ *
+ *   socklen = tsocket_address_bsd_sockaddr(taddr,
+ *                    (struct sockaddr *) &ss,
+ *                    sizeof(struct sockaddr_storage));
+ *   if (socklen < 0) {
+ *     return -1;
+ *   }
+ * @endcode
+ */
 ssize_t tsocket_address_bsd_sockaddr(const struct tsocket_address *addr,
                                     struct sockaddr *sa,
                                     size_t sa_socklen);
 
+#ifdef DOXYGEN
+/**
+ * @brief Wrap an existing file descriptors into the tstream abstraction.
+ *
+ * You can use this function to wrap an existing file descriptors into the
+ * tstream abstraction.
+ *
+ * @param[in]  mem_ctx      The talloc memory context to use.
+ *
+ * @param[in]  fd           The non blocking fd to use!
+ *
+ * @param[in]  stream       The filed tstream_context you allocated before.
+ *
+ * @return              0 on success, -1 on error with errno set.
+ *
+ * @warning You should read the tsocket_bsd.c code and unterstand it in order
+ * use this function.
+ */
+int tstream_bsd_existing_socket(TALLOC_CTX *mem_ctx,
+                               int fd,
+                               struct tstream_context **stream);
+#else
 int _tstream_bsd_existing_socket(TALLOC_CTX *mem_ctx,
                                 int fd,
                                 struct tstream_context **_stream,
@@ -201,11 +893,54 @@ int _tstream_bsd_existing_socket(TALLOC_CTX *mem_ctx,
 #define tstream_bsd_existing_socket(mem_ctx, fd, stream) \
        _tstream_bsd_existing_socket(mem_ctx, fd, stream, \
                                     __location__)
+#endif
 
-/*
- * Queue and PDU helpers
+/**
+ * @}
+ */
+
+/**
+ * @defgroup tsocket_helper Queue and PDU helpers
+ * @ingroup tsocket
+ *
+ * In order to make the live easier for callers which want to implement a
+ * function to receive a full PDU with a single async function pair, there're
+ * some helper functions.
+ *
+ * There're some cases where the caller wants doesn't care about the order of
+ * doing IO on the abstracted sockets.
+ *
+ * @{
  */
 
+/**
+ * @brief Queue a dgram blob for sending through the socket.
+ *
+ * This function queues a blob for sending to destination through an existing
+ * dgram socket. The async callback is triggered when the whole blob is
+ * delivered to the underlying system socket.
+ *
+ * The caller needs to make sure that all non-scalar input parameters hang
+ * arround for the whole lifetime of the request.
+ *
+ * @param[in]  mem_ctx  The memory context for the result.
+ *
+ * @param[in]  ev       The event context the operation should work on.
+ *
+ * @param[in]  dgram    The tdgram_context to send the message buffer.
+ *
+ * @param[in]  queue    The existing dgram queue.
+ *
+ * @param[in]  buf      The message buffer to send.
+ *
+ * @param[in]  len      The message length.
+ *
+ * @param[in]  dst      The destination socket address.
+ *
+ * @return              The async request handle. NULL on fatal error.
+ *
+ * @see tdgram_sendto_queue_recv()
+ */
 struct tevent_req *tdgram_sendto_queue_send(TALLOC_CTX *mem_ctx,
                                            struct tevent_context *ev,
                                            struct tdgram_context *dgram,
@@ -213,6 +948,17 @@ struct tevent_req *tdgram_sendto_queue_send(TALLOC_CTX *mem_ctx,
                                            const uint8_t *buf,
                                            size_t len,
                                            struct tsocket_address *dst);
+
+/**
+ * @brief Receive the result of the sent dgram blob.
+ *
+ * @param[in]  req      The tevent request from tdgram_sendto_queue_send().
+ *
+ * @param[out] perrno   The error set to the actual errno.
+ *
+ * @return              The length of the datagram (0 is never returned!), -1 on
+ *                      error with perrno set to the actual errno.
+ */
 ssize_t tdgram_sendto_queue_recv(struct tevent_req *req, int *perrno);
 
 typedef int (*tstream_readv_pdu_next_vector_t)(struct tstream_context *stream,
@@ -220,6 +966,7 @@ typedef int (*tstream_readv_pdu_next_vector_t)(struct tstream_context *stream,
                                               TALLOC_CTX *mem_ctx,
                                               struct iovec **vector,
                                               size_t *count);
+
 struct tevent_req *tstream_readv_pdu_send(TALLOC_CTX *mem_ctx,
                                struct tevent_context *ev,
                                struct tstream_context *stream,
@@ -227,21 +974,97 @@ struct tevent_req *tstream_readv_pdu_send(TALLOC_CTX *mem_ctx,
                                void *next_vector_private);
 int tstream_readv_pdu_recv(struct tevent_req *req, int *perrno);
 
+/**
+ * @brief Queue a dgram blob for sending through the socket.
+ *
+ * This function queues a blob for sending to destination through an existing
+ * dgram socket. The async callback is triggered when the whole blob is
+ * delivered to the underlying system socket.
+ *
+ * The caller needs to make sure that all non-scalar input parameters hang
+ * arround for the whole lifetime of the request.
+ *
+ * @param[in]  mem_ctx  The memory context for the result
+ *
+ * @param[in]  ev       The tevent_context to run on
+ *
+ * @param[in]  stream   The stream to send data through
+ *
+ * @param[in]  queue    The existing send queue
+ *
+ * @param[in]  next_vector_fn  The next vector function
+ *
+ * @param[in]  next_vector_private  The private_data of the next vector function
+ *
+ * @return              The async request handle. NULL on fatal error.
+ *
+ * @see tstream_readv_pdu_queue_recv()
+ */
 struct tevent_req *tstream_readv_pdu_queue_send(TALLOC_CTX *mem_ctx,
                                struct tevent_context *ev,
                                struct tstream_context *stream,
                                struct tevent_queue *queue,
                                tstream_readv_pdu_next_vector_t next_vector_fn,
                                void *next_vector_private);
+
+/**
+ * @brief Receive the result of the sent dgram blob.
+ *
+ * @param[in]  req      The tevent request from tstream_readv_pdu_queue_send().
+ *
+ * @param[out] perrno   The error set to the actual errno.
+ *
+ * @return              The length of the datagram (0 is never returned!), -1 on
+ *                      error with perrno set to the actual errno.
+ */
 int tstream_readv_pdu_queue_recv(struct tevent_req *req, int *perrno);
 
+/**
+ * @brief Queue a dgram blob for sending through the socket
+ *
+ * This function queues a blob for sending to destination through an existing
+ * dgram socket. The async callback is triggered when the whole blob is
+ * delivered to the underlying system socket.
+ *
+ * The caller needs to make sure that all non-scalar input parameters hang
+ * arround for the whole lifetime of the request.
+ *
+ * @param[in]  mem_ctx  The memory context for the result.
+ *
+ * @param[in]  ev       The tevent_context to run on.
+ *
+ * @param[in]  stream   The stream to send data through.
+ *
+ * @param[in]  queue    The existing send queue.
+ *
+ * @param[in]  vector   The iovec vector so write.
+ *
+ * @param[in]  count    The size of the vector.
+ *
+ * @return              The async request handle. NULL on fatal error.
+ */
 struct tevent_req *tstream_writev_queue_send(TALLOC_CTX *mem_ctx,
                                             struct tevent_context *ev,
                                             struct tstream_context *stream,
                                             struct tevent_queue *queue,
                                             const struct iovec *vector,
                                             size_t count);
+
+/**
+ * @brief Receive the result of the sent dgram blob.
+ *
+ * @param[in]  req      The tevent request from tstream_writev_queue_send().
+ *
+ * @param[out] perrno   The error set to the actual errno.
+ *
+ * @return              The length of the datagram (0 is never returned!), -1 on
+ *                      error with perrno set to the actual errno.
+ */
 int tstream_writev_queue_recv(struct tevent_req *req, int *perrno);
 
+/**
+ * @}
+ */
+
 #endif /* _TSOCKET_H */
 
index d8db8640580b963463e8cdcd1c5e21f0131cf842..3a41a3efc3df71ee7e7297696e282c158bdb9cbf 100644 (file)
@@ -42,24 +42,6 @@ static void tdgram_sendto_queue_trigger(struct tevent_req *req,
                                         void *private_data);
 static void tdgram_sendto_queue_done(struct tevent_req *subreq);
 
-/**
- * @brief Queue a dgram blob for sending through the socket
- * @param[in] mem_ctx  The memory context for the result
- * @param[in] ev       The event context the operation should work on
- * @param[in] dgram    The tdgram_context to send the message buffer
- * @param[in] queue    The existing dgram queue
- * @param[in] buf      The message buffer
- * @param[in] len      The message length
- * @param[in] dst      The destination socket address
- * @retval             The async request handle
- *
- * This function queues a blob for sending to destination through an existing
- * dgram socket. The async callback is triggered when the whole blob is
- * delivered to the underlying system socket.
- *
- * The caller needs to make sure that all non-scalar input parameters hang
- * arround for the whole lifetime of the request.
- */
 struct tevent_req *tdgram_sendto_queue_send(TALLOC_CTX *mem_ctx,
                                            struct tevent_context *ev,
                                            struct tdgram_context *dgram,
@@ -335,23 +317,6 @@ static void tstream_readv_pdu_queue_trigger(struct tevent_req *req,
                                         void *private_data);
 static void tstream_readv_pdu_queue_done(struct tevent_req *subreq);
 
-/**
- * @brief Queue a dgram blob for sending through the socket
- * @param[in] mem_ctx  The memory context for the result
- * @param[in] ev       The tevent_context to run on
- * @param[in] stream   The stream to send data through
- * @param[in] queue    The existing send queue
- * @param[in] next_vector_fn   The next vector function
- * @param[in] next_vector_private      The private_data of the next vector function
- * @retval             The async request handle
- *
- * This function queues a blob for sending to destination through an existing
- * dgram socket. The async callback is triggered when the whole blob is
- * delivered to the underlying system socket.
- *
- * The caller needs to make sure that all non-scalar input parameters hang
- * arround for the whole lifetime of the request.
- */
 struct tevent_req *tstream_readv_pdu_queue_send(TALLOC_CTX *mem_ctx,
                                struct tevent_context *ev,
                                struct tstream_context *stream,
@@ -459,23 +424,6 @@ static void tstream_writev_queue_trigger(struct tevent_req *req,
                                         void *private_data);
 static void tstream_writev_queue_done(struct tevent_req *subreq);
 
-/**
- * @brief Queue a dgram blob for sending through the socket
- * @param[in] mem_ctx  The memory context for the result
- * @param[in] ev       The tevent_context to run on
- * @param[in] stream   The stream to send data through
- * @param[in] queue    The existing send queue
- * @param[in] vector   The iovec vector so write
- * @param[in] count    The size of the vector
- * @retval             The async request handle
- *
- * This function queues a blob for sending to destination through an existing
- * dgram socket. The async callback is triggered when the whole blob is
- * delivered to the underlying system socket.
- *
- * The caller needs to make sure that all non-scalar input parameters hang
- * arround for the whole lifetime of the request.
- */
 struct tevent_req *tstream_writev_queue_send(TALLOC_CTX *mem_ctx,
                                             struct tevent_context *ev,
                                             struct tstream_context *stream,
index f0d16952a987b7d9ad94746730748cd04c9a98b1..eb2151fc51e2912ff75626b032260ce19fbfdfc6 100644 (file)
@@ -45,17 +45,13 @@ struct debug_ops {
 #define DEBUGLEVEL *debug_level
 extern int DEBUGLEVEL;
 
-#define debug_ctx() (_debug_ctx?_debug_ctx:(_debug_ctx=talloc_new(NULL)))
-
 #define DEBUGLVL(level) ((level) <= DEBUGLEVEL)
 #define _DEBUG(level, body, header) do { \
        if (DEBUGLVL(level)) { \
-               void* _debug_ctx=NULL; \
                if (header) { \
                        dbghdr(level, __location__, __FUNCTION__); \
                } \
                dbgtext body; \
-               talloc_free(_debug_ctx); \
        } \
 } while (0)
 /** 
index a3182cd806bd510de891c86a306e21628fdc89fd..f7c60e7de123c4f4e6716a772a35a07b7c6af91d 100644 (file)
@@ -100,13 +100,9 @@ bool E_md4hash(const char *passwd, uint8_t p16[16])
 void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t hash_out[16])
 {
        struct MD5Context tctx;
-       uint8_t array[32];
-
-       memset(hash_out, '\0', 16);
-       memcpy(array, salt, 16);
-       memcpy(&array[16], nthash, 16);
        MD5Init(&tctx);
-       MD5Update(&tctx, array, 32);
+       MD5Update(&tctx, salt, 16);
+       MD5Update(&tctx, nthash, 16);
        MD5Final(hash_out, &tctx);
 }
 
