Merge branch 'master' of git://git.samba.org/samba
authorNadezhda Ivanova <nadezhda.ivanova@postpath.com>
Mon, 4 Jan 2010 09:24:10 +0000 (11:24 +0200)
committerNadezhda Ivanova <nadezhda.ivanova@postpath.com>
Mon, 4 Jan 2010 09:24:10 +0000 (11:24 +0200)
252 files changed:
.gitignore
docs-xml/build/DTD/samba.entities
docs-xml/manpages-3/mount.cifs.8.xml
docs-xml/manpages-3/pdbedit.8.xml
docs-xml/manpages-3/rpcclient.1.xml
docs-xml/manpages-3/smbcacls.1.xml
docs-xml/manpages-3/smbclient.1.xml
docs-xml/manpages-3/smbget.1.xml
docs-xml/manpages-3/smbtree.1.xml
docs-xml/manpages-3/tdbbackup.8.xml
docs-xml/manpages-3/tdbdump.8.xml
docs-xml/manpages-3/tdbtool.8.xml
lib/replace/libreplace.m4
lib/replace/replace.c
lib/replace/replace.h
lib/replace/snprintf.c
lib/replace/test/testsuite.c
lib/tdb/Makefile.in
lib/tdb/configure.ac
lib/tdb/include/tdb.h
lib/tdb/manpages/tdbbackup.8.xml [new file with mode: 0644]
lib/tdb/manpages/tdbdump.8.xml [new file with mode: 0644]
lib/tdb/manpages/tdbtool.8.xml [new file with mode: 0644]
lib/tdb/tdb.mk
lib/tdb/tdb.signatures
lib/tevent/tevent_signal.c
lib/tsocket/tsocket_bsd.c
libcli/auth/ntlmssp_ndr.c [moved from source3/libsmb/ntlmssp_ndr.c with 99% similarity]
libcli/auth/ntlmssp_ndr.h [moved from source3/libsmb/ntlmssp_ndr.h with 100% similarity]
librpc/ndr/uuid.c
nsswitch/libwbclient/wbc_pam.c
nsswitch/libwbclient/wbc_util.c
nsswitch/libwbclient/wbclient.h
nsswitch/wbinfo.c
nsswitch/winbind_struct_protocol.h
source3/Makefile.in
source3/auth/auth_ntlmssp.c
source3/include/async_smb.h
source3/include/client.h
source3/include/includes.h
source3/include/ntlmssp.h
source3/include/proto.h
source3/include/smb.h
source3/include/smb_macros.h
source3/lib/util_sid.c
source3/libads/sasl.c
source3/librpc/gen_ndr/cli_wbint.c
source3/librpc/gen_ndr/cli_wbint.h
source3/librpc/gen_ndr/ndr_wbint.c
source3/librpc/gen_ndr/ndr_wbint.h
source3/librpc/gen_ndr/srv_wbint.c
source3/librpc/gen_ndr/srv_wbint.h
source3/librpc/gen_ndr/wbint.h
source3/librpc/idl/wbint.idl
source3/libsmb/async_smb.c
source3/libsmb/cliconnect.c
source3/libsmb/clidfs.c
source3/libsmb/clifsinfo.c
source3/libsmb/conncache.c
source3/libsmb/errormap.c
source3/libsmb/libsmb_cache.c
source3/libsmb/ntlmssp.c
source3/libsmb/ntlmssp_sign.c
source3/libsmb/smb_seal.c
source3/locale/net/de.po
source3/modules/vfs_acl_common.c
source3/rpc_client/cli_pipe.c
source3/rpc_server/srv_pipe.c
source3/smbd/error.c
source3/smbd/mangle_hash.c
source3/smbd/message.c
source3/smbd/nttrans.c
source3/smbd/pipes.c
source3/smbd/posix_acls.c
source3/smbd/process.c
source3/smbd/reply.c
source3/smbd/seal.c
source3/smbd/sesssetup.c
source3/smbd/smb2_sesssetup.c
source3/smbd/trans2.c
source3/torture/torture.c
source3/utils/net_ads.c
source3/utils/net_rpc.c
source3/utils/ntlm_auth.c
source3/winbindd/wb_getgrsid.c
source3/winbindd/wb_gettoken.c
source3/winbindd/wb_sid2gid.c
source3/winbindd/wb_sid2uid.c
source3/winbindd/winbindd.c
source3/winbindd/winbindd.h
source3/winbindd/winbindd_ads.c
source3/winbindd/winbindd_async.c
source3/winbindd/winbindd_cache.c
source3/winbindd/winbindd_ccache_access.c
source3/winbindd/winbindd_check_machine_acct.c
source3/winbindd/winbindd_domain.c
source3/winbindd/winbindd_dual.c
source3/winbindd/winbindd_dual_srv.c
source3/winbindd/winbindd_getgrnam.c
source3/winbindd/winbindd_getgroups.c
source3/winbindd/winbindd_group.c
source3/winbindd/winbindd_idmap.c
source3/winbindd/winbindd_misc.c
source3/winbindd/winbindd_passdb.c
source3/winbindd/winbindd_ping_dc.c [new file with mode: 0644]
source3/winbindd/winbindd_proto.h
source3/winbindd/winbindd_reconnect.c
source3/winbindd/winbindd_rpc.c
source3/winbindd/winbindd_user.c [deleted file]
source3/winbindd/winbindd_util.c
source4/Makefile
source4/auth/auth.h
source4/auth/credentials/config.mk
source4/auth/gensec/config.mk
source4/auth/gensec/gensec.c
source4/auth/gensec/gensec.h
source4/auth/ntlm/auth.c
source4/auth/ntlm/auth_proto.h [deleted file]
source4/auth/ntlm/auth_server.c
source4/auth/ntlm/auth_util.c
source4/auth/ntlm/auth_winbind.c
source4/auth/ntlm/config.mk
source4/auth/ntlmssp/ntlmssp.h
source4/auth/ntlmssp/ntlmssp_server.c
source4/auth/ntlmssp/ntlmssp_sign.c
source4/build/smb_build/summary.pm
source4/dsdb/common/dsdb_dn.c
source4/dsdb/common/dsdb_dn.h
source4/dsdb/common/util.c
source4/dsdb/config.mk
source4/dsdb/kcc/kcc_connection.c
source4/dsdb/kcc/kcc_deleted.c [new file with mode: 0644]
source4/dsdb/kcc/kcc_periodic.c
source4/dsdb/kcc/kcc_service.h
source4/dsdb/repl/drepl_notify.c
source4/dsdb/repl/drepl_partitions.c
source4/dsdb/repl/replicated_objects.c
source4/dsdb/samdb/ldb_modules/config.mk
source4/dsdb/samdb/ldb_modules/descriptor.c
source4/dsdb/samdb/ldb_modules/extended_dn_in.c
source4/dsdb/samdb/ldb_modules/linked_attributes.c
source4/dsdb/samdb/ldb_modules/repl_meta_data.c
source4/dsdb/samdb/ldb_modules/samba_dsdb.c
source4/dsdb/samdb/ldb_modules/schema_data.c
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
source4/dsdb/samdb/ldb_modules/util.c
source4/dsdb/samdb/ldb_modules/util.h
source4/dsdb/schema/prefixmap.h
source4/dsdb/schema/schema_init.c
source4/dsdb/schema/schema_prefixmap.c
source4/dsdb/schema/schema_query.c
source4/dsdb/schema/schema_set.c
source4/dsdb/schema/schema_syntax.c
source4/heimdal_build/external.m4
source4/kdc/config.mk
source4/kdc/hdb-samba4.c
source4/kdc/hdb-samba4.h
source4/kdc/kdc.c
source4/kdc/kdc.h
source4/kdc/kpasswdd.c
source4/kdc/pac-glue.c
source4/kdc/pac-glue.h
source4/lib/ldb-samba/ldif_handlers.c
source4/lib/ldb/common/attrib_handlers.c
source4/lib/ldb/common/ldb_modules.c
source4/lib/ldb/common/ldb_msg.c
source4/lib/ldb/config.mk
source4/lib/ldb/external/libtalloc.m4
source4/lib/ldb/include/ldb.h
source4/lib/ldb/include/ldb_module.h
source4/lib/ldb/ldb.mk
source4/lib/ldb/ldb_tdb/ldb_cache.c
source4/lib/ldb/ldb_tdb/ldb_tdb.c
source4/lib/ldb/ldb_tdb/ldb_tdb.h
source4/lib/ldb/pyldb.c
source4/lib/ldb/pyldb.h
source4/lib/ldb/tests/python/ldap.py
source4/lib/ldb/tests/python/ldap_schema.py [new file with mode: 0755]
source4/lib/ldb/tests/sample_module.c
source4/lib/ldb/tests/test-controls.sh [new file with mode: 0755]
source4/lib/ldb/tests/test-tdb.sh
source4/lib/ldb/tools/config.mk
source4/lib/ldb/tools/ldbadd.c
source4/lib/ldb/tools/ldbdel.c
source4/lib/ldb/tools/ldbmodify.c
source4/lib/ldb/tools/ldbutil.c [new file with mode: 0644]
source4/lib/ldb/tools/ldbutil.h [new file with mode: 0644]
source4/lib/ldb_wrap.c
source4/lib/registry/util.c
source4/lib/socket/config.mk
source4/lib/socket/socket.c
source4/lib/socket/socket.h
source4/libcli/finddcs.c
source4/libcli/security/sddl.c
source4/libcli/security/tests/bindings.py
source4/libnet/libnet.c
source4/libnet/libnet_passwd.c
source4/libnet/py_net.c
source4/librpc/ndr/py_security.c
source4/min_versions.m4
source4/param/config.mk
source4/param/provision.c
source4/param/pyparam.c
source4/param/tests/bindings.py
source4/rpc_server/drsuapi/addentry.c
source4/rpc_server/drsuapi/dcesrv_drsuapi.c
source4/rpc_server/drsuapi/dcesrv_drsuapi.h
source4/rpc_server/drsuapi/drsutil.c
source4/rpc_server/drsuapi/getncchanges.c
source4/rpc_server/drsuapi/updaterefs.c
source4/script/installmisc.sh
source4/scripting/python/modules.c
source4/scripting/python/modules.h
source4/scripting/python/pyglue.c
source4/scripting/python/samba/__init__.py
source4/scripting/python/samba/getopt.py
source4/scripting/python/samba/netcmd/__init__.py [new file with mode: 0644]
source4/scripting/python/samba/netcmd/domainlevel.py [new file with mode: 0644]
source4/scripting/python/samba/netcmd/enableaccount.py [new file with mode: 0755]
source4/scripting/python/samba/netcmd/newuser.py [new file with mode: 0755]
source4/scripting/python/samba/netcmd/pwsettings.py [new file with mode: 0644]
source4/scripting/python/samba/netcmd/setexpiry.py [new file with mode: 0644]
source4/scripting/python/samba/netcmd/setpassword.py [new file with mode: 0644]
source4/scripting/python/samba/provision.py
source4/scripting/python/samba/tests/netcmd.py [new file with mode: 0644]
source4/selftest/tests.sh
source4/setup/domainlevel [deleted file]
source4/setup/enableaccount [deleted file]
source4/setup/newuser [deleted file]
source4/setup/pwsettings [deleted file]
source4/setup/setexpiry [deleted file]
source4/setup/setpassword [deleted file]
source4/setup/tests/blackbox_newuser.sh
source4/setup/tests/blackbox_setpassword.sh
source4/smb_server/smb/negprot.c
source4/smb_server/smb/sesssetup.c
source4/smb_server/smb2/sesssetup.c
source4/smbd/config.mk
source4/smbd/server.c
source4/smbd/service_stream.c
source4/smbd/service_stream.h
source4/torture/drs/unit/prefixmap_tests.c
source4/torture/libnet/python/samr-test.py [new file with mode: 0644]
source4/torture/ndr/ndr.c
source4/torture/raw/oplock.c
source4/torture/raw/qfileinfo.c
source4/torture/raw/setfileinfo.c
source4/torture/raw/streams.c
source4/utils/net/net.c
testprogs/blackbox/test_export_keytab.sh
testprogs/blackbox/test_kinit.sh
testprogs/blackbox/test_passwords.sh

index e88fad08d287dbb9136978f1898ac0ccd2bcd670..4f93726a6c81bf9771493c95f6a161a4e6a45efa 100644 (file)
@@ -119,7 +119,7 @@ source3/samba4-data.mk
 source3/samba4-config.mk
 source3/torture.tdb
 source4/apidocs
-source4/auth/auth_proto.h
+source4/auth/ntlm/auth_proto.h
 source4/auth/auth_sam.h
 source4/auth/auth_sam_reply.h
 source4/auth/credentials/credentials_krb5_proto.h
index 2e924d46ba9302bbd82dc45e6520442fcde8731f..4ad65ca7c56120a44adbcaa72835cff4b2b662f7 100644 (file)
@@ -50,8 +50,8 @@
 <!ENTITY person.gd '
 <firstname>Guenther</firstname><surname>Deschner</surname>
 <affiliation>
-       <orgname>SuSE</orgname>
-       <address><email>gd@suse.de</email></address>
+       <orgname>Samba Team</orgname>
+       <address><email>gd@samba.org</email></address>
 </affiliation>'>
 
 <!ENTITY author.gd '<author>&person.gd;</author>'>
@@ -214,7 +214,7 @@ in the &smb.conf; file.</para>
 
 <!ENTITY stdarg.configfile '
 <varlistentry>
-<term>-s &lt;configuration file&gt;</term>
+<term>-s|--configfile &lt;configuration file&gt;</term>
 <listitem><para>The file specified contains the 
 configuration details required by the server.  The 
 information in this file includes server-specific
@@ -227,7 +227,7 @@ compile time.</para></listitem>
 
 <!ENTITY stdarg.version '
 <varlistentry>
-<term>-V</term>
+<term>-V|--version</term>
 <listitem><para>Prints the program version number.
 </para></listitem>
 </varlistentry>'>
@@ -249,7 +249,7 @@ log.smbd, etc...). The log file is never removed by the client.
 
 <!ENTITY stdarg.resolve.order '
 <varlistentry>
-<term>-R &lt;name resolve order&gt;</term> 
+<term>-R|--name-resolve &lt;name resolve order&gt;</term>
 <listitem><para>This option is used to determine what naming 
 services and in what order to resolve 
 host names to IP addresses. The option takes a space-separated 
@@ -307,7 +307,7 @@ resolution methods will be attempted in this order. </para></listitem>
 
 <!ENTITY stdarg.netbios.name '
 <varlistentry>
-<term>-n &lt;primary NetBIOS name&gt;</term>
+<term>-n|--netbiosname &lt;primary NetBIOS name&gt;</term>
 <listitem><para>This option allows you to override
 the NetBIOS name that Samba uses for itself. This is identical
 to setting the <smbconfoption><name>netbios name</name></smbconfoption> parameter in the &smb.conf; file. 
@@ -318,7 +318,7 @@ line setting will take precedence over settings in
 
 <!ENTITY stdarg.scope '
 <varlistentry>
-<term>-i &lt;scope&gt;</term>
+<term>-i|--scope &lt;scope&gt;</term>
 <listitem><para>This specifies a NetBIOS scope that
 <command>nmblookup</command> will use to communicate with when
 generating NetBIOS names. For details on the use of NetBIOS
@@ -340,7 +340,7 @@ SAM (as opposed to the Domain SAM). </para></listitem>
 
 <!ENTITY stdarg.socket.options '
 <varlistentry>
-<term>-O socket options</term>
+<term>-O|--socket-options socket options</term>
 <listitem><para>TCP socket options to set on the client
 socket. See the socket options parameter in
 the &smb.conf; manual page for the list of valid
@@ -357,7 +357,7 @@ options. </para></listitem>
 
 <!ENTITY stdarg.nopass '
 <varlistentry>
-<term>-N</term>
+<term>-N|--no-pass</term>
 <listitem><para>If specified, this parameter suppresses the normal
 password prompt from the client to the user. This is useful when
 accessing a service that does not require a password. </para>
@@ -420,7 +420,7 @@ access from unwanted users. </para></listitem>
 
 <!ENTITY stdarg.kerberos '
 <varlistentry>
-<term>-k</term>
+<term>-k|--kerberos</term>
 <listitem><para>
 Try to authenticate with kerberos. Only useful in
 an Active Directory environment.
index 372b4772f135f264fa9d45e940522180c345da10..d930600437e705be770cfef4b0d8c0bc13cfdf4b 100644 (file)
@@ -477,11 +477,34 @@ permissions in memory that can't be stored on the server. This information can d
 
         <varlistentry>
                 <term>noserverino</term>
-                <listitem><para>client generates inode numbers (rather than using the actual one
-                from the server) by default.
+               <listitem>
+               <para>
+                       Client generates inode numbers (rather than
+               using the actual one from the server) by default.
+               </para>
+               <para>
+                       See section <emphasis>INODE NUMBERS</emphasis> for
+               more information.
                </para></listitem>
         </varlistentry>
 
+        <varlistentry>
+               <term>nounix</term>
+               <listitem>
+               <para>
+                       Disable the CIFS Unix Extensions for this mount. This
+               can be useful in order to turn off multiple settings at once.
+               This includes POSIX acls, POSIX locks, POSIX paths, symlink
+               support and retrieving uids/gids/mode from the server. This
+               can also be useful to work around a bug in a server that
+               supports Unix Extensions.
+               </para>
+               <para>
+               See section <emphasis>INODE NUMBERS</emphasis> for
+               more information.
+               </para> </listitem>
+        </varlistentry>
+
         <varlistentry>
                 <term>nouser_xattr</term>
                 <listitem><para>(default) Do not allow getfattr/setfattr to get/set xattrs, even if server would support it otherwise. </para></listitem>
@@ -532,6 +555,33 @@ permissions in memory that can't be stored on the server. This information can d
        </para>
 </refsect1>
 
+<refsect1>
+       <title>INODE NUMBERS</title>
+       <para>
+               When Unix Extensions are enabled, we use the actual inode
+       number provided by the server in response to the POSIX calls as an
+       inode number.
+       </para>
+       <para>
+               When Unix Extensions are disabled and "serverino" mount option
+       is enabled there is no way to get the server inode number. The
+       client typically maps the server-assigned "UniqueID" onto an inode
+       number.
+       </para>
+       <para>
+               Note that the UniqueID is a different value from the server
+       inode number. The UniqueID value is unique over the scope of the entire
+       server and is often greater than 2 power 32. This value often makes
+       programs that are not compiled with LFS (Large File Support), to
+       trigger a glibc EOVERFLOW error as this won't fit in the target
+       structure field. It is strongly recommended to compile your programs
+       with LFS support (i.e. with -D_FILE_OFFSET_BITS=64) to prevent this
+       problem. You can also use "noserverino" mount option to generate inode
+       numbers smaller than 2 power 32 on the client. But you may not be able
+       to detect hardlinks properly.
+       </para>
+</refsect1>
+
 <refsect1>
        <title>FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS</title>
 
index d0ea811838b023a908bcecb838825881c3ceecee..2d074d922d7f6c046df6695989e62e9604c2c420 100644 (file)
 <refsynopsisdiv>
        <cmdsynopsis>
                <command>pdbedit</command>
-               <arg choice="opt">-L</arg>      
-               <arg choice="opt">-v</arg>      
-               <arg choice="opt">-w</arg>      
-               <arg choice="opt">-u username</arg>     
-               <arg choice="opt">-f fullname</arg>     
-               <arg choice="opt">-h homedir</arg>      
-               <arg choice="opt">-D drive</arg>        
-               <arg choice="opt">-S script</arg>
-               <arg choice="opt">-p profile</arg>      
-               <arg choice="opt">-a</arg>      
-               <arg choice="opt">-t, --password-from-stdin</arg>
-               <arg choice="opt">-m</arg>      
-               <arg choice="opt">-r</arg>      
-               <arg choice="opt">-x</arg>      
-               <arg choice="opt">-i passdb-backend</arg>       
-               <arg choice="opt">-e passdb-backend</arg>   
+               <arg choice="opt">-a</arg>
                <arg choice="opt">-b passdb-backend</arg>
-               <arg choice="opt">-g</arg>
+               <arg choice="opt">-c account-control</arg>
+               <arg choice="opt">-C value</arg>
                <arg choice="opt">-d debuglevel</arg>
-               <arg choice="opt">-s configfile</arg>
+               <arg choice="opt">-D drive</arg>
+               <arg choice="opt">-e passdb-backend</arg>
+               <arg choice="opt">-f fullname</arg>
+               <arg choice="opt">--force-initialized-passwords</arg>
+               <arg choice="opt">-g</arg>
+               <arg choice="opt">-h homedir</arg>
+               <arg choice="opt">-i passdb-backend</arg>
+               <arg choice="opt">-I domain</arg>
+               <arg choice="opt">-L </arg>
+               <arg choice="opt">-m</arg>
+               <arg choice="opt">-M SID|RID</arg>
+               <arg choice="opt">-N description</arg>
                <arg choice="opt">-P account-policy</arg>
-               <arg choice="opt">-C value</arg>
-               <arg choice="opt">-c account-control</arg>
+               <arg choice="opt">-p profile</arg>
+               <arg choice="opt">--policies-reset</arg>
+               <arg choice="opt">-r</arg>
+               <arg choice="opt">-s configfile</arg>
+               <arg choice="opt">-S script</arg>
+               <arg choice="opt">-t</arg>
+               <arg choice="opt">--time-format</arg>
+               <arg choice="opt">-u username</arg>
+               <arg choice="opt">-U SID|RID</arg>
+               <arg choice="opt">-v</arg>
+               <arg choice="opt">-V</arg>
+               <arg choice="opt">-w</arg>
+               <arg choice="opt">-x</arg>
                <arg choice="opt">-y</arg>
+               <arg choice="opt">-z</arg>
+               <arg choice="opt">-Z</arg>
        </cmdsynopsis>
 </refsynopsisdiv>
 
@@ -69,7 +79,7 @@
        <title>OPTIONS</title>
        <variablelist>
                <varlistentry>
-               <term>-L</term>
+               <term>-L|--list</term>
                <listitem><para>This option lists all the user accounts
                present in the users database.
                This option prints a list of user/uid pairs separated by
@@ -85,7 +95,7 @@ samba:45:Test User
                
                
                <varlistentry>
-               <term>-v</term>
+               <term>-v|--verbose</term>
                <listitem><para>This option enables the verbose listing format.
                It causes pdbedit to list the users in the database, printing
                out the account fields in a descriptive format.</para>
@@ -117,7 +127,7 @@ Profile Path:   \\BERSERKER\profile
                
                
                <varlistentry>
-               <term>-w</term>
+               <term>-w|--smbpasswd-style</term>
                <listitem><para>This option sets the "smbpasswd" listing format.
                It will make pdbedit list the users in the database, printing
                out the account fields in a format compatible with the
@@ -139,7 +149,7 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
                
                
                <varlistentry>
-               <term>-u username</term>
+               <term>-u|--user username</term>
                <listitem><para>This option specifies the username to be
                used for the operation requested (listing, adding, removing).
                It is <emphasis>required</emphasis> in add, remove and modify
@@ -149,7 +159,7 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
                </varlistentry>
 
                <varlistentry>
-               <term>-f fullname</term>
+               <term>-f|--fullname fullname</term>
                <listitem><para>This option can be used while adding or
                modifing a user account. It will specify the user's full
                name. </para>
@@ -159,7 +169,7 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
                </varlistentry>
                
                <varlistentry>
-               <term>-h homedir</term>
+               <term>-h|--homedir homedir</term>
                <listitem><para>This option can be used while adding or
                modifing a user account. It will specify the user's home
                directory network path.</para>
@@ -170,7 +180,7 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
                </varlistentry>
                
                <varlistentry>
-               <term>-D drive</term>
+               <term>-D|--drive drive</term>
                <listitem><para>This option can be used while adding or
                modifing a user account. It will specify the windows drive
                letter to be used to map the home directory.</para>
@@ -182,7 +192,7 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
                
                
                <varlistentry>
-               <term>-S script</term>
+               <term>-S|--script script</term>
                <listitem><para>This option can be used while adding or
                modifing a user account. It will specify the user's logon
                script path.</para>
@@ -194,7 +204,7 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
                
                
                <varlistentry>
-               <term>-p profile</term>
+               <term>-p|--profile profile</term>
                <listitem><para>This option can be used while adding or
                modifing a user account. It will specify the user's profile
                directory.</para>
@@ -205,29 +215,32 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
                </varlistentry>
 
                <varlistentry>
-               <term>-G SID|rid</term>
+               <term>-M|'--machine SID' SID|rid</term>
                <listitem><para>
-               This option can be used while adding or modifying a user account. It 
-               will specify the users' new primary group SID (Security Identifier) or 
+               This option can be used while adding or modifying a machine account. It
+               will specify the machines' new primary group SID (Security Identifier) or
                rid. </para>
 
-               <para>Example: <command>-G S-1-5-21-2447931902-1787058256-3961074038-1201</command></para>
+               <para>Example: <command>-M S-1-5-21-2447931902-1787058256-3961074038-1201</command></para>
                </listitem>
                </varlistentry>
 
                <varlistentry>
-               <term>-U SID|rid</term>
+               <term>-U|'--user SID' SID|rid</term>
                <listitem><para>
                This option can be used while adding or modifying a user account. It 
                will specify the users' new SID (Security Identifier) or 
                rid. </para>
 
                <para>Example: <command>-U S-1-5-21-2447931902-1787058256-3961074038-5004</command></para>
+               <para>Example: <command>'--user SID' S-1-5-21-2447931902-1787058256-3961074038-5004</command></para>
+               <para>Example: <command>-U 5004</command></para>
+               <para>Example: <command>'--user SID' 5004</command></para>
                </listitem>
                </varlistentry>
 
                <varlistentry>
-               <term>-c account-control</term>
+               <term>-c|--account-control account-control</term>
                <listitem><para>This option can be used while adding or modifying a user
                                account. It will specify the users' account control property. Possible flags are listed below.
        </para>
@@ -263,7 +276,7 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
                 </varlistentry>
 
                <varlistentry>
-               <term>-a</term>
+               <term>-a|--create</term>
                <listitem><para>This option is used to add a user into the
                database. This command needs a user name specified with
                the -u switch. When adding a new user, pdbedit will also
@@ -289,7 +302,7 @@ retype new password
                </varlistentry>
                
                <varlistentry>
-               <term>-t--password-from-stdin</term>
+               <term>-t|--password-from-stdin</term>
                <listitem><para>This option causes pdbedit to read the password
                from standard input, rather than from /dev/tty (like the
                <command>passwd(1)</command> program does).  The password has
@@ -298,7 +311,7 @@ retype new password
                </varlistentry>
 
                <varlistentry>
-               <term>-r</term>
+               <term>-r|--modify</term>
                <listitem><para>This option is used to modify an existing user 
                in the database. This command needs a user name specified with the -u 
                switch. Other options can be specified to modify the properties of 
@@ -308,7 +321,7 @@ retype new password
                </varlistentry>
                        
