diff options
| author | cvs2svn Import User <samba-bugs@samba.org> | 2002-05-30 20:08:33 +0000 |
|---|---|---|
| committer | cvs2svn Import User <samba-bugs@samba.org> | 2002-05-30 20:08:33 +0000 |
| commit | 25b0ab1d7753e00f73254a3b951b87fbf75f3686 (patch) | |
| tree | 0857c307c57647512cb607e902c1d77e6f4f2f71 | |
| parent | 503dca2692153681871cd278912050b95896783c (diff) | |
| download | samba-25b0ab1d7753e00f73254a3b951b87fbf75f3686.tar.gz samba-25b0ab1d7753e00f73254a3b951b87fbf75f3686.tar.xz samba-25b0ab1d7753e00f73254a3b951b87fbf75f3686.zip | |
This commit was manufactured by cvs2svn to create tagsamba-misc-tags/APPLIANCE_HEAD_PRE_2_2_5_MERGE
'APPLIANCE_HEAD_PRE_2_2_5_MERGE'.
86 files changed, 0 insertions, 12536 deletions
diff --git a/.cvsignore b/.cvsignore deleted file mode 100644 index 30433041802..00000000000 --- a/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -ID -testtmp diff --git a/docs/README.Win2kSP2 b/docs/README.Win2kSP2 deleted file mode 100644 index 49a8fbf4ae1..00000000000 --- a/docs/README.Win2kSP2 +++ /dev/null @@ -1,56 +0,0 @@ -!== -!== README.Win2kSP2 -!== - -Author: Gerald (Jerry) Carter <jerry@samba.org> - -================================================================== - -There are several annoyances with Windows 2000 SP2. One of which -only appears when using a Samba server to host user profiles -to Windows 2000 SP2 clients in a Windows domain. This assumes -that Samba is a member of the domain, but the problem will -likely occur if it is not. - -In order to server profiles successfully to Windows 2000 SP2 -clients (when not operating as a PDC), Samba must have - - nt acl support = no - -added to the file share which houses the roaming profiles. -If this is not done, then the Windows 2000 SP2 client will -complain about not being able to access the profile (Access -Denied) and create multiple copies of it on disk (DOMAIN.user.001, -DOMAIN.user.002, etc...). See the smb.conf(5) man page -for more details on this option. Also note that the "nt acl support" -parameter was formally a global parameter in releases prior -to Samba 2.2.2. - -The following is a minimal profile share - - [profile] - path = /export/profile - create mask = 0600 - directory mask = 0700 - nt acl support = no - read only = no - -The reason for this bug is that the Win2k SP2 client copies -the security descriptor for the profile which contains -the Samba server's SID, and not the domain SID. The client -compares the SID for SAMBA\user and realizes it is -different that the one assigned to DOMAIN\user. Hence the reason -for the "access denied" message. - -By disabling the "nt acl support" parameter, Samba will send -the Win2k client a response to the QuerySecurityDescriptor -trans2 call which causes the client to set a default ACL -for the profile. This default ACL includes - - DOMAIN\user "Full Control" - - -NOTE : This bug does not occur when using winbind to -create accounts on the Samba host for Domain users. - - diff --git a/docs/README.Win32-Viruses b/docs/README.Win32-Viruses deleted file mode 100644 index 07f03360cbc..00000000000 --- a/docs/README.Win32-Viruses +++ /dev/null @@ -1,58 +0,0 @@ -While this article is specific to the recent Nimda worm, -the information can be applied to preventing the spread -of many Win32 viruses. Thanks to the Samba Users Group of Japan -(SUGJ) for this article. -=============================================================================== -Steps againt Nimba Worm for Samba - -Author: HASEGAWA Yosuke -Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp> - -The information in this article applies to - Samba 2.0.x - Samba 2.2.x - Windows 95/98/Me/NT/2000 - -SYMPTOMS - This article has described the measure against Nimba Worm for Samba - server. - -DESCRIPTION - Nimba Worm is infected through the shared disk on a network besides - Microsoft IIS, Internet Explorer and mailer of Outlook series. - - At this time, the worm copies itself by the name *.nws and *.eml on - the shared disk, moreover, by the name of Riched20.dll in the folder - where *.doc file is included. - - To prevent infection through the shared disk offered by Samba, set - up as follows: - ------ -[global] - ... - # This can break Administration installations of Office2k. - # in that case, don't veto the riched20.dll - veto files = /*.eml/*.nws/riched20.dll/ ------ - - Setting up "veto files" parameter, the matched files on the Samba - server are completely hidden from the clients and become impossible - to access them at all. - - In addition to it, the following setting are also pointed out by the - samba-jp:09448 thread: when the - "readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on - a Samba server, it is visible only with "readme.txt" and a dangerous - code may be performed when this file is double-clicked. - - Setting the following, ------ - veto files = /*.{*}/ ------ - no files having CLSID in its file extension can be accessed from any - clients. - -This technical article is created based on the discussion of -samba-jp:09448 and samba-jp:10900 threads. - diff --git a/docs/README.ldap b/docs/README.ldap deleted file mode 100644 index 451e27b8bf3..00000000000 --- a/docs/README.ldap +++ /dev/null @@ -1 +0,0 @@ -The schema file is stored in ../examples/LDAP/samba.schema diff --git a/docs/docbook/.cvsignore b/docs/docbook/.cvsignore deleted file mode 100644 index 04290fcd2eb..00000000000 --- a/docs/docbook/.cvsignore +++ /dev/null @@ -1,4 +0,0 @@ -Makefile -config.cache -config.log -config.status diff --git a/docs/docbook/configure b/docs/docbook/configure deleted file mode 100755 index 26ea4674823..00000000000 --- a/docs/docbook/configure +++ /dev/null @@ -1,1067 +0,0 @@ -#! /bin/sh - -# Guess values for system-dependent variables and create Makefiles. -# Generated automatically using autoconf version 2.13 -# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. -# -# This configure script is free software; the Free Software Foundation -# gives unlimited permission to copy, distribute and modify it. - -# Defaults: -ac_help= -ac_default_prefix=/usr/local -# Any additions from configure.in: -ac_help="$ac_help - --with-sgml-share=DIR change the default location of SGML stylesheets" - -# Initialize some variables set by options. -# The variables have the same names as the options, with -# dashes changed to underlines. -build=NONE -cache_file=./config.cache -exec_prefix=NONE -host=NONE -no_create= -nonopt=NONE -no_recursion= -prefix=NONE -program_prefix=NONE -program_suffix=NONE -program_transform_name=s,x,x, -silent= -site= -srcdir= -target=NONE -verbose= -x_includes=NONE -x_libraries=NONE -bindir='${exec_prefix}/bin' -sbindir='${exec_prefix}/sbin' -libexecdir='${exec_prefix}/libexec' -datadir='${prefix}/share' -sysconfdir='${prefix}/etc' -sharedstatedir='${prefix}/com' -localstatedir='${prefix}/var' -libdir='${exec_prefix}/lib' -includedir='${prefix}/include' -oldincludedir='/usr/include' -infodir='${prefix}/info' -mandir='${prefix}/man' - -# Initialize some other variables. -subdirs= -MFLAGS= MAKEFLAGS= -SHELL=${CONFIG_SHELL-/bin/sh} -# Maximum number of lines to put in a shell here document. -ac_max_here_lines=12 - -ac_prev= -for ac_option -do - - # If the previous option needs an argument, assign it. - if test -n "$ac_prev"; then - eval "$ac_prev=\$ac_option" - ac_prev= - continue - fi - - case "$ac_option" in - -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) ac_optarg= ;; - esac - - # Accept the important Cygnus configure options, so we can diagnose typos. - - case "$ac_option" in - - -bindir | --bindir | --bindi | --bind | --bin | --bi) - ac_prev=bindir ;; - -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) - bindir="$ac_optarg" ;; - - -build | --build | --buil | --bui | --bu) - ac_prev=build ;; - -build=* | --build=* | --buil=* | --bui=* | --bu=*) - build="$ac_optarg" ;; - - -cache-file | --cache-file | --cache-fil | --cache-fi \ - | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) - ac_prev=cache_file ;; - -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ - | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) - cache_file="$ac_optarg" ;; - - -datadir | --datadir | --datadi | --datad | --data | --dat | --da) - ac_prev=datadir ;; - -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ - | --da=*) - datadir="$ac_optarg" ;; - - -disable-* | --disable-*) - ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then - { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } - fi - ac_feature=`echo $ac_feature| sed 's/-/_/g'` - eval "enable_${ac_feature}=no" ;; - - -enable-* | --enable-*) - ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then - { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } - fi - ac_feature=`echo $ac_feature| sed 's/-/_/g'` - case "$ac_option" in - *=*) ;; - *) ac_optarg=yes ;; - esac - eval "enable_${ac_feature}='$ac_optarg'" ;; - - -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ - | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ - | --exec | --exe | --ex) - ac_prev=exec_prefix ;; - -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ - | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ - | --exec=* | --exe=* | --ex=*) - exec_prefix="$ac_optarg" ;; - - -gas | --gas | --ga | --g) - # Obsolete; use --with-gas. - with_gas=yes ;; - - -help | --help | --hel | --he) - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat << EOF -Usage: configure [options] [host] -Options: [defaults in brackets after descriptions] -Configuration: - --cache-file=FILE cache test results in FILE - --help print this message - --no-create do not create output files - --quiet, --silent do not print \`checking...' messages - --version print the version of autoconf that created configure -Directory and file names: - --prefix=PREFIX install architecture-independent files in PREFIX - [$ac_default_prefix] - --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX - [same as prefix] - --bindir=DIR user executables in DIR [EPREFIX/bin] - --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] - --libexecdir=DIR program executables in DIR [EPREFIX/libexec] - --datadir=DIR read-only architecture-independent data in DIR - [PREFIX/share] - --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data in DIR - [PREFIX/com] - --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] - --libdir=DIR object code libraries in DIR [EPREFIX/lib] - --includedir=DIR C header files in DIR [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] - --infodir=DIR info documentation in DIR [PREFIX/info] - --mandir=DIR man documentation in DIR [PREFIX/man] - --srcdir=DIR find the sources in DIR [configure dir or ..] - --program-prefix=PREFIX prepend PREFIX to installed program names - --program-suffix=SUFFIX append SUFFIX to installed program names - --program-transform-name=PROGRAM - run sed PROGRAM on installed program names -EOF - cat << EOF -Host type: - --build=BUILD configure for building on BUILD [BUILD=HOST] - --host=HOST configure for HOST [guessed] - --target=TARGET configure for TARGET [TARGET=HOST] -Features and packages: - --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) - --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] - --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --x-includes=DIR X include files are in DIR - --x-libraries=DIR X library files are in DIR -EOF - if test -n "$ac_help"; then - echo "--enable and --with options recognized:$ac_help" - fi - exit 0 ;; - - -host | --host | --hos | --ho) - ac_prev=host ;; - -host=* | --host=* | --hos=* | --ho=*) - host="$ac_optarg" ;; - - -includedir | --includedir | --includedi | --included | --include \ - | --includ | --inclu | --incl | --inc) - ac_prev=includedir ;; - -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ - | --includ=* | --inclu=* | --incl=* | --inc=*) - includedir="$ac_optarg" ;; - - -infodir | --infodir | --infodi | --infod | --info | --inf) - ac_prev=infodir ;; - -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) - infodir="$ac_optarg" ;; - - -libdir | --libdir | --libdi | --libd) - ac_prev=libdir ;; - -libdir=* | --libdir=* | --libdi=* | --libd=*) - libdir="$ac_optarg" ;; - - -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ - | --libexe | --libex | --libe) - ac_prev=libexecdir ;; - -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ - | --libexe=* | --libex=* | --libe=*) - libexecdir="$ac_optarg" ;; - - -localstatedir | --localstatedir | --localstatedi | --localstated \ - | --localstate | --localstat | --localsta | --localst \ - | --locals | --local | --loca | --loc | --lo) - ac_prev=localstatedir ;; - -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ - | --localstate=* | --localstat=* | --localsta=* | --localst=* \ - | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) - localstatedir="$ac_optarg" ;; - - -mandir | --mandir | --mandi | --mand | --man | --ma | --m) - ac_prev=mandir ;; - -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) - mandir="$ac_optarg" ;; - - -nfp | --nfp | --nf) - # Obsolete; use --without-fp. - with_fp=no ;; - - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c) - no_create=yes ;; - - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) - no_recursion=yes ;; - - -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ - | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ - | --oldin | --oldi | --old | --ol | --o) - ac_prev=oldincludedir ;; - -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ - | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ - | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) - oldincludedir="$ac_optarg" ;; - - -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) - ac_prev=prefix ;; - -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) - prefix="$ac_optarg" ;; - - -program-prefix | --program-prefix | --program-prefi | --program-pref \ - | --program-pre | --program-pr | --program-p) - ac_prev=program_prefix ;; - -program-prefix=* | --program-prefix=* | --program-prefi=* \ - | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) - program_prefix="$ac_optarg" ;; - - -program-suffix | --program-suffix | --program-suffi | --program-suff \ - | --program-suf | --program-su | --program-s) - ac_prev=program_suffix ;; - -program-suffix=* | --program-suffix=* | --program-suffi=* \ - | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) - program_suffix="$ac_optarg" ;; - - -program-transform-name | --program-transform-name \ - | --program-transform-nam | --program-transform-na \ - | --program-transform-n | --program-transform- \ - | --program-transform | --program-transfor \ - | --program-transfo | --program-transf \ - | --program-trans | --program-tran \ - | --progr-tra | --program-tr | --program-t) - ac_prev=program_transform_name ;; - -program-transform-name=* | --program-transform-name=* \ - | --program-transform-nam=* | --program-transform-na=* \ - | --program-transform-n=* | --program-transform-=* \ - | --program-transform=* | --program-transfor=* \ - | --program-transfo=* | --program-transf=* \ - | --program-trans=* | --program-tran=* \ - | --progr-tra=* | --program-tr=* | --program-t=*) - program_transform_name="$ac_optarg" ;; - - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil) - silent=yes ;; - - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) - ac_prev=sbindir ;; - -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ - | --sbi=* | --sb=*) - sbindir="$ac_optarg" ;; - - -sharedstatedir | --sharedstatedir | --sharedstatedi \ - | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ - | --sharedst | --shareds | --shared | --share | --shar \ - | --sha | --sh) - ac_prev=sharedstatedir ;; - -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ - | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ - | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ - | --sha=* | --sh=*) - sharedstatedir="$ac_optarg" ;; - - -site | --site | --sit) - ac_prev=site ;; - -site=* | --site=* | --sit=*) - site="$ac_optarg" ;; - - -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) - ac_prev=srcdir ;; - -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) - srcdir="$ac_optarg" ;; - - -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ - | --syscon | --sysco | --sysc | --sys | --sy) - ac_prev=sysconfdir ;; - -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ - | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) - sysconfdir="$ac_optarg" ;; - - -target | --target | --targe | --targ | --tar | --ta | --t) - ac_prev=target ;; - -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) - target="$ac_optarg" ;; - - -v | -verbose | --verbose | --verbos | --verbo | --verb) - verbose=yes ;; - - -version | --version | --versio | --versi | --vers) - echo "configure generated by autoconf version 2.13" - exit 0 ;; - - -with-* | --with-*) - ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then - { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } - fi - ac_package=`echo $ac_package| sed 's/-/_/g'` - case "$ac_option" in - *=*) ;; - *) ac_optarg=yes ;; - esac - eval "with_${ac_package}='$ac_optarg'" ;; - - -without-* | --without-*) - ac_package=`echo $ac_option|sed -e 's/-*without-//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then - { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } - fi - ac_package=`echo $ac_package| sed 's/-/_/g'` - eval "with_${ac_package}=no" ;; - - --x) - # Obsolete; use --with-x. - with_x=yes ;; - - -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ - | --x-incl | --x-inc | --x-in | --x-i) - ac_prev=x_includes ;; - -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ - | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) - x_includes="$ac_optarg" ;; - - -x-libraries | --x-libraries | --x-librarie | --x-librari \ - | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) - ac_prev=x_libraries ;; - -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ - | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) - x_libraries="$ac_optarg" ;; - - -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } - ;; - - *) - if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then - echo "configure: warning: $ac_option: invalid host type" 1>&2 - fi - if test "x$nonopt" != xNONE; then - { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } - fi - nonopt="$ac_option" - ;; - - esac -done - -if test -n "$ac_prev"; then - { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } -fi - -trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 - -# File descriptor usage: -# 0 standard input -# 1 file creation -# 2 errors and warnings -# 3 some systems may open it to /dev/tty -# 4 used on the Kubota Titan -# 6 checking for... messages and results -# 5 compiler messages saved in config.log -if test "$silent" = yes; then - exec 6>/dev/null -else - exec 6>&1 -fi -exec 5>./config.log - -echo "\ -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. -" 1>&5 - -# Strip out --no-create and --no-recursion so they do not pile up. -# Also quote any args containing shell metacharacters. -ac_configure_args= -for ac_arg -do - case "$ac_arg" in - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c) ;; - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; - *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) - ac_configure_args="$ac_configure_args '$ac_arg'" ;; - *) ac_configure_args="$ac_configure_args $ac_arg" ;; - esac -done - -# NLS nuisances. -# Only set these to C if already set. These must not be set unconditionally -# because not all systems understand e.g. LANG=C (notably SCO). -# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! -# Non-C LC_CTYPE values break the ctype check. -if test "${LANG+set}" = set; then LANG=C; export LANG; fi -if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi -if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi -if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi - -# confdefs.h avoids OS command line length limits that DEFS can exceed. -rm -rf conftest* confdefs.h -# AIX cpp loses on an empty file, so make sure it contains at least a newline. -echo > confdefs.h - -# A filename unique to this package, relative to the directory that -# configure is in, which we can look for to find out if srcdir is correct. -ac_unique_file=global.ent - -# Find the source files, if location was not specified. -if test -z "$srcdir"; then - ac_srcdir_defaulted=yes - # Try the directory containing this script, then its parent. - ac_prog=$0 - ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` - test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. - srcdir=$ac_confdir - if test ! -r $srcdir/$ac_unique_file; then - srcdir=.. - fi -else - ac_srcdir_defaulted=no -fi -if test ! -r $srcdir/$ac_unique_file; then - if test "$ac_srcdir_defaulted" = yes; then - { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } - else - { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } - fi -fi -srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` - -# Prefer explicitly selected file to automatically selected ones. -if test -z "$CONFIG_SITE"; then - if test "x$prefix" != xNONE; then - CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" - else - CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" - fi -fi -for ac_site_file in $CONFIG_SITE; do - if test -r "$ac_site_file"; then - echo "loading site script $ac_site_file" - . "$ac_site_file" - fi -done - -if test -r "$cache_file"; then - echo "loading cache $cache_file" - . $cache_file -else - echo "creating cache $cache_file" - > $cache_file -fi - -ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -ac_exeext= -ac_objext=o -if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then - # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. - if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then - ac_n= ac_c=' -' ac_t=' ' - else - ac_n=-n ac_c= ac_t= - fi -else - ac_n= ac_c='\c' ac_t= -fi - - - -## check for the necesary install tools -## Openjade includes 'onsgmls' while -## the older jade package includes 'nsgmls' -# Extract the first word of "openjade", so it can be a program name with args. -set dummy openjade; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:534: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_path_JADE'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - case "$JADE" in - /*) - ac_cv_path_JADE="$JADE" # Let the user override the test with a path. - ;; - ?:/*) - ac_cv_path_JADE="$JADE" # Let the user override the test with a dos path. - ;; - *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_JADE="$ac_dir/$ac_word" - break - fi - done - IFS="$ac_save_ifs" - ;; -esac -fi -JADE="$ac_cv_path_JADE" -if test -n "$JADE"; then - echo "$ac_t""$JADE" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - - -if test -z "$JADE"; then - # Extract the first word of "jade", so it can be a program name with args. -set dummy jade; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:571: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_path_JADE'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - case "$JADE" in - /*) - ac_cv_path_JADE="$JADE" # Let the user override the test with a path. - ;; - ?:/*) - ac_cv_path_JADE="$JADE" # Let the user override the test with a dos path. - ;; - *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_JADE="$ac_dir/$ac_word" - break - fi - done - IFS="$ac_save_ifs" - ;; -esac -fi -JADE="$ac_cv_path_JADE" -if test -n "$JADE"; then - echo "$ac_t""$JADE" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - - # Extract the first word of "nsgmls", so it can be a program name with args. -set dummy