+++ /dev/null
-!==
-!== VFS.txt
-!==
-Contributor: Tim Potter
-Updated: April 5, 1999
-
-Subject: Implementing a virtual filesystem for Samba
-===========================================================
-
+++ /dev/null
-
-
-
-
-<html><head><title>LDAP Support in Samba</title>
-
-<link rev="made" href="mailto:samba-bugs@samba.org">
-</head>
-<body>
-
-<hr>
-
-<h1>LDAP Support in Samba</h1>
-<h2>Matthew Chapman</h2>
-<h2>29th November 1998
-<p> <hr> <h2>
-WARNING: This is experimental code. Use at your own risk, and please report
-any bugs (after reading BUGS.txt).
-</h2> <br>
-</h2>
-
-
-<a href="LDAP.html#l1"><h2>1: What is LDAP?</h2> </a>
-<a href="LDAP.html#l2"><h2>2: Why LDAP and Samba?</h2> </a>
-<a href="LDAP.html#l3"><h2>3: Using LDAP with Samba</h2> </a>
-<a href="LDAP.html#l4"><h2>4: Using LDAP for Unix authentication</h2> </a>
-<a href="LDAP.html#l5"><h2>5: Compatibility with Active Directory</h2> </a>
-
-<p><hr><p><br>
-<p>
- <a name="l1"></a>
-<h2>1: What is LDAP?</h2>
-A directory is a type of hierarchical database optimised for simple query
-operations, often used for storing user information. LDAP is the
-Lightweight Directory Access Protocol, a protocol which is rapidly
-becoming the Internet standard for accessing directories.<p>
- Many client applications now support LDAP (including Microsoft's Active
-Directory), and there are a number of servers available. The most popular
-implementation for Unix is from the <em>University of Michigan</em>; its
-homepage is at <a href="http://www.umich.edu/~dirsvcs/ldap/"><code>http://www.umich.edu/~dirsvcs/ldap/</code></a>.<p>
- Information in an LDAP tree always comes in <code>attribute=value</code> pairs.
-The following is an example of a Samba user entry:<p>
- <pre>
-uid=jbloggs, dc=samba, dc=org
-objectclass=sambaAccount
-uid=jbloggs
-cn=Joe Bloggs
-description=Samba User
-uidNumber=500
-gidNumber=500
-rid=2000
-grouprid=2001
-lmPassword=46E389809F8D55BB78A48108148AD508
-ntPassword=1944CCE1AD6F80D8AEC9FC5BE77696F4
-pwdLastSet=35C11F1B
-smbHome=\\samba1\jbloggs
-homeDrive=Z
-script=logon.bat
-profile=\\samba1\jbloggs\profile
-workstations=JOE
-</pre>
-<p>
- Note that the top line is a special set of attributes called a
-<em>distinguished name</em> which identifies the location of this entry beneath
-the directory's root node. Recent Internet standards suggest the use of
-domain-based naming using <code>dc</code> attributes (for instance, a microsoft.com
-directory should have a root node of <code>dc=microsoft, dc=com</code>), although
-this is not strictly necessary for isolated servers.<p>
- There are a number of LDAP-related FAQ's on the internet, although
-generally the best source of information is the documentation for the
-individual servers.<p>
- <br>
-<a name="l2"></a>
-<h2>2: Why LDAP and Samba?</h2><p>
- Using an LDAP directory allows Samba to store user and group information
-more reliably and flexibly than the current combination of smbpasswd,
-smbgroup, groupdb and aliasdb with the Unix databases. If a need emerges
-for extra user information to be stored, this can easily be added without
-loss of backwards compatibility.<p>
- In addition, the Samba LDAP schema is compatible with RFC2307, allowing
-Unix password database information to be stored in the same entries. This
-provides a single, consistent repository for both Unix and Windows user
-information.<p>
- <br>
-<a name="l3"></a>
-<h2>3: Using LDAP with Samba</h2><p>
- <ol><p>
- <li> Install and configure an LDAP server if you do not already have
-one. You should read your LDAP server's documentation and set up the
-configuration file and access control as desired.<p>
- <li> Build Samba (latest CVS is required) with:<p>
- <pre>
- ./configure --with-ldap
- make clean; make install
-</pre>
-<p>
- <li> Add the following options to the global section of <code>smb.conf</code> as
-required.<p>
- <ul>
-<li><strong>ldap suffix</strong><p>
- This parameter specifies the node of the LDAP tree beneath which
-Samba should store its information. This parameter MUST be provided
-when using LDAP with Samba.<p>
- <strong>Default:</strong> <code>none</code><p>
- <strong>Example:</strong> <code>ldap suffix = "dc=mydomain, dc=org"</code><p>
- <li><strong>ldap bind as</strong><p>
- This parameter specifies the entity to bind to an LDAP directory as.
-Usually it should be safe to use the LDAP root account; for larger
-installations it may be preferable to restrict Samba's access.<p>
- <strong>Default:</strong> <code>none (bind anonymously)</code><p>
- <strong>Example:</strong> <code>ldap bind as = "uid=root, dc=mydomain, dc=org"</code><p>
- <li><strong>ldap passwd file</strong><p>
- This parameter specifies a file containing the password with which
-Samba should bind to an LDAP server. For obvious security reasons
-this file must be set to mode 700 or less.<p>
- <strong>Default:</strong> <code>none (bind anonymously)</code><p>
- <strong>Example:</strong> <code>ldap passwd file = /usr/local/samba/private/ldappasswd</code><p>
- <li><strong>ldap server</strong><p>
- This parameter specifies the DNS name of the LDAP server to use
-when storing and retrieving information about Samba users and
-groups.<p>
- <strong>Default:</strong> <code>ldap server = localhost</code><p>
- <li><strong>ldap port</strong><p>
- This parameter specifies the TCP port number of the LDAP server.<p>
- <strong>Default:</strong> <code>ldap port = 389</code><p>
- </ul><p>
- <li> You should then be able to use the normal smbpasswd(8) command for
-account administration (or User Manager in the near future).<p>
- </ol><p>
- <br>
-<a name="l4"></a>
-<h2>4: Using LDAP for Unix authentication</h2><p>
- The Samba LDAP code was designed to utilise RFC2307-compliant directory
-entries if available. RFC2307 is a proposed standard for LDAP user
-information which has been adopted by a number of vendors. Further
-information is available at <a href="http://www.xedoc.com.au/~lukeh/ldap"><code>http://www.xedoc.com.au/~lukeh/ldap/</code></a>.<p>
- Of particular interest is Luke Howard's nameservice switch module
-(nss_ldap) and PAM module (pam_ldap) implementing this standard, providing
-LDAP-based password databases for Unix. If you are setting up a server to
-provide integrated Unix/NT services than these are worth investigating.<p>
- <br>
-<a name="l5"></a>
-<h2>5: Compatibility with Active Directory</h2><p>
- The current implementation is not designed to be used with Microsoft
-Active Directory, although compatibility may be added in the future.<p>
- </body>
-</html>
+++ /dev/null
-
-
-
-
-
-<html><head><title>debug2html(1)</title>
-
-<link rev="made" href="mailto:samba-bugs@samba.org">
-</head>
-<body>
-
-<hr>
-
-<h1>debug2html(1)</h1>
-<h2>Samba</h2>
-<h2>29 Dec 1998</h2>
-
-
-
-
-<p><br><a name="NAME"></a>
-<h2>NAME</h2>
- debug2html - Samba DEBUG to HTML translation filter
-<p><br><a name="SYNOPSIS"></a>
-<h2>SYNOPSIS</h2>
-
-<p><br>debug2html [input-file [output-file]]
-<p><br><a name="DESCRIPTION"></a>
-<h2>DESCRIPTION</h2>
-
-<p><br>This program is part of the <strong>Samba</strong> suite.
-<p><br><strong>debug2html</strong> generates HTML files from Samba log files. Log files
-produced by <strong>nmbd</strong>(8) or <strong>smbd</strong>(8) may then be viewed by a web
-browser. The output conforms to the HTML 3.2 specification.
-<p><br>The filenames specified on the command line are optional. If the
-output-file is ommitted, output will go to <strong>stdout</strong>. If the input-file
-is ommitted, <strong>debug2html</strong> will read from <strong>stdin</strong>. The filename "-"
-can be used to indicate that input should be read from <strong>stdin</strong>. For
-example:
-<p><br><code>cat /usr/local/samba/var/log.nmb | debug2html - nmblog.html</code> <br>
-<p><br><a name="VERSION"></a>
-<h2>VERSION</h2>
-
-<p><br>This man page is correct for version 2.0 of the Samba suite.
-<p><br><a name="SEEALSO"></a>
-<h2>SEE ALSO</h2>
-
-<p><br><a href="nmbd.8.html"><strong>nmbd</strong>(8)</a>, <a href="smbd.8.html"><strong>smbd</strong>(8)</a>,
-<a href="samba.7.html"><strong>samba</strong>(7)</a>.
-<p><br><a name="AUTHOR"></a>
-<h2>AUTHOR</h2>
-
-<p><br>The original Samba software and related utilities were created by
-Andrew Tridgell <a href="mailto:samba-bugs@samba.org"><em>samba-bugs@samba.org</em></a>. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-<p><br>The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>)
-and updated for the Samba2.0 release by Jeremy Allison.
-<a href="mailto:samba-bugs@samba.org"><em>samba-bugs@samba.org</em></a>.
-<p><br><strong>debug2html</strong> was added by Chris Hertel.
-<p><br>See <a href="samba.7.html"><strong>samba</strong>(7)</a> to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-</body>
-</html>
+++ /dev/null
-
-
-
-
-
-<html><head><title>rpcclient (1)</title>
-
-<link rev="made" href="mailto:samba-bugs@samba.org">
-</head>
-<body>
-
-<hr>
-
-<h1>rpcclient (1)</h1>
-<h2>Samba</h2>
-<h2>23 Oct 1998</h2>
-
-
-
-
-<p><br><a name="NAME"></a>
-<h2>NAME</h2>
- rpcclient - utility to manage MSRPC resources on servers
-<p><br><a name="SYNOPSIS"></a>
-<h2>SYNOPSIS</h2>
-
-<p><br><strong>rpcclient</strong>
-[<a href="rpcclient.1.html#password">password</a>]
-<a href="rpcclient.1.html#servername">-S servername</a>
-[<a href="rpcclient.1.html#minusU">-U [username][%][password]</a>]
-[<a href="rpcclient.1.html#minusW">-W domain</a>]
-[<a href="rpcclient.1.html#minusl">-l log basename</a>]
-[<a href="rpcclient.1.html#minusd">-d debuglevel</a>]
-[<a href="rpcclient.1.html#minusO">-O socket options</a>]
-[<a href="rpcclient.1.html#minusi">-i scope</a>]
-[<a href="rpcclient.1.html#minusN">-N</a>]
-[<a href="rpcclient.1.html#minusn">-n NetBIOS name</a>]
-[<a href="rpcclient.1.html#minush">-h</a>]
-[<a href="rpcclient.1.html#minusI">-I dest IP</a>]
-[<a href="rpcclient.1.html#minusE">-E</a>]
-[<a href="rpcclient.1.html#minust">-t terminal code</a>]
-[<a href="rpcclient.1.html#minusc">-c command string</a>]
-[<a href="rpcclient.1.html#minusB">-B IP addr</a>]
-[<a href="rpcclient.1.html#minuss">-s smb.conf</a>]
-[<a href="rpcclient.1.html#minusm">-m max protocol</a>]
-<p><br><a name="DESCRIPTION"></a>
-<h2>DESCRIPTION</h2>
-
-<p><br>This program is part of the <strong>Samba</strong> suite.
-<p><br><strong>rpcclient</strong> is a client that can 'talk' to an SMB/CIFS MSRPC server.
-Operations include things like managing a SAM Database (users, groups
-and aliases) in the same way as the Windows NT programs
-<strong>User Manager for Domains</strong> and <strong>Server Manager for Domains</strong>;
-managing a remote registry in the same way as the Windows NT programs
-<strong>REGEDT32.EXE</strong> and <strong>REGEDIT.EXE</strong>; viewing a remote event log (same
-as <strong>EVENTVWR.EXE</strong>) etc.
-<p><br>Typical usage is like this: <br>
-<code>rpcclient -I 192.168.32.1 -S "*SMBSERVER" -U fred%secret -l log</code>
-<br>
-<p><br><a name="OPTIONS"></a>
-<h2>OPTIONS</h2>
-
-<p><br><ul>
-<p><br><a name="servername"></a>
-<li><strong><strong>servername</strong></strong> servername is the name of the server you want
-to use on the server. This should be the NetBIOS name of the SMB/CIFS
-server, which can be <strong>*SMBSERVER</strong> on Windows NT 4.0 or Samba Servers.
-<p><br>Note that the server name required is NOT necessarily the IP (DNS)
-host name of the server! The name required is a NetBIOS server name,
-which may or may not be the same as the IP hostname of the machine
-running the server. Also, remember that having a period in a NetBIOS
-name (such as an IP hostname) may cause connectivity problems on your
-network: NT tends to strip NetBIOS names from the leading period
-onwards.
-<p><br>The server name is looked up according to either the
-<a href="rpcclient.1.html#minusR"><strong>-R</strong></a> parameter to <strong>rpcclient</strong> or using the
-<a href="smb.conf.5.html#nameresolveorder"><strong>name resolve order</strong></a>
-parameter in the smb.conf file, allowing an administrator to change
-the order and methods by which server names are looked up.
-<p><br><a name="password"></a>
-<li><strong><strong>password</strong></strong> password is the password required to access the
-specified service on the specified server. If this parameter is
-supplied, the <a href="rpcclient.1.html#minusN"><strong>-N</strong></a> option (suppress password prompt) is assumed.
-<p><br>There is no default password. If no password is supplied on the
-command line (either by using this parameter or adding a password to
-the <a href="rpcclient.1.html#minusU"><strong>-U</strong></a> option (see below)) and the <a href="rpcclient.1.html#minusN"><strong>-N</strong></a> option is not specified,
-the client will prompt for a password, even if the desired service
-does not require one. (If no password is required, simply press ENTER
-to provide a null password.)
-<p><br>Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password. Lowercase or mixed case passwords may be
-rejected by these servers.
-<p><br>Be cautious about including passwords in scripts.
-<p><br><a name="minuss"></a>
-<li><strong><strong>-s smb.conf</strong></strong> This parameter specifies the pathname to the
-Samba configuration file, smb.conf. This file controls all aspects of
-the Samba setup on the machine and rpcclient also needs to read this
-file.
-<p><br><a name="minusB"></a>
-<li><strong><strong>-B IP addr</strong></strong> The IP address to use when sending a broadcast packet.
-<p><br><a name="minusO"></a>
-<li><strong><strong>-O socket options</strong></strong> TCP socket options to set on the client
-socket. See the <a href="smb.conf.5.html#socketoptions">socket options</a>
-parameter in the <a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> manpage for
-the list of valid options.
-<p><br><a name="minusR"></a>
-<li><strong><strong>-R name resolve order</strong></strong> This option allows the user of
-rpcclient to determine what name resolution services to use when
-looking up the NetBIOS name of the host being connected to.
-<p><br>The options are :"lmhosts", "host", "wins" and "bcast". They cause
-names to be resolved as follows :
-<p><br><ul>
-<p><br><li > <strong>lmhosts</strong> : Lookup an IP address in the Samba lmhosts file.
-The lmhosts file is stored in the same directory as the
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file.
-<p><br><li > <strong>host</strong> : Do a standard host name to IP address resolution,
-using the system /etc/hosts, NIS, or DNS lookups. This method of name
-resolution is operating system depended for instance on IRIX or
-Solaris this may be controlled by the <em>/etc/nsswitch.conf</em> file).
-<p><br><li > <strong>wins</strong> : Query a name with the IP address listed in the <a href="smb.conf.5.html#winsserver"><strong>wins
-server</strong></a> parameter in the smb.conf file. If
-no WINS server has been specified this method will be ignored.
-<p><br><li > <strong>bcast</strong> : Do a broadcast on each of the known local interfaces
-listed in the <a href="smb.conf.5.html#interfaces"><strong>interfaces</strong></a> parameter
-in the smb.conf file. This is the least reliable of the name resolution
-methods as it depends on the target host being on a locally connected
-subnet. To specify a particular broadcast address the <a href="rpcclient.1.html#minusB"><strong>-B</strong></a> option
-may be used.
-<p><br></ul>
-<p><br>If this parameter is not set then the name resolve order defined
-in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file parameter
-<a href="smb.conf.5.html#nameresolveorder">(<strong>name resolve order</strong>)</a>
-will be used.
-<p><br>The default order is lmhosts, host, wins, bcast and without this
-parameter or any entry in the <a href="smb.conf.5.html#nameresolveorder"><strong>"name resolve
-order"</strong></a> parameter of the
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file the name resolution methods
-will be attempted in this order.
-<p><br><a name="minusi"></a>
-<li><strong><strong>-i scope</strong></strong> This specifies a NetBIOS scope that rpcclient will use
-to communicate with when generating NetBIOS names. For details on the
-use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes
-are <em>very</em> rarely used, only set this parameter if you are the
-system administrator in charge of all the NetBIOS systems you
-communicate with.
-<p><br><a name="minusN"></a>
-<li><strong><strong>-N</strong></strong> If specified, this parameter suppresses the normal
-password prompt from the client to the user. This is useful when
-accessing a service that does not require a password.
-<p><br>Unless a password is specified on the command line or this parameter
-is specified, the client will request a password.
-<p><br><a name="minusn"></a>
-<li><strong><strong>-n NetBIOS name</strong></strong> By default, the client will use the local
-machine's hostname (in uppercase) as its NetBIOS name. This parameter
-allows you to override the host name and use whatever NetBIOS name you
-wish.
-<p><br><a name="minusd"></a>
-<li><strong><strong>-d debuglevel</strong></strong> debuglevel is an integer from 0 to 10, or the
-letter 'A'.
-<p><br>The default value if this parameter is not specified is zero.
-<p><br>The higher this value, the more detail will be logged to the log files
-about the activities of the client. At level 0, only critical errors
-and serious warnings will be logged. Level 1 is a reasonable level for
-day to day running - it generates a small amount of information about
-operations carried out.
-<p><br>Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic. If debuglevel is set to the
-letter 'A', then <em>all</em> debug messages will be printed. This setting
-is for developers only (and people who <em>really</em> want to know how the
-code works internally).
-<p><br>Note that specifying this parameter here will override the <a href="smb.conf.5.html#loglevel"><strong>log
-level</strong></a> parameter in the <a href="smb.conf.5.html"><strong>smb.conf
-(5)</strong></a> file.
-<p><br><a name="minusp"></a>
-<li><strong><strong>-p port</strong></strong> This number is the TCP port number that will be used
-when making connections to the server. The standard (well-known) TCP
-port number for an SMB/CIFS server is 139, which is the default.
-<p><br><a name="minusl"></a>
-<li><strong><strong>-l logfilename</strong></strong> If specified, logfilename specifies a base
-filename into which operational data from the running client will be
-logged.
-<p><br>The default base name is specified at compile time.
-<p><br>The base name is used to generate actual log file names. For example,
-if the name specified was "log", the debug file would be
-<code>log.client</code>.
-<p><br>The log file generated is never removed by the client.
-<p><br><a name="minush"></a>
-<li><strong><strong>-h</strong></strong> Print the usage message for the client.
-<p><br><a name="minusI"></a>
-<li><strong><strong>-I IP address</strong></strong> IP address is the address of the server to
-connect to. It should be specified in standard "a.b.c.d" notation.
-<p><br>Normally the client would attempt to locate a named SMB/CIFS server by
-looking it up via the NetBIOS name resolution mechanism described
-above in the <a href="rpcclient.1.html#minusR"><strong>name resolve order</strong></a> parameter
-above. Using this parameter will force the client to assume that the
-server is on the machine with the specified IP address and the NetBIOS
-name component of the resource being connected to will be ignored.
-<p><br>There is no default for this parameter. If not supplied, it will be
-determined automatically by the client as described above.
-<p><br><a name="minusE"></a>
-<li><strong><strong>-E</strong></strong> This parameter causes the client to write messages to the
-standard error stream (stderr) rather than to the standard output
-stream.
-<p><br>By default, the client writes messages to standard output - typically
-the user's tty.
-<p><br>Note that by default, debug information is always sent to stderr.
-Debug information can instead be sent to a file, using the
-<a href="rpcclient.1.html#minusl">-l log basename</a> option.
-<p><br><a name="minusU"></a>
-<li><strong><strong>-U username</strong></strong> This specifies the user name that will be used by
-the client to make a connection, assuming your server is not a downlevel
-server that is running a protocol level that uses passwords on shares,
-not on usernames.
-<p><br>Some servers are fussy about the case of this name, and some insist
-that it must be a valid NetBIOS name.
-<p><br>If no username is supplied, it will default to an uppercase version of
-the environment variable <code>USER</code> or <code>LOGNAME</code> in that order. If no
-username is supplied and neither environment variable exists the
-username "GUEST" will be used.
-<p><br>If the <code>USER</code> environment variable contains a '%' character,
-everything after that will be treated as a password. This allows you
-to set the environment variable to be <code>USER=username%password</code> so
-that a password is not passed on the command line (where it may be
-seen by the ps command).
-<p><br>If the service you are connecting to requires a password, it can be
-supplied using the <a href="rpcclient.1.html#minusU"><strong>-U</strong></a> option, by appending a percent symbol ("%")
-then the password to username. For example, to attach to a service as
-user <code>"fred"</code> with password <code>"secret"</code>, you would specify. <br>
-<p><br><code>-U fred%secret</code> <br>
-<p><br>on the command line. Note that there are no spaces around the percent
-symbol.
-<p><br>If you specify the password as part of username then the <a href="rpcclient.1.html#minusN"><strong>-N</strong></a> option
-(suppress password prompt) is assumed.
-<p><br>If you specify the password as a parameter <em>AND</em> as part of username
-then the password as part of username will take precedence. Putting
-nothing before or nothing after the percent symbol will cause an empty
-username or an empty password to be used, respectively.
-<p><br>The password may also be specified by setting up an environment
-variable called <code>PASSWORD</code> that contains the users password. Note
-that this may be very insecure on some systems but on others allows
-users to script rpcclient commands without having a password appear in
-the command line of a process listing.
-<p><br>Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password. Lowercase or mixed case passwords may be
-rejected by these servers.
-<p><br>Be cautious about including passwords in scripts or in the
-<code>PASSWORD</code> environment variable. Also, on many systems the command
-line of a running process may be seen via the <code>ps</code> command to be
-safe always allow rpcclient to prompt for a password and type it in
-directly.
-<p><br><a name="minust"></a>
-<li><strong><strong>-t terminal code</strong></strong> This option tells rpcclient how to interpret
-filenames coming from the remote server. Usually Asian language
-multibyte UNIX implementations use different character sets than
-SMB/CIFS servers (<em>EUC</em> instead of <em>SJIS</em> for example). Setting
-this parameter will let rpcclient convert between the UNIX filenames
-and the SMB filenames correctly. This option has not been seriously
-tested and may have some problems.
-<p><br>The terminal codes include <code>sjis</code>, <code>euc</code>, <code>jis7</code>, <code>jis8</code>,
-<code>junet</code>, <code>hex</code>, <code>cap</code>. This is not a complete list, check the
-Samba source code for the complete list.
-<p><br><a name="minusm"></a>
-<li><strong><strong>-m max protocol level</strong></strong> With the new code in Samba2.0,
-<strong>rpcclient</strong> always attempts to connect at the maximum
-protocols level the server supports. This parameter is
-preserved for backwards compatibility, but any string
-following the <strong>-m</strong> will be ignored.
-<p><br><a name="minusW"></a>
-<li><strong><strong>-W Domain</strong></strong> Override the default Domain, which is the remote server's
-Domain. This option may be needed to connect to some servers. It is also
-possible to specify the remote server name as the Domain, which will
-force the username and password to be authenticated against the remote
-server's local SAM instead of the Domain SAM.
-<p><br><a name="minusc"></a>
-<li><strong><strong>-c command string</strong></strong> command string is a semicolon separated
-list of commands to be executed instead of prompting from stdin.
-<a href="rpcclient.1.html#minusN"><strong>-N</strong></a> is implied by <strong>-c</strong>.
-<p><br>This is particularly useful in scripts, e.g. <code>-c 'lsaquery; enumusers -u'</code>.
-<p><br></ul>
-<p><br><a name="OPERATIONS"></a>
-<h2>OPERATIONS</h2>
-
-<p><br>Once the client is running, the user is presented with a prompt :
-<p><br><code>smb:\></code>
-<p><br>The prompt indicates that the client is ready and waiting to carry out
-a user command. Each command is a single word, optionally followed by
-parameters specific to that command. Command and parameters are
-space-delimited unless these notes specifically state otherwise. All
-commands are case-insensitive. Parameters to commands may or may not
-be case sensitive, depending on the command.
-<p><br>You can specify names (e.g registry keys; user or group names;
-service names) which have spaces in them by quoting the
-name with double quotes, for example "dRMON SmartAgent".
-<p><br>Parameters shown in square brackets (e.g., "[parameter]") are
-optional. If not given, the command will use suitable
-defaults. Parameters shown in angle brackets (e.g., "<parameter>") are
-required.
-<p><br>Note that all commands operating on the server are actually performed
-by issuing a request to the server. Thus the behavior may vary from
-server to server, depending on how the server was implemented.
-<p><br>The commands available are listed in groups relating to different services:
-<p><br><ul>
-<p><br><li><strong>Misccellaneous</strong>
-<p><br><ul>
-<p><br><a name="questionmark"></a> <li><strong><strong>? [command]</strong></strong> If "command" is specified,
- the <strong>?</strong> command will display a brief informative message about the
- specified command. If no command is specified, a list of available
- commands will be displayed.
-<p><br><a name="exclaimationmark"></a> <li><strong><strong>! [shell command]</strong></strong> If "shell command"
- is specified, the <strong>!</strong> command will execute a shell locally and run
- the specified shell command. If no command is specified, a local shell
- will be run.
-<p><br><a name="exit"></a> <li><strong><strong>exit</strong></strong> Terminate the connection with the server and
- exit from the program.
-<p><br><a name="help"></a> <li><strong><strong>help [command]</strong></strong> See the <a href="rpcclient.1.html#questionmark"><strong>?</strong></a>
- command above.
-<p><br><a name="quit"></a> <li><strong><strong>quit</strong></strong> See the <a href="rpcclient.1.html#exit"><strong>exit</strong></a> command.
-<p><br></ul>
-<p><br><li><strong>Event Log</strong>
-<p><br><ul>
-<p><br><a name="eventlog"></a> <li><strong><strong>eventlog</strong></strong>
- list the events
-<p><br></ul>
-<p><br><li><strong>Service Control</strong>
-<p><br>These commands provide functionality similar to the Windows
- NT Service Control Manager.
-<p><br>It is possible to use command-line completion (if you have
- the GNU readline library) for Service names, by pressing the
- tab key.
-<p><br><ul>
-<p><br><a name="svcenum"></a> <li><strong><strong>svcenum</strong></strong>
- [-i] Lists Services.
-<p><br><a name="svcinfo"></a> <li><strong><strong>svcinfo</strong></strong>
- <service> Service Information
-<p><br><a name="svcstart"></a> <li><strong><strong>svcstart</strong></strong>
- <service> [arg 0] [arg 1] ... Start Service
-<p><br><a name="svcstop"></a> <li><strong><strong>svcstop</strong></strong>
- <service> Stop Service
-<p><br></ul>
-<p><br><li><strong>Scheduler</strong>
-<p><br><ul>
-<p><br><a name="at"></a> <li><strong><strong>at</strong></strong>
- Scheduler control (at /? for syntax)
-<p><br></ul>
-<p><br><li><strong>Registry</strong>
-<p><br>It is possible to use command-line completion (if you have
- the GNU readline library) for registry key and value names,
- by pressing the tab key.
-<p><br><ul>
-<p><br><a name="regenum"></a> <li><strong><strong>regenum</strong></strong>
- <keyname> Registry Enumeration (keys, values)
-<p><br><a name="regdeletekey"></a> <li><strong><strong>regdeletekey</strong></strong>
- <keyname> Registry Key Delete
-<p><br><a name="regcreatekey"></a> <li><strong><strong>regcreatekey</strong></strong>
- <keyname> [keyclass] Registry Key Create
-<p><br><a name="shutdown"></a> <li><strong><strong>shutdown</strong></strong>
- [-m message] [-t timeout] [-r or --reboot] Server Shutdown
-<p><br><a name="regqueryval"></a> <li><strong><strong>regqueryval</strong></strong>
- <valname> Registry Value Query
-<p><br><a name="regquerykey"></a> <li><strong><strong>regquerykey</strong></strong>
- <keyname> Registry Key Query
-<p><br><a name="regdeleteval"></a> <li><strong><strong>regdeleteval</strong></strong>
- <valname> Registry Value Delete
-<p><br><a name="regcreateval"></a> <li><strong><strong>regcreateval</strong></strong>
- <valname> <valtype> <value> Registry Key Create
-<p><br><a name="reggetsec"></a> <li><strong><strong>reggetsec</strong></strong>
- <keyname> Registry Key Security
-<p><br><a name="regtestsec"></a> <li><strong><strong>regtestsec</strong></strong>
- <keyname> Test Registry Key Security
-<p><br></ul>
-<p><br><li><strong>Printing</strong>
-<p><br>It is possible to use command-line completion (if you have
- the GNU readline library) for Printer and job names, by
- pressing the tab key.
-<p><br><ul>
-<p><br><a name="spoolenum"></a> <li><strong><strong>spoolenum</strong></strong>
- Enumerate Printers. This experimental command lists
- all printers available on a remote spooler service.
-<p><br><a name="spooljobs"></a> <li><strong><strong>spooljobs</strong></strong>
- <printer name> Enumerate Printer Jobs. This
- experimental command lists all jobs, and their
- status, currently queued on a remote spooler
- service.
-<p><br><a name="spoolopen"></a> <li><strong><strong>spoolopen</strong></strong>
- <printer name> Spool Printer Open Test. Experimental.
-<p><br></ul>
-<p><br><li><strong>Server</strong>
-<p><br><ul>
-<p><br><a name="time"></a> <li><strong><strong>time</strong></strong>
- Display remote time
-<p><br><a name="brsinfo"></a> <li><strong><strong>brsinfo</strong></strong>
- Browser Query Info
-<p><br><a name="wksinfo"></a> <li><strong><strong>wksinfo</strong></strong>
- Workstation Query Info
-<p><br><a name="srvinfo"></a> <li><strong><strong>srvinfo</strong></strong>
- Server Query Info
-<p><br><a name="srvsessions"></a> <li><strong><strong>srvsessions</strong></strong>
- List sessions on a server
-<p><br><a name="srvshares"></a> <li><strong><strong>srvshares</strong></strong>
- List shares on a server
-<p><br><a name="srvtransports"></a> <li><strong><strong>srvtransports</strong></strong>
- List transports on a server
-<p><br><a name="srvconnections"></a> <li><strong><strong>srvconnections</strong></strong>
- List connections on a server
-<p><br><a name="srvfiles"></a> <li><strong><strong>srvfiles</strong></strong>
- List files on a server
-<p><br></ul>
-<p><br><li><strong>Local Security Authority</strong>
-<p><br><ul>
-<p><br><a name="lsaquery"></a> <li><strong><strong>lsaquery</strong></strong>
- Query Info Policy (domain member or server). Obtains
- the SID and name of the SAM database that a server
- is responsible for (i.e a workstation's local SAM
- database or the PDC SAM database). Also obtains the
- SID and name of the SAM database that a server is
- a member of.
-<p><br><a name="lsaenumdomains"></a> <li><strong><strong>lsaenumdomains</strong></strong>
- Enumerate Trusted Domains. Lists all Trusted and
- Trusting Domains with which the remote PDC has
- trust relationships established.
-<p><br><a name="lookupsids"></a> <li><strong><strong>lookupsids</strong></strong>
- <rid1 or sid1> <rid1 or sid2> ... Resolve names from SIDs.
- Mostly to be used by developers or for troubleshooting,
- this command can take either Security Identifiers or Relative
- Identifiers, and look them up in the local SAM database
- (or look them up in a remote Trusting or Trusted PDC's SAM
- database if there is an appropriate Trust Relationship
- established). The result is a list of names, of the
- format: <br>
- <code>[TRUST_DOMAIN\]name</code>. <br>
- the <a href="rpcclient.1.html#lsaquery"><strong>lsaquery</strong></a> command must have been
- issued first if you wish to use lookupsids to resolve
- RIDs. The only RIDs that will be resolved will be those
- in the SAM database of the server to which you are connected.
-<p><br><a name="lookupnames"></a> <li><strong><strong>lookupnames</strong></strong>
- <name1> <name2> ... Resolve SIDs from names.
- Mostly to be used by developers or for troubleshooting,
- this command can take names of the following format: <br>
- <code>[DOMAIN_NAME\]name</code>. <br>
- The names, which can be user, group or alias names, will
- either be looked up in the local SAM database or in a remote
- Trusting or Trusted PDC's SAM database, if there is an
- appropriate Trust Relationship established. The optional
- Domain name component is the name of a SAM database, which
- can include a workstation's local SAM database or a Trusted
- Domain.
- Example Usage: <br>
- <code>lookupnames WKSTANAME\Administrator "Domain Guests"</code> <br>
-<p><br><a name="querysecret"></a> <li><strong><strong>querysecret</strong></strong>
- LSA Query Secret (developer use). This command only appears
- to work against NT4 SP3 and below. Due to its potential
- for misuse, it looks like Microsoft modified their
- implementation of the LsaRetrievePrivateData call to
- always return NT_STATUS_ACCESS_DENIED.
-<p><br></ul>
-<p><br><li><strong>NETLOGON</strong>
-<p><br><ul>
-<p><br><a name="ntlogin"></a> <li><strong><strong>ntlogin</strong></strong>
- [username] [password] NT Domain login test. Demonstrates
- how NT-style logins work. Mainly for developer usage,
- it can also be used to verify that a user can log in
- from a workstation. If you cannot ever get pam_ntdom
- to work, try this command first.
-<p><br><a name="domtrust"></a> <li><strong><strong>domtrust</strong></strong>
- <domain> NT Inter-Domain test. Demonstrates how NT-style
- Inter-Domain Trust relationships work. Mainly for
- developer usage, it can also be used to verify that a
- Trust Relationship is correctly established with a
- remote PDC.
-<p><br><a name="samsync"></a> <li><strong><strong>samsync</strong></strong>
- SAM Synchronisation Test (experimental). This command
- is used to manually synchronise a SAM database from a
- remote PDC, when Samba is set up as a Backup Domain
- Controller.
-<p><br></ul>
-<p><br><li><strong>SAM Database</strong>
-<p><br>It is possible to use command-line completion (if you have
- the GNU readline library) for user, group, alias and domain
- names, by pressing the tab key.
-<p><br><ul>
-<p><br><a name="lookupdomain"></a> <li><strong><strong>lookupdomain</strong></strong>
- Obtain SID for a local domain
-<p><br><a name="enumusers"></a> <li><strong><strong>enumusers</strong></strong>
- SAM User Database Query (experimental!)
-<p><br><a name="addgroupmem"></a> <li><strong><strong>addgroupmem</strong></strong>
- <group rid> [user] [user] ... SAM Add Domain Group Member
-<p><br><a name="addaliasmem"></a> <li><strong><strong>addaliasmem</strong></strong>
- <alias rid> [member sid1] [member sid2] ... SAM Add Domain Alias Member
-<p><br><a name="delgroupmem"></a> <li><strong><strong>delgroupmem</strong></strong>
- <group rid> [user] [user] ... SAM Delete Domain Group Member
-<p><br><a name="delaliasmem"></a> <li><strong><strong>delaliasmem</strong></strong>
- <alias rid> [member sid1] [member sid2] ... SAM Delete Domain Alias Member
-<p><br><a name="creategroup"></a> <li><strong><strong>creategroup</strong></strong>
- SAM Create Domain Group
-<p><br><a name="createalias"></a> <li><strong><strong>createalias</strong></strong>
- SAM Create Domain Alias
-<p><br><a name="createuser"></a> <li><strong><strong>createuser</strong></strong>
- <username> SAM Create Domain User
-<p><br><a name="delgroup"></a> <li><strong><strong>delgroup</strong></strong>
- SAM Delete Domain Group
-<p><br><a name="delalias"></a> <li><strong><strong>delalias</strong></strong>
- SAM Delete Domain Alias
-<p><br><a name="ntpass"></a> <li><strong><strong>ntpass</strong></strong>
- NT SAM Password Change
-<p><br><a name="samuserset2"></a> <li><strong><strong>samuserset2</strong></strong>
- <username> [-s acb_bits] SAM User Set Info 2 (experimental!)