                <varlistentry>
-               <term>-m</term>
+               <term>-m|--machine</term>
                <listitem><para>This option may only be used in conjunction 
                with the <parameter>-a</parameter> option. It will make
                pdbedit to add a machine trust account instead of a user
@@ -321,7 +334,7 @@ retype new password
                
                
                <varlistentry>
-               <term>-x</term>
+               <term>-x|--delete</term>
                <listitem><para>This option causes pdbedit to delete an account
                from the database. It needs a username specified with the
                -u switch.</para>
@@ -332,7 +345,7 @@ retype new password
                
 
                <varlistentry>
-               <term>-i passdb-backend</term>
+               <term>-i|--import passdb-backend</term>
                <listitem><para>Use a different passdb backend to retrieve users
                 than the one specified in smb.conf. Can be used to import data into
                 your local user database.</para>
@@ -346,7 +359,7 @@ retype new password
                </varlistentry>
 
                <varlistentry>
-               <term>-e passdb-backend</term>
+               <term>-e|--export passdb-backend</term>
                <listitem><para>Exports all currently available users to the
                specified password database backend.</para>
 
@@ -358,7 +371,7 @@ retype new password
                </varlistentry>
 
                <varlistentry>
-               <term>-g</term>
+               <term>-g|--group</term>
                <listitem><para>If you specify <parameter>-g</parameter>,
                then <parameter>-i in-backend -e out-backend</parameter>
                applies to the group mapping instead of the user database.</para>
@@ -370,7 +383,7 @@ retype new password
                </varlistentry>
 
                <varlistentry>
-               <term>-b passdb-backend</term>
+               <term>-b|--backend passdb-backend</term>
                <listitem><para>Use a different default passdb backend. </para>
 
                <para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para>
@@ -378,7 +391,7 @@ retype new password
                </varlistentry>
 
                <varlistentry>
-               <term>-P account-policy</term>
+               <term>-P|--account-policy account-policy</term>
                <listitem><para>Display an account policy</para>
                <para>Valid policies are: minimum password age, reset count minutes, disconnect time,
                user must logon to change password, password history, lockout duration, min password length,
@@ -394,7 +407,7 @@ account policy value for bad lockout attempt is 0
 
 
                <varlistentry>
-               <term>-C account-policy-value</term>
+               <term>-C|--value account-policy-value</term>
                <listitem><para>Sets an account policy to a specified value. 
                This option may only be used in conjunction
                with the <parameter>-P</parameter> option.
@@ -409,7 +422,7 @@ account policy value for bad lockout attempt is now 3
                </varlistentry>
 
                <varlistentry>
-               <term>-y</term>
+               <term>-y|--policies</term>
                <listitem><para>If you specify <parameter>-y</parameter>,
                then <parameter>-i in-backend -e out-backend</parameter>
                applies to the account policies instead of the user database.</para>
@@ -422,6 +435,73 @@ account policy value for bad lockout attempt is now 3
                </listitem>
                </varlistentry>
 
+               <varlistentry>
+               <term>--force-initialized-passwords</term>
+               <listitem><para>This option forces all users to change their
+                               password upon next login.
+               </para>
+               </listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>-N|--account-desc description</term>
+               <listitem><para>This option can be used while adding or
+               modifing a user account. It will specify the user's description
+               field.</para>
+
+               <para>Example: <command>-N "test description"</command>
+               </para>
+               </listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>-Z|--logon-hours-reset</term>
+               <listitem><para>This option can be used while adding or
+               modifing a user account. It will reset the user's allowed logon
+               hours. A user may login at any time afterwards.</para>
+
+               <para>Example: <command>-Z</command>
+               </para>
+               </listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>-z|--bad-password-count-reset</term>
+               <listitem><para>This option can be used while adding or
+               modifing a user account. It will reset the stored bad login
+               counter from a specified user.</para>
+
+               <para>Example: <command>-z</command>
+               </para>
+               </listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>--policies-reset</term>
+               <listitem><para>This option can be used to reset the general
+                               password policies stored for a domain to their
+                               default values.</para>
+               <para>Example: <command>--policies-reset</command>
+               </para>
+               </listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>-I|--domain</term>
+               <listitem><para>This option can be used while adding or
+               modifing a user account. It will specify the user's domain field.</para>
+
+               <para>Example: <command>-I "MYDOMAIN"</command>
+               </para>
+               </listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>--time-format</term>
+               <listitem><para>This option is currently not being used.</para>
+               </listitem>
+               </varlistentry>
+
                &stdarg.help;
                &stdarg.server.debug;
                &popt.common.samba;
index f7cef5f1fbf13ca75d53190e5e79e81b55d21216..1a546a9598ea163801ae5a13c2cc454c90367d79 100644 (file)
@@ -29,7 +29,6 @@
                <arg choice="opt">-s &lt;smb config file&gt;</arg>
                <arg choice="opt">-U username[%password]</arg>
                <arg choice="opt">-W workgroup</arg>
-               <arg choice="opt">-N</arg>
                <arg choice="opt">-I destinationIP</arg>
                <arg choice="req">server</arg>
        </cmdsynopsis>
@@ -70,7 +69,7 @@
 
                
                <varlistentry>
-               <term>-I IP-address</term>
+               <term>-I|--dest-ip IP-address</term>
                <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to. 
                It should be specified in standard "a.b.c.d" notation. </para>
 
                above. </para></listitem>
                </varlistentry>
 
+               <varlistentry>
+               <term>-p|--port port</term>
+               <listitem><para>This number is the TCP port number that will be used
+               when making connections to the server. The standard (well-known)
+               TCP port number for an SMB/CIFS server is 139, which is the
+               default. </para></listitem>
+               </varlistentry>
+
                &stdarg.server.debug;
                &popt.common.samba;
                &popt.common.credentials;               
index 30b389e9d0a7c7e84e02f49a386ef6a8f3b2e57b..3e63b9b0d40ccb3ea4cc5d2be94d6f190650e996 100644 (file)
@@ -55,7 +55,7 @@
 
        <variablelist>
                <varlistentry>
-               <term>-a acls</term>
+               <term>-a|--add acls</term>
                <listitem><para>Add the ACLs specified to the ACL list.  Existing 
                access control entries are unchanged. </para></listitem>
                </varlistentry>
@@ -63,7 +63,7 @@
                
                
                <varlistentry>
-               <term>-M acls</term>
+               <term>-M|--modify acls</term>
                <listitem><para>Modify the mask value (permissions) for the ACLs 
                specified on the command line.  An error will be printed for each 
                ACL specified that was not already present in the ACL list
@@ -73,7 +73,7 @@
                
                
                <varlistentry>
-               <term>-D acls</term>
+               <term>-D|--delete acls</term>
                <listitem><para>Delete any ACLs specified on the command line.  
                An error will be printed for each ACL specified that was not 
                already present in the ACL list. </para></listitem>
@@ -82,7 +82,7 @@
                
                
                <varlistentry>
-               <term>-S acls</term>
+               <term>-S|--set acls</term>
                <listitem><para>This command sets the ACLs on the file with 
                only the ones specified on the command line.  All other ACLs are 
                erased. Note that the ACL specified must contain at least a revision,
                
                
                <varlistentry>
-               <term>-U username</term>
-               <listitem><para>Specifies a username used to connect to the 
-               specified service.  The username may be of the form "username" in 
-               which case the user is prompted to enter in a password and the 
-               workgroup specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
-               <manvolnum>5</manvolnum></citerefentry> file is 
-               used, or "username%password"  or "DOMAIN\username%password" and the 
-               password and workgroup names are used as provided. </para></listitem>
-               </varlistentry>
-               
-               
-               
-               <varlistentry>
-               <term>-C name</term>
+               <term>-C|--chown name</term>
                <listitem><para>The owner of a file or directory can be changed 
                to the name given using the <parameter>-C</parameter> option.  
                The name can be a sid in the form S-1-x-y-z or a name resolved 
                
                
                <varlistentry>
-               <term>-G name</term>
+               <term>-G|--chgrp name</term>
                <listitem><para>The group owner of a file or directory can 
                be changed to the name given using the <parameter>-G</parameter> 
                option.  The name can be a sid in the form S-1-x-y-z or a name 
                </varlistentry>
                
                <varlistentry>
-               <term>-t</term>
+               <term>-t|--test-args</term>
                <listitem><para>
                Don't actually do anything, only validate the correctness of 
                the arguments.
                &stdarg.help;
                &stdarg.server.debug;
                &popt.common.samba;
+               &popt.common.credentials;
        </variablelist>
 </refsect1>
 
index 6b4311d933992190c09be82a81a80ea78f763503..9c3a97f6de0a8fd2accad937e5910d727a0b16d5 100644 (file)
                </varlistentry>
                
                <varlistentry>
-               <term>-R &lt;name resolve order&gt;</term> 
+               <term>-R|--name-resolve &lt;name resolve order&gt;</term>
                <listitem><para>This option is used by the programs in the Samba 
                suite to determine what naming services and in what order to resolve 
                host names to IP addresses. The option takes a space-separated 
                
                
                <varlistentry>
-               <term>-M NetBIOS name</term>
+               <term>-M|--message NetBIOS name</term>
                <listitem><para>This options allows you to send messages, using 
                the "WinPopup" protocol, to another computer. Once a connection is 
                established you then type your message, pressing ^D (control-D) to 
                </varlistentry>
 
                <varlistentry>
-               <term>-p port</term>
+               <term>-p|--port port</term>
                <listitem><para>This number is the TCP port number that will be used 
                when making connections to the server. The standard (well-known)
                TCP port number for an SMB/CIFS server is 139, which is the 
                </varlistentry>
 
                <varlistentry>
-               <term>-g</term>
+               <term>-g|--grepable</term>
                <listitem><para>This parameter provides combined with
                <parameter>-L</parameter> easy parseable output that allows processing
                with utilities such as grep and cut.
                </para></listitem>
                </varlistentry>
 
+               <varlistentry>
+               <term>-m|--max-protocol protocol</term>
+               <listitem><para>This parameter sets the maximum protocol version announced by the client.
+               </para></listitem>
+               </varlistentry>
+
                <varlistentry>
                <term>-P</term>
                <listitem><para>
                &stdarg.help;
 
                <varlistentry>
-               <term>-I IP-address</term>
+               <term>-I|--ip-address IP-address</term>
                <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to.
                It should be specified in standard "a.b.c.d" notation. </para>
 
                </varlistentry>
                
                <varlistentry>
-               <term>-E</term>
+               <term>-E|--stderr</term>
                <listitem><para>This parameter causes the client to write messages 
                to the standard error stream (stderr) rather than to the standard 
                output stream. </para>
                </varlistentry>
                
                <varlistentry>
-               <term>-L</term>
+               <term>-L|--list</term>
                <listitem><para>This option allows you to look at what services 
                are available on a server. You use it as <command>smbclient -L 
                host</command> and a list should appear.  The <parameter>-I
                </varlistentry>
                
                <varlistentry>  
-               <term>-b buffersize</term>
+               <term>-b|--send-buffer buffersize</term>
                <listitem><para>This option changes the transmit/send buffer 
                size when getting or putting a file from/to the server. The default 
                is 65520 bytes. Setting this value smaller (to 1200 bytes) has been 
                &popt.common.connection;
                
                <varlistentry>
-               <term>-T tar options</term>
+               <term>-T|--tar tar options</term>
                <listitem><para>smbclient may be used to create <command>tar(1)
                </command> compatible backups of all the files on an SMB/CIFS
                share. The secondary tar flags that can be given to this option 
                </varlistentry>
                
                <varlistentry>
-               <term>-D initial directory</term>
+               <term>-D|--directory initial directory</term>
                <listitem><para>Change to initial directory before starting. Probably 
                only of any use with the tar -T option. </para></listitem>
                </varlistentry>
                
                <varlistentry>
-               <term>-c command string</term>
+               <term>-c|--comand command string</term>
                <listitem><para>command string is a semicolon-separated list of 
                commands to be executed instead of prompting from stdin. <parameter>
                -N</parameter> is implied by <parameter>-c</parameter>.</para>
index 1260ad1d88c7780b141e9ce63a6c85bb392351de..e4094ab096259fb9cf886eff1a34820e0f860045 100644 (file)
@@ -34,6 +34,7 @@
                <arg choice="opt">-q, --quiet</arg>
                <arg choice="opt">-v, --verbose</arg>
                <arg choice="opt">-b, --blocksize</arg>
+               <arg choice="opt">-O, --stdout</arg>
                <arg choice="opt">-?, --help</arg>
                <arg choice="opt">--usage</arg>
                <arg choice="req">smb://host/share/path/to/file</arg>
 
        <varlistentry>
                <term>-o, --outputfile</term>
-               <listitem><para>Write the file that is being download to the specified file. Can not be used together with -R.</para></listitem>
+               <listitem><para>Write the file that is being downloaded to the specified file. Can not be used together with -R.</para></listitem>
+       </varlistentry>
+
+       <varlistentry>
+               <term>-O, --stdout</term>
+               <listitem><para>Write the file that is being downloaded to standard output.</para></listitem>
        </varlistentry>
 
        <varlistentry>
index 3864a616204e471792c11c7413980f73563956c4..d69aef13bad02ea654c77a143a09ca195a77f9f5 100644 (file)
 
        <variablelist>
                <varlistentry>
-               <term>-b</term>
+               <term>-b|--broadcast</term>
                <listitem><para>Query network nodes by sending requests 
                as broadcasts instead of querying the local master browser.
                </para></listitem>
                </varlistentry>
 
                <varlistentry>
-               <term>-D</term>
+               <term>-D|--domains</term>
                <listitem><para>Only print a list of all 
                the domains known on broadcast or by the 
                master browser</para></listitem>
                </varlistentry>
 
                <varlistentry>
-               <term>-S</term>
+               <term>-S|--servers</term>
                <listitem><para>Only print a list of 
                all the domains and servers responding on broadcast or 
                known by the master browser. 
index 5c42371ea261902192527f54bfa115c33cbe1f4c..78fe32eb8ec1299445080d5e1961b7beb74478c3 100644 (file)
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
 <refentry id="tdbbackup.8">
 
 <refmeta>
index 8e42e0862252d3cb95fef9c1fdf67329e0cf2317..90465e53e87e77320dda27ca2465e47fbc04ab4f 100644 (file)
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
 <refentry id="tdbdump.8">
 
 <refmeta>
index 042c88cdc603f74147899206a315ee3eecbaad64..9f96db277dbbec46f0e9ebc3ea9a2ff66b62c810 100644 (file)
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
 <refentry id="tdbtool.8">
 
 <refmeta>
index af8587938d12ca16c1751b83e71f3fc92f1c6063..1353c1f7d2677c7e6106677af7e3446b120b42a3 100644 (file)
@@ -228,6 +228,8 @@ AC_HAVE_DECL(environ, [#include <unistd.h>])
 AC_CHECK_FUNCS(strnlen)
 AC_CHECK_FUNCS(strtoull __strtoull strtouq strtoll __strtoll strtoq)
 
+AC_CHECK_FUNCS(memmem)
+
 # this test disabled as we don't actually need __VA_ARGS__ yet
 AC_TRY_CPP([
 #define eprintf(...) fprintf(stderr, __VA_ARGS__)
index fc15717349e1d189dcd9494d1bc2dd61e12ca92c..17fd46bcc89828b5bd85ce7573c68fafe106c04c 100644 (file)
@@ -681,3 +681,26 @@ char *rep_realpath(const char *path, char *resolved_path)
        return NULL;
 }
 #endif
+
+
+#ifndef HAVE_MEMMEM
+void *rep_memmem(const void *haystack, size_t haystacklen,
+                const void *needle, size_t needlelen)
+{
+       if (needlelen == 0) {
+               return discard_const(haystack);
+       }
+       while (haystacklen >= needlelen) {
+               char *p = memchr(haystack, *(const char *)needle,
+                                haystacklen-(needlelen-1));
+               if (!p) return NULL;
+               if (memcmp(p, needle, needlelen) == 0) {
+                       return p;
+               }
+               haystack = p+1;
+               haystacklen -= (p - (const char *)haystack) + 1;
+       }
+       return NULL;
+}
+#endif
+
index 6424d10c0f9b9ed6f53f1740be6c97cf020e747b..baf2368130c6342af2d164c0442a88e5d2d59199 100644 (file)
@@ -140,6 +140,12 @@ char *rep_strdup(const char *s);
 void *rep_memmove(void *dest,const void *src,int size);
 #endif
 
+#ifndef HAVE_MEMMEM
+#define memmem rep_memmem
+void *rep_memmem(const void *haystack, size_t haystacklen,
+                const void *needle, size_t needlelen);
+#endif
+
 #ifndef HAVE_MKTIME
 #define mktime rep_mktime
 /* prototype is in "system/time.h" */
index c54d721ce5e54eabe273943516a9ddc7c628f61f..bca774263ef3cb2555610e10a5c4386ebe387df7 100644 (file)
@@ -504,6 +504,7 @@ static int dopr(char *buffer, size_t maxlen, const char *format, va_list args_in
                                break;
                        case 'p':
                                cnk->type = CNK_PTR;
+                               cnk->flags |= DP_F_UNSIGNED;
                                break;
                        case 'n':
                                cnk->type = CNK_NUM;
index 7929f11addf0a660ba9ca6e19ca4d02f420339eb..caa70d68e390b6a047bb4dd3bce0bb8a6c0b8535 100644 (file)
@@ -1015,6 +1015,42 @@ static int test_utimes(void)
        return true;
 }
 
+static int test_memmem(void)
+{
+       char *s;
+
+       printf("test: memmem\n");
+
+       s = memmem("foo", 3, "fo", 2);
+       if (strcmp(s, "foo") != 0) {
+               printf(__location__ ": Failed memmem\n");
+               return false;
+       }
+
+       s = memmem("foo", 3, "", 0);
+       if (strcmp(s, "foo") != 0) {
+               printf(__location__ ": Failed memmem\n");
+               return false;
+       }
+
+       s = memmem("foo", 4, "o", 1);
+       if (strcmp(s, "oo") != 0) {
+               printf(__location__ ": Failed memmem\n");
+               return false;
+       }
+
+       s = memmem("foobarfodx", 11, "fod", 3);
+       if (strcmp(s, "fodx") != 0) {
+               printf(__location__ ": Failed memmem\n");
+               return false;
+       }
+
+       printf("success: memmem\n");
+
+       return true;
+}
+
+
 struct torture_context;
 bool torture_local_replace(struct torture_context *ctx)
 {
@@ -1065,6 +1101,7 @@ bool torture_local_replace(struct torture_context *ctx)
        ret &= test_getifaddrs();
        ret &= test_utime();
        ret &= test_utimes();
+       ret &= test_memmem();
 
        return ret;
 }
index 93bfe37f4f2089bf2d8d65b9ac0626ddec7f09fc..3abeec3258cba4bb438a975eb1d8bf507904a52f 100644 (file)
@@ -31,18 +31,22 @@ PYTHON_CHECK_TARGET = @PYTHON_CHECK_TARGET@
 LIB_PATH_VAR = @LIB_PATH_VAR@
 tdbdir = @tdbdir@
 
+EXTRA_TARGETS = @DOC_TARGET@
+
 TDB_OBJ = @TDB_OBJ@ @LIBREPLACEOBJ@
 
 SONAMEFLAG = @SONAMEFLAG@
 VERSIONSCRIPT = @VERSIONSCRIPT@
 EXPORTSFILE = @EXPORTSFILE@
 
+XSLTPROC = @XSLTPROC@
+
 default: all
 
 include $(tdbdir)/tdb.mk
 include $(tdbdir)/rules.mk
 
-all:: showflags dirs $(PROGS) $(TDB_SOLIB) libtdb.a $(PYTHON_BUILD_TARGET)
+all:: showflags dirs $(PROGS) $(TDB_SOLIB) libtdb.a $(PYTHON_BUILD_TARGET) $(EXTRA_TARGETS)
 
 install:: all
 $(TDB_SOLIB): $(TDB_OBJ)
index 779f596e1875f69e9aa77fef797a03f558024a04..dac7bb2673df8d14c982881e6a8bc88bf465e7ce 100644 (file)
@@ -38,6 +38,13 @@ AC_ARG_ENABLE(python,
                  fi
                ])
 
+AC_PATH_PROG(XSLTPROC,xsltproc)
+DOC_TARGET=""
+if test -n "$XSLTPROC"; then
+       DOC_TARGET=doc
+fi
+AC_SUBST(DOC_TARGET)
+
 m4_include(build_macros.m4)
 BUILD_WITH_SHARED_BUILD_DIR
 
index db9ce4ad276f094c1ec421d783970f4efaabd428..c9e946a8855557a375fa755fe30b5e7b4e541e08 100644 (file)
@@ -143,7 +143,7 @@ void tdb_remove_flags(struct tdb_context *tdb, unsigned flag);
 void tdb_enable_seqnum(struct tdb_context *tdb);
 void tdb_increment_seqnum_nonblock(struct tdb_context *tdb);
 int tdb_check(struct tdb_context *tdb,
-             int (*check)(TDB_DATA key, TDB_DATA data, void *private_data),
+             int (*check) (TDB_DATA key, TDB_DATA data, void *private_data),
              void *private_data);
 
 /* Low level locking functions: use with care */
diff --git a/lib/tdb/manpages/tdbbackup.8.xml b/lib/tdb/manpages/tdbbackup.8.xml
new file mode 100644 (file)
index 0000000..5c42371
--- /dev/null
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="tdbbackup.8">
+
+<refmeta>
+       <refentrytitle>tdbbackup</refentrytitle>
+       <manvolnum>8</manvolnum>
+       <refmiscinfo class="source">Samba</refmiscinfo>
+       <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+       <refmiscinfo class="version">3.6</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+       <refname>tdbbackup</refname>
+       <refpurpose>tool for backing up and for validating the integrity of samba .tdb files</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+       <cmdsynopsis>
+               <command>tdbbackup</command>
+               <arg choice="opt">-s suffix</arg>
+               <arg choice="opt">-v</arg>
+               <arg choice="opt">-h</arg>
+       </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+       <title>DESCRIPTION</title>
+
+       <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+       <manvolnum>1</manvolnum></citerefentry> suite.</para>
+
+       <para><command>tdbbackup</command> is a tool that may be used to backup samba .tdb
+       files. This tool may also be used to verify the integrity of the .tdb files prior
+       to samba startup or during normal operation. If it finds file damage and it finds 
+       a prior backup the backup file will be restored. 
+       </para>
+</refsect1>
+
+
+<refsect1>
+       <title>OPTIONS</title>
+
+       <variablelist>
+
+               <varlistentry>
+               <term>-h</term>
+               <listitem><para>
+               Get help information.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>-s suffix</term>
+               <listitem><para>
+               The <command>-s</command> option allows the adminisistrator to specify a file
+               backup extension. This way it is possible to keep a history of tdb backup
+               files by using a new suffix for each backup.
+               </para> </listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>-v</term>
+               <listitem><para>
+               The <command>-v</command> will check the database for damages (currupt data)
+               which if detected causes the backup to be restored.
+               </para></listitem>
+               </varlistentry>
+
+       </variablelist>
+</refsect1>
+
+
+<refsect1>
+       <title>COMMANDS</title>
+
+       <para><emphasis>GENERAL INFORMATION</emphasis></para>
+
+       <para>
+       The <command>tdbbackup</command> utility can safely be run at any time. It was designed so
+       that it can be used at any time to validate the integrity of tdb files, even during Samba
+       operation. Typical usage for the command will be:
+       </para>
+
+       <para>tdbbackup [-s suffix] *.tdb</para>
+
+       <para>
+       Before restarting samba the following command may be run to validate .tdb files:
+       </para>
+
+       <para>tdbbackup -v [-s suffix] *.tdb</para>
+
+       <para>
+       Samba .tdb files are stored in various locations, be sure to run backup all
+       .tdb file on the system. Important files includes:
+       </para>
+
+       <itemizedlist>
+               <listitem><para>
+               <command>secrets.tdb</command> - usual location is in the /usr/local/samba/private
+               directory, or on some systems in /etc/samba.
+               </para></listitem>
+
+               <listitem><para>
+               <command>passdb.tdb</command> - usual location is in the /usr/local/samba/private
+               directory, or on some systems in /etc/samba.
+               </para></listitem>
+
+               <listitem><para>
+               <command>*.tdb</command> located in the /usr/local/samba/var directory or on some
+               systems in the /var/cache or /var/lib/samba directories.
+               </para></listitem>
+       </itemizedlist>
+
+</refsect1>
+
+<refsect1>
+       <title>VERSION</title>
+
+       <para>This man page is correct for version 3 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+       <title>AUTHOR</title>
+
+       <para>
+       The original Samba software and related utilities were created by Andrew Tridgell.
+       Samba is now developed by the Samba Team as an Open Source project similar to the way
+       the Linux kernel is developed.
+       </para> 
+
+       <para>The tdbbackup man page was written by John H Terpstra.</para>
+</refsect1>
+
+</refentry>
diff --git a/lib/tdb/manpages/tdbdump.8.xml b/lib/tdb/manpages/tdbdump.8.xml
new file mode 100644 (file)
index 0000000..8e42e08
--- /dev/null
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="tdbdump.8">
+
+<refmeta>
+       <refentrytitle>tdbdump</refentrytitle>
+       <manvolnum>8</manvolnum>
+       <refmiscinfo class="source">Samba</refmiscinfo>
+       <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+       <refmiscinfo class="version">3.6</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+       <refname>tdbdump</refname>
+       <refpurpose>tool for printing the contents of a TDB file</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+       <cmdsynopsis>
+               <command>tdbdump</command>
+               <arg choice="req">filename</arg>
+       </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+       <title>DESCRIPTION</title>
+
+       <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+       <manvolnum>1</manvolnum></citerefentry> suite.</para>
+
+       <para><command>tdbdump</command> is a very simple utility that 'dumps' the 
+               contents of a TDB (Trivial DataBase) file to standard output in a 
+               human-readable format.
+       </para>
+
+       <para>This tool can be used when debugging problems with TDB files. It is 
+               intended for those who are somewhat familiar with Samba internals.
+       </para>
+</refsect1>
+
+
+<refsect1>
+       <title>VERSION</title>
+
+       <para>This man page is correct for version 3 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+       <title>AUTHOR</title>
+
+       <para>
+       The original Samba software and related utilities were created by Andrew Tridgell.
+       Samba is now developed by the Samba Team as an Open Source project similar to the way
+       the Linux kernel is developed.
+       </para> 
+
+       <para>The tdbdump man page was written by Jelmer Vernooij.</para>
+</refsect1>
+
+</refentry>
diff --git a/lib/tdb/manpages/tdbtool.8.xml b/lib/tdb/manpages/tdbtool.8.xml
new file mode 100644 (file)
index 0000000..042c88c
--- /dev/null
@@ -0,0 +1,235 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="tdbtool.8">
+
+<refmeta>
+       <refentrytitle>tdbtool</refentrytitle>
+       <manvolnum>8</manvolnum>
+       <refmiscinfo class="source">Samba</refmiscinfo>
+       <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+       <refmiscinfo class="version">3.6</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+       <refname>tdbtool</refname>
+       <refpurpose>manipulate the contents TDB files</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+
+       <cmdsynopsis>
+               <command>tdbtool</command>
+       </cmdsynopsis>
+
+       <cmdsynopsis>
+               <command>tdbtool</command>
+               <arg choice="plain">
+               <replaceable>TDBFILE</replaceable>
+               </arg>
+               <arg rep="repeat" choice="opt">
+               <replaceable>COMMANDS</replaceable>
+               </arg>
+       </cmdsynopsis>
+
+</refsynopsisdiv>
+
+<refsect1>
+       <title>DESCRIPTION</title>
+
+       <para>This tool is part of the
+       <citerefentry><refentrytitle>samba</refentrytitle>
+       <manvolnum>1</manvolnum></citerefentry> suite.</para>
+
+       <para><command>tdbtool</command> a tool for displaying and
+       altering the contents of Samba TDB (Trivial DataBase) files. Each
+       of the commands listed below can be entered interactively or
+       provided on the command line.</para>
+
+</refsect1>
+
+
+<refsect1>
+       <title>COMMANDS</title>
+
+       <variablelist>
+
+               <varlistentry>
+               <term><option>create</option>
+               <replaceable>TDBFILE</replaceable></term>
+               <listitem><para>Create a new database named
+               <replaceable>TDBFILE</replaceable>.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>open</option>
+               <replaceable>TDBFILE</replaceable></term>
+               <listitem><para>Open an existing database named
+               <replaceable>TDBFILE</replaceable>.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>erase</option></term>
+               <listitem><para>Erase the current database.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>dump</option></term>
+               <listitem><para>Dump the current database as strings.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>cdump</option></term>
+               <listitem><para>Dump the current database as connection records.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>keys</option></term>
+               <listitem><para>Dump the current database keys as strings.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>hexkeys</option></term>
+               <listitem><para>Dump the current database keys as hex values.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>info</option></term>
+               <listitem><para>Print summary information about the
+               current database.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>insert</option>
+               <replaceable>KEY</replaceable>
+               <replaceable>DATA</replaceable>
+               </term>
+               <listitem><para>Insert a record into the
+               current database.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>move</option>
+               <replaceable>KEY</replaceable>
+               <replaceable>TDBFILE</replaceable>
+               </term>
+               <listitem><para>Move a record from the 
+               current database into <replaceable>TDBFILE</replaceable>.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>store</option>
+               <replaceable>KEY</replaceable>
+               <replaceable>DATA</replaceable>
+               </term>
+               <listitem><para>Store (replace) a record in the
+               current database.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>show</option>
+               <replaceable>KEY</replaceable>
+               </term>
+               <listitem><para>Show a record by key.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>delete</option>
+               <replaceable>KEY</replaceable>
+               </term>
+               <listitem><para>Delete a record by key.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>list</option>
+               </term>
+               <listitem><para>Print the current database hash table and free list.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>free</option>
+               </term>
+               <listitem><para>Print the current database and free list.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term><option>!</option>
+               <replaceable>COMMAND</replaceable>
+               </term>
+               <listitem><para>Execute the given system command.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>
+               <option>first</option>
+               </term>
+               <listitem><para>Print the first record in the current database.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>
+               <option>next</option>
+               </term>
+               <listitem><para>Print the next record in the current database.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>
+               <option>check</option>
+               </term>
+               <listitem><para>Check the integrity of the current database.
+               </para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>
+               <option>quit</option>
+               </term>
+               <listitem><para>Exit <command>tdbtool</command>.
+               </para></listitem>
+               </varlistentry>
+
+       </variablelist>
+</refsect1>
+
+<refsect1>
+       <title>CAVEATS</title>
+       <para>The contents of the Samba TDB files are private
+       to the implementation and should not be altered with
+       <command>tdbtool</command>.
+       </para>
+</refsect1>
+
+<refsect1>
+       <title>VERSION</title>
+       <para>This man page is correct for version 3.0.25 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+       <title>AUTHOR</title>
+
+       <para> The original Samba software and related utilities were
+       created by Andrew Tridgell.  Samba is now developed by the
+       Samba Team as an Open Source project similar to the way the
+       Linux kernel is developed.</para>
+</refsect1>
+
+</refentry>
index 267c2d1c85644ab0691f03310afae9a35a1e8e0f..93aa89948039e6c6741d137edbbbca9efb8a0ad8 100644 (file)
@@ -51,7 +51,20 @@ tdb.$(SHLIBEXT): libtdb.$(SHLIBEXT) pytdb.o
        $(SHLD) $(SHLD_FLAGS) -o $@ pytdb.o -L. -ltdb `$(PYTHON_CONFIG) --ldflags`
 