nsgmls; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:606: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_path_NSGMLS'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - case "$NSGMLS" in - /*) - ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a path. - ;; - ?:/*) - ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a dos path. - ;; - *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_NSGMLS="$ac_dir/$ac_word" - break - fi - done - IFS="$ac_save_ifs" - ;; -esac -fi -NSGMLS="$ac_cv_path_NSGMLS" -if test -n "$NSGMLS"; then - echo "$ac_t""$NSGMLS" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - -else - # Extract the first word of "onsgmls", so it can be a program name with args. -set dummy onsgmls; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:642: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_path_NSGMLS'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - case "$NSGMLS" in - /*) - ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a path. - ;; - ?:/*) - ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a dos path. - ;; - *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_NSGMLS="$ac_dir/$ac_word" - break - fi - done - IFS="$ac_save_ifs" - ;; -esac -fi -NSGMLS="$ac_cv_path_NSGMLS" -if test -n "$NSGMLS"; then - echo "$ac_t""$NSGMLS" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - -fi - -# Extract the first word of "htmldoc", so it can be a program name with args. -set dummy htmldoc; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:679: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_path_HTMLDOC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - case "$HTMLDOC" in - /*) - ac_cv_path_HTMLDOC="$HTMLDOC" # Let the user override the test with a path. - ;; - ?:/*) - ac_cv_path_HTMLDOC="$HTMLDOC" # Let the user override the test with a dos path. - ;; - *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_HTMLDOC="$ac_dir/$ac_word" - break - fi - done - IFS="$ac_save_ifs" - ;; -esac -fi -HTMLDOC="$ac_cv_path_HTMLDOC" -if test -n "$HTMLDOC"; then - echo "$ac_t""$HTMLDOC" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - -# Extract the first word of "sgmlspl", so it can be a program name with args. -set dummy sgmlspl; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:714: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_path_SGMLSPL'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - case "$SGMLSPL" in - /*) - ac_cv_path_SGMLSPL="$SGMLSPL" # Let the user override the test with a path. - ;; - ?:/*) - ac_cv_path_SGMLSPL="$SGMLSPL" # Let the user override the test with a dos path. - ;; - *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_SGMLSPL="$ac_dir/$ac_word" - break - fi - done - IFS="$ac_save_ifs" - ;; -esac -fi -SGMLSPL="$ac_cv_path_SGMLSPL" -if test -n "$SGMLSPL"; then - echo "$ac_t""$SGMLSPL" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - -# Extract the first word of "perl", so it can be a program name with args. -set dummy perl; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:749: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - case "$PERL" in - /*) - ac_cv_path_PERL="$PERL" # Let the user override the test with a path. - ;; - ?:/*) - ac_cv_path_PERL="$PERL" # Let the user override the test with a dos path. - ;; - *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_PERL="$ac_dir/$ac_word" - break - fi - done - IFS="$ac_save_ifs" - ;; -esac -fi -PERL="$ac_cv_path_PERL" -if test -n "$PERL"; then - echo "$ac_t""$PERL" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - - -SGML_SHARE="/usr/local/share/sgml" - -# Check whether --with-sgml-share or --without-sgml-share was given. -if test "${with_sgml_share+set}" = set; then - withval="$with_sgml_share" - case "$withval" in - no) SGML_SHARE="" - ;; - yes) - ;; - /*|\\*) - SGML_SHARE="$withval" - ;; - *) - SGML_SHARE="/$withval" - ;; -esac - -fi - -# The Makefile requires docbook2X in the share/sgml directory -if ! test -f $SGML_SHARE/docbook2X/docbook2man-spec.pl ; then - { echo "configure: error: "Unable to find dockbook2X. Make sure it is installed and that the sgml-share path is correct."" 1>&2; exit 1; } -fi - - -DOC_BUILD_DATE=`date '+%d-%m-%Y'` - - -trap '' 1 2 15 -cat > confcache <<\EOF -# This file is a shell script that caches the results of configure -# tests run on this system so they can be shared between configure -# scripts and configure runs. It is not useful on other systems. -# If it contains results you don't want to keep, you may remove or edit it. -# -# By default, configure uses ./config.cache as the cache file, -# creating it if it does not exist already. You can give configure -# the --cache-file=FILE option to use a different cache file; that is -# what configure does when it calls configure scripts in -# subdirectories, so they share the cache. -# Giving --cache-file=/dev/null disables caching, for debugging configure. -# config.status only pays attention to the cache file if you give it the -# --recheck option to rerun configure. -# -EOF -# The following way of writing the cache mishandles newlines in values, -# but we know of no workaround that is simple, portable, and efficient. -# So, don't put newlines in cache variables' values. -# Ultrix sh set writes to stderr and can't be redirected directly, -# and sets the high bit in the cache file unless we assign to the vars. -(set) 2>&1 | - case `(ac_space=' '; set | grep ac_space) 2>&1` in - *ac_space=\ *) - # `set' does not quote correctly, so add quotes (double-quote substitution - # turns \\\\ into \\, and sed turns \\ into \). - sed -n \ - -e "s/'/'\\\\''/g" \ - -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" - ;; - *) - # `set' quotes correctly as required by POSIX, so do not add quotes. - sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' - ;; - esac >> confcache -if cmp -s $cache_file confcache; then - : -else - if test -w $cache_file; then - echo "updating cache $cache_file" - cat confcache > $cache_file - else - echo "not updating unwritable cache $cache_file" - fi -fi -rm -f confcache - -trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 - -test "x$prefix" = xNONE && prefix=$ac_default_prefix -# Let make expand exec_prefix. -test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' - -# Any assignment to VPATH causes Sun make to only execute -# the first set of double-colon rules, so remove it if not needed. -# If there is a colon in the path, we need to keep it. -if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' -fi - -trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 - -# Transform confdefs.h into DEFS. -# Protect against shell expansion while executing Makefile rules. -# Protect against Makefile macro expansion. -cat > conftest.defs <<\EOF -s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%-D\1=\2%g -s%[ `~#$^&*(){}\\|;'"<>?]%\\&%g -s%\[%\\&%g -s%\]%\\&%g -s%\$%$$%g -EOF -DEFS=`sed -f conftest.defs confdefs.h | tr '\012' ' '` -rm -f conftest.defs - - -# Without the "./", some shells look in PATH for config.status. -: ${CONFIG_STATUS=./config.status} - -echo creating $CONFIG_STATUS -rm -f $CONFIG_STATUS -cat > $CONFIG_STATUS <<EOF -#! /bin/sh -# Generated automatically by configure. -# Run this file to recreate the current configuration. -# This directory was configured as follows, -# on host `(hostname || uname -n) 2>/dev/null | sed 1q`: -# -# $0 $ac_configure_args -# -# Compiler output produced by configure, useful for debugging -# configure, is in ./config.log if it exists. - -ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" -for ac_option -do - case "\$ac_option" in - -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) - echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" - exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; - -version | --version | --versio | --versi | --vers | --ver | --ve | --v) - echo "$CONFIG_STATUS generated by autoconf version 2.13" - exit 0 ;; - -help | --help | --hel | --he | --h) - echo "\$ac_cs_usage"; exit 0 ;; - *) echo "\$ac_cs_usage"; exit 1 ;; - esac -done - -ac_given_srcdir=$srcdir - -trap 'rm -fr `echo "Makefile stylesheets/ldp.dsl " | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 -EOF -cat >> $CONFIG_STATUS <<EOF - -# Protect against being on the right side of a sed subst in config.status. -sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g; - s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF -$ac_vpsub -$extrasub -s%@SHELL@%$SHELL%g -s%@CFLAGS@%$CFLAGS%g -s%@CPPFLAGS@%$CPPFLAGS%g -s%@CXXFLAGS@%$CXXFLAGS%g -s%@FFLAGS@%$FFLAGS%g -s%@DEFS@%$DEFS%g -s%@LDFLAGS@%$LDFLAGS%g -s%@LIBS@%$LIBS%g -s%@exec_prefix@%$exec_prefix%g -s%@prefix@%$prefix%g -s%@program_transform_name@%$program_transform_name%g -s%@bindir@%$bindir%g -s%@sbindir@%$sbindir%g -s%@libexecdir@%$libexecdir%g -s%@datadir@%$datadir%g -s%@sysconfdir@%$sysconfdir%g -s%@sharedstatedir@%$sharedstatedir%g -s%@localstatedir@%$localstatedir%g -s%@libdir@%$libdir%g -s%@includedir@%$includedir%g -s%@oldincludedir@%$oldincludedir%g -s%@infodir@%$infodir%g -s%@mandir@%$mandir%g -s%@JADE@%$JADE%g -s%@NSGMLS@%$NSGMLS%g -s%@HTMLDOC@%$HTMLDOC%g -s%@SGMLSPL@%$SGMLSPL%g -s%@PERL@%$PERL%g -s%@SGML_SHARE@%$SGML_SHARE%g -s%@DOC_BUILD_DATE@%$DOC_BUILD_DATE%g - -CEOF -EOF - -cat >> $CONFIG_STATUS <<\EOF - -# Split the substitutions into bite-sized pieces for seds with -# small command number limits, like on Digital OSF/1 and HP-UX. -ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. -ac_file=1 # Number of current file. -ac_beg=1 # First line for current file. -ac_end=$ac_max_sed_cmds # Line after last line for current file. -ac_more_lines=: -ac_sed_cmds="" -while $ac_more_lines; do - if test $ac_beg -gt 1; then - sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file - else - sed "${ac_end}q" conftest.subs > conftest.s$ac_file - fi - if test ! -s conftest.s$ac_file; then - ac_more_lines=false - rm -f conftest.s$ac_file - else - if test -z "$ac_sed_cmds"; then - ac_sed_cmds="sed -f conftest.s$ac_file" - else - ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" - fi - ac_file=`expr $ac_file + 1` - ac_beg=$ac_end - ac_end=`expr $ac_end + $ac_max_sed_cmds` - fi -done -if test -z "$ac_sed_cmds"; then - ac_sed_cmds=cat -fi -EOF - -cat >> $CONFIG_STATUS <<EOF - -CONFIG_FILES=\${CONFIG_FILES-"Makefile stylesheets/ldp.dsl "} -EOF -cat >> $CONFIG_STATUS <<\EOF -for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then - # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". - case "$ac_file" in - *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` - ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; - *) ac_file_in="${ac_file}.in" ;; - esac - - # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. - - # Remove last slash and all that follows it. Not all systems have dirname. - ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` - if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then - # The file is in a subdirectory. - test ! -d "$ac_dir" && mkdir "$ac_dir" - ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" - # A "../" for each directory in $ac_dir_suffix. - ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` - else - ac_dir_suffix= ac_dots= - fi - - case "$ac_given_srcdir" in - .) srcdir=. - if test -z "$ac_dots"; then top_srcdir=. - else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; - /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; - *) # Relative path. - srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" - top_srcdir="$ac_dots$ac_given_srcdir" ;; - esac - - - echo creating "$ac_file" - rm -f "$ac_file" - configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." - case "$ac_file" in - *Makefile*) ac_comsub="1i\\ -# $configure_input" ;; - *) ac_comsub= ;; - esac - - ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` - sed -e "$ac_comsub -s%@configure_input@%$configure_input%g -s%@srcdir@%$srcdir%g -s%@top_srcdir@%$top_srcdir%g -" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file -fi; done -rm -f conftest.s* - -EOF -cat >> $CONFIG_STATUS <<EOF - -EOF -cat >> $CONFIG_STATUS <<\EOF - -exit 0 -EOF -chmod +x $CONFIG_STATUS -rm -fr confdefs* $ac_clean_files -test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 - diff --git a/docs/docbook/configure.in b/docs/docbook/configure.in deleted file mode 100644 index ad0613f2be8..00000000000 --- a/docs/docbook/configure.in +++ /dev/null @@ -1,49 +0,0 @@ -AC_INIT(global.ent) - -## check for the necesary install tools -## Openjade includes 'onsgmls' while -## the older jade package includes 'nsgmls' -AC_PATH_PROG(JADE,openjade) - -if test -z "$JADE"; then - AC_PATH_PROG(JADE,jade) - AC_PATH_PROG(NSGMLS, nsgmls) -else - AC_PATH_PROG(NSGMLS, onsgmls) -fi - -AC_PATH_PROG(HTMLDOC, htmldoc) -AC_PATH_PROG(SGMLSPL, sgmlspl) -AC_PATH_PROG(PERL, perl) - -dnl ---------------------------------------------------------------- -dnl --with-sgml-share -SGML_SHARE="/usr/local/share/sgml" - -AC_ARG_WITH(sgml-share, -[ --with-sgml-share=DIR change the default location of SGML stylesheets], -[case "$withval" in - no) SGML_SHARE="" - ;; - yes) - ;; - /*|\\*) - SGML_SHARE="$withval" - ;; - *) - SGML_SHARE="/$withval" - ;; -esac -])dnl - -# The Makefile requires docbook2X in the share/sgml directory -if [ ! test -f $SGML_SHARE/docbook2X/docbook2man-spec.pl ]; then - AC_MSG_ERROR("Unable to find dockbook2X. Make sure it is installed and that the sgml-share path is correct.") -fi - -AC_SUBST(SGML_SHARE)dnl - -DOC_BUILD_DATE=`date '+%d-%m-%Y'` -AC_SUBST(DOC_BUILD_DATE) - -AC_OUTPUT( Makefile stylesheets/ldp.dsl ) diff --git a/docs/docbook/global.ent b/docs/docbook/global.ent deleted file mode 100644 index 91286de98be..00000000000 --- a/docs/docbook/global.ent +++ /dev/null @@ -1,33 +0,0 @@ -<!-- Global Entities File --> - - -<!-- Email Address' --> -<!ENTITY email.dbannon 'D.Bannon@latrobe.edu.au'> -<!ENTITY email.jmoore 'jmoore@php.net'> -<!ENTITY email.jerry 'jerry@samba.org'> -<!ENTITY email.patches 'samba-patches@samba.org'> - -<!-- URL's --> -<!ENTITY url.samba.cvsinfo 'http://pserver.samba.org/samba/cvs.html'> -<!ENTITY url.pdc-howto.local 'samba-pdc-howto.html'> -<!ENTITY url.samba-tng 'http://www.samba-tng.org'> -<!ENTITY url.samba.doc 'http://bioserve.latrobe.edu.au/samba/'> -<!ENTITY url.ultraedit 'http://www.ultraedit.com'> -<!ENTITY url.vi-windows 'http://home.snafu.de/ramo/WinViEn.htm'> -<!ENTITY url.pfe 'http://www.lancs.ac.uk/people/cpaap/pfe/'> -<!ENTITY url.server-tools.win95 'ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE'> -<!ENTITY url.server-tools.winnt 'ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE'> -<!ENTITY url.tcpdump 'http://www.tcpdump.org/'> -<!ENTITY url.samba 'http://samba.org'> -<!ENTITY url.samba-ldap-howto 'http://www.unav.es/cti/ldap-smb-howto.html'> -<!ENTITY url.samba-tng.home 'http://www.kneschke.de/projekte/samba_tng/'> -<!ENTITY url.samba.mailinglist.ntdom 'http://lists.samba.org/mailman/roster/samba-ntdom'> -<!ENTITY url.samba.cifs 'http://samba.org/cifs/'> -<!ENTITY url.ntdomains-for-unix 'http://mailhost.cb1.com/~lkcl/ntdom/'> -<!ENTITY url.samba.specs.old 'ftp://ftp.microsoft.com/developr/drg/CIFS/'> -<!ENTITY url.rfc.1001 'http://ds.internic.net/rfc/rfc1001.txt'> -<!ENTITY url.rfc.1002 'http://ds.internic.net/rfc/rfc1002.txt'> - -<!-- Misc --> -<!ENTITY samba.pub.cvshost 'pserver.samba.org'> - diff --git a/docs/htmldocs/CVS-Access.html b/docs/htmldocs/CVS-Access.html deleted file mode 100644 index 1329433f1a1..00000000000 --- a/docs/htmldocs/CVS-Access.html +++ /dev/null @@ -1,193 +0,0 @@ -<HTML -><HEAD -><TITLE ->HOWTO Access Samba source code via CVS</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="ARTICLE" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="ARTICLE" -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="CVS-ACCESS" ->HOWTO Access Samba source code via CVS</A -></H1 -><HR></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3" ->Introduction</A -></H1 -><P ->Samba is developed in an open environment. Developers use CVS -(Concurrent Versioning System) to "checkin" (also known as -"commit") new source code. Samba's various CVS branches can -be accessed via anonymous CVS using the instructions -detailed in this chapter.</P -><P ->This document is a modified version of the instructions found at -<A -HREF="http://samba.org/samba/cvs.html" -TARGET="_top" ->http://samba.org/samba/cvs.html</A -></P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN8" ->CVS Access to samba.org</A -></H1 -><P ->The machine samba.org runs a publicly accessible CVS -repository for access to the source code of several packages, -including samba, rsync and jitterbug. There are two main ways of -accessing the CVS server on this host.</P -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN11" ->Access via CVSweb</A -></H2 -><P ->You can access the source code via your -favourite WWW browser. This allows you to access the contents of -individual files in the repository and also to look at the revision -history and commit logs of individual files. You can also ask for a diff -listing between any two versions on the repository.</P -><P ->Use the URL : <A -HREF="http://samba.org/cgi-bin/cvsweb" -TARGET="_top" ->http://samba.org/cgi-bin/cvsweb</A -></P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN16" ->Access via cvs</A -></H2 -><P ->You can also access the source code via a -normal cvs client. This gives you much more control over you can -do with the repository and allows you to checkout whole source trees -and keep them up to date via normal cvs commands. This is the -preferred method of access if you are a developer and not -just a casual browser.</P -><P ->To download the latest cvs source code, point your -browser at the URL : <A -HREF="http://www.cyclic.com/" -TARGET="_top" ->http://www.cyclic.com/</A ->. -and click on the 'How to get cvs' link. CVS is free software under -the GNU GPL (as is Samba). Note that there are several graphical CVS clients -which provide a graphical interface to the sometimes mundane CVS commands. -Links to theses clients are also available from http://www.cyclic.com.</P -><P ->To gain access via anonymous cvs use the following steps. -For this example it is assumed that you want a copy of the -samba source code. For the other source code repositories -on this system just substitute the correct package name</P -><P -></P -><OL -TYPE="1" -><LI -><P -> Install a recent copy of cvs. All you really need is a - copy of the cvs client binary. - </P -></LI -><LI -><P -> Run the command - </P -><P -> <B -CLASS="COMMAND" ->cvs -d :pserver:cvs@samba.org:/cvsroot login</B -> - </P -><P -> When it asks you for a password type <TT -CLASS="USERINPUT" -><B ->cvs</B -></TT ->. - </P -></LI -><LI -><P -> Run the command - </P -><P -> <B -CLASS="COMMAND" ->cvs -d :pserver:cvs@samba.org:/cvsroot co samba</B -> - </P -><P -> This will create a directory called samba containing the - latest samba source code (i.e. the HEAD tagged cvs branch). This - currently corresponds to the 3.0 development tree. - </P -><P -> CVS branches other HEAD can be obtained by using the <TT -CLASS="PARAMETER" -><I ->-r</I -></TT -> - and defining a tag name. A list of branch tag names can be found on the - "Development" page of the samba web site. A common request is to obtain the - latest 2.2 release code. This could be done by using the following command. - </P -><P -> <B -CLASS="COMMAND" ->cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba</B -> - </P -></LI -><LI -><P -> Whenever you want to merge in the latest code changes use - the following command from within the samba directory: - </P -><P -> <B -CLASS="COMMAND" ->cvs update -d -P</B -> - </P -></LI -></OL -></DIV -></DIV -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/ENCRYPTION.html b/docs/htmldocs/ENCRYPTION.html deleted file mode 100644 index e4d3ef5fed2..00000000000 --- a/docs/htmldocs/ENCRYPTION.html +++ /dev/null @@ -1,656 +0,0 @@ -<HTML -><HEAD -><TITLE ->LanMan and NT Password Encryption in Samba 2.x</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="ARTICLE" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="ARTICLE" -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="PWENCRYPT" ->LanMan and NT Password Encryption in Samba 2.x</A -></H1 -><HR></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3" ->Introduction</A -></H1 -><P ->With the development of LanManager and Windows NT - compatible password encryption for Samba, it is now able - to validate user connections in exactly the same way as - a LanManager or Windows NT server.</P -><P ->This document describes how the SMB password encryption - algorithm works and what issues there are in choosing whether - you want to use it. You should read it carefully, especially - the part about security and the "PROS and CONS" section.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN7" ->How does it work?</A -></H1 -><P ->LanManager encryption is somewhat similar to UNIX - password encryption. The server uses a file containing a - hashed value of a user's password. This is created by taking - the user's plaintext password, capitalising it, and either - truncating to 14 bytes or padding to 14 bytes with null bytes. - This 14 byte value is used as two 56 bit DES keys to encrypt - a 'magic' eight byte value, forming a 16 byte value which is - stored by the server and client. Let this value be known as - the "hashed password".</P -><P ->Windows NT encryption is a higher quality mechanism, - consisting of doing an MD4 hash on a Unicode version of the user's - password. This also produces a 16 byte hash value that is - non-reversible.</P -><P ->When a client (LanManager, Windows for WorkGroups, Windows - 95 or Windows NT) wishes to mount a Samba drive (or use a Samba - resource), it first requests a connection and negotiates the - protocol that the client and server will use. In the reply to this - request the Samba server generates and appends an 8 byte, random - value - this is stored in the Samba server after the reply is sent - and is known as the "challenge". The challenge is different for - every client connection.</P -><P ->The client then uses the hashed password (16 byte values - described above), appended with 5 null bytes, as three 56 bit - DES keys, each of which is used to encrypt the challenge 8 byte - value, forming a 24 byte value known as the "response".</P -><P ->In the SMB call SMBsessionsetupX (when user level security - is selected) or the call SMBtconX (when share level security is - selected), the 24 byte response is returned by the client to the - Samba server. For Windows NT protocol levels the above calculation - is done on both hashes of the user's password and both responses are - returned in the SMB call, giving two 24 byte values.</P -><P ->The Samba server then reproduces the above calculation, using - its own stored value of the 16 byte hashed password (read from the - <TT -CLASS="FILENAME" ->smbpasswd</TT -> file - described later) and the challenge - value that it kept from the negotiate protocol reply. It then checks - to see if the 24 byte value it calculates matches the 24 byte value - returned to it from the client.</P -><P ->If these values match exactly, then the client knew the - correct password (or the 16 byte hashed value - see security note - below) and is thus allowed access. If not, then the client did not - know the correct password and is denied access.