-<p><br><a name="samuserset"></a> <li><strong><strong>samuserset</strong></strong>
- <username> [-p password] SAM User Set Info (experimental!)
-<p><br><a name="samuser"></a> <li><strong><strong>samuser</strong></strong>
- <username> SAM User Query (experimental!)
-<p><br><a name="samgroup"></a> <li><strong><strong>samgroup</strong></strong>
- <groupname> SAM Group Query (experimental!)
-<p><br><a name="samalias"></a> <li><strong><strong>samalias</strong></strong>
- <aliasname> SAM Alias Query
-<p><br><a name="samaliasmem"></a> <li><strong><strong>samaliasmem</strong></strong>
- <aliasname> SAM Alias Members
-<p><br><a name="samgroupmem"></a> <li><strong><strong>samgroupmem</strong></strong>
- SAM Group Members
-<p><br><a name="samtest"></a> <li><strong><strong>samtest</strong></strong>
- SAM User Encrypted RPC test (experimental!)
-<p><br><a name="enumaliases"></a> <li><strong><strong>enumaliases</strong></strong>
- SAM Aliases Database Query (experimental!)
-<p><br><a name="enumdomains"></a> <li><strong><strong>enumdomains</strong></strong>
- SAM Domains Database Query (experimental!)
-<p><br><a name="enumgroups"></a> <li><strong><strong>enumgroups</strong></strong>
- SAM Group Database Query (experimental!)
-<p><br><a name="dominfo"></a> <li><strong><strong>dominfo</strong></strong>
- SAM Query Domain Info
-<p><br><a name="dispinfo"></a> <li><strong><strong>dispinfo</strong></strong>
- SAM Query Display Info
-<p><br></ul>
-<p><br></ul>
-<p><br><a name="NOTES"></a>
-<h2>NOTES</h2>
-
-<p><br>Some servers are fussy about the case of supplied usernames,
-passwords, share names (AKA service names) and machine names. If you
-fail to connect try giving all parameters in uppercase.
-<p><br>It is often necessary to use the <a href="rpcclient.1.html#minusn"><strong>-n</strong></a> option when connecting
-to some types of servers. For example OS/2 LanManager insists on a valid
-NetBIOS name being used, so you need to supply a valid name that would
-be known to the server.
-<p><br>rpcclient only works on servers that support MSRPC over SMB. This includes
-all versions of Windows NT, including the ports to Unix such as AS/U and
-AFPS. Support for MSRPC over SMB in other servers is currently rare and
-patchy, for example Samba 2.0 only supports a limited set of MSRPC commands,
-and some of those are not supported very well.
-<p><br><a name="ENVIRONMENTVARIABLES"></a>
-<h2>ENVIRONMENT VARIABLES</h2>
-
-<p><br>The variable <strong>USER</strong> may contain the username of the person using the
-client. This information is used only if the protocol level is high
-enough to support session-level passwords.
-<p><br>The variable <strong>PASSWORD</strong> may contain the password of the person using
-the client. This information is used only if the protocol level is
-high enough to support session-level passwords.
-<p><br><a name="INSTALLATION"></a>
-<h2>INSTALLATION</h2>
-
-<p><br>The location of the client program is a matter for individual system
-administrators. The following are thus suggestions only.
-<p><br>It is recommended that the rpcclient software be installed in the
-/usr/local/samba/bin or /usr/samba/bin directory, this directory
-readable by all, writeable only by root. The client program itself
-should be executable by all. The client should <em>NOT</em> be setuid or
-setgid!
-<p><br>The client log files should be put in a directory readable and
-writeable only by the user.
-<p><br>To test the client, you will need to know the name of a running
-SMB/CIFS server. It is possible to run <a href="smbd.8.html"><strong>smbd (8)</strong></a>
-an ordinary user - running that server as a daemon on a
-user-accessible port (typically any port number over 1024) would
-provide a suitable test server.
-<p><br><a name="DIAGNOSTICS"></a>
-<h2>DIAGNOSTICS</h2>
-
-<p><br>Most diagnostics issued by the client are logged in a specified log
-file. The log file name is specified at compile time, but may be
-overridden on the command line.
-<p><br>The number and nature of diagnostics available depends on the debug
-level used by the client. If you have problems, set the debug level to
-3 and peruse the log files.
-<p><br><a name="VERSION"></a>
-<h2>VERSION</h2>
-
-<p><br>This man page is correct for version 2.0 of the Samba suite.
-<p><br><a name="BUGS"></a>
-<h2>BUGS</h2>
-
-<p><br><ul>
-<li><strong>WARNING!</strong>
-The MSPRC over SMB code has been developed from examining Network traces.
-No documentation is available from the original creators (Microsoft) on
-how MSRPC over SMB works, or how the individual MSRPC services work.
-Microsoft's implementation of these services has been demonstrated (and
-reported) to be... a bit flakey in places.
-<p><br>The development of Samba's implementation of these services is <em>also</em>
-a bit rough, and as more of the services are understood, it can even result
-in versions of <a href="smbd.8.html"><strong>smbd (8)</strong></a> and rpcclient that are
-incompatible for some commands or services. Additionally, the developers
-are sending reports to Microsoft, and problems found by or reported to
-Microsoft are fixed in Service Packs, which may also result in
-incompatibilities.
-<p><br>It is therefore not guaranteed that the execution of an rpcclient command will
-work. It is also not guaranteed that the target server will continue to
-operate, i.e the execution of an MSRPC command may cause a remote service to
-fail, or even cause the remote server to fail. Usual rules apply, of course:
-the developers bear absolutely no responsibility for the use, misuse, or
-lack of use of rpcclient, by any person or persons, whether legal,
-illegal, accidental, deliberate, intentional, malicious, curious, etc.
-<p><br><li><strong>Command Completion</strong>
-Command-completion (available if you have the GNU readline library) used on
-certain commands may not operate correctly if the word being completed (such as a registry key) contains a space. Typically, the name will be completed, but
-you will have to go back and put quotes round it, yourself.
-<p><br><li><strong>SAM Database command-completion</strong>
-Command-completion (available if you have the GNU readline library) of user,
-group and alias names does not work on remote Domains, which would normally
-be specified like this: <br>
-<code>DOMAIN_name\user_name</code>. <br>
-The only names that can be completed in this fashion are the local names
-in the SAM database of the target server.
-<p><br><li><strong><a href="rpcclient.1.html#spoolenum"><strong>spoolenum</strong></a></strong>
-Due to current limitations in the rpcclient MSRPC / SMB code, and due to
-the extremely poor MSRPC implementation (by Microsoft) of the spooler
-service, if there are a large number of printers (or the names / comment
-fields associated with the printers), this command will fail. The
-limitations require further research to be carried out; we're stuck with
-the poor \PIPE\spoolss design.
-<p><br></ul>
-<p><br><a name="AUTHOR"></a>
-<h2>AUTHOR</h2>
-
-<p><br>The original Samba software and related utilities were created by
-Andrew Tridgell <a href="mailto:samba-bugs@samba.org"><em>samba-bugs@samba.org</em></a>. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-<p><br>The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>)
-and updated for the Samba2.0 release by Jeremy Allison. This man page
-was developed cut-and-paste style from the smbclient man page, by
-Luke Kenneth Casson Leighton.
-<a href="mailto:samba-bugs@samba.org"><em>samba-bugs@samba.org</em></a>.
-<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-<p><br></body>
-</html>
+++ /dev/null
-.TH "debug2html" "1" "29 Dec 1998" "Samba" "SAMBA"
-.PP
-.SH "NAME"
-debug2html \- Samba DEBUG to HTML translation filter
-.PP
-.SH "SYNOPSIS"
-.PP
-debug2html [input-file [output-file]]
-.PP
-.SH "DESCRIPTION"
-.PP
-This program is part of the \fBSamba\fP suite\&.
-.PP
-\fBdebug2html\fP generates HTML files from Samba log files\&. Log files
-produced by \fBnmbd\fP(8) or \fBsmbd\fP(8) may then be viewed by a web
-browser\&. The output conforms to the HTML 3\&.2 specification\&.
-.PP
-The filenames specified on the command line are optional\&. If the
-output-file is ommitted, output will go to \fBstdout\fP\&. If the input-file
-is ommitted, \fBdebug2html\fP will read from \fBstdin\fP\&. The filename "-"
-can be used to indicate that input should be read from \fBstdin\fP\&. For
-example:
-.PP
-\f(CWcat /usr/local/samba/var/log\&.nmb | debug2html - nmblog\&.html\fP
-.br
-.PP
-.SH "VERSION"
-.PP
-This man page is correct for version 2\&.0 of the Samba suite\&.
-.PP
-.SH "SEE ALSO"
-.PP
-\fBnmbd\fP(8), \fBsmbd\fP(8),
-\fBsamba\fP(7)\&.
-.PP
-.SH "AUTHOR"
-.PP
-The original Samba software and related utilities were created by
-Andrew Tridgell \fIsamba-bugs@samba\&.org\fP\&. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed\&.
-.PP
-The original Samba man pages were written by Karl Auer\&. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fP)
-and updated for the Samba2\&.0 release by Jeremy Allison\&.
-\fIsamba-bugs@samba\&.org\fP\&.
-.PP
-\fBdebug2html\fP was added by Chris Hertel\&.
-.PP
-See \fBsamba\fP(7) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc\&.
+++ /dev/null
-.TH "rpcclient " "1" "23 Oct 1998" "Samba" "SAMBA"
-.PP
-.SH "NAME"
-rpcclient \- utility to manage MSRPC resources on servers
-.PP
-.SH "SYNOPSIS"
-.PP
-\fBrpcclient\fP
-[password]
--S servername
-[-U [username][%][password]]
-[-W domain]
-[-l log basename]
-[-d debuglevel]
-[-O socket options]
-[-i scope]
-[-N]
-[-n NetBIOS name]
-[-h]
-[-I dest IP]
-[-E]
-[-t terminal code]
-[-c command string]
-[-B IP addr]
-[-s smb\&.conf]
-[-m max protocol]
-.PP
-.SH "DESCRIPTION"
-.PP
-This program is part of the \fBSamba\fP suite\&.
-.PP
-\fBrpcclient\fP is a client that can \'talk\' to an SMB/CIFS MSRPC server\&.
-Operations include things like managing a SAM Database (users, groups
-and aliases) in the same way as the Windows NT programs
-\fBUser Manager for Domains\fP and \fBServer Manager for Domains\fP;
-managing a remote registry in the same way as the Windows NT programs
-\fBREGEDT32\&.EXE\fP and \fBREGEDIT\&.EXE\fP; viewing a remote event log (same
-as \fBEVENTVWR\&.EXE\fP) etc\&.
-.PP
-Typical usage is like this:
-.br
-\f(CWrpcclient -I 192\&.168\&.32\&.1 -S "*SMBSERVER" -U fred%secret -l log\fP
-.br
-.PP
-.SH "OPTIONS"
-.PP
-.IP
-.IP "\fBservername\fP"
-servername is the name of the server you want
-to use on the server\&. This should be the NetBIOS name of the SMB/CIFS
-server, which can be \fB*SMBSERVER\fP on Windows NT 4\&.0 or Samba Servers\&.
-.IP
-Note that the server name required is NOT necessarily the IP (DNS)
-host name of the server! The name required is a NetBIOS server name,
-which may or may not be the same as the IP hostname of the machine
-running the server\&. Also, remember that having a period in a NetBIOS
-name (such as an IP hostname) may cause connectivity problems on your
-network: NT tends to strip NetBIOS names from the leading period
-onwards\&.
-.IP
-The server name is looked up according to either the
-\fB-R\fP parameter to \fBrpcclient\fP or using the
-\fBname resolve order\fP
-parameter in the smb\&.conf file, allowing an administrator to change
-the order and methods by which server names are looked up\&.
-.IP
-.IP "\fBpassword\fP"
-password is the password required to access the
-specified service on the specified server\&. If this parameter is
-supplied, the \fB-N\fP option (suppress password prompt) is assumed\&.
-.IP
-There is no default password\&. If no password is supplied on the
-command line (either by using this parameter or adding a password to
-the \fB-U\fP option (see below)) and the \fB-N\fP option is not specified,
-the client will prompt for a password, even if the desired service
-does not require one\&. (If no password is required, simply press ENTER
-to provide a null password\&.)
-.IP
-Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password\&. Lowercase or mixed case passwords may be
-rejected by these servers\&.
-.IP
-Be cautious about including passwords in scripts\&.
-.IP
-.IP "\fB-s smb\&.conf\fP"
-This parameter specifies the pathname to the
-Samba configuration file, smb\&.conf\&. This file controls all aspects of
-the Samba setup on the machine and rpcclient also needs to read this
-file\&.
-.IP
-.IP "\fB-B IP addr\fP"
-The IP address to use when sending a broadcast packet\&.
-.IP
-.IP "\fB-O socket options\fP"
-TCP socket options to set on the client
-socket\&. See the socket options
-parameter in the \fBsmb\&.conf (5)\fP manpage for
-the list of valid options\&.
-.IP
-.IP "\fB-R name resolve order\fP"
-This option allows the user of
-rpcclient to determine what name resolution services to use when
-looking up the NetBIOS name of the host being connected to\&.
-.IP
-The options are :"lmhosts", "host", "wins" and "bcast"\&. They cause
-names to be resolved as follows :
-.IP
-.IP
-.IP o
-\fBlmhosts\fP : Lookup an IP address in the Samba lmhosts file\&.
-The lmhosts file is stored in the same directory as the
-\fBsmb\&.conf\fP file\&.
-.IP
-.IP o
-\fBhost\fP : Do a standard host name to IP address resolution,
-using the system /etc/hosts, NIS, or DNS lookups\&. This method of name
-resolution is operating system depended for instance on IRIX or
-Solaris this may be controlled by the \fI/etc/nsswitch\&.conf\fP file)\&.
-.IP
-.IP o
-\fBwins\fP : Query a name with the IP address listed in the \fBwins
-server\fP parameter in the smb\&.conf file\&. If
-no WINS server has been specified this method will be ignored\&.
-.IP
-.IP o
-\fBbcast\fP : Do a broadcast on each of the known local interfaces
-listed in the \fBinterfaces\fP parameter
-in the smb\&.conf file\&. This is the least reliable of the name resolution
-methods as it depends on the target host being on a locally connected
-subnet\&. To specify a particular broadcast address the \fB-B\fP option
-may be used\&.
-.IP
-.IP
-If this parameter is not set then the name resolve order defined
-in the \fBsmb\&.conf\fP file parameter
-(\fBname resolve order\fP)
-will be used\&.
-.IP
-The default order is lmhosts, host, wins, bcast and without this
-parameter or any entry in the \fB"name resolve
-order"\fP parameter of the
-\fBsmb\&.conf\fP file the name resolution methods
-will be attempted in this order\&.
-.IP
-.IP "\fB-i scope\fP"
-This specifies a NetBIOS scope that rpcclient will use
-to communicate with when generating NetBIOS names\&. For details on the
-use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes
-are \fIvery\fP rarely used, only set this parameter if you are the
-system administrator in charge of all the NetBIOS systems you
-communicate with\&.
-.IP
-.IP "\fB-N\fP"
-If specified, this parameter suppresses the normal
-password prompt from the client to the user\&. This is useful when
-accessing a service that does not require a password\&.
-.IP
-Unless a password is specified on the command line or this parameter
-is specified, the client will request a password\&.
-.IP
-.IP "\fB-n NetBIOS name\fP"
-By default, the client will use the local
-machine\'s hostname (in uppercase) as its NetBIOS name\&. This parameter
-allows you to override the host name and use whatever NetBIOS name you
-wish\&.
-.IP
-.IP "\fB-d debuglevel\fP"
-debuglevel is an integer from 0 to 10, or the
-letter \'A\'\&.
-.IP
-The default value if this parameter is not specified is zero\&.
-.IP
-The higher this value, the more detail will be logged to the log files
-about the activities of the client\&. At level 0, only critical errors
-and serious warnings will be logged\&. Level 1 is a reasonable level for
-day to day running - it generates a small amount of information about
-operations carried out\&.
-.IP
-Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem\&. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic\&. If debuglevel is set to the
-letter \'A\', then \fIall\fP debug messages will be printed\&. This setting
-is for developers only (and people who \fIreally\fP want to know how the
-code works internally)\&.
-.IP
-Note that specifying this parameter here will override the \fBlog
-level\fP parameter in the \fBsmb\&.conf
-(5)\fP file\&.
-.IP
-.IP "\fB-p port\fP"
-This number is the TCP port number that will be used
-when making connections to the server\&. The standard (well-known) TCP
-port number for an SMB/CIFS server is 139, which is the default\&.
-.IP
-.IP "\fB-l logfilename\fP"
-If specified, logfilename specifies a base
-filename into which operational data from the running client will be
-logged\&.
-.IP
-The default base name is specified at compile time\&.
-.IP
-The base name is used to generate actual log file names\&. For example,
-if the name specified was "log", the debug file would be
-\f(CWlog\&.client\fP\&.
-.IP
-The log file generated is never removed by the client\&.
-.IP
-.IP "\fB-h\fP"
-Print the usage message for the client\&.
-.IP
-.IP "\fB-I IP address\fP"
-IP address is the address of the server to
-connect to\&. It should be specified in standard "a\&.b\&.c\&.d" notation\&.
-.IP
-Normally the client would attempt to locate a named SMB/CIFS server by
-looking it up via the NetBIOS name resolution mechanism described
-above in the \fBname resolve order\fP parameter
-above\&. Using this parameter will force the client to assume that the
-server is on the machine with the specified IP address and the NetBIOS
-name component of the resource being connected to will be ignored\&.
-.IP
-There is no default for this parameter\&. If not supplied, it will be
-determined automatically by the client as described above\&.
-.IP
-.IP "\fB-E\fP"
-This parameter causes the client to write messages to the
-standard error stream (stderr) rather than to the standard output
-stream\&.
-.IP
-By default, the client writes messages to standard output - typically
-the user\'s tty\&.
-.IP
-Note that by default, debug information is always sent to stderr\&.
-Debug information can instead be sent to a file, using the
--l log basename option\&.
-.IP
-.IP "\fB-U username\fP"
-This specifies the user name that will be used by
-the client to make a connection, assuming your server is not a downlevel
-server that is running a protocol level that uses passwords on shares,
-not on usernames\&.
-.IP
-Some servers are fussy about the case of this name, and some insist
-that it must be a valid NetBIOS name\&.
-.IP
-If no username is supplied, it will default to an uppercase version of
-the environment variable \f(CWUSER\fP or \f(CWLOGNAME\fP in that order\&. If no
-username is supplied and neither environment variable exists the
-username "GUEST" will be used\&.
-.IP
-If the \f(CWUSER\fP environment variable contains a \'%\' character,
-everything after that will be treated as a password\&. This allows you
-to set the environment variable to be \f(CWUSER=username%password\fP so
-that a password is not passed on the command line (where it may be
-seen by the ps command)\&.
-.IP
-If the service you are connecting to requires a password, it can be
-supplied using the \fB-U\fP option, by appending a percent symbol ("%")
-then the password to username\&. For example, to attach to a service as
-user \f(CW"fred"\fP with password \f(CW"secret"\fP, you would specify\&.
-.br
-.IP
-\f(CW-U fred%secret\fP
-.br
-.IP
-on the command line\&. Note that there are no spaces around the percent
-symbol\&.
-.IP
-If you specify the password as part of username then the \fB-N\fP option
-(suppress password prompt) is assumed\&.
-.IP
-If you specify the password as a parameter \fIAND\fP as part of username
-then the password as part of username will take precedence\&. Putting
-nothing before or nothing after the percent symbol will cause an empty
-username or an empty password to be used, respectively\&.
-.IP
-The password may also be specified by setting up an environment
-variable called \f(CWPASSWORD\fP that contains the users password\&. Note
-that this may be very insecure on some systems but on others allows
-users to script rpcclient commands without having a password appear in
-the command line of a process listing\&.
-.IP
-Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password\&. Lowercase or mixed case passwords may be
-rejected by these servers\&.
-.IP
-Be cautious about including passwords in scripts or in the
-\f(CWPASSWORD\fP environment variable\&. Also, on many systems the command
-line of a running process may be seen via the \f(CWps\fP command to be
-safe always allow rpcclient to prompt for a password and type it in
-directly\&.
-.IP
-.IP "\fB-t terminal code\fP"
-This option tells rpcclient how to interpret
-filenames coming from the remote server\&. Usually Asian language
-multibyte UNIX implementations use different character sets than
-SMB/CIFS servers (\fIEUC\fP instead of \fISJIS\fP for example)\&. Setting
-this parameter will let rpcclient convert between the UNIX filenames
-and the SMB filenames correctly\&. This option has not been seriously
-tested and may have some problems\&.
-.IP
-The terminal codes include \f(CWsjis\fP, \f(CWeuc\fP, \f(CWjis7\fP, \f(CWjis8\fP,
-\f(CWjunet\fP, \f(CWhex\fP, \f(CWcap\fP\&. This is not a complete list, check the
-Samba source code for the complete list\&.
-.IP
-.IP "\fB-m max protocol level\fP"
-With the new code in Samba2\&.0,
-\fBrpcclient\fP always attempts to connect at the maximum
-protocols level the server supports\&. This parameter is
-preserved for backwards compatibility, but any string
-following the \fB-m\fP will be ignored\&.
-.IP
-.IP "\fB-W Domain\fP"
-Override the default Domain, which is the remote server\'s
-Domain\&. This option may be needed to connect to some servers\&. It is also
-possible to specify the remote server name as the Domain, which will
-force the username and password to be authenticated against the remote
-server\'s local SAM instead of the Domain SAM\&.
-.IP
-.IP "\fB-c command string\fP"
-command string is a semicolon separated
-list of commands to be executed instead of prompting from stdin\&.
-\fB-N\fP is implied by \fB-c\fP\&.
-.IP
-This is particularly useful in scripts, e\&.g\&. \f(CW-c \'lsaquery; enumusers -u\'\fP\&.
-.IP
-.PP
-.SH "OPERATIONS"
-.PP
-Once the client is running, the user is presented with a prompt :
-.PP
-\f(CWsmb:\e>\fP
-.PP
-The prompt indicates that the client is ready and waiting to carry out
-a user command\&. Each command is a single word, optionally followed by
-parameters specific to that command\&. Command and parameters are
-space-delimited unless these notes specifically state otherwise\&. All
-commands are case-insensitive\&. Parameters to commands may or may not
-be case sensitive, depending on the command\&.
-.PP
-You can specify names (e\&.g registry keys; user or group names;
-service names) which have spaces in them by quoting the
-name with double quotes, for example "dRMON SmartAgent"\&.
-.PP
-Parameters shown in square brackets (e\&.g\&., "[parameter]") are
-optional\&. If not given, the command will use suitable
-defaults\&. Parameters shown in angle brackets (e\&.g\&., "<parameter>") are
-required\&.
-.PP
-Note that all commands operating on the server are actually performed
-by issuing a request to the server\&. Thus the behavior may vary from
-server to server, depending on how the server was implemented\&.
-.PP
-The commands available are listed in groups relating to different services:
-.PP
-.IP
-.IP "Misccellaneous"
-.IP
-.IP
-.IP "\fB? [command]\fP"
-If "command" is specified,
-the \fB?\fP command will display a brief informative message about the
-specified command\&. If no command is specified, a list of available
-commands will be displayed\&.
-.IP
-.IP "\fB! [shell command]\fP"
-If "shell command"
-is specified, the \fB!\fP command will execute a shell locally and run
-the specified shell command\&. If no command is specified, a local shell
-will be run\&.
-.IP
-.IP "\fBexit\fP"
-Terminate the connection with the server and
-exit from the program\&.
-.IP
-.IP "\fBhelp [command]\fP"
-See the \fB?\fP
-command above\&.
-.IP
-.IP "\fBquit\fP"
-See the \fBexit\fP command\&.
-.IP
-.IP
-.IP "Event Log"
-.IP
-.IP
-.IP "\fBeventlog\fP"
-list the events
-.IP
-.IP
-.IP "Service Control"
-.IP
-These commands provide functionality similar to the Windows
-NT Service Control Manager\&.
-.IP
-It is possible to use command-line completion (if you have
-the GNU readline library) for Service names, by pressing the
-tab key\&.
-.IP
-.IP
-.IP "\fBsvcenum\fP"
-[-i] Lists Services\&.
-.IP
-.IP "\fBsvcinfo\fP"
-<service> Service Information
-.IP
-.IP "\fBsvcstart\fP"
-<service> [arg 0] [arg 1] \&.\&.\&. Start Service
-.IP
-.IP "\fBsvcstop\fP"
-<service> Stop Service
-.IP
-.IP
-.IP "Scheduler"
-.IP
-.IP
-.IP "\fBat\fP"
-Scheduler control (at /? for syntax)
-.IP
-.IP
-.IP "Registry"
-.IP
-It is possible to use command-line completion (if you have
-the GNU readline library) for registry key and value names,
-by pressing the tab key\&.
-.IP
-.IP
-.IP "\fBregenum\fP"
-<keyname> Registry Enumeration (keys, values)
-.IP
-.IP "\fBregdeletekey\fP"
-<keyname> Registry Key Delete
-.IP
-.IP "\fBregcreatekey\fP"
-<keyname> [keyclass] Registry Key Create
-.IP
-.IP "\fBshutdown\fP"
-[-m message] [-t timeout] [-r or --reboot] Server Shutdown
-.IP
-.IP "\fBregqueryval\fP"
-<valname> Registry Value Query
-.IP
-.IP "\fBregquerykey\fP"
-<keyname> Registry Key Query
-.IP
-.IP "\fBregdeleteval\fP"
-<valname> Registry Value Delete
-.IP
-.IP "\fBregcreateval\fP"
-<valname> <valtype> <value> Registry Key Create
-.IP
-.IP "\fBreggetsec\fP"
-<keyname> Registry Key Security
-.IP
-.IP "\fBregtestsec\fP"
-<keyname> Test Registry Key Security
-.IP
-.IP
-.IP "Printing"
-.IP
-It is possible to use command-line completion (if you have
-the GNU readline library) for Printer and job names, by
-pressing the tab key\&.
-.IP
-.IP
-.IP "\fBspoolenum\fP"
-Enumerate Printers\&. This experimental command lists
-all printers available on a remote spooler service\&.
-.IP
-.IP "\fBspooljobs\fP"
-<printer name> Enumerate Printer Jobs\&. This
-experimental command lists all jobs, and their
-status, currently queued on a remote spooler
-service\&.
-.IP
-.IP "\fBspoolopen\fP"
-<printer name> Spool Printer Open Test\&. Experimental\&.
-.IP
-.IP
-.IP "Server"
-.IP
-.IP
-.IP "\fBtime\fP"
-Display remote time
-.IP
-.IP "\fBbrsinfo\fP"
-Browser Query Info
-.IP
-.IP "\fBwksinfo\fP"
-Workstation Query Info
-.IP
-.IP "\fBsrvinfo\fP"
-Server Query Info
-.IP
-.IP "\fBsrvsessions\fP"
-List sessions on a server
-.IP
-.IP "\fBsrvshares\fP"
-List shares on a server
-.IP
-.IP "\fBsrvtransports\fP"
-List transports on a server
-.IP
-.IP "\fBsrvconnections\fP"
-List connections on a server
-.IP
-.IP "\fBsrvfiles\fP"
-List files on a server
-.IP
-.IP
-.IP "Local Security Authority"
-.IP
-.IP
-.IP "\fBlsaquery\fP"
-Query Info Policy (domain member or server)\&. Obtains
-the SID and name of the SAM database that a server
-is responsible for (i\&.e a workstation\'s local SAM
-database or the PDC SAM database)\&. Also obtains the
-SID and name of the SAM database that a server is
-a member of\&.
-.IP
-.IP "\fBlsaenumdomains\fP"
-Enumerate Trusted Domains\&. Lists all Trusted and
-Trusting Domains with which the remote PDC has
-trust relationships established\&.
-.IP
-.IP "\fBlookupsids\fP"
-<rid1 or sid1> <rid1 or sid2> \&.\&.\&. Resolve names from SIDs\&.
-Mostly to be used by developers or for troubleshooting,
-this command can take either Security Identifiers or Relative
-Identifiers, and look them up in the local SAM database
-(or look them up in a remote Trusting or Trusted PDC\'s SAM
-database if there is an appropriate Trust Relationship
-established)\&. The result is a list of names, of the
-format:
-.br
-\f(CW[TRUST_DOMAIN\e]name\fP\&.
-.br
-the \fBlsaquery\fP command must have been
-issued first if you wish to use lookupsids to resolve
-RIDs\&. The only RIDs that will be resolved will be those
-in the SAM database of the server to which you are connected\&.
-.IP
-.IP "\fBlookupnames\fP"
-<name1> <name2> \&.\&.\&. Resolve SIDs from names\&.
-Mostly to be used by developers or for troubleshooting,
-this command can take names of the following format:
-.br
-\f(CW[DOMAIN_NAME\e]name\fP\&.
-.br
-The names, which can be user, group or alias names, will
-either be looked up in the local SAM database or in a remote
-Trusting or Trusted PDC\'s SAM database, if there is an
-appropriate Trust Relationship established\&. The optional
-Domain name component is the name of a SAM database, which
-can include a workstation\'s local SAM database or a Trusted
-Domain\&.
-Example Usage:
-.br
-\f(CWlookupnames WKSTANAME\eAdministrator "Domain Guests"\fP
-.br
-.IP
-.IP "\fBquerysecret\fP"
-LSA Query Secret (developer use)\&. This command only appears
-to work against NT4 SP3 and below\&. Due to its potential
-for misuse, it looks like Microsoft modified their
-implementation of the LsaRetrievePrivateData call to
-always return NT_STATUS_ACCESS_DENIED\&.
-.IP
-.IP
-.IP "NETLOGON"
-.IP
-.IP
-.IP "\fBntlogin\fP"
-[username] [password] NT Domain login test\&. Demonstrates
-how NT-style logins work\&. Mainly for developer usage,
-it can also be used to verify that a user can log in
-from a workstation\&. If you cannot ever get pam_ntdom
-to work, try this command first\&.
-.IP
-.IP "\fBdomtrust\fP"
-<domain> NT Inter-Domain test\&. Demonstrates how NT-style
-Inter-Domain Trust relationships work\&. Mainly for
-developer usage, it can also be used to verify that a
-Trust Relationship is correctly established with a
-remote PDC\&.
-.IP
-.IP "\fBsamsync\fP"
-SAM Synchronisation Test (experimental)\&. This command
-is used to manually synchronise a SAM database from a
-remote PDC, when Samba is set up as a Backup Domain
-Controller\&.
-.IP
-.IP
-.IP "SAM Database"
-.IP
-It is possible to use command-line completion (if you have
-the GNU readline library) for user, group, alias and domain
-names, by pressing the tab key\&.
-.IP
-.IP
-.IP "\fBlookupdomain\fP"
-Obtain SID for a local domain
-.IP
-.IP "\fBenumusers\fP"
-SAM User Database Query (experimental!)
-.IP
-.IP "\fBaddgroupmem\fP"
-<group rid> [user] [user] \&.\&.\&. SAM Add Domain Group Member
-.IP
-.IP "\fBaddaliasmem\fP"
-<alias rid> [member sid1] [member sid2] \&.\&.\&. SAM Add Domain Alias Member
-.IP
-.IP "\fBdelgroupmem\fP"
-<group rid> [user] [user] \&.\&.\&. SAM Delete Domain Group Member
-.IP
-.IP "\fBdelaliasmem\fP"
-<alias rid> [member sid1] [member sid2] \&.\&.\&. SAM Delete Domain Alias Member
-.IP
-.IP "\fBcreategroup\fP"
-SAM Create Domain Group
-.IP
-.IP "\fBcreatealias\fP"
-SAM Create Domain Alias
-.IP
-.IP "\fBcreateuser\fP"
-<username> SAM Create Domain User
-.IP
-.IP "\fBdelgroup\fP"
-SAM Delete Domain Group
-.IP
-.IP "\fBdelalias\fP"
-SAM Delete Domain Alias
-.IP
-.IP "\fBntpass\fP"
-NT SAM Password Change
-.IP
-.IP "\fBsamuserset2\fP"
-<username> [-s acb_bits] SAM User Set Info 2 (experimental!)
-.IP
-.IP "\fBsamuserset\fP"
-<username> [-p password] SAM User Set Info (experimental!)
-.IP
-.IP "\fBsamuser\fP"
-<username> SAM User Query (experimental!)
-.IP
-.IP "\fBsamgroup\fP"
-<groupname> SAM Group Query (experimental!)
-.IP
-.IP "\fBsamalias\fP"
-<aliasname> SAM Alias Query
-.IP
-.IP "\fBsamaliasmem\fP"
-<aliasname> SAM Alias Members
-.IP
-.IP "\fBsamgroupmem\fP"
-SAM Group Members
-.IP
-.IP "\fBsamtest\fP"
-SAM User Encrypted RPC test (experimental!)
-.IP
-.IP "\fBenumaliases\fP"
-SAM Aliases Database Query (experimental!)
-.IP
-.IP "\fBenumdomains\fP"
-SAM Domains Database Query (experimental!)
-.IP
-.IP "\fBenumgroups\fP"
-SAM Group Database Query (experimental!)
-.IP
-.IP "\fBdominfo\fP"
-SAM Query Domain Info
-.IP
-.IP "\fBdispinfo\fP"
-SAM Query Display Info
-.IP
-.IP
-.PP
-.SH "NOTES"
-.PP
-Some servers are fussy about the case of supplied usernames,
-passwords, share names (AKA service names) and machine names\&. If you
-fail to connect try giving all parameters in uppercase\&.
-.PP
-It is often necessary to use the \fB-n\fP option when connecting
-to some types of servers\&. For example OS/2 LanManager insists on a valid
-NetBIOS name being used, so you need to supply a valid name that would
-be known to the server\&.
-.PP
-rpcclient only works on servers that support MSRPC over SMB\&. This includes
-all versions of Windows NT, including the ports to Unix such as AS/U and
-AFPS\&. Support for MSRPC over SMB in other servers is currently rare and
-patchy, for example Samba 2\&.0 only supports a limited set of MSRPC commands,
-and some of those are not supported very well\&.
-.PP
-.SH "ENVIRONMENT VARIABLES"
-.PP
-The variable \fBUSER\fP may contain the username of the person using the
-client\&. This information is used only if the protocol level is high
-enough to support session-level passwords\&.
-.PP
-The variable \fBPASSWORD\fP may contain the password of the person using
-the client\&. This information is used only if the protocol level is
-high enough to support session-level passwords\&.
-.PP
-.SH "INSTALLATION"
-.PP
-The location of the client program is a matter for individual system
-administrators\&. The following are thus suggestions only\&.
-.PP
-It is recommended that the rpcclient software be installed in the
-/usr/local/samba/bin or /usr/samba/bin directory, this directory
-readable by all, writeable only by root\&. The client program itself
-should be executable by all\&. The client should \fINOT\fP be setuid or
-setgid!
-.PP
-The client log files should be put in a directory readable and
-writeable only by the user\&.
-.PP
-To test the client, you will need to know the name of a running
-SMB/CIFS server\&. It is possible to run \fBsmbd (8)\fP
-an ordinary user - running that server as a daemon on a
-user-accessible port (typically any port number over 1024) would
-provide a suitable test server\&.
-.PP
-.SH "DIAGNOSTICS"
-.PP
-Most diagnostics issued by the client are logged in a specified log
-file\&. The log file name is specified at compile time, but may be
-overridden on the command line\&.
-.PP
-The number and nature of diagnostics available depends on the debug
-level used by the client\&. If you have problems, set the debug level to
-3 and peruse the log files\&.
-.PP
-.SH "VERSION"
-.PP
-This man page is correct for version 2\&.0 of the Samba suite\&.
-.PP
-.SH "BUGS"
-.PP
-.IP "WARNING!"