 install:: installdirs installbin installheaders installlibs \
-                 $(PYTHON_INSTALL_TARGET)
+                 $(PYTHON_INSTALL_TARGET) installdocs
+
+doc:: manpages/tdbbackup.8 manpages/tdbdump.8 manpages/tdbtool.8
+
+.SUFFIXES: .8.xml .8
+
+.8.xml.8:
+       -test -z "$(XSLTPROC)" || $(XSLTPROC) -o $@ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+
+installdocs::
+       ${INSTALLCMD} -d $(DESTDIR)$(mandir)/man1
+       for I in manpages/*.1; do \
+               ${INSTALLCMD} -m 644 $$I $(DESTDIR)$(mandir)/man1 \
+       done
 
 install-python:: build-python
        mkdir -p $(DESTDIR)`$(PYTHON) -c "import distutils.sysconfig; print distutils.sysconfig.get_python_lib(1, prefix='$(prefix)')"`
index 93edb071bedde851e2291b2f48efdf961ca63e8a..61b8c1dac413109116d6a955ff880c194b62b736 100644 (file)
@@ -56,5 +56,5 @@ void tdb_remove_flags (struct tdb_context *, unsigned int);
 void tdb_setalarm_sigptr (struct tdb_context *, volatile sig_atomic_t *);
 void tdb_set_logging_function (struct tdb_context *, const struct tdb_logging_context *);
 void tdb_set_max_dead (struct tdb_context *, int);
-int tdb_check (struct tdb_context *, int (*)(TDB_DATA, TDB_DATA, void *), void *);
+int tdb_check (struct tdb_context *, int (*) (TDB_DATA, TDB_DATA, void *), void *);
 TDB_DATA tdb_null;
index ab170a66cf75f38c5785e720e3c7ceff83419e79..0f3d83e8775db0d3338e1728ec309911b7d28564 100644 (file)
 #include "tevent_internal.h"
 #include "tevent_util.h"
 
-#define NUM_SIGNALS 64
+#define TEVENT_NUM_SIGNALS 64
 
 /* maximum number of SA_SIGINFO signals to hold in the queue.
   NB. This *MUST* be a power of 2, in order for the ring buffer
   wrap to work correctly. Thanks to Petr Vandrovec <petr@vandrovec.name>
   for this. */
 
-#define SA_INFO_QUEUE_COUNT 64
+#define TEVENT_SA_INFO_QUEUE_COUNT 64
 
-struct sigcounter {
+struct tevent_sigcounter {
        uint32_t count;
        uint32_t seen;
 };
 
-#define SIG_INCREMENT(s) (s).count++
-#define SIG_SEEN(s, n) (s).seen += (n)
-#define SIG_PENDING(s) ((s).seen != (s).count)
+#define TEVENT_SIG_INCREMENT(s) (s).count++
+#define TEVENT_SIG_SEEN(s, n) (s).seen += (n)
+#define TEVENT_SIG_PENDING(s) ((s).seen != (s).count)
 
 struct tevent_common_signal_list {
        struct tevent_common_signal_list *prev, *next;
@@ -56,22 +56,22 @@ struct tevent_common_signal_list {
 /*
   the poor design of signals means that this table must be static global
 */
-static struct sig_state {
-       struct tevent_common_signal_list *sig_handlers[NUM_SIGNALS+1];
-       struct sigaction *oldact[NUM_SIGNALS+1];
-       struct sigcounter signal_count[NUM_SIGNALS+1];
-       struct sigcounter got_signal;
+static struct tevent_sig_state {
+       struct tevent_common_signal_list *sig_handlers[TEVENT_NUM_SIGNALS+1];
+       struct sigaction *oldact[TEVENT_NUM_SIGNALS+1];
+       struct tevent_sigcounter signal_count[TEVENT_NUM_SIGNALS+1];
+       struct tevent_sigcounter got_signal;
 #ifdef SA_SIGINFO
        /* with SA_SIGINFO we get quite a lot of info per signal */
-       siginfo_t *sig_info[NUM_SIGNALS+1];
-       struct sigcounter sig_blocked[NUM_SIGNALS+1];
+       siginfo_t *sig_info[TEVENT_NUM_SIGNALS+1];
+       struct tevent_sigcounter sig_blocked[TEVENT_NUM_SIGNALS+1];
 #endif
 } *sig_state;
 
 /*
   return number of sigcounter events not processed yet
 */
-static uint32_t sig_count(struct sigcounter s)
+static uint32_t tevent_sig_count(struct tevent_sigcounter s)
 {
        return s.count - s.seen;
 }
@@ -87,8 +87,8 @@ static void tevent_common_signal_handler(int signum)
        struct tevent_context *ev = NULL;
        int saved_errno = errno;
 
-       SIG_INCREMENT(sig_state->signal_count[signum]);
-       SIG_INCREMENT(sig_state->got_signal);
+       TEVENT_SIG_INCREMENT(sig_state->signal_count[signum]);
+       TEVENT_SIG_INCREMENT(sig_state->got_signal);
 
        /* Write to each unique event context. */
        for (sl = sig_state->sig_handlers[signum]; sl; sl = sl->next) {
@@ -109,24 +109,24 @@ static void tevent_common_signal_handler(int signum)
 static void tevent_common_signal_handler_info(int signum, siginfo_t *info,
                                              void *uctx)
 {
-       uint32_t count = sig_count(sig_state->signal_count[signum]);
-       /* sig_state->signal_count[signum].seen % SA_INFO_QUEUE_COUNT
+       uint32_t count = tevent_sig_count(sig_state->signal_count[signum]);
+       /* sig_state->signal_count[signum].seen % TEVENT_SA_INFO_QUEUE_COUNT
         * is the base of the unprocessed signals in the ringbuffer. */
        uint32_t ofs = (sig_state->signal_count[signum].seen + count) %
-                               SA_INFO_QUEUE_COUNT;
+                               TEVENT_SA_INFO_QUEUE_COUNT;
        sig_state->sig_info[signum][ofs] = *info;
 
        tevent_common_signal_handler(signum);
 
        /* handle SA_SIGINFO */
-       if (count+1 == SA_INFO_QUEUE_COUNT) {
+       if (count+1 == TEVENT_SA_INFO_QUEUE_COUNT) {
                /* we've filled the info array - block this signal until
                   these ones are delivered */
                sigset_t set;
                sigemptyset(&set);
                sigaddset(&set, signum);
                sigprocmask(SIG_BLOCK, &set, NULL);
-               SIG_INCREMENT(sig_state->sig_blocked[signum]);
+               TEVENT_SIG_INCREMENT(sig_state->sig_blocked[signum]);
        }
 }
 #endif
@@ -196,7 +196,7 @@ struct tevent_signal *tevent_common_add_signal(struct tevent_context *ev,
        struct tevent_common_signal_list *sl;
        sigset_t set, oldset;
 
-       if (signum >= NUM_SIGNALS) {
+       if (signum >= TEVENT_NUM_SIGNALS) {
                errno = EINVAL;
                return NULL;
        }
@@ -204,7 +204,7 @@ struct tevent_signal *tevent_common_add_signal(struct tevent_context *ev,
        /* the sig_state needs to be on a global context as it can last across
           multiple event contexts */
        if (sig_state == NULL) {
-               sig_state = talloc_zero(talloc_autofree_context(), struct sig_state);
+               sig_state = talloc_zero(talloc_autofree_context(), struct tevent_sig_state);
                if (sig_state == NULL) {
                        return NULL;
                }
@@ -267,7 +267,9 @@ struct tevent_signal *tevent_common_add_signal(struct tevent_context *ev,
                        act.sa_handler   = NULL;
                        act.sa_sigaction = tevent_common_signal_handler_info;
                        if (sig_state->sig_info[signum] == NULL) {
-                               sig_state->sig_info[signum] = talloc_zero_array(sig_state, siginfo_t, SA_INFO_QUEUE_COUNT);
+                               sig_state->sig_info[signum] =
+                                       talloc_zero_array(sig_state, siginfo_t,
+                                                         TEVENT_SA_INFO_QUEUE_COUNT);
                                if (sig_state->sig_info[signum] == NULL) {
                                        talloc_free(se);
                                        return NULL;
@@ -310,14 +312,14 @@ int tevent_common_check_signal(struct tevent_context *ev)
 {
        int i;
 
-       if (!sig_state || !SIG_PENDING(sig_state->got_signal)) {
+       if (!sig_state || !TEVENT_SIG_PENDING(sig_state->got_signal)) {
                return 0;
        }
        
-       for (i=0;i<NUM_SIGNALS+1;i++) {
+       for (i=0;i<TEVENT_NUM_SIGNALS+1;i++) {
                struct tevent_common_signal_list *sl, *next;
-               struct sigcounter counter = sig_state->signal_count[i];
-               uint32_t count = sig_count(counter);
+               struct tevent_sigcounter counter = sig_state->signal_count[i];
+               uint32_t count = tevent_sig_count(counter);
 #ifdef SA_SIGINFO
                /* Ensure we null out any stored siginfo_t entries
                 * after processing for debugging purposes. */
@@ -338,11 +340,11 @@ int tevent_common_check_signal(struct tevent_context *ev)
 
                                for (j=0;j<count;j++) {
                                        /* sig_state->signal_count[i].seen
-                                        * % SA_INFO_QUEUE_COUNT is
+                                        * % TEVENT_SA_INFO_QUEUE_COUNT is
                                         * the base position of the unprocessed
                                         * signals in the ringbuffer. */
                                        uint32_t ofs = (counter.seen + j)
-                                               % SA_INFO_QUEUE_COUNT;
+                                               % TEVENT_SA_INFO_QUEUE_COUNT;
                                        se->handler(ev, se, i, 1,
                                                    (void*)&sig_state->sig_info[i][ofs], 
                                                    se->private_data);
@@ -364,7 +366,7 @@ int tevent_common_check_signal(struct tevent_context *ev)
                        uint32_t j;
                        for (j=0;j<count;j++) {
                                uint32_t ofs = (counter.seen + j)
-                                       % SA_INFO_QUEUE_COUNT;
+                                       % TEVENT_SA_INFO_QUEUE_COUNT;
                                memset((void*)&sig_state->sig_info[i][ofs],
                                        '\0',
                                        sizeof(siginfo_t));
@@ -372,23 +374,23 @@ int tevent_common_check_signal(struct tevent_context *ev)
                }
 #endif
 
-               SIG_SEEN(sig_state->signal_count[i], count);
-               SIG_SEEN(sig_state->got_signal, count);
+               TEVENT_SIG_SEEN(sig_state->signal_count[i], count);
+               TEVENT_SIG_SEEN(sig_state->got_signal, count);
 
 #ifdef SA_SIGINFO
-               if (SIG_PENDING(sig_state->sig_blocked[i])) {
+               if (TEVENT_SIG_PENDING(sig_state->sig_blocked[i])) {
                        /* We'd filled the queue, unblock the
                           signal now the queue is empty again.
                           Note we MUST do this after the
-                          SIG_SEEN(sig_state->signal_count[i], count)
+                          TEVENT_SIG_SEEN(sig_state->signal_count[i], count)
                           call to prevent a new signal running
                           out of room in the sig_state->sig_info[i][]
                           ring buffer. */
                        sigset_t set;
                        sigemptyset(&set);
                        sigaddset(&set, i);
-                       SIG_SEEN(sig_state->sig_blocked[i],
-                                sig_count(sig_state->sig_blocked[i]));
+                       TEVENT_SIG_SEEN(sig_state->sig_blocked[i],
+                                tevent_sig_count(sig_state->sig_blocked[i]));
                        sigprocmask(SIG_UNBLOCK, &set, NULL);
                }
 #endif
index 1c1e58099bf0503a19b0c83e91504af0f20fb0ee..7c0255742cffa171d68bd590fb72d077e640fade 100644 (file)
@@ -210,11 +210,15 @@ int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
        struct tsocket_address *addr;
        struct tsocket_address_bsd *bsda;
 
+       if (sa_socklen < sizeof(sa->sa_family)) {
+               errno = EINVAL;
+               return -1;
+       }
+
        switch (sa->sa_family) {
        case AF_UNIX:
-               if (sa_socklen < sizeof(struct sockaddr_un)) {
-                       errno = EINVAL;
-                       return -1;
+               if (sa_socklen > sizeof(struct sockaddr_un)) {
+                       sa_socklen = sizeof(struct sockaddr_un);
                }
                break;
        case AF_INET:
@@ -222,6 +226,7 @@ int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
                        errno = EINVAL;
                        return -1;
                }
+               sa_socklen = sizeof(struct sockaddr_in);
                break;
 #ifdef HAVE_IPV6
        case AF_INET6:
@@ -229,6 +234,7 @@ int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
                        errno = EINVAL;
                        return -1;
                }
+               sa_socklen = sizeof(struct sockaddr_in6);
                break;
 #endif
        default:
similarity index 99%
rename from source3/libsmb/ntlmssp_ndr.c
rename to libcli/auth/ntlmssp_ndr.c
index 92cd677572944da3b4b299f58b2a23aaef3f7d9a..53a2378e205cd75759d6099e875bbd89086891d9 100644 (file)
@@ -20,7 +20,7 @@
 
 #include "includes.h"
 #include "../librpc/gen_ndr/ndr_ntlmssp.h"
-#include "libsmb/ntlmssp_ndr.h"
+#include "../libcli/auth/ntlmssp_ndr.h"
 
 #define NTLMSSP_PULL_MESSAGE(type, blob, mem_ctx, ic, r) \
 do { \
index 429a1b1ac993d7c20bf9c22d272b822196a89db4..1899afbbca616f8f81b5934a640f8a0de4b51028 100644 (file)
@@ -241,23 +241,23 @@ _PUBLIC_ bool GUID_equal(const struct GUID *u1, const struct GUID *u2)
 _PUBLIC_ int GUID_compare(const struct GUID *u1, const struct GUID *u2)
 {
        if (u1->time_low != u2->time_low) {
-               return u1->time_low - u2->time_low;
+               return u1->time_low > u2->time_low ? 1 : -1;
        }
 
        if (u1->time_mid != u2->time_mid) {
-               return u1->time_mid - u2->time_mid;
+               return u1->time_mid > u2->time_mid ? 1 : -1;
        }
 
        if (u1->time_hi_and_version != u2->time_hi_and_version) {
-               return u1->time_hi_and_version - u2->time_hi_and_version;
+               return u1->time_hi_and_version > u2->time_hi_and_version ? 1 : -1;
        }
 
        if (u1->clock_seq[0] != u2->clock_seq[0]) {
-               return u1->clock_seq[0] - u2->clock_seq[0];
+               return u1->clock_seq[0] > u2->clock_seq[0] ? 1 : -1;
        }
 
        if (u1->clock_seq[1] != u2->clock_seq[1]) {
-               return u1->clock_seq[1] - u2->clock_seq[1];
+               return u1->clock_seq[1] > u2->clock_seq[1] ? 1 : -1;
        }
 
        return memcmp(u1->node, u2->node, 6);
index 7a66a7fe82675c538bd058981b1b5c1875bfb49d..00863a0d54a85066ccd606adb2fd7a2e2692be20 100644 (file)
@@ -5,6 +5,7 @@
 
    Copyright (C) Gerald (Jerry) Carter 2007
    Copyright (C) Guenther Deschner 2008
+   Copyright (C) Volker Lendecke 2009
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -570,6 +571,50 @@ wbcErr wbcChangeTrustCredentials(const char *domain,
        return wbc_status;
 }
 
+/*
+ * Trigger a no-op NETLOGON call. Lightweight version of
+ * wbcCheckTrustCredentials
+ */
+wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error)
+{
+       struct winbindd_request request;
+       struct winbindd_response response;
+       wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+       if (domain) {
+               /*
+                * the current protocol doesn't support
+                * specifying a domain
+                */
+               wbc_status = WBC_ERR_NOT_IMPLEMENTED;
+               BAIL_ON_WBC_ERROR(wbc_status);
+       }
+
+       ZERO_STRUCT(request);
+       ZERO_STRUCT(response);
+
+       /* Send request */
+
+       wbc_status = wbcRequestResponse(WINBINDD_PING_DC,
+                                       &request,
+                                       &response);
+       if (response.data.auth.nt_status != 0) {
+               if (error) {
+                       wbc_status = wbc_create_error_info(NULL,
+                                                          &response,
+                                                          error);
+                       BAIL_ON_WBC_ERROR(wbc_status);
+               }
+
+               wbc_status = WBC_ERR_AUTH_ERROR;
+               BAIL_ON_WBC_ERROR(wbc_status);
+       }
+       BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+       return wbc_status;
+}
+
 /* Trigger an extended logoff notification to Winbind for a specific user */
 wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
                       struct wbcAuthErrorInfo **error)
index 16828ae5df659fc5fc1ccad4a9a0377a419e798e..24699e91c4f59c60c38bab39746ece0e8bedcd1d 100644 (file)
@@ -669,7 +669,7 @@ wbcErr wbcAddNamedBlob(size_t *num_blobs,
 
        wbc_status = WBC_ERR_SUCCESS;
 done:
-       if (!WBC_ERROR_IS_OK(wbc_status) && blobs) {
+       if (!WBC_ERROR_IS_OK(wbc_status)) {
                wbcFreeMemory(*blobs);
        }
        return wbc_status;
index eea71ab86bedfd8b8c3f91a1b55b8af4d04a40f6..33a4ace75c9b95f18a7469911e9276c0d2be05fe 100644 (file)
@@ -4,6 +4,7 @@
    Winbind client API
 
    Copyright (C) Gerald (Jerry) Carter 2007
+   Copyright (C) Volker Lendecke 2009
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -1214,6 +1215,19 @@ wbcErr wbcCheckTrustCredentials(const char *domain,
 wbcErr wbcChangeTrustCredentials(const char *domain,
                                 struct wbcAuthErrorInfo **error);
 
+/**
+ * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
+ *        version of wbcCheckTrustCredentials
+ *
+ * @param *domain      The name of the domain, only NULL for the default domain is
+ *                     supported yet. Other values than NULL will result in
+ *                     WBC_ERR_NOT_IMPLEMENTED.
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error);
+
 /**********************************************************
  * Helper functions
  **********************************************************/
index d3d9250e81f2a8847216b0014cc466f0ec0261c7..45d8684bad9c0562aacd53ef1096bbb4fa844d21 100644 (file)
@@ -5,6 +5,7 @@
 
    Copyright (C) Tim Potter      2000-2003
    Copyright (C) Andrew Bartlett 2002-2007
+   Copyright (C) Volker Lendecke 2009
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -779,6 +780,30 @@ static bool wbinfo_change_secret(const char *domain)
        return true;
 }
 
+/* Check DC connection */
+
+static bool wbinfo_ping_dc(void)
+{
+       wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+       struct wbcAuthErrorInfo *error = NULL;
+
+       wbc_status = wbcPingDc(NULL, &error);
+
+       d_printf("checking the NETLOGON dc connection %s\n",
+                WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
+       if (wbc_status == WBC_ERR_AUTH_ERROR) {
+               d_fprintf(stderr, "error code was %s (0x%x)\n",
+                         error->nt_string, error->nt_status);
+               wbcFreeMemory(error);
+       }
+       if (!WBC_ERROR_IS_OK(wbc_status)) {
+               return false;
+       }
+
+       return true;
+}
+
 /* Convert uid to sid */
 
 static bool wbinfo_uid_to_sid(uid_t uid)
@@ -1710,6 +1735,7 @@ enum {
        OPT_VERBOSE,
        OPT_ONLINESTATUS,
        OPT_CHANGE_USER_PASSWORD,
+       OPT_PING_DC,
        OPT_SID_TO_FULLNAME,
        OPT_NTLMV2,
        OPT_LANMAN
@@ -1759,6 +1785,8 @@ int main(int argc, char **argv, char **envp)
                { "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" },
                { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
                { "change-secret", 'c', POPT_ARG_NONE, 0, 'c', "Change shared secret" },
+               { "ping-dc", 0, POPT_ARG_NONE, 0, OPT_PING_DC,
+                 "Check the NETLOGON connection" },
                { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
                { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
                { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
@@ -1995,6 +2023,12 @@ int main(int argc, char **argv, char **envp)
                                goto done;
                        }
                        break;
+               case OPT_PING_DC:
+                       if (!wbinfo_ping_dc()) {
+                               d_fprintf(stderr, "Could not ping our DC\n");
+                               goto done;
+                       }
+                       break;
                case 'm':
                        if (!wbinfo_list_domains(false, verbose)) {
                                d_fprintf(stderr,
index 3056e25905e49bc1a0abb35072e9343a31775a7a..4d27d5283c81e9b43b0632ee5a0831263d897147 100644 (file)
@@ -47,8 +47,9 @@ typedef char fstring[FSTRING_LEN];
 /* Update this when you change the interface.
  * 21: added WINBINDD_GETPWSID
  *     added WINBINDD_GETSIDALIASES
+ * 22: added WINBINDD_PING_DC
  */
-#define WINBIND_INTERFACE_VERSION 21
+#define WINBIND_INTERFACE_VERSION 22
 
 /* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
    On a 64bit Linux box, we have to support a constant structure size
@@ -119,6 +120,7 @@ enum winbindd_cmd {
 
        WINBINDD_CHECK_MACHACC,     /* Check machine account pw works */
        WINBINDD_CHANGE_MACHACC,    /* Change machine account pw */
+       WINBINDD_PING_DC,           /* Ping the DC through NETLOGON */
        WINBINDD_PING,              /* Just tell me winbind is running */
        WINBINDD_INFO,              /* Various bit of info.  Currently just tidbits */
        WINBINDD_DOMAIN_NAME,       /* The domain this winbind server is a member of (lp_workgroup()) */
index b1f1658c682e82af62320e8e39c860c272326e4e..1376f4c07a096c0dda4494e88fb3df853951bda7 100644 (file)
@@ -482,7 +482,7 @@ LIBSMB_OBJ0 = \
               libsmb/ntlmssp.o \
               libsmb/ntlmssp_sign.o \
               $(LIBNDR_NTLMSSP_OBJ) \
-              libsmb/ntlmssp_ndr.o
+              ../libcli/auth/ntlmssp_ndr.o
 