</P -><P ->Note that the Samba server never knows or stores the cleartext - of the user's password - just the 16 byte hashed values derived from - it. Also note that the cleartext password or 16 byte hashed values - are never transmitted over the network - thus increasing security.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN18" ->Important Notes About Security</A -></H1 -><P ->The unix and SMB password encryption techniques seem similar - on the surface. This similarity is, however, only skin deep. The unix - scheme typically sends clear text passwords over the network when - logging in. This is bad. The SMB encryption scheme never sends the - cleartext password over the network but it does store the 16 byte - hashed values on disk. This is also bad. Why? Because the 16 byte hashed - values are a "password equivalent". You cannot derive the user's - password from them, but they could potentially be used in a modified - client to gain access to a server. This would require considerable - technical knowledge on behalf of the attacker but is perfectly possible. - You should thus treat the smbpasswd file as though it contained the - cleartext passwords of all your users. Its contents must be kept - secret, and the file should be protected accordingly.</P -><P ->Ideally we would like a password scheme which neither requires - plain text passwords on the net or on disk. Unfortunately this - is not available as Samba is stuck with being compatible with - other SMB systems (WinNT, WfWg, Win95 etc). </P -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -BORDER="1" -WIDTH="100%" -><TR -><TD -ALIGN="CENTER" -><B ->Warning</B -></TD -></TR -><TR -><TD -ALIGN="LEFT" -><P ->Note that Windows NT 4.0 Service pack 3 changed the - default for permissible authentication so that plaintext - passwords are <I -CLASS="EMPHASIS" ->never</I -> sent over the wire. - The solution to this is either to switch to encrypted passwords - with Samba or edit the Windows NT registry to re-enable plaintext - passwords. See the document WinNT.txt for details on how to do - this.</P -><P ->Other Microsoft operating systems which also exhibit - this behavior includes</P -><P -></P -><UL -><LI -><P ->MS DOS Network client 3.0 with - the basic network redirector installed</P -></LI -><LI -><P ->Windows 95 with the network redirector - update installed</P -></LI -><LI -><P ->Windows 98 [se]</P -></LI -><LI -><P ->Windows 2000</P -></LI -></UL -><P -><I -CLASS="EMPHASIS" ->Note :</I ->All current release of - Microsoft SMB/CIFS clients support authentication via the - SMB Challenge/Response mechanism described here. Enabling - clear text authentication does not disable the ability - of the client to participate in encrypted authentication.</P -></TD -></TR -></TABLE -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN37" ->Advantages of SMB Encryption</A -></H2 -><P -></P -><UL -><LI -><P ->plain text passwords are not passed across - the network. Someone using a network sniffer cannot just - record passwords going to the SMB server.</P -></LI -><LI -><P ->WinNT doesn't like talking to a server - that isn't using SMB encrypted passwords. It will refuse - to browse the server if the server is also in user level - security mode. It will insist on prompting the user for the - password on each connection, which is very annoying. The - only things you can do to stop this is to use SMB encryption. - </P -></LI -></UL -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN44" ->Advantages of non-encrypted passwords</A -></H2 -><P -></P -><UL -><LI -><P ->plain text passwords are not kept - on disk. </P -></LI -><LI -><P ->uses same password file as other unix - services such as login and ftp</P -></LI -><LI -><P ->you are probably already using other - services (such as telnet and ftp) which send plain text - passwords over the net, so sending them for SMB isn't - such a big deal.</P -></LI -></UL -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN53" -><A -NAME="SMBPASSWDFILEFORMAT" -></A ->The smbpasswd file</A -></H1 -><P ->In order for Samba to participate in the above protocol - it must be able to look up the 16 byte hashed values given a user name. - Unfortunately, as the UNIX password value is also a one way hash - function (ie. it is impossible to retrieve the cleartext of the user's - password given the UNIX hash of it), a separate password file - containing this 16 byte value must be kept. To minimise problems with - these two password files, getting out of sync, the UNIX <TT -CLASS="FILENAME" -> /etc/passwd</TT -> and the <TT -CLASS="FILENAME" ->smbpasswd</TT -> file, - a utility, <B -CLASS="COMMAND" ->mksmbpasswd.sh</B ->, is provided to generate - a smbpasswd file from a UNIX <TT -CLASS="FILENAME" ->/etc/passwd</TT -> file. - </P -><P ->To generate the smbpasswd file from your <TT -CLASS="FILENAME" ->/etc/passwd - </TT -> file use the following command :</P -><P -><TT -CLASS="PROMPT" ->$ </TT -><TT -CLASS="USERINPUT" -><B ->cat /etc/passwd | mksmbpasswd.sh - > /usr/local/samba/private/smbpasswd</B -></TT -></P -><P ->If you are running on a system that uses NIS, use</P -><P -><TT -CLASS="PROMPT" ->$ </TT -><TT -CLASS="USERINPUT" -><B ->ypcat passwd | mksmbpasswd.sh - > /usr/local/samba/private/smbpasswd</B -></TT -></P -><P ->The <B -CLASS="COMMAND" ->mksmbpasswd.sh</B -> program is found in - the Samba source directory. By default, the smbpasswd file is - stored in :</P -><P -><TT -CLASS="FILENAME" ->/usr/local/samba/private/smbpasswd</TT -></P -><P ->The owner of the <TT -CLASS="FILENAME" ->/usr/local/samba/private/</TT -> - directory should be set to root, and the permissions on it should - be set to 0500 (<B -CLASS="COMMAND" ->chmod 500 /usr/local/samba/private</B ->). - </P -><P ->Likewise, the smbpasswd file inside the private directory should - be owned by root and the permissions on is should be set to 0600 - (<B -CLASS="COMMAND" ->chmod 600 smbpasswd</B ->).</P -><P ->The format of the smbpasswd file is (The line has been - wrapped here. It should appear as one entry per line in - your smbpasswd file.)</P -><P -><PRE -CLASS="PROGRAMLISTING" ->username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: - [Account type]:LCT-<last-change-time>:Long name - </PRE -></P -><P ->Although only the <TT -CLASS="REPLACEABLE" -><I ->username</I -></TT ->, - <TT -CLASS="REPLACEABLE" -><I ->uid</I -></TT ->, <TT -CLASS="REPLACEABLE" -><I -> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</I -></TT ->, - [<TT -CLASS="REPLACEABLE" -><I ->Account type</I -></TT ->] and <TT -CLASS="REPLACEABLE" -><I -> last-change-time</I -></TT -> sections are significant - and are looked at in the Samba code.</P -><P ->It is <I -CLASS="EMPHASIS" ->VITALLY</I -> important that there by 32 - 'X' characters between the two ':' characters in the XXX sections - - the smbpasswd and Samba code will fail to validate any entries that - do not have 32 characters between ':' characters. The first XXX - section is for the Lanman password hash, the second is for the - Windows NT version.</P -><P ->When the password file is created all users have password entries - consisting of 32 'X' characters. By default this disallows any access - as this user. When a user has a password set, the 'X' characters change - to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii - representation of the 16 byte hashed value of a user's password.</P -><P ->To set a user to have no password (not recommended), edit the file - using vi, and replace the first 11 characters with the ascii text - <TT -CLASS="CONSTANT" ->"NO PASSWORD"</TT -> (minus the quotes).</P -><P ->For example, to clear the password for user bob, his smbpasswd file - entry would look like :</P -><P -><PRE -CLASS="PROGRAMLISTING" -> bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Bob's full name:/bobhome:/bobshell - </PRE -></P -><P ->If you are allowing users to use the smbpasswd command to set - their own passwords, you may want to give users NO PASSWORD initially - so they do not have to enter a previous password when changing to their - new password (not recommended). In order for you to allow this the - <B -CLASS="COMMAND" ->smbpasswd</B -> program must be able to connect to the - <B -CLASS="COMMAND" ->smbd</B -> daemon as that user with no password. Enable this - by adding the line :</P -><P -><B -CLASS="COMMAND" ->null passwords = yes</B -></P -><P ->to the [global] section of the smb.conf file (this is why - the above scenario is not recommended). Preferably, allocate your - users a default password to begin with, so you do not have - to enable this on your server.</P -><P -><I -CLASS="EMPHASIS" ->Note : </I ->This file should be protected very - carefully. Anyone with access to this file can (with enough knowledge of - the protocols) gain access to your SMB server. The file is thus more - sensitive than a normal unix <TT -CLASS="FILENAME" ->/etc/passwd</TT -> file.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN105" ->The smbpasswd Command</A -></H1 -><P ->The smbpasswd command maintains the two 32 byte password fields - in the smbpasswd file. If you wish to make it similar to the unix - <B -CLASS="COMMAND" ->passwd</B -> or <B -CLASS="COMMAND" ->yppasswd</B -> programs, - install it in <TT -CLASS="FILENAME" ->/usr/local/samba/bin/</TT -> (or your - main Samba binary directory).</P -><P ->Note that as of Samba 1.9.18p4 this program <I -CLASS="EMPHASIS" ->MUST NOT - BE INSTALLED</I -> setuid root (the new <B -CLASS="COMMAND" ->smbpasswd</B -> - code enforces this restriction so it cannot be run this way by - accident).</P -><P -><B -CLASS="COMMAND" ->smbpasswd</B -> now works in a client-server mode - where it contacts the local smbd to change the user's password on its - behalf. This has enormous benefits - as follows.</P -><P -></P -><UL -><LI -><P ->smbpasswd no longer has to be setuid root - - an enormous range of potential security problems is - eliminated.</P -></LI -><LI -><P -><B -CLASS="COMMAND" ->smbpasswd</B -> now has the capability - to change passwords on Windows NT servers (this only works when - the request is sent to the NT Primary Domain Controller if you - are changing an NT Domain user's password).</P -></LI -></UL -><P ->To run smbpasswd as a normal user just type :</P -><P -><TT -CLASS="PROMPT" ->$ </TT -><TT -CLASS="USERINPUT" -><B ->smbpasswd</B -></TT -></P -><P -><TT -CLASS="PROMPT" ->Old SMB password: </TT -><TT -CLASS="USERINPUT" -><B -><type old value here - - or hit return if there was no old password></B -></TT -></P -><P -><TT -CLASS="PROMPT" ->New SMB Password: </TT -><TT -CLASS="USERINPUT" -><B -><type new value> - </B -></TT -></P -><P -><TT -CLASS="PROMPT" ->Repeat New SMB Password: </TT -><TT -CLASS="USERINPUT" -><B -><re-type new value - </B -></TT -></P -><P ->If the old value does not match the current value stored for - that user, or the two new values do not match each other, then the - password will not be changed.</P -><P ->If invoked by an ordinary user it will only allow the user - to change his or her own Samba password.</P -><P ->If run by the root user smbpasswd may take an optional - argument, specifying the user name whose SMB password you wish to - change. Note that when run as root smbpasswd does not prompt for - or check the old password value, thus allowing root to set passwords - for users who have forgotten their passwords.</P -><P -><B -CLASS="COMMAND" ->smbpasswd</B -> is designed to work in the same way - and be familiar to UNIX users who use the <B -CLASS="COMMAND" ->passwd</B -> or - <B -CLASS="COMMAND" ->yppasswd</B -> commands.</P -><P ->For more details on using <B -CLASS="COMMAND" ->smbpasswd</B -> refer - to the man page which will always be the definitive reference.