-The MSPRC over SMB code has been developed from examining Network traces\&.
-No documentation is available from the original creators (Microsoft) on
-how MSRPC over SMB works, or how the individual MSRPC services work\&.
-Microsoft\'s implementation of these services has been demonstrated (and
-reported) to be\&.\&.\&. a bit flakey in places\&.
-.IP
-The development of Samba\'s implementation of these services is \fIalso\fP
-a bit rough, and as more of the services are understood, it can even result
-in versions of \fBsmbd (8)\fP and rpcclient that are
-incompatible for some commands or services\&. Additionally, the developers
-are sending reports to Microsoft, and problems found by or reported to
-Microsoft are fixed in Service Packs, which may also result in
-incompatibilities\&.
-.IP
-It is therefore not guaranteed that the execution of an rpcclient command will
-work\&. It is also not guaranteed that the target server will continue to
-operate, i\&.e the execution of an MSRPC command may cause a remote service to
-fail, or even cause the remote server to fail\&. Usual rules apply, of course:
-the developers bear absolutely no responsibility for the use, misuse, or
-lack of use of rpcclient, by any person or persons, whether legal,
-illegal, accidental, deliberate, intentional, malicious, curious, etc\&.
-.IP
-.IP "Command Completion"
-Command-completion (available if you have the GNU readline library) used on
-certain commands may not operate correctly if the word being completed (such as a registry key) contains a space\&. Typically, the name will be completed, but
-you will have to go back and put quotes round it, yourself\&.
-.IP
-.IP "SAM Database command-completion"
-Command-completion (available if you have the GNU readline library) of user,
-group and alias names does not work on remote Domains, which would normally
-be specified like this:
-.br
-\f(CWDOMAIN_name\euser_name\fP\&.
-.br
-The only names that can be completed in this fashion are the local names
-in the SAM database of the target server\&.
-.IP
-.IP "\fBspoolenum\fP"
-Due to current limitations in the rpcclient MSRPC / SMB code, and due to
-the extremely poor MSRPC implementation (by Microsoft) of the spooler
-service, if there are a large number of printers (or the names / comment
-fields associated with the printers), this command will fail\&. The
-limitations require further research to be carried out; we\'re stuck with
-the poor \ePIPE\espoolss design\&.
-.IP
-.PP
-.SH "AUTHOR"
-.PP
-The original Samba software and related utilities were created by
-Andrew Tridgell \fIsamba-bugs@samba\&.org\fP\&. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed\&.
-.PP
-The original Samba man pages were written by Karl Auer\&. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fP)
-and updated for the Samba2\&.0 release by Jeremy Allison\&. This man page
-was developed cut-and-paste style from the smbclient man page, by
-Luke Kenneth Casson Leighton\&.
-\fIsamba-bugs@samba\&.org\fP\&.
-.PP
-See \fBsamba (7)\fP to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc\&.
-.PP
+++ /dev/null
-
-TITLE INFORMATION: LDAP Support in Samba
-AUTHOR INFORMATION: Matthew Chapman
-DATE INFORMATION: 29th November 1998
-
-WARNING: This is experimental code. Use at your own risk, and please report
-any bugs (after reading BUGS.txt).
-
-Contents
-
-1: What is LDAP?
-2: Why LDAP and Samba?
-3: Using LDAP with Samba
-4: Using LDAP for Unix authentication
-5: Compatibility with Active Directory
-
-1: What is LDAP?
-
-A directory is a type of hierarchical database optimised for simple query
-operations, often used for storing user information. LDAP is the
-Lightweight Directory Access Protocol, a protocol which is rapidly
-becoming the Internet standard for accessing directories.
-
-Many client applications now support LDAP (including Microsoft's Active
-Directory), and there are a number of servers available. The most popular
-implementation for Unix is from the University of Michigan; its
-homepage is at http://www.umich.edu/~dirsvcs/ldap/.
-
-Information in an LDAP tree always comes in attribute=value pairs.
-The following is an example of a Samba user entry:
-
-uid=jbloggs, dc=samba, dc=org
-objectclass=sambaAccount
-uid=jbloggs
-cn=Joe Bloggs
-description=Samba User
-uidNumber=500
-gidNumber=500
-rid=2000
-grouprid=2001
-lmPassword=46E389809F8D55BB78A48108148AD508
-ntPassword=1944CCE1AD6F80D8AEC9FC5BE77696F4
-pwdLastSet=35C11F1B
-smbHome=\\samba1\jbloggs
-homeDrive=Z
-script=logon.bat
-profile=\\samba1\jbloggs\profile
-workstations=JOE
-
-Note that the top line is a special set of attributes called a
-distinguished name which identifies the location of this entry beneath
-the directory's root node. Recent Internet standards suggest the use of
-domain-based naming using dc attributes (for instance, a microsoft.com
-directory should have a root node of dc=microsoft, dc=com), although
-this is not strictly necessary for isolated servers.
-
-There are a number of LDAP-related FAQ's on the internet, although
-generally the best source of information is the documentation for the
-individual servers.
-
-2: Why LDAP and Samba?
-
-Using an LDAP directory allows Samba to store user and group information
-more reliably and flexibly than the current combination of smbpasswd,
-smbgroup, groupdb and aliasdb with the Unix databases. If a need emerges
-for extra user information to be stored, this can easily be added without
-loss of backwards compatibility.
-
-In addition, the Samba LDAP schema is compatible with RFC2307, allowing
-Unix password database information to be stored in the same entries. This
-provides a single, consistent repository for both Unix and Windows user
-information.
-
-3: Using LDAP with Samba
-
-1 Install and configure an LDAP server if you do not already have
-one. You should read your LDAP server's documentation and set up the
-configuration file and access control as desired.
-
-2 Build Samba (latest CVS is required) with:
-
- ./configure --with-ldap
- make clean; make install
-
-3 Add the following options to the global section of smb.conf as
-required.
-
-o ldap suffix
-
-This parameter specifies the node of the LDAP tree beneath which
-Samba should store its information. This parameter MUST be provided
-when using LDAP with Samba.
-
-Default: none
-
-Example: ldap suffix = "dc=mydomain, dc=org"
-
-o ldap bind as
-
-This parameter specifies the entity to bind to an LDAP directory as.
-Usually it should be safe to use the LDAP root account; for larger
-installations it may be preferable to restrict Samba's access.
-
-Default: none (bind anonymously)
-
-Example: ldap bind as = "uid=root, dc=mydomain, dc=org"
-
-o ldap passwd file
-
-This parameter specifies a file containing the password with which
-Samba should bind to an LDAP server. For obvious security reasons
-this file must be set to mode 700 or less.
-
-Default: none (bind anonymously)
-
-Example: ldap passwd file = /usr/local/samba/private/ldappasswd
-
-o ldap server
-
-This parameter specifies the DNS name of the LDAP server to use
-when storing and retrieving information about Samba users and
-groups.
-
-Default: ldap server = localhost
-
-o ldap port
-
-This parameter specifies the TCP port number of the LDAP server.
-
-Default: ldap port = 389
-
-4 You should then be able to use the normal smbpasswd(8) command for
-account administration (or User Manager in the near future).
-
-4: Using LDAP for Unix authentication
-
-The Samba LDAP code was designed to utilise RFC2307-compliant directory
-entries if available. RFC2307 is a proposed standard for LDAP user
-information which has been adopted by a number of vendors. Further
-information is available at http://www.xedoc.com.au/~lukeh/ldap/.
-
-Of particular interest is Luke Howard's nameservice switch module
-(nss_ldap) and PAM module (pam_ldap) implementing this standard, providing
-LDAP-based password databases for Unix. If you are setting up a server to
-provide integrated Unix/NT services than these are worth investigating.
-
-5: Compatibility with Active Directory
-
-The current implementation is not designed to be used with Microsoft
-Active Directory, although compatibility may be added in the future.
+++ /dev/null
-Date: February 26, 1999
-
-Subject: smbmount / smbmnt / smbumount
-=============================================================================
-
-The Samba-Team wishes to make known that the above programs are a part of
-the SMBFS software package for the Linux operating system. They are very
-definitely NOT part of Samba and are in general NOT supported by the
-Samba-Team.
-
-In repsonse to flames to comp.protocols.smb and to feedback to
-samba-bugs@samba.org we wish to place on record that the reason for which
-these programs have not received the attention that some folks expect
-from the Samba-Team is as stated above, they are NOT part of samba.
-
-Out of empathy for the Samba user base we have taken the liberty of
-including patched source code for the above "SMBFS package" utilities
-in the Samba tarball.
-
-Mike Warfield is temporary caretaker of SMBFS and may be contacted at
-mike@samba.org.
-
-In deference to the fact that these programs are NOT part of Samba
-the default binary packaging facilities included in the samba tarball
-do NOT automatically create the updates needed for the Linux 2.2.x
-kernel. If you require the updated smbmount / smbmnt / smbumount tools
-then it will be necessary to modify the samba2.spec file to include
-the --with-smbmount option to the samba "configure" script _AND_
-you will need to add these files to the appropriate locations in the "install"
-and "files" sections also. The platform specific RPM SPEC files that you
-will need to modify may be found under ~samba/packaging/"platform".
-
-The Samba-Team has considered the alternatives. These are:
- 1) Include all SMBFS code with Samba:
- - rejected because we do not have the resources to support it.
- - SMBFS is specific and limited to Linux
- 2) Just build the smbmount / smbmnt / smbumount binaries:
- - doing this will break RPM dependencies for the SMBFS package
- - this is not a good option either
- 3) Encourage people to use the "smbsh" utility that is part of samba
- and is being developed to replace the need for "SMBFS"
- - this is portable to platforms other than Linux
- - it allows each user to authenticate as themselves instead
- of allowing all users to use an SMB session that is
- authenticated as just one user.
-
-We have chosen the later and hope that our users will understand and support
-the decision that has been made.
-
-For and on behalf of the Samba-Team
-John H Terpstra
+++ /dev/null
-
-TITLE INFORMATION: rpcclient (1)
-AUTHOR INFORMATION: Samba SAMBA
-DATE INFORMATION: 23 Oct 1998
-
-NAME
-rpcclient - utility to manage MSRPC resources on servers
-
-SYNOPSIS
-
-rpcclient
-[password]
--S servername
-[-U [username][%][password]]
-[-W domain]
-[-l log basename]
-[-d debuglevel]
-[-O socket options]
-[-i scope]
-[-N]
-[-n NetBIOS name]
-[-h]
-[-I dest IP]
-[-E]
-[-t terminal code]
-[-c command string]
-[-B IP addr]
-[-s smb.conf]
-[-m max protocol]
-
-DESCRIPTION
-
-This program is part of the Samba suite.
-
-rpcclient is a client that can 'talk' to an SMB/CIFS MSRPC server.
-Operations include things like managing a SAM Database (users, groups
-and aliases) in the same way as the Windows NT programs
-User Manager for Domains and Server Manager for Domains;
-managing a remote registry in the same way as the Windows NT programs
-REGEDT32.EXE and REGEDIT.EXE; viewing a remote event log (same
-as EVENTVWR.EXE) etc.
-
-Typical usage is like this:
-
-rpcclient -I 192.168.32.1 -S "*SMBSERVER" -U fred%secret -l log
-
-OPTIONS
-
-o servername servername is the name of the server you want
-to use on the server. This should be the NetBIOS name of the SMB/CIFS
-server, which can be *SMBSERVER on Windows NT 4.0 or Samba Servers.
-
-Note that the server name required is NOT necessarily the IP (DNS)
-host name of the server! The name required is a NetBIOS server name,
-which may or may not be the same as the IP hostname of the machine
-running the server. Also, remember that having a period in a NetBIOS
-name (such as an IP hostname) may cause connectivity problems on your
-network: NT tends to strip NetBIOS names from the leading period
-onwards.
-
-The server name is looked up according to either the
--R parameter to rpcclient or using the
-name resolve order
-parameter in the smb.conf file, allowing an administrator to change
-the order and methods by which server names are looked up.
-
-o password password is the password required to access the
-specified service on the specified server. If this parameter is
-supplied, the -N option (suppress password prompt) is assumed.
-
-There is no default password. If no password is supplied on the
-command line (either by using this parameter or adding a password to
-the -U option (see below)) and the -N option is not specified,
-the client will prompt for a password, even if the desired service
-does not require one. (If no password is required, simply press ENTER
-to provide a null password.)
-
-Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password. Lowercase or mixed case passwords may be
-rejected by these servers.
-
-Be cautious about including passwords in scripts.
-
-o -s smb.conf This parameter specifies the pathname to the
-Samba configuration file, smb.conf. This file controls all aspects of
-the Samba setup on the machine and rpcclient also needs to read this
-file.
-
-o -B IP addr The IP address to use when sending a broadcast packet.
-
-o -O socket options TCP socket options to set on the client
-socket. See the socket options
-parameter in the smb.conf (5) manpage for
-the list of valid options.
-
-o -R name resolve order This option allows the user of
-rpcclient to determine what name resolution services to use when
-looking up the NetBIOS name of the host being connected to.
-
-The options are :"lmhosts", "host", "wins" and "bcast". They cause
-names to be resolved as follows :
-
-o lmhosts : Lookup an IP address in the Samba lmhosts file.
-The lmhosts file is stored in the same directory as the
-smb.conf file.
-
-o host : Do a standard host name to IP address resolution,
-using the system /etc/hosts, NIS, or DNS lookups. This method of name
-resolution is operating system depended for instance on IRIX or
-Solaris this may be controlled by the /etc/nsswitch.conf file).
-
-o wins : Query a name with the IP address listed in the wins
-server parameter in the smb.conf file. If
-no WINS server has been specified this method will be ignored.
-
-o bcast : Do a broadcast on each of the known local interfaces
-listed in the interfaces parameter
-in the smb.conf file. This is the least reliable of the name resolution
-methods as it depends on the target host being on a locally connected
-subnet. To specify a particular broadcast address the -B option
-may be used.
-
-If this parameter is not set then the name resolve order defined
-in the smb.conf file parameter
-(name resolve order)
-will be used.
-
-The default order is lmhosts, host, wins, bcast and without this
-parameter or any entry in the "name resolve
-order" parameter of the
-smb.conf file the name resolution methods
-will be attempted in this order.
-
-o -i scope This specifies a NetBIOS scope that rpcclient will use
-to communicate with when generating NetBIOS names. For details on the
-use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes
-are very rarely used, only set this parameter if you are the
-system administrator in charge of all the NetBIOS systems you
-communicate with.
-
-o -N If specified, this parameter suppresses the normal
-password prompt from the client to the user. This is useful when
-accessing a service that does not require a password.
-
-Unless a password is specified on the command line or this parameter
-is specified, the client will request a password.
-
-o -n NetBIOS name By default, the client will use the local
-machine's hostname (in uppercase) as its NetBIOS name. This parameter
-allows you to override the host name and use whatever NetBIOS name you
-wish.
-
-o -d debuglevel debuglevel is an integer from 0 to 10, or the
-letter 'A'.
-
-The default value if this parameter is not specified is zero.
-
-The higher this value, the more detail will be logged to the log files
-about the activities of the client. At level 0, only critical errors
-and serious warnings will be logged. Level 1 is a reasonable level for
-day to day running - it generates a small amount of information about
-operations carried out.
-
-Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic. If debuglevel is set to the
-letter 'A', then all debug messages will be printed. This setting
-is for developers only (and people who really want to know how the
-code works internally).
-
-Note that specifying this parameter here will override the log
-level parameter in the smb.conf
-(5) file.
-
-o -p port This number is the TCP port number that will be used
-when making connections to the server. The standard (well-known) TCP
-port number for an SMB/CIFS server is 139, which is the default.
-
-o -l logfilename If specified, logfilename specifies a base
-filename into which operational data from the running client will be
-logged.
-
-The default base name is specified at compile time.
-
-The base name is used to generate actual log file names. For example,
-if the name specified was "log", the debug file would be
-log.client.
-
-The log file generated is never removed by the client.
-
-o -h Print the usage message for the client.
-
-o -I IP address IP address is the address of the server to
-connect to. It should be specified in standard "a.b.c.d" notation.
-
-Normally the client would attempt to locate a named SMB/CIFS server by
-looking it up via the NetBIOS name resolution mechanism described
-above in the name resolve order parameter
-above. Using this parameter will force the client to assume that the
-server is on the machine with the specified IP address and the NetBIOS
-name component of the resource being connected to will be ignored.
-
-There is no default for this parameter. If not supplied, it will be
-determined automatically by the client as described above.
-
-o -E This parameter causes the client to write messages to the
-standard error stream (stderr) rather than to the standard output
-stream.
-
-By default, the client writes messages to standard output - typically
-the user's tty.
-
-Note that by default, debug information is always sent to stderr.
-Debug information can instead be sent to a file, using the
--l log basename option.
-
-o -U username This specifies the user name that will be used by
-the client to make a connection, assuming your server is not a downlevel
-server that is running a protocol level that uses passwords on shares,
-not on usernames.
-
-Some servers are fussy about the case of this name, and some insist
-that it must be a valid NetBIOS name.
-
-If no username is supplied, it will default to an uppercase version of
-the environment variable USER or LOGNAME in that order. If no
-username is supplied and neither environment variable exists the
-username "GUEST" will be used.
-
-If the USER environment variable contains a '%' character,
-everything after that will be treated as a password. This allows you
-to set the environment variable to be USER=username%password so
-that a password is not passed on the command line (where it may be
-seen by the ps command).
-
-If the service you are connecting to requires a password, it can be
-supplied using the -U option, by appending a percent symbol ("%")
-then the password to username. For example, to attach to a service as
-user "fred" with password "secret", you would specify.
-
--U fred%secret
-
-on the command line. Note that there are no spaces around the percent
-symbol.
-
-If you specify the password as part of username then the -N option
-(suppress password prompt) is assumed.
-
-If you specify the password as a parameter AND as part of username
-then the password as part of username will take precedence. Putting
-nothing before or nothing after the percent symbol will cause an empty
-username or an empty password to be used, respectively.
-
-The password may also be specified by setting up an environment
-variable called PASSWORD that contains the users password. Note
-that this may be very insecure on some systems but on others allows
-users to script rpcclient commands without having a password appear in
-the command line of a process listing.
-
-Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password. Lowercase or mixed case passwords may be
-rejected by these servers.
-
-Be cautious about including passwords in scripts or in the
-PASSWORD environment variable. Also, on many systems the command
-line of a running process may be seen via the ps command to be
-safe always allow rpcclient to prompt for a password and type it in
-directly.
-
-o -t terminal code This option tells rpcclient how to interpret
-filenames coming from the remote server. Usually Asian language
-multibyte UNIX implementations use different character sets than
-SMB/CIFS servers (EUC instead of SJIS for example). Setting
-this parameter will let rpcclient convert between the UNIX filenames
-and the SMB filenames correctly. This option has not been seriously
-tested and may have some problems.
-
-The terminal codes include sjis, euc, jis7, jis8,
-junet, hex, cap. This is not a complete list, check the
-Samba source code for the complete list.
-
-o -m max protocol level With the new code in Samba2.0,
-rpcclient always attempts to connect at the maximum
-protocols level the server supports. This parameter is
-preserved for backwards compatibility, but any string
-following the -m will be ignored.
-
-o -W Domain Override the default Domain, which is the remote server's
-Domain. This option may be needed to connect to some servers. It is also
-possible to specify the remote server name as the Domain, which will
-force the username and password to be authenticated against the remote
-server's local SAM instead of the Domain SAM.
-
-o -c command string command string is a semicolon separated
-list of commands to be executed instead of prompting from stdin.
--N is implied by -c.
-
-This is particularly useful in scripts, e.g. -c 'lsaquery; enumusers -u'.
-
-OPERATIONS
-
-Once the client is running, the user is presented with a prompt :
-
-smb:\>
-
-The prompt indicates that the client is ready and waiting to carry out
-a user command. Each command is a single word, optionally followed by
-parameters specific to that command. Command and parameters are
-space-delimited unless these notes specifically state otherwise. All
-commands are case-insensitive. Parameters to commands may or may not
-be case sensitive, depending on the command.
-
-You can specify names (e.g registry keys; user or group names;
-service names) which have spaces in them by quoting the
-name with double quotes, for example "dRMON SmartAgent".
-
-Parameters shown in square brackets (e.g., "[parameter]") are
-optional. If not given, the command will use suitable
-defaults. Parameters shown in angle brackets (e.g., "<parameter>") are
-required.
-
-Note that all commands operating on the server are actually performed
-by issuing a request to the server. Thus the behavior may vary from
-server to server, depending on how the server was implemented.
-
-The commands available are listed in groups relating to different services:
-
-o Misccellaneous
-
- o ? [command] If "command" is specified,
- the ? command will display a brief informative message about the
- specified command. If no command is specified, a list of available
- commands will be displayed.
-
- o ! [shell command] If "shell command"
- is specified, the ! command will execute a shell locally and run
- the specified shell command. If no command is specified, a local shell
- will be run.
-
- o exit Terminate the connection with the server and
- exit from the program.
-
- o help [command] See the ?
- command above.
-
- o quit See the exit command.
-
-o Event Log
-
- o eventlog
- list the events
-
-o Service Control
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for Service names, by pressing the
- tab key.
-
- o svcenum
- [-i] Lists Services Manager
-
- o svcinfo
- <service> Service Information
-
- o svcstart
- <service> [arg 0] [arg 1] ... Start Service
-
- o svcstop
- <service> Stop Service
-
-o Scheduler
-
- o at
- Scheduler control (at /? for syntax)
-
-o Registry
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for registry key and value names,
- by pressing the tab key.
-
- o regenum
- <keyname> Registry Enumeration (keys, values)
-
- o regdeletekey
- <keyname> Registry Key Delete
-
- o regcreatekey
- <keyname> [keyclass] Registry Key Create
-
- o shutdown
- [-m message] [-t timeout] [-r or --reboot] Server Shutdown
-
- o regqueryval
- <valname> Registry Value Query
-
- o regquerykey
- <keyname> Registry Key Query
-
- o regdeleteval
- <valname> Registry Value Delete
-
- o regcreateval
- <valname> <valtype> <value> Registry Key Create
-
- o reggetsec
- <keyname> Registry Key Security
-
- o regtestsec
- <keyname> Test Registry Key Security
-
-o Printing
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for Printer and job names, by
- pressing the tab key.
-
- o spoolenum
- Enumerate Printers
-
- o spooljobs
- <printer name> Enumerate Printer Jobs
-
- o spoolopen
- <printer name> Spool Printer Open Test
-
-o Server
-
- o time
- Display remote time
-
- o brsinfo
- Browser Query Info
-
- o wksinfo
- Workstation Query Info
-
- o srvinfo
- Server Query Info
-
- o srvsessions
- List sessions on a server
-
- o srvshares
- List shares on a server
-
- o srvtransports
- List transports on a server
-
- o srvconnections
- List connections on a server
-
- o srvfiles
- List files on a server
-
-o Local Security Authority
-
- o lsaquery
- Query Info Policy (domain member or server)
-
- o lsaenumdomains
- Enumerate Trusted Domains
-
- o lookupsids
- Resolve names from SIDs
-
- o lookupnames
- Resolve SIDs from names
-
- o querysecret
- LSA Query Secret (developer use)
-
-o NETLOGON
-
- o ntlogin
- [username] [password] NT Domain login test
-
- o domtrust
- <domain> NT Inter-Domain test
-
- o samsync
- SAM Synchronization Test (experimental)
-
-o SAM Database
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for user, group, alias and domain
- names, by pressing the tab key.
-
- o lookupdomain
- Obtain SID for a local domain
-
- o enumusers
- SAM User Database Query (experimental!)
-
- o addgroupmem
- <group rid> [user] [user] ... SAM Add Domain Group Member
-
- o addaliasmem
- <alias rid> [member sid1] [member sid2] ... SAM Add Domain Alias Member
-
- o delgroupmem
- <group rid> [user] [user] ... SAM Delete Domain Group Member
-
- o delaliasmem
- <alias rid> [member sid1] [member sid2] ... SAM Delete Domain Alias Member
-
- o creategroup
- SAM Create Domain Group
-
- o createalias
- SAM Create Domain Alias
-
- o createuser
- <username> SAM Create Domain User
-
- o delgroup
- SAM Delete Domain Group
-
- o delalias
- SAM Delete Domain Alias
-
- o ntpass
- NT SAM Password Change
-
- o samuserset2
- <username> [-s acb_bits] SAM User Set Info 2 (experimental!)
-
- o samuserset
- <username> [-p password] SAM User Set Info (experimental!)
-
- o samuser
- <username> SAM User Query (experimental!)
-
- o samgroup
- <groupname> SAM Group Query (experimental!)
-
- o samalias
- <aliasname> SAM Alias Query
-
- o samaliasmem
- <aliasname> SAM Alias Members
-
- o samgroupmem
- SAM Group Members
-
- o samtest
- SAM User Encrypted RPC test (experimental!)
-
- o enumaliases
- SAM Aliases Database Query (experimental!)
-
- o enumdomains
- SAM Domains Database Query (experimental!)
-
- o enumgroups
- SAM Group Database Query (experimental!)
-
- o dominfo
- SAM Query Domain Info
-
- o dispinfo
- SAM Query Display Info
-
-NOTES
-
-Some servers are fussy about the case of supplied usernames,
-passwords, share names (AKA service names) and machine names. If you
-fail to connect try giving all parameters in uppercase.
-
-It is often necessary to use the -n option when connecting
-to some types of servers. For example OS/2 LanManager insists on a valid
-NetBIOS name being used, so you need to supply a valid name that would
-be known to the server.
-
-rpcclient only works on servers that support MSRPC over SMB. This includes
-all versions of Windows NT, including the ports to Unix such as AS/U and
-AFPS. Support for MSRPC over SMB in other servers is currently rare and
-patchy, for example Samba 2.0 only supports a limited set of MSRPC commands,
-and some of those are not supported very well.
-
-ENVIRONMENT VARIABLES
-
-The variable USER may contain the username of the person using the
-client. This information is used only if the protocol level is high
-enough to support session-level passwords.
-
-The variable PASSWORD may contain the password of the person using
-the client. This information is used only if the protocol level is
-high enough to support session-level passwords.
-
-INSTALLATION
-
-The location of the client program is a matter for individual system
-administrators. The following are thus suggestions only.
-
-It is recommended that the rpcclient software be installed in the
-/usr/local/samba/bin or /usr/samba/bin directory, this directory
-readable by all, writeable only by root. The client program itself
-should be executable by all. The client should NOT be setuid or
-setgid!
-
-The client log files should be put in a directory readable and
-writeable only by the user.
-
-To test the client, you will need to know the name of a running
-SMB/CIFS server. It is possible to run smbd (8)
-an ordinary user - running that server as a daemon on a
-user-accessible port (typically any port number over 1024) would
-provide a suitable test server.
-
-DIAGNOSTICS
-
-Most diagnostics issued by the client are logged in a specified log
-file. The log file name is specified at compile time, but may be
-overridden on the command line.
-
-The number and nature of diagnostics available depends on the debug
-level used by the client. If you have problems, set the debug level to
-3 and peruse the log files.
-
-VERSION
-
-This man page is correct for version 2.0 of the Samba suite.
-
-BUGS
-
-o WARNING!
-The MSPRC over SMB code has been developed from examining Network traces.
-No documentation is available from the original creators (Microsoft) on
-how MSRPC over SMB works, or how the individual MSRPC services work.
-Microsoft's implementation of these services has been demonstrated (and
-reported) to be... a bit flakey in places.
-
-The development of Samba's implementation of these services is also
-a bit rough, and as more of the services are understood, it can even result
-in versions of smbd (8) and rpcclient that are
-incompatible for some commands or services. Additionally, the developers
-are sending reports to Microsoft, and problems found by or reported to
-Microsoft are fixed in Service Packs, which may also result in
-incompatibilities.
-
-It is therefore not guaranteed that the execution of an rpcclient command will
-work. It is also not guaranteed that the target server will continue to
-operate, i.e the execution of an MSRPC command may cause a remote service to
-fail, or even cause the remote server to fail. Usual rules apply, of course:
-the developers bear absolutely no responsibility for the use, misuse, or
-lack of use of rpcclient, by any person or persons, whether legal,
-illegal, accidental, deliberate, intentional, malicious, curious, etc.
-
-o Command Completion
-Command-completion (available if you have the GNU readline library) used on
-certain commands may not operate correctly if the word being completed (such as a registry key) contains a space. Typically, the name will be completed, but
-you will have to go back and put quotes round it, yourself.
-
-o SAM Database command-completion
-Command-completion (available if you have the GNU readline library) of user,
-group and alias names does not work on remote Domains, which would normally
-be specified like this:
-
-DOMAIN_name\\user_name.
-
-The only names that can be completed in this fashion are the local names
-in the SAM database of the target server.
-
-AUTHOR
-
-The original Samba software and related utilities were created by
-Andrew Tridgell samba-bugs@samba.org. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/)
-and updated for the Samba2.0 release by Jeremy Allison. This man page
-was developed cut-and-paste style from the smbclient man page, by
-Luke Kenneth Casson Leighton.
-samba-bugs@samba.org.
-
-See samba (7) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
+++ /dev/null
-mailto(samba-bugs@samba.org)
-article(LDAP Support in Samba)(Matthew Chapman)(29th November 1998
-htmltag(p)(1) htmltag(hr)(1) htmltag(h2)(1)
-WARNING: This is experimental code. Use at your own risk, and please report
-any bugs (after reading BUGS.txt).
-htmltag(h2)(0) htmltag(br)(1)
-)
-redef(PARAGRAPH)(0)(htmlcommand(<p>
-) txtcommand(
-
-))
-
-sect(What is LDAP?)
-A directory is a type of hierarchical database optimised for simple query
-operations, often used for storing user information. LDAP is the
-Lightweight Directory Access Protocol, a protocol which is rapidly
-becoming the Internet standard for accessing directories.
-
-Many client applications now support LDAP (including Microsoft's Active
-Directory), and there are a number of servers available. The most popular
-implementation for Unix is from the em(University of Michigan); its
-homepage is at url(tt(http://www.umich.edu/~dirsvcs/ldap/))(http://www.umich.edu/~dirsvcs/ldap/).
-
-Information in an LDAP tree always comes in tt(attribute=value) pairs.
-The following is an example of a Samba user entry:
-
-verb(uid=jbloggs, dc=samba, dc=org
-objectclass=sambaAccount
-uid=jbloggs
-cn=Joe Bloggs
-description=Samba User
-uidNumber=500
-gidNumber=500
-rid=2000
-grouprid=2001
-lmPassword=46E389809F8D55BB78A48108148AD508
-ntPassword=1944CCE1AD6F80D8AEC9FC5BE77696F4
-pwdLastSet=35C11F1B
-smbHome=\\samba1\jbloggs
-homeDrive=Z
-script=logon.bat
-profile=\\samba1\jbloggs\profile
-workstations=JOE)
-
-Note that the top line is a special set of attributes called a
-em(distinguished name) which identifies the location of this entry beneath
-the directory's root node. Recent Internet standards suggest the use of
-domain-based naming using tt(dc) attributes (for instance, a microsoft.com
-directory should have a root node of tt(dc=microsoft, dc=com)), although
-this is not strictly necessary for isolated servers.
-
-There are a number of LDAP-related FAQ's on the internet, although
-generally the best source of information is the documentation for the
-individual servers.
-
-
-nl()
-sect(Why LDAP and Samba?)
-
-Using an LDAP directory allows Samba to store user and group information
-more reliably and flexibly than the current combination of smbpasswd,
-smbgroup, groupdb and aliasdb with the Unix databases. If a need emerges
-for extra user information to be stored, this can easily be added without
-loss of backwards compatibility.
-
-In addition, the Samba LDAP schema is compatible with RFC2307, allowing
-Unix password database information to be stored in the same entries. This
-provides a single, consistent repository for both Unix and Windows user
-information.
-
-
-nl()
-sect(Using LDAP with Samba)
-
-starteit()
-
-eit() Install and configure an LDAP server if you do not already have
-one. You should read your LDAP server's documentation and set up the
-configuration file and access control as desired.
-
-eit() Build Samba (latest CVS is required) with:
-
-verb( ./configure --with-ldap
- make clean; make install)
-
-eit() Add the following options to the global section of tt(smb.conf) as
-required.
-
-startdit()
-dit(ldap suffix)
-
-This parameter specifies the node of the LDAP tree beneath which
-Samba should store its information. This parameter MUST be provided
-when using LDAP with Samba.
-
- bf(Default:) tt(none)
-
- bf(Example:) tt(ldap suffix = "dc=mydomain, dc=org")
-
-dit(ldap bind as)
-
-This parameter specifies the entity to bind to an LDAP directory as.
-Usually it should be safe to use the LDAP root account; for larger
-installations it may be preferable to restrict Samba's access.
-
- bf(Default:) tt(none (bind anonymously))
-
- bf(Example:) tt(ldap bind as = "uid=root, dc=mydomain, dc=org")
-
-dit(ldap passwd file)
-
-This parameter specifies a file containing the password with which
-Samba should bind to an LDAP server. For obvious security reasons
-this file must be set to mode 700 or less.
-
- bf(Default:) tt(none (bind anonymously))
-
- bf(Example:) tt(ldap passwd file = /usr/local/samba/private/ldappasswd)
-
-dit(ldap server)
-
-This parameter specifies the DNS name of the LDAP server to use
-when storing and retrieving information about Samba users and
-groups.
-
- bf(Default:) tt(ldap server = localhost)
-
-dit(ldap port)
-
-This parameter specifies the TCP port number of the LDAP server.
-
- bf(Default:) tt(ldap port = 389)
-
-enddit()
-
-eit() You should then be able to use the normal smbpasswd(8) command for
-account administration (or User Manager in the near future).
-
-endeit()
-
-
-nl()
-sect(Using LDAP for Unix authentication)
-
-The Samba LDAP code was designed to utilise RFC2307-compliant directory
-entries if available. RFC2307 is a proposed standard for LDAP user
-information which has been adopted by a number of vendors. Further
-information is available at url(tt(http://www.xedoc.com.au/~lukeh/ldap/))(http://www.xedoc.com.au/~lukeh/ldap).
-
-Of particular interest is Luke Howard's nameservice switch module
-(nss_ldap) and PAM module (pam_ldap) implementing this standard, providing
-LDAP-based password databases for Unix. If you are setting up a server to
-provide integrated Unix/NT services than these are worth investigating.
-
-
-nl()
-sect(Compatibility with Active Directory)
-
-The current implementation is not designed to be used with Microsoft
-Active Directory, although compatibility may be added in the future.
-
+++ /dev/null
-mailto(samba-bugs@samba.org)
-
-IFDEF(html)\
-(manpage(htmlcommand(debug2html(1)))(1)(29 Dec 1998)(Samba)(SAMBA))\
-(manpage(debug2html)(1)(29 Dec 1998)(Samba)(SAMBA))
-
-label(NAME)
-manpagename(debug2html)(Samba DEBUG to HTML translation filter)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-debug2html [input-file [output-file]]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(debug2html) generates HTML files from Samba log files. Log files
-produced by bf(nmbd)(8) or bf(smbd)(8) may then be viewed by a web
-browser. The output conforms to the HTML 3.2 specification.
-
-The filenames specified on the command line are optional. If the
-output-file is ommitted, output will go to bf(stdout). If the input-file
-is ommitted, bf(debug2html) will read from bf(stdin). The filename "-"
-can be used to indicate that input should be read from bf(stdin). For
-example:
-
-tt(cat /usr/local/samba/var/log.nmb | debug2html - nmblog.html) nl()
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(SEEALSO)
-manpageseealso()
-
-url(bf(nmbd)(8))(nmbd.8.html), url(bf(smbd)(8))(smbd.8.html),
-url(bf(samba)(7))(samba.7.html).
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba-bugs@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison.
-email(samba-bugs@samba.org).
-
-bf(debug2html) was added by Chris Hertel.