diff --git a/libcli/util/tstream.c b/libcli/util/tstream.c
new file mode 100644 (file)
index 0000000..f6c92f3
--- /dev/null
@@ -0,0 +1,167 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *
+ *  Copyright (C) Stefan Metzmacher 2009
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include <tevent.h>
+#include "system/filesys.h"
+#include "../lib/tsocket/tsocket.h"
+#include "../libcli/util/tstream.h"
+#include "../lib/util/tevent_ntstatus.h"
+
+struct tstream_read_pdu_blob_state {
+       /* this structs are owned by the caller */
+       struct {
+               struct tevent_context *ev;
+               struct tstream_context *stream;
+               NTSTATUS (*full_fn)(void *private_data,
+                                   DATA_BLOB blob,
+                                   size_t *packet_size);
+               void *full_private;
+       } caller;
+
+       DATA_BLOB pdu_blob;
+       struct iovec tmp_vector;
+};
+
+static void tstream_read_pdu_blob_done(struct tevent_req *subreq);
+
+struct tevent_req *tstream_read_pdu_blob_send(TALLOC_CTX *mem_ctx,
+                               struct tevent_context *ev,
+                               struct tstream_context *stream,
+                               size_t initial_read_size,
+                               NTSTATUS (*full_fn)(void *private_data,
+                                                   DATA_BLOB blob,
+                                                   size_t *packet_size),
+                               void *full_private)
+{
+       struct tevent_req *req;
+       struct tstream_read_pdu_blob_state *state;
+       struct tevent_req *subreq;
+       uint8_t *buf;
+
+       req = tevent_req_create(mem_ctx, &state,
+                               struct tstream_read_pdu_blob_state);
+       if (!req) {
+               return NULL;
+       }
+
+       state->caller.ev                = ev;
+       state->caller.stream            = stream;
+       state->caller.full_fn           = full_fn;
+       state->caller.full_private      = full_private;
+
+       if (initial_read_size == 0) {
+               tevent_req_error(req, EINVAL);
+               return tevent_req_post(req, ev);
+       }
+
+       buf = talloc_array(state, uint8_t, initial_read_size);
+       if (tevent_req_nomem(buf, req)) {
+               return tevent_req_post(req, ev);
+       }
+       state->pdu_blob.data = buf;
+       state->pdu_blob.length = initial_read_size;
+
+       state->tmp_vector.iov_base = buf;
+       state->tmp_vector.iov_len = initial_read_size;
+
+       subreq = tstream_readv_send(state, ev, stream, &state->tmp_vector, 1);
+       if (tevent_req_nomem(subreq, req)) {
+               return tevent_req_post(req, ev);
+       }
+       tevent_req_set_callback(subreq, tstream_read_pdu_blob_done, req);
+
+       return req;
+}
+
+static void tstream_read_pdu_blob_done(struct tevent_req *subreq)
+{
+       struct tevent_req *req =
+               tevent_req_callback_data(subreq,
+               struct tevent_req);
+       struct tstream_read_pdu_blob_state *state =
+               tevent_req_data(req,
+               struct tstream_read_pdu_blob_state);
+       ssize_t ret;
+       int sys_errno;
+       size_t pdu_size;
+       NTSTATUS status;
+       uint8_t *buf;
+
+       ret = tstream_readv_recv(subreq, &sys_errno);
+       TALLOC_FREE(subreq);
+       if (ret == -1) {
+               status = map_nt_error_from_unix(sys_errno);
+               tevent_req_nterror(req, status);
+               return;
+       }
+
+       status = state->caller.full_fn(state->caller.full_private,
+                                      state->pdu_blob, &pdu_size);
+       if (NT_STATUS_IS_OK(status)) {
+               tevent_req_done(req);
+               return;
+       } else if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+               /* more to get */
+       } else if (!NT_STATUS_IS_OK(status)) {
+               tevent_req_nterror(req, status);
+               return;
+       }
+
+       buf = talloc_realloc(state, state->pdu_blob.data, uint8_t, pdu_size);
+       if (tevent_req_nomem(buf, req)) {
+               return;
+       }
+       state->pdu_blob.data = buf;
+       state->pdu_blob.length = pdu_size;
+
+       state->tmp_vector.iov_base = buf + state->tmp_vector.iov_len;
+       state->tmp_vector.iov_len = pdu_size - state->tmp_vector.iov_len;
+
+       subreq = tstream_readv_send(state,
+                                   state->caller.ev,
+                                   state->caller.stream,
+                                   &state->tmp_vector,
+                                   1);
+       if (tevent_req_nomem(subreq, req)) {
+               return;
+       }
+       tevent_req_set_callback(subreq, tstream_read_pdu_blob_done, req);
+}
+
+NTSTATUS tstream_read_pdu_blob_recv(struct tevent_req *req,
+                                   TALLOC_CTX *mem_ctx,
+                                   DATA_BLOB *pdu_blob)
+{
+       struct tstream_read_pdu_blob_state *state = tevent_req_data(req,
+                                       struct tstream_read_pdu_blob_state);
+       NTSTATUS status;
+
+       if (tevent_req_is_nterror(req, &status)) {
+               tevent_req_received(req);
+               return status;
+       }
+
+       *pdu_blob = state->pdu_blob;
+       talloc_steal(mem_ctx, pdu_blob->data);
+
+       tevent_req_received(req);
+       return NT_STATUS_OK;
+}
+
diff --git a/libcli/util/tstream.h b/libcli/util/tstream.h
new file mode 100644 (file)
index 0000000..a945287
--- /dev/null
@@ -0,0 +1,79 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *
+ *  Copyright (C) Stefan Metzmacher 2009
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LIBCLI_UTIL_TSTREAM_H_
+#define _LIBCLI_UTIL_TSTREAM_H_
+
+/**
+ * @brief A helper function to read a full PDU from a stream
+ *
+ * This function is designed for simple PDUs and as compat layer
+ * for the Samba4 packet interface.
+ *
+ * tstream_readv_pdu_send() is a more powerful interface,
+ * which is part of the main (non samba specific) tsocket code.
+ *
+ * @param[in] mem_ctx          The memory context for the result.
+ *
+ * @param[in] ev               The event context the operation should work on.
+ *
+ * @param[in] stream           The stream to read data from.
+ *
+ * @param[in] inital_read_size The initial byte count that is needed to workout
+ *                             the full pdu size.
+ *
+ * @param[in] full_fn          The callback function that will report the size
+ *                             of the full pdu.
+ *
+ * @param[in] full_private     The private data for the callback function.
+ *
+ * @return                     The async request handle. NULL on fatal error.
+ *
+ * @see tstream_read_pdu_blob_recv()
+ * @see tstream_readv_pdu_send()
+ * @see tstream_readv_pdu_queue_send()
+ *
+ */
+struct tevent_req *tstream_read_pdu_blob_send(TALLOC_CTX *mem_ctx,
+                               struct tevent_context *ev,
+                               struct tstream_context *stream,
+                               size_t inital_read_size,
+                               NTSTATUS (*full_fn)(void *private_data,
+                                                   DATA_BLOB blob,
+                                                   size_t *packet_size),
+                               void *full_private);
+/**
+ * @brief Receive the result of the tstream_read_pdu_blob_send() call.
+ *
+ * @param[in] req      The tevent request from tstream_read_pdu_blob_send().
+ *
+ * @param[in] mem_ctx  The memory context for returned pdu DATA_BLOB.
+ *
+ * @param[in] pdu_blob The DATA_BLOB with the full pdu.
+ *
+ * @return             The NTSTATUS result, NT_STATUS_OK on success
+ *                     and others on failure.
+ *
+ * @see tstream_read_pdu_blob_send()
+ */
+NTSTATUS tstream_read_pdu_blob_recv(struct tevent_req *req,
+                                   TALLOC_CTX *mem_ctx,
+                                   DATA_BLOB *pdu_blob);
+
+#endif /* _LIBCLI_UTIL_TSTREAM_H_ */
index a5016fa7884b61d341400bfb72b553cf302904d6..1f5960ddc55cfee7b24c526580a9e6c903143194 100644 (file)
@@ -326,6 +326,7 @@ enum drsuapi_DsAttributeId
 #ifndef USE_UINT_ENUMS
  {
        DRSUAPI_ATTRIBUTE_objectClass=(int)(0x00000000),
+       DRSUAPI_ATTRIBUTE_cn=(int)(0x00000003),
        DRSUAPI_ATTRIBUTE_description=(int)(0x0000000d),
        DRSUAPI_ATTRIBUTE_member=(int)(0x0000001f),
        DRSUAPI_ATTRIBUTE_instanceType=(int)(0x00020001),
@@ -336,6 +337,7 @@ enum drsuapi_DsAttributeId
        DRSUAPI_ATTRIBUTE_governsID=(int)(0x00020016),
        DRSUAPI_ATTRIBUTE_mustContain=(int)(0x00020018),
        DRSUAPI_ATTRIBUTE_mayContain=(int)(0x00020019),
+       DRSUAPI_ATTRIBUTE_rDNAttId=(int)(0x0002001A),
        DRSUAPI_ATTRIBUTE_attributeID=(int)(0x0002001e),
        DRSUAPI_ATTRIBUTE_attributeSyntax=(int)(0x00020020),
        DRSUAPI_ATTRIBUTE_isSingleValued=(int)(0x00020021),
@@ -374,6 +376,7 @@ enum drsuapi_DsAttributeId
        DRSUAPI_ATTRIBUTE_systemPossSuperiors=(int)(0x000900c3),
        DRSUAPI_ATTRIBUTE_systemMayContain=(int)(0x000900c4),
        DRSUAPI_ATTRIBUTE_systemMustContain=(int)(0x000900c5),
+       DRSUAPI_ATTRIBUTE_systemAuxiliaryClass=(int)(0x000900c6),
        DRSUAPI_ATTRIBUTE_sAMAccountName=(int)(0x000900dd),
        DRSUAPI_ATTRIBUTE_sAMAccountType=(int)(0x0009012e),
        DRSUAPI_ATTRIBUTE_fSMORoleOwner=(int)(0x00090171),
@@ -390,14 +393,17 @@ enum drsuapi_DsAttributeId
        DRSUAPI_ATTRIBUTE_servicePrincipalName=(int)(0x00090303),
        DRSUAPI_ATTRIBUTE_objectCategory=(int)(0x0009030e),
        DRSUAPI_ATTRIBUTE_gPLink=(int)(0x0009037b),
+       DRSUAPI_ATTRIBUTE_transportAddressAttribute=(int)(0x0009037f),
        DRSUAPI_ATTRIBUTE_msDS_Behavior_Version=(int)(0x000905b3),
        DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber=(int)(0x000906f6),
        DRSUAPI_ATTRIBUTE_msDS_HasDomainNCs=(int)(0x0009071c),
-       DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs=(int)(0x0009072c)
+       DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs=(int)(0x0009072c),
+       DRSUAPI_ATTRIBUTE_NONE=(int)(0xFFFFFFFF)
 }
 #else
  { __donnot_use_enum_drsuapi_DsAttributeId=0x7FFFFFFF}
 #define DRSUAPI_ATTRIBUTE_objectClass ( 0x00000000 )
+#define DRSUAPI_ATTRIBUTE_cn ( 0x00000003 )
 #define DRSUAPI_ATTRIBUTE_description ( 0x0000000d )
 #define DRSUAPI_ATTRIBUTE_member ( 0x0000001f )
 #define DRSUAPI_ATTRIBUTE_instanceType ( 0x00020001 )
@@ -408,6 +414,7 @@ enum drsuapi_DsAttributeId
 #define DRSUAPI_ATTRIBUTE_governsID ( 0x00020016 )
 #define DRSUAPI_ATTRIBUTE_mustContain ( 0x00020018 )
 #define DRSUAPI_ATTRIBUTE_mayContain ( 0x00020019 )
+#define DRSUAPI_ATTRIBUTE_rDNAttId ( 0x0002001A )
 #define DRSUAPI_ATTRIBUTE_attributeID ( 0x0002001e )
 #define DRSUAPI_ATTRIBUTE_attributeSyntax ( 0x00020020 )
 #define DRSUAPI_ATTRIBUTE_isSingleValued ( 0x00020021 )
@@ -446,6 +453,7 @@ enum drsuapi_DsAttributeId
 #define DRSUAPI_ATTRIBUTE_systemPossSuperiors ( 0x000900c3 )
 #define DRSUAPI_ATTRIBUTE_systemMayContain ( 0x000900c4 )
 #define DRSUAPI_ATTRIBUTE_systemMustContain ( 0x000900c5 )
+#define DRSUAPI_ATTRIBUTE_systemAuxiliaryClass ( 0x000900c6 )
 #define DRSUAPI_ATTRIBUTE_sAMAccountName ( 0x000900dd )
 #define DRSUAPI_ATTRIBUTE_sAMAccountType ( 0x0009012e )
 #define DRSUAPI_ATTRIBUTE_fSMORoleOwner ( 0x00090171 )
@@ -462,10 +470,12 @@ enum drsuapi_DsAttributeId
 #define DRSUAPI_ATTRIBUTE_servicePrincipalName ( 0x00090303 )
 #define DRSUAPI_ATTRIBUTE_objectCategory ( 0x0009030e )
 #define DRSUAPI_ATTRIBUTE_gPLink ( 0x0009037b )
+#define DRSUAPI_ATTRIBUTE_transportAddressAttribute ( 0x0009037f )
 #define DRSUAPI_ATTRIBUTE_msDS_Behavior_Version ( 0x000905b3 )
 #define DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber ( 0x000906f6 )
 #define DRSUAPI_ATTRIBUTE_msDS_HasDomainNCs ( 0x0009071c )
 #define DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs ( 0x0009072c )
+#define DRSUAPI_ATTRIBUTE_NONE ( 0xFFFFFFFF )
 #endif
 ;
 
index eb89db767a4d6a7ca5c7c676493dc83d1526cdbb..5b31d1e3f3257d72c892a76d1c986540ab0c57d2 100644 (file)
@@ -1379,6 +1379,7 @@ _PUBLIC_ void ndr_print_drsuapi_DsAttributeId(struct ndr_print *ndr, const char
                ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
                switch (r) {
                        case DRSUAPI_ATTRIBUTE_objectClass: val = "DRSUAPI_ATTRIBUTE_objectClass"; break;
+                       case DRSUAPI_ATTRIBUTE_cn: val = "DRSUAPI_ATTRIBUTE_cn"; break;
                        case DRSUAPI_ATTRIBUTE_description: val = "DRSUAPI_ATTRIBUTE_description"; break;
                        case DRSUAPI_ATTRIBUTE_member: val = "DRSUAPI_ATTRIBUTE_member"; break;
                        case DRSUAPI_ATTRIBUTE_instanceType: val = "DRSUAPI_ATTRIBUTE_instanceType"; break;
@@ -1389,6 +1390,7 @@ _PUBLIC_ void ndr_print_drsuapi_DsAttributeId(struct ndr_print *ndr, const char
                        case DRSUAPI_ATTRIBUTE_governsID: val = "DRSUAPI_ATTRIBUTE_governsID"; break;
                        case DRSUAPI_ATTRIBUTE_mustContain: val = "DRSUAPI_ATTRIBUTE_mustContain"; break;
                        case DRSUAPI_ATTRIBUTE_mayContain: val = "DRSUAPI_ATTRIBUTE_mayContain"; break;
+                       case DRSUAPI_ATTRIBUTE_rDNAttId: val = "DRSUAPI_ATTRIBUTE_rDNAttId"; break;
                        case DRSUAPI_ATTRIBUTE_attributeID: val = "DRSUAPI_ATTRIBUTE_attributeID"; break;
                        case DRSUAPI_ATTRIBUTE_attributeSyntax: val = "DRSUAPI_ATTRIBUTE_attributeSyntax"; break;
                        case DRSUAPI_ATTRIBUTE_isSingleValued: val = "DRSUAPI_ATTRIBUTE_isSingleValued"; break;
@@ -1427,6 +1429,7 @@ _PUBLIC_ void ndr_print_drsuapi_DsAttributeId(struct ndr_print *ndr, const char
                        case DRSUAPI_ATTRIBUTE_systemPossSuperiors: val = "DRSUAPI_ATTRIBUTE_systemPossSuperiors"; break;
                        case DRSUAPI_ATTRIBUTE_systemMayContain: val = "DRSUAPI_ATTRIBUTE_systemMayContain"; break;
                        case DRSUAPI_ATTRIBUTE_systemMustContain: val = "DRSUAPI_ATTRIBUTE_systemMustContain"; break;
+                       case DRSUAPI_ATTRIBUTE_systemAuxiliaryClass: val = "DRSUAPI_ATTRIBUTE_systemAuxiliaryClass"; break;
                        case DRSUAPI_ATTRIBUTE_sAMAccountName: val = "DRSUAPI_ATTRIBUTE_sAMAccountName"; break;
                        case DRSUAPI_ATTRIBUTE_sAMAccountType: val = "DRSUAPI_ATTRIBUTE_sAMAccountType"; break;
                        case DRSUAPI_ATTRIBUTE_fSMORoleOwner: val = "DRSUAPI_ATTRIBUTE_fSMORoleOwner"; break;
@@ -1443,10 +1446,12 @@ _PUBLIC_ void ndr_print_drsuapi_DsAttributeId(struct ndr_print *ndr, const char
                        case DRSUAPI_ATTRIBUTE_servicePrincipalName: val = "DRSUAPI_ATTRIBUTE_servicePrincipalName"; break;
                        case DRSUAPI_ATTRIBUTE_objectCategory: val = "DRSUAPI_ATTRIBUTE_objectCategory"; break;
                        case DRSUAPI_ATTRIBUTE_gPLink: val = "DRSUAPI_ATTRIBUTE_gPLink"; break;
+                       case DRSUAPI_ATTRIBUTE_transportAddressAttribute: val = "DRSUAPI_ATTRIBUTE_transportAddressAttribute"; break;
                        case DRSUAPI_ATTRIBUTE_msDS_Behavior_Version: val = "DRSUAPI_ATTRIBUTE_msDS_Behavior_Version"; break;
                        case DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber: val = "DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber"; break;
                        case DRSUAPI_ATTRIBUTE_msDS_HasDomainNCs: val = "DRSUAPI_ATTRIBUTE_msDS_HasDomainNCs"; break;
                        case DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs: val = "DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs"; break;
+                       case DRSUAPI_ATTRIBUTE_NONE: val = "DRSUAPI_ATTRIBUTE_NONE"; break;
                }
                ndr_print_enum(ndr, name, "ENUM", val, r);
                ndr->flags = _flags_save_ENUM;
index 3038863e1c379d0fe6705ccc14362fb7d4d4a8b2..dadaeeee3abfbdd1bf79a349422477bf94c0503b 100644 (file)
@@ -437,6 +437,7 @@ interface drsuapi
 
        typedef [flag(NDR_PAHEX),v1_enum,public] enum {
                DRSUAPI_ATTRIBUTE_objectClass                   = 0x00000000,
+               DRSUAPI_ATTRIBUTE_cn                            = 0x00000003,
                DRSUAPI_ATTRIBUTE_description                   = 0x0000000d,
                DRSUAPI_ATTRIBUTE_member                        = 0x0000001f,
                DRSUAPI_ATTRIBUTE_instanceType                  = 0x00020001,
@@ -447,6 +448,7 @@ interface drsuapi
                DRSUAPI_ATTRIBUTE_governsID                     = 0x00020016,
                DRSUAPI_ATTRIBUTE_mustContain                   = 0x00020018,
                DRSUAPI_ATTRIBUTE_mayContain                    = 0x00020019,
+               DRSUAPI_ATTRIBUTE_rDNAttId                      = 0x0002001A,
                DRSUAPI_ATTRIBUTE_attributeID                   = 0x0002001e,
                DRSUAPI_ATTRIBUTE_attributeSyntax               = 0x00020020,
                DRSUAPI_ATTRIBUTE_isSingleValued                = 0x00020021,
@@ -485,6 +487,7 @@ interface drsuapi
                DRSUAPI_ATTRIBUTE_systemPossSuperiors           = 0x000900c3,
                DRSUAPI_ATTRIBUTE_systemMayContain              = 0x000900c4,
                DRSUAPI_ATTRIBUTE_systemMustContain             = 0x000900c5,
+               DRSUAPI_ATTRIBUTE_systemAuxiliaryClass          = 0x000900c6,
                DRSUAPI_ATTRIBUTE_sAMAccountName                = 0x000900dd,
                DRSUAPI_ATTRIBUTE_sAMAccountType                = 0x0009012e,
                DRSUAPI_ATTRIBUTE_fSMORoleOwner                 = 0x00090171,
@@ -501,10 +504,12 @@ interface drsuapi
                DRSUAPI_ATTRIBUTE_servicePrincipalName          = 0x00090303,
                DRSUAPI_ATTRIBUTE_objectCategory                = 0x0009030e,
                DRSUAPI_ATTRIBUTE_gPLink                        = 0x0009037b,
+               DRSUAPI_ATTRIBUTE_transportAddressAttribute     = 0x0009037f,
                DRSUAPI_ATTRIBUTE_msDS_Behavior_Version         = 0x000905b3,
                DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber         = 0x000906f6,
                DRSUAPI_ATTRIBUTE_msDS_HasDomainNCs             = 0x0009071c,
-               DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs             = 0x0009072c
+               DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs             = 0x0009072c,           
+               DRSUAPI_ATTRIBUTE_NONE                          = 0xFFFFFFFF
        } drsuapi_DsAttributeId;
 
        typedef struct {
index 3536d410aeeb26992ba09c95cc9eeb22710b9dbf..883d2a0d463816452f592324df49b6d4eef13687 100755 (executable)
@@ -212,6 +212,17 @@ sub cleanup_pcap($$)
        unlink($pcap_file);
 }
 
+# expand strings from %ENV
+sub expand_environment_strings($)
+{
+       my $s = shift;
+       # we use a reverse sort so we do the longer ones first
+       foreach my $k (sort { $b cmp $a } keys %ENV) {
+               $s =~ s/\$$k/$ENV{$k}/g;
+       }
+       return $s;
+}
+
 sub run_testsuite($$$$$)
 {
        my ($envname, $name, $cmd, $i, $totalsuites) = @_;
@@ -255,6 +266,7 @@ sub run_testsuite($$$$$)
        }
 
        print "command: $cmd\n";
+       printf "expanded command: %s\n", expand_environment_strings($cmd);
 
        my $exitcode = $ret >> 8;
 
@@ -587,6 +599,7 @@ sub write_clientconf($$)
 #We don't want to pass our self-tests if the PAC code is wrong
        gensec:require_pac = true
        modules dir = $ENV{LD_SAMBA_MODULE_PATH}
+       setup directory = ./setup
 ";
        close(CF);
 }
index 1376f4c07a096c0dda4494e88fb3df853951bda7..f87cb888013829131c05c2f7bf39f036e9d41c0a 100644 (file)
@@ -681,7 +681,7 @@ GROUPDB_OBJ = groupdb/mapping.o groupdb/mapping_tdb.o groupdb/mapping_ldb.o
 
 PROFILE_OBJ = profile/profile.o
 PROFILES_OBJ = utils/profiles.o \
-              $(LIBSAMBA_OBJ) \
+              $(LIBSMB_ERR_OBJ) \
               $(PARAM_OBJ) \
                $(LIB_OBJ) $(LIB_DUMMY_OBJ) \
                $(POPT_LIB_OBJ)
@@ -740,6 +740,7 @@ VFS_ONEFS_SHADOW_COPY_OBJ = modules/vfs_onefs_shadow_copy.o modules/onefs_shadow
 PERFCOUNT_ONEFS_OBJ = modules/perfcount_onefs.o
 PERFCOUNT_TEST_OBJ = modules/perfcount_test.o
 VFS_DIRSORT_OBJ = modules/vfs_dirsort.o
+VFS_SCANNEDONLY_OBJ = modules/vfs_scannedonly.o
 
 PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
 
@@ -860,7 +861,7 @@ SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(PRINTING_OBJ) $(PRINTBASE_OBJ) $(LIBSMB_O
 STATUS_OBJ = utils/status.o utils/status_profile.o \
             $(LOCKING_OBJ) $(PARAM_OBJ) \
              $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
-            $(LIBSAMBA_OBJ) $(FNAME_UTIL_OBJ)
+            $(LIBSMB_ERR_OBJ) $(FNAME_UTIL_OBJ)
 