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN144" ->Setting up Samba to support LanManager Encryption</A -></H1 -><P ->This is a very brief description on how to setup samba to - support password encryption. </P -><P -></P -><OL -TYPE="1" -><LI -><P ->compile and install samba as usual</P -></LI -><LI -><P ->enable encrypted passwords in <TT -CLASS="FILENAME" -> smb.conf</TT -> by adding the line <B -CLASS="COMMAND" ->encrypt - passwords = yes</B -> in the [global] section</P -></LI -><LI -><P ->create the initial <TT -CLASS="FILENAME" ->smbpasswd</TT -> - password file in the place you specified in the Makefile - (--prefix=<dir>). See the notes under the <A -HREF="#SMBPASSWDFILEFORMAT" ->The smbpasswd File</A -> - section earlier in the document for details.</P -></LI -></OL -><P ->Note that you can test things using smbclient.</P -></DIV -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/Integrating-with-Windows.html b/docs/htmldocs/Integrating-with-Windows.html deleted file mode 100644 index 7c5fe316272..00000000000 --- a/docs/htmldocs/Integrating-with-Windows.html +++ /dev/null @@ -1,1072 +0,0 @@ -<HTML -><HEAD -><TITLE ->Integrating MS Windows networks with Samba</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="ARTICLE" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="ARTICLE" -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="INTEGRATE-MS-NETWORKS" ->Integrating MS Windows networks with Samba</A -></H1 -><HR></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3" ->Agenda</A -></H1 -><P ->To identify the key functional mechanisms of MS Windows networking -to enable the deployment of Samba as a means of extending and/or -replacing MS Windows NT/2000 technology.</P -><P ->We will examine:</P -><P -></P -><OL -TYPE="1" -><LI -><P ->Name resolution in a pure Unix/Linux TCP/IP - environment - </P -></LI -><LI -><P ->Name resolution as used within MS Windows - networking - </P -></LI -><LI -><P ->How browsing functions and how to deploy stable - and dependable browsing using Samba - </P -></LI -><LI -><P ->MS Windows security options and how to - configure Samba for seemless integration - </P -></LI -><LI -><P ->Configuration of Samba as:</P -><P -></P -><OL -TYPE="a" -><LI -><P ->A stand-alone server</P -></LI -><LI -><P ->An MS Windows NT 3.x/4.0 security domain member - </P -></LI -><LI -><P ->An alternative to an MS Windows NT 3.x/4.0 Domain Controller - </P -></LI -></OL -></LI -></OL -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN25" ->Name Resolution in a pure Unix/Linux world</A -></H1 -><P ->The key configuration files covered in this section are:</P -><P -></P -><UL -><LI -><P -><TT -CLASS="FILENAME" ->/etc/hosts</TT -></P -></LI -><LI -><P -><TT -CLASS="FILENAME" ->/etc/resolv.conf</TT -></P -></LI -><LI -><P -><TT -CLASS="FILENAME" ->/etc/host.conf</TT -></P -></LI -><LI -><P -><TT -CLASS="FILENAME" ->/etc/nsswitch.conf</TT -></P -></LI -></UL -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN41" -><TT -CLASS="FILENAME" ->/etc/hosts</TT -></A -></H2 -><P ->Contains a static list of IP Addresses and names. -eg:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> 127.0.0.1 localhost localhost.localdomain - 192.168.1.1 bigbox.caldera.com bigbox alias4box</PRE -></P -><P ->The purpose of <TT -CLASS="FILENAME" ->/etc/hosts</TT -> is to provide a -name resolution mechanism so that uses do not need to remember -IP addresses.</P -><P ->Network packets that are sent over the physical network transport -layer communicate not via IP addresses but rather using the Media -Access Control address, or MAC address. IP Addresses are currently -32 bits in length and are typically presented as four (4) decimal -numbers that are separated by a dot (or period). eg: 168.192.1.1</P -><P ->MAC Addresses use 48 bits (or 6 bytes) and are typically represented -as two digit hexadecimal numbers separated by colons. eg: -40:8e:0a:12:34:56</P -><P ->Every network interfrace must have an MAC address. Associated with -a MAC address there may be one or more IP addresses. There is NO -relationship between an IP address and a MAC address, all such assignments -are arbitary or discretionary in nature. At the most basic level all -network communications takes place using MAC addressing. Since MAC -addresses must be globally unique, and generally remains fixed for -any particular interface, the assignment of an IP address makes sense -from a network management perspective. More than one IP address can -be assigned per MAC address. One address must be the primary IP address, -this is the address that will be returned in the ARP reply.</P -><P ->When a user or a process wants to communicate with another machine -the protocol implementation ensures that the "machine name" or "host -name" is resolved to an IP address in a manner that is controlled -by the TCP/IP configuration control files. The file -<TT -CLASS="FILENAME" ->/etc/hosts</TT -> is one such file.</P -><P ->When the IP address of the destination interface has been -determined a protocol called ARP/RARP isused to identify -the MAC address of the target interface. ARP stands for Address -Resolution Protocol, and is a broadcast oriented method that -uses UDP (User Datagram Protocol) to send a request to all -interfaces on the local network segment using the all 1's MAC -address. Network interfaces are programmed to respond to two -MAC addresses only; their own unique address and the address -ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will -contain the MAC address and the primary IP address for each -interface.</P -><P ->The <TT -CLASS="FILENAME" ->/etc/hosts</TT -> file is foundational to all -Unix/Linux TCP/IP installations and as a minumum will contain -the localhost and local network interface IP addresses and the -primary names by which they are known within the local machine. -This file helps to prime the pump so that a basic level of name -resolution can exist before any other method of name resolution -becomes available.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN57" -><TT -CLASS="FILENAME" ->/etc/resolv.conf</TT -></A -></H2 -><P ->This file tells the name resolution libraries:</P -><P -></P -><UL -><LI -><P ->The name of the domain to which the machine - belongs - </P -></LI -><LI -><P ->The name(s) of any domains that should be - automatically searched when trying to resolve unqualified - host names to their IP address - </P -></LI -><LI -><P ->The name or IP address of available Domain - Name Servers that may be asked to perform name to address - translation lookups - </P -></LI -></UL -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN68" -><TT -CLASS="FILENAME" ->/etc/host.conf</TT -></A -></H2 -><P -><TT -CLASS="FILENAME" ->/etc/host.conf</TT -> is the primary means by -which the setting in /etc/resolv.conf may be affected. It is a -critical configuration file. This file controls the order by -which name resolution may procede. The typical structure is:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> order hosts,bind - multi on</PRE -></P -><P ->then both addresses should be returned. Please refer to the -man page for host.conf for further details.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN76" -><TT -CLASS="FILENAME" ->/etc/nsswitch.conf</TT -></A -></H2 -><P ->This file controls the actual name resolution targets. The -file typically has resolver object specifications as follows:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> # /etc/nsswitch.conf - # - # Name Service Switch configuration file. - # - - passwd: compat - # Alternative entries for password authentication are: - # passwd: compat files nis ldap winbind - shadow: compat - group: compat - - hosts: files nis dns - # Alternative entries for host name resolution are: - # hosts: files dns nis nis+ hesoid db compat ldap wins - networks: nis files dns - - ethers: nis files - protocols: nis files - rpc: nis files - services: nis files</PRE -></P -><P ->Of course, each of these mechanisms requires that the appropriate -facilities and/or services are correctly configured.</P -><P ->It should be noted that unless a network request/message must be -sent, TCP/IP networks are silent. All TCP/IP communications assumes a -principal of speaking only when necessary.</P -><P ->Samba version 2.2.0 will add Linux support for extensions to -the name service switch infrastructure so that linux clients will -be able to obtain resolution of MS Windows NetBIOS names to IP -Addresses. To gain this functionality Samba needs to be compiled -with appropriate arguments to the make command (ie: <B -CLASS="COMMAND" ->make -nsswitch/libnss_wins.so</B ->). The resulting library should -then be installed in the <TT -CLASS="FILENAME" ->/lib</TT -> directory and -the "wins" parameter needs to be added to the "hosts:" line in -the <TT -CLASS="FILENAME" ->/etc/nsswitch.conf</TT -> file. At this point it -will be possible to ping any MS Windows machine by it's NetBIOS -machine name, so long as that machine is within the workgroup to -which both the samba machine and the MS Windows machine belong.</P -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN88" ->Name resolution as used within MS Windows networking</A -></H1 -><P ->MS Windows networking is predicated about the name each machine -is given. This name is known variously (and inconsistently) as -the "computer name", "machine name", "networking name", "netbios name", -"SMB name". All terms mean the same thing with the exception of -"netbios name" which can apply also to the name of the workgroup or the -domain name. The terms "workgroup" and "domain" are really just a -simply name with which the machine is associated. All NetBIOS names -are exactly 16 characters in length. The 16th character is reserved. -It is used to store a one byte value that indicates service level -information for the NetBIOS name that is registered. A NetBIOS machine -name is therefore registered for each service type that is provided by -the client/server.</P -><P ->The following are typical NetBIOS name/service type registrations:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> Unique NetBIOS Names: - MACHINENAME<00> = Server Service is running on MACHINENAME - MACHINENAME<03> = Generic Machine Name (NetBIOS name) - MACHINENAME<20> = LanMan Server service is running on MACHINENAME - WORKGROUP<1b> = Domain Master Browser - - Group Names: - WORKGROUP<03> = Generic Name registered by all members of WORKGROUP - WORKGROUP<1c> = Domain Controllers / Netlogon Servers - WORKGROUP<1d> = Local Master Browsers - WORKGROUP<1e> = Internet Name Resolvers</PRE -></P -><P ->It should be noted that all NetBIOS machines register their own -names as per the above. This is in vast contrast to TCP/IP -installations where traditionally the system administrator will -determine in the /etc/hosts or in the DNS database what names -are associated with each IP address.</P -><P ->One further point of clarification should be noted, the <TT -CLASS="FILENAME" ->/etc/hosts</TT -> -file and the DNS records do not provide the NetBIOS name type information -that MS Windows clients depend on to locate the type of service that may -be needed. An example of this is what happens when an MS Windows client -wants to locate a domain logon server. It find this service and the IP -address of a server that provides it by performing a lookup (via a -NetBIOS broadcast) for enumeration of all machines that have -registered the name type *<1c>. A logon request is then sent to each -IP address that is returned in the enumerated list of IP addresses. Which -ever machine first replies then ends up providing the logon services.