-
-See url(bf(samba)(7))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
+++ /dev/null
-mailto(samba-bugs@samba.org)
-
-manpage(rpcclient htmlcommand((1)))(1)(23 Oct 1998)(Samba)(SAMBA)
-
-label(NAME)
-manpagename(rpcclient)(utility to manage MSRPC resources on servers)
-
-label(SYNOPSIS)
-manpagesynopsis()
-
-bf(rpcclient)
-[link(password)(password)]
-link(-S servername)(servername)
-[link(-U [username][%][password])(minusU)]
-[link(-W domain)(minusW)]
-[link(-l log basename)(minusl)]
-[link(-d debuglevel)(minusd)]
-[link(-O socket options)(minusO)]
-[link(-i scope)(minusi)]
-[link(-N)(minusN)]
-[link(-n NetBIOS name)(minusn)]
-[link(-h)(minush)]
-[link(-I dest IP)(minusI)]
-[link(-E)(minusE)]
-[link(-t terminal code)(minust)]
-[link(-c command string)(minusc)]
-[link(-B IP addr)(minusB)]
-[link(-s smb.conf)(minuss)]
-[link(-m max protocol)(minusm)]
-
-label(DESCRIPTION)
-manpagedescription()
-
-This program is part of the bf(Samba) suite.
-
-bf(rpcclient) is a client that can 'talk' to an SMB/CIFS MSRPC server.
-Operations include things like managing a SAM Database (users, groups
-and aliases) in the same way as the Windows NT programs
-bf(User Manager for Domains) and bf(Server Manager for Domains);
-managing a remote registry in the same way as the Windows NT programs
-bf(REGEDT32.EXE) and bf(REGEDIT.EXE); viewing a remote event log (same
-as bf(EVENTVWR.EXE)) etc.
-
-Typical usage is like this: nl()
-tt(rpcclient -I 192.168.32.1 -S "*SMBSERVER" -U fred%secret -l log)
-nl()
-
-bf(rpcclient) is em(not) suitable for usage on single-user systems
-such as Windows 9X, as Windows 9X does not support MSRPC services.
-Therefore, if you have problems using bf(rpcclient) with Windows 9X,
-we don't want to hear about it.
-
-label(OPTIONS)
-manpageoptions()
-
-startdit()
-
-label(servername)
-dit(bf(servername)) servername is the name of the server you want
-to use on the server. This should be the NetBIOS name of the SMB/CIFS
-server, which can be bf(*SMBSERVER) on Windows NT 4.0 or Samba Servers.
-
-Note that the server name required is NOT necessarily the IP (DNS)
-host name of the server! The name required is a NetBIOS server name,
-which may or may not be the same as the IP hostname of the machine
-running the server. Also, remember that having a period in a NetBIOS
-name (such as an IP hostname) may cause connectivity problems on your
-network: NT tends to strip NetBIOS names from the leading period
-onwards.
-
-The server name is looked up according to either the
-link(bf(-R))(minusR) parameter to bf(rpcclient) or using the
-url(bf(name resolve order))(smb.conf.5.html#nameresolveorder)
-parameter in the smb.conf file, allowing an administrator to change
-the order and methods by which server names are looked up.
-
-label(password)
-dit(bf(password)) password is the password required to access the
-specified service on the specified server. If this parameter is
-supplied, the link(bf(-N))(minusN) option (suppress password prompt) is assumed.
-
-There is no default password. If no password is supplied on the
-command line (either by using this parameter or adding a password to
-the link(bf(-U))(minusU) option (see below)) and the link(bf(-N))(minusN) option is not specified,
-the client will prompt for a password, even if the desired service
-does not require one. (If no password is required, simply press ENTER
-to provide a null password.)
-
-Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password. Lowercase or mixed case passwords may be
-rejected by these servers.
-
-Be cautious about including passwords in scripts.
-
-label(minuss)
-dit(bf(-s smb.conf)) This parameter specifies the pathname to the
-Samba configuration file, smb.conf. This file controls all aspects of
-the Samba setup on the machine and rpcclient also needs to read this
-file.
-
-label(minusB)
-dit(bf(-B IP addr)) The IP address to use when sending a broadcast packet.
-
-label(minusO)
-dit(bf(-O socket options)) TCP socket options to set on the client
-socket. See the url(socket options)(smb.conf.5.html#socketoptions)
-parameter in the url(bf(smb.conf (5)))(smb.conf.5.html) manpage for
-the list of valid options.
-
-label(minusR)
-dit(bf(-R name resolve order)) This option allows the user of
-rpcclient to determine what name resolution services to use when
-looking up the NetBIOS name of the host being connected to.
-
-The options are :"lmhosts", "host", "wins" and "bcast". They cause
-names to be resolved as follows :
-
-startit()
-
-it() bf(lmhosts) : Lookup an IP address in the Samba lmhosts file.
-The lmhosts file is stored in the same directory as the
-url(bf(smb.conf))(smb.conf.5.html) file.
-
-it() bf(host) : Do a standard host name to IP address resolution,
-using the system /etc/hosts, NIS, or DNS lookups. This method of name
-resolution is operating system depended for instance on IRIX or
-Solaris this may be controlled by the em(/etc/nsswitch.conf) file).
-
-it() bf(wins) : Query a name with the IP address listed in the url(bf(wins
-server))(smb.conf.5.html#winsserver) parameter in the smb.conf file. If
-no WINS server has been specified this method will be ignored.
-
-it() bf(bcast) : Do a broadcast on each of the known local interfaces
-listed in the url(bf(interfaces))(smb.conf.5.html#interfaces) parameter
-in the smb.conf file. This is the least reliable of the name resolution
-methods as it depends on the target host being on a locally connected
-subnet. To specify a particular broadcast address the link(bf(-B))(minusB) option
-may be used.
-
-endit()
-
-If this parameter is not set then the name resolve order defined
-in the url(bf(smb.conf))(smb.conf.5.html) file parameter
-url((bf(name resolve order)))(smb.conf.5.html#nameresolveorder)
-will be used.
-
-The default order is lmhosts, host, wins, bcast and without this
-parameter or any entry in the url(bf("name resolve
-order"))(smb.conf.5.html#nameresolveorder) parameter of the
-url(bf(smb.conf))(smb.conf.5.html) file the name resolution methods
-will be attempted in this order.
-
-label(minusi)
-dit(bf(-i scope)) This specifies a NetBIOS scope that rpcclient will use
-to communicate with when generating NetBIOS names. For details on the
-use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes
-are em(very) rarely used, only set this parameter if you are the
-system administrator in charge of all the NetBIOS systems you
-communicate with.
-
-label(minusN)
-dit(bf(-N)) If specified, this parameter suppresses the normal
-password prompt from the client to the user. This is useful when
-accessing a service that does not require a password.
-
-Unless a password is specified on the command line or this parameter
-is specified, the client will request a password.
-
-label(minusn)
-dit(bf(-n NetBIOS name)) By default, the client will use the local
-machine's hostname (in uppercase) as its NetBIOS name. This parameter
-allows you to override the host name and use whatever NetBIOS name you
-wish.
-
-label(minusd)
-dit(bf(-d debuglevel)) debuglevel is an integer from 0 to 10, or the
-letter 'A'.
-
-The default value if this parameter is not specified is zero.
-
-The higher this value, the more detail will be logged to the log files
-about the activities of the client. At level 0, only critical errors
-and serious warnings will be logged. Level 1 is a reasonable level for
-day to day running - it generates a small amount of information about
-operations carried out.
-
-Levels above 1 will generate considerable amounts of log data, and
-should only be used when investigating a problem. Levels above 3 are
-designed for use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic. If debuglevel is set to the
-letter 'A', then em(all) debug messages will be printed. This setting
-is for developers only (and people who em(really) want to know how the
-code works internally).
-
-Note that specifying this parameter here will override the url(bf(log
-level))(smb.conf.5.html#loglevel) parameter in the url(bf(smb.conf
-(5)))(smb.conf.5.html) file.
-
-label(minusp)
-dit(bf(-p port)) This number is the TCP port number that will be used
-when making connections to the server. The standard (well-known) TCP
-port number for an SMB/CIFS server is 139, which is the default.
-
-label(minusl)
-dit(bf(-l logfilename)) If specified, logfilename specifies a base
-filename into which operational data from the running client will be
-logged.
-
-The default base name is specified at compile time.
-
-The base name is used to generate actual log file names. For example,
-if the name specified was "log", the debug file would be
-tt(log.client).
-
-The log file generated is never removed by the client.
-
-label(minush)
-dit(bf(-h)) Print the usage message for the client.
-
-label(minusI)
-dit(bf(-I IP address)) IP address is the address of the server to
-connect to. It should be specified in standard "a.b.c.d" notation.
-
-Normally the client would attempt to locate a named SMB/CIFS server by
-looking it up via the NetBIOS name resolution mechanism described
-above in the link(bf(name resolve order))(minusR) parameter
-above. Using this parameter will force the client to assume that the
-server is on the machine with the specified IP address and the NetBIOS
-name component of the resource being connected to will be ignored.
-
-There is no default for this parameter. If not supplied, it will be
-determined automatically by the client as described above.
-
-label(minusE)
-dit(bf(-E)) This parameter causes the client to write messages to the
-standard error stream (stderr) rather than to the standard output
-stream.
-
-By default, the client writes messages to standard output - typically
-the user's tty.
-
-Note that by default, debug information is always sent to stderr.
-Debug information can instead be sent to a file, using the
-link(-l log basename)(minusl) option.
-
-label(minusU)
-dit(bf(-U username)) This specifies the user name that will be used by
-the client to make a connection, assuming your server is not a downlevel
-server that is running a protocol level that uses passwords on shares,
-not on usernames.
-
-Some servers are fussy about the case of this name, and some insist
-that it must be a valid NetBIOS name.
-
-If no username is supplied, it will default to an uppercase version of
-the environment variable tt(USER) or tt(LOGNAME) in that order. If no
-username is supplied and neither environment variable exists the
-username "GUEST" will be used.
-
-If the tt(USER) environment variable contains a '%' character,
-everything after that will be treated as a password. This allows you
-to set the environment variable to be tt(USER=username%password) so
-that a password is not passed on the command line (where it may be
-seen by the ps command).
-
-If the service you are connecting to requires a password, it can be
-supplied using the link(bf(-U))(minusU) option, by appending a percent symbol ("%")
-then the password to username. For example, to attach to a service as
-user tt("fred") with password tt("secret"), you would specify. nl()
-
-tt(-U fred%secret) nl()
-
-on the command line. Note that there are no spaces around the percent
-symbol.
-
-If you specify the password as part of username then the link(bf(-N))(minusN) option
-(suppress password prompt) is assumed.
-
-If you specify the password as a parameter em(AND) as part of username
-then the password as part of username will take precedence. Putting
-nothing before or nothing after the percent symbol will cause an empty
-username or an empty password to be used, respectively.
-
-The password may also be specified by setting up an environment
-variable called tt(PASSWORD) that contains the users password. Note
-that this may be very insecure on some systems but on others allows
-users to script rpcclient commands without having a password appear in
-the command line of a process listing.
-
-Note: Some servers (including OS/2 and Windows for Workgroups) insist
-on an uppercase password. Lowercase or mixed case passwords may be
-rejected by these servers.
-
-Be cautious about including passwords in scripts or in the
-tt(PASSWORD) environment variable. Also, on many systems the command
-line of a running process may be seen via the tt(ps) command to be
-safe always allow rpcclient to prompt for a password and type it in
-directly.
-
-label(minust)
-dit(bf(-t terminal code)) This option tells rpcclient how to interpret
-filenames coming from the remote server. Usually Asian language
-multibyte UNIX implementations use different character sets than
-SMB/CIFS servers (em(EUC) instead of em(SJIS) for example). Setting
-this parameter will let rpcclient convert between the UNIX filenames
-and the SMB filenames correctly. This option has not been seriously
-tested and may have some problems.
-
-The terminal codes include tt(sjis), tt(euc), tt(jis7), tt(jis8),
-tt(junet), tt(hex), tt(cap). This is not a complete list, check the
-Samba source code for the complete list.
-
-label(minusm)
-dit(bf(-m max protocol level)) With the new code in Samba2.0,
-bf(rpcclient) always attempts to connect at the maximum
-protocols level the server supports. This parameter is
-preserved for backwards compatibility, but any string
-following the bf(-m) will be ignored.
-
-label(minusW)
-dit(bf(-W Domain)) Override the default Domain, which is the remote server's
-Domain. This option may be needed to connect to some servers. It is also
-possible to specify the remote server name as the Domain, which will
-force the username and password to be authenticated against the remote
-server's local SAM instead of the Domain SAM.
-
-label(minusc)
-dit(bf(-c command string)) command string is a semicolon separated
-list of commands to be executed instead of prompting from stdin.
-link(bf(-N))(minusN) is implied by bf(-c).
-
-This is particularly useful in scripts, e.g. tt(-c 'lsaquery; enumusers -u').
-
-enddit()
-
-label(OPERATIONS)
-manpagesection(OPERATIONS)
-
-Once the client is running, the user is presented with a prompt :
-
-tt(smb:\>)
-
-The prompt indicates that the client is ready and waiting to carry out
-a user command. Each command is a single word, optionally followed by
-parameters specific to that command. Command and parameters are
-space-delimited unless these notes specifically state otherwise. All
-commands are case-insensitive. Parameters to commands may or may not
-be case sensitive, depending on the command.
-
-You can specify names (e.g registry keys; user or group names;
-service names) which have spaces in them by quoting the
-name with double quotes, for example "dRMON SmartAgent".
-
-Parameters shown in square brackets (e.g., "[parameter]") are
-optional. If not given, the command will use suitable
-defaults. Parameters shown in angle brackets (e.g., "<parameter>") are
-required.
-
-Note that all commands operating on the server are actually performed
-by issuing a request to the server. Thus the behavior may vary from
-server to server, depending on how the server was implemented.
-
-The commands available are listed in groups relating to different services:
-
-startdit()
-
-dit(Misccellaneous)
-
- startdit()
-
- label(questionmark) dit(bf(? [command])) If "command" is specified,
- the bf(?) command will display a brief informative message about the
- specified command. If no command is specified, a list of available
- commands will be displayed.
-
- label(exclaimationmark) dit(bf(! [shell command])) If "shell command"
- is specified, the bf(!) command will execute a shell locally and run
- the specified shell command. If no command is specified, a local shell
- will be run.
-
- label(exit) dit(bf(exit)) Terminate the connection with the server and
- exit from the program.
-
- label(help) dit(bf(help [command])) See the link(bf(?))(questionmark)
- command above.
-
- label(quit) dit(bf(quit)) See the link(bf(exit))(exit) command.
-
- enddit()
-
-dit(Event Log)
-
- startdit()
-
- label(eventlog) dit(bf(eventlog))
- list the events
-
- enddit()
-
-dit(Service Control)
-
- These commands provide functionality similar to the Windows
- NT Service Control Manager.
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for Service names, by pressing the
- tab key.
-
- startdit()
-
- label(svcenum) dit(bf(svcenum))
- [-i] Lists Services.
-
- label(svcinfo) dit(bf(svcinfo))
- <service> Service Information
-
- label(svcstart) dit(bf(svcstart))
- <service> [arg 0] [arg 1] ... Start Service
-
- label(svcstop) dit(bf(svcstop))
- <service> Stop Service
-
- enddit()
-
-dit(Scheduler)
-
- startdit()
-
- label(at) dit(bf(at))
- Scheduler control (at /? for syntax)
-
- enddit()
-
-dit(Registry)
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for registry key and value names,
- by pressing the tab key.
-
- startdit()
-
- label(regenum) dit(bf(regenum))
- <keyname> Registry Enumeration (keys, values)
-
- label(regdeletekey) dit(bf(regdeletekey))
- <keyname> Registry Key Delete
-
- label(regcreatekey) dit(bf(regcreatekey))
- <keyname> [keyclass] Registry Key Create
-
- label(shutdown) dit(bf(shutdown))
- [-m message] [-t timeout] [-r or --reboot] Server Shutdown
-
- label(regqueryval) dit(bf(regqueryval))
- <valname> Registry Value Query
-
- label(regquerykey) dit(bf(regquerykey))
- <keyname> Registry Key Query
-
- label(regdeleteval) dit(bf(regdeleteval))
- <valname> Registry Value Delete
-
- label(regcreateval) dit(bf(regcreateval))
- <valname> <valtype> <value> Registry Key Create
-
- label(reggetsec) dit(bf(reggetsec))
- <keyname> Registry Key Security
-
- label(regtestsec) dit(bf(regtestsec))
- <keyname> Test Registry Key Security
-
- enddit()
-
-dit(Printing)
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for Printer and job names, by
- pressing the tab key.
-
- startdit()
-
- label(spoolenum) dit(bf(spoolenum))
- Enumerate Printers. This experimental command lists
- all printers available on a remote spooler service.
-
- label(spooljobs) dit(bf(spooljobs))
- <printer name> Enumerate Printer Jobs. This
- experimental command lists all jobs, and their
- status, currently queued on a remote spooler
- service.
-
- label(spoolopen) dit(bf(spoolopen))
- <printer name> Spool Printer Open Test. Experimental.
-
- enddit()
-
-dit(Server)
-
- startdit()
-
- label(time) dit(bf(time))
- Display remote time
-
- label(brsinfo) dit(bf(brsinfo))
- Browser Query Info
-
- label(wksinfo) dit(bf(wksinfo))
- Workstation Query Info
-
- label(srvinfo) dit(bf(srvinfo))
- Server Query Info
-
- label(srvsessions) dit(bf(srvsessions))
- List sessions on a server
-
- label(srvshares) dit(bf(srvshares))
- List shares on a server
-
- label(srvtransports) dit(bf(srvtransports))
- List transports on a server
-
- label(srvconnections) dit(bf(srvconnections))
- List connections on a server
-
- label(srvfiles) dit(bf(srvfiles))
- List files on a server
-
- enddit()
-
-dit(Local Security Authority)
-
- startdit()
-
- label(lsaquery) dit(bf(lsaquery))
- Query Info Policy (domain member or server). Obtains
- the SID and name of the SAM database that a server
- is responsible for (i.e a workstation's local SAM
- database or the PDC SAM database). Also obtains the
- SID and name of the SAM database that a server is
- a member of.
-
- label(lsaenumdomains) dit(bf(lsaenumdomains))
- Enumerate Trusted Domains. Lists all Trusted and
- Trusting Domains with which the remote PDC has
- trust relationships established.
-
- label(lookupsids) dit(bf(lookupsids))
- <rid1 or sid1> <rid1 or sid2> ... Resolve names from SIDs.
- Mostly to be used by developers or for troubleshooting,
- this command can take either Security Identifiers or Relative
- Identifiers, and look them up in the local SAM database
- (or look them up in a remote Trusting or Trusted PDC's SAM
- database if there is an appropriate Trust Relationship
- established). The result is a list of names, of the
- format: nl()
- tt([TRUST_DOMAIN\]name). nl()
- the link(bf(lsaquery))(lsaquery) command must have been
- issued first if you wish to use lookupsids to resolve
- RIDs. The only RIDs that will be resolved will be those
- in the SAM database of the server to which you are connected.
-
- label(lookupnames) dit(bf(lookupnames))
- <name1> <name2> ... Resolve SIDs from names.
- Mostly to be used by developers or for troubleshooting,
- this command can take names of the following format: nl()
- tt([DOMAIN_NAME\]name). nl()
- The names, which can be user, group or alias names, will
- either be looked up in the local SAM database or in a remote
- Trusting or Trusted PDC's SAM database, if there is an
- appropriate Trust Relationship established. The optional
- Domain name component is the name of a SAM database, which
- can include a workstation's local SAM database or a Trusted
- Domain.
- Example Usage: nl()
- tt(lookupnames WKSTANAME\Administrator "Domain Guests") nl()
-
- label(querysecret) dit(bf(querysecret))
- LSA Query Secret (developer use). This command only appears
- to work against NT4 SP3 and below. Due to its potential
- for misuse, it looks like Microsoft modified their
- implementation of the LsaRetrievePrivateData call to
- always return NT_STATUS_ACCESS_DENIED.
-
- enddit()
-
-dit(NETLOGON)
-
- startdit()
-
- label(ntlogin) dit(bf(ntlogin))
- [username] [password] NT Domain login test. Demonstrates
- how NT-style logins work. Mainly for developer usage,
- it can also be used to verify that a user can log in
- from a workstation. If you cannot ever get pam_ntdom
- to work, try this command first.
-
- label(domtrust) dit(bf(domtrust))
- <domain> NT Inter-Domain test. Demonstrates how NT-style
- Inter-Domain Trust relationships work. Mainly for
- developer usage, it can also be used to verify that a
- Trust Relationship is correctly established with a
- remote PDC.
-
- label(samsync) dit(bf(samsync))
- SAM Synchronisation Test (experimental). This command
- is used to manually synchronise a SAM database from a
- remote PDC, when Samba is set up as a Backup Domain
- Controller.
-
- enddit()
-
-dit(SAM Database)
-
- The SAM Database holds user, group and alias information.
- The commands listed below allow operations such as adding
- user accounts and changing their password; listing known
- Domains; listing user, group and alias accounts; listing the
- members of groups and aliases; adding or removing members
- from groups and aliases.
-
- The commands that make changes are protected by Access Control
- permissions on the remote server. You will therefore need to
- be in the right NT group in order to perform certain operations.
- If you find that a command fails with an NT_STATUS_ACCESS_DENIED
- error and you think you should be able to perform that command,
- talk to your Administrator: your username is probably not in the
- correct NT alias or group (e.g Account Operators; Domain Admin).
-
- The commands that view information usually require less
- user privileges. However, a particular remote server may be
- configured with better security settings, so a command that
- succeeds on one server may not succeed on another.
-
- It is possible to use command-line completion (if you have
- the GNU readline library) for user, group, alias and domain
- names, by pressing the tab key.
-
- startdit()
-
- label(lookupdomain) dit(bf(lookupdomain))
- Obtain SID for a local domain
-
- label(enumusers) dit(bf(enumusers))
- SAM User Database Query (experimental!)
-
- label(addgroupmem) dit(bf(addgroupmem))
- <group rid> [user] [user] ... SAM Add Domain Group Member
-
- label(addaliasmem) dit(bf(addaliasmem))
- <alias rid> [member sid1] [member sid2] ... SAM Add Domain Alias Member
-
- label(delgroupmem) dit(bf(delgroupmem))
- <group rid> [user] [user] ... SAM Delete Domain Group Member
-
- label(delaliasmem) dit(bf(delaliasmem))
- <alias rid> [member sid1] [member sid2] ... SAM Delete Domain Alias Member
-
- label(creategroup) dit(bf(creategroup))
- SAM Create Domain Group
-
- label(createalias) dit(bf(createalias))
- SAM Create Domain Alias
-
- label(createuser) dit(bf(createuser))
- <username> SAM Create Domain User
-
- label(delgroup) dit(bf(delgroup))
- SAM Delete Domain Group
-
- label(delalias) dit(bf(delalias))
- SAM Delete Domain Alias
-
- label(ntpass) dit(bf(ntpass))
- NT SAM Password Change
-
- label(samuserset2) dit(bf(samuserset2))
- <username> [-s acb_bits] SAM User Set Info 2 (experimental!)
-
- label(samuserset) dit(bf(samuserset))
- <username> [-p password] SAM User Set Info (experimental!)
-
- label(samuser) dit(bf(samuser))
- <username> SAM User Query (experimental!)
-
- label(samgroup) dit(bf(samgroup))
- <groupname> SAM Group Query (experimental!)
-
- label(samalias) dit(bf(samalias))
- <aliasname> SAM Alias Query
-
- label(samaliasmem) dit(bf(samaliasmem))
- <aliasname> SAM Alias Members
-
- label(samgroupmem) dit(bf(samgroupmem))
- SAM Group Members
-
- label(samtest) dit(bf(samtest))
- SAM User Encrypted RPC test (experimental!)
-
- label(enumaliases) dit(bf(enumaliases))
- SAM Aliases Database Query (experimental!)
-
- label(enumdomains) dit(bf(enumdomains))
- SAM Domains Database Query (experimental!)
-
- label(enumgroups) dit(bf(enumgroups))
- SAM Group Database Query (experimental!)
-
- label(dominfo) dit(bf(dominfo))
- SAM Query Domain Info
-
- label(dispinfo) dit(bf(dispinfo))
- SAM Query Display Info
-
- enddit()
-
-enddit()
-
-
-label(NOTES)
-manpagesection(NOTES)
-
-Some servers are fussy about the case of supplied usernames,
-passwords, share names (AKA service names) and machine names. If you
-fail to connect try giving all parameters in uppercase.
-
-It is often necessary to use the link(bf(-n))(minusn) option when connecting
-to some types of servers. For example OS/2 LanManager insists on a valid
-NetBIOS name being used, so you need to supply a valid name that would
-be known to the server.
-
-rpcclient only works on servers that support MSRPC over SMB. This includes
-all versions of Windows NT, including the ports to Unix such as AS/U and
-AFPS. Support for MSRPC over SMB in other servers is currently rare and
-patchy, for example Samba 2.0 only supports a limited set of MSRPC commands,
-and some of those are not supported very well.
-
-label(ENVIRONMENTVARIABLES)
-manpagesection(ENVIRONMENT VARIABLES)
-
-The variable bf(USER) may contain the username of the person using the
-client. This information is used only if the protocol level is high
-enough to support session-level passwords.
-
-The variable bf(PASSWORD) may contain the password of the person using
-the client. This information is used only if the protocol level is
-high enough to support session-level passwords.
-
-label(INSTALLATION)
-manpagesection(INSTALLATION)
-
-The location of the client program is a matter for individual system
-administrators. The following are thus suggestions only.
-
-It is recommended that the rpcclient software be installed in the
-/usr/local/samba/bin or /usr/samba/bin directory, this directory
-readable by all, writeable only by root. The client program itself
-should be executable by all. The client should em(NOT) be setuid or
-setgid!
-
-The client log files should be put in a directory readable and
-writeable only by the user.
-
-To test the client, you will need to know the name of a running
-SMB/CIFS server. It is possible to run url(bf(smbd (8)))(smbd.8.html)
-an ordinary user - running that server as a daemon on a
-user-accessible port (typically any port number over 1024) would
-provide a suitable test server.
-
-label(DIAGNOSTICS)
-manpagesection(DIAGNOSTICS)
-
-Most diagnostics issued by the client are logged in a specified log
-file. The log file name is specified at compile time, but may be
-overridden on the command line.
-
-The number and nature of diagnostics available depends on the debug
-level used by the client. If you have problems, set the debug level to
-3 and peruse the log files.
-
-label(VERSION)
-manpagesection(VERSION)
-
-This man page is correct for version 2.0 of the Samba suite.
-
-label(BUGS)
-manpagesection(BUGS)
-
-startdit()
-dit(WARNING!)
-The MSPRC over SMB code has been developed from examining Network traces.
-No documentation is available from the original creators (Microsoft) on
-how MSRPC over SMB works, or how the individual MSRPC services work.
-Microsoft's implementation of these services has been demonstrated (and
-reported) to be... a bit flakey in places.
-
-The development of Samba's implementation of these services is em(also)
-a bit rough, and as more of the services are understood, it can even result
-in versions of url(bf(smbd (8)))(smbd.8.html) and rpcclient that are
-backwards-incompatible for some commands or services. Additionally, the
-developers are sending reports to Microsoft, and problems found by or
-reported to Microsoft are fixed in Service Packs, which may also result in
-incompatibilities.
-
-It is therefore not guaranteed that the execution of an rpcclient command will
-work. It is also not guaranteed that the target server will continue to
-operate, i.e the execution of an MSRPC command may cause a remote service to
-fail, or even cause the remote server to fail. Usual rules apply, of course:
-the developers bear absolutely no responsibility or liability for the use,
-misuse, or lack of use of rpcclient, by any person or persons, whether legal,
-illegal, accidental, deliberate, intentional, malicious, curious, etc.
-
-This em(particularly) applies to the registry and SAM database commands.
-As you are using a command-line tool not a mouse-clicky tool, you have
-already proven yourself to be savvy, however if you don't know what you're
-doing, then em(don't do it!).
-
-dit(Command Completion)
-Command-completion (available if you have the GNU readline library) used on
-certain commands may not operate correctly if the word being completed (such as a registry key) contains a space. Typically, the name will be completed, but
-you will have to go back and put quotes round it, yourself.
-
-dit(SAM Database command-completion)
-Command-completion (available if you have the GNU readline library) of user,
-group and alias names does not work on remote Domains, which would normally
-be specified like this: nl()
-tt(DOMAIN_name\user_name). nl()
-The only names that can be completed in this fashion are the local names
-in the SAM database of the target server.
-
-dit(link(bf(spoolenum))(spoolenum))
-Due to current limitations in the rpcclient MSRPC / SMB code, and due to
-the extremely poor MSRPC implementation (by Microsoft) of the spooler
-service, if there are a large number of printers (or the names / comment
-fields associated with the printers), this command will fail. The
-limitations require further research to be carried out; we're stuck with
-the poor \PIPE\spoolss design.
-
-endit()
-
-label(AUTHOR)
-manpageauthor()
-
-The original Samba software and related utilities were created by
-Andrew Tridgell email(samba-bugs@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-
-The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/))
-and updated for the Samba2.0 release by Jeremy Allison. This man page
-was developed cut-and-paste style from the smbclient man page, by
-Luke Kenneth Casson Leighton.
-email(samba-bugs@samba.org).
-
-See url(bf(samba (7)))(samba.7.html) to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-
+++ /dev/null
-Date: Tue, 07 Apr 1998
-Contributor: Christoph L. Spiel <Christoph_Spiel@physik.tu-muenchen.de>
-Organization: Munich Institute of Technology, Institute E10
-Subject: WISHES:LINUX:smbmount
-===============================================================================
-Machine Arch: i386
-Machine OS: linux
-Kernel: 2.1.85
-Samba Version: Version 1.9.18p3
-Mount Version: 2.7i
-Autofs Version: 0.3.14
-
-
-Hi SAMBA developers!
-
-I have written a shell script that marries smbmount and mount
-on a Linux-machine with a 2.1.55+ kernel (i.e., a newer developper
-kernel. Especially it makes smbmount compatible
-with autofs! Now, You (when root :-) can say
- mount -t smb /win-machine/my-share /mntpt
-Concerning the management of the user/password-pairs I have already
-made a step in the right direction, but there is still a lot of
-brain-work to do :-(
-
-The primary problem with the Win passwords
-is that they are under user-control, and not under admin-control
-as the Linux passwords are. Therfore, I give every SAMBA user
-a
- ~/smb-pass
-file where she can manage her usernames and passwords herself.
-The fundamental mount-tables /etc/fstab and /etc/auto.* only
-list the mount-point and the respective options. The user´s
-password file is adressed via the uuname=<user_name>-option.
-
-An important "side-effect" is that the password file need not to
-be word-readable. In fact my script tests for user-only rights of
-this file to close this potential security-hole.
-
-The script mount.smb has to be installed in /sbin and given mode 755.
-No suid is necessary! I attached an automount table that is currently
-in use on my machine. A user´s password file looks like this:
-
-$ cat ~/smb-pass
-supra:/cspiel cspiel secret
-helium:/c cspiel sesame
-^ ^ ^
-| | +- password
-| +- username
-+- share-name as in fundamental mount-table.
-
-It would be nice, if someone else tests my script. Maybe, You have
-already found a better solution than mine. If You find it useful,
-I would be glad to donate it to the SAMBA-project.
-
-BUGS:
-(1) There is no documentation yet. (Yes, I consider this a bug!)
-(2) When used with autofs the automounter overruns mount.smb.
- This means when accessing an automounted share for the 1st time
- You may get an empty directory. Retrying several times will
- cause the mount to complete successfully.
-
-
-Best,
- Christoph Spiel
-
+++ /dev/null
-#!/bin/sh -x
-
-
-# name: mount.smb -- interface between mount and smbmount
-# author: Ch. L. Spiel (cspiel@physik.tu-muenchen.de)
-# $Id: mount.smb,v 1.1 1998/04/13 12:31:10 jht Exp $
-
-# bash version: 1.14.7(1)
-# mount version: 2.7i
-# smbmount version: 1.9.18p3
-
-
-myname=`basename $0`
-passwd_filename="smb-pass" # name of user smb-password file
-lock_file="/var/lock/$myname"
-log_file="/tmp/mount.smb.log"
-
-PATH=/usr/local/samba/bin:/usr/bin:/bin
-
-# check for an existing lock-file quickly(!)
-if [ -e "$lock_file" ]; then
- # exit, but don´t touch lock-file
- exit 0
-fi
-# set up new lock-file
-echo > $lock_file
-
-# initialise log-file
-echo "logging of $myname started at `date`" > $log_file
-chmod --silent 600 $log_file
-echo "called with: $@" >> $log_file
-exec >> $log_file 2>&1
-
-
-
-# set default and initial values
-verbose=false # be silent
-fake=false # really do the mount
-fmode="-f 600" # default file mode
-dmode="-d 700" # default dir mode
-
-#uid="-u `id | sed 's/^uid=\([0-9]*\).*$/\1/'`"
-uid="-u 0"
-#gid="-g `id | sed 's/^.*gid=\([0-9]*\).*$/\1/'`"
-gid="-g 0"
-
-
-#
-# functions
-#
-
-# exitproc(int exit_code)
-function exit_proc
-{
- if [ -n "$lock_file" ]; then
- # remove current lock-file
- rm "$lock_file"
- fi
- # update log-file
- echo "" >> $log_file
- echo "$myname´s return value is $1." >> $log_file
- echo "logging of $myname ended at `date`." >> $log_file
- # done.
- exit $1
-}
-
-
-# split_arg(arg)
-# arg ::= id '=' val
-# set id and val on return
-function split_arg
-{
- id="$1"
- val="$2"
- extra="$3"
-} # end of split_arg
-
-
-# split_passwdline(uline)
-function split_passwdline
-{
- user_name=$1
- real_password=$2
- user_id=$3
- group_id=$4
- full_name=$5
- home_dir=$6
- shell_name=$7
-}
-
-
-# get_homedir(username)
-function get_homedir
-{
- local temp_ifs
-
- temp_ifs="$IFS"
- uline=`grep "^$1" /etc/passwd`
- if [ -z "$uline" ]; then
- echo "$myname: unknown user \"$1\""
- exit_proc 1
- fi
- IFS=":"
- split_passwdline $uline
- if [ -z "$home_dir" ]; then
- echo "$myname: user \"$1\" has no home directory"
- exit_proc 1
- fi
- echo "$home_dir"
- IFS="$temp_ifs"
-}
-
-
-# get_uid(username)
-function get_uid
-{
- local temp_ifs
-
- temp_ifs="$IFS"
- uline=`grep "^$1" /etc/passwd`
- if [ -z "$uline" ]; then
- echo "$myname: unknown user \"$1\""
- exit_proc 1
- fi
- IFS=":"
- split_passwdline $uline
- echo "$user_id"
- IFS="$temp_ifs"
-}
-
-
-# get_gid(username)
-function get_gid
-{
- local temp_ifs
-
- temp_ifs="$IFS"
- uline=`grep "^$1" /etc/passwd`
- if [ -z "$uline" ]; then
- echo "$myname: unknown user \"$1\""
- exit_proc 1
- fi
- IFS=":"
- split_passwdline $uline
- echo "$group_id"
- IFS="$temp_ifs"
-}
-
-
-# read_passwd_file(sharename)
-function read_passwd_file
-{
- local pwd_filename pwd_entry temp_ifs share_name fmod
-
- pwd_filename=`get_homedir $uuname`/$passwd_filename
- # use uid and gid of user´s /etc/password entry
- uid="-u `get_uid $uuname`"
- gid="-g `get_gid $uuname`"
- # check existence of password file
- if [ ! -f "$pwd_filename" -o ! -r "$pwd_filename" ]; then
- echo "$myname: cannot read from user password file \"$pwd_filename\""
- exit_proc 1
- fi
- # check file permissions
- for f in $pwd_filename{,~,%,.BAK,.bak,.new,.old,.orig,.sav}; do
- if [ ! -f $f ]; then continue; fi
- /bin/ls -l $f | grep -q -- "^-r\(w\|-\)------"
- if [ $? = 1 ]; then
- echo "$myname: Found security hole: mode of file \"$f\""
- echo "$myname: Password file must have permission 400 or 600."
- echo "$myname: Please fix the file´s mode."
- exit_proc 1
- fi
- done
-
- share_name="$1" # sharename in smb-format!