 SMBCONTROL_OBJ = utils/smbcontrol.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
        $(LIBSMB_ERR_OBJ) $(POPT_LIB_OBJ) $(PRINTBASE_OBJ)
@@ -875,7 +876,7 @@ SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \
 
 TESTPARM_OBJ = utils/testparm.o \
                $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
-              $(LIBSAMBA_OBJ)
+              $(LIBSMB_ERR_OBJ)
 
 TEST_LP_LOAD_OBJ = param/test_lp_load.o \
                   $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
@@ -1038,7 +1039,7 @@ CIFS_UMOUNT_OBJ = ../client/umount.cifs.o ../client/mtab.o
 CIFS_UPCALL_OBJ = ../client/cifs.upcall.o
 
 NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) \
-               $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSAMBA_OBJ)
+               $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ)
 
 SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \
                torture/denytest.o torture/mangle_test.o \
@@ -1053,7 +1054,7 @@ MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(LDB_OBJ) $(KRBCLI
                  $(LIB_NONSMBD_OBJ) \
                 $(LIBNDR_GEN_OBJ0)
 
-MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(LDB_OBJ) $(KRBCLIENT_OBJ) \
+MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_ERR_OBJ) $(LDB_OBJ) \
                  $(LIB_NONSMBD_OBJ) \
                 $(LIBNDR_GEN_OBJ0)
 
@@ -1070,7 +1071,7 @@ PDBTEST_OBJ = torture/pdbtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
 
 VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ)
 
-SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSAMBA_OBJ)
+SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ)
 
 LOG2PCAP_OBJ = utils/log2pcaphex.o
 
@@ -1092,18 +1093,18 @@ SMBCQUOTAS_OBJ = utils/smbcquotas.o $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
 EVTLOGADM_OBJ0 = utils/eventlogadm.o
 
 EVTLOGADM_OBJ  = $(EVTLOGADM_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
-               $(LIBSAMBA_OBJ) \
+               $(LIBSMB_ERR_OBJ) \
                registry/reg_eventlog.o $(LIB_EVENTLOG_OBJ) \
                ../librpc/gen_ndr/ndr_eventlog.o \
                ../librpc/gen_ndr/ndr_lsa.o
 
 SHARESEC_OBJ0 = utils/sharesec.o
 SHARESEC_OBJ  = $(SHARESEC_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
-               $(LIBSAMBA_OBJ) \
+               $(LIBSMB_ERR_OBJ) \
                 $(POPT_LIB_OBJ)
 
 TALLOCTORT_OBJ = @tallocdir@/testsuite.o @tallocdir@/testsuite_main.o \
-               $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSAMBA_OBJ)
+               $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ)
 
 REPLACETORT_OBJ = @libreplacedir@/test/testsuite.o \
                @libreplacedir@/test/getifaddrs.o \
@@ -1119,8 +1120,7 @@ SMBFILTER_OBJ = utils/smbfilter.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(LDB_OBJ) \
                 $(LIBNDR_GEN_OBJ0)
 
 WINBIND_WINS_NSS_OBJ = ../nsswitch/wins.o $(PARAM_OBJ) \
-       $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) \
-       $(LIBNDR_GEN_OBJ0) $(LDB_OBJ)
+       $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNMB_OBJ)
 
 PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
                pam_smbpass/pam_smb_acct.o pam_smbpass/support.o ../lib/util/asn1.o
@@ -1334,12 +1334,12 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \
 DBWRAP_TOOL_OBJ = utils/dbwrap_tool.o \
                  $(PARAM_OBJ) \
                  $(LIB_NONSMBD_OBJ) \
-                 $(LIBSAMBA_OBJ)
+                 $(LIBSMB_ERR_OBJ)
 
 DBWRAP_TORTURE_OBJ = utils/dbwrap_torture.o \
                     $(PARAM_OBJ) \
                     $(LIB_NONSMBD_OBJ) \
-                    $(LIBSAMBA_OBJ) \
+                    $(LIBSMB_ERR_OBJ) \
                     $(POPT_LIB_OBJ)
 
 SPLIT_TOKENS_OBJ = utils/split_tokens.o \
@@ -2831,6 +2831,10 @@ bin/dirsort.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_DIRSORT_OBJ)
        @echo "Building plugin $@"
        @$(SHLD_MODULE) $(VFS_DIRSORT_OBJ)
 
+bin/scannedonly.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SCANNEDONLY_OBJ)
+       @echo "Building plugin $@"
+       @$(SHLD_MODULE) $(VFS_SCANNEDONLY_OBJ)
+
 #########################################################
 ## IdMap NSS plugins
 
index 3741f29779b361ac9a666f4d535aa12516e537d8..f8f048a6f2b7b55394467bdee2dd0a6905d43eaa 100644 (file)
@@ -34,8 +34,8 @@
 static NTSTATUS check_guest_security(const struct auth_context *auth_context,
                                     void *my_private_data, 
                                     TALLOC_CTX *mem_ctx,
-                                    const auth_usersupplied_info *user_info, 
-                                    auth_serversupplied_info **server_info)
+                                    const struct auth_usersupplied_info *user_info,
+                                    struct auth_serversupplied_info **server_info)
 {
        /* mark this as 'not for me' */
        NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
@@ -77,8 +77,8 @@ static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *o
 static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context,
                                                void *my_private_data, 
                                                TALLOC_CTX *mem_ctx,
-                                               const auth_usersupplied_info *user_info, 
-                                               auth_serversupplied_info **server_info)
+                                               const struct auth_usersupplied_info *user_info,
+                                               struct auth_serversupplied_info **server_info)
 {
        NTSTATUS nt_status;
        fstring user;
@@ -130,8 +130,8 @@ static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, co
 static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_context,
                                               void *my_private_data, 
                                               TALLOC_CTX *mem_ctx,
-                                              const auth_usersupplied_info *user_info, 
-                                              auth_serversupplied_info **server_info)
+                                              const struct auth_usersupplied_info *user_info,
+                                              struct auth_serversupplied_info **server_info)
 {
        return NT_STATUS_NOT_IMPLEMENTED;
 }
index 77a994828f4373b81d4a43bdd1c3f9ac18207544..e90036f3ff95d4604b955c90777bea694f8227d3 100644 (file)
@@ -35,10 +35,12 @@ SMB hash
 return True if the password is correct, False otherwise
 ****************************************************************************/
 
-NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info)
+NTSTATUS check_plaintext_password(const char *smb_name,
+                                 DATA_BLOB plaintext_password,
+                                 struct auth_serversupplied_info **server_info)
 {
        struct auth_context *plaintext_auth_context = NULL;
-       auth_usersupplied_info *user_info = NULL;
+       struct auth_usersupplied_info *user_info = NULL;
        uint8_t chal[8];
        NTSTATUS nt_status;
        if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
@@ -72,9 +74,9 @@ static NTSTATUS pass_check_smb(struct auth_context *actx,
 
 {
        NTSTATUS nt_status;
-       auth_serversupplied_info *server_info = NULL;
+       struct auth_serversupplied_info *server_info = NULL;
        if (encrypted) {
-               auth_usersupplied_info *user_info = NULL;
+               struct auth_usersupplied_info *user_info = NULL;
                if (actx == NULL) {
                        return NT_STATUS_INTERNAL_ERROR;
                }
index c5273603215b279884bfea2eac79f5891d9193b3..a07aa617c4dfdff18e4d6bc5c2bfd5ed74d984cf 100644 (file)
@@ -251,10 +251,10 @@ machine %s. Error was : %s.\n", dc_name, cli_errstr(*cli)));
 ************************************************************************/
 
 static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
-                                       const auth_usersupplied_info *user_info, 
+                                       const struct auth_usersupplied_info *user_info,
                                        const char *domain,
                                        uchar chal[8],
-                                       auth_serversupplied_info **server_info, 
+                                       struct auth_serversupplied_info **server_info,
                                        const char *dc_name,
                                        struct sockaddr_storage *dc_ss)
 
@@ -372,8 +372,8 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
                                        void *my_private_data, 
                                        TALLOC_CTX *mem_ctx,
-                                       const auth_usersupplied_info *user_info, 
-                                       auth_serversupplied_info **server_info)
+                                       const struct auth_usersupplied_info *user_info,
+                                       struct auth_serversupplied_info **server_info)
 {
        NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
        const char *domain = lp_workgroup();
@@ -441,8 +441,8 @@ static NTSTATUS auth_init_ntdomain(struct auth_context *auth_context, const char
 static NTSTATUS check_trustdomain_security(const struct auth_context *auth_context,
                                           void *my_private_data, 
                                           TALLOC_CTX *mem_ctx,
-                                          const auth_usersupplied_info *user_info, 
-                                          auth_serversupplied_info **server_info)
+                                          const struct auth_usersupplied_info *user_info,
+                                          struct auth_serversupplied_info **server_info)
 {
        NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
        unsigned char trust_md4_password[16];
index ebfed83d41ec3fb10d0b9fb156848039b99fa9c9..bfd12281c4d0a122a578ac9e2f93815f9e7ad99a 100644 (file)
@@ -27,7 +27,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
                                   const struct auth_context *auth_context,
                                   const char *ncalrpc_sockname,
                                   uint8_t schannel_key[16],
-                                  const auth_usersupplied_info *user_info,
+                                  const struct auth_usersupplied_info *user_info,
                                   struct netr_SamInfo3 **pinfo3,
                                   NTSTATUS *schannel_bind_result)
 {
@@ -153,8 +153,8 @@ static char *mymachinepw(TALLOC_CTX *mem_ctx)
 static NTSTATUS check_netlogond_security(const struct auth_context *auth_context,
                                         void *my_private_data,
                                         TALLOC_CTX *mem_ctx,
-                                        const auth_usersupplied_info *user_info,
-                                        auth_serversupplied_info **server_info)
+                                        const struct auth_usersupplied_info *user_info,
+                                        struct auth_serversupplied_info **server_info)
 {
        TALLOC_CTX *frame = talloc_stackframe();
        struct netr_SamInfo3 *info3 = NULL;
index 4243a24ca72a5ac3a538c95dc598c3539888c79a..88f0e694434833e1cefaa24a3a82c8e4300fb135 100644 (file)
@@ -85,7 +85,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 {
        AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
                (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
-       auth_usersupplied_info *user_info = NULL;
+       struct auth_usersupplied_info *user_info = NULL;
        NTSTATUS nt_status;
        bool username_was_mapped;
 
index f0500b3611728b8bbfed91b20222e35933902d6d..1dd8fc950ea60a86526fa24efaec542ee510e6af 100644 (file)
 
 static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
                                TALLOC_CTX *mem_ctx,
-                               struct samu *sampass, 
-                               const auth_usersupplied_info *user_info, 
+                               const char *username,
+                               uint32_t acct_ctrl,
+                               const uint8_t *lm_pw,
+                               const uint8_t *nt_pw,
+                               const struct auth_usersupplied_info *user_info,
                                DATA_BLOB *user_sess_key, 
                                DATA_BLOB *lm_sess_key)
 {
-       uint32 acct_ctrl;
-       const uint8 *lm_pw, *nt_pw;
-       struct samr_Password lm_hash, nt_hash, client_lm_hash, client_nt_hash;
-       const char *username = pdb_get_username(sampass);
-       bool got_lm = false, got_nt = false;
+       struct samr_Password _lm_hash, _nt_hash, _client_lm_hash, _client_nt_hash;
+       struct samr_Password *lm_hash = NULL;
+       struct samr_Password *nt_hash = NULL;
+       struct samr_Password *client_lm_hash = NULL;
+       struct samr_Password *client_nt_hash = NULL;
 
-       *user_sess_key = data_blob(NULL, 0);
-       *lm_sess_key = data_blob(NULL, 0);
+       *user_sess_key = data_blob_null;
+       *lm_sess_key = data_blob_null;
 
-       acct_ctrl = pdb_get_acct_ctrl(sampass);
        if (acct_ctrl & ACB_PWNOTREQ) {
                if (lp_null_passwords()) {
                        DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", username));
@@ -58,34 +60,35 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
                }               
        }
 
-       lm_pw = pdb_get_lanman_passwd(sampass);
-       nt_pw = pdb_get_nt_passwd(sampass);
        if (lm_pw) {
-               memcpy(lm_hash.hash, lm_pw, sizeof(lm_hash.hash));
+               memcpy(_lm_hash.hash, lm_pw, sizeof(_lm_hash.hash));
+               lm_hash = &_lm_hash;
        }
        if (nt_pw) {
-               memcpy(nt_hash.hash, nt_pw, sizeof(nt_hash.hash));
+               memcpy(_nt_hash.hash, nt_pw, sizeof(_nt_hash.hash));
+               nt_hash = &_nt_hash;
        }
-       if (user_info->lm_interactive_pwd.data && sizeof(client_lm_hash.hash) == user_info->lm_interactive_pwd.length) {
-               memcpy(client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(lm_hash.hash));
-               got_lm = true;
+       if (user_info->lm_interactive_pwd.data && sizeof(_client_lm_hash.hash) == user_info->lm_interactive_pwd.length) {
+               memcpy(_client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(_lm_hash.hash));
+               client_lm_hash = &_client_lm_hash;
        }
-       if (user_info->nt_interactive_pwd.data && sizeof(client_nt_hash.hash) == user_info->nt_interactive_pwd.length) {
-               memcpy(client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(nt_hash.hash));
-               got_nt = true;
+       if (user_info->nt_interactive_pwd.data && sizeof(_client_nt_hash.hash) == user_info->nt_interactive_pwd.length) {
+               memcpy(_client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(_nt_hash.hash));
+               client_nt_hash = &_client_nt_hash;
        }
-       if (got_lm || got_nt) {
-               *user_sess_key = data_blob(mem_ctx, 16);
+
+       if (client_lm_hash || client_nt_hash) {
+               *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
                if (!user_sess_key->data) {
                        return NT_STATUS_NO_MEMORY;
                }
                SMBsesskeygen_ntv1(nt_pw, user_sess_key->data);
                return hash_password_check(mem_ctx, lp_lanman_auth(),
-                                          got_lm ? &client_lm_hash : NULL, 
-                                          got_nt ? &client_nt_hash : NULL,
+                                          client_lm_hash,
+                                          client_nt_hash,
                                           username, 
-                                          lm_pw ? &lm_hash: NULL, 
-                                          nt_pw ? &nt_hash : NULL);
+                                          lm_hash,
+                                          nt_hash);
        } else {
                return ntlm_password_check(mem_ctx, lp_lanman_auth(),
                                           lp_ntlm_auth(),
@@ -95,8 +98,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
                                           username, 
                                           user_info->smb_name,
                                           user_info->client_domain,
-                                          lm_pw ? &lm_hash: NULL, 
-                                          nt_pw ? &nt_hash : NULL,
+                                          lm_hash,
+                                          nt_hash,
                                           user_sess_key, lm_sess_key);
        }
 }
@@ -165,7 +168,7 @@ static bool logon_hours_ok(struct samu *sampass)
 
 static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
                               struct samu *sampass, 
-                              const auth_usersupplied_info *user_info)
+                              const struct auth_usersupplied_info *user_info)
 {
        uint32  acct_ctrl = pdb_get_acct_ctrl(sampass);
        char *workstation_list;
@@ -278,6 +281,75 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
        return NT_STATUS_OK;
 }
 
+/**
+ * Check whether the given password is one of the last two
+ * password history entries. If so, the bad pwcount should
+ * not be incremented even thought the actual password check
+ * failed.
+ */
+static bool need_to_increment_bad_pw_count(
+       const struct auth_context *auth_context,
+       struct samu* sampass,
+       const struct auth_usersupplied_info *user_info)
+{
+       uint8_t i;
+       const uint8_t *pwhistory;
+       uint32_t pwhistory_len;
+       uint32_t policy_pwhistory_len;
+       uint32_t acct_ctrl;
+       const char *username;
+       TALLOC_CTX *mem_ctx = talloc_stackframe();
+       bool result = true;
+
+       pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY,
+                              &policy_pwhistory_len);
+       if (policy_pwhistory_len == 0) {
+               goto done;
+       }
+
+       pwhistory = pdb_get_pw_history(sampass, &pwhistory_len);
+       if (!pwhistory || pwhistory_len == 0) {
+               goto done;
+       }
+
+       acct_ctrl = pdb_get_acct_ctrl(sampass);
+       username = pdb_get_username(sampass);
+
+       for (i=1; i < MIN(MIN(3, policy_pwhistory_len), pwhistory_len); i++) {
+               static const uint8_t zero16[SALTED_MD5_HASH_LEN];
+               const uint8_t *salt;
+               const uint8_t *nt_pw;
+               NTSTATUS status;
+               DATA_BLOB user_sess_key = data_blob_null;
+               DATA_BLOB lm_sess_key = data_blob_null;
+
+               salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN];
+               nt_pw = salt + PW_HISTORY_SALT_LEN;
+
+               if (memcmp(zero16, nt_pw, NT_HASH_LEN) == 0) {
+                       /* skip zero password hash */
+                       continue;
+               }
+
+               if (memcmp(zero16, salt, PW_HISTORY_SALT_LEN) != 0) {
+                       /* skip nonzero salt (old format entry) */
+                       continue;
+               }
+
+               status = sam_password_ok(auth_context, mem_ctx,
+                                        username, acct_ctrl, NULL, nt_pw,
+                                        user_info, &user_sess_key, &lm_sess_key);
+               if (NT_STATUS_IS_OK(status)) {
+                       result = false;
+                       break;
+               }
+       }
+
+done:
+       TALLOC_FREE(mem_ctx);
+       return result;
+}
+
 /****************************************************************************
 check if a username/password is OK assuming the password is a 24 byte
 SMB hash supplied in the user_info structure
@@ -287,8 +359,8 @@ return an NT_STATUS constant.
 static NTSTATUS check_sam_security(const struct auth_context *auth_context,
                                   void *my_private_data, 
                                   TALLOC_CTX *mem_ctx,
-                                  const auth_usersupplied_info *user_info, 
-                                  auth_serversupplied_info **server_info)
+                                  const struct auth_usersupplied_info *user_info,
+                                  struct auth_serversupplied_info **server_info)
 {
        struct samu *sampass=NULL;
        bool ret;
@@ -297,6 +369,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
        DATA_BLOB user_sess_key = data_blob_null;
        DATA_BLOB lm_sess_key = data_blob_null;
        bool updated_autolock = False, updated_badpw = False;
+       uint32_t acct_ctrl;
+       const char *username;
+       const uint8_t *nt_pw;
+       const uint8_t *lm_pw;
 
        if (!user_info || !auth_context) {
                return NT_STATUS_UNSUCCESSFUL;
@@ -305,7 +381,8 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
        /* the returned struct gets kept on the server_info, by means
           of a steal further down */
 