 LIBSAMBA_OBJ = $(LIBSMB_OBJ0) \
               $(LIBSMB_ERR_OBJ)
@@ -862,10 +862,8 @@ STATUS_OBJ = utils/status.o utils/status_profile.o \
              $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
             $(LIBSAMBA_OBJ) $(FNAME_UTIL_OBJ)
 
-SMBCONTROL_OBJ = utils/smbcontrol.o $(LOCKING_OBJ) $(PARAM_OBJ) \
-       $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
-       $(LIBSAMBA_OBJ) $(FNAME_UTIL_OBJ) \
-       $(PRINTBASE_OBJ)
+SMBCONTROL_OBJ = utils/smbcontrol.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
+       $(LIBSMB_ERR_OBJ) $(POPT_LIB_OBJ) $(PRINTBASE_OBJ)
 
 SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \
              $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_OBJ) \
@@ -1148,7 +1146,6 @@ IDMAP_ADEX_OBJ = \
 
 WINBINDD_OBJ1 = \
                winbindd/winbindd.o       \
-               winbindd/winbindd_user.o  \
                winbindd/winbindd_group.o \
                winbindd/winbindd_util.o  \
                winbindd/winbindd_cache.o \
@@ -1226,6 +1223,7 @@ WINBINDD_OBJ1 = \
                winbindd/winbindd_list_groups.o \
                winbindd/winbindd_check_machine_acct.o \
                winbindd/winbindd_change_machine_acct.o \
+               winbindd/winbindd_ping_dc.o \
                winbindd/winbindd_set_mapping.o \
                winbindd/winbindd_remove_mapping.o \
                winbindd/winbindd_set_hwm.o \
index 034d354a33712e3a9c665247ae7b5e823580776f..4243a24ca72a5ac3a538c95dc598c3539888c79a 100644 (file)
 */
 
 #include "includes.h"
+#include "ntlmssp.h"
 
 /**
  * Return the challenge as determined by the authentication subsystem 
  * @return an 8 byte random challenge
  */
 
-static void auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
-                                      uint8_t chal[8])
+static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
+                                          uint8_t chal[8])
 {
        AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
                (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
        auth_ntlmssp_state->auth_context->get_ntlm_challenge(
                auth_ntlmssp_state->auth_context, chal);
+       return NT_STATUS_OK;
 }
 
 /**
index 03dd2745399de5d97e1b96a8995c32c90e265267..47fed9273932b931bc363c7637022631f465d5a9 100644 (file)
 
 #include "includes.h"
 
-bool smb_splice_chain(uint8_t **poutbuf, uint8_t smb_command,
-                     uint8_t wct, const uint16_t *vwv,
-                     size_t bytes_alignment,
-                     uint32_t num_bytes, const uint8_t *bytes);
-
 /*
  * Fetch an error out of a NBT packet
  */
index 82d94b055f6c36c2b5352a56a9e258ea713ad868..d5030c1cb2dedbd32ecde842e14c924041a64f3f 100644 (file)
@@ -56,7 +56,7 @@ struct cli_pipe_auth_data {
 
        union {
                struct schannel_state *schannel_auth;
-               NTLMSSP_STATE *ntlmssp_state;
+               struct ntlmssp_state *ntlmssp_state;
                struct kerberos_auth_struct *kerberos_auth;
        } a_u;
 };
@@ -172,7 +172,7 @@ struct smb_trans_enc_state {
         uint16 enc_ctx_num;
         bool enc_on;
         union {
-                NTLMSSP_STATE *ntlmssp_state;
+                struct ntlmssp_state *ntlmssp_state;
 #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
                 struct smb_tran_enc_state_gss *gss_state;
 #endif
index cf0979592c823a8a080c18105e14bce4b9c400ff..d9d51a8a992b0049d119f6fd53d4e72f1877450a 100644 (file)
@@ -659,7 +659,9 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx);
 #include "../lib/crypto/arcfour.h"
 #include "../lib/crypto/crc32.h"
 #include "../lib/crypto/hmacmd5.h"
-#include "ntlmssp.h"
+
+struct ntlmssp_state;
+
 #include "auth.h"
 #include "ntdomain.h"
 #include "reg_objects.h"
index 9f47c9c55519aa6c4130b279839e85f91fa38172..d3de59835f0187590406cdfa1ca4e14bfa51417a 100644 (file)
 */
 
 /* NTLMSSP mode */
-enum NTLMSSP_ROLE
+enum ntlmssp_role
 {
        NTLMSSP_SERVER,
        NTLMSSP_CLIENT
 };
 
 /* NTLMSSP message types */
-enum NTLM_MESSAGE_TYPE
+enum ntlmssp_message_type
 {
        NTLMSSP_INITIAL = 0 /* samba internal state */,
        NTLMSSP_NEGOTIATE = 1,
@@ -41,12 +41,11 @@ enum NTLM_MESSAGE_TYPE
 #define NTLMSSP_FEATURE_SIGN               0x00000002
 #define NTLMSSP_FEATURE_SEAL               0x00000004
 
-typedef struct ntlmssp_state
+struct ntlmssp_state
 {
-       unsigned int ref_count;
-       enum NTLMSSP_ROLE role;
+       enum ntlmssp_role role;
        enum server_types server_role;
-       uint32 expected_state;
+       uint32_t expected_state;
 
        bool unicode;
        bool use_ntlmv2;
@@ -60,11 +59,11 @@ typedef struct ntlmssp_state
        DATA_BLOB internal_chal; /* Random challenge as supplied to the client for NTLM authentication */
 
        DATA_BLOB chal; /* Random challenge as input into the actual NTLM (or NTLM2) authentication */
-       DATA_BLOB lm_resp;
+       DATA_BLOB lm_resp;
        DATA_BLOB nt_resp;
        DATA_BLOB session_key;
 
-       uint32 neg_flags; /* the current state of negotiation with the NTLMSSP partner */
+       uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */
 
        void *auth_context;
 
@@ -72,11 +71,11 @@ typedef struct ntlmssp_state
         * Callback to get the 'challenge' used for NTLM authentication.
         *
         * @param ntlmssp_state This structure
-        * @return 8 bytes of challnege data, determined by the server to be the challenge for NTLM authentication
+        * @return 8 bytes of challenge data, determined by the server to be the challenge for NTLM authentication
         *
         */
-       void (*get_challenge)(const struct ntlmssp_state *ntlmssp_state,
-                             uint8_t challenge[8]);
+       NTSTATUS (*get_challenge)(const struct ntlmssp_state *ntlmssp_state,
+                                 uint8_t challenge[8]);
 
        /**
         * Callback to find if the challenge used by NTLM authentication may be modified
@@ -126,15 +125,10 @@ typedef struct ntlmssp_state
        struct arcfour_state send_seal_arc4_state;
        struct arcfour_state recv_seal_arc4_state;
 
-       uint32 ntlm2_send_seq_num;
-       uint32 ntlm2_recv_seq_num;
+       uint32_t ntlm2_send_seq_num;
+       uint32_t ntlm2_recv_seq_num;
 
        /* ntlmv1 */
        struct arcfour_state ntlmv1_arc4_state;
-       uint32 ntlmv1_seq_num;
-
-       /* it turns out that we don't always get the
-          response in at the time we want to process it.
-          Store it here, until we need it */
-       DATA_BLOB stored_response;
-} NTLMSSP_STATE;
+       uint32_t ntlmv1_seq_num;
+};
index ab74c9cb954eb0f15cc20fff0936bfe0ea038634..b3921c468e9cf90ad40f6e19bee4777cfbcad9c1 100644 (file)
@@ -2165,7 +2165,11 @@ struct tevent_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx,
                                                struct event_context *ev,
                                                struct cli_state *cli);
 NTSTATUS cli_session_setup_guest_recv(struct tevent_req *req);
-bool cli_ulogoff(struct cli_state *cli);
+struct tevent_req *cli_ulogoff_send(TALLOC_CTX *mem_ctx,
+                                   struct tevent_context *ev,
+                                   struct cli_state *cli);
+NTSTATUS cli_ulogoff_recv(struct tevent_req *req);
+NTSTATUS cli_ulogoff(struct cli_state *cli);
 struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
                                        struct event_context *ev,
                                        struct cli_state *cli,
@@ -2180,7 +2184,11 @@ struct tevent_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
 NTSTATUS cli_tcon_andx_recv(struct tevent_req *req);
 NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
                       const char *dev, const char *pass, int passlen);
-bool cli_tdis(struct cli_state *cli);
+struct tevent_req *cli_tdis_send(TALLOC_CTX *mem_ctx,
+                                 struct tevent_context *ev,
+                                 struct cli_state *cli);
+NTSTATUS cli_tdis_recv(struct tevent_req *req);
+NTSTATUS cli_tdis(struct cli_state *cli);
 void cli_negprot_sendsync(struct cli_state *cli);
 NTSTATUS cli_negprot(struct cli_state *cli);
 struct tevent_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
@@ -3057,8 +3065,6 @@ NTSTATUS cli_trans(TALLOC_CTX *mem_ctx, struct cli_state *cli,
 NTSTATUS check_negative_conn_cache_timeout( const char *domain, const char *server, unsigned int failed_cache_timeout );
 NTSTATUS check_negative_conn_cache( const char *domain, const char *server);
 void add_failed_connection_entry(const char *domain, const char *server, NTSTATUS result) ;
-void delete_negative_conn_cache(const char *domain, const char *server);
-void flush_negative_conn_cache( void );
 void flush_negative_conn_cache_for_domain(const char *domain);
 
 /* The following definitions come from ../librpc/rpc/dcerpc_error.c  */
@@ -3213,43 +3219,41 @@ NTSTATUS nt_status_squash(NTSTATUS nt_status);
 /* The following definitions come from libsmb/ntlmssp.c  */
 
 void debug_ntlmssp_flags(uint32 neg_flags);
-NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user) ;
-NTSTATUS ntlmssp_set_hashes(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user) ;
+NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state,
                const unsigned char lm_hash[16],
                const unsigned char nt_hash[16]) ;
-NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password) ;
-NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) ;
-NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *workstation) ;
-NTSTATUS ntlmssp_store_response(NTLMSSP_STATE *ntlmssp_state,
-                               DATA_BLOB response) ;
-void ntlmssp_want_feature_list(NTLMSSP_STATE *ntlmssp_state, char *feature_list);
-void ntlmssp_want_feature(NTLMSSP_STATE *ntlmssp_state, uint32 feature);
-NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state, 
+NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password) ;
+NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ;
+NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char *workstation) ;
+void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list);
+void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature);
+NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
                        const DATA_BLOB in, DATA_BLOB *out) ;
-void ntlmssp_end(NTLMSSP_STATE **ntlmssp_state);
-DATA_BLOB ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state, TALLOC_CTX *mem_ctx);
-NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state);
-NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state);
+void ntlmssp_end(struct ntlmssp_state **ntlmssp_state);
+DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx);
+NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state);
+NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state);
 
 /* The following definitions come from libsmb/ntlmssp_sign.c  */
 
-NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_sign_packet(struct ntlmssp_state *ntlmssp_state,
                                    const uchar *data, size_t length, 
                                    const uchar *whole_pdu, size_t pdu_length, 
                                    DATA_BLOB *sig) ;
-NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state,
                                const uchar *data, size_t length, 
                                const uchar *whole_pdu, size_t pdu_length, 
                                const DATA_BLOB *sig) ;
-NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
                             uchar *data, size_t length,
                             uchar *whole_pdu, size_t pdu_length,
                             DATA_BLOB *sig);
-NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
                                uchar *data, size_t length,
                                uchar *whole_pdu, size_t pdu_length,
                                DATA_BLOB *sig);
-NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state);
+NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state);
 
 /* The following definitions come from libsmb/passchange.c  */
 
@@ -3270,8 +3274,8 @@ bool netsamlogon_cache_have(const DOM_SID *user_sid);
 
 NTSTATUS get_enc_ctx_num(const uint8_t *buf, uint16 *p_enc_ctx_num);
 bool common_encryption_on(struct smb_trans_enc_state *es);
-NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf);
-NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS common_ntlm_decrypt_buffer(struct ntlmssp_state *ntlmssp_state, char *buf);
+NTSTATUS common_ntlm_encrypt_buffer(struct ntlmssp_state *ntlmssp_state,
                                uint16 enc_ctx_num,
                                char *buf,
                                char **ppbuf_out);
@@ -6277,9 +6281,7 @@ void error_packet_set(char *outbuf, uint8 eclass, uint32 ecode, NTSTATUS ntstatu
 int error_packet(char *outbuf, uint8 eclass, uint32 ecode, NTSTATUS ntstatus, int line, const char *file);
 void reply_nt_error(struct smb_request *req, NTSTATUS ntstatus,
                    int line, const char *file);
-void reply_force_nt_error(struct smb_request *req, NTSTATUS ntstatus,
-                         int line, const char *file);
-void reply_dos_error(struct smb_request *req, uint8 eclass, uint32 ecode,
+void reply_force_dos_error(struct smb_request *req, uint8 eclass, uint32 ecode,
                    int line, const char *file);
 void reply_both_error(struct smb_request *req, uint8 eclass, uint32 ecode,
                      NTSTATUS status, int line, const char *file);
@@ -6737,6 +6739,10 @@ void reply_pipe_close(connection_struct *conn, struct smb_request *req);
 
 void create_file_sids(const SMB_STRUCT_STAT *psbuf, DOM_SID *powner_sid, DOM_SID *pgroup_sid);
 bool nt4_compatible_acls(void);
+uint32_t map_canon_ace_perms(int snum,
+                                enum security_ace_type *pacl_type,
+                                mode_t perms,
+                                bool directory_ace);
 NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd);
 SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl);
 NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
index 4affd4a8cfe129b10f75ef23daa52585cc6a503f..b23ea647ecd68551fd51e7db92d20863a2348c4c 100644 (file)
@@ -27,7 +27,7 @@
 #define _SMB_H
 
 /* logged when starting the various Samba daemons */
-#define COPYRIGHT_STARTUP_MESSAGE      "Copyright Andrew Tridgell and the Samba Team 1992-2009"
+#define COPYRIGHT_STARTUP_MESSAGE      "Copyright Andrew Tridgell and the Samba Team 1992-2010"
 
 
 #if defined(LARGE_SMB_OFF_T)
index 10ee78b3943fa980a159593144338299a302a24f..bc5d9a7fe1b5daf9a2977e3d7290023f454e8641 100644 (file)
 #define ERROR_BOTH(status,class,code) error_packet(outbuf,class,code,status,__LINE__,__FILE__)
 
 #define reply_nterror(req,status) reply_nt_error(req,status,__LINE__,__FILE__)
-#define reply_force_nterror(req,status) reply_force_nt_error(req,status,__LINE__,__FILE__)
-#define reply_doserror(req,eclass,ecode) reply_dos_error(req,eclass,ecode,__LINE__,__FILE__)
+#define reply_force_doserror(req,eclass,ecode) reply_force_dos_error(req,eclass,ecode,__LINE__,__FILE__)
 #define reply_botherror(req,status,eclass,ecode) reply_both_error(req,eclass,ecode,status,__LINE__,__FILE__)
 
 #if 0
index 639269cac2cdd5514438a910cfe257bb8c31e018..1f47bf35f018709c9e71dba91992353825b29dae 100644 (file)
@@ -557,17 +557,18 @@ char *sid_binstring_hex(const DOM_SID *sid)
  Tallocs a duplicate SID. 
 ********************************************************************/ 
 
-DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, const DOM_SID *src)
+struct dom_sid *sid_dup_talloc(TALLOC_CTX *ctx, const struct dom_sid *src)
 {
-       DOM_SID *dst;
-       
-       if(!src)
+       struct dom_sid *dst;
+
+       if (src == NULL) {
                return NULL;
-       
-       if((dst = TALLOC_ZERO_P(ctx, DOM_SID)) != NULL) {
-               sid_copy( dst, src);
        }
-       
+       dst = talloc_zero(ctx, struct dom_sid);
+       if (dst == NULL) {
+               return NULL;
+       }
+       sid_copy(dst, src);
        return dst;
 }
 
index 9b4d8bd2d444589ab56686c2544125ed78f3300a..6a0a1ae3d201b5aaabbbadfb560dcbea20ca5d36 100644 (file)
@@ -19,6 +19,7 @@
 
 #include "includes.h"
 #include "../libcli/auth/spnego.h"
+#include "ntlmssp.h"
 
 #ifdef HAVE_LDAP
 
index 3115a20d9df9f3bbbadc4fdf2d1cd745461d0d15..592b27b50dbf7dd138e5dbb18a02181b40a73a2d 100644 (file)
@@ -2901,6 +2901,136 @@ NTSTATUS rpccli_wbint_ChangeMachineAccount(struct rpc_pipe_client *cli,
        return r.out.result;
 }
 
+struct rpccli_wbint_PingDc_state {
+       struct wbint_PingDc orig;
+       struct wbint_PingDc tmp;
+       TALLOC_CTX *out_mem_ctx;
+       NTSTATUS (*dispatch_recv)(struct tevent_req *req, TALLOC_CTX *mem_ctx);
+};
+
+static void rpccli_wbint_PingDc_done(struct tevent_req *subreq);
+
+struct tevent_req *rpccli_wbint_PingDc_send(TALLOC_CTX *mem_ctx,
+                                           struct tevent_context *ev,
+                                           struct rpc_pipe_client *cli)
+{
+       struct tevent_req *req;
+       struct rpccli_wbint_PingDc_state *state;
+       struct tevent_req *subreq;
+
+       req = tevent_req_create(mem_ctx, &state,
+                               struct rpccli_wbint_PingDc_state);
+       if (req == NULL) {
+               return NULL;
+       }
+       state->out_mem_ctx = NULL;
+       state->dispatch_recv = cli->dispatch_recv;
+
+       /* In parameters */
+
+       /* Out parameters */
+
+       /* Result */
+       ZERO_STRUCT(state->orig.out.result);
+
+       /* make a temporary copy, that we pass to the dispatch function */
+       state->tmp = state->orig;
+
+       subreq = cli->dispatch_send(state, ev, cli,
+                                   &ndr_table_wbint,
+                                   NDR_WBINT_PINGDC,
+                                   &state->tmp);
+       if (tevent_req_nomem(subreq, req)) {
+               return tevent_req_post(req, ev);
+       }
+       tevent_req_set_callback(subreq, rpccli_wbint_PingDc_done, req);
+       return req;
+}
+
+static void rpccli_wbint_PingDc_done(struct tevent_req *subreq)
+{
+       struct tevent_req *req = tevent_req_callback_data(
+               subreq, struct tevent_req);
+       struct rpccli_wbint_PingDc_state *state = tevent_req_data(
+               req, struct rpccli_wbint_PingDc_state);
+       NTSTATUS status;
+       TALLOC_CTX *mem_ctx;
+
+       if (state->out_mem_ctx) {
+               mem_ctx = state->out_mem_ctx;
+       } else {
+               mem_ctx = state;
+       }
+
+       status = state->dispatch_recv(subreq, mem_ctx);
+       TALLOC_FREE(subreq);
+       if (!NT_STATUS_IS_OK(status)) {
+               tevent_req_nterror(req, status);
+               return;
+       }
+
+       /* Copy out parameters */
+
+       /* Copy result */
+       state->orig.out.result = state->tmp.out.result;
+
+       /* Reset temporary structure */
+       ZERO_STRUCT(state->tmp);
+
+       tevent_req_done(req);
+}
+
+NTSTATUS rpccli_wbint_PingDc_recv(struct tevent_req *req,
+                                 TALLOC_CTX *mem_ctx,
+                                 NTSTATUS *result)
+{
+       struct rpccli_wbint_PingDc_state *state = tevent_req_data(
+               req, struct rpccli_wbint_PingDc_state);
+       NTSTATUS status;
+
+       if (tevent_req_is_nterror(req, &status)) {
+               tevent_req_received(req);
+               return status;
+       }
+
+       /* Steal possbile out parameters to the callers context */
+       talloc_steal(mem_ctx, state->out_mem_ctx);
+
+       /* Return result */
+       *result = state->orig.out.result;
+
+       tevent_req_received(req);
+       return NT_STATUS_OK;
+}
+
+NTSTATUS rpccli_wbint_PingDc(struct rpc_pipe_client *cli,
+                            TALLOC_CTX *mem_ctx)
+{
+       struct wbint_PingDc r;
+       NTSTATUS status;
+
+       /* In parameters */
+
+       status = cli->dispatch(cli,
+                               mem_ctx,
+                               &ndr_table_wbint,
+                               NDR_WBINT_PINGDC,
+                               &r);
+
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
+       if (NT_STATUS_IS_ERR(status)) {
+               return status;
+       }
+
+       /* Return variables */
+
+       /* Return result */
+       return r.out.result;
+}
+
 struct rpccli_wbint_SetMapping_state {
        struct wbint_SetMapping orig;
        struct wbint_SetMapping tmp;
index b08ef3fef14af297c7ca591502c7a7fe7438deb3..4528d43efc2eb46013268fc36716f814f7af409c 100644 (file)
@@ -248,6 +248,14 @@ NTSTATUS rpccli_wbint_ChangeMachineAccount_recv(struct tevent_req *req,
                                                NTSTATUS *result);
 NTSTATUS rpccli_wbint_ChangeMachineAccount(struct rpc_pipe_client *cli,
                                           TALLOC_CTX *mem_ctx);
+struct tevent_req *rpccli_wbint_PingDc_send(TALLOC_CTX *mem_ctx,
+                                           struct tevent_context *ev,
+                                           struct rpc_pipe_client *cli);
+NTSTATUS rpccli_wbint_PingDc_recv(struct tevent_req *req,
+                                 TALLOC_CTX *mem_ctx,
+                                 NTSTATUS *result);
+NTSTATUS rpccli_wbint_PingDc(struct rpc_pipe_client *cli,
+                            TALLOC_CTX *mem_ctx);
 struct tevent_req *rpccli_wbint_SetMapping_send(TALLOC_CTX *mem_ctx,
                                                struct tevent_context *ev,
                                                struct rpc_pipe_client *cli,
index 97b29761ee3c47ab39b6de5da6837c101bfbb9d1..50f781cc208c43f646d35ce7c4beb9d22ce2b3f7 100644 (file)
@@ -2232,6 +2232,47 @@ _PUBLIC_ void ndr_print_wbint_ChangeMachineAccount(struct ndr_print *ndr, const
        ndr->depth--;
 }
 
+static enum ndr_err_code ndr_push_wbint_PingDc(struct ndr_push *ndr, int flags, const struct wbint_PingDc *r)
+{
+       if (flags & NDR_IN) {
+       }
+       if (flags & NDR_OUT) {
+               NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+       }
+       return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_wbint_PingDc(struct ndr_pull *ndr, int flags, struct wbint_PingDc *r)
+{
+       if (flags & NDR_IN) {
+       }
+       if (flags & NDR_OUT) {
+               NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+       }
+       return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_wbint_PingDc(struct ndr_print *ndr, const char *name, int flags, const struct wbint_PingDc *r)
+{
+       ndr_print_struct(ndr, name, "wbint_PingDc");
+       ndr->depth++;
+       if (flags & NDR_SET_VALUES) {
+               ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+       }
+       if (flags & NDR_IN) {
+               ndr_print_struct(ndr, "in", "wbint_PingDc");
+               ndr->depth++;
+               ndr->depth--;
+       }
+       if (flags & NDR_OUT) {
+               ndr_print_struct(ndr, "out", "wbint_PingDc");
+               ndr->depth++;
+               ndr_print_NTSTATUS(ndr, "result", r->out.result);
+               ndr->depth--;
+       }
+       ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_wbint_SetMapping(struct ndr_push *ndr, int flags, const struct wbint_SetMapping *r)
 {
        if (flags & NDR_IN) {
@@ -2566,6 +2607,14 @@ static const struct ndr_interface_call wbint_calls[] = {
                (ndr_print_function_t) ndr_print_wbint_ChangeMachineAccount,
                false,
        },
+       {
+               "wbint_PingDc",
+               sizeof(struct wbint_PingDc),
+               (ndr_push_flags_fn_t) ndr_push_wbint_PingDc,
+               (ndr_pull_flags_fn_t) ndr_pull_wbint_PingDc,
+               (ndr_print_function_t) ndr_print_wbint_PingDc,
+               false,
+       },
        {
                "wbint_SetMapping",
                sizeof(struct wbint_SetMapping),
@@ -2619,7 +2668,7 @@ const struct ndr_interface_table ndr_table_wbint = {
                NDR_WBINT_VERSION
        },
        .helpstring     = NDR_WBINT_HELPSTRING,
-       .num_calls      = 23,
+       .num_calls      = 24,
        .calls          = wbint_calls,
        .endpoints      = &wbint_endpoints,
        .authservices   = &wbint_authservices
index e163ff367478fef84fff6579e8f9db6ecaa064ae..4a381ccfb238dbf3dc8bec11cf2ad53cb8b705fe 100644 (file)
@@ -51,13 +51,15 @@ extern const struct ndr_interface_table ndr_table_wbint;
 
 #define NDR_WBINT_CHANGEMACHINEACCOUNT (0x13)
 
-#define NDR_WBINT_SETMAPPING (0x14)
+#define NDR_WBINT_PINGDC (0x14)
 
-#define NDR_WBINT_REMOVEMAPPING (0x15)
+#define NDR_WBINT_SETMAPPING (0x15)
 
-#define NDR_WBINT_SETHWM (0x16)
+#define NDR_WBINT_REMOVEMAPPING (0x16)
 
-#define NDR_WBINT_CALL_COUNT (23)
+#define NDR_WBINT_SETHWM (0x17)
+
+#define NDR_WBINT_CALL_COUNT (24)
 enum ndr_err_code ndr_push_wbint_userinfo(struct ndr_push *ndr, int ndr_flags, const struct wbint_userinfo *r);
 enum ndr_err_code ndr_pull_wbint_userinfo(struct ndr_pull *ndr, int ndr_flags, struct wbint_userinfo *r);
 void ndr_print_wbint_userinfo(struct ndr_print *ndr, const char *name, const struct wbint_userinfo *r);
@@ -99,6 +101,7 @@ void ndr_print_wbint_DsGetDcName(struct ndr_print *ndr, const char *name, int fl
 void ndr_print_wbint_LookupRids(struct ndr_print *ndr, const char *name, int flags, const struct wbint_LookupRids *r);
 void ndr_print_wbint_CheckMachineAccount(struct ndr_print *ndr, const char *name, int flags, const struct wbint_CheckMachineAccount *r);
 void ndr_print_wbint_ChangeMachineAccount(struct ndr_print *ndr, const char *name, int flags, const struct wbint_ChangeMachineAccount *r);
+void ndr_print_wbint_PingDc(struct ndr_print *ndr, const char *name, int flags, const struct wbint_PingDc *r);
 void ndr_print_wbint_SetMapping(struct ndr_print *ndr, const char *name, int flags, const struct wbint_SetMapping *r);
 void ndr_print_wbint_RemoveMapping(struct ndr_print *ndr, const char *name, int flags, const struct wbint_RemoveMapping *r);
 void ndr_print_wbint_SetHWM(struct ndr_print *ndr, const char *name, int flags, const struct wbint_SetHWM *r);
index 0f39cd93e19d0e5335ae944f8a587d169c67c270..efd9be6b7a5519c126679366f0b705878d5b71f6 100644 (file)
@@ -1610,6 +1610,79 @@ static bool api_wbint_ChangeMachineAccount(pipes_struct *p)
        return true;
 }
 