- pwd_entry=`grep -v '^#' "$pwd_filename" | grep -i "^$share_name"`
- if [ -z "$pwd_entry" ]; then
- # try uni*-like sharename
- share_name=`echo $share_name | sed -e 's,^//,,' -e 's,/,:/,'`
- pwd_entry=`grep -v '^#' "$pwd_filename" | grep -i "^$share_name"`
- fi
- if [ -z "$pwd_entry" ]; then
- # sharename was not found in user´s password file
- echo "$myname: cannot authentify share named \"$1\" via file \"$pwd_filename\""
- exit_proc 1
- fi
-
- # pwd_entry has the form:
- # sharename username password
- temp_ifs="$IFS"
- IFS=" " # <tab> and <space>
- split_arg $pwd_entry
- options="$options -U $val"
- password="$extra"
- IFS="$temp_ifs"
-}
-
-
-# process_options(opt1, opt2, ..., optN)
-function process_options
-{
- local temp_ifs
-
- for j; do
- temp_ifs="$IFS" # save current internal-field separator
- IFS="=" # set new separator
- split_arg $j # split argument into identifier and value
- IFS="$temp_ifs" # reset old separator
- case "$id" in
- port)
- options="$options -p $val"
- ;;
- debug)
- options="$options -d $val"
- ;;
- log)
- options="$options -l $val"
- ;;
- nbname)
- options="$options -n $val"
- ;;
- nopwd)
- options="$options -N"
- ;;
- maxproto)
- options="$options -m $val"
- ;;
- ip)
- options="$options -I $val"
- ;;
- uname)
- options="$options -U $val"
- ;;
- wrkgrp)
- options="$options -W $val"
- ;;
- term)
- options="$options -t $val"
- ;;
- sdir)
- options="$options -D $val"
- ;;
- pwd)
- # DO NOT USE THIS OPTION! It is a severe scurity hole.
- password="$val"
- ;;
- uuname)
- # consult user´s smb-password file
- uuname="$val" # uni* user name
- read_passwd_file "$server_service"
- ;;
-
- # ignored options
- async)
- # do nothing
- ;;
- atime)
- # do nothing
- ;;
- auto)
- # do nothing
- ;;
- defaults)
- # do nothing
- ;;
- dev)
- # do nothing
- ;;
- exec)
- # do nothing
- ;;
- noatime)
- # do nothing
- ;;
- noauto)
- # do nothing
- ;;
- nodev)
- # do nothing
- ;;
- noexec)
- # do nothing
- ;;
- nosuid)
- # do nothing
- ;;
- nouser)
- # do nothing
- ;;
- ro)
- # do nothing
- ;;
- rw)
- # do nothing
- ;;
- suid)
- # do nothing
- ;;
- sync)
- # do nothing
- ;;
- user)
- # do nothing
- ;;
-
- # fs options
- fmod)
- fmode="-f $val"
- ;;
- dmod)
- dmode="-d $val"
- ;;
- uid)
- uid="-u $val"
- ;;
- gid)
- gid="-g $val"
- ;;
-
- # fallthrough
- *)
- echo "$myname: unrecognized option $id"
- exit_proc 1
- ;;
- esac
- done
-} # end of split_options
-
-
-
-#
-# main
-#
-
-
-
-if [ "$verbose" != "false" ]; then
- # show how we have been called
- echo "$myname: $*"
-fi
-
-# some checks of the input parameters
-if [ "$#" -lt 2 ]; then
- echo "$myname: need at least service and mountpoint"
- exit_proc 1
-fi
-
-if `echo "$2" | grep -vq "^/"`; then
- echo "$myname: mount point must be an absolut path"
- exit_proc 1
-fi
-
-
-# copy arguments
-if `echo "$1" | grep -q ":/"`; then
- # non--standard format, i.e., server:/service
- server_service=`echo "//$1" | sed -e "sx:/x/x"`
-else
- # standard format, i.e, //server/service
- server_service="$1"
-fi
-mntpt="$2"
-
-# copy options
-shift 2 # skip arguments: //server/service and /mnt-point
-for i; do
- case "$i" in
- -f | --fake)
- fake=true
- ;;
- -h | --help)
- echo "usage: mount.smb service [password] mountpoint [options]"
- exit_proc 0
- ;;
- -v | --verbose)
- verbose=true
- ;;
- -V | --version)
- echo "$myname: mount.smb-0.1.0"
- exit_proc 0
- ;;
- -o)
- shift # skip leading -o
- temp_ifs="$IFS" # save current internal-field separator
- IFS="," # set new separator
- process_options $*
- IFS="$temp_ifs" # reset old separator
- break # mount places options at the end -> we are done
- ;;
- *)
- echo "$myname: unrecognized option $i"
- exit_proc 1
- ;;
- esac
- shift
-done
-IFS=' '
-
-
-#
-# be careful...
-#
-
-
-# nmblookup server: is node up and running?
-srv=`echo $server_service | sed 's,^//\(.*\)/.*$,\1,'` # server´s name
-nmblookup "$srv" | grep -q "failed to find name"
-if [ "$?" = 0 ]; then
- echo "$myname: failed to find server \"$srv\"."
- exit_proc 1
-fi
-
-
-#
-# perform mount
-#
-
-
-fs_options="$fmode $dmode $uid $gid" # all options concerning the mounted fs
-if [ "$verbose" = "true" ]; then
- # display what we would do. Do not show the password, only show "xxx".
- echo -n "smbmount $server_service "
- if [ -n "$password" ]; then # password is set
- echo -n "xxx " # ... but we don´t show it ;-)
- fi
- echo "-c \"mount $mntpt $fs_options\" $options"
-#else
- # supress further messages
-# exec > /dev/null 2>&1
-#:
-fi
-
-if [ "$fake" != "true" ]; then
- smbmount $server_service $password -c "mount $mntpt $fs_options" $options
- echo "smbmount´s exit code was $?."
-fi
-
-# clean up and exit
-exit_proc 0
-
+++ /dev/null
-This directory contains example programs and scripts that have been written by
-Samba rpcclient administrators and users. You may, or may not, find
-some of them useful. They have been submitted here for use at your own
-risk, and no responsibility is accepted for their use or mis-use.
-
-Program Author Purpose
-------- ------ -------
-
-ntsd.c David Bannon. Pings several workstations and shuts them down.
- Used by David in a lab environment to kick students
- off workstations from a cron job.
+++ /dev/null
-/* This is an experiemental programme to shutdown a group of NTws in a
- Samba domain via rpcclient.
-
- Copyright (c) David Bannon 1999
- David Bannon, D.Bannon@latrobe.edu.au, 4th November, 1999
-
- Full permission is granted to use this code (for what that is worth) in
- any way you wish, strictly at your own risk.
-
- I use it from a cron a job to close a computer lab down at 5:00 pm.
-
- It has some serious security implications, make sure you understand
- them before using this code !
-
- If you find a way to make this 'power down' a machine that is set up to
- do power down correctly please let me know !!
-
- Machines to be shutdown must be members of a samba (or NT) domain.
- You are going to have to offer your domain admin user name/password
- (see below).
-
- As you probably don't want your domain admin password appearing in the
- crontab file or popping up in a 'ps' list, it can be encrypted and the
- programme will tell you what it should look like. i.e :
-
- [root@bclab shutdown]# ./ntsd -e
- Domain Admin User name :dbannon
- Domain Admin Password
- Use the string between [] after a -p : [1HCeTcXqOfo7R[hg]
- [root@bclab shutdown]#
-
- Now a crontab entry would look like this :
-
- 00 17 * * 1-5 /usr/local/sbin/ntsd -p'1HCeTcXqOfo7R[hg' -a
-
- The -p indicates passwd (actually user name and password) and the
- -a says shutdown all machines. Note that the password string must
- have inverted commas around it so the shell does not try and expand
- any special charachers that it is likely to contain.
-
- Security Alert !!
- The encryption is pretty weak and its reversable ! Change the key
- strings, compile and change the key strings again ! You don't need
- to remember the key but if you leave the unchanged source around
- someone may use it to reverse the encryption. The Keys are in lumps
- to stop someone doing a 'cat ntsd' and seeing the key string.
- (yeah, I know its not very clever, but they should not be able to
- read the binary or your crontab anyway)
-
- Ping
- I ping the target machines before trying to shut them down, you
- dont't need to, just let rpcclient time out. If you want to ping
- first (because its nicer !) you need :
- 1. First element of IP name should be the netbios name. (makes sense)
- 2. If the server you will run the cron job from does not have the
- same default domain name as machines being shutdown then you will
- need to define USE_DOMAIN and put in appropriate ip domain info.
- This code does ping, get busy with vi if you don't want to.
-
- Machine Names
- For this system to be practical, the machine names must be in some
- sort of sequence, ie bclab1, bclab2, bclab3, not more creative like
- grumpy, dopey, sneezy. See the code in main() to see how the names
- are built.
-
- Configuration
-
- Machine Names
- If you have used a naming scheme like mine then you may need to
- change only LASTMACHINE and PREFIX, otherwise look at main().
-
- Binary locations.
- We need to find the rpcclient and ping binaries. The values below
- are typical. Better check first.
-
- Compile
- Known to compile cleanly on linux (RH5.0 - RH6.1) and DEC 4.0. Does
- not do anything fancy so should compile on most systems easily
- enough.
-
- Install
- Rename the binary (ie ntsd) and put it somewhere safe. It should
- be rwx root only. Comes up with basic help if run without command
- line switch, prompts for admin user name and password if used
- without the -p switch.
- (Typically)Put entry in your crontab (crontab -e) and watch the
- fun. Remember, it does not keep them shutdown, try an entry every
- 5 minutes for a while (or until door is locked).
-*/
-
-
-#include<stdio.h>
-#include<stdlib.h>
-#include<unistd.h>
-#include<pwd.h>
-
-#define PING "/bin/ping"
-#define RPCCLIENT "/usr/local/samba/bin/rpcclient"
-
-
-#define LASTMACHINE 14 /* ie, scans bclab1 through to bclab14 */
-#define PREFIX "bclab"
-
-/* #define USE_DOMAIN Only if you need full ip name to ping machines */
-
-#ifdef USE_DOMAIN
-#define DOMAIN ".biochem.latrobe.edu.au" /* required by ping, possibly.
- */
-#endif
-
-#define KEY1 "Please"
-#define KEY2 "don't leave"
-#define KEY3 "this"
-#define KEY4 "as it is"
-#define KEY5 "here"
-#define KEY6 "silly."
-
-
-int Shutdown(char *machine, char *PassWord) {
- char Buff[128], *Ptr;
- int Res;
- /* printf("Shutting down %s\n", machine); */
- sprintf(Buff, "/bin/ping -c 1 -q %s > /dev/null", machine);
- Res = system(Buff);
- if (Res == 0) { /* its turned on */
- Ptr = machine;
- /* first 'word' in ip name = netbios name, get rid of rest */
- while (*++Ptr != 0) if (*Ptr == '.') *Ptr = 0;
- printf("Shutting down %s\n", machine);
- sprintf(Buff, "%s -c shutdown -U%s -S %s", RPCCLIENT, PassWord,
-machine);
- system(Buff);
- }
-}
-
-int Usage(char *prog) {
- printf("Programme to shutdown NTs in domain.\n");
- printf("Normally called from cron (using encrypted passwd, see -e and
--p).\n");
- printf("Usage \n");
- printf(" -a shutdown all machines %s1 to %s%d. \n",
- PREFIX, PREFIX, LASTMACHINE);
- printf(" -m machine shutdown [machine] (might need full ip
-name).\n");
- printf(" -e tell me my encrypted name and password to
-use with -p.\n");
- printf(" -p'pw_string' use encrypted name & password as given by
--e.\n");
- printf(" You must have single inverted commas around
-the pw string !");
- printf(" -h help, give this message.\n");
- printf("Typical cron line : 00 17 * * 1-5 /usr/local/sbin/ntsd
--p1HCeTcXqOfo7R[hg -a\n");
- printf(" David Bannon,
-Nov 1999\n");
- exit(0);
-}
-
-int GetPassWord(char *Passwd) {
- char *ptr, *p;
- char User[128];
- printf("Domain Admin User name :");
- fgets(User, 127, stdin);
- if (strlen(User) < 3) {
- printf("Short user name, exiting.\n");
- exit(1);
- }
- p = User;
- while (*p != '\n') p++; /* get rid of newline */
- *p = 0;
- ptr = getpass("Domain Admin Password ");
- if (strlen(ptr) < 3) {
- printf("Short password, exiting.\n");
- exit(1);
- }
- strcpy(Passwd, User); /* do this with sprintf */
- strcat(Passwd, "%");
- strcat(Passwd, ptr);
- *ptr = 0; /* clean up system buffer */
- return 0;
-}
-
-int Encrypt(char *InPass) {
- char Pass[128], Enc[128];
- int Temp;
- char *Hash;
- int Offset = 0;
- Hash = malloc(256);
- /* so it a bit harder than just 'cat ntsd' */
- sprintf(Hash, "%s%s%s%s%s%s", KEY4, KEY3, KEY2, KEY5, KEY1, KEY6);
- if (InPass == 0) {
- GetPassWord(Pass); /* may not return */
- while (*(Pass + Offset) != 0) {
- Temp = *(Pass + Offset) + *(Hash + Offset) - ' ';
- if (Temp > '~') Temp = Temp - 95;
- *(Pass+Offset++) = Temp;
- }
- printf("Use the string between [] after a -p : ['%s']\n", Pass);
- exit(0);
- } else {
- while (*(InPass + Offset) != 0) {
- Temp = *(InPass + Offset) - *(Hash + Offset) + ' ';
- if (Temp < ' ') Temp = Temp + 95;
- *(InPass+Offset++) = Temp;
- }
- }
- free(Hash);
- return 0;
-}
-
-int main(int argc, char **argv) {
- extern char *optarg;
- extern int optind;
- int Ch;
- static char *prog_name;
- int MachineNo = 0, AllMachines = 0;
- char Machine[128], PassWord[128];
- uid_t UID = getuid();
- prog_name = argv[0];
- if (UID != 0) {
- printf("Sorry, this programme can only be run as root.\n");
- exit(1);
- }
- *Machine = 0;
- *PassWord = 0;
- if (argc < 2) Usage(prog_name);
- while ((Ch = getopt(argc, argv, "haem:p:")) != EOF) {
- switch(Ch) {
- case 'e': Encrypt(NULL); break; /* Does not return */
- case 'a': AllMachines = 1; break;
- case 'm': strcpy(Machine, optarg); break;
- case 'p': strcpy(PassWord, optarg); break;
- case 'h': Usage(prog_name);
- default: Usage(prog_name);
- }
- }
- if (*PassWord == 0) GetPassWord(PassWord); /* may not return */
- else Encrypt(PassWord);
- if (*Machine != 0) {
- Shutdown(Machine, PassWord);
- exit(0);
- }
- /* printf("exit for safety = %s.\n", PassWord);
-exit(0); */
- while (++MachineNo < LASTMACHINE+1) {
- pid_t Proc;
-#ifdef USE_DOMAIN
- sprintf(Machine, "%s%d%s", PREFIX, MachineNo, DOMAIN);
-#else
- sprintf(Machine, "%s%d", PREFIX, MachineNo);
-#endif
- Proc = fork();
- if (Proc == 0) { /* in child process */
- Shutdown(Machine, PassWord);
- exit(0);
- }
- }
- printf("Shutdowns initiated.\n");
-}
+++ /dev/null
-Preparation Date: Mon November 16 1998
-Preparer: John H Terpstra <jht@samba.org>
-
-Instructions: Preparing Samba Packages for Caldera OpenLinux 1.2
-==================================================================
-
-We provide support only for current versions of Caldera OpenLinux.
-
-To produce the RPMS simply type:
- sh makerpms.sh
-
+++ /dev/null
-#!/usr/bin/perl
-#
-# Prints info on all smb responding machines on a subnet.
-# This script needs to be run on a machine without nmbd running and be
-# run as root to get correct info from WIN95 clients.
-#
-# syntax:
-# findsmb [subnet broadcast address]
-#
-# with no agrument it will list machines on the current subnet
-#
-# There will be a "+" in front of the workgroup name for machines that are
-# local master browsers for that workgroup. There will be an "*" in front
-# of the workgroup name for machines that are the domain master browser for
-# that workgroup.
-#
-
-$SAMBABIN = "/usr/bin";
-
-for ($i = 0; $i < 2; $i++) { # test for -d option and broadcast address
- $_ = shift;
- if (m/-d|-D/) {
- $DEBUG = 1;
- } else {
- if ($_) {
- $BCAST = "-B $_";
- }
- }
-}
-
-sub ipsort # do numeric sort on last field of IP address
-{
- @t1 = split(/\./,$a);
- @t2 = split(/\./,$b);
- @t1[3] <=> @t2[3];
-}
-
-# look for all machines that respond to a name lookup
-
-open(NMBLOOKUP,"$SAMBABIN/nmblookup $BCAST '*'|") ||
- die("Can't run nmblookup '*'.\n");
-
-# get rid of all lines that are not a response IP address,
-# strip everything but IP address and sort by last field in address
-
-@ipaddrs = sort ipsort grep(s/ \*<00>.*$//,<NMBLOOKUP>);
-
-# print header info
-
-print "\nIP ADDR NETBIOS NAME WORKGROUP/OS/VERSION $BCAST\n";
-print "---------------------------------------------------------------------\n";
-
-foreach $ip (@ipaddrs) # loop through each IP address found
-{
- $ip =~ s/\n//; # strip newline from IP address
-
-# find the netbios names registered by each machine
-
- open(NMBLOOKUP,"$SAMBABIN/nmblookup -r -A $ip|") ||
- die("Can't get nmb name list.\n");
- @nmblookup = <NMBLOOKUP>;
- close NMBLOOKUP;
-
-# get the first <00> name
-
- @name = grep(/<00>/,@nmblookup);
- $_ = @name[0];
- if ($_) { # we have a netbios name
- if (/GROUP/) { # is it a group name
- ($name, $aliases, $type, $length, @addresses) =
- gethostbyaddr(pack('C4',split('\.',$ip)),2);
- if (! $name) { # could not get name
- $name = "unknown nis name";
- }
- } else {
- /(\S+)/;
- $name = $1;
- }
-
-# do an smbclient command on the netbios name.
-
- open(SMB,"$SAMBABIN/smbclient -N -L $name -I $ip -U% |") ||
- die("Can't do smbclient command.\n");
- @smb = <SMB>;
- close SMB;
-
- if ($DEBUG) { # if -d flag print results of nmblookup and smbclient
- print "===============================================================\n";
- print @nmblookup;
- print @smb;
- }
-
-# look for the OS= string
-
- @info = grep(/OS=/,@smb);
- $_ = @info[0];
- if ($_) { # we found response
- s/Domain=|OS=|Server=|\n//g; # strip out descriptions to make line shorter
-
- } else { # no OS= string in response (WIN95 client)
-
-# for WIN95 clients get workgroup name from nmblookup response
- @name = grep(/<00> - <GROUP>/,@nmblookup);
- $_ = @name[0];
- if ($_) {
- /(\S+)/;
- $_ = "[$1]";
- } else {
- $_ = "Unknown Workgroup";
- }
- }
-
-# see if machine registered a local master browser name
- if (grep(/<1d>/,@nmblookup)) {
- $master = '+'; # indicate local master browser
- if (grep(/<1b>/,@nmblookup)) { # how about domain master browser?
- $master = '*'; # indicate domain master browser
- }
- } else {
- $master = ' '; # not a browse master
- }
-
-# line up info in 3 columns
-
- print "$ip".' 'x(16-length($ip))."$name".' 'x(14-length($name))."$master"."$_\n";
-
- } else { # no netbios name found
-# try getting the host name
- ($name, $aliases, $type, $length, @addresses) =
- gethostbyaddr(pack('C4',split('\.',$ip)),2);
- if (! $name) { # could not get name
- $name = "unknown nis name";
- }
- if ($DEBUG) { # if -d flag print results of nmblookup
- print "===============================================================\n";
- print @nmblookup;
- }
- print "$ip".' 'x(16-length($ip))."$name\n";
- }
-}
-
+++ /dev/null
-diff -uNr samba-PVERSION/source/Makefile.in samba-kgc/source/Makefile.in
---- samba-PVERSION/source/Makefile.in Wed Dec 2 14:35:18 1998
-+++ samba-kgc/source/Makefile.in Wed Dec 2 15:06:02 1998
-@@ -27,7 +27,7 @@
- # the previous releases of Samba
- SBINDIR = @bindir@
- LIBDIR = @libdir@
--VARDIR = $(BASEDIR)/var
-+VARDIR = /var
- MANDIR = @mandir@
-
- # The permissions to give the executables
-@@ -36,23 +36,23 @@
- # set these to where to find various files
- # These can be overridden by command line switches (see smbd(8))
- # or in smb.conf (see smb.conf(5))
--SMBLOGFILE = $(VARDIR)/log.smb
--NMBLOGFILE = $(VARDIR)/log.nmb
-+SMBLOGFILE = $(VARDIR)/log/samba/log.smb
-+NMBLOGFILE = $(VARDIR)/log/samba/log.nmb
- CONFIGFILE = $(LIBDIR)/smb.conf
- LMHOSTSFILE = $(LIBDIR)/lmhosts
- DRIVERFILE = $(LIBDIR)/printers.def
- PASSWD_PROGRAM = /bin/passwd
--SMB_PASSWD_FILE = $(BASEDIR)/private/smbpasswd
--SMB_PASSGRP_FILE = $(BASEDIR)/private/smbpassgrp
--SMB_GROUP_FILE = $(BASEDIR)/private/smbgroup
--SMB_ALIAS_FILE = $(BASEDIR)/private/smbalias
-+SMB_PASSWD_FILE = $(LIBDIR)/smbpasswd
-+SMB_PASSGRP_FILE = $(LIBDIR)/smbpassgrp
-+SMB_GROUP_FILE = $(LIBDIR)/smbgroup
-+SMB_ALIAS_FILE = $(LIBDIR)/smbalias
- SMB_PASSWD_PROGRAM = $(BINDIR)/smbpasswd
-
- # This is where SWAT images and help files go
--SWATDIR = $(BASEDIR)/swat
-+SWATDIR = $(BASEDIR)/share/swat
-
- # the directory where lock files go
--LOCKDIR = $(VARDIR)/locks
-+LOCKDIR = $(VARDIR)/lock/samba
-
- # The directory where code page definition files go
- CODEPAGEDIR = $(LIBDIR)/codepages
+++ /dev/null
-#!/bin/sh
-# Copyright (C) John H Terpstra 1998
-#
-RPMDIR=`rpm --showrc | awk '/^rpmdir/ { print $3}'`
-SPECDIR=`rpm --showrc | awk '/^specdir/ { print $3}'`
-SRCDIR=`rpm --showrc | awk '/^sourcedir/ { print $3}'`
-
-( cd ../../.. ; tar czvf ${SRCDIR}/samba-PVERSION.tar.gz samba-PVERSION )
-cp -a *.spec $SPECDIR
-cp -a *.patch smb.* samba.log $SRCDIR
-cd $SRCDIR
-chown -R root.root samba-PVERSION
-cd $SPECDIR
-rpm -ba -v samba2.spec
+++ /dev/null
-/var/log/samba/log.nmb {
- postrotate
- /usr/bin/killall -HUP nmbd
- endrotate
-}
-
-/var/log/samba/log.smb {
- postrotate
- /usr/bin/killall -HUP smbd
- endrotate
-}
+++ /dev/null
-auth required /lib/security/pam_pwdb.so nullok shadow
-account required /lib/security/pam_pwdb.so
+++ /dev/null
-Summary: Samba SMB client and server
-Name: samba
-Version: PVERSION
-Release: PRELEASE
-Copyright: GNU GPL version 2
-Group: Networking
-Source: ftp://samba.org/pub/samba/samba-PVERSION.tar.gz
-Patch: makefile-path.patch
-Patch1: smbw.patch
-Packager: John H Terpstra [Samba-Team] <jht@samba.org>
-BuildRoot: /var/tmp/samba
-
-%description
-Samba provides an SMB server which can be used to provide
-network services to SMB (sometimes called "Lan Manager")
-clients, including various versions of MS Windows, OS/2,
-and other Linux machines. Samba also provides some SMB
-clients, which complement the built-in SMB filesystem
-in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols
-and does NOT need NetBEUI (Microsoft Raw NetBIOS frame)
-protocol.
-
-Samba-2 features an almost working NT Domain Control
-capability and includes the new SWAT (Samba Web Administration
-Tool) that allows samba's smb.conf file to be remotely managed
-using your favourite web browser. For the time being this is
-being enabled on TCP port 901 via inetd.
-
-Please refer to the WHATSNEW.txt document for fixup information.
-This binary release includes encrypted password support.
-Please read the smb.conf file and ENCRYPTION.txt in the
-docs directory for implementation details.
-
-%changelog
-* Mon Nov 16 1998 John H Terpstra <jht@samba.org>
- - Ported to Cadera OpenLinux
-
-%prep
-%setup
-%patch -p1
-%patch1 -p1
-
-%build
-cd source
-./configure --prefix=/usr --libdir=/etc
-make all
-
-%install
-rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/etc/codepages/src
-mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d}
-mkdir -p $RPM_BUILD_ROOT/etc/rc.d/{init.d,rc0.d,rc1.d,rc2.d,rc3.d,rc5.d,rc6.d}
-mkdir -p $RPM_BUILD_ROOT/home/samba
-mkdir -p $RPM_BUILD_ROOT/usr/{bin,sbin}
-mkdir -p $RPM_BUILD_ROOT/usr/share/swat/{images,help,include}
-mkdir -p $RPM_BUILD_ROOT/usr/man/{man1,man5,man7,man8}
-mkdir -p $RPM_BUILD_ROOT/var/lock/samba
-mkdir -p $RPM_BUILD_ROOT/var/log/samba
-mkdir -p $RPM_BUILD_ROOT/var/spool/samba
-
-# Install standard binary files
-for i in nmblookup smbclient smbpasswd smbrun smbstatus testparm testprns \
- make_smbcodepage make_printerdef rpcclient
-do
-install -m755 -s source/bin/$i $RPM_BUILD_ROOT/usr/bin
-done
-for i in addtosmbpass mksmbpasswd.sh smbtar
-do
-install -m755 source/script/$i $RPM_BUILD_ROOT/usr/bin
-done
-
-# Install secure binary files
-for i in smbd nmbd swat
-do
-install -m755 -s source/bin/$i $RPM_BUILD_ROOT/usr/sbin
-done
-
-# Install level 1 man pages
-for i in smbclient.1 smbrun.1 smbstatus.1 smbtar.1 testparm.1 testprns.1 make_smbcodepage.1 nmblookup.1
-do
-install -m644 docs/manpages/$i $RPM_BUILD_ROOT/usr/man/man1
-done
-
-# Install codepage source files
-for i in 437 737 850 852 861 866 932 936 949 950
-do
-install -m644 source/codepages/codepage_def.$i $RPM_BUILD_ROOT/etc/codepages/src
-done
-
-# Install SWAT helper files
-for i in swat/help/*.html docs/htmldocs/*.html
-do
-install -m644 $i $RPM_BUILD_ROOT/usr/share/swat/help
-done
-for i in swat/images/*.gif
-do
-install -m644 $i $RPM_BUILD_ROOT/usr/share/swat/images
-done
-for i in swat/include/*.html
-do
-install -m644 $i $RPM_BUILD_ROOT/usr/share/swat/include
-done
-
-# Install the miscellany
-install -m644 swat/README $RPM_BUILD_ROOT/usr/share/swat
-install -m644 docs/manpages/smb.conf.5 $RPM_BUILD_ROOT/usr/man/man5
-install -m644 docs/manpages/lmhosts.5 $RPM_BUILD_ROOT/usr/man/man5
-install -m644 docs/manpages/smbpasswd.5 $RPM_BUILD_ROOT/usr/man/man5
-install -m644 docs/manpages/samba.7 $RPM_BUILD_ROOT/usr/man/man7
-install -m644 docs/manpages/smbd.8 $RPM_BUILD_ROOT/usr/man/man8
-install -m644 docs/manpages/nmbd.8 $RPM_BUILD_ROOT/usr/man/man8
-install -m644 docs/manpages/swat.8 $RPM_BUILD_ROOT/usr/man/man8
-install -m644 docs/manpages/smbpasswd.8 $RPM_BUILD_ROOT/usr/man/man8
-install -m644 packaging/RedHat/smb.conf $RPM_BUILD_ROOT/etc/smb.conf
-install -m644 packaging/RedHat/smbusers $RPM_BUILD_ROOT/etc/smbusers
-install -m755 packaging/RedHat/smbprint $RPM_BUILD_ROOT/usr/bin
-install -m755 packaging/RedHat/findsmb $RPM_BUILD_ROOT/usr/bin
-install -m755 packaging/RedHat/smbadduser $RPM_BUILD_ROOT/usr/bin
-install -m755 packaging/RedHat/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb
-install -m755 packaging/RedHat/smb.init $RPM_BUILD_ROOT/usr/sbin/samba
-install -m644 packaging/RedHat/samba.pamd $RPM_BUILD_ROOT/etc/pam.d/samba
-install -m644 packaging/RedHat/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/samba
-echo 127.0.0.1 localhost > $RPM_BUILD_ROOT/etc/lmhosts
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%post
-/sbin/chkconfig --add smb
-
-# Build codepage load files
-for i in 437 737 850 852 861 866 932 936 949 950
-do
-/usr/bin/make_smbcodepage c $i /etc/codepages/src/codepage_def.$i /etc/codepages/codepage.$i
-done
-
-# Add swat entry to /etc/services if not already there
-if !( grep ^[:space:]*swat /etc/services > /dev/null ) then
- echo 'swat 901/tcp # Add swat service used via inetd' >> /etc/services
-fi
-
-# Add swat entry to /etc/inetd.conf if needed
-if !( grep ^[:space:]*swat /etc/inetd.conf > /dev/null ) then
- echo 'swat stream tcp nowait.400 root /usr/sbin/swat swat' >> /etc/inetd.conf
-killall -1 inetd || :
-fi
-
-%preun
-if [ $1 = 0 ] ; then
- /sbin/chkconfig --del smb
-
- for n in /etc/codepages/*; do
- if [ $n != /etc/codepages/src ]; then
- rm -rf $n
- fi
- done
- # We want to remove the browse.dat and wins.dat files so they can not interfer with a new version of samba!
- if [ -e /var/lock/samba/browse.dat ]; then
- rm -f /var/lock/samba/browse.dat
- fi
- if [ -e /var/lock/samba/wins.dat ]; then
- rm -f /var/lock/samba/wins.dat
- fi
-fi
-
-%postun
-# Only delete remnants of samba if this is the final deletion.
-if [ $1 != 0 ] ; then
- exit 0
-
- if [ -x /etc/pam.d/samba ]; then
- rm -f /etc/pam.d/samba
- fi
- if [ -e /var/log/samba ]; then
- rm -rf /var/log/samba
- fi
- if [ -e /var/lock/samba ]; then
- rm -rf /var/lock/samba
- fi
-
- # Remove swat entries from /etc/inetd.conf and /etc/services
- cd /etc
- tmpfile=/etc/tmp.$$
- sed -e '/^[:space:]*swat.*$/d' /etc/inetd.conf > $tmpfile
- mv $tmpfile inetd.conf
- sed -e '/^[:space:]*swat.*$/d' /etc/services > $tmpfile
- mv $tmpfile services
-fi
-
-%files
-%doc README COPYING Manifest Read-Manifest-Now
-%doc WHATSNEW.txt Roadmap
-%doc docs
-%doc swat/README
-%doc examples
-%attr(-,root,root) /usr/sbin/smbd
-%attr(-,root,root) /usr/sbin/nmbd
-%attr(-,root,root) /usr/sbin/swat
-%attr(0750,root,root) /usr/sbin/samba
-%attr(-,root,root) /usr/bin/addtosmbpass
-%attr(-,root,root) /usr/bin/mksmbpasswd.sh
-%attr(-,root,root) /usr/bin/smbclient
-%attr(-,root,root) /usr/bin/rpcclient
-%attr(-,root,root) /usr/bin/testparm
-%attr(-,root,root) /usr/bin/testprns
-%attr(-,root,root) /usr/bin/smbrun
-%attr(-,root,root) /usr/bin/findsmb
-%attr(-,root,root) /usr/bin/smbstatus
-%attr(-,root,root) /usr/bin/nmblookup
-%attr(-,root,root) /usr/bin/make_smbcodepage
-%attr(-,root,root) /usr/bin/make_printerdef
-%attr(-,root,root) /usr/bin/smbpasswd
-%attr(-,root,root) /usr/bin/smbtar
-%attr(-,root,root) /usr/bin/smbprint
-%attr(-,root,root) /usr/bin/smbadduser
-%attr(-,root,root) /usr/share/swat/help/welcome.html
-%attr(-,root,root) /usr/share/swat/help/DOMAIN_MEMBER.html
-%attr(-,root,root) /usr/share/swat/help/lmhosts.5.html
-%attr(-,root,root) /usr/share/swat/help/make_smbcodepage.1.html
-%attr(-,root,root) /usr/share/swat/help/nmbd.8.html
-%attr(-,root,root) /usr/share/swat/help/nmblookup.1.html
-%attr(-,root,root) /usr/share/swat/help/samba.7.html
-%attr(-,root,root) /usr/share/swat/help/smb.conf.5.html
-%attr(-,root,root) /usr/share/swat/help/smbclient.1.html
-%attr(-,root,root) /usr/share/swat/help/smbd.8.html
-%attr(-,root,root) /usr/share/swat/help/smbpasswd.5.html
-%attr(-,root,root) /usr/share/swat/help/smbpasswd.8.html
-%attr(-,root,root) /usr/share/swat/help/smbrun.1.html
-%attr(-,root,root) /usr/share/swat/help/smbstatus.1.html
-%attr(-,root,root) /usr/share/swat/help/smbtar.1.html
-%attr(-,root,root) /usr/share/swat/help/swat.8.html
-%attr(-,root,root) /usr/share/swat/help/testparm.1.html
-%attr(-,root,root) /usr/share/swat/help/testprns.1.html
-%attr(-,root,root) /usr/share/swat/images/globals.gif
-%attr(-,root,root) /usr/share/swat/images/home.gif
-%attr(-,root,root) /usr/share/swat/images/passwd.gif
-%attr(-,root,root) /usr/share/swat/images/printers.gif
-%attr(-,root,root) /usr/share/swat/images/shares.gif
-%attr(-,root,root) /usr/share/swat/images/samba.gif
-%attr(-,root,root) /usr/share/swat/images/status.gif
-%attr(-,root,root) /usr/share/swat/images/viewconfig.gif
-%attr(-,root,root) /usr/share/swat/include/header.html
-%attr(-,root,root) /usr/share/swat/include/footer.html
-%attr(-,root,root) %config(noreplace) /etc/lmhosts
-%attr(-,root,root) %config(noreplace) /etc/smb.conf
-%attr(-,root,root) %config(noreplace) /etc/smbusers
-%attr(-,root,root) /etc/rc.d/init.d/smb
-%attr(-,root,root) /etc/logrotate.d/samba
-%attr(-,root,root) /etc/pam.d/samba
-%attr(-,root,root) /etc/codepages/src/codepage_def.437
-%attr(-,root,root) /etc/codepages/src/codepage_def.737
-%attr(-,root,root) /etc/codepages/src/codepage_def.850
-%attr(-,root,root) /etc/codepages/src/codepage_def.852
-%attr(-,root,root) /etc/codepages/src/codepage_def.861
-%attr(-,root,root) /etc/codepages/src/codepage_def.866
-%attr(-,root,root) /etc/codepages/src/codepage_def.932
-%attr(-,root,root) /etc/codepages/src/codepage_def.936
-%attr(-,root,root) /etc/codepages/src/codepage_def.949
-%attr(-,root,root) /etc/codepages/src/codepage_def.950
-%attr(-,root,root) /usr/man/man1/smbstatus.1
-%attr(-,root,root) /usr/man/man1/smbclient.1
-%attr(-,root,root) /usr/man/man1/make_smbcodepage.1
-%attr(-,root,root) /usr/man/man1/smbrun.1
-%attr(-,root,root) /usr/man/man1/smbtar.1
-%attr(-,root,root) /usr/man/man1/testparm.1
-%attr(-,root,root) /usr/man/man1/testprns.1
-%attr(-,root,root) /usr/man/man1/nmblookup.1
-%attr(-,root,root) /usr/man/man5/smb.conf.5
-%attr(-,root,root) /usr/man/man5/lmhosts.5
-%attr(-,root,root) /usr/man/man5/smbpasswd.5
-%attr(-,root,root) /usr/man/man7/samba.7
-%attr(-,root,root) /usr/man/man8/smbd.8
-%attr(-,root,root) /usr/man/man8/nmbd.8
-%attr(-,root,root) /usr/man/man8/smbpasswd.8
-%attr(-,root,root) /usr/man/man8/swat.8
-%attr(-,root,nobody) %dir /home/samba
-%attr(-,root,root) %dir /etc/codepages
-%attr(-,root,root) %dir /etc/codepages/src
-%attr(-,root,root) %dir /var/lock/samba
-%attr(-,root,root) %dir /var/log/samba
-%attr(1777,root,root) %dir /var/spool/samba
+++ /dev/null
-# This is the main Samba configuration file. You should read the
-# smb.conf(5) manual page in order to understand the options listed
-# here. Samba has a huge number of configurable options (perhaps too
-# many!) most of which are not shown in this example
-#
-# Any line which starts with a ; (semi-colon) or a # (hash)
-# is a comment and is ignored. In this example we will use a #
-# for commentry and a ; for parts of the config file that you
-# may wish to enable
-#
-# NOTE: Whenever you modify this file you should run the command "testparm"
-# to check that you have not many any basic syntactic errors.