-       if ( !(sampass = samu_new( mem_ctx )) ) {
+       sampass = samu_new(mem_ctx);
+       if (sampass == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -322,16 +399,22 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
                return NT_STATUS_NO_SUCH_USER;
        }
 
+       acct_ctrl = pdb_get_acct_ctrl(sampass);
+       username = pdb_get_username(sampass);
+       nt_pw = pdb_get_nt_passwd(sampass);
+       lm_pw = pdb_get_lanman_passwd(sampass);
+
        /* see if autolock flag needs to be updated */
-       if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
+       if (acct_ctrl & ACB_NORMAL)
                pdb_update_autolock_flag(sampass, &updated_autolock);
        /* Quit if the account was locked out. */
-       if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
-               DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", pdb_get_username(sampass)));
+       if (acct_ctrl & ACB_AUTOLOCK) {
+               DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
                return NT_STATUS_ACCOUNT_LOCKED_OUT;
        }
 
-       nt_status = sam_password_ok(auth_context, mem_ctx, sampass, 
+       nt_status = sam_password_ok(auth_context, mem_ctx,
+                                   username, acct_ctrl, lm_pw, nt_pw,
                                    user_info, &user_sess_key, &lm_sess_key);
 
        /* Notify passdb backend of login success/failure. If not 
@@ -340,10 +423,19 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
        update_login_attempts_status = pdb_update_login_attempts(sampass, NT_STATUS_IS_OK(nt_status));
 
        if (!NT_STATUS_IS_OK(nt_status)) {
+               bool increment_bad_pw_count = false;
+
                if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && 
-                   pdb_get_acct_ctrl(sampass) &ACB_NORMAL &&
+                   acct_ctrl & ACB_NORMAL &&
                    NT_STATUS_IS_OK(update_login_attempts_status)) 
-               {  
+               {
+                       increment_bad_pw_count =
+                               need_to_increment_bad_pw_count(auth_context,
+                                                              sampass,
+                                                              user_info);
+               }
+
+               if (increment_bad_pw_count) {
                        pdb_increment_bad_password_count(sampass);
                        updated_badpw = True;
                } else {
@@ -351,18 +443,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
                                                      &updated_badpw);
                }
                if (updated_autolock || updated_badpw){
+                       NTSTATUS status;
+
                        become_root();
-                       if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass)))
-                               DEBUG(1, ("Failed to modify entry.\n"));
+                       status = pdb_update_sam_account(sampass);
                        unbecome_root();
+
+                       if (!NT_STATUS_IS_OK(status)) {
+                               DEBUG(1, ("Failed to modify entry: %s\n",
+                                         nt_errstr(status)));
+                       }
                }
-               data_blob_free(&user_sess_key);
-               data_blob_free(&lm_sess_key);
-               TALLOC_FREE(sampass);
-               return nt_status;
+               goto done;
        }
 
-       if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && 
+       if ((acct_ctrl & ACB_NORMAL) &&
            (pdb_get_bad_password_count(sampass) > 0)){
                pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
                pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
@@ -370,30 +465,36 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
        }
 
        if (updated_autolock || updated_badpw){
+               NTSTATUS status;
+
                become_root();
-               if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass)))
-                       DEBUG(1, ("Failed to modify entry.\n"));
+               status = pdb_update_sam_account(sampass);
                unbecome_root();
-       }
+
+               if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(1, ("Failed to modify entry: %s\n",
+                                 nt_errstr(status)));
+               }
+       }
 
        nt_status = sam_account_ok(mem_ctx, sampass, user_info);
 
        if (!NT_STATUS_IS_OK(nt_status)) {
-               TALLOC_FREE(sampass);
-               data_blob_free(&user_sess_key);
-               data_blob_free(&lm_sess_key);
-               return nt_status;
+               goto done;
        }
 
        become_root();
        nt_status = make_server_info_sam(server_info, sampass);
        unbecome_root();
+       /*
+        * sampass has been stolen to server_info.
+        * So NULL it out to prevent segfaults.
+        */
+       sampass = NULL;
 
        if (!NT_STATUS_IS_OK(nt_status)) {
                DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status)));
-               data_blob_free(&user_sess_key);
-               data_blob_free(&lm_sess_key);
-               return nt_status;
+               goto done;
        }
 
        (*server_info)->user_session_key =
@@ -408,6 +509,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 
        (*server_info)->nss_token |= user_info->was_mapped;
 
+done:
+       TALLOC_FREE(sampass);
+       data_blob_free(&user_sess_key);
+       data_blob_free(&lm_sess_key);
        return nt_status;
 }
 
@@ -431,8 +536,8 @@ Check SAM security (above) but with a few extra checks.
 static NTSTATUS check_samstrict_security(const struct auth_context *auth_context,
                                         void *my_private_data, 
                                         TALLOC_CTX *mem_ctx,
-                                        const auth_usersupplied_info *user_info, 
-                                        auth_serversupplied_info **server_info)
+                                        const struct auth_usersupplied_info *user_info,
+                                        struct auth_serversupplied_info **server_info)
 {
        bool is_local_name, is_my_domain;
 
index 6cbace71e8625dada2b847931212bc9beab18cf4..be1ae815016dd84040014b7d355f5587fabab84f 100644 (file)
@@ -40,8 +40,8 @@
 static NTSTATUS script_check_user_credentials(const struct auth_context *auth_context,
                                        void *my_private_data, 
                                        TALLOC_CTX *mem_ctx,
-                                       const auth_usersupplied_info *user_info, 
-                                       auth_serversupplied_info **server_info)
+                                       const struct auth_usersupplied_info *user_info,
+                                       struct auth_serversupplied_info **server_info)
 {
        const char *script = lp_parm_const_string( GLOBAL_SECTION_SNUM, "auth_script", "script", NULL);
        char *secret_str;
index 287b50b080ff437edc11b69a9c22c6e38634da82..ec92787dceaccde64db981f68acb7a4b04501454 100644 (file)
@@ -270,8 +270,8 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte
 static NTSTATUS check_smbserver_security(const struct auth_context *auth_context,
                                         void *my_private_data, 
                                         TALLOC_CTX *mem_ctx,
-                                        const auth_usersupplied_info *user_info, 
-                                        auth_serversupplied_info **server_info)
+                                        const struct auth_usersupplied_info *user_info,
+                                        struct auth_serversupplied_info **server_info)
 {
        struct server_security_state *state = talloc_get_type_abort(
                my_private_data, struct server_security_state);
index 58c765226d633c707d05a9923e6588eb987da44b..3e2df9a123c934e1cff38ae9a6f707c0a0cc1c2d 100644 (file)
@@ -85,8 +85,8 @@ static bool update_smbpassword_file(const char *user, const char *password)
 static NTSTATUS check_unix_security(const struct auth_context *auth_context,
                             void *my_private_data, 
                             TALLOC_CTX *mem_ctx,
-                            const auth_usersupplied_info *user_info, 
-                            auth_serversupplied_info **server_info)
+                            const struct auth_usersupplied_info *user_info,
+                            struct auth_serversupplied_info **server_info)
 {
        NTSTATUS nt_status;
        struct passwd *pass = NULL;
index 8167a80a4fac9f65fd5815df2631224012409766..de552cf57efebc891a9040bf52cf785ff3051ee0 100644 (file)
@@ -33,7 +33,7 @@
  auth_serversupplied_info struct.
 ****************************************************************************/
 
-static void sort_sid_array_for_smbd(auth_serversupplied_info *result,
+static void sort_sid_array_for_smbd(struct auth_serversupplied_info *result,
                                const DOM_SID *pgroup_sid)
 {
        unsigned int i;
@@ -107,7 +107,7 @@ static int _smb_create_user(const char *domain, const char *unix_username, const
  Create an auth_usersupplied_data structure
 ****************************************************************************/
 
-static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
+static NTSTATUS make_user_info(struct auth_usersupplied_info **user_info,
                                const char *smb_name,
                                const char *internal_username,
                                const char *client_domain,
@@ -121,7 +121,7 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
 
        DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name));
 
-       *user_info = SMB_MALLOC_P(auth_usersupplied_info);
+       *user_info = SMB_MALLOC_P(struct auth_usersupplied_info);
        if (*user_info == NULL) {
                DEBUG(0,("malloc failed for user_info (size %lu)\n", (unsigned long)sizeof(*user_info)));
                return NT_STATUS_NO_MEMORY;
@@ -188,7 +188,7 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
  Create an auth_usersupplied_data structure after appropriate mapping.
 ****************************************************************************/
 
-NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
+NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
                            const char *smb_name,
                            const char *client_domain,
                            const char *wksta_name,
@@ -252,7 +252,7 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
  Decrypt and encrypt the passwords.
 ****************************************************************************/
 
-bool make_user_info_netlogon_network(auth_usersupplied_info **user_info, 
+bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
                                     const char *smb_name, 
                                     const char *client_domain, 
                                     const char *wksta_name, 
@@ -290,7 +290,7 @@ bool make_user_info_netlogon_network(auth_usersupplied_info **user_info,
  Decrypt and encrypt the passwords.
 ****************************************************************************/
 
-bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, 
+bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_info,
                                         const char *smb_name, 
                                         const char *client_domain, 
                                         const char *wksta_name, 
@@ -402,7 +402,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
  Create an auth_usersupplied_data structure
 ****************************************************************************/
 
-bool make_user_info_for_reply(auth_usersupplied_info **user_info, 
+bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
                              const char *smb_name, 
                              const char *client_domain,
                              const uint8 chal[8],
@@ -460,7 +460,7 @@ bool make_user_info_for_reply(auth_usersupplied_info **user_info,
  Create an auth_usersupplied_data structure
 ****************************************************************************/
 
-NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, 
+NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
                                       const char *smb_name,
                                       const char *client_domain, 
                                       DATA_BLOB lm_resp, DATA_BLOB nt_resp)
@@ -478,7 +478,7 @@ NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
  Create a guest user_info blob, for anonymous authenticaion.
 ****************************************************************************/
 
-bool make_user_info_guest(auth_usersupplied_info **user_info) 
+bool make_user_info_guest(struct auth_usersupplied_info **user_info)
 {
        NTSTATUS nt_status;
 
@@ -494,7 +494,7 @@ bool make_user_info_guest(auth_usersupplied_info **user_info)
        return NT_STATUS_IS_OK(nt_status) ? True : False;
 }
 
-static int server_info_dtor(auth_serversupplied_info *server_info)
+static int server_info_dtor(struct auth_serversupplied_info *server_info)
 {
        TALLOC_FREE(server_info->sam_account);
        ZERO_STRUCTP(server_info);
@@ -505,11 +505,11 @@ static int server_info_dtor(auth_serversupplied_info *server_info)
  Make a server_info struct. Free with TALLOC_FREE().
 ***************************************************************************/
 
-static auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
+static struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
 {
        struct auth_serversupplied_info *result;
 
-       result = TALLOC_ZERO_P(mem_ctx, auth_serversupplied_info);
+       result = TALLOC_ZERO_P(mem_ctx, struct auth_serversupplied_info);
        if (result == NULL) {
                DEBUG(0, ("talloc failed\n"));
                return NULL;
@@ -562,12 +562,12 @@ static bool is_our_machine_account(const char *username)
  Make (and fill) a user_info struct from a struct samu
 ***************************************************************************/
 
-NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
+NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
                              struct samu *sampass)
 {
        struct passwd *pwd;
        gid_t *gids;
-       auth_serversupplied_info *result;
+       struct auth_serversupplied_info *result;
        const char *username = pdb_get_username(sampass);
        NTSTATUS status;
 
@@ -701,7 +701,7 @@ static NTSTATUS log_nt_token(NT_USER_TOKEN *token)
  * server_info->sids (the info3/sam groups). Find the unix gids.
  */
 
-NTSTATUS create_local_token(auth_serversupplied_info *server_info)
+NTSTATUS create_local_token(struct auth_serversupplied_info *server_info)
 {
        NTSTATUS status;
        size_t i;
@@ -1140,7 +1140,7 @@ bool user_in_group(const char *username, const char *groupname)
  to a struct samu
 ***************************************************************************/
 
-NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, 
+NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
                              char *unix_username,
                             struct passwd *pwd)
 {
@@ -1151,7 +1151,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info,
        TALLOC_CTX *mem_ctx = NULL;
        DOM_SID u_sid;
        enum lsa_SidType type;
-       auth_serversupplied_info *result;
+       struct auth_serversupplied_info *result;
        
        if ( !(sampass = samu_new( NULL )) ) {
                return NT_STATUS_NO_MEMORY;
@@ -1261,7 +1261,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info,
  the guest gid, then create one.
 ***************************************************************************/
 
-static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_info)
+static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **server_info)
 {
        NTSTATUS status;
        struct samu *sampass = NULL;
@@ -1274,8 +1274,7 @@ static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_inf
                return NT_STATUS_NO_MEMORY;
        }
 
-       sid_copy(&guest_sid, get_global_sam_sid());
-       sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST);
+       sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST);
 
        become_root();
        ret = pdb_getsampwsid(sampass, &guest_sid);
@@ -1355,9 +1354,9 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
 
 
 struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
-                                                const auth_serversupplied_info *src)
+                                                const struct auth_serversupplied_info *src)
 {
-       auth_serversupplied_info *dst;
+       struct auth_serversupplied_info *dst;
 
        dst = make_server_info(mem_ctx);
        if (dst == NULL) {
@@ -1433,7 +1432,7 @@ bool server_info_set_session_key(struct auth_serversupplied_info *info,
        return (info->user_session_key.data != NULL);
 }
 
-static auth_serversupplied_info *guest_info = NULL;
+static struct auth_serversupplied_info *guest_info = NULL;
 
 bool init_guest_info(void)
 {
@@ -1444,7 +1443,7 @@ bool init_guest_info(void)
 }
 
 NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx,
-                               auth_serversupplied_info **server_info)
+                               struct auth_serversupplied_info **server_info)
 {
        *server_info = copy_serverinfo(mem_ctx, guest_info);
        return (*server_info != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
@@ -1620,7 +1619,7 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser,
 NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, 
                                const char *sent_nt_username,
                                const char *domain,
-                               auth_serversupplied_info **server_info, 
+                               struct auth_serversupplied_info **server_info,
                                struct netr_SamInfo3 *info3)
 {
        char zeros[16];
@@ -1637,7 +1636,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
        uid_t uid = (uid_t)-1;
        gid_t gid = (gid_t)-1;
 
-       auth_serversupplied_info *result;
+       struct auth_serversupplied_info *result;
 
        /* 
           Here is where we should check the list of
@@ -1645,13 +1644,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
           matches.
        */
 
-       sid_copy(&user_sid, info3->base.domain_sid);
-       if (!sid_append_rid(&user_sid, info3->base.rid)) {
+       if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) {
                return NT_STATUS_INVALID_PARAMETER;
        }
        
-       sid_copy(&group_sid, info3->base.domain_sid);
-       if (!sid_append_rid(&group_sid, info3->base.primary_gid)) {
+       if (!sid_compose(&group_sid, info3->base.domain_sid,
+                        info3->base.primary_gid)) {
                return NT_STATUS_INVALID_PARAMETER;
        }
 
@@ -1873,7 +1871,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
                                          const char *sent_nt_username,
                                          const char *domain,
                                          const struct wbcAuthUserInfo *info,
-                                         auth_serversupplied_info **server_info)
+                                         struct auth_serversupplied_info **server_info)
 {
        char zeros[16];
 
@@ -1890,7 +1888,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
        uid_t uid = (uid_t)-1;
        gid_t gid = (gid_t)-1;
 
-       auth_serversupplied_info *result;
+       struct auth_serversupplied_info *result;
 
        result = make_server_info(NULL);
        if (result == NULL) {
@@ -2114,7 +2112,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
  Free a user_info struct
 ***************************************************************************/
 
-void free_user_info(auth_usersupplied_info **user_info)
+void free_user_info(struct auth_usersupplied_info **user_info)
 {
        DEBUG(5,("attempting to free (and zero) a user_info structure\n"));
        if (*user_info != NULL) {
index 580c8b550d94a6a944bdeaefa62c484fce477d65..85b05efb36785e6f800b1a6f6870b3dc3e21ae80 100644 (file)
@@ -47,8 +47,8 @@
 static NTSTATUS check_wbc_security(const struct auth_context *auth_context,
                                       void *my_private_data,
                                       TALLOC_CTX *mem_ctx,
-                                      const auth_usersupplied_info *user_info,
-                                      auth_serversupplied_info **server_info)
+                                      const struct auth_usersupplied_info *user_info,
+                                      struct auth_serversupplied_info **server_info)
 {
        NTSTATUS nt_status;
        wbcErr wbc_status;
index d1b00a32686495447c5fa0bb635ea15d32a886d8..74723e6af452e2e271c415d58a29f3117abb4e3a 100644 (file)
@@ -30,8 +30,8 @@
 static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
                                       void *my_private_data, 
                                       TALLOC_CTX *mem_ctx,
-                                      const auth_usersupplied_info *user_info, 
-                                      auth_serversupplied_info **server_info)
+                                      const struct auth_usersupplied_info *user_info,
+                                      struct auth_serversupplied_info **server_info)
 {
        NTSTATUS nt_status;
        wbcErr wbc_status;
index e3f53b45c2b8b711d4554bff47024c81c5f648ae..d17cdac8466e2f7f741d08253c218b15650938a5 100644 (file)
@@ -439,6 +439,7 @@ default_shared_modules="$default_shared_modules vfs_acl_tdb"
 default_shared_modules="$default_shared_modules vfs_smb_traffic_analyzer"
 default_shared_modules="$default_shared_modules vfs_preopen"
 default_shared_modules="$default_shared_modules vfs_catia"
+default_shared_modules="$default_shared_modules vfs_scannedonly"
 
 if test "x$developer" = xyes; then
    default_static_modules="$default_static_modules rpc_rpcecho pdb_ads"
@@ -6552,6 +6553,7 @@ SMB_MODULE(vfs_smb_traffic_analyzer, \$(VFS_SMB_TRAFFIC_ANALYZER_OBJ), "bin/smb_
 SMB_MODULE(vfs_onefs, \$(VFS_ONEFS), "bin/onefs.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_onefs_shadow_copy, \$(VFS_ONEFS_SHADOW_COPY), "bin/onefs_shadow_copy.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_dirsort, \$(VFS_DIRSORT_OBJ), "bin/dirsort.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_scannedonly, \$(VFS_SCANNEDONLY_OBJ), "bin/scannedonly.$SHLIBEXT", VFS)
 