+static bool api_wbint_PingDc(pipes_struct *p)
+{
+       const struct ndr_interface_call *call;
+       struct ndr_pull *pull;
+       struct ndr_push *push;
+       enum ndr_err_code ndr_err;
+       DATA_BLOB blob;
+       struct wbint_PingDc *r;
+
+       call = &ndr_table_wbint.calls[NDR_WBINT_PINGDC];
+
+       r = talloc(talloc_tos(), struct wbint_PingDc);
+       if (r == NULL) {
+               return false;
+       }
+
+       if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+               talloc_free(r);
+               return false;
+       }
+
+       pull = ndr_pull_init_blob(&blob, r, NULL);
+       if (pull == NULL) {
+               talloc_free(r);
+               return false;
+       }
+
+       pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+       ndr_err = call->ndr_pull(pull, NDR_IN, r);
+       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+               talloc_free(r);
+               return false;
+       }
+
+       if (DEBUGLEVEL >= 10) {
+               NDR_PRINT_IN_DEBUG(wbint_PingDc, r);
+       }
+
+       r->out.result = _wbint_PingDc(p, r);
+
+       if (p->rng_fault_state) {
+               talloc_free(r);
+               /* Return true here, srv_pipe_hnd.c will take care */
+               return true;
+       }
+
+       if (DEBUGLEVEL >= 10) {
+               NDR_PRINT_OUT_DEBUG(wbint_PingDc, r);
+       }
+
+       push = ndr_push_init_ctx(r, NULL);
+       if (push == NULL) {
+               talloc_free(r);
+               return false;
+       }
+
+       ndr_err = call->ndr_push(push, NDR_OUT, r);
+       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+               talloc_free(r);
+               return false;
+       }
+
+       blob = ndr_push_blob(push);
+       if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+               talloc_free(r);
+               return false;
+       }
+
+       talloc_free(r);
+
+       return true;
+}
+
 static bool api_wbint_SetMapping(pipes_struct *p)
 {
        const struct ndr_interface_call *call;
@@ -1853,6 +1926,7 @@ static struct api_struct api_wbint_cmds[] =
        {"WBINT_LOOKUPRIDS", NDR_WBINT_LOOKUPRIDS, api_wbint_LookupRids},
        {"WBINT_CHECKMACHINEACCOUNT", NDR_WBINT_CHECKMACHINEACCOUNT, api_wbint_CheckMachineAccount},
        {"WBINT_CHANGEMACHINEACCOUNT", NDR_WBINT_CHANGEMACHINEACCOUNT, api_wbint_ChangeMachineAccount},
+       {"WBINT_PINGDC", NDR_WBINT_PINGDC, api_wbint_PingDc},
        {"WBINT_SETMAPPING", NDR_WBINT_SETMAPPING, api_wbint_SetMapping},
        {"WBINT_REMOVEMAPPING", NDR_WBINT_REMOVEMAPPING, api_wbint_RemoveMapping},
        {"WBINT_SETHWM", NDR_WBINT_SETHWM, api_wbint_SetHWM},
@@ -2115,6 +2189,12 @@ NTSTATUS rpc_wbint_dispatch(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, co
                        return NT_STATUS_OK;
                }
 
+               case NDR_WBINT_PINGDC: {
+                       struct wbint_PingDc *r = (struct wbint_PingDc *)_r;
+                       r->out.result = _wbint_PingDc(cli->pipes_struct, r);
+                       return NT_STATUS_OK;
+               }
+
                case NDR_WBINT_SETMAPPING: {
                        struct wbint_SetMapping *r = (struct wbint_SetMapping *)_r;
                        r->out.result = _wbint_SetMapping(cli->pipes_struct, r);
index c8c04fb3cc6b4712b5d390b2b19f1aeb82c741d8..716f1ac9d14abd4cf1c195d2805e007b51e57e2e 100644 (file)
@@ -21,6 +21,7 @@ NTSTATUS _wbint_DsGetDcName(pipes_struct *p, struct wbint_DsGetDcName *r);
 NTSTATUS _wbint_LookupRids(pipes_struct *p, struct wbint_LookupRids *r);
 NTSTATUS _wbint_CheckMachineAccount(pipes_struct *p, struct wbint_CheckMachineAccount *r);
 NTSTATUS _wbint_ChangeMachineAccount(pipes_struct *p, struct wbint_ChangeMachineAccount *r);
+NTSTATUS _wbint_PingDc(pipes_struct *p, struct wbint_PingDc *r);
 NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r);
 NTSTATUS _wbint_RemoveMapping(pipes_struct *p, struct wbint_RemoveMapping *r);
 NTSTATUS _wbint_SetHWM(pipes_struct *p, struct wbint_SetHWM *r);
@@ -46,6 +47,7 @@ NTSTATUS _wbint_DsGetDcName(pipes_struct *p, struct wbint_DsGetDcName *r);
 NTSTATUS _wbint_LookupRids(pipes_struct *p, struct wbint_LookupRids *r);
 NTSTATUS _wbint_CheckMachineAccount(pipes_struct *p, struct wbint_CheckMachineAccount *r);
 NTSTATUS _wbint_ChangeMachineAccount(pipes_struct *p, struct wbint_ChangeMachineAccount *r);
+NTSTATUS _wbint_PingDc(pipes_struct *p, struct wbint_PingDc *r);
 NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r);
 NTSTATUS _wbint_RemoveMapping(pipes_struct *p, struct wbint_RemoveMapping *r);
 NTSTATUS _wbint_SetHWM(pipes_struct *p, struct wbint_SetHWM *r);
index 962a87ea2640525ee7776d4e2deb67c1eb1ada29..96b7800624f10173b85a6c4b58b24b1461de51c9 100644 (file)
@@ -303,6 +303,14 @@ struct wbint_ChangeMachineAccount {
 };
 
 
+struct wbint_PingDc {
+       struct {
+               NTSTATUS result;
+       } out;
+
+};
+
+
 struct wbint_SetMapping {
        struct {
                struct dom_sid *sid;/* [ref] */
index e44f179723d3801a404fa7300ae809a367d46467..432d59e08616400d1a44b219baa99909412bdcd5 100644 (file)
@@ -150,6 +150,9 @@ interface wbint
     NTSTATUS wbint_ChangeMachineAccount(
        );
 
+    NTSTATUS wbint_PingDc(
+       );
+
     typedef [public] enum {
        WBINT_ID_TYPE_NOT_SPECIFIED,
        WBINT_ID_TYPE_UID,
index 6edfe514b806b5c763e7a27d5580597ea80d3985..f5000e47308edaf958ceb35a1f101014a52a2da4 100644 (file)
@@ -152,180 +152,6 @@ void cli_set_error(struct cli_state *cli, NTSTATUS status)
        return;
 }
 
-/**
- * @brief Find the smb_cmd offset of the last command pushed
- * @param[in] buf      The buffer we're building up
- * @retval             Where can we put our next andx cmd?
- *
- * While chaining requests, the "next" request we're looking at needs to put
- * its SMB_Command before the data the previous request already built up added
- * to the chain. Find the offset to the place where we have to put our cmd.
- */
-
-static bool find_andx_cmd_ofs(uint8_t *buf, size_t *pofs)
-{
-       uint8_t cmd;
-       size_t ofs;
-
-       cmd = CVAL(buf, smb_com);
-
-       SMB_ASSERT(is_andx_req(cmd));
-
-       ofs = smb_vwv0;
-
-       while (CVAL(buf, ofs) != 0xff) {
-
-               if (!is_andx_req(CVAL(buf, ofs))) {
-                       return false;
-               }
-
-               /*
-                * ofs is from start of smb header, so add the 4 length
-                * bytes. The next cmd is right after the wct field.
-                */
-               ofs = SVAL(buf, ofs+2) + 4 + 1;
-
-               SMB_ASSERT(ofs+4 < talloc_get_size(buf));
-       }
-
-       *pofs = ofs;
-       return true;
-}
-
-/**
- * @brief Do the smb chaining at a buffer level
- * @param[in] poutbuf          Pointer to the talloc'ed buffer to be modified
- * @param[in] smb_command      The command that we want to issue
- * @param[in] wct              How many words?
- * @param[in] vwv              The words, already in network order
- * @param[in] bytes_alignment  How shall we align "bytes"?
- * @param[in] num_bytes                How many bytes?
- * @param[in] bytes            The data the request ships
- *
- * smb_splice_chain() adds the vwv and bytes to the request already present in
- * *poutbuf.
- */
-
-bool smb_splice_chain(uint8_t **poutbuf, uint8_t smb_command,
-                     uint8_t wct, const uint16_t *vwv,
-                     size_t bytes_alignment,
-                     uint32_t num_bytes, const uint8_t *bytes)
-{
-       uint8_t *outbuf;
-       size_t old_size, new_size;
-       size_t ofs;
-       size_t chain_padding = 0;
-       size_t bytes_padding = 0;
-       bool first_request;
-
-       old_size = talloc_get_size(*poutbuf);
-
-       /*
-        * old_size == smb_wct means we're pushing the first request in for
-        * libsmb/
-        */
-
-       first_request = (old_size == smb_wct);
-
-       if (!first_request && ((old_size % 4) != 0)) {
-               /*
-                * Align the wct field of subsequent requests to a 4-byte
-                * boundary
-                */
-               chain_padding = 4 - (old_size % 4);
-       }
-
-       /*
-        * After the old request comes the new wct field (1 byte), the vwv's
-        * and the num_bytes field. After at we might need to align the bytes
-        * given to us to "bytes_alignment", increasing the num_bytes value.
-        */
-
-       new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
-
-       if ((bytes_alignment != 0) && ((new_size % bytes_alignment) != 0)) {
-               bytes_padding = bytes_alignment - (new_size % bytes_alignment);
-       }
-
-       new_size += bytes_padding + num_bytes;
-
-       if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
-               DEBUG(1, ("splice_chain: %u bytes won't fit\n",
-                         (unsigned)new_size));
-               return false;
-       }
-
-       outbuf = TALLOC_REALLOC_ARRAY(NULL, *poutbuf, uint8_t, new_size);
-       if (outbuf == NULL) {
-               DEBUG(0, ("talloc failed\n"));
-               return false;
-       }
-       *poutbuf = outbuf;
-
-       if (first_request) {
-               SCVAL(outbuf, smb_com, smb_command);
-       } else {
-               size_t andx_cmd_ofs;
-
-               if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
-                       DEBUG(1, ("invalid command chain\n"));
-                       *poutbuf = TALLOC_REALLOC_ARRAY(
-                               NULL, *poutbuf, uint8_t, old_size);
-                       return false;
-               }
-
-               if (chain_padding != 0) {
-                       memset(outbuf + old_size, 0, chain_padding);
-                       old_size += chain_padding;
-               }
-
-               SCVAL(outbuf, andx_cmd_ofs, smb_command);
-               SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
-       }
-
-       ofs = old_size;
-
-       /*
-        * Push the chained request:
-        *
-        * wct field
-        */
-
-       SCVAL(outbuf, ofs, wct);
-       ofs += 1;
-
-       /*
-        * vwv array
-        */
-
-       memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
-       ofs += sizeof(uint16_t) * wct;
-
-       /*
-        * bcc (byte count)
-        */
-
-       SSVAL(outbuf, ofs, num_bytes + bytes_padding);
-       ofs += sizeof(uint16_t);
-
-       /*
-        * padding
-        */
-
-       if (bytes_padding != 0) {
-               memset(outbuf + ofs, 0, bytes_padding);
-               ofs += bytes_padding;
-       }
-
-       /*
-        * The bytes field
-        */
-
-       memcpy(outbuf + ofs, bytes, num_bytes);
-
-       return true;
-}
-
 /**
  * Figure out if there is an andx command behind the current one
  * @param[in] buf      The smb buffer to look at
@@ -556,6 +382,7 @@ struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
 {
        struct tevent_req *result;
        struct cli_smb_state *state;
+       struct timeval endtime;
 
        if (iov_count > MAX_SMB_IOV) {
                /*
@@ -596,6 +423,10 @@ struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
        }
        state->iov_count = iov_count + 3;
 
+       endtime = timeval_current_ofs(0, cli->timeout * 1000);
+       if (!tevent_req_set_endtime(result, ev, endtime)) {
+               tevent_req_nomem(NULL, result);
+       }
        return result;
 }
 
@@ -679,12 +510,10 @@ static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req,
                }
                iov[0].iov_base = (void *)buf;
                iov[0].iov_len = talloc_get_size(buf);
-               subreq = writev_send(state, state->ev, state->cli->outgoing,
-                                    state->cli->fd, false, iov, 1);
-       } else {
-               subreq = writev_send(state, state->ev, state->cli->outgoing,
-                                    state->cli->fd, false, iov, iov_count);
+               iov_count = 1;
        }
+       subreq = writev_send(state, state->ev, state->cli->outgoing,
+                            state->cli->fd, false, iov, iov_count);
        if (subreq == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
@@ -986,16 +815,30 @@ NTSTATUS cli_smb_recv(struct tevent_req *req, uint8_t min_wct,
 
        status = cli_pull_error((char *)state->inbuf);
 
-       if (!have_andx_command((char *)state->inbuf, wct_ofs)
-           && NT_STATUS_IS_ERR(status)) {
-               /*
-                * The last command takes the error code. All further commands
-                * down the requested chain will get a
-                * NT_STATUS_REQUEST_ABORTED.
-                */
-               return status;
+       if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
+
+               if ((cmd == SMBsesssetupX)
+                   && NT_STATUS_EQUAL(
+                           status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+                       /*
+                        * NT_STATUS_MORE_PROCESSING_REQUIRED is a
+                        * valid return code for session setup
+                        */
+                       goto no_err;
+               }
+
+               if (NT_STATUS_IS_ERR(status)) {
+                       /*
+                        * The last command takes the error code. All
+                        * further commands down the requested chain
+                        * will get a NT_STATUS_REQUEST_ABORTED.
+                        */
+                       return status;
+               }
        }
 
+no_err:
+
        wct = CVAL(state->inbuf, wct_ofs);
        bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
        num_bytes = SVAL(state->inbuf, bytes_offset);
@@ -1027,7 +870,7 @@ NTSTATUS cli_smb_recv(struct tevent_req *req, uint8_t min_wct,
                *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
        }
 
-       return NT_STATUS_OK;
+       return status;
 }
 
 size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
index 112143ca9661a4f73a71277d0dc39b4b4c076da3..31216b82409f3ec8d5617a337c86be8f6accdeaa 100644 (file)
@@ -3,17 +3,17 @@
    client connect/disconnect routines
    Copyright (C) Andrew Tridgell 1994-1998
    Copyright (C) Andrew Bartlett 2001-2003
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -22,6 +22,7 @@
 #include "../libcli/auth/libcli_auth.h"
 #include "../libcli/auth/spnego.h"
 #include "smb_krb5.h"
+#include "ntlmssp.h"
 
 static const struct {
        int prot;
@@ -104,7 +105,7 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
        cli_set_message(cli->outbuf,10, 0, True);
        SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
        cli_setup_packet(cli);
-       
+
        SCVAL(cli->outbuf,smb_vwv0,0xFF);
        SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
        SSVAL(cli->outbuf,smb_vwv3,2);
@@ -130,7 +131,7 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli,
        if (cli_is_error(cli)) {
                return cli_nt_error(cli);
        }
-       
+
        /* use the returned vuid from now on */
        cli->vuid = SVAL(cli->inbuf,smb_uid);   
        status = cli_set_username(cli, user);
@@ -359,14 +360,14 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
        char *p;
        NTSTATUS status;
        fstring lanman;
-       
+
        fstr_sprintf( lanman, "Samba %s", samba_version_string());
 
        memset(cli->outbuf, '\0', smb_size);
        cli_set_message(cli->outbuf,13,0,True);
        SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
        cli_setup_packet(cli);
-                       
+
        SCVAL(cli->outbuf,smb_vwv0,0xFF);
        SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
        SSVAL(cli->outbuf,smb_vwv3,2);
@@ -375,9 +376,9 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
        SSVAL(cli->outbuf,smb_vwv8,0);
        SIVAL(cli->outbuf,smb_vwv11,capabilities); 
        p = smb_buf(cli->outbuf);
-       
+
        /* check wether to send the ASCII or UNICODE version of the password */
-       
+
        if ( (capabilities & CAP_UNICODE) == 0 ) {
                p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
                SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
@@ -393,7 +394,7 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
                p += clistr_push(cli, p, pass, -1, STR_UNICODE|STR_TERMINATE); /* unicode password */
                SSVAL(cli->outbuf,smb_vwv8,PTR_DIFF(p, smb_buf(cli->outbuf))-1);        
        }
-       
+
        p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
        p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
        p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
@@ -403,9 +404,9 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
        if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
                return cli_nt_error(cli);
        }
-       
+
        show_msg(cli->inbuf);
-       
+
        if (cli_is_error(cli)) {
                return cli_nt_error(cli);
        }
@@ -524,7 +525,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
        cli_set_message(cli->outbuf,13,0,True);
        SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
        cli_setup_packet(cli);
-                       
+
        SCVAL(cli->outbuf,smb_vwv0,0xFF);
        SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
        SSVAL(cli->outbuf,smb_vwv3,2);
@@ -574,7 +575,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
 
        /* use the returned vuid from now on */
        cli->vuid = SVAL(cli->inbuf,smb_uid);
-       
+
        p = smb_buf(cli->inbuf);
        p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
                         -1, STR_TERMINATE);
@@ -605,172 +606,212 @@ end:
        return result;
 }
 
-/****************************************************************************
- Send a extended security session setup blob
-****************************************************************************/
+/* The following is calculated from :
+ * (smb_size-4) = 35
+ * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
+ * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
+ * end of packet.
+ */
 
-static bool cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob)
-{
-       uint32 capabilities = cli_session_setup_capabilities(cli);
-       char *p;
+#define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
 
-       capabilities |= CAP_EXTENDED_SECURITY;
+struct cli_sesssetup_blob_state {
+       struct tevent_context *ev;
+       struct cli_state *cli;
+       DATA_BLOB blob;
+       uint16_t max_blob_size;
+       uint16_t vwv[12];
+       uint8_t *buf;
 
-       /* send a session setup command */
-       memset(cli->outbuf,'\0',smb_size);
+       NTSTATUS status;
+       char *inbuf;
+       DATA_BLOB ret_blob;
+};
 
-       cli_set_message(cli->outbuf,12,0,True);
-       SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
+static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
+                                   struct tevent_req **psubreq);
+static void cli_sesssetup_blob_done(struct tevent_req *subreq);
 
-       cli_setup_packet(cli);
+static struct tevent_req *cli_sesssetup_blob_send(TALLOC_CTX *mem_ctx,
+                                                 struct tevent_context *ev,
+                                                 struct cli_state *cli,
+                                                 DATA_BLOB blob)
+{
+       struct tevent_req *req, *subreq;
+       struct cli_sesssetup_blob_state *state;
 
-       SCVAL(cli->outbuf,smb_vwv0,0xFF);
-       SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
-       SSVAL(cli->outbuf,smb_vwv3,2);
-       SSVAL(cli->outbuf,smb_vwv4,1);
-       SIVAL(cli->outbuf,smb_vwv5,0);
-       SSVAL(cli->outbuf,smb_vwv7,blob.length);
-       SIVAL(cli->outbuf,smb_vwv10,capabilities); 
-       p = smb_buf(cli->outbuf);
-       memcpy(p, blob.data, blob.length);
-       p += blob.length;
-       p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
-       p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
-       cli_setup_bcc(cli, p);
-       return cli_send_smb(cli);
-}
+       req = tevent_req_create(mem_ctx, &state,
+                               struct cli_sesssetup_blob_state);
+       if (req == NULL) {
+               return NULL;
+       }
+       state->ev = ev;
+       state->blob = blob;
+       state->cli = cli;
 
-/****************************************************************************
- Send a extended security session setup blob, returning a reply blob.
-****************************************************************************/
+       if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
+               DEBUG(1, ("cli_session_setup_blob: cli->max_xmit too small "
+                         "(was %u, need minimum %u)\n",
+                         (unsigned int)cli->max_xmit,
+                         BASE_SESSSETUP_BLOB_PACKET_SIZE));
+               tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+               return tevent_req_post(req, ev);
+       }
+       state->max_blob_size =
+               MIN(cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE, 0xFFFF);
 
-static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
+       if (!cli_sesssetup_blob_next(state, &subreq)) {
+               tevent_req_nomem(NULL, req);
+               return tevent_req_post(req, ev);
+       }
+       tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
+       return req;
+}
+
+static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
+                                   struct tevent_req **psubreq)
 {
-       DATA_BLOB blob2 = data_blob_null;
-       char *p;
-       size_t len;
+       struct tevent_req *subreq;
+       uint16_t thistime;
+
+       SCVAL(state->vwv+0, 0, 0xFF);
+       SCVAL(state->vwv+0, 1, 0);
+       SSVAL(state->vwv+1, 0, 0);
+       SSVAL(state->vwv+2, 0, CLI_BUFFER_SIZE);
+       SSVAL(state->vwv+3, 0, 2);
+       SSVAL(state->vwv+4, 0, 1);
+       SIVAL(state->vwv+5, 0, 0);
+
+       thistime = MIN(state->blob.length, state->max_blob_size);
+       SSVAL(state->vwv+7, 0, thistime);
+
+       SSVAL(state->vwv+8, 0, 0);
+       SSVAL(state->vwv+9, 0, 0);
+       SIVAL(state->vwv+10, 0,
+             cli_session_setup_capabilities(state->cli)
+             | CAP_EXTENDED_SECURITY);
+
+       state->buf = (uint8_t *)talloc_memdup(state, state->blob.data,
+                                             thistime);
+       if (state->buf == NULL) {
+               return false;
+       }
+       state->blob.data += thistime;
+       state->blob.length -= thistime;
 
-       if (!cli_receive_smb(cli))
-               return blob2;
+       state->buf = smb_bytes_push_str(state->buf, cli_ucs2(state->cli),
+                                       "Unix", 5, NULL);
+       state->buf = smb_bytes_push_str(state->buf, cli_ucs2(state->cli),
+                                       "Samba", 6, NULL);
+       if (state->buf == NULL) {
+               return false;
+       }
+       subreq = cli_smb_send(state, state->ev, state->cli, SMBsesssetupX, 0,
+                             12, state->vwv,
+                             talloc_get_size(state->buf), state->buf);
+       if (subreq == NULL) {
+               return false;
+       }
+       *psubreq = subreq;
+       return true;
+}
 
-       show_msg(cli->inbuf);
+static void cli_sesssetup_blob_done(struct tevent_req *subreq)
+{
+       struct tevent_req *req = tevent_req_callback_data(
+               subreq, struct tevent_req);
+       struct cli_sesssetup_blob_state *state = tevent_req_data(
+               req, struct cli_sesssetup_blob_state);
+       struct cli_state *cli = state->cli;
+       uint8_t wct;
+       uint16_t *vwv;
+       uint32_t num_bytes;
+       uint8_t *bytes;
+       NTSTATUS status;
+       uint8_t *p;
+       uint16_t blob_length;
 
-       if (cli_is_error(cli) && !NT_STATUS_EQUAL(cli_nt_error(cli),
-                                                 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-               return blob2;
+       status = cli_smb_recv(subreq, 1, &wct, &vwv, &num_bytes, &bytes);
+       if (!NT_STATUS_IS_OK(status)
+           && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+               TALLOC_FREE(subreq);
+               tevent_req_nterror(req, status);
+               return;
        }
 
-       /* use the returned vuid from now on */
-       cli->vuid = SVAL(cli->inbuf,smb_uid);
+       state->status = status;
+       TALLOC_FREE(state->buf);
 
-       p = smb_buf(cli->inbuf);
+       state->inbuf = (char *)cli_smb_inbuf(subreq);
+       cli->vuid = SVAL(state->inbuf, smb_uid);
+
+       blob_length = SVAL(vwv+3, 0);
+       if (blob_length > num_bytes) {
+               TALLOC_FREE(subreq);
+               tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+               return;
+       }
+       state->ret_blob = data_blob_const(bytes, blob_length);
 
-       blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
+       p = bytes + blob_length;
 
-       p += blob2.length;
-       p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
-                        -1, STR_TERMINATE);
+       p += clistr_pull(state->inbuf, cli->server_os,
+                        (char *)p, sizeof(fstring),
+                        bytes+num_bytes-p, STR_TERMINATE);
+       p += clistr_pull(state->inbuf, cli->server_type,
+                        (char *)p, sizeof(fstring),
+                        bytes+num_bytes-p, STR_TERMINATE);
+       p += clistr_pull(state->inbuf, cli->server_domain,
+                        (char *)p, sizeof(fstring),
+                        bytes+num_bytes-p, STR_TERMINATE);
 
-       /* w2k with kerberos doesn't properly null terminate this field */
-       len = smb_bufrem(cli->inbuf, p);
-       if (p + len < cli->inbuf + cli->bufsize+SAFETY_MARGIN - 2) {
-               char *end_of_buf = p + len;
+       if (strstr(cli->server_type, "Samba")) {
+               cli->is_samba = True;
+       }
 
-               SSVAL(p, len, 0);
-               /* Now it's null terminated. */
-               p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
-                       -1, STR_TERMINATE);
+       if (state->blob.length != 0) {
+               TALLOC_FREE(subreq);
                /*
-                * See if there's another string. If so it's the
-                * server domain (part of the 'standard' Samba
-                * server signature).
+                * More to send
                 */
-               if (p < end_of_buf) {
-                       p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
-                               -1, STR_TERMINATE);
+               if (!cli_sesssetup_blob_next(state, &subreq)) {
+                       tevent_req_nomem(NULL, req);
+                       return;
                }
-       } else {
-               /*
-                * No room to null terminate so we can't see if there
-                * is another string (server_domain) afterwards.
-                */
-               p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
-                                len, 0);
+               tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
+               return;
        }
-       return blob2;
+       tevent_req_done(req);
 }
 