-#
-#======================= Global Settings =====================================
-[global]
-
-# workgroup = NT-Domain-Name or Workgroup-Name
- workgroup = MYGROUP
-
-# server string is the equivalent of the NT Description field
- server string = Samba Server
-
-# This option is important for security. It allows you to restrict
-# connections to machines which are on your local network. The
-# following example restricts access to two C class networks and
-# the "loopback" interface. For more examples of the syntax see
-# the smb.conf man page
-; hosts allow = 192.168.1. 192.168.2. 127.
-
-# if you want to automatically load your printer list rather
-# than setting them up individually then you'll need this
- printcap name = /etc/printcap
- load printers = yes
-
-# It should not be necessary to spell out the print system type unless
-# yours is non-standard. Currently supported print systems include:
-# bsd, sysv, plp, lprng, aix, hpux, qnx
-; printing = bsd
-
-# Uncomment this if you want a guest account, you must add this to /etc/passwd
-# otherwise the user "nobody" is used
-; guest account = pcguest
-
-# this tells Samba to use a separate log file for each machine
-# that connects
- log file = /var/log/samba/log.%m
-
-# Put a capping on the size of the log files (in Kb).
- max log size = 50
-
-# Security mode. Most people will want user level security. See
-# security_level.txt for details.
- security = user
-# Use password server option only with security = server
-; password server = <NT-Server-Name>
-
-# Password Level allows matching of _n_ characters of the password for
-# all combinations of upper and lower case.
-; password level = 8
-; username level = 8
-
-# You may wish to use password encryption. Please read
-# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
-# Do not enable this option unless you have read those documents
-; encrypt passwords = yes
-; smb passwd file = /etc/smbpasswd
-
-# The following are needed to allow password changing from Windows to
-# update the Linux sytsem password also.
-# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
-# NOTE2: You do NOT need these to allow workstations to change only
-# the encrypted SMB passwords. They allow the Unix password
-# to be kept in sync with the SMB password.
-; unix password sync = Yes
-; passwd program = /usr/bin/passwd %u
-; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
-
-# Unix users can map to different SMB User names
-; username map = /etc/smbusers
-
-# Using the following line enables you to customise your configuration
-# on a per machine basis. The %m gets replaced with the netbios name
-# of the machine that is connecting
-; include = /etc/smb.conf.%m
-
-# Most people will find that this option gives better performance.
-# See speed.txt and the manual pages for details
- socket options = TCP_NODELAY
-
-# Configure Samba to use multiple interfaces
-# If you have multiple network interfaces then you must list them
-# here. See the man page for details.
-; interfaces = 192.168.12.2/24 192.168.13.2/24
-
-# Configure remote browse list synchronisation here
-# request announcement to, or browse list sync from:
-# a specific host or from / to a whole subnet (see below)
-; remote browse sync = 192.168.3.25 192.168.5.255
-# Cause this host to announce itself to local subnets here
-; remote announce = 192.168.1.255 192.168.2.44
-
-# Browser Control Options:
-# set local master to no if you don't want Samba to become a master
-# browser on your network. Otherwise the normal election rules apply
-; local master = no
-
-# OS Level determines the precedence of this server in master browser
-# elections. The default value should be reasonable
-; os level = 33
-
-# Domain Master specifies Samba to be the Domain Master Browser. This
-# allows Samba to collate browse lists between subnets. Don't use this
-# if you already have a Windows NT domain controller doing this job
-; domain master = yes
-
-# Preferred Master causes Samba to force a local browser election on startup
-# and gives it a slightly higher chance of winning the election
-; preferred master = yes
-
-# Use only if you have an NT server on your network that has been
-# configured at install time to be a primary domain controller.
-; domain controller = <NT-Domain-Controller-SMBName>
-
-# Enable this if you want Samba to be a domain logon server for
-# Windows95 workstations.
-; domain logons = yes
-
-# if you enable domain logons then you may want a per-machine or
-# per user logon script
-# run a specific logon batch file per workstation (machine)
-; logon script = %m.bat
-# run a specific logon batch file per username
-; logon script = %U.bat
-
-# Where to store roving profiles (only for Win95 and WinNT)
-# %L substitutes for this servers netbios name, %U is username
-# You must uncomment the [Profiles] share below
-; logon path = \\%L\Profiles\%U
-
-# All NetBIOS names must be resolved to IP Addresses
-# 'Name Resolve Order' allows the named resolution mechanism to be specified
-# the default order is "host lmhosts wins bcast". "host" means use the unix
-# system gethostbyname() function call that will use either /etc/hosts OR
-# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
-# and the /etc/resolv.conf file. "host" therefore is system configuration
-# dependant. This parameter is most often of use to prevent DNS lookups
-# in order to resolve NetBIOS names to IP Addresses. Use with care!
-# The example below excludes use of name resolution for machines that are NOT
-# on the local network segment
-# - OR - are not deliberately to be known via lmhosts or via WINS.
-; name resolve order = wins lmhosts bcast
-
-# Windows Internet Name Serving Support Section:
-# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
-; wins support = yes
-
-# WINS Server - Tells the NMBD components of Samba to be a WINS Client
-# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
-; wins server = w.x.y.z
-
-# WINS Proxy - Tells Samba to answer name resolution queries on
-# behalf of a non WINS capable client, for this to work there must be
-# at least one WINS Server on the network. The default is NO.
-; wins proxy = yes
-
-# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
-# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
-# this has been changed in version 1.9.18 to no.
- dns proxy = no
-
-# Case Preservation can be handy - system default is _no_
-# NOTE: These can be set on a per share basis
-; preserve case = no
-; short preserve case = no
-# Default case is normally upper case for all DOS files
-; default case = lower
-# Be very careful with case sensitivity - it can break things!
-; case sensitive = no
-
-#============================ Share Definitions ==============================
-[homes]
- comment = Home Directories
- browseable = no
- writable = yes
-
-# Un-comment the following and create the netlogon directory for Domain Logons
-; [netlogon]
-; comment = Network Logon Service
-; path = /home/netlogon
-; guest ok = yes
-; writable = no
-; share modes = no
-
-
-# Un-comment the following to provide a specific roving profile share
-# the default is to use the user's home directory
-;[Profiles]
-; path = /home/profiles
-; browseable = no
-; guest ok = yes
-
-
-# NOTE: If you have a BSD-style print system there is no need to
-# specifically define each individual printer
-[printers]
- comment = All Printers
- path = /var/spool/samba
- browseable = no
-# Set public = yes to allow user 'guest account' to print
- guest ok = no
- writable = no
- printable = yes
-
-# This one is useful for people to share files
-;[tmp]
-; comment = Temporary file space
-; path = /tmp
-; read only = no
-; public = yes
-
-# A publicly accessible directory, but read only, except for people in
-# the "staff" group
-;[public]
-; comment = Public Stuff
-; path = /home/samba
-; public = yes
-; writable = yes
-; printable = no
-; write list = @staff
-
-# Other examples.
-#
-# A private printer, usable only by fred. Spool data will be placed in fred's
-# home directory. Note that fred must have write access to the spool directory,
-# wherever it is.
-;[fredsprn]
-; comment = Fred's Printer
-; valid users = fred
-; path = /homes/fred
-; printer = freds_printer
-; public = no
-; writable = no
-; printable = yes
-
-# A private directory, usable only by fred. Note that fred requires write
-# access to the directory.
-;[fredsdir]
-; comment = Fred's Service
-; path = /usr/somewhere/private
-; valid users = fred
-; public = no
-; writable = yes
-; printable = no
-
-# a service which has a different directory for each machine that connects
-# this allows you to tailor configurations to incoming machines. You could
-# also use the %u option to tailor it by user name.
-# The %m gets replaced with the machine name that is connecting.
-;[pchome]
-; comment = PC Directories
-; path = /usr/pc/%m
-; public = no
-; writable = yes
-
-# A publicly accessible directory, read/write to all users. Note that all files
-# created in the directory by users will be owned by the default user, so
-# any user with access can delete any other user's files. Obviously this
-# directory must be writable by the default user. Another user could of course
-# be specified, in which case all files would be owned by that user instead.
-;[public]
-; path = /usr/somewhere/else/public
-; public = yes
-; only guest = yes
-; writable = yes
-; printable = no
-
-# The following two entries demonstrate how to share a directory so that two
-# users can place files there that will be owned by the specific users. In this
-# setup, the directory should be writable by both users and should have the
-# sticky bit set on it to prevent abuse. Obviously this could be extended to
-# as many users as required.
-;[myshare]
-; comment = Mary's and Fred's stuff
-; path = /usr/somewhere/shared
-; valid users = mary fred
-; public = no
-; writable = yes
-; printable = no
-; create mask = 0765
-
-
+++ /dev/null
-#!/bin/sh
-#
-# description: Starts and stops the Samba smbd and nmbd daemons \
-# used to provide SMB network services.
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-# Source networking configuration.
-. /etc/sysconfig/network
-
-# Check that networking is up.
-[ ${NETWORKING} = "no" ] && exit 0
-
-# Check that smb.conf exists.
-[ -f /etc/smb.conf ] || exit 0
-
-# See how we were called.
-case "$1" in
- start)
- echo -n "Starting SMB services: "
- smbd -D
- nmbd -D
- echo
- touch /var/lock/subsys/smb
- ;;
- stop)
- echo -n "Shutting down SMB services: "
- killproc smbd
- killproc nmbd
- rm -f /var/lock/subsys/smb
- echo ""
- ;;
- status)
- status smbd
- status nmbd
- ;;
- restart)
- echo -n "Restarting SMB services: "
- $0 stop
- $0 start
- echo "done."
- ;;
- *)
- echo "Usage: smb {start|stop|restart|status}"
- exit 1
-esac
-
+++ /dev/null
-#!/bin/csh
-#
-# smbadduser - Written by Mike Zakharoff
-#
-unalias *
-set path = ($path)
-
-set smbpasswd = /etc/smbpasswd
-set user_map = /etc/smbusers
-#
-# Set to site specific passwd command
-#
-set passwd = "cat /etc/passwd"
-#set passwd = "niscat passwd.org_dir"
-#set passwd = "ypcat passwd"
-
-set line = "----------------------------------------------------------"
-if ($#argv == 0) then
- echo $line
- echo "Written: Mike Zakharoff email: michael.j.zakharoff@boeing.com"
- echo ""
- echo " 1) Updates $smbpasswd"
- echo " 2) Updates $user_map"
- echo " 3) Executes smbpasswd for each new user"
- echo ""
- echo "smbadduser unixid:ntid unixid:ntid ..."
- echo ""
- echo "Example: smbadduser zak:zakharoffm johns:smithj"
- echo $line
- exit 1
-endif
-
-touch $smbpasswd $user_map
-set new = ()
-foreach one ($argv)
- echo $one | grep ':' >& /dev/null
- if ($status != 0) then
- echo "ERROR: Must use unixid:ntid like -> zak:zakharoffm"
- continue
- endif
- set unix = `echo $one | awk -F: '{print $1}'`
- set ntid = `echo $one | awk -F: '{print $2}'`
-
- set usr = `eval $passwd | awk -F: '$1==USR {print $1}' USR=$unix`
- if ($#usr != 1) then
- echo "ERROR: $unix Not in passwd database SKIPPING..."
- continue
- endif
- set tmp = `cat $smbpasswd | awk -F: '$1==USR {print $1}' USR=$unix`
- if ($#tmp != 0) then
- echo "ERROR: $unix is already in $smbpasswd SKIPPING..."
- continue
- endif
-
- echo "Adding: $unix to $smbpasswd"
- eval $passwd | \
- awk -F: '$1==USR { \
- printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:%s:%s:%s\n", $1, $3, $5, $6, $7) }' USR=$unix >> $smbpasswd
- if ($unix != $ntid) then
- echo "Adding: {$unix = $ntid} to $user_map"
- echo "$unix = $ntid" >> $user_map
- endif
- set new = ($new $unix)
-end
-
-#
-# Enter password for new users
-#
-foreach one ($new)
- echo $line
- echo "ENTER password for $one"
- smbpasswd $one
-end
+++ /dev/null
-#!/bin/sh
-
-# This script is an input filter for printcap printing on a unix machine. It
-# uses the smbclient program to print the file to the specified smb-based
-# server and service.
-# For example you could have a printcap entry like this
-#
-# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint
-#
-# which would create a unix printer called "smb" that will print via this
-# script. You will need to create the spool directory /usr/spool/smb with
-# appropriate permissions and ownerships for your system.
-
-# Set these to the server and service you wish to print to
-# In this example I have a WfWg PC called "lapland" that has a printer
-# exported called "printer" with no password.
-
-#
-# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton)
-# so that the server, service, and password can be read from
-# a /var/spool/lpd/PRINTNAME/.config file.
-#
-# In order for this to work the /etc/printcap entry must include an
-# accounting file (af=...):
-#
-# cdcolour:\
-# :cm=CD IBM Colorjet on 6th:\
-# :sd=/var/spool/lpd/cdcolour:\
-# :af=/var/spool/lpd/cdcolour/acct:\
-# :if=/usr/local/etc/smbprint:\
-# :mx=0:\
-# :lp=/dev/null:
-#
-# The /usr/var/spool/lpd/PRINTNAME/.config file should contain:
-# server=PC_SERVER
-# service=PR_SHARENAME
-# password="password"
-#
-# E.g.
-# server=PAULS_PC
-# service=CJET_371
-# password=""
-
-#
-# Debugging log file, change to /dev/null if you like.
-#
-# logfile=/tmp/smb-print.log
-logfile=/dev/null
-
-
-#
-# The last parameter to the filter is the accounting file name.
-# Extract the directory name from the file name.
-# Concat this with /.config to get the config file.
-#
-eval acct_file=\${$#}
-spool_dir=`dirname $acct_file`
-config_file=$spool_dir/.config
-
-# Should read the following variables set in the config file:
-# server
-# service
-# password
-eval `cat $config_file`
-
-#
-# Some debugging help, change the >> to > if you want to same space.
-#
-echo "server $server, service $service" >> $logfile
-
-(
-# NOTE You may wish to add the line `echo translate' if you want automatic
-# CR/LF translation when printing.
-# echo translate
- echo "print -"
- cat
-) | /usr/bin/smbclient "\\\\$server\\$service" $password -U $server -N -P >> $logfile
+++ /dev/null
-# Unix_name = SMB_name1 SMB_name2 ...
-root = administrator admin
-nobody = guest pcguest smbguest
+++ /dev/null
---- samba-2.0.0/source/smbwrapper/smbsh.in.orig Mon Oct 5 22:37:01 1998
-+++ samba-2.0.0/source/smbwrapper/smbsh.in Mon Oct 5 22:37:51 1998
-@@ -1,6 +1,6 @@
- #! /bin/sh
-
--SMBW_LIBDIR=${SMBW_LIBDIR-@builddir@/smbwrapper}
-+SMBW_LIBDIR=${SMBW_LIBDIR-/usr/bin}
-
- if [ ! -f ${SMBW_LIBDIR}/smbwrapper.so ]; then
- echo You need to set LIBDIR in smbsh
+++ /dev/null
-#!/bin/sh
-./mkprototype
-pkgmk -o -d /tmp -b `pwd` -f ./prototype
-cd /tmp
-pkgtrans . samba.pkg samba
+++ /dev/null
-#!/bin/sh
-# this creates prototype files
-pkgproto * > prototype
-nawk 'BEGIN { print "# d directory"
- print "# e a file to be edited upon installation or removal"
- print "# f a standard executable or data file"
- print "# i installation script or information file"
- print "# l linked file"
- print "# s symbolic link"
- print "# v volatile file (one whose contents are expected to
-change)"
- print "#" }
-/ pkginfo / { print "i pkginfo" ; next }
-/ postinstall / { print "i postinstall" ; next }
-/ postremove / { print "i postremove" ; next }
-/d none usr / { print "d none usr ? ? ?" ; next }
-/d none usr\/local / { print "d none usr/local ? ? ?" ; next }
-/d none etc / { print "d none etc ? ? ?" ; next }
-/f none etc\// { $1 = "v" }
-/d none opt / { print "d none opt ? ? ?" ; next }
-/d none var / { print "d none var ? ? ?" ; next }
-/none prototype / { next }
-/none mkprototype / { next }
-/ src[ \/]/ { next }
-/^[dfv]/ { $5 = "bin"
- $6 = "bin"
- print
- next }
-{ print }' prototype >/tmp/prototype.$$
-mv /tmp/prototype.$$ prototype
-
+++ /dev/null
-#!/bin/sh
-# install samba
-
-nawk '/^netbios-[ns]*[ ]/ {next}
-{print}
-END { print "netbios-ssn 139/tcp"
- print "netbios-ns 137/udp # samba service" }' \
- ${PKG_INSTALL_ROOT}/etc/inet/services > /tmp/services.$$ && \
- mv -f /tmp/services.$$ ${PKG_INSTALL_ROOT}/etc/inet/services &&
-\
- chmod 644 ${PKG_INSTALL_ROOT}/etc/inet/services && \
- echo "Updated ${PKG_INSTALL_ROOT}/etc/inet/services"
-
-nawk '/samba.*mbd[ ]/ { next }
-{print}
-END { print "# samba connections are handled by smbd and nmbd"
- print "netbios-ssn stream tcp nowait root /opt/samba/bin/smbd
-smbd"
- print "netbios-ns dgram udp wait root /opt/samba/bin/nmbd nmbd" }'
-\
- ${PKG_INSTALL_ROOT}/etc/inet/inetd.conf > /tmp/inetd.conf.$$ &&
-\
- mv -f /tmp/inetd.conf.$$ ${PKG_INSTALL_ROOT}/etc/inet/inetd.conf
-&& \
- chmod 644 ${PKG_INSTALL_ROOT}/etc/inet/inetd.conf && \
- echo "Updated ${PKG_INSTALL_ROOT}/etc/inet/inetd.conf"
-
-echo "Installed samba service into ${PKG_INSTALL_ROOT:-/}"
-
-inetpid=`/bin/ps -ef | awk '/ \/usr\/sbin\/inetd / { print $2 } '`
-if [ "X$inetpid" = "X" ]; then
- echo "inetd not running"
-else
- echo "Restarting inetd($inetpid)"
- kill -HUP $inetpid
-fi
-
+++ /dev/null
-#!/bin/sh
-# remove samba
-
-nawk '/^netbios-[ns]*[ ]/ {next}
-{print} ' \
- ${PKG_INSTALL_ROOT}/etc/inet/services > /tmp/services.$$ && \
- mv -f /tmp/services.$$ ${PKG_INSTALL_ROOT}/etc/inet/services &&
-\
- chmod 644 ${PKG_INSTALL_ROOT}/etc/inet/services && \
- echo "Updated ${PKG_INSTALL_ROOT}/etc/inet/services"
-
-nawk '/samba.*mbd[ ]/ { next }
-{print} ' \
- ${PKG_INSTALL_ROOT}/etc/inet/inetd.conf > /tmp/inetd.conf.$$ &&
-\
- mv -f /tmp/inetd.conf.$$ ${PKG_INSTALL_ROOT}/etc/inet/inetd.conf
-&& \
- chmod 644 ${PKG_INSTALL_ROOT}/etc/inet/inetd.conf && \
- echo "Updated ${PKG_INSTALL_ROOT}/etc/inet/inetd.conf"
-
-echo "Removed samba service from ${PKG_INSTALL_ROOT:-/}"
-
-inetpid=`/bin/ps -ef | awk '/ \/usr\/sbin\/inetd / { print $2 } '`
-if [ "X$inetpid" = "X" ]; then
- echo "inetd not running"
-else
- echo "Restarting inetd($inetpid)"
- kill -HUP $inetpid
-fi
-
+++ /dev/null
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- Main SMB server routines
- Copyright (C) Andrew Tridgell 1992-1998
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-fstring pipe_name;
-
-pstring servicesf = CONFIGFILE;
-extern pstring debugf;
-extern BOOL append_log;
-
-/*************************************************************************
- initialise an msrpc service
- *************************************************************************/
-void msrpc_service_init(void)
-{
-}
-
-/****************************************************************************
- reload the services file
- **************************************************************************/
-BOOL reload_services(BOOL test)
-{
- BOOL ret;
-
- if (lp_loaded()) {
- pstring fname;
- pstrcpy(fname,lp_configfile());
- if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) {
- pstrcpy(servicesf,fname);
- test = False;
- }
- }
-
- reopen_logs();
-
- if (test && !lp_file_list_changed())
- return(True);
-
- lp_killunused(NULL);
-
- ret = lp_load(servicesf,False,False,True);
-
- /* perhaps the config filename is now set */
- if (!test)
- reload_services(True);
-
- reopen_logs();
-
- load_interfaces();
-
- return(ret);
-}
-
-/****************************************************************************
- main program
-****************************************************************************/
- int main(int argc,char *argv[])
-{
-#ifdef HAVE_SET_AUTH_PARAMETERS
- set_auth_parameters(argc,argv);
-#endif
-
-#ifdef HAVE_SETLUID
- /* needed for SecureWare on SCO */
- setluid(0);
-#endif
-
- append_log = True;
-
- TimeInit();
-
- setup_logging(argv[0],False);
- fstrcpy(pipe_name, "browser");
- slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name);
- add_msrpc_command_processor( pipe_name, argv[0], api_brs_rpc );
-
- return msrpc_main(argc, argv);
-}
+++ /dev/null
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- SMB client
- Copyright (C) Andrew Tridgell 1994-1998
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#define NO_SYSLOG
-
-#include "includes.h"
-
-#ifndef REGISTER
-#define REGISTER 0
-#endif
-
-pstring service="";
-pstring desthost="";
-extern pstring global_myname;
-pstring password = "";
-pstring smb_login_passwd = "";
-pstring username="";
-pstring workgroup=WORKGROUP;
-BOOL got_pass = False;
-BOOL no_pass = False;
-BOOL connect_as_printer = False;
-BOOL connect_as_ipc = False;
-
-char cryptkey[8];
-BOOL doencrypt=False;
-
-extern pstring user_socket_options;
-
-/* 30 second timeout on most commands */
-#define CLIENT_TIMEOUT (30*1000)
-#define SHORT_TIMEOUT (5*1000)
-
-int name_type = 0x20;
-
-int max_protocol = PROTOCOL_NT1;
-
-BOOL readbraw_supported = False;
-BOOL writebraw_supported = False;
-
-extern int DEBUGLEVEL;
-
-uint16 cnum = 0;
-uint16 pid = 0;
-uint16 vuid = 0;
-uint16 mid = 0;
-
-int max_xmit = BUFFER_SIZE;
-
-BOOL have_ip = False;
-
-extern struct in_addr dest_ip;
-
-extern int Protocol;
-
-extern int Client;
-
-
-/****************************************************************************
-setup basics in a outgoing packet
-****************************************************************************/
-void cli_setup_pkt(char *outbuf)
-{
- SSVAL(outbuf,smb_pid,pid);
- SSVAL(outbuf,smb_uid,vuid);
- SSVAL(outbuf,smb_mid,mid);
- if (Protocol > PROTOCOL_COREPLUS)
- {
- SCVAL(outbuf,smb_flg,0x8);
- SSVAL(outbuf,smb_flg2,0x1);
- }
-}
-
-/****************************************************************************
-call a remote api
-****************************************************************************/
-BOOL cli_call_api(char *pipe_name, int pipe_name_len,
- int prcnt,int drcnt, int srcnt,
- int mprcnt,int mdrcnt,
- int *rprcnt,int *rdrcnt,
- char *param,char *data, uint16 *setup,
- char **rparam,char **rdata)
-{
- static char *inbuf=NULL;
- static char *outbuf=NULL;
-
- if (!inbuf) inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
- if (!outbuf) outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-
- if(!inbuf || !outbuf) {
- DEBUG(0,("cli_call_api: malloc fail.\n"));
- return False;
- }
-
- if (pipe_name_len == 0) pipe_name_len = strlen(pipe_name);
-
- cli_send_trans_request(outbuf,SMBtrans,pipe_name, pipe_name_len, 0,0,
- data, param, setup,
- drcnt, prcnt, srcnt,
- mdrcnt, mprcnt, 0);
-
- return (cli_receive_trans_response(inbuf,SMBtrans,
- rdrcnt,rprcnt,
- rdata,rparam));
-}
-
-
-/****************************************************************************
- receive a SMB trans or trans2 response allocating the necessary memory
- ****************************************************************************/
-BOOL cli_receive_trans_response(char *inbuf,int trans,
- int *data_len,int *param_len,
- char **data,char **param)
-{
- int total_data=0;
- int total_param=0;
- int this_data,this_param;
-
- *data_len = *param_len = 0;
-
- client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
- show_msg(inbuf);
-
- /* sanity check */
- if (CVAL(inbuf,smb_com) != trans)
- {
- DEBUG(0,("Expected %s response, got command 0x%02x\n",
- trans==SMBtrans?"SMBtrans":"SMBtrans2", CVAL(inbuf,smb_com)));
- return(False);
- }
- if (CVAL(inbuf,smb_rcls) != 0)
- return(False);
-
- /* parse out the lengths */
- total_data = SVAL(inbuf,smb_tdrcnt);
- total_param = SVAL(inbuf,smb_tprcnt);
-
- /* allocate it */
- *data = Realloc(*data,total_data);
- *param = Realloc(*param,total_param);
-
- if((total_data && !data) || (total_param && !param)) {
- DEBUG(0,("cli_receive_trans_response: Realloc fail !\n"));
- return(False);
- }
-
- while (1)
- {
- this_data = SVAL(inbuf,smb_drcnt);
- this_param = SVAL(inbuf,smb_prcnt);
- if (this_data)
- memcpy(*data + SVAL(inbuf,smb_drdisp),
- smb_base(inbuf) + SVAL(inbuf,smb_droff),
- this_data);
- if (this_param)
- memcpy(*param + SVAL(inbuf,smb_prdisp),
- smb_base(inbuf) + SVAL(inbuf,smb_proff),
- this_param);
- *data_len += this_data;
- *param_len += this_param;
-
- /* parse out the total lengths again - they can shrink! */
- total_data = SVAL(inbuf,smb_tdrcnt);
- total_param = SVAL(inbuf,smb_tprcnt);
-
- if (total_data <= *data_len && total_param <= *param_len)
- break;
-
- client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
- show_msg(inbuf);
-
- /* sanity check */
- if (CVAL(inbuf,smb_com) != trans)
- {
- DEBUG(0,("Expected %s response, got command 0x%02x\n",
- trans==SMBtrans?"SMBtrans":"SMBtrans2", CVAL(inbuf,smb_com)));
- return(False);
- }
- if (CVAL(inbuf,smb_rcls) != 0)
- return(False);
- }
-
- return(True);
-}
-
-
-
-/****************************************************************************
- send a SMB trans or trans2 request
- ****************************************************************************/
-BOOL cli_send_trans_request(char *outbuf,int trans,
- char *name,int namelen, int fid,int flags,
- char *data,char *param,uint16 *setup,
- int ldata,int lparam,int lsetup,
- int mdata,int mparam,int msetup)
-{
- int i;
- int this_ldata,this_lparam;
- int tot_data=0,tot_param=0;
- char *outdata,*outparam;
- pstring inbuf;
- char *p;
-
- this_lparam = MIN(lparam,max_xmit - (500+lsetup*SIZEOFWORD)); /* hack */
- this_ldata = MIN(ldata,max_xmit - (500+lsetup*SIZEOFWORD+this_lparam));
-
- bzero(outbuf,smb_size);
- set_message(outbuf,14+lsetup,0,True);
- CVAL(outbuf,smb_com) = trans;
- SSVAL(outbuf,smb_tid,cnum);
- cli_setup_pkt(outbuf);
-
- outparam = smb_buf(outbuf)+(trans==SMBtrans ? namelen+1 : 3);
- outdata = outparam+this_lparam;
-
- /* primary request */
- SSVAL(outbuf,smb_tpscnt,lparam); /* tpscnt */
- SSVAL(outbuf,smb_tdscnt,ldata); /* tdscnt */
- SSVAL(outbuf,smb_mprcnt,mparam); /* mprcnt */
- SSVAL(outbuf,smb_mdrcnt,mdata); /* mdrcnt */
- SCVAL(outbuf,smb_msrcnt,msetup); /* msrcnt */
- SSVAL(outbuf,smb_flags,flags); /* flags */
- SIVAL(outbuf,smb_timeout,0); /* timeout */
- SSVAL(outbuf,smb_pscnt,this_lparam); /* pscnt */
- SSVAL(outbuf,smb_psoff,smb_offset(outparam,outbuf)); /* psoff */
- SSVAL(outbuf,smb_dscnt,this_ldata); /* dscnt */
- SSVAL(outbuf,smb_dsoff,smb_offset(outdata,outbuf)); /* dsoff */
- SCVAL(outbuf,smb_suwcnt,lsetup); /* suwcnt */
- for (i=0;i<lsetup;i++) /* setup[] */
- SSVAL(outbuf,smb_setup+i*SIZEOFWORD,setup[i]);
- p = smb_buf(outbuf);
- if (trans==SMBtrans)
- memcpy(p,name, namelen+1); /* name[] */
- else
- {
- *p++ = 0; /* put in a null smb_name */
- *p++ = 'D'; *p++ = ' '; /* this was added because OS/2 does it */
- }
- if (this_lparam) /* param[] */
- memcpy(outparam,param,this_lparam);
- if (this_ldata) /* data[] */
- memcpy(outdata,data,this_ldata);
- set_message(outbuf,14+lsetup, /* wcnt, bcc */
- PTR_DIFF(outdata+this_ldata,smb_buf(outbuf)),False);
-
- show_msg(outbuf);
- send_smb(Client,outbuf);
-
- if (this_ldata < ldata || this_lparam < lparam)
- {
- /* receive interim response */
- if (!client_receive_smb(Client,inbuf,SHORT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0)
- {
- DEBUG(0,("%s request failed (%s)\n",
- trans==SMBtrans?"SMBtrans":"SMBtrans2", smb_errstr(inbuf)));
- return(False);
- }
-
- tot_data = this_ldata;
- tot_param = this_lparam;
-
- while (tot_data < ldata || tot_param < lparam)
- {
- this_lparam = MIN(lparam-tot_param,max_xmit - 500); /* hack */
- this_ldata = MIN(ldata-tot_data,max_xmit - (500+this_lparam));
-
- set_message(outbuf,trans==SMBtrans?8:9,0,True);
- CVAL(outbuf,smb_com) = trans==SMBtrans ? SMBtranss : SMBtranss2;
-
- outparam = smb_buf(outbuf);
- outdata = outparam+this_lparam;
-
- /* secondary request */
- SSVAL(outbuf,smb_tpscnt,lparam); /* tpscnt */
- SSVAL(outbuf,smb_tdscnt,ldata); /* tdscnt */
- SSVAL(outbuf,smb_spscnt,this_lparam); /* pscnt */
- SSVAL(outbuf,smb_spsoff,smb_offset(outparam,outbuf)); /* psoff */
- SSVAL(outbuf,smb_spsdisp,tot_param); /* psdisp */
- SSVAL(outbuf,smb_sdscnt,this_ldata); /* dscnt */
- SSVAL(outbuf,smb_sdsoff,smb_offset(outdata,outbuf)); /* dsoff */
- SSVAL(outbuf,smb_sdsdisp,tot_data); /* dsdisp */
- if (trans==SMBtrans2)
- SSVAL(outbuf,smb_sfid,fid); /* fid */
- if (this_lparam) /* param[] */
- memcpy(outparam,param,this_lparam);
- if (this_ldata) /* data[] */
- memcpy(outdata,data,this_ldata);
- set_message(outbuf,trans==SMBtrans?8:9, /* wcnt, bcc */
- PTR_DIFF(outdata+this_ldata,smb_buf(outbuf)),False);
-
- show_msg(outbuf);
- send_smb(Client,outbuf);
-
- tot_data += this_ldata;
- tot_param += this_lparam;
- }
- }
-
- return(True);
-}
-
-
-/****************************************************************************
-send a session request
-****************************************************************************/
-BOOL cli_send_session_request(char *inbuf,char *outbuf)
-{
- fstring dest;
- char *p;
- int len = 4;
- /* send a session request (RFC 8002) */
-
- fstrcpy(dest,desthost);
- p = strchr(dest,'.');
- if (p) *p = 0;
-
- /* put in the destination name */
- p = outbuf+len;
- name_mangle(dest,p,name_type); /* 0x20 is the SMB server NetBIOS type. */
- len += name_len(p);
-
- /* and my name */
- p = outbuf+len;
- name_mangle(global_myname,p,0);
- len += name_len(p);
-
- /* setup the packet length */
- _smb_setlen(outbuf,len);
- CVAL(outbuf,0) = 0x81;
-
-#ifdef WITH_SSL
-retry:
-#endif /* WITH_SSL */
-
- send_smb(Client,outbuf);
- DEBUG(5,("Sent session request\n"));
-
- client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
- if (CVAL(inbuf,0) == 0x84) /* C. Hoch 9/14/95 Start */
- {
- /* For information, here is the response structure.
- * We do the byte-twiddling to for portability.
- struct RetargetResponse{
- unsigned char type;
- unsigned char flags;
- int16 length;
- int32 ip_addr;
- int16 port;
- };
- */
- extern int Client;
- int port = (CVAL(inbuf,8)<<8)+CVAL(inbuf,9);
- /* SESSION RETARGET */
- putip((char *)&dest_ip,inbuf+4);
-
- close_sockets();
- Client = open_socket_out(SOCK_STREAM, &dest_ip, port, LONG_CONNECT_TIMEOUT);
- if (Client == -1)
- return False;
-
- DEBUG(3,("Retargeted\n"));
-
- set_socket_options(Client,user_socket_options);
-
- /* Try again */
- return cli_send_session_request(inbuf,outbuf);
- } /* C. Hoch 9/14/95 End */
-
-#ifdef WITH_SSL
- if(CVAL(inbuf,0) == 0x83 && CVAL(inbuf,4) == 0x8e) { /* use ssl */
- fprintf(stderr, "Making secure connection\n");
- if(!sslutil_fd_is_ssl(Client)){
- if(sslutil_connect(Client) == 0)
- goto retry;
- }
- }
-#endif
-
- if (CVAL(inbuf,0) != 0x82)
- {
- int ecode = CVAL(inbuf,4);
- DEBUG(0,("Session request failed (%d,%d) with myname=%s destname=%s\n",
- CVAL(inbuf,0),ecode,global_myname,desthost));
- switch (ecode)
- {
- case 0x80:
- DEBUG(0,("Not listening on called name\n"));
- DEBUG(0,("Try to connect to another name (instead of %s)\n",desthost));
- DEBUG(0,("You may find the -I option useful for this\n"));
- break;
- case 0x81:
- DEBUG(0,("Not listening for calling name\n"));
- DEBUG(0,("Try to connect as another name (instead of %s)\n",global_myname));
- DEBUG(0,("You may find the -n option useful for this\n"));
- break;
- case 0x82:
- DEBUG(0,("Called name not present\n"));
- DEBUG(0,("Try to connect to another name (instead of %s)\n",desthost));
- DEBUG(0,("You may find the -I option useful for this\n"));
- break;
- case 0x83:
- DEBUG(0,("Called name present, but insufficient resources\n"));
- DEBUG(0,("Perhaps you should try again later?\n"));
- break;
- default:
- DEBUG(0,("Unspecified error 0x%X\n",ecode));
- DEBUG(0,("Your server software is being unfriendly\n"));
- break;
- }
- return(False);
- }
- return(True);
-}
-
-static struct {
- int prot;
- char *name;
-} prots[] = {
- {PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"},
- {PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"},
- {PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"},
- {PROTOCOL_LANMAN1,"LANMAN1.0"},
- {PROTOCOL_LANMAN2,"LM1.2X002"},
- {PROTOCOL_LANMAN2,"Samba"},
- {PROTOCOL_NT1,"NT LM 0.12"},
- {PROTOCOL_NT1,"NT LANMAN 1.0"},
- {-1,NULL}
-};
-
-
-/****************************************************************************
-send a login command.