 SMB_SUBSYSTEM(VFS,smbd/vfs.o)
 
index 12d0bd365cf2dbf2cfcc1fe9d9f0533f688ff3d6..579486b8747d6126ebe2587649d89aa26b4a6a54 100644 (file)
@@ -519,8 +519,7 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
        DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
                   name, (unsigned int)gid, (unsigned int)new_rid));
 
-       sid_copy(&sid, get_global_sam_sid());
-       sid_append_rid(&sid, new_rid);
+       sid_compose(&sid, get_global_sam_sid(), new_rid);
 
        map.gid = gid;
        sid_copy(&map.sid, &sid);
index 7d778b92d0c1b40f2026542b3b4e1b10b4e2e4b4..115143fb73d6b057a773965c2b7094c99f168019 100644 (file)
@@ -19,7 +19,7 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-typedef struct auth_usersupplied_info {
+struct auth_usersupplied_info {
        DATA_BLOB lm_resp;
        DATA_BLOB nt_resp;
        DATA_BLOB lm_interactive_pwd;
@@ -38,9 +38,9 @@ typedef struct auth_usersupplied_info {
 
        uint32 logon_parameters;
 
-} auth_usersupplied_info;
+};
 
-typedef struct auth_serversupplied_info {
+struct auth_serversupplied_info {
        bool guest;
 
        DOM_SID *sids;  /* These SIDs are preliminary between
@@ -77,7 +77,7 @@ typedef struct auth_serversupplied_info {
         * smb request. See set_current_user_info.
         */
        char *sanitized_username;
-} auth_serversupplied_info;
+};
 
 struct auth_context {
        DATA_BLOB challenge; 
@@ -110,7 +110,7 @@ typedef struct auth_methods
                         void *my_private_data, 
                         TALLOC_CTX *mem_ctx,
                         const struct auth_usersupplied_info *user_info, 
-                        auth_serversupplied_info **server_info);
+                        struct auth_serversupplied_info **server_info);
 
        /* If you are using this interface, then you are probably
         * getting something wrong.  This interface is only for
index 5b1612029481eb00b3db366cbb56985d874527eb..8e8b35cb5a2e047b0a5a7be5eefd22941ae8223f 100644 (file)
@@ -38,7 +38,9 @@ NTSTATUS auth_builtin_init(void);
 
 /* The following definitions come from auth/auth_compat.c  */
 
-NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info);
+NTSTATUS check_plaintext_password(const char *smb_name,
+                                 DATA_BLOB plaintext_password,
+                                 struct auth_serversupplied_info **server_info);
 bool password_ok(struct auth_context *actx, bool global_encrypted,
                 const char *session_workgroup,
                 const char *smb_name, DATA_BLOB password_blob);
@@ -71,7 +73,7 @@ NTSTATUS auth_unix_init(void);
 
 /* The following definitions come from auth/auth_util.c  */
 
-NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, 
+NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
                            const char *smb_name, 
                            const char *client_domain, 
                            const char *wksta_name, 
@@ -79,7 +81,7 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
                            DATA_BLOB *lm_interactive_pwd, DATA_BLOB *nt_interactive_pwd,
                            DATA_BLOB *plaintext, 
                            bool encrypted);
-bool make_user_info_netlogon_network(auth_usersupplied_info **user_info, 
+bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
                                     const char *smb_name, 
                                     const char *client_domain, 
                                     const char *wksta_name, 
@@ -88,7 +90,7 @@ bool make_user_info_netlogon_network(auth_usersupplied_info **user_info,
                                     int lm_pwd_len,
                                     const uchar *nt_network_pwd,
                                     int nt_pwd_len);
-bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, 
+bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_info,
                                         const char *smb_name, 
                                         const char *client_domain, 
                                         const char *wksta_name, 
@@ -97,19 +99,19 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
                                         const uchar lm_interactive_pwd[16], 
                                         const uchar nt_interactive_pwd[16], 
                                         const uchar *dc_sess_key);
-bool make_user_info_for_reply(auth_usersupplied_info **user_info, 
+bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
                              const char *smb_name, 
                              const char *client_domain,
                              const uint8 chal[8],
                              DATA_BLOB plaintext_password);
-NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, 
+NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
                                       const char *smb_name,
                                       const char *client_domain, 
                                       DATA_BLOB lm_resp, DATA_BLOB nt_resp);
-bool make_user_info_guest(auth_usersupplied_info **user_info) ;
-NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, 
+bool make_user_info_guest(struct auth_usersupplied_info **user_info) ;
+NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
                              struct samu *sampass);
-NTSTATUS create_local_token(auth_serversupplied_info *server_info);
+NTSTATUS create_local_token(struct auth_serversupplied_info *server_info);
 NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
                                    bool is_guest,
                                    uid_t *uid, gid_t *gid,
@@ -117,7 +119,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
                                    struct nt_user_token **token);
 bool user_in_group_sid(const char *username, const DOM_SID *group_sid);
 bool user_in_group(const char *username, const char *groupname);
-NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, 
+NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
                              char *unix_username,
                             struct passwd *pwd);
 NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
@@ -125,26 +127,26 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
                                       bool is_guest,
                                       struct auth_serversupplied_info **presult);
 struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
-                                                const auth_serversupplied_info *src);
+                                                const struct auth_serversupplied_info *src);
 bool init_guest_info(void);
 bool server_info_set_session_key(struct auth_serversupplied_info *info,
                                 DATA_BLOB session_key);
 NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx,
-                               auth_serversupplied_info **server_info);
+                               struct auth_serversupplied_info **server_info);
 bool copy_current_user(struct current_user *dst, struct current_user *src);
 struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser,
                             fstring save_username, bool create );
 NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, 
                                const char *sent_nt_username,
                                const char *domain,
-                               auth_serversupplied_info **server_info, 
+                               struct auth_serversupplied_info **server_info,
                                struct netr_SamInfo3 *info3);
 NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
                                          const char *sent_nt_username,
                                          const char *domain,
                                          const struct wbcAuthUserInfo *info,
-                                         auth_serversupplied_info **server_info);
-void free_user_info(auth_usersupplied_info **user_info);
+                                         struct auth_serversupplied_info **server_info);
+void free_user_info(struct auth_usersupplied_info **user_info);
 bool make_auth_methods(struct auth_context *auth_context, auth_methods **auth_method) ;
 bool is_trusted_domain(const char* dom_name);
 
@@ -1286,7 +1288,6 @@ void security_acl_map_generic(struct security_acl *sa, const struct generic_mapp
 void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping);
 NTSTATUS se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token,
                     uint32 acc_desired, uint32 *acc_granted);
-NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size);
 
 /* The following definitions come from lib/util_sec.c  */
 
@@ -6116,6 +6117,9 @@ NTSTATUS pass_oem_change(char *user,
                         uchar password_encrypted_with_nt_hash[516],
                         const uchar old_nt_hash_encrypted[16],
                         enum samPwdChangeReason *reject_reason);
+bool password_in_history(uint8_t nt_pw[NT_HASH_LEN],
+                        uint32_t pw_history_len,
+                        const uint8_t *pw_history);
 NTSTATUS check_password_complexity(const char *username,
                                   const char *password,
                                   enum samPwdChangeReason *samr_reject_reason);
@@ -6713,7 +6717,7 @@ void invalidate_all_vuids(struct smbd_server_connection *sconn);
 int register_initial_vuid(struct smbd_server_connection *sconn);
 int register_existing_vuid(struct smbd_server_connection *sconn,
                        uint16 vuid,
-                       auth_serversupplied_info *server_info,
+                       struct auth_serversupplied_info *server_info,
                        DATA_BLOB response_blob,
                        const char *smb_name);
 void add_session_user(struct smbd_server_connection *sconn, const char *user);
index b23ea647ecd68551fd51e7db92d20863a2348c4c..bc7a90d5492911bcf418e894dbd81a24b35c69de 100644 (file)
@@ -451,6 +451,7 @@ typedef struct files_struct {
        bool aio_write_behind;
        bool lockdb_clean;
        bool initial_delete_on_close; /* Only set at NTCreateX if file was created. */
+       bool delete_on_close;
        bool posix_open;
        struct smb_filename *fsp_name;
 
index 5286af37fd7eee72d786e5228d1d7b963059e2e5..dffc03b1cf7b0b31dc40703bb213aae9306aeb64 100644 (file)
@@ -198,17 +198,17 @@ char *current_timestring(TALLOC_CTX *ctx, bool hires)
 
 void srv_put_dos_date(char *buf,int offset,time_t unixdate)
 {
-       push_dos_date(buf, offset, unixdate, server_zone_offset);
+       push_dos_date((uint8_t *)buf, offset, unixdate, server_zone_offset);
 }
 
 void srv_put_dos_date2(char *buf,int offset, time_t unixdate)
 {
-       push_dos_date2(buf, offset, unixdate, server_zone_offset);
+       push_dos_date2((uint8_t *)buf, offset, unixdate, server_zone_offset);
 }
 
 void srv_put_dos_date3(char *buf,int offset,time_t unixdate)
 {
-       push_dos_date3(buf, offset, unixdate, server_zone_offset);
+       push_dos_date3((uint8_t *)buf, offset, unixdate, server_zone_offset);
 }
 
 void round_timespec(enum timestamp_set_resolution res, struct timespec *ts)
@@ -439,17 +439,17 @@ struct timespec interpret_long_date(const char *p)
 
 void cli_put_dos_date(struct cli_state *cli, char *buf, int offset, time_t unixdate)
 {
-       push_dos_date(buf, offset, unixdate, cli->serverzone);
+       push_dos_date((uint8_t *)buf, offset, unixdate, cli->serverzone);
 }
 
 void cli_put_dos_date2(struct cli_state *cli, char *buf, int offset, time_t unixdate)
 {
-       push_dos_date2(buf, offset, unixdate, cli->serverzone);
+       push_dos_date2((uint8_t *)buf, offset, unixdate, cli->serverzone);
 }
 
 void cli_put_dos_date3(struct cli_state *cli, char *buf, int offset, time_t unixdate)
 {
-       push_dos_date3(buf, offset, unixdate, cli->serverzone);
+       push_dos_date3((uint8_t *)buf, offset, unixdate, cli->serverzone);
 }
 
 time_t cli_make_unix_date(struct cli_state *cli, const void *date_ptr)
index 0da7442d1953748c3e594999748c5c2ce4aea198..e5562b5289f9da8cedbc456bed45c4e052902881 100644 (file)
@@ -246,43 +246,3 @@ done:
 
        return NT_STATUS_OK;
 }
-
-/*******************************************************************
- samr_make_sam_obj_sd
- ********************************************************************/
-
-NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
-{
-       DOM_SID adm_sid;
-       DOM_SID act_sid;
-
-       SEC_ACE ace[3];
-
-       SEC_ACL *psa = NULL;
-
-       sid_copy(&adm_sid, &global_sid_Builtin);
-       sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
-
-       sid_copy(&act_sid, &global_sid_Builtin);
-       sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
-
-       /*basic access for every one*/
-       init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
-               GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0);
-
-       /*full access for builtin aliases Administrators and Account Operators*/
-       init_sec_ace(&ace[1], &adm_sid,
-               SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
-       init_sec_ace(&ace[2], &act_sid,
-               SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
-
-       if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
-               return NT_STATUS_NO_MEMORY;
-
-       if ((*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
-                                 SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
-                                 psa, sd_size)) == NULL)
-               return NT_STATUS_NO_MEMORY;
-
-       return NT_STATUS_OK;
-}
index 41a9b3d9f3c588c58cff1d2378c1333ab04c0547..51f96dc3982084160c9ebedbad372fd3cfda4466 100644 (file)
@@ -318,8 +318,7 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
                goto done;
        }
 
-       sid_copy(&user_sid, get_global_sam_sid());
-       sid_append_rid(&user_sid, r->rid);
+       sid_compose(&user_sid, get_global_sam_sid(), r->rid);
 
        DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n",
                  sid_to_fstring(sid_string, &user_sid), account));
@@ -395,8 +394,7 @@ static NTSTATUS fetch_group_info(TALLOC_CTX *mem_ctx,
        fstrcpy(comment, r->description.string);
 
        /* add the group to the mapping table */
-       sid_copy(&group_sid, get_global_sam_sid());
-       sid_append_rid(&group_sid, rid);
+       sid_compose(&group_sid, get_global_sam_sid(), rid);
        sid_to_fstring(sid_string, &group_sid);
 
        if (pdb_getgrsid(&map, group_sid)) {
@@ -459,8 +457,7 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
                return NT_STATUS_OK;
        }
 
-       sid_copy(&group_sid, get_global_sam_sid());
-       sid_append_rid(&group_sid, rid);
+       sid_compose(&group_sid, get_global_sam_sid(), rid);
 
        if (!get_domain_group_from_sid(group_sid, &map)) {
                DEBUG(0, ("Could not find global group %d\n", rid));
@@ -491,8 +488,7 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
                        return NT_STATUS_NO_MEMORY;
                }
 
-               sid_copy(&member_sid, get_global_sam_sid());
-               sid_append_rid(&member_sid, r->rids[i]);
+               sid_compose(&member_sid, get_global_sam_sid(), r->rids[i]);
 
                if (!pdb_getsampwsid(member, &member_sid)) {
                        DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n",
@@ -587,8 +583,7 @@ static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx,
        fstrcpy(comment, r->description.string);
 
        /* Find out whether the group is already mapped */
-       sid_copy(&alias_sid, dom_sid);
-       sid_append_rid(&alias_sid, rid);
+       sid_compose(&alias_sid, dom_sid, rid);
        sid_to_fstring(sid_string, &alias_sid);
 
        if (pdb_getgrsid(&map, alias_sid)) {
index 31216b82409f3ec8d5617a337c86be8f6accdeaa..fa79ebcea362606919f4dc409af0061758fdaa2d 100644 (file)
@@ -1573,6 +1573,8 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
        char *tmp = NULL;
        uint8_t *bytes;
 
+       *psmbreq = NULL;
+
        req = tevent_req_create(mem_ctx, &state, struct cli_tcon_andx_state);
        if (req == NULL) {
                return NULL;
@@ -1708,6 +1710,9 @@ struct tevent_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
        if (req == NULL) {
                return NULL;
        }
+       if (subreq == NULL) {
+               return req;
+       }
        status = cli_smb_req_send(subreq);
        if (!NT_STATUS_IS_OK(status)) {
                tevent_req_nterror(req, status);
index 12901826eee517b8b27992e7eb2989c3514725fd..7339acb4d77e64574bd709ce9be542cd230403e5 100644 (file)
@@ -113,8 +113,7 @@ void netsamlogon_clear_cached_user(struct netr_SamInfo3 *info3)
                        NETSAMLOGON_TDB));
                return;
        }
-       sid_copy(&user_sid, info3->base.domain_sid);
-       sid_append_rid(&user_sid, info3->base.rid);
+       sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid);
 
        /* Prepare key as DOMAIN-SID/USER-RID string */
        slprintf(keystr, sizeof(keystr), "%s", sid_to_fstring(tmp, &user_sid));
@@ -151,8 +150,7 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
                return false;
        }
 
-       sid_copy(&user_sid, info3->base.domain_sid);
-       sid_append_rid(&user_sid, info3->base.rid);
+       sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid);
 
        /* Prepare key as DOMAIN-SID/USER-RID string */
        slprintf(keystr, sizeof(keystr), "%s", sid_to_fstring(tmp, &user_sid));
index 26018f90db9a1d8f733b1dcc5e995c36d60f527c..095d0b17b9d388ed359efdcedcd2655788d9af9a 100644 (file)
@@ -1459,6 +1459,9 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USE
        }
 
        TALLOC_FREE(lck);
+
+       fsp->delete_on_close = delete_on_close;
+
        return True;
 }
 
index 1eec44808377621c41637d27be91112fab634fec..aeb9ce37eaee4aea718470dd80add9f261f27e8a 100644 (file)
@@ -760,6 +760,108 @@ static SMB_STRUCT_DIR *opendir_acl_common(vfs_handle_struct *handle,
        return SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
 }
 
+static int acl_common_remove_object(vfs_handle_struct *handle,
+                                       const char *path,
+                                       bool is_directory)
+{
+       connection_struct *conn = handle->conn;
+       struct file_id id;
+       files_struct *fsp = NULL;
+       int ret = 0;
+       char *parent_dir = NULL;
+       const char *final_component = NULL;
+       struct smb_filename local_fname;
+       int saved_errno = 0;
+
+       if (!parent_dirname(talloc_tos(), path,
+                       &parent_dir, &final_component)) {
+               saved_errno = ENOMEM;
+               goto out;
+       }
+
+       DEBUG(10,("acl_common_remove_object: removing %s %s/%s\n",
+               is_directory ? "directory" : "file",
+               parent_dir, final_component ));
+
+       /* cd into the parent dir to pin it. */
+       ret = SMB_VFS_CHDIR(conn, parent_dir);
+       if (ret == -1) {
+               saved_errno = errno;
+               goto out;
+       }
+
+       ZERO_STRUCT(local_fname);
+       local_fname.base_name = CONST_DISCARD(char *,final_component);
+
+       /* Must use lstat here. */
+       ret = SMB_VFS_LSTAT(conn, &local_fname);
+       if (ret == -1) {
+               saved_errno = errno;
+               goto out;
+       }
+
+       /* Ensure we have this file open with DELETE access. */
+       id = vfs_file_id_from_sbuf(conn, &local_fname.st);
+       for (fsp = file_find_di_first(id); fsp; file_find_di_next(fsp)) {
+               if (fsp->access_mask & DELETE_ACCESS &&
+                               fsp->delete_on_close) {
+                       /* We did open this for delete,
+                        * allow the delete as root.
+                        */
+                       break;
+               }
+       }
+
+       if (!fsp) {
+               DEBUG(10,("acl_common_remove_object: %s %s/%s "
+                       "not an open file\n",
+                       is_directory ? "directory" : "file",
+                       parent_dir, final_component ));
+               saved_errno = EACCES;
+               goto out;
+       }
+
+       if (is_directory) {
+               ret = SMB_VFS_NEXT_RMDIR(handle, final_component);
+       } else {
+               ret = SMB_VFS_NEXT_UNLINK(handle, &local_fname);
+       }
+       if (ret == -1) {
+               saved_errno = errno;
+       }
+
+  out:
+
+       TALLOC_FREE(parent_dir);
+
+       vfs_ChDir(conn, conn->connectpath);
+       if (saved_errno) {
+               errno = saved_errno;
+       }
+       return ret;
+}
+
+static int rmdir_acl_common(struct vfs_handle_struct *handle,
+                               const char *path)
+{
+       int ret;
+
+       ret = SMB_VFS_NEXT_RMDIR(handle, path);
+       if (!(ret == -1 && (errno == EACCES || errno == EPERM))) {
+               DEBUG(10,("rmdir_acl_common: unlink of %s failed %s\n",
+                       path,
+                       strerror(errno) ));
+               return ret;
+       }
+
+       become_root();
+       ret = acl_common_remove_object(handle,
+                                       path,
+                                       true);
+       unbecome_root();
+       return ret;
+}
+
 static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
                                struct smb_request *req,
                                uint16_t root_dir_fid,
@@ -857,3 +959,28 @@ static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
        /* NOTREACHED */
        return status;
 }
+
+static int unlink_acl_common(struct vfs_handle_struct *handle,
+                       const struct smb_filename *smb_fname)
+{
+       int ret;
+
+       ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
+       if (!(ret == -1 && (errno == EACCES || errno == EPERM))) {
+               DEBUG(10,("unlink_acl_common: unlink of %s failed %s\n",
+                       smb_fname->base_name,
+                       strerror(errno) ));
+               return ret;
+       }
+       /* Don't do anything fancy for streams. */
+       if (smb_fname->stream_name) {
+               return ret;
+       }
+
+       become_root();
+       ret = acl_common_remove_object(handle,
+                                       smb_fname->base_name,
+                                       false);
+       unbecome_root();
+       return ret;
+}
index a1088ab63cf4471e72e7cb321d845421dc180474..2afe69d764581ba37747af0eadf311c7dfafa271 100644 (file)
@@ -265,7 +265,7 @@ static int unlink_acl_tdb(vfs_handle_struct *handle,
                goto out;
        }
 