-#ifdef HAVE_KRB5
-/****************************************************************************
- Send a extended security session setup blob, returning a reply blob.
-****************************************************************************/
-
-/* The following is calculated from :
- * (smb_size-4) = 35
- * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
- * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
- * end of packet.
- */
-
-#define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
-
-static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
+static NTSTATUS cli_sesssetup_blob_recv(struct tevent_req *req,
+                                       TALLOC_CTX *mem_ctx,
+                                       DATA_BLOB *pblob,
+                                       char **pinbuf)
 {
-       int32 remaining = blob.length;
-       int32 cur = 0;
-       DATA_BLOB send_blob = data_blob_null;
-       int32 max_blob_size = 0;
-       DATA_BLOB receive_blob = data_blob_null;
+       struct cli_sesssetup_blob_state *state = tevent_req_data(
+               req, struct cli_sesssetup_blob_state);
+       NTSTATUS status;
+       char *inbuf;
 
-       if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
-               DEBUG(0,("cli_session_setup_blob: cli->max_xmit too small "
-                       "(was %u, need minimum %u)\n",
-                       (unsigned int)cli->max_xmit,
-                       BASE_SESSSETUP_BLOB_PACKET_SIZE));
-               cli_set_nt_error(cli, NT_STATUS_INVALID_PARAMETER);
-               return False;
+       if (tevent_req_is_nterror(req, &status)) {
+               state->cli->vuid = 0;
+               return status;
        }
 
-       max_blob_size = cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE;
-
-       while ( remaining > 0) {
-               if (remaining >= max_blob_size) {
-                       send_blob.length = max_blob_size;
-                       remaining -= max_blob_size;
-               } else {
-                       send_blob.length = remaining; 
-                        remaining = 0;
-               }
-
-               send_blob.data =  &blob.data[cur];
-               cur += send_blob.length;
-
-               DEBUG(10, ("cli_session_setup_blob: Remaining (%u) sending (%u) current (%u)\n", 
-                       (unsigned int)remaining,
-                       (unsigned int)send_blob.length,
-                       (unsigned int)cur ));
-
-               if (!cli_session_setup_blob_send(cli, send_blob)) {
-                       DEBUG(0, ("cli_session_setup_blob: send failed\n"));
-                       return False;
-               }
-
-               receive_blob = cli_session_setup_blob_receive(cli);
-               data_blob_free(&receive_blob);
-
-               if (cli_is_error(cli) &&
-                               !NT_STATUS_EQUAL( cli_get_nt_error(cli), 
-                                       NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-                       DEBUG(0, ("cli_session_setup_blob: receive failed "
-                                 "(%s)\n", nt_errstr(cli_get_nt_error(cli))));
-                       cli->vuid = 0;
-                       return False;
-               }
+       inbuf = talloc_move(mem_ctx, &state->inbuf);
+       if (pblob != NULL) {
+               *pblob = state->ret_blob;
        }
-
-       return True;
+       if (pinbuf != NULL) {
+               *pinbuf = inbuf;
+       }
+        /* could be NT_STATUS_MORE_PROCESSING_REQUIRED */
+       return state->status;
 }
 
+#ifdef HAVE_KRB5
+
 /****************************************************************************
  Use in-memory credentials cache
 ****************************************************************************/
@@ -783,187 +824,358 @@ static void use_in_memory_ccache(void) {
  Do a spnego/kerberos encrypted session setup.
 ****************************************************************************/
 
-static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char *principal, const char *workgroup)
-{
+struct cli_session_setup_kerberos_state {
+       struct cli_state *cli;
        DATA_BLOB negTokenTarg;
        DATA_BLOB session_key_krb5;
-       NTSTATUS nt_status;
-       int rc;
+       ADS_STATUS ads_status;
+};
 
-       cli_temp_set_signing(cli);
+static void cli_session_setup_kerberos_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_session_setup_kerberos_send(
+       TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+       const char *principal, const char *workgroup)
+{
+       struct tevent_req *req, *subreq;
+       struct cli_session_setup_kerberos_state *state;
+       int rc;
 
        DEBUG(2,("Doing kerberos session setup\n"));
 
-       /* generate the encapsulated kerberos5 ticket */
-       rc = spnego_gen_negTokenTarg(principal, 0, &negTokenTarg, &session_key_krb5, 0, NULL);
+       req = tevent_req_create(mem_ctx, &state,
+                               struct cli_session_setup_kerberos_state);
+       if (req == NULL) {
+               return NULL;
+       }
+       state->cli = cli;
+       state->ads_status = ADS_SUCCESS;
+
+       cli_temp_set_signing(cli);
 
+       /*
+        * Ok, this is cheated: spnego_gen_negTokenTarg can block if
+        * we have to acquire a ticket. To be fixed later :-)
+        */
+       rc = spnego_gen_negTokenTarg(principal, 0, &state->negTokenTarg,
+                                    &state->session_key_krb5, 0, NULL);
        if (rc) {
-               DEBUG(1, ("cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: %s\n",
-                       error_message(rc)));
-               return ADS_ERROR_KRB5(rc);
+               DEBUG(1, ("cli_session_setup_kerberos: "
+                         "spnego_gen_negTokenTarg failed: %s\n",
+                         error_message(rc)));
+               state->ads_status = ADS_ERROR_KRB5(rc);
+               tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
+               return tevent_req_post(req, ev);
        }
 
 #if 0
-       file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
+       file_save("negTokenTarg.dat", state->negTokenTarg.data,
+                 state->negTokenTarg.length);
 #endif
 
-       if (!cli_session_setup_blob(cli, negTokenTarg)) {
-               nt_status = cli_nt_error(cli);
-               goto nt_error;
+       subreq = cli_sesssetup_blob_send(state, ev, cli, state->negTokenTarg);
+       if (tevent_req_nomem(subreq, req)) {
+               return tevent_req_post(req, ev);
        }
+       tevent_req_set_callback(subreq, cli_session_setup_kerberos_done, req);
+       return req;
+}
 
-       if (cli_is_error(cli)) {
-               nt_status = cli_nt_error(cli);
-               if (NT_STATUS_IS_OK(nt_status)) {
-                       nt_status = NT_STATUS_UNSUCCESSFUL;
-               }
-               goto nt_error;
-       }
+static void cli_session_setup_kerberos_done(struct tevent_req *subreq)
+{
+       struct tevent_req *req = tevent_req_callback_data(
+               subreq, struct tevent_req);
+       struct cli_session_setup_kerberos_state *state = tevent_req_data(
+               req, struct cli_session_setup_kerberos_state);
+       char *inbuf = NULL;
+       NTSTATUS status;
 
-       cli_set_session_key(cli, session_key_krb5);
+       status = cli_sesssetup_blob_recv(subreq, talloc_tos(), NULL, &inbuf);
+       if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(subreq);
+               tevent_req_nterror(req, status);
+               return;
+       }
 
-       if (cli_simple_set_signing(
-                   cli, session_key_krb5, data_blob_null)) {
+       cli_set_session_key(state->cli, state->session_key_krb5);
 
-               if (!cli_check_sign_mac(cli, cli->inbuf, 1)) {
-                       nt_status = NT_STATUS_ACCESS_DENIED;
-                       goto nt_error;
-               }
+       if (cli_simple_set_signing(state->cli, state->session_key_krb5,
+                                  data_blob_null)
+           && !cli_check_sign_mac(state->cli, inbuf, 1)) {
+               TALLOC_FREE(subreq);
+               tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+               return;
        }
+       TALLOC_FREE(subreq);
+       tevent_req_done(req);
+}
+
+static ADS_STATUS cli_session_setup_kerberos_recv(struct tevent_req *req)
+{
+       struct cli_session_setup_kerberos_state *state = tevent_req_data(
+               req, struct cli_session_setup_kerberos_state);
+       NTSTATUS status;
 
-       data_blob_free(&negTokenTarg);
-       data_blob_free(&session_key_krb5);
+       if (tevent_req_is_nterror(req, &status)) {
+               return ADS_ERROR_NT(status);
+       }
+       return state->ads_status;
+}
 
-       return ADS_ERROR_NT(NT_STATUS_OK);
+static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli,
+                                            const char *principal,
+                                            const char *workgroup)
+{
+       struct tevent_context *ev;
+       struct tevent_req *req;
+       ADS_STATUS status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
 
-nt_error:
-       data_blob_free(&negTokenTarg);
-       data_blob_free(&session_key_krb5);
-       cli->vuid = 0;
-       return ADS_ERROR_NT(nt_status);
+       if (cli_has_async_calls(cli)) {
+               return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+       }
+       ev = tevent_context_init(talloc_tos());
+       if (ev == NULL) {
+               goto fail;
+       }
+       req = cli_session_setup_kerberos_send(ev, ev, cli, principal,
+                                             workgroup);
+       if (req == NULL) {
+               goto fail;
+       }
+       if (!tevent_req_poll(req, ev)) {
+               status = ADS_ERROR_SYSTEM(errno);
+               goto fail;
+       }
+       status = cli_session_setup_kerberos_recv(req);
+fail:
+       TALLOC_FREE(ev);
+       return status;
 }
 #endif /* HAVE_KRB5 */
 
-
 /****************************************************************************
  Do a spnego/NTLMSSP encrypted session setup.
 ****************************************************************************/
 
-static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *user, 
-                                         const char *pass, const char *domain)
-{
+struct cli_session_setup_ntlmssp_state {
+       struct tevent_context *ev;
+       struct cli_state *cli;
        struct ntlmssp_state *ntlmssp_state;
-       NTSTATUS nt_status;
-       int turn = 1;
-       DATA_BLOB msg1;
-       DATA_BLOB blob = data_blob_null;
-       DATA_BLOB blob_in = data_blob_null;
-       DATA_BLOB blob_out = data_blob_null;
+       int turn;
+       DATA_BLOB blob_out;
+};
 
-       cli_temp_set_signing(cli);
+static int cli_session_setup_ntlmssp_state_destructor(
+       struct cli_session_setup_ntlmssp_state *state)
+{
+       if (state->ntlmssp_state != NULL) {
+               ntlmssp_end(&state->ntlmssp_state);
+       }
+       return 0;
+}
 
-       if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
-               return nt_status;
+static void cli_session_setup_ntlmssp_done(struct tevent_req *req);
+
+static struct tevent_req *cli_session_setup_ntlmssp_send(
+       TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+       const char *user, const char *pass, const char *domain)
+{
+       struct tevent_req *req, *subreq;
+       struct cli_session_setup_ntlmssp_state *state;
+       NTSTATUS status;
+       DATA_BLOB blob_out;
+
+       req = tevent_req_create(mem_ctx, &state,
+                               struct cli_session_setup_ntlmssp_state);
+       if (req == NULL) {
+               return NULL;
        }
-       ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+       state->ev = ev;
+       state->cli = cli;
+       state->turn = 1;
 
-       if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
-               return nt_status;
+       state->ntlmssp_state = NULL;
+       talloc_set_destructor(
+               state, cli_session_setup_ntlmssp_state_destructor);
+
+       cli_temp_set_signing(cli);
+
+       status = ntlmssp_client_start(&state->ntlmssp_state);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
        }
-       if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
-               return nt_status;
+       ntlmssp_want_feature(state->ntlmssp_state,
+                            NTLMSSP_FEATURE_SESSION_KEY);
+       status = ntlmssp_set_username(state->ntlmssp_state, user);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
        }
-       if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, pass))) {
-               return nt_status;
+       status = ntlmssp_set_domain(state->ntlmssp_state, domain);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
+       }
+       status = ntlmssp_set_password(state->ntlmssp_state, pass);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
+       }
+       status = ntlmssp_update(state->ntlmssp_state, data_blob_null,
+                               &blob_out);
+       if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+               goto fail;
        }
 
-       do {
-               nt_status = ntlmssp_update(ntlmssp_state, 
-                                                 blob_in, &blob_out);
-               data_blob_free(&blob_in);
-               if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(nt_status)) {
-                       if (turn == 1) {
-                               /* and wrap it in a SPNEGO wrapper */
-                               msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
-                       } else {
-                               /* wrap it in SPNEGO */
-                               msg1 = spnego_gen_auth(blob_out);
-                       }
-
-                       /* now send that blob on its way */
-                       if (!cli_session_setup_blob_send(cli, msg1)) {
-                               DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n"));
-                               nt_status = NT_STATUS_UNSUCCESSFUL;
-                       } else {
-                               blob = cli_session_setup_blob_receive(cli);
-
-                               nt_status = cli_nt_error(cli);
-                               if (cli_is_error(cli) && NT_STATUS_IS_OK(nt_status)) {
-                                       if (cli->smb_rw_error == SMB_READ_BAD_SIG) {
-                                               nt_status = NT_STATUS_ACCESS_DENIED;
-                                       } else {
-                                               nt_status = NT_STATUS_UNSUCCESSFUL;
-                                       }
-                               }
-                       }
-                       data_blob_free(&msg1);
-               }
+       state->blob_out = gen_negTokenInit(OID_NTLMSSP, blob_out);
+       data_blob_free(&blob_out);
 
-               if (!blob.length) {
-                       if (NT_STATUS_IS_OK(nt_status)) {
-                               nt_status = NT_STATUS_UNSUCCESSFUL;
-                       }
-               } else if ((turn == 1) && 
-                          NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-                       DATA_BLOB tmp_blob = data_blob_null;
-                       /* the server might give us back two challenges */
-                       if (!spnego_parse_challenge(blob, &blob_in, 
-                                                   &tmp_blob)) {
-                               DEBUG(3,("Failed to parse challenges\n"));
-                               nt_status = NT_STATUS_INVALID_PARAMETER;
-                       }
-                       data_blob_free(&tmp_blob);
-               } else {
-                       if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP, 
-                                                       &blob_in)) {
-                               DEBUG(3,("Failed to parse auth response\n"));
-                               if (NT_STATUS_IS_OK(nt_status) 
-                                   || NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) 
-                                       nt_status = NT_STATUS_INVALID_PARAMETER;
-                       }
-               }
-               data_blob_free(&blob);
-               data_blob_free(&blob_out);
-               turn++;
-       } while (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED));
+       subreq = cli_sesssetup_blob_send(state, ev, cli, state->blob_out);
+       if (tevent_req_nomem(subreq, req)) {
+               return tevent_req_post(req, ev);
+       }
+       tevent_req_set_callback(subreq, cli_session_setup_ntlmssp_done, req);
+       return req;
+fail:
+       tevent_req_nterror(req, status);
+       return tevent_req_post(req, ev);
+}
 
-       data_blob_free(&blob_in);
+static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq)
+{
+       struct tevent_req *req = tevent_req_callback_data(
+               subreq, struct tevent_req);
+       struct cli_session_setup_ntlmssp_state *state = tevent_req_data(
+               req, struct cli_session_setup_ntlmssp_state);
+       DATA_BLOB blob_in, msg_in, blob_out;
+       char *inbuf = NULL;
+       bool parse_ret;
+       NTSTATUS status;
 
-       if (NT_STATUS_IS_OK(nt_status)) {
+       status = cli_sesssetup_blob_recv(subreq, talloc_tos(), &blob_in,
+                                        &inbuf);
+       TALLOC_FREE(subreq);
+       data_blob_free(&state->blob_out);
 
-               if (cli->server_domain[0] == '\0') {
-                       fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
+       if (NT_STATUS_IS_OK(status)) {
+               if (state->cli->server_domain[0] == '\0') {
+                       fstrcpy(state->cli->server_domain,
+                               state->ntlmssp_state->server_domain);
                }
-               cli_set_session_key(cli, ntlmssp_state->session_key);
+               cli_set_session_key(
+                       state->cli, state->ntlmssp_state->session_key);
 
                if (cli_simple_set_signing(
-                           cli, ntlmssp_state->session_key, data_blob_null)) {
+                           state->cli, state->ntlmssp_state->session_key,
+                           data_blob_null)
+                   && !cli_check_sign_mac(state->cli, inbuf, 1)) {
+                       TALLOC_FREE(subreq);
+                       tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+                       return;
+               }
+               TALLOC_FREE(subreq);
+               ntlmssp_end(&state->ntlmssp_state);
+               tevent_req_done(req);
+               return;
+       }
+       if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+               tevent_req_nterror(req, status);
+               return;
+       }
 
-                       if (!cli_check_sign_mac(cli, cli->inbuf, 1)) {
-                               nt_status = NT_STATUS_ACCESS_DENIED;
-                       }
+       if (blob_in.length == 0) {
+               tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
+               return;
+       }
+
+       if ((state->turn == 1)
+           && NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+               DATA_BLOB tmp_blob = data_blob_null;
+               /* the server might give us back two challenges */
+               parse_ret = spnego_parse_challenge(blob_in, &msg_in,
+                                                  &tmp_blob);
+               data_blob_free(&tmp_blob);
+       } else {
+               parse_ret = spnego_parse_auth_response(blob_in, status,
+                                                      OID_NTLMSSP, &msg_in);
+       }
+       state->turn += 1;
+
+       if (!parse_ret) {
+               DEBUG(3,("Failed to parse auth response\n"));
+               if (NT_STATUS_IS_OK(status)
+                   || NT_STATUS_EQUAL(status,
+                                      NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+                       tevent_req_nterror(
+                               req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+                       return;
                }
        }
 
-       /* we have a reference conter on ntlmssp_state, if we are signing
-          then the state will be kept by the signing engine */
+       status = ntlmssp_update(state->ntlmssp_state, msg_in, &blob_out);
 
-       ntlmssp_end(&ntlmssp_state);
+       if (!NT_STATUS_IS_OK(status)
+           && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+               TALLOC_FREE(subreq);
+               ntlmssp_end(&state->ntlmssp_state);
+               tevent_req_nterror(req, status);
+               return;
+       }
 
-       if (!NT_STATUS_IS_OK(nt_status)) {
-               cli->vuid = 0;
+       state->blob_out = spnego_gen_auth(blob_out);
+       TALLOC_FREE(subreq);
+       if (tevent_req_nomem(state->blob_out.data, req)) {
+               return;
+       }
+
+       subreq = cli_sesssetup_blob_send(state, state->ev, state->cli,
+                                        state->blob_out);
+       if (tevent_req_nomem(subreq, req)) {
+               return;
+       }
+       tevent_req_set_callback(subreq, cli_session_setup_ntlmssp_done, req);
+}
+
+static NTSTATUS cli_session_setup_ntlmssp_recv(struct tevent_req *req)
+{
+       struct cli_session_setup_ntlmssp_state *state = tevent_req_data(
+               req, struct cli_session_setup_ntlmssp_state);
+       NTSTATUS status;
+
+       if (tevent_req_is_nterror(req, &status)) {
+               state->cli->vuid = 0;
+               return status;
+       }
+       return NT_STATUS_OK;
+}
+
+static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli,
+                                         const char *user,
+                                         const char *pass,
+                                         const char *domain)
+{
+       struct tevent_context *ev;
+       struct tevent_req *req;
+       NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+       if (cli_has_async_calls(cli)) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+       ev = tevent_context_init(talloc_tos());
+       if (ev == NULL) {
+               goto fail;
+       }
+       req = cli_session_setup_ntlmssp_send(ev, ev, cli, user, pass, domain);
+       if (req == NULL) {
+               goto fail;
        }
-       return nt_status;
+       if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+               goto fail;
+       }
+       status = cli_session_setup_ntlmssp_recv(req);
+fail:
+       TALLOC_FREE(ev);
+       if (!NT_STATUS_IS_OK(status)) {
+               cli_set_error(cli, status);
+       }
+       return status;
 }
 
 /****************************************************************************
@@ -1251,25 +1463,88 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
  Send a uloggoff.
 *****************************************************************************/
 
-bool cli_ulogoff(struct cli_state *cli)
+struct cli_ulogoff_state {
+       struct cli_state *cli;
+       uint16_t vwv[2];
+};
+
+static void cli_ulogoff_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_ulogoff_send(TALLOC_CTX *mem_ctx,
+                                   struct tevent_context *ev,
+                                   struct cli_state *cli)
 {
-       memset(cli->outbuf,'\0',smb_size);
-       cli_set_message(cli->outbuf,2,0,True);
-       SCVAL(cli->outbuf,smb_com,SMBulogoffX);
-       cli_setup_packet(cli);
-       SSVAL(cli->outbuf,smb_vwv0,0xFF);
-       SSVAL(cli->outbuf,smb_vwv2,0);  /* no additional info */
+       struct tevent_req *req, *subreq;
+       struct cli_ulogoff_state *state;
 
-       cli_send_smb(cli);
-       if (!cli_receive_smb(cli))
-               return False;
+       req = tevent_req_create(mem_ctx, &state, struct cli_ulogoff_state);
+       if (req == NULL) {
+               return NULL;
+       }
+       state->cli = cli;
 
-       if (cli_is_error(cli)) {
-               return False;
+       SCVAL(state->vwv+0, 0, 0xFF);
+       SCVAL(state->vwv+1, 0, 0);
+       SSVAL(state->vwv+2, 0, 0);
+
+       subreq = cli_smb_send(state, ev, cli, SMBulogoffX, 0, 2, state->vwv,
+                             0, NULL);
+       if (tevent_req_nomem(subreq, req)) {
+               return tevent_req_post(req, ev);
+       }
+       tevent_req_set_callback(subreq, cli_ulogoff_done, req);
+       return req;
+}
+
+static void cli_ulogoff_done(struct tevent_req *subreq)
+{
+       struct tevent_req *req = tevent_req_callback_data(
+               subreq, struct tevent_req);
+       struct cli_ulogoff_state *state = tevent_req_data(
+               req, struct cli_ulogoff_state);
+       NTSTATUS status;
+
+       status = cli_smb_recv(subreq, 0, NULL, NULL, NULL, NULL);
+       if (!NT_STATUS_IS_OK(status)) {
+               tevent_req_nterror(req, status);
+               return;
        }
+       state->cli->vuid = -1;
+       tevent_req_done(req);
+}
+
+NTSTATUS cli_ulogoff_recv(struct tevent_req *req)
+{
+       return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_ulogoff(struct cli_state *cli)
+{
+       struct tevent_context *ev;
+       struct tevent_req *req;
+       NTSTATUS status = NT_STATUS_NO_MEMORY;
 
-        cli->vuid = -1;
-        return True;
+       if (cli_has_async_calls(cli)) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+       ev = tevent_context_init(talloc_tos());
+       if (ev == NULL) {
+               goto fail;
+       }
+       req = cli_ulogoff_send(ev, ev, cli);
+       if (req == NULL) {
+               goto fail;
+       }
+       if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+               goto fail;
+       }
+       status = cli_ulogoff_recv(req);
+fail:
+       TALLOC_FREE(ev);
+       if (!NT_STATUS_IS_OK(status)) {
+               cli_set_error(cli, status);
+       }
+       return status;
 }
 
 /****************************************************************************
@@ -1536,24 +1811,83 @@ NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
  Send a tree disconnect.
 ****************************************************************************/
 
-bool cli_tdis(struct cli_state *cli)
+struct cli_tdis_state {
+       struct cli_state *cli;
+};
+
+static void cli_tdis_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_tdis_send(TALLOC_CTX *mem_ctx,
+                                struct tevent_context *ev,
+                                struct cli_state *cli)
 {
-       memset(cli->outbuf,'\0',smb_size);
-       cli_set_message(cli->outbuf,0,0,True);
-       SCVAL(cli->outbuf,smb_com,SMBtdis);
-       SSVAL(cli->outbuf,smb_tid,cli->cnum);
-       cli_setup_packet(cli);
+       struct tevent_req *req, *subreq;
+       struct cli_tdis_state *state;
 
-       cli_send_smb(cli);
-       if (!cli_receive_smb(cli))
-               return False;
+       req = tevent_req_create(mem_ctx, &state, struct cli_tdis_state);
+       if (req == NULL) {
+               return NULL;
+       }
+       state->cli = cli;
 
-       if (cli_is_error(cli)) {
-               return False;
+       subreq = cli_smb_send(state, ev, cli, SMBtdis, 0, 0, NULL, 0, NULL);
+       if (tevent_req_nomem(subreq, req)) {
+               return tevent_req_post(req, ev);
        }
+       tevent_req_set_callback(subreq, cli_tdis_done, req);
+       return req;
+}
 
-       cli->cnum = -1;
-       return True;
+static void cli_tdis_done(struct tevent_req *subreq)
+{
+       struct tevent_req *req = tevent_req_callback_data(
+               subreq, struct tevent_req);
+       struct cli_tdis_state *state = tevent_req_data(
+               req, struct cli_tdis_state);
+       NTSTATUS status;
+
+       status = cli_smb_recv(subreq, 0, NULL, NULL, NULL, NULL);
+       TALLOC_FREE(subreq);
+       if (!NT_STATUS_IS_OK(status)) {
+               tevent_req_nterror(req, status);
+               return;
+       }
+       state->cli->cnum = -1;
+       tevent_req_done(req);
+}
+
+NTSTATUS cli_tdis_recv(struct tevent_req *req)
+{
+       return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_tdis(struct cli_state *cli)
+{
+       struct tevent_context *ev;
+       struct tevent_req *req;
+       NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+       if (cli_has_async_calls(cli)) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+       ev = tevent_context_init(talloc_tos());
+       if (ev == NULL) {
+               goto fail;
+       }
+       req = cli_tdis_send(ev, ev, cli);
+       if (req == NULL) {
+               goto fail;
+       }
+       if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+               goto fail;
+       }
+       status = cli_tdis_recv(req);
+fail:
+       TALLOC_FREE(ev);
+       if (!NT_STATUS_IS_OK(status)) {
+               cli_set_error(cli, status);
+       }
+       return status;
 }
 
 /****************************************************************************
@@ -1671,6 +2005,7 @@ static void cli_negprot_done(struct tevent_req *subreq)
        status = cli_smb_recv(subreq, 1, &wct, &vwv, &num_bytes, &bytes);
        if (!NT_STATUS_IS_OK(status)) {
                TALLOC_FREE(subreq);
+               tevent_req_nterror(req, status);
                return;
        }
 
index afae4ff2ab1aa98c1a51bb6027faf84d89b7f5d1..99f52f4ca7b2eaf540eb9db2aac06c871910753a 100644 (file)
@@ -993,6 +993,7 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
        bool res;
        uint16 cnum;
        char *newextrapath = NULL;
+       NTSTATUS status;
 
        if (!cli || !sharename) {
                return false;
@@ -1020,7 +1021,7 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
        }
 
        if (force_encrypt) {
-               NTSTATUS status = cli_cm_force_encryption(cli,
+               status = cli_cm_force_encryption(cli,
                                        username,
                                        password,
                                        lp_workgroup(),
@@ -1032,7 +1033,8 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
 
        res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
 
-       if (!cli_tdis(cli)) {
+       status = cli_tdis(cli);
+       if (!NT_STATUS_IS_OK(status)) {
                return false;
        }
 
index ec690b4d823e9448d651508aa43f61d56585cfbc..38382e4af7761e4725c79856d5e8a52f111fc1de 100644 (file)
@@ -20,6 +20,7 @@
 