-****************************************************************************/
-BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup, struct connection_options *options)
-{
- BOOL was_null = (!inbuf && !outbuf);
- time_t servertime = 0;
- extern int serverzone;
- int crypt_len=0;
- char *pass = NULL;
- uchar enc_ntpass[24];
- int ntpasslen = 0;
- pstring dev;
- char *p;
- int numprots;
- int tries=0;
- struct connection_options opt;
-
- bzero(&opt, sizeof(opt));
-
- if (was_null)
- {
- inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
- outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-
- if(!inbuf || !outbuf) {
- DEBUG(0,("cli_send_login: malloc fail !\n"));
- return False;
- }
- }
-
- if (strstr(service,"IPC$")) connect_as_ipc = True;
-
- pstrcpy(dev,"A:");
- if (connect_as_printer)
- pstrcpy(dev,"LPT1:");
- if (connect_as_ipc)
- pstrcpy(dev,"IPC");
-
-
- if (start_session && !cli_send_session_request(inbuf,outbuf))
- {
- if (was_null)
- {
- free(inbuf);
- free(outbuf);
- }
- return(False);
- }
-
- bzero(outbuf,smb_size);
-
- /* setup the protocol strings */
- {
- int plength;
-
- for (plength=0,numprots=0;
- prots[numprots].name && prots[numprots].prot<=max_protocol;
- numprots++)
- plength += strlen(prots[numprots].name)+2;
-
- set_message(outbuf,0,plength,True);
-
- p = smb_buf(outbuf);
- for (numprots=0;
- prots[numprots].name && prots[numprots].prot<=max_protocol;
- numprots++)
- {
- *p++ = 2;
- pstrcpy(p,prots[numprots].name);
- p += strlen(p) + 1;
- }
- }
-
- CVAL(outbuf,smb_com) = SMBnegprot;
- cli_setup_pkt(outbuf);
-
- CVAL(smb_buf(outbuf),0) = 2;
-
- send_smb(Client,outbuf);
- client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
- show_msg(inbuf);
-
- if (CVAL(inbuf,smb_rcls) != 0 || ((int)SVAL(inbuf,smb_vwv0) >= numprots))
- {
- DEBUG(0,("SMBnegprot failed. myname=%s destname=%s - %s \n",
- global_myname,desthost,smb_errstr(inbuf)));
- if (was_null)
- {
- free(inbuf);
- free(outbuf);
- }
- return(False);
- }
-
- opt.protocol = Protocol = prots[SVAL(inbuf,smb_vwv0)].prot;
-
-
- if (Protocol < PROTOCOL_LANMAN1) {
- /* no extra params */
- } else if (Protocol < PROTOCOL_NT1) {
- opt.sec_mode = SVAL(inbuf,smb_vwv1);
- opt.max_xmit = max_xmit = SVAL(inbuf,smb_vwv2);
- opt.sesskey = IVAL(inbuf,smb_vwv6);
- opt.serverzone = serverzone = SVALS(inbuf,smb_vwv10)*60;
- /* this time is converted to GMT by make_unix_date */
- servertime = make_unix_date(inbuf+smb_vwv8);
- if (Protocol >= PROTOCOL_COREPLUS) {
- opt.rawmode = SVAL(inbuf,smb_vwv5);
- readbraw_supported = ((SVAL(inbuf,smb_vwv5) & 0x1) != 0);
- writebraw_supported = ((SVAL(inbuf,smb_vwv5) & 0x2) != 0);
- }
- crypt_len = smb_buflen(inbuf);
- memcpy(cryptkey,smb_buf(inbuf),8);
- DEBUG(3,("max mux %d\n",SVAL(inbuf,smb_vwv3)));
- opt.max_vcs = SVAL(inbuf,smb_vwv4);
- DEBUG(3,("max vcs %d\n",opt.max_vcs));
- DEBUG(3,("max blk %d\n",SVAL(inbuf,smb_vwv5)));
- } else {
- /* NT protocol */
- opt.sec_mode = CVAL(inbuf,smb_vwv1);
- opt.max_xmit = max_xmit = IVAL(inbuf,smb_vwv3+1);
- opt.sesskey = IVAL(inbuf,smb_vwv7+1);
- opt.serverzone = SVALS(inbuf,smb_vwv15+1)*60;
- /* this time arrives in real GMT */
- servertime = interpret_long_date(inbuf+smb_vwv11+1);
- crypt_len = CVAL(inbuf,smb_vwv16+1);
- memcpy(cryptkey,smb_buf(inbuf),8);
- if (IVAL(inbuf,smb_vwv9+1) & 1)
- readbraw_supported = writebraw_supported = True;
- DEBUG(3,("max mux %d\n",SVAL(inbuf,smb_vwv1+1)));
- opt.max_vcs = SVAL(inbuf,smb_vwv2+1);
- DEBUG(3,("max vcs %d\n",opt.max_vcs));
- DEBUG(3,("max raw %d\n",IVAL(inbuf,smb_vwv5+1)));
- DEBUG(3,("capabilities 0x%x\n",IVAL(inbuf,smb_vwv9+1)));
- }
-
- DEBUG(3,("Sec mode %d\n",SVAL(inbuf,smb_vwv1)));
- DEBUG(3,("max xmt %d\n",max_xmit));
- DEBUG(3,("Got %d byte crypt key\n",crypt_len));
- DEBUG(3,("Chose protocol [%s]\n",prots[SVAL(inbuf,smb_vwv0)].name));
-
- doencrypt = ((opt.sec_mode & 2) != 0);
-
- if (servertime) {
- static BOOL done_time = False;
- if (!done_time) {
- DEBUG(1,("Server time is %sTimezone is UTC%+02.1f\n",
- asctime(LocalTime(&servertime)),
- -(double)(serverzone/3600.0)));
- done_time = True;
- }
- }
-
- get_pass:
-
- if (got_pass)
- pass = password;
- else
- pass = (char *)getpass("Password: ");
-
- if(!pass)
- pass = "";
-
- pstrcpy(smb_login_passwd, pass);
-
- /* use a blank username for the 2nd try with a blank password */
- if (tries++ && !*pass)
- *username = 0;
-
- if (Protocol >= PROTOCOL_LANMAN1 && use_setup)
- {
- fstring pword;
- int passlen = strlen(pass)+1;
- fstrcpy(pword,pass);
-
- if (doencrypt && *pass)
- {
- DEBUG(3,("Using encrypted passwords\n"));
- passlen = 24;
- SMBencrypt((uchar *)pass,(uchar *)cryptkey,(uchar *)pword);
- ntpasslen = 24;
- SMBNTencrypt((uchar *)pass,(uchar *)cryptkey,enc_ntpass);
- }
-
- /* if in share level security then don't send a password now */
- if (!(opt.sec_mode & 1)) {fstrcpy(pword, "");passlen=1;}
-
- /* send a session setup command */
- bzero(outbuf,smb_size);
-
- if (Protocol < PROTOCOL_NT1)
- {
- set_message(outbuf,10,1 + strlen(username) + passlen,True);
- CVAL(outbuf,smb_com) = SMBsesssetupX;
- cli_setup_pkt(outbuf);
-
- CVAL(outbuf,smb_vwv0) = 0xFF;
- SSVAL(outbuf,smb_vwv2,max_xmit);
- SSVAL(outbuf,smb_vwv3,2);
- SSVAL(outbuf,smb_vwv4,opt.max_vcs-1);
- SIVAL(outbuf,smb_vwv5,opt.sesskey);
- SSVAL(outbuf,smb_vwv7,passlen);
- p = smb_buf(outbuf);
- memcpy(p,pword,passlen);
- p += passlen;
- pstrcpy(p,username);
- }
- else
- {
- if (!doencrypt) passlen--;
- /* for Win95 */
- set_message(outbuf,13,0,True);
- CVAL(outbuf,smb_com) = SMBsesssetupX;
- cli_setup_pkt(outbuf);
-
- CVAL(outbuf,smb_vwv0) = 0xFF;
- SSVAL(outbuf,smb_vwv2,BUFFER_SIZE);
- SSVAL(outbuf,smb_vwv3,2);
- SSVAL(outbuf,smb_vwv4,getpid());
- SIVAL(outbuf,smb_vwv5,opt.sesskey);
- SSVAL(outbuf,smb_vwv7,passlen);
- SSVAL(outbuf,smb_vwv8,doencrypt ? ntpasslen : 0);
- p = smb_buf(outbuf);
- memcpy(p,pword,passlen); p += SVAL(outbuf,smb_vwv7);
- if(doencrypt)
- memcpy(p,enc_ntpass,ntpasslen); p += SVAL(outbuf,smb_vwv8);
- pstrcpy(p,username);p = skip_string(p,1);
- pstrcpy(p,workgroup);p = skip_string(p,1);
- pstrcpy(p,"Unix");p = skip_string(p,1);
- pstrcpy(p,"Samba");p = skip_string(p,1);
- set_message(outbuf,13,PTR_DIFF(p,smb_buf(outbuf)),False);
- }
-
- send_smb(Client,outbuf);
- client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
- show_msg(inbuf);
-
- if (CVAL(inbuf,smb_rcls) != 0)
- {
- if (! *pass &&
- ((CVAL(inbuf,smb_rcls) == ERRDOS &&
- SVAL(inbuf,smb_err) == ERRnoaccess) ||
- (CVAL(inbuf,smb_rcls) == ERRSRV &&
- SVAL(inbuf,smb_err) == ERRbadpw)))
- {
- got_pass = False;
- DEBUG(3,("resending login\n"));
- if (! no_pass)
- goto get_pass;
- }
-
- DEBUG(0,("Session setup failed for username=%s myname=%s destname=%s %s\n",
- username,global_myname,desthost,smb_errstr(inbuf)));
- DEBUG(0,("You might find the -U, -W or -n options useful\n"));
- DEBUG(0,("Sometimes you have to use `-n USERNAME' (particularly with OS/2)\n"));
- DEBUG(0,("Some servers also insist on uppercase-only passwords\n"));
- if (was_null)
- {
- free(inbuf);
- free(outbuf);
- }
- return(False);
- }
-
- if (Protocol >= PROTOCOL_NT1)
- {
- char *domain,*os,*lanman;
- p = smb_buf(inbuf);
- os = p;
- lanman = skip_string(os,1);
- domain = skip_string(lanman,1);
- if (*domain || *os || *lanman)
- DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",domain,os,lanman));
- }
-
- /* use the returned uid from now on */
- if (SVAL(inbuf,smb_uid) != vuid)
- DEBUG(3,("Server gave us a UID of %d. We gave %d\n",
- SVAL(inbuf,smb_uid),(int)vuid));
- opt.server_vuid = vuid = SVAL(inbuf,smb_uid);
- }
-
- if (opt.sec_mode & 1) {
- if (SVAL(inbuf, smb_vwv2) & 1)
- DEBUG(1,("connected as guest "));
- DEBUG(1,("security=user\n"));
- } else {
- DEBUG(1,("security=share\n"));
- }
-
- /* now we've got a connection - send a tcon message */
- bzero(outbuf,smb_size);
-
- if (strncmp(service,"\\\\",2) != 0)
- {
- DEBUG(0,("\nWarning: Your service name doesn't start with \\\\. This is probably incorrect.\n"));
- DEBUG(0,("Perhaps try replacing each \\ with \\\\ on the command line?\n\n"));
- }
-
-
- again2:
-
- {
- int passlen = strlen(pass)+1;
- fstring pword;
- fstrcpy(pword,pass);
-
- if (doencrypt && *pass) {
- passlen=24;
- SMBencrypt((uchar *)pass,(uchar *)cryptkey,(uchar *)pword);
- }
-
- /* if in user level security then don't send a password now */
- if ((opt.sec_mode & 1)) {
- fstrcpy(pword, ""); passlen=1;
- }
-
- if (Protocol <= PROTOCOL_COREPLUS) {
- set_message(outbuf,0,6 + strlen(service) + passlen + strlen(dev),True);
- CVAL(outbuf,smb_com) = SMBtcon;
- cli_setup_pkt(outbuf);
-
- p = smb_buf(outbuf);
- *p++ = 0x04;
- pstrcpy(p, service);
- p = skip_string(p,1);
- *p++ = 0x04;
- memcpy(p,pword,passlen);
- p += passlen;
- *p++ = 0x04;
- pstrcpy(p, dev);
- }
- else {
- set_message(outbuf,4,2 + strlen(service) + passlen + strlen(dev),True);
- CVAL(outbuf,smb_com) = SMBtconX;
- cli_setup_pkt(outbuf);
-
- SSVAL(outbuf,smb_vwv0,0xFF);
- SSVAL(outbuf,smb_vwv3,passlen);
-
- p = smb_buf(outbuf);
- memcpy(p,pword,passlen);
- p += passlen;
- pstrcpy(p,service);
- p = skip_string(p,1);
- pstrcpy(p,dev);
- }
- }
-
- send_smb(Client,outbuf);
- client_receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
- /* trying again with a blank password */
- if (CVAL(inbuf,smb_rcls) != 0 &&
- (int)strlen(pass) > 0 &&
- !doencrypt &&
- Protocol >= PROTOCOL_LANMAN1)
- {
- DEBUG(2,("first SMBtconX failed, trying again. %s\n",smb_errstr(inbuf)));
- pstrcpy(pass,"");
- goto again2;
- }
-
- if (CVAL(inbuf,smb_rcls) != 0)
- {
- DEBUG(0,("SMBtconX failed. %s\n",smb_errstr(inbuf)));
- DEBUG(0,("Perhaps you are using the wrong sharename, username or password?\n"));
- DEBUG(0,("Some servers insist that these be in uppercase\n"));
- if (was_null)
- {
- free(inbuf);
- free(outbuf);
- }
- return(False);
- }
-
-
- if (Protocol <= PROTOCOL_COREPLUS) {
- max_xmit = SVAL(inbuf,smb_vwv0);
-
- cnum = SVAL(inbuf,smb_vwv1);
- }
- else {
- max_xmit = MIN(max_xmit,BUFFER_SIZE-4);
- if (max_xmit <= 0)
- max_xmit = BUFFER_SIZE - 4;
-
- cnum = SVAL(inbuf,smb_tid);
- }
- opt.max_xmit = max_xmit;
- opt.tid = cnum;
-
- DEBUG(3,("Connected with cnum=%d max_xmit=%d\n",cnum,max_xmit));
-
- if (was_null)
- {
- free(inbuf);
- free(outbuf);
- }
-
- if (options != NULL)
- {
- *options = opt;
- }
-
- return True;
-}
-
-
-/****************************************************************************
-send a logout command
-****************************************************************************/
-void cli_send_logout(char *dum_in, char *dum_out)
-{
- pstring inbuf,outbuf;
-
- DEBUG(5,("cli_send_logout\n"));
-
- bzero(outbuf,smb_size);
- set_message(outbuf,0,0,True);
- CVAL(outbuf,smb_com) = SMBtdis;
- SSVAL(outbuf,smb_tid,cnum);
- cli_setup_pkt(outbuf);
-
- send_smb(Client,outbuf);
- client_receive_smb(Client,inbuf,SHORT_TIMEOUT);
-
- if (CVAL(inbuf,smb_rcls) != 0)
- {
- DEBUG(0,("SMBtdis failed %s\n",smb_errstr(inbuf)));
- }
-
-
-#ifdef STATS
- stats_report();
-#endif
- exit(0);
-}
-
-
-/****************************************************************************
-open the client sockets
-****************************************************************************/
-BOOL cli_open_sockets(int port )
-{
- static int last_port;
- char *host;
- pstring service2;
- extern int Client;
-
- if (port == 0) port=last_port;
- last_port=port;
-
- strupper(service);
-
- if (*desthost)
- {
- host = desthost;
- }
- else
- {
- pstrcpy(service2,service);
- host = strtok(service2,"\\/");
- if (!host) {
- DEBUG(0,("Badly formed host name\n"));
- return(False);
- }
- pstrcpy(desthost,host);
- }
-
- if (!(*global_myname)) {
- get_myname(global_myname,NULL);
- }
- strupper(global_myname);
-
- DEBUG(3,("Opening sockets\n"));
-
- if (!have_ip)
- {
- if(!resolve_name( host, &dest_ip, 0x20))
- {
- DEBUG(0,("cli_open_sockets: Unknown host %s.\n",host));
- return False;
- }
- }
-
- Client = open_socket_out(SOCK_STREAM, &dest_ip, port, LONG_CONNECT_TIMEOUT);
- if (Client == -1)
- return False;
-
- DEBUG(3,("Connected\n"));
-
- set_socket_options(Client,user_socket_options);
-
- return True;
-}
-
-/****************************************************************************
-close and open the connection again
-****************************************************************************/
-BOOL cli_reopen_connection(char *inbuf,char *outbuf)
-{
- static int open_count=0;
-
- open_count++;
-
- if (open_count>5) return(False);
-
- DEBUG(1,("Trying to re-open connection\n"));
-
- set_message(outbuf,0,0,True);
- SCVAL(outbuf,smb_com,SMBtdis);
- SSVAL(outbuf,smb_tid,cnum);
- cli_setup_pkt(outbuf);
-
- send_smb(Client,outbuf);
- client_receive_smb(Client,inbuf,SHORT_TIMEOUT);
-
- close_sockets();
- if (!cli_open_sockets(0)) return(False);
-
- return(cli_send_login(inbuf,outbuf,True,True,NULL));
-}
-
+++ /dev/null
-/*
- Unix SMB/Netbios implementation.
- Version 2.0.
- LDAP local group database for SAMBA
- Copyright (C) Matthew Chapman 1998
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-*/
-
-#include "includes.h"
-
-#ifdef WITH_LDAP
-
-#include <lber.h>
-#include <ldap.h>
-
-extern int DEBUGLEVEL;
-
-/* Internal state */
-extern LDAP *ldap_struct;
-extern LDAPMessage *ldap_results;
-extern LDAPMessage *ldap_entry;
-
-/* Static structure filled for requests */
-static LOCAL_GRP localgrp;
-
-
-/***************************************************************
- Get group and membership information.
- ****************************************************************/
-
-static LOCAL_GRP *ldapalias_getgrp(LOCAL_GRP *group,
- LOCAL_GRP_MEMBER **members, int *num_membs)
-{
- fstring temp;
- char **values;
- LOCAL_GRP_MEMBER *memblist;
- char *value, *sep;
- int i;
-
- if(!ldap_entry)
- return NULL;
-
- if(!ldap_get_attribute("cn", group->name)) {
- DEBUG(0, ("Missing cn\n"));
- return NULL; }
-
- DEBUG(2,("Retrieving alias [%s]\n", group->name));
-
- if(ldap_get_attribute("rid", temp)) {
- group->rid = strtol(temp, NULL, 16);
- } else {
- DEBUG(0, ("Missing rid\n"));
- return NULL;
- }
-
- if(!ldap_get_attribute("description", group->comment))
- group->comment[0] = 0;
-
- if(!members || !num_membs) {
- ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
- return group;
- }
-
- if(values = ldap_get_values(ldap_struct, ldap_entry, "member")) {
-
- *num_membs = i = ldap_count_values(values);
- *members = memblist = malloc(i * sizeof(LOCAL_GRP_MEMBER));
-
- do {
- value = values[--i];
-
- if(!(sep = strchr(value, ','))) {
- DEBUG(0, ("Malformed alias member\n"));
- return NULL;
- }
- *(sep++) = 0;
- fstrcpy(memblist[i].name, value);
-
- if(!(value = strchr(sep, ','))) {
- DEBUG(0, ("Malformed alias member\n"));
- return NULL;
- }
- *(value++) = 0;
- string_to_sid(&memblist[i].sid, sep);
-
- if((memblist[i].sid_use = atoi(value))
- >= SID_NAME_UNKNOWN)
- DEBUG(0, ("Invalid SID use in alias"));
-
- } while(i > 0);
-
- ldap_value_free(values);
-
- } else {
- *num_membs = 0;
- *members = NULL;
- }
-
- return group;
-}
-
-
-/************************************************************************
- Queues the necessary modifications to save a LOCAL_GRP structure
- ************************************************************************/
-
-static void ldapalias_grpmods(LOCAL_GRP *group, LDAPMod ***mods, int operation)
-{
- fstring temp;
-
- *mods = NULL;
-
- if(operation == LDAP_MOD_ADD) { /* immutable attributes */
- ldap_make_mod(mods, LDAP_MOD_ADD, "objectClass", "sambaAlias");
- ldap_make_mod(mods, LDAP_MOD_ADD, "cn", group->name);
-
- slprintf(temp, sizeof(temp)-1, "%x", group->rid);
- ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
- }
-
- ldap_make_mod(mods, operation, "description", group->comment);
-}
-
-
-/************************************************************************
- Create a alias member entry
- ************************************************************************/
-
-static BOOL ldapalias_memmods(DOM_SID *user_sid, LDAPMod ***mods,
- int operation)
-{
- pstring member;
- pstring sid_str;
- fstring name;
- uint8 type;
-
- if (lookup_sid(user_sid, name, &type))
- return (False);
- sid_to_string(sid_str, user_sid);
-
- slprintf(member, sizeof(member)-1, "%s,%s,%d", name, sid_str, type);
-
- *mods = NULL;
- ldap_make_mod(mods, operation, "member", member);
- return True;
-}
-
-
-/***************************************************************
- Begin/end smbgrp enumeration.
- ****************************************************************/
-
-static void *ldapalias_enumfirst(BOOL update)
-{
- if (lp_server_role() == ROLE_DOMAIN_NONE)
- return NULL;
-
- if (!ldap_connect())
- return NULL;
-
- ldap_search_for("objectClass=sambaAlias");
-
- return ldap_struct;
-}
-
-static void ldapalias_enumclose(void *vp)
-{
- ldap_disconnect();
-}
-
-
-/*************************************************************************
- Save/restore the current position in a query
- *************************************************************************/
-
-static SMB_BIG_UINT ldapalias_getdbpos(void *vp)
-{
- return (SMB_BIG_UINT)((ulong)ldap_entry);
-}
-
-static BOOL ldapalias_setdbpos(void *vp, SMB_BIG_UINT tok)
-{
- ldap_entry = (LDAPMessage *)((ulong)tok);
- return (True);
-}
-
-
-/*************************************************************************
- Return limited smb_passwd information, and group membership.
- *************************************************************************/
-
-static LOCAL_GRP *ldapalias_getgrpbynam(const char *name,
- LOCAL_GRP_MEMBER **members, int *num_membs)
-{
- fstring filter;
- LOCAL_GRP *ret;
-
- if(!ldap_connect())
- return (False);
-
- slprintf(filter, sizeof(filter)-1,
- "(&(cn=%s)(objectClass=sambaAlias))", name);
- ldap_search_for(filter);
-
- ret = ldapalias_getgrp(&localgrp, members, num_membs);
-
- ldap_disconnect();
- return ret;
-}
-
-static LOCAL_GRP *ldapalias_getgrpbygid(gid_t grp_id,
- LOCAL_GRP_MEMBER **members, int *num_membs)
-{
- fstring filter;
- LOCAL_GRP *ret;
-
- if(!ldap_connect())
- return (False);
-
- slprintf(filter, sizeof(filter)-1,
- "(&(gidNumber=%d)(objectClass=sambaAlias))", grp_id);
- ldap_search_for(filter);
- ret = ldapalias_getgrp(&localgrp, members, num_membs);
-
- ldap_disconnect();
- return ret;
-}
-
-static LOCAL_GRP *ldapalias_getgrpbyrid(uint32 grp_rid,
- LOCAL_GRP_MEMBER **members, int *num_membs)
-{
- fstring filter;
- LOCAL_GRP *ret;
-
- if(!ldap_connect())
- return (False);
-
- slprintf(filter, sizeof(filter)-1,
- "(&(rid=%x)(objectClass=sambaAlias))", grp_rid);
- ldap_search_for(filter);
- ret = ldapalias_getgrp(&localgrp, members, num_membs);
-
- ldap_disconnect();
- return ret;
-}
-
-static LOCAL_GRP *ldapalias_getcurrentgrp(void *vp,
- LOCAL_GRP_MEMBER **members, int *num_membs)
-{
- return ldapalias_getgrp(&localgrp, members, num_membs);
-}
-
-
-/*************************************************************************
- Add/modify/delete aliases.
- *************************************************************************/
-
-static BOOL ldapalias_addgrp(LOCAL_GRP *group)
-{
- LDAPMod **mods;
-
- if (!ldap_allocaterid(&group->rid))
- {
- DEBUG(0,("RID generation failed\n"));
- return (False);
- }
-
- ldapalias_grpmods(group, &mods, LDAP_MOD_ADD);
- return ldap_makemods("cn", group->name, mods, True);
-}
-
-static BOOL ldapalias_modgrp(LOCAL_GRP *group)
-{
- LDAPMod **mods;
-
- ldapalias_grpmods(group, &mods, LDAP_MOD_REPLACE);
- return ldap_makemods("cn", group->name, mods, False);
-}
-
-static BOOL ldapalias_delgrp(uint32 grp_rid)
-{
- fstring filter;
- char *dn;
- int err;
-
- if (!ldap_connect())
- return (False);
-
- slprintf(filter, sizeof(filter)-1,
- "(&(rid=%x)(objectClass=sambaAlias))", grp_rid);
- ldap_search_for(filter);
-
- if (!ldap_entry || !(dn = ldap_get_dn(ldap_struct, ldap_entry)))
- {
- ldap_disconnect();
- return (False);
- }
-
- err = ldap_delete_s(ldap_struct, dn);
- free(dn);
- ldap_disconnect();
-
- if (err != LDAP_SUCCESS)
- {
- DEBUG(0, ("delete: %s\n", ldap_err2string(err)));
- return (False);
- }
-
- return True;
-}
-
-
-/*************************************************************************
- Add users to/remove users from aliases.
- *************************************************************************/
-
-static BOOL ldapalias_addmem(uint32 grp_rid, DOM_SID *user_sid)
-{
- LDAPMod **mods;
- fstring rid_str;
-
- slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
-
- if(!ldapalias_memmods(user_sid, &mods, LDAP_MOD_ADD))
- return (False);
-
- return ldap_makemods("rid", rid_str, mods, False);
-}
-
-static BOOL ldapalias_delmem(uint32 grp_rid, DOM_SID *user_sid)
-{
- LDAPMod **mods;
- fstring rid_str;
-
- slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
-
- if(!ldapalias_memmods(user_sid, &mods, LDAP_MOD_DELETE))
- return (False);
-
- return ldap_makemods("rid", rid_str, mods, False);
-}
-
-
-/*************************************************************************
- Return aliases that a user is in.
- *************************************************************************/
-
-static BOOL ldapalias_getusergroups(const char *name, LOCAL_GRP **groups,
- int *num_grps)
-{
- LOCAL_GRP *grouplist;
- fstring filter;
- int i;
-
- if(!ldap_connect())
- return (False);
-
- slprintf(filter, sizeof(pstring)-1,
- "(&(member=%s,*)(objectclass=sambaAlias))", name);
- ldap_search_for(filter);
-
- *num_grps = i = ldap_count_entries(ldap_struct, ldap_results);
-
- if(!i) {
- *groups = NULL;
- ldap_disconnect();
- return (True);
- }
-
- *groups = grouplist = malloc(i * sizeof(LOCAL_GRP));
- do {
- i--;
- } while(ldapalias_getgrp(&grouplist[i], NULL, NULL) && (i > 0));
-
- ldap_disconnect();
- return (True);
-}
-
-
-static struct aliasdb_ops ldapalias_ops =
-{
- ldapalias_enumfirst,
- ldapalias_enumclose,
- ldapalias_getdbpos,
- ldapalias_setdbpos,
-
- ldapalias_getgrpbynam,
- ldapalias_getgrpbygid,
- ldapalias_getgrpbyrid,
- ldapalias_getcurrentgrp,
-
- ldapalias_addgrp,
- ldapalias_modgrp,
- ldapalias_delgrp,
-
- ldapalias_addmem,
- ldapalias_delmem,
-
- ldapalias_getusergroups
-};
-
-struct aliasdb_ops *ldap_initialise_alias_db(void)
-{
- return &ldapalias_ops;
-}
-
-#else
- void aliasldap_dummy_function(void);
- void aliasldap_dummy_function(void) { } /* stop some compilers complaining */
-#endif
-
+++ /dev/null
-/*
- * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
- * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-
-#ifdef USE_SMBUNIX_DB
-
-extern int DEBUGLEVEL;
-
-
-extern DOM_SID global_sam_sid;
-extern fstring global_sam_name;
-
-struct unix_entries
-{
- struct group *grps;
- int num_grps;
- int grp_idx;
-};
-
-/***************************************************************
- Start to enumerate the alspasswd list. Returns a void pointer
- to ensure no modification outside this module.
-****************************************************************/
-
-static void *startalsunixpwent(BOOL update)
-{
- struct unix_entries *grps;
- grps = (struct unix_entries*)malloc(sizeof(struct unix_entries));
-
- if (grps == NULL)
- {
- return NULL;
- }
-
- if (!get_unix_grps(&grps->num_grps, &grps->grps))
- {
- free(grps);
- return NULL;
- }
-
- grps->grp_idx = 0;
-
- return (void*)grps;
-}
-
-/***************************************************************
- End enumeration of the alspasswd list.
-****************************************************************/
-
-static void endalsunixpwent(void *vp)
-{
- struct unix_entries *grps = (struct unix_entries *)vp;
-
- if (grps != NULL)
- {
- free_unix_grps(grps->num_grps, grps->grps);
- free(vp);
- }
-}
-
-/*************************************************************************
- Return the current position in the alspasswd list as an SMB_BIG_UINT.
- This must be treated as an opaque token.
-*************************************************************************/
-static SMB_BIG_UINT getalsunixpwpos(void *vp)
-{
- return (SMB_BIG_UINT)0;
-}
-
-/*************************************************************************
- Set the current position in the alspasswd list from an SMB_BIG_UINT.
- This must be treated as an opaque token.
-*************************************************************************/
-static BOOL setalsunixpwpos(void *vp, SMB_BIG_UINT tok)
-{
- return False;
-}
-
-/*************************************************************************
- Routine to return the next entry in the smbdomainalias list.
- *************************************************************************/
-BOOL get_unixalias_members(struct group *grp,
- int *num_mem, LOCAL_GRP_MEMBER **members)
-{
- int i;
- char *unix_name;
-
- if (num_mem == NULL || members == NULL)
- {
- return False;
- }
-
- (*num_mem) = 0;
- (*members) = NULL;
-
- for (i = 0; (unix_name = grp->gr_mem[i]) != NULL; i++)
- {
- fstring name;
- DOM_NAME_MAP gmep;
- LOCAL_GRP_MEMBER *mem;
-
- fstrcpy(name, unix_name);
-
- if (!lookupsmbpwnam (name, &gmep) &&
- !lookupsmbgrpnam(name, &gmep))
- {
- continue;
- }
-
- if (!sid_front_equal(&global_sam_sid, &gmep.sid))
- {
- DEBUG(0,("alias database: could not resolve name %s (wrong Domain SID)\n",
- name));
- continue;
- }
-
- (*num_mem)++;
- (*members) = Realloc((*members), (*num_mem) * sizeof(LOCAL_GRP_MEMBER));
- if ((*members) == NULL)
- {
- DEBUG(0,("get_unixalias_members: could not realloc LOCAL_GRP_MEMBERs\n"));
- return False;
- }
-
- mem = &(*members)[(*num_mem)-1];
- slprintf(mem->name, sizeof(mem->name)-1, "%s\\%s",
- gmep.nt_domain, gmep.nt_name);
- sid_copy(&mem->sid, &gmep.sid);
- mem->sid_use = gmep.type;
-
- DEBUG(10,("get_unixalias_members: adding alias %s\n",
- mem->name));
- }
- return True;
-}
-
-/*************************************************************************
- Routine to return the next entry in the domain alias list.
-
- when we are a PDC or BDC, then unix groups that are explicitly NOT mapped
- to aliases are treated as DOMAIN groups (see groupunix.c).
-
- when we are a member of a domain (not a PDC or BDC) then unix groups
- that are explicitly NOT mapped to aliases (map_alias_gid) are treated
- as LOCAL groups.
-
- the reasoning behind this is to make it as simple as possible (not an easy
- task) for people to set up a domain-aware samba server, in each role that
- the server can take.
-
- *************************************************************************/
-static LOCAL_GRP *getalsunixpwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem)
-{
- /* Static buffers we will return. */
- static LOCAL_GRP gp_buf;
- struct group unix_grp;
- struct unix_entries *grps = (struct unix_entries *)vp;
-
- if (lp_server_role() == ROLE_DOMAIN_NONE)
- {
- /*
- * no domain role, no domain aliases (or domain groups,
- * but that's dealt with by groupdb...).
- */
-
- return NULL;
- }
-
- aldb_init_als(&gp_buf);
-
- /* get array of unix names + gids. this function does NOT
- get a copy of the unix group members
- */
-
- /* cycle through unix groups */
- for (; grps->grp_idx < grps->num_grps; grps->grp_idx++)
- {
- DOM_NAME_MAP gmep;
- fstring sid_str;
-
- memcpy(&unix_grp, &grps->grps[grps->grp_idx], sizeof(unix_grp));
-
- DEBUG(10,("getgrpunixpwent: enum unix group entry %s\n",
- unix_grp.gr_name));
-
- if (!lookupsmbgrpgid(unix_grp.gr_gid, &gmep))
- {
- continue;
- }
-
- sid_to_string(sid_str, &gmep.sid);
- DEBUG(10,("group %s found, sid %s type %d\n",
- gmep.nt_name, sid_str, gmep.type));
-
- if (gmep.type != SID_NAME_ALIAS)
- {
- continue;
- }
-
- sid_split_rid(&gmep.sid, &gp_buf.rid);
- if (!sid_equal(&global_sam_sid, &gmep.sid))
- {
- continue;
- }
-
- fstrcpy(gp_buf.name, gmep.nt_name);
- break;
- }
-
- if (grps->grp_idx >= grps->num_grps)
- {
- return NULL;
- }
-
- /* get the user's domain aliases. there are a maximum of 32 */
-
- if (mem != NULL && num_mem != NULL)
- {
- (*mem) = NULL;
- (*num_mem) = 0;
-
- memcpy(&unix_grp, getgrgid(unix_grp.gr_gid), sizeof(unix_grp));
- get_unixalias_members(&unix_grp, num_mem, mem);
- }
-
- {
- pstring linebuf;
- make_alias_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem);
- DEBUG(10,("line: '%s'\n", linebuf));
- }
-
- grps->grp_idx++; /* advance so next enum gets next entry */
- return &gp_buf;
-}
-
-/************************************************************************
- Routine to add an entry to the alspasswd file.
-*************************************************************************/
-
-static BOOL add_alsunixgrp_entry(LOCAL_GRP *newals)
-{
- DEBUG(0, ("add_alsunixgrp_entry: NOT IMPLEMENTED\n"));
- return False;
-}
-
-/************************************************************************
- Routine to search the alspasswd file for an entry matching the aliasname.
- and then modify its alias entry.
-************************************************************************/
-
-static BOOL mod_alsunixgrp_entry(LOCAL_GRP* als)
-{
- DEBUG(0, ("mod_alsunixgrp_entry: NOT IMPLEMENTED\n"));
- return False;
-}
-
-/************************************************************************
- Routine to search the grppasswd file for an entry matching the rid.
- and then delete it.