</P -><P ->The name "workgroup" or "domain" really can be confusing since these -have the added significance of indicating what is the security -architecture of the MS Windows network. The term "workgroup" indicates -that the primary nature of the network environment is that of a -peer-to-peer design. In a WORKGROUP all machines are responsible for -their own security, and generally such security is limited to use of -just a password (known as SHARE MORE security). In most situations -with peer-to-peer networking the users who control their own machines -will simply opt to have no security at all. It is possible to have -USER MODE security in a WORKGROUP environment, thus requiring use -of a user name and a matching password.</P -><P ->MS Windows networking is thus predetermined to use machine names -for all local and remote machine message passing. The protocol used is -called Server Message Block (SMB) and this is implemented using -the NetBIOS protocol (Network Basic Input Output System). NetBIOS can -be encapsulated using LLC (Logical Link Control) protocol - in which case -the resulting protocol is called NetBEUI (Network Basic Extended User -Interface). NetBIOS can also be run over IPX (Internetworking Packet -Exchange) protocol as used by Novell NetWare, and it can be run -over TCP/IP protocols - in which case the resulting protocol is called -NBT or NetBT, the NetBIOS over TCP/IP.</P -><P ->MS Windows machines use a complex array of name resolution mechanisms. -Since we are primarily concerned with TCP/IP this demonstration is -limited to this area.</P -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN100" ->The NetBIOS Name Cache</A -></H2 -><P ->All MS Windows machines employ an in memory buffer in which is -stored the NetBIOS names and their IP addresses for all external -machines that that the local machine has communicated with over the -past 10-15 minutes. It is more efficient to obtain an IP address -for a machine from the local cache than it is to go through all the -configured name resolution mechanisms.</P -><P ->If a machine whose name is in the local name cache has been shut -down before the name had been expired and flushed from the cache, then -an attempt to exchange a message with that machine will be subject -to time-out delays. ie: It's name is in the cache, so a name resolution -lookup will succeed, but the machine can not respond. This can be -frustrating for users - but it is a characteristic of the protocol.</P -><P ->The MS Windows utility that allows examination of the NetBIOS -name cache is called "nbtstat". The Samba equivalent of this -is called "nmblookup".</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN105" ->The LMHOSTS file</A -></H2 -><P ->This file is usually located in MS Windows NT 4.0 or -2000 in <TT -CLASS="FILENAME" ->C:\WINNT\SYSTEM32\DRIVERS\ETC</TT -> and contains -the IP Address and the machine name in matched pairs. The -<TT -CLASS="FILENAME" ->LMHOSTS</TT -> file performs NetBIOS name -to IP address mapping oriented.</P -><P ->It typically looks like:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> # Copyright (c) 1998 Microsoft Corp. - # - # This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS - # over TCP/IP) stack for Windows98 - # - # This file contains the mappings of IP addresses to NT computernames - # (NetBIOS) names. Each entry should be kept on an individual line. - # The IP address should be placed in the first column followed by the - # corresponding computername. The address and the comptername - # should be separated by at least one space or tab. The "#" character - # is generally used to denote the start of a comment (see the exceptions - # below). - # - # This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts - # files and offers the following extensions: - # - # #PRE - # #DOM:<domain> - # #INCLUDE <filename> - # #BEGIN_ALTERNATE - # #END_ALTERNATE - # \0xnn (non-printing character support) - # - # Following any entry in the file with the characters "#PRE" will cause - # the entry to be preloaded into the name cache. By default, entries are - # not preloaded, but are parsed only after dynamic name resolution fails. - # - # Following an entry with the "#DOM:<domain>" tag will associate the - # entry with the domain specified by <domain>. This affects how the - # browser and logon services behave in TCP/IP environments. To preload - # the host name associated with #DOM entry, it is necessary to also add a - # #PRE to the line. The <domain> is always preloaded although it will not - # be shown when the name cache is viewed. - # - # Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT) - # software to seek the specified <filename> and parse it as if it were - # local. <filename> is generally a UNC-based name, allowing a - # centralized lmhosts file to be maintained on a server. - # It is ALWAYS necessary to provide a mapping for the IP address of the - # server prior to the #INCLUDE. This mapping must use the #PRE directive. - # In addtion the share "public" in the example below must be in the - # LanManServer list of "NullSessionShares" in order for client machines to - # be able to read the lmhosts file successfully. This key is under - # \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares - # in the registry. Simply add "public" to the list found there. - # - # The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE - # statements to be grouped together. Any single successful include - # will cause the group to succeed. - # - # Finally, non-printing characters can be embedded in mappings by - # first surrounding the NetBIOS name in quotations, then using the - # \0xnn notation to specify a hex value for a non-printing character. - # - # The following example illustrates all of these extensions: - # - # 102.54.94.97 rhino #PRE #DOM:networking #net group's DC - # 102.54.94.102 "appname \0x14" #special app server - # 102.54.94.123 popular #PRE #source server - # 102.54.94.117 localsrv #PRE #needed for the include - # - # #BEGIN_ALTERNATE - # #INCLUDE \\localsrv\public\lmhosts - # #INCLUDE \\rhino\public\lmhosts - # #END_ALTERNATE - # - # In the above example, the "appname" server contains a special - # character in its name, the "popular" and "localsrv" server names are - # preloaded, and the "rhino" server name is specified so it can be used - # to later #INCLUDE a centrally maintained lmhosts file if the "localsrv" - # system is unavailable. - # - # Note that the whole file is parsed including comments on each lookup, - # so keeping the number of comments to a minimum will improve performance. - # Therefore it is not advisable to simply add lmhosts file entries onto the - # end of this file.</PRE -></P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN113" ->HOSTS file</A -></H2 -><P ->This file is usually located in MS Windows NT 4.0 or 2000 in -<TT -CLASS="FILENAME" ->C:\WINNT\SYSTEM32\DRIVERS\ETC</TT -> and contains -the IP Address and the IP hostname in matched pairs. It can be -used by the name resolution infrastructure in MS Windows, depending -on how the TCP/IP environment is configured. This file is in -every way the equivalent of the Unix/Linux <TT -CLASS="FILENAME" ->/etc/hosts</TT -> file.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN118" ->DNS Lookup</A -></H2 -><P ->This capability is configured in the TCP/IP setup area in the network -configuration facility. If enabled an elaborate name resolution sequence -is followed the precise nature of which isdependant on what the NetBIOS -Node Type parameter is configured to. A Node Type of 0 means use -NetBIOS broadcast (over UDP broadcast) is first used if the name -that is the subject of a name lookup is not found in the NetBIOS name -cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to -Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the -WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast -lookup is used.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN121" ->WINS Lookup</A -></H2 -><P ->A WINS (Windows Internet Name Server) service is the equivaent of the -rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores -the names and IP addresses that are registered by a Windows client -if the TCP/IP setup has been given at least one WINS Server IP Address.</P -><P ->To configure Samba to be a WINS server the following parameter needs -to be added to the <TT -CLASS="FILENAME" ->smb.conf</TT -> file:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> wins support = Yes</PRE -></P -><P ->To configure Samba to use a WINS server the following parameters are -needed in the smb.conf file:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> wins support = No - wins server = xxx.xxx.xxx.xxx</PRE -></P -><P ->where <TT -CLASS="REPLACEABLE" -><I ->xxx.xxx.xxx.xxx</I -></TT -> is the IP address -of the WINS server.</P -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN133" ->How browsing functions and how to deploy stable and -dependable browsing using Samba</A -></H1 -><P ->As stated above, MS Windows machines register their NetBIOS names -(ie: the machine name for each service type in operation) on start -up. Also, as stated above, the exact method by which this name registration -takes place is determined by whether or not the MS Windows client/server -has been given a WINS server address, whether or not LMHOSTS lookup -is enabled, or if DNS for NetBIOS name resolution is enabled, etc.</P -><P ->In the case where there is no WINS server all name registrations as -well as name lookups are done by UDP broadcast. This isolates name -resolution to the local subnet, unless LMHOSTS is used to list all -names and IP addresses. In such situations Samba provides a means by -which the samba server name may be forcibly injected into the browse -list of a remote MS Windows network (using the "remote announce" parameter).</P -><P ->Where a WINS server is used, the MS Windows client will use UDP -unicast to register with the WINS server. Such packets can be routed -and thus WINS allows name resolution to function across routed networks.</P -><P ->During the startup process an election will take place to create a -local master browser if one does not already exist. On each NetBIOS network -one machine will be elected to function as the domain master browser. This -domain browsing has nothing to do with MS security domain control. -Instead, the domain master browser serves the role of contacting each local -master browser (found by asking WINS or from LMHOSTS) and exchanging browse -list contents. This way every master browser will eventually obtain a complete -list of all machines that are on the network. Every 11-15 minutes an election -is held to determine which machine will be the master browser. By nature of -the election criteria used, the machine with the highest uptime, or the -most senior protocol version, or other criteria, will win the election -as domain master browser.</P -><P ->Clients wishing to browse the network make use of this list, but also depend -on the availability of correct name resolution to the respective IP -address/addresses. </P -><P ->Any configuration that breaks name resolution and/or browsing intrinsics -will annoy users because they will have to put up with protracted -inability to use the network services.</P -><P ->Samba supports a feature that allows forced synchonisation -of browse lists across routed networks using the "remote -browse sync" parameter in the smb.conf file. This causes Samba -to contact the local master browser on a remote network and -to request browse list synchronisation. This effectively bridges -two networks that are separated by routers. The two remote -networks may use either broadcast based name resolution or WINS -based name resolution, but it should be noted that the "remote -browse sync" parameter provides browse list synchronisation - and -that is distinct from name to address resolution, in other -words, for cross subnet browsing to function correctly it is -essential that a name to address resolution mechanism be provided. -This mechanism could be via DNS, <TT -CLASS="FILENAME" ->/etc/hosts</TT ->, -and so on.