 #include "includes.h"
 #include "../libcli/auth/spnego.h"
+#include "ntlmssp.h"
 
 /****************************************************************************
  Get UNIX extensions version info.
index b440d610485b830912c9d90792deef1c4a43e53f..85a09cc9ce0d4845ba287d1ecd298f63b59e9333 100644 (file)
@@ -7,17 +7,18 @@
    Copyright (C) Andrew Bartlett       2002
    Copyright (C) Gerald (Jerry) Carter         2003
    Copyright (C) Marc VanHeyningen      2008
-   
+   Copyright (C) Volker Lendecke       2009
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.         See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
  */
 
 
-/**
- * prefix used for all entries put into the general cache
- */
-static const char NEGATIVE_CONN_CACHE_PREFIX[] = "NEG_CONN_CACHE";
-
 /**
  * Marshalls the domain and server name into the key for the gencache
  * record
@@ -53,15 +49,16 @@ static const char NEGATIVE_CONN_CACHE_PREFIX[] = "NEG_CONN_CACHE";
  */
 static char *negative_conn_cache_keystr(const char *domain, const char *server)
 {
-       const char NEGATIVE_CONN_CACHE_KEY_FMT[] = "%s/%s,%s";
        char *keystr = NULL;
 
-       SMB_ASSERT(domain != NULL);
+       if (domain == NULL) {
+               return NULL;
+       }
        if (server == NULL)
                server = "";
 
-       keystr = talloc_asprintf(talloc_tos(),NEGATIVE_CONN_CACHE_KEY_FMT,
-                                NEGATIVE_CONN_CACHE_PREFIX, domain, server);
+       keystr = talloc_asprintf(talloc_tos(), "NEG_CONN_CACHE/%s,%s",
+                                domain, server);
        if (keystr == NULL) {
                DEBUG(0, ("negative_conn_cache_keystr: malloc error\n"));
        }
@@ -100,13 +97,16 @@ static char *negative_conn_cache_valuestr(NTSTATUS status)
  */
 static NTSTATUS negative_conn_cache_valuedecode(const char *value)
 {
-       NTSTATUS result = NT_STATUS_OK;
+       unsigned int v = NT_STATUS_V(NT_STATUS_INTERNAL_ERROR);;
 
-       SMB_ASSERT(value != NULL);
-       if (sscanf(value, "%x", &(NT_STATUS_V(result))) != 1)
-               DEBUG(0, ("negative_conn_cache_valuestr: unable to parse "
+       if (value != NULL) {
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+       if (sscanf(value, "%x", &v) != 1) {
+               DEBUG(0, ("negative_conn_cache_valuedecode: unable to parse "
                          "value field '%s'\n", value));
-       return result;
+       }
+       return NT_STATUS(v);
 }
 
 /**
@@ -143,7 +143,7 @@ NTSTATUS check_negative_conn_cache( const char *domain, const char *server)
        if (key == NULL)
                goto done;
 
-       if (gencache_get(key, &value, (time_t *) NULL))
+       if (gencache_get(key, &value, NULL))
                result = negative_conn_cache_valuedecode(value);
  done:
        DEBUG(9,("check_negative_conn_cache returning result %d for domain %s "
@@ -153,29 +153,6 @@ NTSTATUS check_negative_conn_cache( const char *domain, const char *server)
        return result;
 }
 
-/**
- * Delete any negative cache entry for the given domain/server
- *
- * @param[in] domain
- * @param[in] server may be either a FQDN or an IP address
- */
-void delete_negative_conn_cache(const char *domain, const char *server)
-{
-       char *key = NULL;
-
-       key = negative_conn_cache_keystr(domain, server);
-       if (key == NULL)
-               goto done;
-
-       gencache_del(key);
-       DEBUG(9,("delete_negative_conn_cache removing domain %s server %s\n",
-                 domain, server));
- done:
-       TALLOC_FREE(key);
-       return;
-}
-
-
 /**
  * Add an entry to the failed connection cache
  *
@@ -189,7 +166,10 @@ void add_failed_connection_entry(const char *domain, const char *server,
        char *key = NULL;
        char *value = NULL;
 
-       SMB_ASSERT(!NT_STATUS_IS_OK(result));
+       if (NT_STATUS_IS_OK(result)) {
+               /* Nothing failed here */
+               return;
+       }
 
        key = negative_conn_cache_keystr(domain, server);
        if (key == NULL) {
@@ -204,30 +184,20 @@ void add_failed_connection_entry(const char *domain, const char *server,
        }
 
        if (gencache_set(key, value,
-                        time((time_t *) NULL)
-                        + FAILED_CONNECTION_CACHE_TIMEOUT))
+                        time(NULL) + FAILED_CONNECTION_CACHE_TIMEOUT))
                DEBUG(9,("add_failed_connection_entry: added domain %s (%s) "
                          "to failed conn cache\n", domain, server ));
        else
                DEBUG(1,("add_failed_connection_entry: failed to add "
                          "domain %s (%s) to failed conn cache\n",
                          domain, server));
-       
+
  done:
        TALLOC_FREE(key);
        TALLOC_FREE(value);
        return;
 }
 
-/**
- * Deletes all records from the negative connection cache in all domains
- */
-void flush_negative_conn_cache( void )
-{
-       flush_negative_conn_cache_for_domain("*");
-}
-
-
 /**
  * Deletes all records for a specified domain from the negative connection
  * cache
@@ -246,10 +216,10 @@ void flush_negative_conn_cache_for_domain(const char *domain)
                goto done;
        }
 
-       gencache_iterate(delete_matches, (void *) NULL, key_pattern);
+       gencache_iterate(delete_matches, NULL, key_pattern);
        DEBUG(8, ("flush_negative_conn_cache_for_domain: flushed domain %s\n",
                  domain));
-       
+
  done:
        TALLOC_FREE(key_pattern);
        return;
index 0285f22be479b280ce9b22720c6be0d680d364e1..48b3eb32d96bd38b2246d67c208891de0b7e6fef 100644 (file)
@@ -146,7 +146,7 @@ static const struct {
        {ERRDOS,        87,     NT_STATUS_BAD_WORKING_SET_LIMIT},
        {ERRDOS,        87,     NT_STATUS_INCOMPATIBLE_FILE_MAP},
        {ERRDOS,        87,     NT_STATUS_SECTION_PROTECTION},
-       {ERRDOS,        282,    NT_STATUS_EAS_NOT_SUPPORTED},
+       {ERRDOS,        ERReasnotsupported,     NT_STATUS_EAS_NOT_SUPPORTED},
        {ERRDOS,        255,    NT_STATUS_EA_TOO_LARGE},
        {ERRHRD,        ERRgeneral,     NT_STATUS_NONEXISTENT_EA_ENTRY},
        {ERRHRD,        ERRgeneral,     NT_STATUS_NO_EAS_ON_FILE},
@@ -708,7 +708,7 @@ static const struct {
        {ERRDOS,        276,    NT_STATUS_NONEXISTENT_EA_ENTRY},
        {ERRDOS,        277,    NT_STATUS_NONEXISTENT_EA_ENTRY},
        {ERRDOS,        278,    NT_STATUS_NONEXISTENT_EA_ENTRY},
-       {ERRDOS,        282,    NT_STATUS_EAS_NOT_SUPPORTED},
+       {ERRDOS,        ERReasnotsupported,     NT_STATUS_EAS_NOT_SUPPORTED},
        {ERRDOS,        288,    NT_STATUS_MUTANT_NOT_OWNED},
        {ERRDOS,        298,    NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED},
        {ERRDOS,        299,    NT_STATUS(0x8000000d)},
@@ -841,7 +841,7 @@ static const struct {
        {ERRHRD,        276,    NT_STATUS_NONEXISTENT_EA_ENTRY},
        {ERRHRD,        277,    NT_STATUS_NONEXISTENT_EA_ENTRY},
        {ERRHRD,        278,    NT_STATUS_NONEXISTENT_EA_ENTRY},
-       {ERRHRD,        282,    NT_STATUS_EAS_NOT_SUPPORTED},
+       {ERRHRD,        ERReasnotsupported,     NT_STATUS_EAS_NOT_SUPPORTED},
        {ERRHRD,        288,    NT_STATUS_MUTANT_NOT_OWNED},
        {ERRHRD,        298,    NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED},
        {ERRHRD,        299,    NT_STATUS(0x8000000d)},
index 53cd3d5a77d730c301baeae0d786bf56bbe5ac71..f9770d363ca94e0ad541fbc11773c5d22dc81510 100644 (file)
@@ -151,12 +151,14 @@ SMBC_get_cached_server(SMBCCTX * context,
                          * attribute server connection) is cool.
                          */
                         if (smbc_getOptionOneSharePerServer(context)) {
+                               NTSTATUS status;
                                 /*
                                  * The currently connected share name
                                  * doesn't match the requested share, so
                                  * disconnect from the current share.
                                  */
-                                if (! cli_tdis(srv->server->cli)) {
+                               status = cli_tdis(srv->server->cli);
+                               if (!NT_STATUS_IS_OK(status)) {
                                         /* Sigh. Couldn't disconnect. */
                                         cli_shutdown(srv->server->cli);
                                        srv->server->cli = NULL;
index 60c1d49bb0d76560a84086bf8a47c924e5019e1d..7fffe7cea30e3e3f9541e1666eb66e5a0db502a4 100644 (file)
 */
 
 #include "includes.h"
+#include "ntlmssp.h"
 #include "../libcli/auth/libcli_auth.h"
 #include "../librpc/gen_ndr/ndr_ntlmssp.h"
-#include "libsmb/ntlmssp_ndr.h"
+#include "../libcli/auth/ntlmssp_ndr.h"
 
 static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
                                       DATA_BLOB reply, DATA_BLOB *next_request);
@@ -41,8 +42,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
  */
 
 static const struct ntlmssp_callbacks {
-       enum NTLMSSP_ROLE role;
-       enum NTLM_MESSAGE_TYPE ntlmssp_command;
+       enum ntlmssp_role role;
+       enum ntlmssp_message_type ntlmssp_command;
        NTSTATUS (*fn)(struct ntlmssp_state *ntlmssp_state,
                       DATA_BLOB in, DATA_BLOB *out);
 } ntlmssp_callbacks[] = {
@@ -111,10 +112,11 @@ void debug_ntlmssp_flags(uint32 neg_flags)
  *
  */
 
-static void get_challenge(const struct ntlmssp_state *ntlmssp_state,
-                         uint8_t chal[8])
+static NTSTATUS get_challenge(const struct ntlmssp_state *ntlmssp_state,
+                             uint8_t chal[8])
 {
        generate_random_buffer(chal, 8);
+       return NT_STATUS_OK;
 }
 
 /**
@@ -145,7 +147,7 @@ static NTSTATUS set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *ch
  *
  */
 
-NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user)
+NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user)
 {
        ntlmssp_state->user = talloc_strdup(ntlmssp_state, user ? user : "" );
        if (!ntlmssp_state->user) {
@@ -158,7 +160,7 @@ NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user)
  * Store NT and LM hashes on an NTLMSSP context - ensures they are talloc()ed
  *
  */
-NTSTATUS ntlmssp_set_hashes(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state,
                const unsigned char lm_hash[16],
                const unsigned char nt_hash[16])
 {
@@ -178,7 +180,7 @@ NTSTATUS ntlmssp_set_hashes(NTLMSSP_STATE *ntlmssp_state,
  * Converts a password to the hashes on an NTLMSSP context.
  *
  */
-NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password)
+NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password)
 {
        if (!password) {
                ntlmssp_state->lm_hash = NULL;
@@ -198,7 +200,7 @@ NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password
  * Set a domain on an NTLMSSP context - ensures it is talloc()ed
  *
  */
-NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain)
+NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain)
 {
        ntlmssp_state->domain = talloc_strdup(ntlmssp_state,
                                              domain ? domain : "" );
@@ -212,7 +214,7 @@ NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain)
  * Set a workstation on an NTLMSSP context - ensures it is talloc()ed
  *
  */
-NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *workstation)
+NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char *workstation)
 {
        ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation);
        if (!ntlmssp_state->workstation) {
@@ -221,27 +223,13 @@ NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *works
        return NT_STATUS_OK;
 }
 
-/**
- *  Store a DATA_BLOB containing an NTLMSSP response, for use later.
- *  This copies the data blob
- */
-
-NTSTATUS ntlmssp_store_response(NTLMSSP_STATE *ntlmssp_state,
-                               DATA_BLOB response)
-{
-       ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state,
-                                                         response.data,
-                                                         response.length);
-       return NT_STATUS_OK;
-}
-
 /**
  * Request features for the NTLMSSP negotiation
  *
  * @param ntlmssp_state NTLMSSP state
  * @param feature_list List of space seperated features requested from NTLMSSP.
  */
-void ntlmssp_want_feature_list(NTLMSSP_STATE *ntlmssp_state, char *feature_list)
+void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list)
 {
        /*
         * We need to set this to allow a later SetPassword
@@ -265,7 +253,7 @@ void ntlmssp_want_feature_list(NTLMSSP_STATE *ntlmssp_state, char *feature_list)
  * @param ntlmssp_state NTLMSSP state
  * @param feature Bit flag specifying the requested feature
  */
-void ntlmssp_want_feature(NTLMSSP_STATE *ntlmssp_state, uint32 feature)
+void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature)
 {
        /* As per JRA's comment above */
        if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
@@ -288,10 +276,9 @@ void ntlmssp_want_feature(NTLMSSP_STATE *ntlmssp_state, uint32 feature)
  * @return Errors, NT_STATUS_MORE_PROCESSING_REQUIRED or NT_STATUS_OK.
  */
 
-NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state,
-                       const DATA_BLOB in, DATA_BLOB *out)
+NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
+                       const DATA_BLOB input, DATA_BLOB *out)
 {
-       DATA_BLOB input;
        uint32 ntlmssp_command;
        int i;
 
@@ -303,15 +290,6 @@ NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state,
 
        *out = data_blob_null;
 
-       if (!in.length && ntlmssp_state->stored_response.length) {
-               input = ntlmssp_state->stored_response;
-
-               /* we only want to read the stored response once - overwrite it */
-               ntlmssp_state->stored_response = data_blob_null;
-       } else {
-               input = in;
-       }
-
        if (!input.length) {
                switch (ntlmssp_state->role) {
                case NTLMSSP_CLIENT:
@@ -356,16 +334,12 @@ NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state,
  * @param ntlmssp_state NTLMSSP State, free()ed by this function
  */
 
-void ntlmssp_end(NTLMSSP_STATE **ntlmssp_state)
+void ntlmssp_end(struct ntlmssp_state **ntlmssp_state)
 {
-       (*ntlmssp_state)->ref_count--;
-
-       if ((*ntlmssp_state)->ref_count == 0) {
-               data_blob_free(&(*ntlmssp_state)->chal);
-               data_blob_free(&(*ntlmssp_state)->lm_resp);
-               data_blob_free(&(*ntlmssp_state)->nt_resp);
-               TALLOC_FREE(*ntlmssp_state);
-       }
+       data_blob_free(&(*ntlmssp_state)->chal);
+       data_blob_free(&(*ntlmssp_state)->lm_resp);
+       data_blob_free(&(*ntlmssp_state)->nt_resp);
+       TALLOC_FREE(*ntlmssp_state);
 
        *ntlmssp_state = NULL;
        return;
@@ -466,7 +440,7 @@ static void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
  by the client lanman auth/lanman auth parameters, it isn't too bad.
 */
 
-DATA_BLOB ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state, TALLOC_CTX *mem_ctx)
+DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx)
 {
        DATA_BLOB weakened_key = data_blob_talloc(mem_ctx,
                                        ntlmssp_state->session_key.data,
@@ -520,6 +494,7 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
        const char *target_name;
        struct NEGOTIATE_MESSAGE negotiate;
        struct CHALLENGE_MESSAGE challenge;
+       NTSTATUS status;
 
        /* parse the NTLMSSP packet */
 #if 0
@@ -552,7 +527,10 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
        ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, lp_lanman_auth());
 
        /* Ask our caller what challenge they would like in the packet */
-       ntlmssp_state->get_challenge(ntlmssp_state, cryptkey);
+       status = ntlmssp_state->get_challenge(ntlmssp_state, cryptkey);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
 
        /* Check if we may set the challenge */
        if (!ntlmssp_state->may_set_challenge(ntlmssp_state)) {
@@ -902,9 +880,9 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
  * @param ntlmssp_state NTLMSSP State, allocated by this function
  */
 
-NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state)
+NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state)
 {
-       *ntlmssp_state = TALLOC_ZERO_P(NULL, NTLMSSP_STATE);
+       *ntlmssp_state = TALLOC_ZERO_P(NULL, struct ntlmssp_state);
        if (!*ntlmssp_state) {
                DEBUG(0,("ntlmssp_server_start: talloc failed!\n"));
                talloc_destroy(*ntlmssp_state);
@@ -923,8 +901,6 @@ NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state)
 
        (*ntlmssp_state)->expected_state = NTLMSSP_NEGOTIATE;
 
-       (*ntlmssp_state)->ref_count = 1;
-
        (*ntlmssp_state)->neg_flags =
                NTLMSSP_NEGOTIATE_128 |
                NTLMSSP_NEGOTIATE_56 |
@@ -1239,9 +1215,9 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
        return nt_status;
 }
 
-NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state)
+NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state)
 {
-       *ntlmssp_state = TALLOC_ZERO_P(NULL, NTLMSSP_STATE);
+       *ntlmssp_state = TALLOC_ZERO_P(NULL, struct ntlmssp_state);
        if (!*ntlmssp_state) {
                DEBUG(0,("ntlmssp_client_start: talloc failed!\n"));
                talloc_destroy(*ntlmssp_state);
@@ -1259,8 +1235,6 @@ NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state)
 
        (*ntlmssp_state)->expected_state = NTLMSSP_INITIAL;
 
-       (*ntlmssp_state)->ref_count = 1;
-
        (*ntlmssp_state)->neg_flags =
                NTLMSSP_NEGOTIATE_128 |
                NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
index 752749cdd8a372a96b7f3d426290ecdfa9a70fe7..3fd22ce73f53358bf6874da13bd98933f7f86794 100644 (file)
@@ -19,6 +19,7 @@
  */
 
 #include "includes.h"
+#include "ntlmssp.h"
 #include "../libcli/auth/libcli_auth.h"
 
 #define CLI_SIGN "session key to client-to-server signing key magic constant"
@@ -58,7 +59,7 @@ enum ntlmssp_direction {
        NTLMSSP_RECEIVE
 };
 
-static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
+static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_state,
                                                const uchar *data, size_t length,
                                                const uchar *whole_pdu, size_t pdu_length,
                                                enum ntlmssp_direction direction,
@@ -76,27 +77,27 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
                }
 
                switch (direction) {
-                       case NTLMSSP_SEND:
-                               DEBUG(100,("ntlmssp_make_packet_signature: SEND seq = %u, len = %u, pdu_len = %u\n",
-                                       ntlmssp_state->ntlm2_send_seq_num,
-                                       (unsigned int)length,
-                                       (unsigned int)pdu_length));
-
-                               SIVAL(seq_num, 0, ntlmssp_state->ntlm2_send_seq_num);
-                               ntlmssp_state->ntlm2_send_seq_num++;
-                               hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key, 16, &ctx);
-                               break;
-                       case NTLMSSP_RECEIVE:
+               case NTLMSSP_SEND:
+                       DEBUG(100,("ntlmssp_make_packet_signature: SEND seq = %u, len = %u, pdu_len = %u\n",
+                               ntlmssp_state->ntlm2_send_seq_num,
+                               (unsigned int)length,
+                               (unsigned int)pdu_length));
+
+                       SIVAL(seq_num, 0, ntlmssp_state->ntlm2_send_seq_num);
+                       ntlmssp_state->ntlm2_send_seq_num++;
+                       hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key, 16, &ctx);
+                       break;
+               case NTLMSSP_RECEIVE:
 
-                               DEBUG(100,("ntlmssp_make_packet_signature: RECV seq = %u, len = %u, pdu_len = %u\n",
-                                       ntlmssp_state->ntlm2_recv_seq_num,
-                                       (unsigned int)length,
-                                       (unsigned int)pdu_length));
+                       DEBUG(100,("ntlmssp_make_packet_signature: RECV seq = %u, len = %u, pdu_len = %u\n",
+                               ntlmssp_state->ntlm2_recv_seq_num,
+                               (unsigned int)length,
+                               (unsigned int)pdu_length));
 
-                               SIVAL(seq_num, 0, ntlmssp_state->ntlm2_recv_seq_num);
-                               ntlmssp_state->ntlm2_recv_seq_num++;
-                               hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key, 16, &ctx);
-                               break;
+                       SIVAL(seq_num, 0, ntlmssp_state->ntlm2_recv_seq_num);
+                       ntlmssp_state->ntlm2_recv_seq_num++;
+                       hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key, 16, &ctx);
+                       break;
                 }
 
                dump_data_pw("pdu data ", whole_pdu, pdu_length);
@@ -137,7 +138,7 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
        return NT_STATUS_OK;
 }
 
-NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_sign_packet(struct ntlmssp_state *ntlmssp_state,
                                    const uchar *data, size_t length,
                                    const uchar *whole_pdu, size_t pdu_length,
                                    DATA_BLOB *sig)
@@ -168,7 +169,7 @@ NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state,
  *
  */
 
-NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state,
                                const uchar *data, size_t length,
                                const uchar *whole_pdu, size_t pdu_length,
                                const DATA_BLOB *sig)
@@ -236,7 +237,7 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
  *
  */
 
-NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
                             uchar *data, size_t length,
                             uchar *whole_pdu, size_t pdu_length,
                             DATA_BLOB *sig)
@@ -302,7 +303,7 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
  *
  */
 
-NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
                                uchar *data, size_t length,
                                uchar *whole_pdu, size_t pdu_length,
                                DATA_BLOB *sig)
@@ -329,11 +330,9 @@ NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state,
 /**
    Initialise the state for NTLMSSP signing.
 */
-NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
+NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 {
-       unsigned char p24[24];
        TALLOC_CTX *mem_ctx;
-       ZERO_STRUCT(p24);
 
        mem_ctx = talloc_init("weak_keys");
        if (!mem_ctx) {
index 2f7305c5b65466c95439391b227fda70e12d18c8..ec879db5b42cb4b65f2585cf21fd18106f4d264a 100644 (file)
@@ -18,6 +18,7 @@
 */
 
 #include "includes.h"
+#include "ntlmssp.h"
 
 /******************************************************************************
  Pull out the encryption context for this packet. 0 means global context.
@@ -59,7 +60,7 @@ bool common_encryption_on(struct smb_trans_enc_state *es)
  output, so cope with the same for compatibility.
 ******************************************************************************/
 
-NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
+NTSTATUS common_ntlm_decrypt_buffer(struct ntlmssp_state *ntlmssp_state, char *buf)
 {
        NTSTATUS status;
        size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. */
@@ -107,7 +108,7 @@ NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
  output, so do the same for compatibility.
 ******************************************************************************/
 
-NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS common_ntlm_encrypt_buffer(struct ntlmssp_state *ntlmssp_state,
                                uint16 enc_ctx_num,
                                char *buf,
                                char **ppbuf_out)
index a3369363435b9eb99e4ef14fc25e2368356be0ff..0e18172a5861527586510c8dc57257c499509a53 100644 (file)
@@ -1,5 +1,6 @@
 # net message translation (german).
 # Copyright (C) 2009 Kai Blin  <kai@samba.org>
+# Copyright (C) 2009 André Hentschel  <nerv@dawncrow.de>
 # This file is distributed under the same license as the samba package.
 #
 #, fuzzy
@@ -8,11 +9,12 @@ msgstr ""
 "Project-Id-Version: @PACKAGE@\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2009-08-11 09:01+0200\n"
-"PO-Revision-Date: 2009-08-06 20:45+0200\n"
-"Last-Translator: Kai Blin  <kai@samba.org>\n"
+"PO-Revision-Date: 2009-12-26 19:20+0100\n"
+"Last-Translator: André Hentschel <nerv@dawncrow.de>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language-Team: \n"
 
 #: ../../utils/net.c:103
 msgid "Enter machine password: "
@@ -33,12 +35,14 @@ msgid ""
 "This function will change the ADS Domain member machine account password in the secrets.tdb file!\n"
 msgstr ""
 
-#: ../../utils/net.c:150 ../../utils/net.c:228
+#: ../../utils/net.c:150
+#: ../../utils/net.c:228
 #, c-format
 msgid "Unable to open secrets.tdb.  Can't fetch domain SID for name: %s\n"
 msgstr ""
 
-#: ../../utils/net.c:163 ../../utils/net.c:251
+#: ../../utils/net.c:163
+#: ../../utils/net.c:251
 #, c-format
 msgid "SID for domain %s is: %s\n"
 msgstr ""
@@ -88,7 +92,7 @@ msgstr ""
 
 #: ../../utils/net.c:317
 msgid "Run functions using RPC transport"
-msgstr ""
+msgstr "RPC Protokoll nutzen"
 
 #: ../../utils/net.c:318
 msgid "  Use 'net help rpc' to get more extensive information about 'net rpc' commands."
@@ -96,7 +100,7 @@ msgstr ""
 
 #: ../../utils/net.c:325
 msgid "Run functions using RAP transport"
-msgstr ""
+msgstr "RAP Protokoll nutzen"
 
 #: ../../utils/net.c:326
 msgid "  Use 'net help rap' to get more extensive information about 'net rap' commands."
@@ -104,7 +108,7 @@ msgstr ""
 
 #: ../../utils/net.c:333
 msgid "Run functions using ADS transport"
-msgstr ""
+msgstr "ADS Protokoll nutzen"
 
 #: ../../utils/net.c:334
 msgid "  Use 'net help ads' to get more extensive information about 'net ads' commands."
@@ -112,7 +116,7 @@ msgstr ""
 
 #: ../../utils/net.c:343
 msgid "Functions on remote opened files"
-msgstr ""
+msgstr "Freigegebene Dateien verwalten"
 
 #: ../../utils/net.c:344
 msgid "  Use 'net help file' to get more information about 'net file' commands."
@@ -120,7 +124,7 @@ msgstr ""
 
 #: ../../utils/net.c:351
 msgid "Functions on shares"
-msgstr ""
+msgstr "Freigaben verwalten"
 
 #: ../../utils/net.c:352
 msgid "  Use 'net help share' to get more information about 'net share' commands."
@@ -128,15 +132,16 @@ msgstr ""
 
 #: ../../utils/net.c:359
 msgid "Manage sessions"
-msgstr ""
+msgstr "Sitzungen verwalten"
 
 #: ../../utils/net.c:360
 msgid "  Use 'net help session' to get more information about 'net session' commands."
 msgstr ""
 