-       ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname_tmp);
+       ret = unlink_acl_common(handle, smb_fname_tmp);
 
        if (ret == -1) {
                goto out;
@@ -413,6 +413,7 @@ static struct vfs_fn_pointers vfs_acl_tdb_fns = {
        .connect_fn = connect_acl_tdb,
        .opendir = opendir_acl_common,
        .mkdir = mkdir_acl_common,
+       .rmdir = rmdir_acl_common,
        .open = open_acl_common,
        .create_file = create_file_acl_common,
        .unlink = unlink_acl_tdb,
index 625ef91e8fdc4d125037115b94a48dd5fe3567a1..18f2d42784b6bf2f9de7b7f815e0e865439a4327 100644 (file)
@@ -199,8 +199,10 @@ static struct vfs_fn_pointers vfs_acl_xattr_fns = {
        .connect_fn = connect_acl_xattr,
        .opendir = opendir_acl_common,
        .mkdir = mkdir_acl_common,
+       .rmdir = rmdir_acl_common,
        .open = open_acl_common,
        .create_file = create_file_acl_common,
+       .unlink = unlink_acl_common,
        .fget_nt_acl = fget_nt_acl_common,
        .get_nt_acl = get_nt_acl_common,
        .fset_nt_acl = fset_nt_acl_common,
index 7edbb8783c74fd4ee04290ae6a6e0dfe87c73cab..35fa740dd09aa078cfe78e83196c1623683f041f 100644 (file)
@@ -695,12 +695,13 @@ static char *capdecode(TALLOC_CTX *ctx, const char *from)
        size_t len = 0;
 
        for (p1 = from; *p1; len++) {
-               if (is_hex(from)) {
+               if (is_hex(p1)) {
                        p1 += 3;
                } else {
                        p1++;
                }
        }
+       len++;
 