-************************************************************************/
-
-static BOOL del_alsunixgrp_entry(uint32 rid)
-{
- DEBUG(0, ("del_alsunixgrp_entry: NOT IMPLEMENTED\n"));
- return False;
-}
-
-/************************************************************************
- Routine to add a member to an entry to the grppasswd file.
-*************************************************************************/
-static BOOL add_alsunixgrp_member(uint32 rid, DOM_SID *member_sid)
-{
- DEBUG(0, ("add_alsunixgrp_member: NOT IMPLEMENTED\n"));
- return False;
-}
-
-/************************************************************************
- Routine to delete a member from an entry to the grppasswd file.
-*************************************************************************/
-static BOOL del_alsunixgrp_member(uint32 rid, DOM_SID *member_sid)
-{
- DEBUG(0, ("del_alsunixgrp_member: NOT IMPLEMENTED\n"));
- return False;
-}
-
-
-static struct aliasdb_ops unix_ops =
-{
- startalsunixpwent,
- endalsunixpwent,
- getalsunixpwpos,
- setalsunixpwpos,
-
- iterate_getaliasntnam, /* In aliasdb.c */
- iterate_getaliasgid, /* In aliasdb.c */
- iterate_getaliasrid, /* In aliasdb.c */
- getalsunixpwent,
-
- add_alsunixgrp_entry,
- mod_alsunixgrp_entry,
- del_alsunixgrp_entry,
-
- add_alsunixgrp_member,
- del_alsunixgrp_member,
-
- iterate_getuseraliasntnam /* in aliasdb.c */
-};
-
-struct aliasdb_ops *unix_initialise_alias_db(void)
-{
- return &unix_ops;
-}
-
-#else
- /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
- void unix_alspass_dummy_function(void) { } /* stop some compilers complaining */
-#endif /* USE_SMBPASS_DB */
+++ /dev/null
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- Pasesword and authentication handling
- Copyright (C) Jeremy Allison 1996-1998
- Copyright (C) Luke Kenneth Caseson Leighton 1996-1998
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mases Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "nterr.h"
-
-extern int DEBUGLEVEL;
-
-extern fstring global_sam_name;
-extern DOM_SID global_sam_sid;
-
-/*
- * NOTE. All these functions are abstracted into a structure
- * that points to the correct function for the selected database. JRA.
- */
-
-static struct aliasdb_ops *bidb_ops = NULL;
-
-/***************************************************************
- Initialise the builtin db operations.
-***************************************************************/
-
-BOOL initialise_builtin_db(void)
-{
- if (bidb_ops)
- {
- return True;
- }
-
-#ifdef WITH_NISPLUS
- bidb_ops = nisplus_initialise_builtin_db();
-#elif defined(WITH_LDAP)
- bidb_ops = ldap_initialise_builtin_db();
-#elif defined(USE_SMBUNIX_DB)
- bidb_ops = unix_initialise_builtin_db();
-#endif
-
- return (bidb_ops != NULL);
-}
-
-/*
- * Functions that return/manipulate a LOCAL_GRP.
- */
-
-/************************************************************************
- Utility function to search builtin database by gid: the LOCAL_GRP
- structure does not have a gid member, so we have to convert here
- from gid to builtin rid.
-*************************************************************************/
-LOCAL_GRP *iterate_getbuiltingid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem)
-{
- DOM_NAME_MAP gmep;
- uint32 rid;
- if (!lookupsmbgrpgid(gid, &gmep))
- {
- DEBUG(0,("iterate_getbuiltingid: gid %d does not map to one of our Domain's Aliases\n", gid));
- return NULL;
- }
-
- if (gmep.type != SID_NAME_ALIAS )
- {
- DEBUG(0,("iterate_getbuiltingid: gid %d does not map to one of our Domain's Aliases\n", gid));
- return NULL;
- }
-
- sid_split_rid(&gmep.sid, &rid);
- if (!sid_equal(&gmep.sid, &global_sam_sid))
- {
- DEBUG(0,("iterate_getbuiltingid: gid %d does not map into our Domain SID\n", gid));
- return NULL;
- }
-
- return iterate_getbuiltinrid(rid, mem, num_mem);
-}
-
-/************************************************************************
- Utility function to search builtin database by rid. use this if your database
- does not have search facilities.
-*************************************************************************/
-LOCAL_GRP *iterate_getbuiltinrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem)
-{
- LOCAL_GRP *blt = NULL;
- void *fp = NULL;
-
- DEBUG(10, ("search by rid: 0x%x\n", rid));
-
- /* Open the builtin database file - not for update. */
- fp = startbuiltinent(False);
-
- if (fp == NULL)
- {
- DEBUG(0, ("unable to open builtin database.\n"));
- return NULL;
- }
-
- while ((blt = getbuiltinent(fp, mem, num_mem)) != NULL && blt->rid != rid)
- {
- DEBUG(10,("iterate: %s 0x%x", blt->name, blt->rid));
- }
-
- if (blt != NULL)
- {
- DEBUG(10, ("found builtin %s by rid: 0x%x\n", blt->name, rid));
- }
-
- endbuiltinent(fp);
- return blt;
-}
-
-/************************************************************************
- Utility function to search builtin database by name. use this if your database
- does not have search facilities.
-*************************************************************************/
-LOCAL_GRP *iterate_getbuiltinntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
-{
- LOCAL_GRP *blt = NULL;
- void *fp = NULL;
-
- DEBUG(10, ("search by name: %s\n", name));
-
- /* Open the builtin database file - not for update. */
- fp = startbuiltinent(False);
-
- if (fp == NULL)
- {
- DEBUG(0, ("unable to open builtin database.\n"));
- return NULL;
- }
-
- while ((blt = getbuiltinent(fp, mem, num_mem)) != NULL && !strequal(blt->name, name))
- {
- }
-
- if (blt != NULL)
- {
- DEBUG(10, ("found by name: %s\n", name));
- }
-
- endbuiltinent(fp);
- return blt;
-}
-
-/*************************************************************************
- Routine to return the next entry in the smbdomainbuiltin list.
- *************************************************************************/
-BOOL add_domain_builtin(LOCAL_GRP **blts, int *num_blts, LOCAL_GRP *blt)
-{
- if (blts == NULL || num_blts == NULL || blt == NULL)
- {
- return False;
- }
-
- (*blts) = Realloc((*blts), ((*num_blts)+1) * sizeof(LOCAL_GRP));
- if ((*blts) == NULL)
- {
- return False;
- }
-
- DEBUG(10,("adding builtin %s(%s)\n", blt->name, blt->comment));
-
- fstrcpy((*blts)[(*num_blts)].name , blt->name);
- fstrcpy((*blts)[(*num_blts)].comment, blt->comment);
- (*blts)[(*num_blts)].rid = blt->rid;
-
- (*num_blts)++;
-
- return True;
-}
-
-/*************************************************************************
- checks to see if a user is a member of a domain builtin
- *************************************************************************/
-static BOOL user_is_member(const char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem)
-{
- int i;
- pstring name;
- slprintf(name, sizeof(name)-1, "%s\\%s", global_sam_name, user_name);
-
- for (i = 0; i < num_mem; i++)
- {
- DEBUG(10,("searching against user %s...\n", mem[i].name));
- if (strequal(mem[i].name, name))
- {
- DEBUG(10,("searching for user %s: found\n", name));
- return True;
- }
- }
- DEBUG(10,("searching for user %s: not found\n", name));
- return False;
-}
-
-/*************************************************************************
- gets an array of builtin aliases that a user is in. use this if your database
- does not have search facilities
- *************************************************************************/
-BOOL iterate_getuserbuiltinntnam(const char *user_name, LOCAL_GRP **blts, int *num_blts)
-{
- LOCAL_GRP *blt = NULL;
- LOCAL_GRP_MEMBER *mem = NULL;
- int num_mem = 0;
- void *fp = NULL;
-
- DEBUG(10, ("search for userbuiltin by name: %s\n", user_name));
-
- if (user_name == NULL || blts == NULL || num_blts == NULL)
- {
- return False;
- }
-
- (*blts) = NULL;
- (*num_blts) = 0;
-
- /* Open the builtin database file - not for update. */
- fp = startbuiltinent(False);
-
- if (fp == NULL)
- {
- DEBUG(0, ("unable to open builtin database.\n"));
- return False;
- }
-
- /* iterate through all builtin aliases. search members for required user */
- while ((blt = getbuiltinent(fp, &mem, &num_mem)) != NULL)
- {
- DEBUG(5,("builtin name %s members: %d\n", blt->name, num_mem));
- if (num_mem != 0 && mem != NULL)
- {
- BOOL ret = True;
- if (user_is_member(user_name, mem, num_mem))
- {
- ret = add_domain_builtin(blts, num_blts, blt);
- }
-
- free(mem);
- mem = NULL;
- num_mem = 0;
-
- if (!ret)
- {
- (*num_blts) = 0;
- break;
- }
- }
- }
-
- if ((*num_blts) != 0)
- {
- DEBUG(10, ("found %d user builtin aliases:\n", (*num_blts)));
- }
-
- endbuiltinent(fp);
- return True;
-}
-
-/*************************************************************************
- gets an array of builtin aliases that a user is in. use this if your database
- does not have search facilities
- *************************************************************************/
-BOOL enumdombuiltins(LOCAL_GRP **blts, int *num_blts)
-{
- LOCAL_GRP *blt = NULL;
- void *fp = NULL;
-
- DEBUG(10, ("enum user builtin aliases\n"));
-
- if (blts == NULL || num_blts == NULL)
- {
- return False;
- }
-
- (*blts) = NULL;
- (*num_blts) = 0;
-
- /* Open the builtin database file - not for update. */
- fp = startbuiltinent(False);
-
- if (fp == NULL)
- {
- DEBUG(0, ("unable to open builtin database.\n"));
- return False;
- }
-
- /* iterate through all builtin aliases. */
- while ((blt = getbuiltinent(fp, NULL, NULL)) != NULL)
- {
- if (!add_domain_builtin(blts, num_blts, blt))
- {
- DEBUG(0,("unable to add builtin while enumerating\n"));
- return False;
- }
- }
-
- if ((*num_blts) != 0)
- {
- DEBUG(10, ("found %d user builtin aliases:\n", (*num_blts)));
- }
-
- endbuiltinent(fp);
- return True;
-}
-
-/***************************************************************
- Start to enumerate the builtin database list. Returns a void pointer
- to ensure no modification outside this module.
-****************************************************************/
-
-void *startbuiltinent(BOOL update)
-{
- return bidb_ops->startaliasent(update);
-}
-
-/***************************************************************
- End enumeration of the builtin database list.
-****************************************************************/
-
-void endbuiltinent(void *vp)
-{
- bidb_ops->endaliasent(vp);
-}
-
-/*************************************************************************
- Routine to return the next entry in the builtin database list.
- *************************************************************************/
-
-LOCAL_GRP *getbuiltinent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem)
-{
- return bidb_ops->getaliasent(vp, mem, num_mem);
-}
-
-/************************************************************************
- Routine to add an entry to the builtin database file.
-*************************************************************************/
-
-BOOL add_builtin_entry(LOCAL_GRP *newblt)
-{
- return bidb_ops->add_alias_entry(newblt);
-}
-
-/************************************************************************
- Routine to search the builtin database file for an entry matching the builtinname.
- and then replace the entry.
-************************************************************************/
-
-BOOL mod_builtin_entry(LOCAL_GRP* blt)
-{
- return bidb_ops->mod_alias_entry(blt);
-}
-
-/************************************************************************
- Routine to add a member to an entry in the builtin database file.
-*************************************************************************/
-BOOL add_builtin_member(uint32 rid, DOM_SID *member_sid)
-{
- return bidb_ops->add_alias_member(rid, member_sid);
-}
-
-/************************************************************************
- Routine to delete a member from an entry in the builtindatabase file.
-*************************************************************************/
-BOOL del_builtin_member(uint32 rid, DOM_SID *member_sid)
-{
- return bidb_ops->del_alias_member(rid, member_sid);
-}
-
-/************************************************************************
- Routine to search builtin database by name.
-*************************************************************************/
-
-LOCAL_GRP *getbuiltinntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
-{
- return bidb_ops->getaliasntnam(name, mem, num_mem);
-}
-
-/************************************************************************
- Routine to search builtin database by builtin rid.
-*************************************************************************/
-
-LOCAL_GRP *getbuiltinrid(uint32 builtin_rid, LOCAL_GRP_MEMBER **mem, int *num_mem)
-{
- return bidb_ops->getaliasrid(builtin_rid, mem, num_mem);
-}
-
-/************************************************************************
- Routine to search builtin database by gid.
-*************************************************************************/
-
-LOCAL_GRP *getbuiltingid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem)
-{
- return bidb_ops->getaliasgid(gid, mem, num_mem);
-}
-
-/*************************************************************************
- gets an array of builtin aliases that a user is in.
- *************************************************************************/
-BOOL getuserbuiltinntnam(const char *user_name, LOCAL_GRP **blt, int *num_blts)
-{
- return bidb_ops->getuseraliasntnam(user_name, blt, num_blts);
-}
-
-/*************************************************************
- initialises a LOCAL_GRP.
- **************************************************************/
-void bidb_init_blt(LOCAL_GRP *blt)
-{
- if (blt == NULL) return;
- ZERO_STRUCTP(blt);
-}
-
-/*************************************************************
- turns an builtin entry into a string.
- **************************************************************/
-BOOL make_builtin_line(char *p, int max_len,
- LOCAL_GRP *blt,
- LOCAL_GRP_MEMBER **mem, int *num_mem)
-{
- int i;
- int len;
- len = slprintf(p, max_len-1, "%s:%s:%d:", blt->name, blt->comment, blt->rid);
-
- if (len == -1)
- {
- DEBUG(0,("make_builtin_line: cannot create entry\n"));
- return False;
- }
-
- p += len;
- max_len -= len;
-
- if (mem == NULL || num_mem == NULL)
- {
- return True;
- }
-
- for (i = 0; i < (*num_mem); i++)
- {
- len = strlen((*mem)[i].name);
- p = safe_strcpy(p, (*mem)[i].name, max_len);
-
- if (p == NULL)
- {
- DEBUG(0, ("make_builtin_line: out of space for builtin aliases!\n"));
- return False;
- }
-
- max_len -= len;
-
- if (i != (*num_mem)-1)
- {
- *p = ',';
- p++;
- max_len--;
- }
- }
-
- return True;
-}
+++ /dev/null
-/*
- Unix SMB/Netbios implementation.
- Version 2.0.
- LDAP builtin group database for SAMBA
- Copyright (C) Matthew Chapman 1998
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-*/
-
-#include "includes.h"
-
-#ifdef WITH_LDAP
-
-#include <lber.h>
-#include <ldap.h>
-
-extern int DEBUGLEVEL;
-
-/* Internal state */
-extern LDAP *ldap_struct;
-extern LDAPMessage *ldap_results;
-extern LDAPMessage *ldap_entry;
-
-/* Static structure filled for requests */
-static LOCAL_GRP localgrp;
-
-
-/***************************************************************
- Get group and membership information.
- ****************************************************************/
-
-static LOCAL_GRP *ldapbuiltin_getgrp(LOCAL_GRP *group,
- LOCAL_GRP_MEMBER **members, int *num_membs)
-{
- fstring temp;
- char **values;
- LOCAL_GRP_MEMBER *memblist;
- char *value, *sep;
- int i;
-
- if(!ldap_entry)
- return NULL;
-
- if(!ldap_get_attribute("cn", group->name)) {
- DEBUG(0, ("Missing cn\n"));
- return NULL; }
-
- DEBUG(2,("Retrieving builtin alias [%s]\n", group->name));
-
- if(ldap_get_attribute("rid", temp)) {
- group->rid = strtol(temp, NULL, 16);
- } else {
- DEBUG(0, ("Missing rid\n"));
- return NULL;
- }
-
- if(!ldap_get_attribute("description", group->comment))
- group->comment[0] = 0;
-
- if(!members || !num_membs) {
- ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
- return group;
- }
-
- if(values = ldap_get_values(ldap_struct, ldap_entry, "member")) {
-
- *num_membs = i = ldap_count_values(values);
- *members = memblist = malloc(i * sizeof(LOCAL_GRP_MEMBER));
-
- do {
- value = values[--i];
-
- if(!(sep = strchr(value, ','))) {
- DEBUG(0, ("Malformed alias member\n"));
- return NULL;
- }
- *(sep++) = 0;
- fstrcpy(memblist[i].name, value);
-
- if(!(value = strchr(sep, ','))) {
- DEBUG(0, ("Malformed alias member\n"));
- return NULL;
- }
- *(value++) = 0;
- string_to_sid(&memblist[i].sid, sep);
-
- if((memblist[i].sid_use = atoi(value))
- >= SID_NAME_UNKNOWN)
- DEBUG(0, ("Invalid SID use in alias"));
-
- } while(i > 0);
-
- ldap_value_free(values);
-
- } else {
- *num_membs = 0;
- *members = NULL;
- }
-
- return group;
-}
-
-
-/************************************************************************
- Queues the necessary modifications to save a LOCAL_GRP structure
- ************************************************************************/
-
-static void ldapbuiltin_grpmods(LOCAL_GRP *group, LDAPMod ***mods,
- int operation)
-{
- fstring temp;
-
- *mods = NULL;
-
- if(operation == LDAP_MOD_ADD) { /* immutable attributes */
- ldap_make_mod(mods, LDAP_MOD_ADD, "objectClass", "sambaBuiltin");
- ldap_make_mod(mods, LDAP_MOD_ADD, "cn", group->name);
-
- slprintf(temp, sizeof(temp)-1, "%x", group->rid);
- ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
- }
-
- ldap_make_mod(mods, operation, "description", group->comment);
-}
-
-
-/************************************************************************
- Create a builtin alias member entry
- ************************************************************************/
-
-static BOOL ldapbuiltin_memmods(DOM_SID *user_sid, LDAPMod ***mods,
- int operation)
-{
- pstring member;
- pstring sid_str;
- fstring name;
- uint8 type;
-
- if (lookup_sid(user_sid, name, &type))
- return (False);
- sid_to_string(sid_str, user_sid);
-
- slprintf(member, sizeof(member)-1, "%s,%s,%d", name, sid_str, type);
-
- *mods = NULL;
- ldap_make_mod(mods, operation, "member", member);
- return True;
-}
-
-
-/***************************************************************
- Begin/end smbgrp enumeration.
- ****************************************************************/
-
-static void *ldapbuiltin_enumfirst(BOOL update)
-{
- if (lp_server_role() == ROLE_DOMAIN_NONE)
- return NULL;
-
- if (!ldap_connect())
- return NULL;
-
- ldap_search_for("objectClass=sambaBuiltin");
-
- return ldap_struct;
-}
-
-static void ldapbuiltin_enumclose(void *vp)
-{
- ldap_disconnect();
-}
-
-
-/*************************************************************************
- Save/restore the current position in a query
- *************************************************************************/
-
-static SMB_BIG_UINT ldapbuiltin_getdbpos(void *vp)
-{
- return (SMB_BIG_UINT)((ulong)ldap_entry);
-}
-
-static BOOL ldapbuiltin_setdbpos(void *vp, SMB_BIG_UINT tok)
-{
- ldap_entry = (LDAPMessage *)((ulong)tok);
- return (True);
-}
-
-
-/*************************************************************************
- Return limited smb_passwd information, and group membership.
- *************************************************************************/
-
-static LOCAL_GRP *ldapbuiltin_getgrpbynam(const char *name,
- LOCAL_GRP_MEMBER **members, int *num_membs)
-{
- fstring filter;
- LOCAL_GRP *ret;
-
- if(!ldap_connect())
- return (False);
-
- slprintf(filter, sizeof(filter)-1,
- "(&(cn=%s)(objectClass=sambaBuiltin))", name);
- ldap_search_for(filter);
-
- ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
-
- ldap_disconnect();
- return ret;
-}
-
-static LOCAL_GRP *ldapbuiltin_getgrpbygid(gid_t grp_id,
- LOCAL_GRP_MEMBER **members, int *num_membs)
-{
- fstring filter;
- LOCAL_GRP *ret;
-
- if(!ldap_connect())
- return (False);
-
- slprintf(filter, sizeof(filter)-1,
- "(&(gidNumber=%d)(objectClass=sambaBuiltin))", grp_id);
- ldap_search_for(filter);
- ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
-
- ldap_disconnect();
- return ret;
-}
-
-static LOCAL_GRP *ldapbuiltin_getgrpbyrid(uint32 grp_rid,
- LOCAL_GRP_MEMBER **members, int *num_membs)
-{
- fstring filter;
- LOCAL_GRP *ret;
-
- if(!ldap_connect())
- return (False);
-
- slprintf(filter, sizeof(filter)-1,
- "(&(rid=%x)(objectClass=sambaBuiltin))", grp_rid);
- ldap_search_for(filter);
- ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
-
- ldap_disconnect();
- return ret;
-}
-
-static LOCAL_GRP *ldapbuiltin_getcurrentgrp(void *vp,
- LOCAL_GRP_MEMBER **members, int *num_membs)
-{
- return ldapbuiltin_getgrp(&localgrp, members, num_membs);
-}
-
-
-/*************************************************************************
- Add/modify/delete builtin aliases.
- *************************************************************************/
-
-static BOOL ldapbuiltin_addgrp(LOCAL_GRP *group)
-{
- LDAPMod **mods;
-
- if (!ldap_allocaterid(&group->rid))
- {
- DEBUG(0,("RID generation failed\n"));
- return (False);
- }
-
- ldapbuiltin_grpmods(group, &mods, LDAP_MOD_ADD);
- return ldap_makemods("cn", group->name, mods, True);
-}
-
-static BOOL ldapbuiltin_modgrp(LOCAL_GRP *group)
-{
- LDAPMod **mods;
-
- ldapbuiltin_grpmods(group, &mods, LDAP_MOD_REPLACE);
- return ldap_makemods("cn", group->name, mods, False);
-}
-
-static BOOL ldapbuiltin_delgrp(uint32 grp_rid)
-{
- fstring filter;
- char *dn;
- int err;
-
- if (!ldap_connect())
- return (False);
-
- slprintf(filter, sizeof(filter)-1,
- "(&(rid=%x)(objectClass=sambaBuiltin))", grp_rid);
- ldap_search_for(filter);
-
- if (!ldap_entry || !(dn = ldap_get_dn(ldap_struct, ldap_entry)))
- {
- ldap_disconnect();
- return (False);
- }
-
- err = ldap_delete_s(ldap_struct, dn);
- free(dn);
- ldap_disconnect();
-
- if (err != LDAP_SUCCESS)
- {
- DEBUG(0, ("delete: %s\n", ldap_err2string(err)));
- return (False);
- }
-
- return True;
-}
-
-
-/*************************************************************************
- Add users to/remove users from aliases.
- *************************************************************************/
-
-static BOOL ldapbuiltin_addmem(uint32 grp_rid, DOM_SID *user_sid)
-{
- LDAPMod **mods;
- fstring rid_str;
-
- slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
-
- if(!ldapbuiltin_memmods(user_sid, &mods, LDAP_MOD_ADD))
- return (False);
-
- return ldap_makemods("rid", rid_str, mods, False);
-}
-
-static BOOL ldapbuiltin_delmem(uint32 grp_rid, DOM_SID *user_sid)
-{
- LDAPMod **mods;
- fstring rid_str;
-
- slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
-
- if(!ldapbuiltin_memmods(user_sid, &mods, LDAP_MOD_DELETE))
- return (False);
-
- return ldap_makemods("rid", rid_str, mods, False);
-}
-
-
-/*************************************************************************
- Return builtin aliases that a user is in.
- *************************************************************************/
-
-static BOOL ldapbuiltin_getusergroups(const char *name,
- LOCAL_GRP **groups, int *num_grps)
-{
- LOCAL_GRP *grouplist;
- fstring filter;
- int i;
-
- if(!ldap_connect())
- return (False);
-
- slprintf(filter, sizeof(pstring)-1,
- "(&(member=%s,*)(objectclass=sambaBuiltin))", name);
- ldap_search_for(filter);
-
- *num_grps = i = ldap_count_entries(ldap_struct, ldap_results);
-
- if(!i) {
- *groups = NULL;
- ldap_disconnect();
- return (True);
- }
-
- *groups = grouplist = malloc(i * sizeof(LOCAL_GRP));
- do {
- i--;
- } while(ldapbuiltin_getgrp(&grouplist[i], NULL, NULL) && (i > 0));
-
- ldap_disconnect();
- return (True);
-}
-
-
-static struct aliasdb_ops ldapbuiltin_ops =
-{
- ldapbuiltin_enumfirst,
- ldapbuiltin_enumclose,
- ldapbuiltin_getdbpos,
- ldapbuiltin_setdbpos,
-
- ldapbuiltin_getgrpbynam,
- ldapbuiltin_getgrpbygid,
- ldapbuiltin_getgrpbyrid,
- ldapbuiltin_getcurrentgrp,
-
- ldapbuiltin_addgrp,
- ldapbuiltin_modgrp,
- ldapbuiltin_delgrp,
-
- ldapbuiltin_addmem,
- ldapbuiltin_delmem,
-
- ldapbuiltin_getusergroups
-};
-
-struct aliasdb_ops *ldap_initialise_builtin_db(void)
-{
- return &ldapbuiltin_ops;
-}
-
-#else
- void builtinldap_dummy_function(void);
- void builtinldap_dummy_function(void) { } /* stop some compilers complaining */
-#endif
-
+++ /dev/null
-/*
- * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
- * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-
-#ifdef USE_SMBUNIX_DB
-
-extern int DEBUGLEVEL;
-
-struct unix_entries
-{
- struct group *grps;
- int num_grps;
- int grp_idx;
-};
-
-extern DOM_SID global_sid_S_1_5_20;
-extern DOM_SID global_sam_sid;
-extern fstring global_sam_name;
-
-/***************************************************************
- Start to enumerate the bltpasswd list. Returns a void pointer
- to ensure no modification outside this module.
-****************************************************************/
-
-static void *startbltunixpwent(BOOL update)
-{
- struct unix_entries *grps;
- grps = (struct unix_entries*)malloc(sizeof(struct unix_entries));
-
- if (grps == NULL)
- {
- return NULL;
- }
-
- if (!get_unix_grps(&grps->num_grps, &grps->grps))
- {
- free(grps);
- return NULL;
- }
-
- grps->grp_idx = 0;
-
- return (void*)grps;
-}
-
-/***************************************************************
- End enumeration of the bltpasswd list.
-****************************************************************/
-
-static void endbltunixpwent(void *vp)
-{
- struct unix_entries *grps = (struct unix_entries *)vp;
-
- if (grps != NULL)
- {
- free_unix_grps(grps->num_grps, grps->grps);
- free(vp);
- }
-}
-
-/*************************************************************************
- Return the current position in the bltpasswd list as an SMB_BIG_UINT.
- This must be treated as an opaque token.
-*************************************************************************/
-static SMB_BIG_UINT getbltunixpwpos(void *vp)
-{
- return (SMB_BIG_UINT)0;
-}
-
-/*************************************************************************
- Set the current position in the bltpasswd list from an SMB_BIG_UINT.
- This must be treated as an opaque token.
-*************************************************************************/
-static BOOL setbltunixpwpos(void *vp, SMB_BIG_UINT tok)
-{
- return False;
-}
-
-/*************************************************************************
- Routine to return the next entry in the smbdomainbuiltin list.
- *************************************************************************/
-BOOL get_unixbuiltin_members(struct group *grp,
- int *num_mem, LOCAL_GRP_MEMBER **members)
-{
- int i;
- char *unix_name;
-
- if (num_mem == NULL || members == NULL)
- {
- return False;
- }
-
- (*num_mem) = 0;
- (*members) = NULL;
-
- for (i = 0; (unix_name = grp->gr_mem[i]) != NULL; i++)
- {
- fstring name;
- DOM_NAME_MAP gmep;
- LOCAL_GRP_MEMBER *mem;
-
- fstrcpy(name, unix_name);
-
- if (!lookupsmbpwnam (name, &gmep) &&
- !lookupsmbgrpnam(name, &gmep))
- {
- continue;
- }
-
- if (!sid_front_equal(&global_sam_sid, &gmep.sid))
- {
- DEBUG(0,("builtin database: could not resolve name %s (wrong Domain SID)\n",
- name));
- continue;
- }
-
- (*num_mem)++;
- (*members) = Realloc((*members), (*num_mem) * sizeof(LOCAL_GRP_MEMBER));
- if ((*members) == NULL)
- {
- DEBUG(0,("get_unixbuiltin_members: could not realloc LOCAL_GRP_MEMBERs\n"));
- return False;
- }
-
- mem = &(*members)[(*num_mem)-1];
- slprintf(mem->name, sizeof(mem->name)-1, "%s\\%s",
- gmep.nt_domain, gmep.nt_name);
- sid_copy(&mem->sid, &gmep.sid);
- mem->sid_use = gmep.type;
-
- DEBUG(10,("get_unixbuiltin_members: adding to builtin alias %s\n",
- mem->name));
- }
- return True;
-}
-
-/*************************************************************************
- Routine to return the next entry in the domain builtin list.
-
- when we are a PDC or BDC, then unix groups that are explicitly NOT mapped
- to builtin aliases are treated as DOMAIN groups (see groupunix.c).
-
- when we are a member of a domain (not a PDC or BDC) then unix groups
- that are explicitly NOT mapped to builtin aliases are treated
- as LOCAL groups.
-
- the reasoning behind this is to make it as simple as possible (not an easy
- task) for people to set up a domain-aware samba server, in each role that
- the server can take.
-
- *************************************************************************/
-static LOCAL_GRP *getbltunixpwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem)
-{
- /* Static buffers we will return. */
- static LOCAL_GRP gp_buf;
- struct group unix_grp;
- struct unix_entries *grps = (struct unix_entries *)vp;
-
- if (grps == NULL)
- {
- return NULL;
- }
-
- if (lp_server_role() == ROLE_DOMAIN_NONE)
- {
- /*
- * no domain role, no domain aliases (or domain groups,
- * but that's dealt with by groupdb...).
- */
-
- return NULL;
- }
-
- bidb_init_blt(&gp_buf);
-
- /* get array of unix names + gids. this function does NOT
- get a copy of the unix group members
- */
-
- /* cycle through unix groups */
- for (; grps->grp_idx < grps->num_grps; grps->grp_idx++)
- {
- DOM_NAME_MAP gmep;
- fstring sid_str;
-
- memcpy(&unix_grp, &grps->grps[grps->grp_idx], sizeof(unix_grp));
-
- DEBUG(10,("getgrpunixpwent: enum unix group entry %s\n",
- unix_grp.gr_name));
-
- if (!lookupsmbgrpgid(unix_grp.gr_gid, &gmep))
- {
- continue;
- }
-
- sid_to_string(sid_str, &gmep.sid);
- DEBUG(10,("group %s found, sid %s type %d\n",
- gmep.nt_name, sid_str, gmep.type));
-
- if (gmep.type != SID_NAME_ALIAS)
- {
- continue;
- }
-
- sid_split_rid(&gmep.sid, &gp_buf.rid);
- if (!sid_equal(&global_sam_sid, &gmep.sid))
- {
- continue;
- }
-
- fstrcpy(gp_buf.name, gmep.nt_name);
- break;
- }
-
- if (grps->grp_idx >= grps->num_grps)
- {
- return NULL;
- }
-
- /* get the user's domain aliases. there are a maximum of 32 */
-
- if (mem != NULL && num_mem != NULL)
- {
- (*mem) = NULL;
- (*num_mem) = 0;
-
- memcpy(&unix_grp, getgrgid(unix_grp.gr_gid), sizeof(unix_grp));
- get_unixbuiltin_members(&unix_grp, num_mem, mem);
- }
-
- {
- pstring linebuf;
- make_alias_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem);
- DEBUG(10,("line: '%s'\n", linebuf));
- }
-
- grps->grp_idx++; /* advance so next enum gets next entry */
- return &gp_buf;
-}
-
-/************************************************************************
- Routine to add an entry to the bltpasswd file.
-*************************************************************************/
-
-static BOOL add_bltunixgrp_entry(LOCAL_GRP *newblt)
-{
- DEBUG(0, ("add_bltunixgrp_entry: NOT IMPLEMENTED\n"));
- return False;
-}
-
-/************************************************************************
- Routine to search the bltpasswd file for an entry matching the builtinname.
- and then modify its builtin entry.
-************************************************************************/
-
-static BOOL mod_bltunixgrp_entry(LOCAL_GRP* blt)
-{
- DEBUG(0, ("mod_bltunixgrp_entry: NOT IMPLEMENTED\n"));
- return False;
-}
-
-/************************************************************************
- Routine to add a member to an entry to the bltpasswd file.
-*************************************************************************/
-static BOOL add_bltunixgrp_member(uint32 rid, DOM_SID *member_sid)
-{
- DEBUG(0, ("add_bltunixgrp_member: NOT IMPLEMENTED\n"));
- return False;
-}
-
-/************************************************************************
- Routine to delete a member from an entry to the bltpasswd file.
-*************************************************************************/
-static BOOL del_bltunixgrp_member(uint32 rid, DOM_SID *member_sid)
-{
- DEBUG(0, ("del_bltunixgrp_member: NOT IMPLEMENTED\n"));
- return False;
-}
-
-static struct aliasdb_ops unix_ops =
-{
- startbltunixpwent,
- endbltunixpwent,
- getbltunixpwpos,
- setbltunixpwpos,
-
- iterate_getbuiltinntnam, /* In builtindb.c */
- iterate_getbuiltingid, /* In builtindb.c */
- iterate_getbuiltinrid, /* In builtindb.c */
- getbltunixpwent,
-
- add_bltunixgrp_entry,
- mod_bltunixgrp_entry,
- NULL, /* deliberately NULL: you can't delete builtin aliases */
-
- add_bltunixgrp_member,
- del_bltunixgrp_member,
-
- iterate_getuserbuiltinntnam /* in builtindb.c */
-};
-
-struct aliasdb_ops *unix_initialise_builtin_db(void)
-{
- return &unix_ops;
-}
-
-#else
- /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
- void unix_bltpass_dummy_function(void) { } /* stop some compilers complaining */
-#endif /* USE_SMBPASS_DB */
+++ /dev/null
-/*
- Unix SMB/Netbios implementation.
- Version 2.0.
- LDAP domain group database for SAMBA
- Copyright (C) Matthew Chapman 1998
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-*/
-
-#include "includes.h"
-
-#ifdef WITH_LDAP
-
-#include <lber.h>
-#include <ldap.h>
-
-extern int DEBUGLEVEL;
-extern DOM_SID global_sam_sid;
-
-/* Internal state */
-extern LDAP *ldap_struct;
-extern LDAPMessage *ldap_results;
-extern LDAPMessage *ldap_entry;
-
-/* Static structure filled for requests */
-static DOMAIN_GRP domgrp;
-
-
-/***************************************************************
- Get group and membership information.
- ****************************************************************/
-
-static DOMAIN_GRP *ldapgroup_getgrp(DOMAIN_GRP *group,
- DOMAIN_GRP_MEMBER **members, int *num_membs)
-{
- fstring temp;
- char **values;
- DOMAIN_GRP_MEMBER *memblist;
- char *value, *sep;
- int i;
-
- if(!ldap_entry)
- return NULL;
-
- if(!ldap_get_attribute("cn", group->name)) {
- DEBUG(0, ("Missing cn\n"));
- return NULL; }
-
- DEBUG(2,("Retrieving group [%s]\n", group->name));
-
- if(ldap_get_attribute("rid", temp)) {
- group->rid = strtol(temp, NULL, 16);
- } else {
- DEBUG(0, ("Missing rid\n"));
- return NULL;
- }
-
- if(!ldap_get_attribute("description", group->comment))
- group->comment[0] = 0;
-
- group->attr = 0x7;
-
- if(!members || !num_membs) {
- ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
- return group;
- }
-
- if(values = ldap_get_values(ldap_struct, ldap_entry, "member")) {
-
- *num_membs = i = ldap_count_values(values);
- *members = memblist = malloc(i * sizeof(DOMAIN_GRP_MEMBER));
-
- do {
- value = values[--i];
-
- if(!(sep = strchr(value, ','))) {
- DEBUG(0, ("Malformed group member\n"));
- return NULL;
- }
- *(sep++) = 0;
- fstrcpy(memblist[i].name, value);
-
- if(!(value = strchr(sep, ','))) {
- &
git.samba.org / kai / samba-autobuild / .git / commitdiff