-#: ../../utils/net.c:367 ../../utils/net_rap.c:1291
+#: ../../utils/net.c:367
+#: ../../utils/net_rap.c:1291
 msgid "List servers in workgroup"
-msgstr ""
+msgstr "Server der Arbeitsgruppe auflisten"
 
 #: ../../utils/net.c:368
 msgid "  Use 'net help server' to get more information about 'net server' commands."
@@ -144,7 +149,7 @@ msgstr ""
 
 #: ../../utils/net.c:375
 msgid "List domains/workgroups on network"
-msgstr ""
+msgstr "Domänen/Arbeitsgruppen im Netzwerk auflisten"
 
 #: ../../utils/net.c:376
 msgid "  Use 'net help domain' to get more information about 'net domain' commands."
@@ -160,7 +165,7 @@ msgstr ""
 
 #: ../../utils/net.c:391
 msgid "Manage users"
-msgstr ""
+msgstr "Benutzer verwalten"
 
 #: ../../utils/net.c:392
 msgid "  Use 'net help user' to get more information about 'net user' commands."
@@ -168,7 +173,7 @@ msgstr ""
 
 #: ../../utils/net.c:399
 msgid "Manage groups"
-msgstr ""
+msgstr "Gruppen verwalten"
 
 #: ../../utils/net.c:400
 msgid "  Use 'net help group' to get more information about 'net group' commands."
@@ -176,7 +181,7 @@ msgstr ""
 
 #: ../../utils/net.c:407
 msgid "Manage group mappings"
-msgstr ""
+msgstr "Gruppenzuweisungen verwalten"
 
 #: ../../utils/net.c:408
 msgid "  Use 'net help groupmap' to get more information about 'net groupmap' commands."
@@ -200,7 +205,7 @@ msgstr ""
 
 #: ../../utils/net.c:431
 msgid "Modify group memberships"
-msgstr ""
+msgstr "Gruppenzugehörigkeiten verwalten"
 
 #: ../../utils/net.c:432
 msgid "  Use 'net help groupmember' to get more information about 'net groupmember' commands."
@@ -208,7 +213,7 @@ msgstr ""
 
 #: ../../utils/net.c:438
 msgid "Execute remote command on a remote OS/2 server"
-msgstr ""
+msgstr "Befehl auf einem entfernten OS/2 Server ausführen"
 
 #: ../../utils/net.c:439
 msgid "  Use 'net help admin' to get more information about 'net admin' commands."
@@ -216,7 +221,7 @@ msgstr ""
 
 #: ../../utils/net.c:445
 msgid "List/modify running services"
-msgstr ""
+msgstr "Zeige/Ändere laufende Dienste"
 
 #: ../../utils/net.c:446
 msgid "  Use 'net help service' to get more information about 'net service' commands."
@@ -240,7 +245,7 @@ msgstr ""
 
 #: ../../utils/net.c:467
 msgid "Change the secret password"
-msgstr ""
+msgstr "Das geheime Passwort ändern"
 
 #: ../../utils/net.c:468
 msgid ""
@@ -252,7 +257,7 @@ msgstr ""
 
 #: ../../utils/net.c:477
 msgid "Show/set time"
-msgstr ""
+msgstr "Zeigt/Setzt die Systemzeit"
 
 #: ../../utils/net.c:478
 msgid "  Use 'net help time' to get more information about 'net time' commands."
@@ -268,7 +273,7 @@ msgstr ""
 
 #: ../../utils/net.c:491
 msgid "Join a domain/AD"
-msgstr ""
+msgstr "Einer Domäne/AD beitreten"
 
 #: ../../utils/net.c:492
 msgid "  Use 'net help join' to get more information about 'net join'."
@@ -340,7 +345,7 @@ msgstr ""
 
 #: ../../utils/net.c:549
 msgid "Display server status"
-msgstr ""
+msgstr "Zeigt den Server Status"
 
 #: ../../utils/net.c:550
 msgid "  Use 'net help status' to get more information about 'net status' commands."
@@ -348,7 +353,7 @@ msgstr ""
 
 #: ../../utils/net.c:556
 msgid "Manage user-modifiable shares"
-msgstr ""
+msgstr "Benutzerfreigaben verwalten"
 
 #: ../../utils/net.c:557
 msgid "  Use 'net help usershare to get more information about 'net usershare' commands."
@@ -356,7 +361,7 @@ msgstr ""
 
 #: ../../utils/net.c:563
 msgid "Display list of all users with SID"
-msgstr ""
+msgstr "Zeigt eine Liste aller SID-Benutzer"
 
 #: ../../utils/net.c:564
 msgid "  Use 'net help usersidlist' to get more information about 'net usersidlist'."
@@ -364,7 +369,7 @@ msgstr ""
 
 #: ../../utils/net.c:570
 msgid "Manage Samba registry based configuration"
-msgstr ""
+msgstr "Konfiguration ändern"
 
 #: ../../utils/net.c:571
 msgid "  Use 'net help conf' to get more information about 'net conf' commands."
@@ -380,7 +385,7 @@ msgstr ""
 
 #: ../../utils/net.c:591
 msgid "Process Win32 *.evt eventlog files"
-msgstr ""
+msgstr "Arbeitet mit Win32 *.evt Eventlog Dateien"
 
 #: ../../utils/net.c:592
 msgid "  Use 'net help eventlog' to get more information about 'net eventlog' commands."
@@ -396,7 +401,7 @@ msgstr ""
 
 #: ../../utils/net.c:609
 msgid "Print usage information"
-msgstr ""
+msgstr "Zeigt die Hilfe an"
 
 #: ../../utils/net.c:610
 msgid "  Use 'net help help' to list usage information for 'net' commands."
@@ -421,7 +426,8 @@ msgstr ""
 "\n"
 "Ungültige Option %s: %s\n"
 
-#: ../../utils/net_ads.c:52 ../../utils/net_ads.c:392
+#: ../../utils/net_ads.c:52
+#: ../../utils/net_ads.c:392
 msgid "CLDAP query failed!\n"
 msgstr ""
 
@@ -459,15 +465,41 @@ msgid ""
 "\tIs NT6 DC that has all secrets:             %s\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:87 ../../utils/net_ads.c:88 ../../utils/net_ads.c:89 ../../utils/net_ads.c:90 ../../utils/net_ads.c:91 ../../utils/net_ads.c:92 ../../utils/net_ads.c:93 ../../utils/net_ads.c:94 ../../utils/net_ads.c:95 ../../utils/net_ads.c:96
-#: ../../utils/net_ads.c:97 ../../utils/net_ads.c:98 ../../utils/net_rap.c:376 ../../utils/net_rpc_sh_acct.c:203 ../../utils/net_rpc_sh_acct.c:206
+#: ../../utils/net_ads.c:87
+#: ../../utils/net_ads.c:88
+#: ../../utils/net_ads.c:89
+#: ../../utils/net_ads.c:90
+#: ../../utils/net_ads.c:91
+#: ../../utils/net_ads.c:92
+#: ../../utils/net_ads.c:93
+#: ../../utils/net_ads.c:94
+#: ../../utils/net_ads.c:95
+#: ../../utils/net_ads.c:96
+#: ../../utils/net_ads.c:97
+#: ../../utils/net_ads.c:98
+#: ../../utils/net_rap.c:376
+#: ../../utils/net_rpc_sh_acct.c:203
+#: ../../utils/net_rpc_sh_acct.c:206
 msgid "yes"
-msgstr ""
-
-#: ../../utils/net_ads.c:87 ../../utils/net_ads.c:88 ../../utils/net_ads.c:89 ../../utils/net_ads.c:90 ../../utils/net_ads.c:91 ../../utils/net_ads.c:92 ../../utils/net_ads.c:93 ../../utils/net_ads.c:94 ../../utils/net_ads.c:95 ../../utils/net_ads.c:96
-#: ../../utils/net_ads.c:97 ../../utils/net_ads.c:98 ../../utils/net_rap.c:376 ../../utils/net_rpc_sh_acct.c:203 ../../utils/net_rpc_sh_acct.c:206
+msgstr "Ja"
+
+#: ../../utils/net_ads.c:87
+#: ../../utils/net_ads.c:88
+#: ../../utils/net_ads.c:89
+#: ../../utils/net_ads.c:90
+#: ../../utils/net_ads.c:91
+#: ../../utils/net_ads.c:92
+#: ../../utils/net_ads.c:93
+#: ../../utils/net_ads.c:94
+#: ../../utils/net_ads.c:95
+#: ../../utils/net_ads.c:96
+#: ../../utils/net_ads.c:97
+#: ../../utils/net_ads.c:98
+#: ../../utils/net_rap.c:376
+#: ../../utils/net_rpc_sh_acct.c:203
+#: ../../utils/net_rpc_sh_acct.c:206
 msgid "no"
-msgstr ""
+msgstr "Nein"
 
 #: ../../utils/net_ads.c:101
 #, c-format
@@ -477,7 +509,7 @@ msgstr ""
 #: ../../utils/net_ads.c:102
 #, c-format
 msgid "Domain:\t\t\t%s\n"
-msgstr ""
+msgstr "Domäne:\t\t\t%s\n"
 
 #: ../../utils/net_ads.c:103
 #, c-format
@@ -512,7 +544,7 @@ msgstr ""
 #: ../../utils/net_ads.c:113
 #, c-format
 msgid "NT Version: %d\n"
-msgstr ""
+msgstr "NT Version: %d\n"
 
 #: ../../utils/net_ads.c:114
 #, c-format
@@ -531,7 +563,8 @@ msgid ""
 "    Find the ADS DC using CLDAP lookup.\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:137 ../../utils/net_ads.c:381
+#: ../../utils/net_ads.c:137
+#: ../../utils/net_ads.c:381
 msgid "Didn't find the cldap server!\n"
 msgstr ""
 
@@ -542,7 +575,8 @@ msgid ""
 "    Display information about an Active Directory server.\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:168 ../../utils/net_ads.c:173
+#: ../../utils/net_ads.c:168
+#: ../../utils/net_ads.c:173
 msgid "Didn't find the ldap server!\n"
 msgstr ""
 
@@ -617,7 +651,8 @@ msgstr ""
 msgid "Could not add user %s: %s\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:484 ../../utils/net_ads.c:497
+#: ../../utils/net_ads.c:484
+#: ../../utils/net_ads.c:497
 #, c-format
 msgid "User %s added\n"
 msgstr ""
@@ -699,7 +734,9 @@ msgid ""
 "    List AD users\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:711 ../../utils/net_rap.c:901 ../../utils/net_rpc.c:852
+#: ../../utils/net_ads.c:711
+#: ../../utils/net_rap.c:901
+#: ../../utils/net_rpc.c:852
 msgid ""
 "\n"
 "User name             Comment\n"
@@ -743,23 +780,27 @@ msgstr ""
 
 #: ../../utils/net_ads.c:828
 msgid "Add an AD group"
-msgstr ""
+msgstr "AD Gruppe hinzufügen"
 
 #: ../../utils/net_ads.c:829
 msgid ""
 "net ads group add\n"
 "    Add an AD group"
 msgstr ""
+"net ads group add\n"
+"    AD Gruppe hinzufügen"
 
 #: ../../utils/net_ads.c:836
 msgid "Delete an AD group"
-msgstr ""
+msgstr "AD Gruppe entfernen"
 
 #: ../../utils/net_ads.c:837
 msgid ""
 "net ads group delete\n"
 "    Delete an AD group"
 msgstr ""
+"net ads group delete\n"
+"    AD Gruppe entfernen"
 
 #: ../../utils/net_ads.c:850
 msgid ""
@@ -768,12 +809,16 @@ msgid ""
 "    List AD groups\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:862 ../../utils/net_rpc.c:2230
+#: ../../utils/net_ads.c:862
+#: ../../utils/net_rpc.c:2230
 msgid ""
 "\n"
 "Group name            Comment\n"
 "-----------------------------\n"
 msgstr ""
+"\n"
+"Gruppenname         Kommentar\n"
+"-----------------------------\n"
 
 #: ../../utils/net_ads.c:884
 msgid ""
@@ -803,7 +848,8 @@ msgstr ""
 msgid "No realm set, are we joined ?\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:938 ../../utils/net_ads.c:1260
+#: ../../utils/net_ads.c:938
+#: ../../utils/net_ads.c:1260
 msgid "Could not initialise talloc context.\n"
 msgstr ""
 
@@ -847,15 +893,16 @@ msgid "Join to domain is not valid: %s\n"
 msgstr ""
 
 #: ../../utils/net_ads.c:1049
-#, c-format
+#, fuzzy, c-format
 msgid "Join is OK\n"
-msgstr ""
+msgstr "Beitritt ist OK\n"
 
 #: ../../utils/net_ads.c:1060
 msgid "Host is not configured as a member server.\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:1065 ../../utils/net_rpc.c:436
+#: ../../utils/net_ads.c:1065
+#: ../../utils/net_rpc.c:436
 #, c-format
 msgid "Our netbios name can be at most 15 chars long, \"%s\" is %u chars long\n"
 msgstr ""
@@ -947,12 +994,14 @@ msgstr ""
 msgid "Joined '%s' to domain '%s'\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:1377 ../../utils/net_ads.c:1433
+#: ../../utils/net_ads.c:1377
+#: ../../utils/net_ads.c:1433
 msgid "DNS update failed!\n"
 msgstr ""
 
 #. issue an overall failure message at the end.
-#: ../../utils/net_ads.c:1391 ../../utils/net_dom.c:198
+#: ../../utils/net_ads.c:1391
+#: ../../utils/net_dom.c:198
 #, c-format
 msgid "Failed to join domain: %s\n"
 msgstr ""
@@ -1059,7 +1108,8 @@ msgstr ""
 msgid "Server '%s' not found: %s\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:1611 ../../utils/net_ads.c:1794
+#: ../../utils/net_ads.c:1611
+#: ../../utils/net_ads.c:1794
 #, c-format
 msgid "Printer '%s' not found\n"
 msgstr ""
@@ -1083,7 +1133,8 @@ msgstr ""
 msgid "Could not find machine account for server %s\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:1704 ../../utils/net_ads.c:1713
+#: ../../utils/net_ads.c:1704
+#: ../../utils/net_ads.c:1713
 msgid "Internal error, out of memory!"
 msgstr ""
 
@@ -1171,12 +1222,14 @@ msgstr ""
 msgid "Didn't find the kerberos server!\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:1923 ../../utils/net_rpc.c:756
+#: ../../utils/net_ads.c:1923
+#: ../../utils/net_rpc.c:756
 #, c-format
 msgid "Enter new password for %s:"
 msgstr "Bitte neues Passwort für %s eingeben: "
 
-#: ../../utils/net_ads.c:1933 ../../utils/net_ads.c:1982
+#: ../../utils/net_ads.c:1933
+#: ../../utils/net_ads.c:1982
 #, c-format
 msgid "Password change failed: %s\n"
 msgstr ""
@@ -1224,12 +1277,17 @@ msgid ""
 "\n"
 msgstr ""
 
-#: ../../utils/net_ads.c:2046 ../../utils/net_ads.c:2107 ../../utils/net_ads.c:2171 ../../utils/net_ads_gpo.c:250
+#: ../../utils/net_ads.c:2046
+#: ../../utils/net_ads.c:2107
+#: ../../utils/net_ads.c:2171
+#: ../../utils/net_ads_gpo.c:250
 #, c-format
 msgid "search failed: %s\n"
-msgstr ""
+msgstr "Suche fehlgeschlagen: %s\n"
 
-#: ../../utils/net_ads.c:2051 ../../utils/net_ads.c:2176 ../../utils/net_ads_gpo.c:256
+#: ../../utils/net_ads.c:2051
+#: ../../utils/net_ads.c:2176
+#: ../../utils/net_ads_gpo.c:256
 #, c-format
 msgid ""
 "Got %d replies\n"
@@ -1469,7 +1527,8 @@ msgid ""
 "    Display machine account details"
 msgstr ""
 
-#: ../../utils/net_ads.c:2509 ../../utils/net_rpc.c:7110
+#: ../../utils/net_ads.c:2509
+#: ../../utils/net_rpc.c:7110
 msgid "List/modify users"
 msgstr ""
 
@@ -1479,7 +1538,8 @@ msgid ""
 "    List/modify users"
 msgstr ""
 
-#: ../../utils/net_ads.c:2517 ../../utils/net_rpc.c:7127
+#: ../../utils/net_ads.c:2517
+#: ../../utils/net_rpc.c:7127
 msgid "List/modify groups"
 msgstr ""
 
@@ -1509,7 +1569,8 @@ msgid ""
 "    Change user passwords"
 msgstr ""
 
-#: ../../utils/net_ads.c:2541 ../../utils/net_rpc.c:7159
+#: ../../utils/net_ads.c:2541
+#: ../../utils/net_rpc.c:7159
 msgid "Change trust account password"
 msgstr "Trust account Passwort ändern"
 
@@ -1640,11 +1701,13 @@ msgid ""
 "\n"
 msgstr ""
 
-#: ../../utils/net_ads_gpo.c:71 ../../utils/net_ads_gpo.c:328
+#: ../../utils/net_ads_gpo.c:71
+#: ../../utils/net_ads_gpo.c:328
 msgid "machine"
 msgstr ""
 
-#: ../../utils/net_ads_gpo.c:71 ../../utils/net_ads_gpo.c:328
+#: ../../utils/net_ads_gpo.c:71
+#: ../../utils/net_ads_gpo.c:328
 msgid "user"
 msgstr ""
 
@@ -1652,12 +1715,20 @@ msgstr ""
 msgid "* fetching token "
 msgstr ""
 
-#: ../../utils/net_ads_gpo.c:82 ../../utils/net_ads_gpo.c:90 ../../utils/net_ads_gpo.c:102 ../../utils/net_ads_gpo.c:113 ../../utils/net_ads_gpo.c:158
+#: ../../utils/net_ads_gpo.c:82
+#: ../../utils/net_ads_gpo.c:90
+#: ../../utils/net_ads_gpo.c:102
+#: ../../utils/net_ads_gpo.c:113
+#: ../../utils/net_ads_gpo.c:158
 #, c-format
 msgid "failed: %s\n"
 msgstr ""
 
-#: ../../utils/net_ads_gpo.c:85 ../../utils/net_ads_gpo.c:94 ../../utils/net_ads_gpo.c:105 ../../utils/net_ads_gpo.c:118 ../../utils/net_ads_gpo.c:163
+#: ../../utils/net_ads_gpo.c:85
+#: ../../utils/net_ads_gpo.c:94
+#: ../../utils/net_ads_gpo.c:105
+#: ../../utils/net_ads_gpo.c:118
+#: ../../utils/net_ads_gpo.c:163
 msgid "finished\n"
 msgstr ""
 
@@ -1842,7 +1913,7 @@ msgstr ""
 #: ../../utils/net_afs.c:48
 #, c-format
 msgid "Could not open %s\n"
-msgstr ""
+msgstr "Konnte %s nicht öffnen\n"
 
 #: ../../utils/net_afs.c:53
 msgid "Could not read keyfile\n"
@@ -1960,7 +2031,8 @@ msgid ""
 "    List all cache entries.\n"
 msgstr ""
 
-#: ../../utils/net_cache.c:293 ../../utils/net_cache.c:306
+#: ../../utils/net_cache.c:293
+#: ../../utils/net_cache.c:306
 msgid ""
 "Usage:\n"
 "net cache flush\n"
@@ -2109,8 +2181,18 @@ msgstr ""
 msgid "Error getting config: %s\n"
 msgstr ""
 
-#: ../../utils/net_conf.c:305 ../../utils/net_conf.c:318 ../../utils/net_conf.c:614 ../../utils/net_conf.c:742 ../../utils/net_conf.c:780 ../../utils/net_conf.c:786 ../../utils/net_conf.c:860 ../../utils/net_conf.c:866 ../../utils/net_conf.c:916
-#: ../../utils/net_conf.c:970 ../../utils/net_conf.c:1010 ../../utils/net_conf.c:1050
+#: ../../utils/net_conf.c:305
+#: ../../utils/net_conf.c:318
+#: ../../utils/net_conf.c:614
+#: ../../utils/net_conf.c:742
+#: ../../utils/net_conf.c:780
+#: ../../utils/net_conf.c:786
+#: ../../utils/net_conf.c:860
+#: ../../utils/net_conf.c:866
+#: ../../utils/net_conf.c:916
+#: ../../utils/net_conf.c:970
+#: ../../utils/net_conf.c:1010
+#: ../../utils/net_conf.c:1050
 msgid "error: out of memory!\n"
 msgstr ""
 
@@ -2126,17 +2208,23 @@ msgid ""
 "\n"
 msgstr ""
 
-#: ../../utils/net_conf.c:346 ../../utils/net_conf.c:382 ../../utils/net_conf.c:407 ../../utils/net_conf.c:793
+#: ../../utils/net_conf.c:346
+#: ../../utils/net_conf.c:382
+#: ../../utils/net_conf.c:407
+#: ../../utils/net_conf.c:793
 #, c-format
 msgid "error starting transaction: %s\n"
 msgstr ""
 
-#: ../../utils/net_conf.c:400 ../../utils/net_conf.c:416 ../../utils/net_conf.c:817
+#: ../../utils/net_conf.c:400
+#: ../../utils/net_conf.c:416
+#: ../../utils/net_conf.c:817
 #, c-format
 msgid "error committing transaction: %s\n"
 msgstr ""
 
-#: ../../utils/net_conf.c:427 ../../utils/net_conf.c:828
+#: ../../utils/net_conf.c:427
+#: ../../utils/net_conf.c:828
 #, c-format
 msgid "error cancelling transaction: %s\n"
 msgstr ""
@@ -2187,7 +2275,10 @@ msgstr ""
 msgid "Error creating share %s: %s\n"
 msgstr ""
 
-#: ../../utils/net_conf.c:690 ../../utils/net_conf.c:699 ../../utils/net_conf.c:707 ../../utils/net_conf.c:715
+#: ../../utils/net_conf.c:690
+#: ../../utils/net_conf.c:699
+#: ../../utils/net_conf.c:707
+#: ../../utils/net_conf.c:715
 #, c-format
 msgid "Error setting parameter %s: %s\n"
 msgstr ""
@@ -2207,12 +2298,14 @@ msgstr ""
 msgid "Error setting value '%s': %s\n"
 msgstr ""
 
-#: ../../utils/net_conf.c:874 ../../utils/net_conf.c:930
+#: ../../utils/net_conf.c:874
+#: ../../utils/net_conf.c:930
 #, c-format
 msgid "Error: given service '%s' does not exist.\n"
 msgstr ""
 
-#: ../../utils/net_conf.c:879 ../../utils/net_conf.c:935
+#: ../../utils/net_conf.c:879
+#: ../../utils/net_conf.c:935
 #, c-format
 msgid "Error: given parameter '%s' is not set.\n"
 msgstr ""
@@ -2242,8 +2335,20 @@ msgstr ""
 msgid "error deleting includes: %s\n"
 msgstr ""
 
-#: ../../utils/net_conf.c:1136 ../../utils/net_help.c:36 ../../utils/net_rap.c:161 ../../utils/net_rap.c:302 ../../utils/net_rap.c:467 ../../utils/net_rap.c:750 ../../utils/net_rap.c:891 ../../utils/net_rap.c:1002 ../../utils/net_rap.c:1193
-#: ../../utils/net_rpc.c:960 ../../utils/net_rpc.c:2801 ../../utils/net_rpc.c:4897 ../../utils/net_rpc.c:6933 ../../utils/net_rpc.c:7038
+#: ../../utils/net_conf.c:1136
+#: ../../utils/net_help.c:36
+#: ../../utils/net_rap.c:161
+#: ../../utils/net_rap.c:302
+#: ../../utils/net_rap.c:467
+#: ../../utils/net_rap.c:750
+#: ../../utils/net_rap.c:891
+#: ../../utils/net_rap.c:1002
+#: ../../utils/net_rap.c:1193
+#: ../../utils/net_rpc.c:960
+#: ../../utils/net_rpc.c:2801
+#: ../../utils/net_rpc.c:4897
+#: ../../utils/net_rpc.c:6933
+#: ../../utils/net_rpc.c:7038
 msgid "Usage:\n"
 msgstr ""
 
@@ -2400,7 +2505,8 @@ msgstr ""
 msgid "Failed to unjoin domain: %s\n"
 msgstr ""
 
-#: ../../utils/net_dom.c:97 ../../utils/net_dom.c:204
+#: ../../utils/net_dom.c:97
+#: ../../utils/net_dom.c:204
 msgid "Shutting down due to a domain membership change"
 msgstr ""
 
@@ -2452,12 +2558,14 @@ msgstr ""
 msgid "usage: net eventlog dump <file.evt>\n"
 msgstr ""
 
-#: ../../utils/net_eventlog.c:52 ../../utils/net_eventlog.c:108
+#: ../../utils/net_eventlog.c:52
+#: ../../utils/net_eventlog.c:108
 #, c-format
 msgid "failed to load evt file: %s\n"
 msgstr ""
 
-#: ../../utils/net_eventlog.c:59 ../../utils/net_eventlog.c:129
+#: ../../utils/net_eventlog.c:59
+#: ../../utils/net_eventlog.c:129
 #, c-format
 msgid "evt pull failed: %s\n"
 msgstr ""
@@ -2475,7 +2583,8 @@ msgstr ""
 msgid "input file is wrapped, cannot proceed\n"
 msgstr ""
 
-#: ../../utils/net_eventlog.c:138 ../../utils/net_eventlog.c:203
+#: ../../utils/net_eventlog.c:138
+#: ../../utils/net_eventlog.c:203
 #, c-format
 msgid "can't open the eventlog TDB (%s)\n"
 msgstr ""
@@ -2604,11 +2713,13 @@ msgid ""
 "\n"
 msgstr ""
 
-#: ../../utils/net_group.c:44 ../../utils/net_user.c:41
+#: ../../utils/net_group.c:44
+#: ../../utils/net_user.c:41
 msgid "\t-C or --comment=<comment>\tdescriptive comment (for add only)\n"
 msgstr ""
 
-#: ../../utils/net_group.c:46 ../../utils/net_user.c:43
+#: ../../utils/net_group.c:46
+#: ../../utils/net_user.c:43
 msgid "\t-c or --container=<container>\tLDAP container, defaults to cn=Users (for add in ADS only)\n"
 msgstr ""
 
@@ -2659,22 +2770,37 @@ msgid ""
 "    sid\tSID of group to list"
 msgstr ""
 
-#: ../../utils/net_groupmap.c:91 ../../utils/net_groupmap.c:271 ../../utils/net_groupmap.c:356 ../../utils/net_groupmap.c:412 ../../utils/net_groupmap.c:495 ../../utils/net_groupmap.c:522
+#: ../../utils/net_groupmap.c:91
+#: ../../utils/net_groupmap.c:271
+#: ../../utils/net_groupmap.c:356
+#: ../../utils/