        to = TALLOC_ARRAY(ctx, char, len);
        if (!to) {
diff --git a/source3/modules/vfs_scannedonly.c b/source3/modules/vfs_scannedonly.c
new file mode 100644 (file)
index 0000000..ff16d78
--- /dev/null
@@ -0,0 +1,995 @@
+/*
+ * scannedonly VFS module for Samba 3.5
+ *
+ * Copyright 2007,2008,2009 (C) Olivier Sessink
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * ABOUT SCANNEDONLY
+ *
+ * scannedonly implements a 'filter' like vfs module that talks over a
+ * unix domain socket or over UDP to a anti-virus engine.
+ *
+ * files that are clean have a corresponding .scanned:{filename} file
+ * in the same directory. So why the .scanned: files? They take up
+ * only an inode, because they are 0 bytes. To test if the file is
+ * scanned only a stat() call on the filesystem is needed which is
+ * very quick compared to a database lookup. All modern filesystems
+ * use database technology such as balanced trees for lookups anyway.
+ * The number of inodes in modern filesystems is also not limiting
+ * anymore. The .scanned: files are also easy scriptable. You can
+ * remove them with a simple find command or create them with a
+ * simple touch command. Extended filesystem attributes have similar
+ * properties, but are not supported on all filesystems, so that
+ * would limit the usage of the module (and attributes are not as
+ * easily scriptable)
+ *
+ * files that are not clean are sent to the AV-engine. Only the
+ * filename is sent over the socket. The protocol is very simple:
+ * a newline separated list of filenames inside each datagram.
+ *
+ * a file AV-scan may be requested multiple times, the AV-engine
+ * should also check if the file has been scanned already. Requests
+ * can also be dropped by the AV-engine (and we thus don't need the
+ * reliability of TCP).
+ *
+ */
+
+#include "includes.h"
+
+#include "config.h"
+
+#define SENDBUFFERSIZE 1450
+
+struct Tscannedonly {
+       int socket;
+       int domain_socket;
+       int portnum;
+       int scanning_message_len;
+       int recheck_time_open;
+       int recheck_tries_open;
+       int recheck_size_open;
+       int recheck_time_readdir;
+       int recheck_tries_readdir;
+       bool show_special_files;
+       bool rm_hidden_files_on_rmdir;
+       bool hide_nonscanned_files;
+       bool allow_nonscanned_files;
+       char *socketname;
+       char *scanhost;
+       char *scanning_message;
+       char *p_scanned; /* prefix for scanned files */
+       char *p_virus; /* prefix for virus containing files */
+       char *p_failed; /* prefix for failed to scan files */
+       char gsendbuffer[SENDBUFFERSIZE + 1];
+};
+
+#define STRUCTSCANO(var) ((struct Tscannedonly *)var)
+
+struct scannedonly_DIR {
+       char *base;
+       int notify_loop_done;
+       SMB_STRUCT_DIR *DIR;
+};
+#define SCANNEDONLY_DEBUG 9
+/*********************/
+/* utility functions */
+/*********************/
+
+static char *real_path_from_notify_path(TALLOC_CTX *ctx,
+                                       struct Tscannedonly *so,
+                                       const char *path)
+{
+       char *name;
+       int len, pathlen;
+
+       name = strrchr(path, '/');
+       if (!name) {
+               return NULL;
+       }
+       pathlen = name - path;
+       name++;
+       len = strlen(name);
+       if (len <= so->scanning_message_len) {
+               return NULL;
+       }
+
+       if (strcmp(name + (len - so->scanning_message_len),
+                  so->scanning_message) != 0) {
+               return NULL;
+       }
+
+       return talloc_strndup(ctx,path,
+                             pathlen + len - so->scanning_message_len);
+}
+
+static char *cachefile_name(TALLOC_CTX *ctx,
+                           const char *shortname,
+                           const char *base,
+                           const char *p_scanned)
+{
+       return talloc_asprintf(ctx, "%s%s%s", base, p_scanned, shortname);
+}
+
+static char *name_w_ending_slash(TALLOC_CTX *ctx, const char *name)
+{
+       int len = strlen(name);
+       if (name[len - 1] == '/') {
+               return talloc_strdup(ctx,name);
+       } else {
+               return talloc_asprintf(ctx, "%s/", name);
+       }
+}
+
+static char *cachefile_name_f_fullpath(TALLOC_CTX *ctx,
+                                      const char *fullpath,
+                                      const char *p_scanned)
+{
+       const char *base;
+       char *tmp, *cachefile, *shortname;
+       tmp = strrchr(fullpath, '/');
+       if (tmp) {
+               base = talloc_strndup(ctx, fullpath, (tmp - fullpath) + 1);
+               shortname = tmp + 1;
+       } else {
+               base = "";
+               shortname = (char *)fullpath;
+       }
+       cachefile = cachefile_name(ctx, shortname, base, p_scanned);
+       DEBUG(SCANNEDONLY_DEBUG,
+             ("cachefile_name_f_fullpath cachefile=%s\n", cachefile));
+       return cachefile;
+}
+
+static char *path_plus_name(TALLOC_CTX *ctx, const char *base,
+                           const char *filename)
+{
+       return talloc_asprintf(ctx, "%s%s", base,filename);
+}
+
+static char *construct_full_path(TALLOC_CTX *ctx, vfs_handle_struct * handle,
+                                const char *somepath, bool ending_slash)
+{
+       char *tmp;
+
+       if (!somepath) {
+               return NULL;
+       }
+       if (somepath[0] == '/') {
+               if (ending_slash) {
+                       return name_w_ending_slash(ctx,somepath);
+               }
+               return talloc_strdup(ctx,somepath);
+       }
+       tmp=(char *)somepath;
+       if (tmp[0]=='.'&&tmp[1]=='/') {
+               tmp+=2;
+       }
+       /* vfs_GetWd() seems to return a path with a slash */
+       if (ending_slash) {
+               return talloc_asprintf(ctx, "%s%s/",
+                                      vfs_GetWd(ctx, handle->conn),tmp);
+       }
+       return talloc_asprintf(ctx, "%s%s",
+                              vfs_GetWd(ctx, handle->conn),tmp);
+}
+
+static int connect_to_scanner(vfs_handle_struct * handle)
+{
+       struct Tscannedonly *so = (struct Tscannedonly *)handle->data;
+
+       if (so->domain_socket) {
+               struct sockaddr_un saun;
+               DEBUG(SCANNEDONLY_DEBUG, ("socket=%s\n", so->socketname));
+               if ((so->socket = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0) {
+                       DEBUG(2, ("failed to create socket %s\n",
+                                 so->socketname));
+                       return -1;
+               }
+               saun.sun_family = AF_UNIX;
+               strncpy(saun.sun_path, so->socketname,
+                       sizeof(saun.sun_path) - 1);
+               if (connect(so->socket, (struct sockaddr *)(void *)&saun,
+                           SUN_LEN(&saun)) < 0) {
+                       DEBUG(2, ("failed to connect to socket %s\n",
+                                 so->socketname));
+                       return -1;
+               }
+               DEBUG(SCANNEDONLY_DEBUG,("bound %s to socket %d\n",
+                                        saun.sun_path, so->socket));
+
+       } else {
+               so->socket = open_udp_socket(so->scanhost, so->portnum);
+               if (so->socket < 0) {
+                       DEBUG(2,("failed to open UDP socket to %s:%d\n",
+                                so->scanhost,so->portnum));
+                       return -1;
+               }
+       }
+
+       {/* increasing the socket buffer is done because we have large bursts
+           of UDP packets or DGRAM's on a domain socket whenever we hit a
+           large directory with lots of unscanned files. */
+               int sndsize;
+               socklen_t size = sizeof(int);
+               getsockopt(so->socket, SOL_SOCKET, SO_RCVBUF,
+                          (char *)&sndsize, &size);
+               DEBUG(SCANNEDONLY_DEBUG, ("current socket buffer size=%d\n",
+                                         sndsize));
+               sndsize = 262144;
+               if (setsockopt(so->socket, SOL_SOCKET, SO_RCVBUF,
+                              (char *)&sndsize,
+                              (int)sizeof(sndsize)) != 0) {
+                       DEBUG(SCANNEDONLY_DEBUG,
+                             ("error setting socket buffer %s (%d)\n",
+                              strerror(errno), errno));
+               }
+       }
+       set_blocking(so->socket, false);
+       return 0;
+}
+
+static void flush_sendbuffer(vfs_handle_struct * handle)
+{
+       struct Tscannedonly *so = (struct Tscannedonly *)handle->data;
+       int ret, len, loop = 10;
+       if (so->gsendbuffer[0] == '\0') {
+               return;
+       }
+
+       do {
+               loop--;
+               len = strlen(so->gsendbuffer);
+               ret = send(so->socket, so->gsendbuffer, len, MSG_DONTWAIT);
+               if (ret == len) {
+                       so->gsendbuffer[0] = '\0';
+                       break;
+               }
+               if (ret == -1) {
+                       DEBUG(3,("scannedonly flush_sendbuffer: "
+                                "error sending on socket %d to scanner:"
+                                " %s (%d)\n",
+                                so->socket, strerror(errno), errno));
+                       if (errno == ECONNREFUSED || errno == ENOTCONN
+                           || errno == ECONNRESET) {
+                               if (connect_to_scanner(handle) == -1)
+                                       break;  /* connecting fails, abort */
+                               /* try again */
+                       } else if (errno != EINTR) {
+                               /* on EINTR we just try again, all remaining
+                                  other errors we log the error
+                                  and try again ONCE */
+                               loop = 1;
+                               DEBUG(3,("scannedonly flush_sendbuffer: "
+                                        "error sending data to scanner: %s "
+                                        "(%d)\n", strerror(errno), errno));
+                       }
+               } else {
+                       /* --> partial write: Resend all filenames that were
+                          not or not completely written. a partial filename
+                          written means the filename will not arrive correctly,
+                          so resend it completely */
+                       int pos = 0;
+                       while (pos < len) {
+                               char *tmp = strchr(so->gsendbuffer+pos, '\n');
+                               if (tmp && tmp - so->gsendbuffer < ret)
+                                       pos = tmp - so->gsendbuffer + 1;
+                               else
+                                       break;
+                       }
+                       memmove(so->gsendbuffer, so->gsendbuffer + pos,
+                               SENDBUFFERSIZE - ret);
+                       /* now try again */
+               }
+       } while (loop > 0);
+
+       if (so->gsendbuffer[0] != '\0') {
+               DEBUG(2,
+                     ("scannedonly flush_sendbuffer: "
+                      "failed to send files to AV scanner, "
+                      "discarding files."));
+               so->gsendbuffer[0] = '\0';
+       }
+}
+
+static void notify_scanner(vfs_handle_struct * handle, const char *scanfile)
+{
+       char *tmp;
+       int tmplen, gsendlen;
+       struct Tscannedonly *so = (struct Tscannedonly *)handle->data;
+       TALLOC_CTX *ctx=talloc_tos();
+       if (scanfile[0] != '/') {
+               tmp = construct_full_path(ctx,handle, scanfile, false);
+       } else {
+               tmp = (char *)scanfile;
+       }
+       tmplen = strlen(tmp);
+       gsendlen = strlen(so->gsendbuffer);
+       DEBUG(SCANNEDONLY_DEBUG,
+             ("scannedonly notify_scanner: tmp=%s, tmplen=%d, gsendlen=%d\n",
+              tmp, tmplen, gsendlen));
+       if (gsendlen + tmplen >= SENDBUFFERSIZE) {
+               flush_sendbuffer(handle);
+       }
+       strlcat(so->gsendbuffer, tmp, SENDBUFFERSIZE + 1);
+       strlcat(so->gsendbuffer, "\n", SENDBUFFERSIZE + 1);
+}
+
+static bool is_scannedonly_file(struct Tscannedonly *so, const char *shortname)
+{
+       if (shortname[0]!='.') {
+               return false;
+       }
+       if (strncmp(shortname, so->p_scanned, strlen(so->p_scanned)) == 0) {
+               return true;
+       }
+       if (strncmp(shortname, so->p_virus, strlen(so->p_virus)) == 0) {
+               return true;
+       }
+       if (strncmp(shortname, so->p_failed, strlen(so->p_failed)) == 0) {
+               return true;
+       }
+       return false;
+}
+
+static bool timespec_is_newer(struct timespec *base, struct timespec *test)
+{
+       return timespec_compare(base,test) < 0;
+}
+
+/*
+vfs_handle_struct *handle the scannedonly handle
+scannedonly_DIR * sDIR the scannedonly struct if called from _readdir()
+or NULL
+fullpath is a full path starting from / or a relative path to the
+current working directory
+shortname is the filename without directory components
+basename, is the directory without file name component
+allow_nonexistant return TRUE if stat() on the requested file fails
+recheck_time, the time in milliseconds to wait for the daemon to
+create a .scanned file
+recheck_tries, the number of tries to wait
+recheck_size, size in Kb of files that should not be waited for
+loop : boolean if we should try to loop over all files in the directory
+and send a notify to the scanner for all files that need scanning
+*/
+static bool scannedonly_allow_access(vfs_handle_struct * handle,
+                                    struct scannedonly_DIR *sDIR,
+                                    struct smb_filename *smb_fname,
+                                    const char *shortname,
+                                    const char *base_name,
+                                    int allow_nonexistant,
+                                    int recheck_time, int recheck_tries,
+                                    int recheck_size, int loop)
+{
+       struct smb_filename *cache_smb_fname;
+       TALLOC_CTX *ctx=talloc_tos();
+       char *cachefile;
+       int retval;
+       int didloop;
+       DEBUG(SCANNEDONLY_DEBUG,
+             ("smb_fname->base_name=%s, shortname=%s, base_name=%s\n"
+              ,smb_fname->base_name,shortname,base_name));
+
+       if (ISDOT(shortname) || ISDOTDOT(shortname)) {
+               return true;
+       }
+       if (is_scannedonly_file(STRUCTSCANO(handle->data), shortname)) {
+               DEBUG(SCANNEDONLY_DEBUG,
+                     ("scannedonly_allow_access, %s is a scannedonly file, "
+                      "return 0\n", shortname));
+               return false;
+       }
+
+       if (!VALID_STAT(smb_fname->st)) {
+               DEBUG(SCANNEDONLY_DEBUG,("stat %s\n",smb_fname->base_name));
+               retval = SMB_VFS_NEXT_STAT(handle, smb_fname);
+               if (retval != 0) {
+                       /* failed to stat this file?!? --> hide it */
+                       DEBUG(SCANNEDONLY_DEBUG,("no valid stat, return"
+                                                " allow_nonexistant=%d\n",
+                                                allow_nonexistant));
+                       return allow_nonexistant;
+               }
+       }
+       if (!S_ISREG(smb_fname->st.st_ex_mode)) {
+               DEBUG(SCANNEDONLY_DEBUG,
+                     ("%s is not a regular file, ISDIR=%d\n",
+                      smb_fname->base_name,
+                      S_ISDIR(smb_fname->st.st_ex_mode)));
+               return (STRUCTSCANO(handle->data)->
+                       show_special_files ||
+                       S_ISDIR(smb_fname->st.st_ex_mode));
+       }
+       if (smb_fname->st.st_ex_size == 0) {
+               DEBUG(SCANNEDONLY_DEBUG,("empty file, return 1\n"));
+               return true;    /* empty files cannot contain viruses ! */
+       }
+       cachefile = cachefile_name(ctx,
+                                  shortname,
+                                  base_name,
+                                  STRUCTSCANO(handle->data)->p_scanned);
+       create_synthetic_smb_fname(ctx, cachefile,NULL,NULL,&cache_smb_fname);
+       if (!VALID_STAT(cache_smb_fname->st)) {
+               retval = SMB_VFS_NEXT_STAT(handle, cache_smb_fname);
+       }
+       if (retval == 0 && VALID_STAT(cache_smb_fname->st)) {
+               if (timespec_is_newer(&smb_fname->st.st_ex_mtime,
+                                     &cache_smb_fname->st.st_ex_mtime)) {
+                       talloc_free(cache_smb_fname);
+                       return true;
+               }
+               /* no cachefile or too old */
+               SMB_VFS_NEXT_UNLINK(handle, cache_smb_fname);
+               retval = -1;
+       }
+
+       notify_scanner(handle, smb_fname->base_name);
+
+       didloop = 0;
+       if (loop && sDIR && !sDIR->notify_loop_done) {
+               /* check the rest of the directory and notify the
+                  scanner if some file needs scanning */
+               long offset;
+               SMB_STRUCT_DIRENT *dire;
+
+               offset = SMB_VFS_NEXT_TELLDIR(handle, sDIR->DIR);
+               dire = SMB_VFS_NEXT_READDIR(handle, sDIR->DIR, NULL);
+               while (dire) {
+                       char *fpath2;
+                       struct smb_filename *smb_fname2;
+                       fpath2 = path_plus_name(ctx,base_name, dire->d_name);
+                       DEBUG(SCANNEDONLY_DEBUG,
+                             ("scannedonly_allow_access in loop, "
+                              "found %s\n", fpath2));
+                       create_synthetic_smb_fname(ctx, fpath2,NULL,NULL,
+                                                  &smb_fname2);
+                       scannedonly_allow_access(handle, NULL,
+                                                smb_fname2,
+                                                dire->d_name,
+                                                base_name, 0, 0, 0, 0, 0);
+                       talloc_free(fpath2);
+                       talloc_free(smb_fname2);
+                       dire = SMB_VFS_NEXT_READDIR(handle, sDIR->DIR,NULL);
+               }
+               sDIR->notify_loop_done = 1;
+               didloop = 1;
+               SMB_VFS_NEXT_SEEKDIR(handle, sDIR->DIR, offset);
+       }
+       if (recheck_time > 0
+           && ((recheck_size > 0
+                && smb_fname->st.st_ex_size < (1024 * recheck_size))
+               || didloop)) {
+               int i = 0;
+               flush_sendbuffer(handle);
+               while (retval != 0      /*&& errno == ENOENT */
+                      && i < recheck_tries) {
+                       struct timespec req = { 0, recheck_time * 10000 };
+                       DEBUG(SCANNEDONLY_DEBUG,
+                             ("scannedonly_allow_access, wait (try=%d "
+                              "(max %d), %d ms) for %s\n",
+                              i, recheck_tries,
+                              recheck_time, cache_smb_fname->base_name));
+                       nanosleep(&req, NULL);
+                       retval = SMB_VFS_NEXT_STAT(handle, cache_smb_fname);
+                       i++;
+               }
+       }
+       /* still no cachefile, or still too old, return 0 */
+       if (retval != 0
+           || !timespec_is_newer(&smb_fname->st.st_ex_mtime,
+                                 &cache_smb_fname->st.st_ex_mtime)) {
+               DEBUG(SCANNEDONLY_DEBUG,
+                     ("retval=%d, return 0\n",retval));
+               return false;
+       }
+       return true;
+}
+
+/*********************/
+/* VFS functions     */
+/*********************/
+
+static SMB_STRUCT_DIR *scannedonly_opendir(vfs_handle_struct * handle,
+                                          const char *fname,
+                                          const char *mask, uint32 attr)
+{
+       SMB_STRUCT_DIR *DIRp;
+       struct scannedonly_DIR *sDIR;
+
+       DIRp = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
+       if (!DIRp) {
+               return NULL;
+       }
+
+       sDIR = TALLOC_P(NULL, struct scannedonly_DIR);
+       if (fname[0] != '/') {
+               sDIR->base = construct_full_path(sDIR,handle, fname, true);
+       } else {
+               sDIR->base = name_w_ending_slash(sDIR, fname);
+       }
+       sDIR->DIR = DIRp;
+       sDIR->notify_loop_done = 0;
+       return (SMB_STRUCT_DIR *) sDIR;
+}
+
+static SMB_STRUCT_DIRENT *scannedonly_readdir(vfs_handle_struct *handle,
+                                             SMB_STRUCT_DIR * dirp,
+                                             SMB_STRUCT_STAT *sbuf)
+{
+       SMB_STRUCT_DIRENT *result;
+       int allowed = 0;
+       char *tmp;
+       struct smb_filename *smb_fname;
+       char *notify_name;
+       int namelen;
+       SMB_STRUCT_DIRENT *newdirent;
+       TALLOC_CTX *ctx=talloc_tos();
+
+       struct scannedonly_DIR *sDIR = (struct scannedonly_DIR *)dirp;
+       if (!dirp) {
+               return NULL;
+       }
+
+       result = SMB_VFS_NEXT_READDIR(handle, sDIR->DIR, sbuf);
+
+       if (!result)
+               return NULL;
+
+       if (is_scannedonly_file(STRUCTSCANO(handle->data), result->d_name)) {
+               DEBUG(SCANNEDONLY_DEBUG,
+                     ("scannedonly_readdir, %s is a scannedonly file, "
+                      "skip to next entry\n", result->d_name));
+               return scannedonly_readdir(handle, dirp, NULL);
+       }
+
+       tmp = path_plus_name(ctx,sDIR->base, result->d_name);
+       DEBUG(SCANNEDONLY_DEBUG,
+             ("scannedonly_readdir, check access to %s (sbuf=%p)\n",
+              tmp,sbuf));
+
+       /* even if we don't hide nonscanned files or we allow non scanned
+          files we call allow_access because it will notify the daemon to
+          scan these files */
+       create_synthetic_smb_fname(ctx, tmp,NULL,
+                                  sbuf?VALID_STAT(*sbuf)?sbuf:NULL:NULL,
+                                  &smb_fname);
+       allowed = scannedonly_allow_access(
+               handle, sDIR, smb_fname,
+               result->d_name,
+               sDIR->base, 0,
+               STRUCTSCANO(handle->data)->hide_nonscanned_files
+               ? STRUCTSCANO(handle->data)->recheck_time_readdir
+               : 0,
+               STRUCTSCANO(handle->data)->recheck_tries_readdir,
+               -1,
+               1);
+       DEBUG(SCANNEDONLY_DEBUG,
+             ("scannedonly_readdir access to %s (%s) = %d\n", tmp,
+              result->d_name, allowed));
+       if (allowed) {
+               return result;
+       }
+       DEBUG(SCANNEDONLY_DEBUG,
+             ("hide_nonscanned_files=%d, allow_nonscanned_files=%d\n",
+              STRUCTSCANO(handle->data)->hide_nonscanned_files,
+              STRUCTSCANO(handle->data)->allow_nonscanned_files
+                     ));
+
+       if (!STRUCTSCANO(handle->data)->hide_nonscanned_files
+           || STRUCTSCANO(handle->data)->allow_nonscanned_files) {
+               return result;
+       }
+
+       DEBUG(SCANNEDONLY_DEBUG,
+             ("scannedonly_readdir, readdir listing for %s not "
+              "allowed, notify user\n", result->d_name));
+       notify_name = talloc_asprintf(
+               ctx,"%s %s",result->d_name,
+               STRUCTSCANO(handle->data)->scanning_message);
+       namelen = strlen(notify_name);
+       newdirent = (SMB_STRUCT_DIRENT *)TALLOC_ARRAY(
+               ctx, char, sizeof(SMB_STRUCT_DIRENT) + namelen + 1);
+       if (!newdirent) {
+               return NULL;
+       }
+       memcpy(newdirent, result, sizeof(SMB_STRUCT_DIRENT));
+       memcpy(&newdirent->d_name, notify_name, namelen + 1);
+       DEBUG(SCANNEDONLY_DEBUG,
+             ("scannedonly_readdir, return newdirent at %p with "
+              "notification %s\n", newdirent, newdirent->d_name));
+       return newdirent;
+}
+
+static void scannedonly_seekdir(struct vfs_handle_struct *handle,
+                               SMB_STRUCT_DIR * dirp, long offset)
+{
+       struct scannedonly_DIR *sDIR = (struct scannedonly_DIR *)dirp;
+       SMB_VFS_NEXT_SEEKDIR(handle, sDIR->DIR, offset);
+}
+
+static long scannedonly_telldir(struct vfs_handle_struct *handle,
+                               SMB_STRUCT_DIR * dirp)
+{
+       struct scannedonly_DIR *sDIR = (struct scannedonly_DIR *)dirp;
+       return SMB_VFS_NEXT_TELLDIR(handle, sDIR->DIR);
+}
+
+static void scannedonly_rewinddir(struct vfs_handle_struct *handle,
+                                 SMB_STRUCT_DIR * dirp)
+{
+       struct scannedonly_DIR *sDIR = (struct scannedonly_DIR *)dirp;
+       SMB_VFS_NEXT_REWINDDIR(handle, sDIR->DIR);
+}
+
+static int scannedonly_closedir(vfs_handle_struct * handle,
+                               SMB_STRUCT_DIR * dirp)
+{
+       int retval;
+       struct scannedonly_DIR *sDIR = (struct scannedonly_DIR *)dirp;
+       flush_sendbuffer(handle);
+       retval = SMB_VFS_NEXT_CLOSEDIR(handle, sDIR->DIR);
+       TALLOC_FREE(sDIR);
+       return retval;
+}
+
+static int scannedonly_stat(vfs_handle_struct * handle,
+                           struct smb_filename *smb_fname)
+{
+       int ret;
+       ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
+       DEBUG(SCANNEDONLY_DEBUG, ("scannedonly_stat: %s returned %d\n",
+                                 smb_fname->base_name, ret));
+       if (ret != 0 && errno == ENOENT) {
+               TALLOC_CTX *ctx=talloc_tos();
+               char *test_base_name, *tmp_base_name = smb_fname->base_name;
+               /* possibly this was a fake name (file is being scanned for
+                  viruses.txt): check for that and create the real name and
+                  stat the real name */
+               test_base_name = real_path_from_notify_path(
+                       ctx,
+                       STRUCTSCANO(handle->data),
+                       smb_fname->base_name);
+               if (test_base_name) {
+                       smb_fname->base_name = test_base_name;
+                       ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
+                       DEBUG(5, ("_stat: %s returned %d\n",
+                                 test_base_name, ret));
+                       smb_fname->base_name = tmp_base_name;
+               }
+       }
+       return ret;
+}
+
+static int scannedonly_lstat(vfs_handle_struct * handle,
+                            struct smb_filename *smb_fname)
+{
+       int ret;
+       ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
+       DEBUG(SCANNEDONLY_DEBUG, ("scannedonly_lstat: %s returned %d\n",
+                                 smb_fname->base_name, ret));
+       if (ret != 0 && errno == ENOENT) {
+               TALLOC_CTX *ctx=talloc_tos();
+               char *test_base_name, *tmp_base_name = smb_fname->base_name;
+               /* possibly this was a fake name (file is being scanned for
+                  viruses.txt): check for that and create the real name and
+                  stat the real name */
+               test_base_name = real_path_from_notify_path(
+                       ctx, STRUCTSCANO(handle->data), smb_fname->base_name);
+               if (test_base_name) {
+                       smb_fname->base_name = test_base_name;
+                       ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
+                       DEBUG(5, ("_lstat: %s returned %d\n",
+                                 test_base_name, ret));
+                       smb_fname->base_name = tmp_base_name;
+               }
+       }
+       return ret;
+}
+
+static int scannedonly_open(vfs_handle_struct * handle,
+                           struct smb_filename *smb_fname,
+                           files_struct * fsp, int flags, mode_t mode)
+{
+       const char *base;
+       char *tmp, *shortname;
+       int allowed, write_access = 0;
+       TALLOC_CTX *ctx=talloc_tos();
+       /* if open for writing ignore it */
+       if ((flags & O_ACCMODE) == O_WRONLY) {
+               return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
+       }
+       if ((flags & O_ACCMODE) == O_RDWR) {
+               write_access = 1;
+       }
+       /* check if this file is scanned already */
+       tmp = strrchr(smb_fname->base_name, '/');
+       if (tmp) {
+               base = talloc_strndup(ctx,smb_fname->base_name,
+                                     (tmp - smb_fname->base_name) + 1);
+               shortname = tmp + 1;
+       } else {
+               base = "";
+               shortname = (char *)smb_fname->base_name;
+       }
+       allowed = scannedonly_allow_access(
+               handle, NULL, smb_fname, shortname,
+               base,
+               write_access,
+               STRUCTSCANO(handle->data)->recheck_time_open,
+               STRUCTSCANO(handle->data)->recheck_tries_open,
+               STRUCTSCANO(handle->data)->recheck_size_open,
+               0);
+       flush_sendbuffer(handle);
+       DEBUG(SCANNEDONLY_DEBUG, ("scannedonly_open: allow=%d for %s\n",
+                                 allowed, smb_fname->base_name));
+       if (allowed
+           || STRUCTSCANO(handle->data)->allow_nonscanned_files) {
+               return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
+       }
+       errno = EACCES;
+       return -1;
+}
+
+static int scannedonly_close(vfs_handle_struct * handle, files_struct * fsp)
+{
+       /* we only have to notify the scanner
+          for files that were open readwrite or writable. */
+       if (fsp->can_write) {
+               TALLOC_CTX *ctx = talloc_tos();
+               notify_scanner(handle, construct_full_path(
+                                      ctx,handle,
+                                      fsp->fsp_name->base_name,false));
+               flush_sendbuffer(handle);
+       }
+       return SMB_VFS_NEXT_CLOSE(handle, fsp);
+}
+
+static int scannedonly_rename(vfs_handle_struct * handle,
+                             const struct smb_filename *smb_fname_src,
+                             const struct smb_filename *smb_fname_dst)
+{
+       /* rename the cache file before we pass the actual rename on */
+       struct smb_filename *smb_fname_src_tmp = NULL;
+       struct smb_filename *smb_fname_dst_tmp = NULL;
+       char *cachefile_src, *cachefile_dst;
+       TALLOC_CTX *ctx = talloc_tos();
+
+       /* Setup temporary smb_filename structs. */
+       cachefile_src = cachefile_name_f_fullpath(
+               ctx,
+               smb_fname_src->base_name,
+               STRUCTSCANO(handle->data)->p_scanned);
+       cachefile_dst = cachefile_name_f_fullpath(
+               ctx,
+               smb_fname_dst->base_name,
+               STRUCTSCANO(handle->data)->p_scanned);
+
+       create_synthetic_smb_fname(ctx, cachefile_src,NULL,NULL,
+                                  &smb_fname_src_tmp);
+       create_synthetic_smb_fname(ctx, cachefile_dst,NULL,NULL,
+                                  &smb_fname_dst_tmp);
+
+       if (SMB_VFS_NEXT_RENAME(handle, smb_fname_src_tmp, smb_fname_dst_tmp)
+           != 0) {
+               DEBUG(SCANNEDONLY_DEBUG,
+                     ("failed to rename %s into %s\n", cachefile_src,
+                      cachefile_dst));
+       }
+       return SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
+}
+
+static int scannedonly_unlink(vfs_handle_struct * handle,
+                             const struct smb_filename *smb_fname)
+{
+       /* unlink the 'scanned' file too */
+       struct smb_filename *smb_fname_cache = NULL;
+       char * cachefile;
+       TALLOC_CTX *ctx = talloc_tos();
+
+       cachefile = cachefile_name_f_fullpath(
+               ctx,
+               smb_fname->base_name,
+               STRUCTSCANO(handle->data)->p_scanned);
+       create_synthetic_smb_fname(ctx, cachefile,NULL,NULL,
+                                  &smb_fname_cache);
+       if (SMB_VFS_NEXT_UNLINK(handle, smb_fname_cache) != 0) {
+               DEBUG(SCANNEDONLY_DEBUG, ("_unlink: failed to unlink %s\n",
+                                         smb_fname_cache->base_name));
+       }
+       return SMB_VFS_NEXT_UNLINK(handle, smb_fname);
+}
+
+static int scannedonly_rmdir(vfs_handle_struct * handle, const char *path)
+{
+       /* if there are only .scanned: .virus: or .failed: files, we delete
+          those, because the client cannot see them */
+       DIR *dirp;
+       SMB_STRUCT_DIRENT *dire;
+       TALLOC_CTX *ctx = talloc_tos();
+       bool only_deletable_files = true, have_files = false;
+       char *path_w_slash;
+
+       if (!STRUCTSCANO(handle->data)->rm_hidden_files_on_rmdir)
+               return SMB_VFS_NEXT_RMDIR(handle, path);
+
+       path_w_slash = name_w_ending_slash(ctx,path);
+       dirp = SMB_VFS_NEXT_OPENDIR(handle, path, NULL, 0);
+       while ((dire = SMB_VFS_NEXT_READDIR(handle, dirp, NULL)) != NULL) {
+               if (ISDOT(dire->d_name) || ISDOTDOT(dire->d_name)) {
+                       continue;
+               }
+               have_files = true;
+               if (!is_scannedonly_file(STRUCTSCANO(handle->data),
+                                        dire->d_name)) {
+                       struct smb_filename *smb_fname = NULL;
+                       char *fullpath;
+                       int retval;
+
+                       if (STRUCTSCANO(handle->data)->show_special_files) {
+                               only_deletable_files = false;
+                               break;
+                       }
+                       /* stat the file and see if it is a
+                          special file */
+                       fullpath = path_plus_name(ctx,path_w_slash,
+                                                 dire->d_name);
+                       create_synthetic_smb_fname(ctx, fullpath,NULL,NULL,
+                                                  &smb_fname);
+                       retval = SMB_VFS_NEXT_STAT(handle, smb_fname);
+                       if (retval == 0
+                           && S_ISREG(smb_fname->st.st_ex_mode)) {
+                               only_deletable_files = false;
+                       }
+                       TALLOC_FREE(fullpath);
+                       TALLOC_FREE(smb_fname);
+                       break;
+               }
+       }
+       DEBUG(SCANNEDONLY_DEBUG,
+             ("path=%s, have_files=%d, only_deletable_files=%d\n",
+              path, have_files, only_deletable_files));
+       if (have_files && only_deletable_files) {
+               DEBUG(SCANNEDONLY_DEBUG,
+                     ("scannedonly_rmdir, remove leftover scannedonly "
+                      "files from %s\n", path_w_slash));
+               SMB_VFS_NEXT_REWINDDIR(handle, dirp);
+               while ((dire = SMB_VFS_NEXT_READDIR(handle, dirp, NULL))
+                      != NULL) {
+                       char *fullpath;
+                       struct smb_filename *smb_fname = NULL;
+                       if (ISDOT(dire->d_name) || ISDOTDOT(dire->d_name)) {
+                               continue;
+                       }
+                       fullpath = path_plus_name(ctx,path_w_slash,
+                                                 dire->d_name);
+                       create_synthetic_smb_fname(ctx, fullpath,NULL,NULL,
+                                                  &smb_fname);
+                       DEBUG(SCANNEDONLY_DEBUG, ("unlink %s\n", fullpath));
+                       SMB_VFS_NEXT_UNLINK(handle, smb_fname);
+                       TALLOC_FREE(fullpath);
+                       TALLOC_FREE(smb_fname);
+               }
+       }
+       return SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
+}
+
+static void free_scannedonly_data(void **data)
+{
+       SAFE_FREE(*data);
+}
+
+static int scannedonly_connect(struct vfs_handle_struct *handle,
+                              const char *service, const char *user)
+{
+
+       struct Tscannedonly *so;
+
+       so = SMB_MALLOC_P(struct Tscannedonly);
+       handle->data = (void *)so;
+       handle->free_data = free_scannedonly_data;
+       so->gsendbuffer[0]='\0';
+       so->domain_socket =
+               lp_parm_bool(SNUM(handle->conn), "scannedonly",
+                            "domain_socket", True);
+       so->socketname =
+               (char *)lp_parm_const_string(SNUM(handle->conn),
+                                            "scannedonly", "socketname",
+                                            "/var/lib/scannedonly/scan");
+       so->portnum =
+               lp_parm_int(SNUM(handle->conn), "scannedonly", "portnum",
+                           2020);
+       so->scanhost =
+               (char *)lp_parm_const_string(SNUM(handle->conn),
+                                            "scannedonly", "scanhost",
+                                            "localhost");
+
+       so->show_special_files =
+               lp_parm_bool(SNUM(handle->conn), "scannedonly",
+                            "show_special_files", True);
+       so->rm_hidden_files_on_rmdir =
+               lp_parm_bool(SNUM(handle->conn), "scannedonly",
+                            "rm_hidden_files_on_rmdir", True);
+       so->hide_nonscanned_files =
+               lp_parm_bool(SNUM(handle->conn), "scannedonly",
+                            "hide_nonscanned_files", False);
+       so->allow_nonscanned_files =
+               lp_parm_bool(SNUM(handle->conn), "scannedonly",
+                            "allow_nonscanned_files", False);
+       so->scanning_message =
+               (char *)lp_parm_const_string(SNUM(handle->conn),
+                                            "scannedonly",
+                                            "scanning_message",
+                                            "is being scanned for viruses");
+       so->scanning_message_len = strlen(so->scanning_message);
+       so->recheck_time_open =
+               lp_parm_int(SNUM(handle->conn), "scannedonly",
+                           "recheck_time_open", 50);
+       so->recheck_tries_open =
+               lp_parm_int(SNUM(handle->conn), "scannedonly",
+                           "recheck_tries_open", 100);
+       so->recheck_size_open =
+               lp_parm_int(SNUM(handle->conn), "scannedonly",
+                           "recheck_size_open", 100);
+       so->recheck_time_readdir =
+               lp_parm_int(SNUM(handle->conn), "scannedonly",
+                           "recheck_time_readdir", 50);
+       so->recheck_tries_readdir =
+               lp_parm_int(SNUM(handle->conn), "scannedonly",
+                           "recheck_tries_readdir", 20);
+
+       so->p_scanned =
+               (char *)lp_parm_const_string(SNUM(handle->conn),
+                                            "scannedonly",
+                                            "pref_scanned",
+                                            ".scanned:");
+       so->p_virus =
+               (char *)lp_parm_const_string(SNUM(handle->conn),
+                                            "scannedonly",
+                                            "pref_virus",
+                                            ".virus:");
+       so->p_failed =
+               (char *)lp_parm_const_string(SNUM(handle->conn),
+                                            "scannedonly",
+                                            "pref_failed",
+                                            ".failed:");
+       connect_to_scanner(handle);
+
+       return SMB_VFS_NEXT_CONNECT(handle, service, user);
+}
+
+/* VFS operations structure */
+static struct vfs_fn_pointers vfs_scannedonly_fns = {
+       .opendir = scannedonly_opendir,
+       .readdir = scannedonly_readdir,
+       .seekdir = scannedonly_seekdir,
+       .telldir = scannedonly_telldir,
+       .rewind_dir = scannedonly_rewinddir,
+       .closedir = scannedonly_closedir,
+       .rmdir = scannedonly_rmdir,
+       .stat = scannedonly_stat,
+       .lstat = scannedonly_lstat,
+       .open = scannedonly_open,
+       .close_fn = scannedonly_close,
+       .rename = scannedonly_rename,
+       .unlink = scannedonly_unlink,
+       .connect_fn = scannedonly_connect
+};
+
+NTSTATUS vfs_scannedonly_init(void)
+{
+       return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "scannedonly",
+                               &vfs_scannedonly_fns);
+}
index 312160c0267e62489aae61ac81c16b708d253989..a3de30e8085a3c65d50c7320472ebd9bf54810ab 100644 (file)
@@ -106,6 +106,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
        ace_t *acebuf;
        SMB4ACE_T *smbace;
        TALLOC_CTX      *mem_ctx;
+       bool have_special_id = false;
 
        /* allocate the field of ZFS aces */
        mem_ctx = talloc_tos();
@@ -140,8 +141,17 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
                                        aceprop->who.special_id));
                                continue; /* don't add it !!! */
                        }
+                       have_special_id = true;
                }
        }
+
+       if (!have_special_id
+           && lp_parm_bool(fsp->conn->params->service, "zfsacl",
+                           "denymissingspecial", false)) {
+               errno = EACCES;
+               return false;
+       }
+
        SMB_ASSERT(i == naces);
 
        /* store acl */
index a197c51ac8e95aa72eda2501a49f305fbbbaa94b..6149f974ac044cefe5d4e6ade1da0d850841754b 100644 (file)
@@ -75,8 +75,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 
                /* It's our own domain, lookup the name in passdb */
                if (lookup_global_sam_name(name, flags, &rid, &type)) {
-                       sid_copy(&sid, get_global_sam_sid());
-                       sid_append_rid(&sid, rid);
+                       sid_compose(&sid, get_global_sam_sid(), rid);
                        goto ok;
                }
                TALLOC_FREE(tmp_ctx);
@@ -96,8 +95,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 
                /* Explicit request for a name in BUILTIN */
                if (lookup_builtin_name(name, &rid)) {
-                       sid_copy(&sid, &global_sid_Builtin);
-                       sid_append_rid(&sid, rid);
+                       sid_compose(&sid, &global_sid_Builtin, rid);
                        type = SID_NAME_ALIAS;
                        goto ok;
                }
@@ -215,8 +213,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
            lookup_builtin_name(name, &rid))
        {
                domain = talloc_strdup(tmp_ctx, builtin_domain_name());
-               sid_copy(&sid, &global_sid_Builtin);
-               sid_append_rid(&sid, rid);
+               sid_compose(&sid, &global_sid_Builtin, rid);
                type = SID_NAME_ALIAS;
                goto ok;
        }
@@ -230,8 +227,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
            lookup_global_sam_name(name, flags, &rid, &type))
        {
                domain = talloc_strdup(tmp_ctx, get_global_sam_name());
-               sid_copy(&sid, get_global_sam_sid());
-               sid_append_rid(&sid, rid);
+               sid_compose(&sid, get_global_sam_sid(), rid);
                goto ok;
        }
 
@@ -544,8 +540,7 @@ static bool lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
        if (sid_check_is_wellknown_domain(domain_sid, NULL)) {
                for (i=0; i<num_rids; i++) {
                        DOM_SID sid;
-                       sid_copy(&sid, domain_sid);
-                       sid_append_rid(&sid, rids[i]);
+                       sid_compose(&sid, domain_sid, rids[i]);
                        if (lookup_wellknown_sid(mem_ctx, &sid,
                                                 domain_name, &(*names)[i])) {
                                if ((*names)[i] == NULL) {
@@ -1192,9 +1187,8 @@ static void legacy_gid_to_sid(DOM_SID *psid, gid_t gid)
 static bool legacy_sid_to_uid(const DOM_SID *psid, uid_t *puid)
 {
        enum lsa_SidType type;
-       uint32 rid;
 
-       if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
+       if (sid_check_is_in_our_domain(psid)) {
                union unid_t id;
                bool ret;
 
@@ -1235,7 +1229,6 @@ done:
 
 static bool legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
 {
-       uint32 rid;
        GROUP_MAP map;
        union unid_t id;
        enum lsa_SidType type;
@@ -1257,7 +1250,7 @@ static bool legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
                return false;
        }
 
-       if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
+       if (sid_check_is_in_our_domain(psid)) {
                bool ret;
 
                become_root();
index b2c3b948f1b6f1917f6d2c4fc07d0af32bb38c98..3ced15080373246e514df81d768e2412c0330a1c 100644 (file)
@@ -216,8 +216,7 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p
                        return NT_STATUS_ACCESS_DENIED;
                }
 
-               sid_copy( &user_sid, get_global_sam_sid() );
-               sid_append_rid( &user_sid, user_rid );
+               sid_compose(&user_sid, get_global_sam_sid(), user_rid);
 
                if ( !pdb_set_user_sid(user, &user_sid, PDB_SET) ) {
                        DEBUG(3, ("pdb_set_user_sid failed\n"));
index 9967eb53ad0138ada25f18cdceb43fc12b4fdfbf..b65be70758ae01139ef1dcc7e392974c5cfdfc17 100644 (file)
@@ -60,10 +60,9 @@ bool pdb_set_user_sid_from_rid (struct samu *sampass, uint32 rid, enum pdb_value
                return False;
        }
 
-       sid_copy(&u_sid, global_sam_sid);
-
-       if (!sid_append_rid(&u_sid, rid))
+       if (!sid_compose(&u_sid, global_sam_sid, rid)) {
                return False;
+       }
 
        if (!pdb_set_user_sid(sampass, &u_sid, flag))
                return False;
@@ -87,10 +86,9 @@ bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32 grid, enum pdb_val
                return False;
        }
 
-       sid_copy(&g_sid, global_sam_sid);
-       
-       if (!sid_append_rid(&g_sid, grid))
+       if (!sid_compose(&g_sid, global_sam_sid, grid)) {
                return False;
+       }
 
        if (!pdb_set_group_sid(sampass, &g_sid, flag))
                return False;
index 30775e49fe541684f8cbc35db32b3d651a2becc6..d7fc02f807828c17e2f81fd737768689d0bd6741 100644 (file)
@@ -239,8 +239,7 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass)
        /* Just set it to the 'Domain Users' RID of 512 which will 
           always resolve to a name */
 
-       sid_copy( gsid, get_global_sam_sid() );
-       sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS );
+       sid_compose(gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
 
        sampass->group_sid = gsid;
 
@@ -552,8 +551,8 @@ bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_valu
        if ( sid_to_gid( g_sid, &gid ) ) {
                sid_copy(sampass->group_sid, g_sid);
        } else {
-               sid_copy( sampass->group_sid, get_global_sam_sid() );
-               sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS );
+               sid_compose(sampass->group_sid, get_global_sam_sid(),
+                           DOMAIN_GROUP_RID_USERS);
        }
 
        DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n", 
@@ -876,6 +875,7 @@ bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], e
 bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
 {
        if (historyLen && pwd){
+               data_blob_free(&(sampass->nt_pw_his));
                sampass->nt_pw_his = data_blob_talloc(sampass,
                                                pwd, historyLen*PW_HISTORY_ENTRY_LEN);
                if (!sampass->nt_pw_his.length) {
@@ -980,6 +980,9 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
 {
        uchar new_lanman_p16[LM_HASH_LEN];
        uchar new_nt_p16[NT_HASH_LEN];
+       uchar *pwhistory;
+       uint32 pwHistLen;
+       uint32 current_history_len;
 
        if (!plaintext)
                return False;
@@ -1009,68 +1012,80 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
        if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
                return False;
 
-       /* Store the password history. */
-       if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
-               uchar *pwhistory;
-               uint32 pwHistLen;
-               pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
-               if (pwHistLen != 0){
-                       uint32 current_history_len;
-                       /* We need to make sure we don't have a race condition here - the
-                          account policy history length can change between when the pw_history
-                          was first loaded into the struct samu struct and now.... JRA. */
-                       pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
-
-                       if (current_history_len != pwHistLen) {
-                               /* After closing and reopening struct samu the history
-                                       values will sync up. We can't do this here. */
-
-                               /* current_history_len > pwHistLen is not a problem - we
-                                       have more history than we need. */
-
-                               if (current_history_len < pwHistLen) {
-                                       /* Ensure we have space for the needed history. */
-                                       uchar *new_history = (uchar *)TALLOC(sampass,
-                                                               pwHistLen*PW_HISTORY_ENTRY_LEN);
-                                       if (!new_history) {
-                                               return False;
-                                       }
-
-                                       /* And copy it into the new buffer. */
-                                       if (current_history_len) {
-                                               memcpy(new_history, pwhistory,
-                                                       current_history_len*PW_HISTORY_ENTRY_LEN);
-                                       }
-                                       /* Clearing out any extra space. */
-                                       memset(&new_history[current_history_len*PW_HISTORY_ENTRY_LEN],
-                                               '\0', (pwHistLen-current_history_len)*PW_HISTORY_ENTRY_LEN);
-                                       /* Finally replace it. */
-                                       pwhistory = new_history;
-                               }
-                       }
-                       if (pwhistory && pwHistLen){
-                               /* Make room for the new password in the history list. */
-                               if (pwHistLen > 1) {
-                                       memmove(&pwhistory[PW_HISTORY_ENTRY_LEN],
-                                               pwhistory, (pwHistLen -1)*PW_HISTORY_ENTRY_LEN );
-                               }
-                               /* Create the new salt as the first part of the history entry. */
-                               generate_random_buffer(pwhistory, PW_HISTORY_SALT_LEN);
-
-                               /* Generate the md5 hash of the salt+new password as the second
-                                       part of the history entry. */
-
-                               E_md5hash(pwhistory, new_nt_p16, &pwhistory[PW_HISTORY_SALT_LEN]);
-                               pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
-                       } else {
-                               DEBUG (10,("pdb_get_set.c: pdb_set_plaintext_passwd: pwhistory was NULL!\n"));
-                       }
-               } else {
-                       /* Set the history length to zero. */
-                       pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
+       if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
+               /*
+                * No password history for non-user accounts
+                */
+               return true;
+       }
+
+       pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
+
+       if (pwHistLen == 0) {
+               /* Set the history length to zero. */
+               pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
+               return true;
+       }
+
+       /*
+        * We need to make sure we don't have a race condition here -
+        * the account policy history length can change between when
+        * the pw_history was first loaded into the struct samu struct
+        * and now.... JRA.
+        */
+       pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
+
+       if ((current_history_len != 0) && (pwhistory == NULL)) {
+               DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n"));
+               return false;
+       }
+
+       if (current_history_len < pwHistLen) {
+               /*
+                * Ensure we have space for the needed history. This
+                * also takes care of an account which did not have
+                * any history at all so far, i.e. pwhistory==NULL
+                */
+               uchar *new_history = talloc_zero_array(
+                       sampass, uchar,
+                       pwHistLen*PW_HISTORY_ENTRY_LEN);
+
+               if (!new_history) {
+                       return False;
                }
+
+               memcpy(new_history, pwhistory,
+                      current_history_len*PW_HISTORY_ENTRY_LEN);
+
+               pwhistory = new_history;
        }
 
+       /*
+        * Make room for the new password in the history list.
+        */
+       if (pwHistLen > 1) {
+               memmove(&pwhistory[PW_HISTORY_ENTRY_LEN], pwhistory,
+                       (pwHistLen-1)*PW_HISTORY_ENTRY_LEN );
+       }
+
+       /*
+        * Fill the salt area with 0-s: this indicates that
+        * a plain nt hash is stored in the has area.
+        * The old format was to store a 16 byte salt and
+        * then an md5hash of the nt_hash concatenated with
+        * the salt.
+        */
+       memset(pwhistory, 0, PW_HISTORY_SALT_LEN);
+
+       /*
+        * Store the plain nt hash in the second 16 bytes.
+        * The old format was to store the md5 hash of
+        * the salt+newpw.
+        */
+       memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt_p16, SALTED_MD5_HASH_LEN);
+
+       pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
+
        return True;
 }
 
index de46254dde0e6c1760aa79e649f1b07efe54bf88..bd85ded138a0d479d33d63b9a69670672ef3786f 100644 (file)
@@ -1472,8 +1472,7 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
        DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
                 (unsigned int)rid));
 
-       sid_copy(&sid, get_global_sam_sid());
-       sid_append_rid(&sid, rid);
+       sid_compose(&sid, get_global_sam_sid(), rid);
 
        /* see if the passdb can help us with the name of the user */
 
index 90ac8e5ffa79e655c0b9b38925038f94bf4a5354..30b27d4596d75f9123f924e1b8095b1b625e7391 100644 (file)
@@ -915,9 +915,9 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
 
                pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN);
 
-               if ((pwhist = TALLOC_ARRAY(ctx, uint8,
-                                       pwHistLen * PW_HISTORY_ENTRY_LEN)) ==
-                               NULL){
+               pwhist = TALLOC_ARRAY(ctx, uint8,
+                                     pwHistLen * PW_HISTORY_ENTRY_LEN);
+               if (pwhist == NULL) {
                        DEBUG(0, ("init_sam_from_ldap: talloc failed!\n"));
                        goto fn_exit;
                }
@@ -6394,9 +6394,8 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
 
        trim_char( uri, '\"', '\"' );
        nt_status = pdb_init_ldapsam_common(pdb_method, uri);
-       if (uri) {
-        &nb