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN143" ->MS Windows security options and how to configure -Samba for seemless integration</A -></H1 -><P ->MS Windows clients may use encrypted passwords as part of a -challenege/response authentication model (a.k.a. NTLMv1) or -alone, or clear text strings for simple password based -authentication. It should be realized that with the SMB -protocol the password is passed over the network either -in plain text or encrypted, but not both in the same -authentication requets.</P -><P ->When encrypted passwords are used a password that has been -entered by the user is encrypted in two ways:</P -><P -></P -><UL -><LI -><P ->An MD4 hash of the UNICODE of the password - string. This is known as the NT hash. - </P -></LI -><LI -><P ->The password is converted to upper case, - and then padded or trucated to 14 bytes. This string is - then appended with 5 bytes of NULL characters and split to - form two 56 bit DES keys to encrypt a "magic" 8 byte value. - The resulting 16 bytes for the LanMan hash. - </P -></LI -></UL -><P ->You should refer to the <A -HREF="ENCRYPTION.html" -TARGET="_top" ->Password Encryption</A -> chapter in this HOWTO collection -for more details on the inner workings</P -><P ->MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x -and version 4.0 pre-service pack 3 will use either mode of -password authentication. All versions of MS Windows that follow -these versions no longer support plain text passwords by default.</P -><P ->MS Windows clients have a habit of dropping network mappings that -have been idle for 10 minutes or longer. When the user attempts to -use the mapped drive connection that has been dropped the SMB protocol -has a mechanism by which the connection can be re-established using -a cached copy of the password.</P -><P ->When Microsoft changed the default password mode, they dropped support for -caching of the plain text password. This means that when the registry -parameter is changed to re-enable use of plain text passwords it appears to -work, but when a dropped mapping attempts to revalidate it will fail if -the remote authentication server does not support encrypted passwords. -This means that it is definitely not a good idea to re-enable plain text -password support in such clients.</P -><P ->The following parameters can be used to work around the -issue of Windows 9x client upper casing usernames and -password before transmitting them to the SMB server -when using clear text authentication.</P -><P -><PRE -CLASS="PROGRAMLISTING" -> <A -HREF="smb.conf.5.html#PASSWORDLEVEL" -TARGET="_top" ->passsword level</A -> = <TT -CLASS="REPLACEABLE" -><I ->integer</I -></TT -> - <A -HREF="smb.conf.5.html#USERNAMELEVEL" -TARGET="_top" ->username level</A -> = <TT -CLASS="REPLACEABLE" -><I ->integer</I -></TT -></PRE -></P -><P ->By default Samba will lower case the username before attempting -to lookup the user in the database of local system accounts. -Because UNIX usernames conventionally only contain lower case -character, the <TT -CLASS="PARAMETER" -><I ->username level</I -></TT -> parameter -is rarely even needed.</P -><P ->However, password on UNIX systems often make use of mixed case -characters. This means that in order for a user on a Windows 9x -client to connect to a Samba server using clear text authentication, -the <TT -CLASS="PARAMETER" -><I ->password level</I -></TT -> must be set to the maximum -number of upper case letter which <I -CLASS="EMPHASIS" ->could</I -> appear -is a password. Note that is the server OS uses the traditional -DES version of crypt(), then a <TT -CLASS="PARAMETER" -><I ->password level</I -></TT -> -of 8 will result in case insensitive passwords as seen from Windows -users. This will also result in longer login times as Samba -hash to compute the permutations of the password string and -try them one by one until a match is located (or all combinations fail).</P -><P ->The best option to adopt is to enable support for encrypted passwords -where ever Samba is used. There are three configuration possibilities -for support of encrypted passwords:</P -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN171" ->Use MS Windows NT as an authentication server</A -></H2 -><P ->This method involves the additions of the following parameters -in the smb.conf file:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> encrypt passwords = Yes - security = server - password server = "NetBIOS_name_of_PDC"</PRE -></P -><P ->There are two ways of identifying whether or not a username and -password pair was valid or not. One uses the reply information provided -as part of the authentication messaging process, the other uses -just and error code.</P -><P ->The down-side of this mode of configuration is the fact that -for security reasons Samba will send the password server a bogus -username and a bogus password and if the remote server fails to -reject the username and password pair then an alternative mode -of identification of validation is used. Where a site uses password -lock out after a certain number of failed authentication attempts -this will result in user lockouts.</P -><P ->Use of this mode of authentication does require there to be -a standard Unix account for the user, this account can be blocked -to prevent logons by other than MS Windows clients.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN179" ->Make Samba a member of an MS Windows NT security domain</A -></H2 -><P ->This method involves additon of the following paramters in the smb.conf file:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> encrypt passwords = Yes - security = domain - workgroup = "name of NT domain" - password server = *</PRE -></P -><P ->The use of the "*" argument to "password server" will cause samba -to locate the domain controller in a way analogous to the way -this is done within MS Windows NT.</P -><P ->In order for this method to work the Samba server needs to join the -MS Windows NT security domain. This is done as follows:</P -><P -></P -><UL -><LI -><P ->On the MS Windows NT domain controller using - the Server Manager add a machine account for the Samba server. - </P -></LI -><LI -><P ->Next, on the Linux system execute: - <B -CLASS="COMMAND" ->smbpasswd -r PDC_NAME -j DOMAIN_NAME</B -> - </P -></LI -></UL -><P ->Use of this mode of authentication does require there to be -a standard Unix account for the user in order to assign -a uid once the account has been authenticated by the remote -Windows DC. This account can be blocked to prevent logons by -other than MS Windows clients by things such as setting an invalid -shell in the <TT -CLASS="FILENAME" ->/etc/passwd</TT -> entry.</P -><P ->An alternative to assigning UIDs to Windows users on a -Samba member server is presented in the <A -HREF="winbind.html" -TARGET="_top" ->Winbind Overview</A -> chapter in -this HOWTO collection.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN196" ->Configure Samba as an authentication server</A -></H2 -><P ->This mode of authentication demands that there be on the -Unix/Linux system both a Unix style account as well as and -smbpasswd entry for the user. The Unix system account can be -locked if required as only the encrypted password will be -used for SMB client authentication.</P -><P ->This method involves addition of the following parameters to -the smb.conf file:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->## please refer to the Samba PDC HOWTO chapter later in -## this collection for more details -[global] - encrypt passwords = Yes - security = user - domain logons = Yes - ; an OS level of 33 or more is recommended - os level = 33 - -[NETLOGON] - path = /somewhare/in/file/system - read only = yes</PRE -></P -><P ->in order for this method to work a Unix system account needs -to be created for each user, as well as for each MS Windows NT/2000 -machine. The following structure is required.</P -><DIV -CLASS="SECT3" -><HR><H3 -CLASS="SECT3" -><A -NAME="AEN203" ->Users</A -></H3 -><P ->A user account that may provide a home directory should be -created. The following Linux system commands are typical of -the procedure for creating an account.</P -><P -><PRE -CLASS="PROGRAMLISTING" -> # useradd -s /bin/bash -d /home/"userid" -m "userid" - # passwd "userid" - Enter Password: <pw> - - # smbpasswd -a "userid" - Enter Password: <pw></PRE -></P -></DIV -><DIV -CLASS="SECT3" -><HR><H3 -CLASS="SECT3" -><A -NAME="AEN208" ->MS Windows NT Machine Accounts</A -></H3 -><P ->These are required only when Samba is used as a domain -controller. Refer to the Samba-PDC-HOWTO for more details.</P -><P -><PRE -CLASS="PROGRAMLISTING" -> # useradd -s /bin/false -d /dev/null "machine_name"\$ - # passwd -l "machine_name"\$ - # smbpasswd -a -m "machine_name"</PRE -></P -></DIV -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN213" ->Conclusions</A -></H1 -><P ->Samba provides a flexible means to operate as...</P -><P -></P -><UL -><LI -><P ->A Stand-alone server - No special action is needed - other than to create user accounts. Stand-alone servers do NOT - provide network logon services, meaning that machines that use this - server do NOT perform a domain logon but instead make use only of - the MS Windows logon which is local to the MS Windows - workstation/server. - </P -></LI -><LI -><P ->An MS Windows NT 3.x/4.0 security domain member. - </P -></LI -><LI -><P ->An alternative to an MS Windows NT 3.x/4.0 - Domain Controller. - </P -></LI -></UL -></DIV -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/OS2-Client-HOWTO.html b/docs/htmldocs/OS2-Client-HOWTO.html deleted file mode 100644 index 90f62306e82..00000000000 --- a/docs/htmldocs/OS2-Client-HOWTO.html +++ /dev/null @@ -1,210 +0,0 @@ -<HTML -><HEAD -><TITLE ->OS2 Client HOWTO</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="ARTICLE" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="ARTICLE" -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="OS2" ->OS2 Client HOWTO</A -></H1 -><HR></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3" ->FAQs</A -></H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN5" ->How can I configure OS/2 Warp Connect or - OS/2 Warp 4 as a client for Samba?</A -></H2 -><P ->A more complete answer to this question can be - found on <A -HREF="http://carol.wins.uva.nl/~leeuw/samba/warp.html" -TARGET="_top" -> http://carol.wins.uva.nl/~leeuw/samba/warp.html</A ->.</P -><P ->Basically, you need three components:</P -><P -></P -><UL -><LI -><P ->The File and Print Client ('IBM Peer') - </P -></LI -><LI -><P ->TCP/IP ('Internet support') - </P -></LI -><LI -><P ->The "NetBIOS over TCP/IP" driver ('TCPBEUI') - </P -></LI -></UL -><P ->Installing the first two together with the base operating - system on a blank system is explained in the Warp manual. If Warp - has already been installed, but you now want to install the - networking support, use the "Selective Install for Networking" - object in the "System Setup" folder.</P -><P ->Adding the "NetBIOS over TCP/IP" driver is not described - in the manual and just barely in the online documentation. Start - MPTS.EXE, click on OK, click on "Configure LAPS" and click - on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line - is then moved to 'Current Configuration'. Select that line, - click on "Change number" and increase it from 0 to 1. Save this - configuration.</P -><P ->If the Samba server(s) is not on your local subnet, you - can optionally add IP names and addresses of these servers - to the "Names List", or specify a WINS server ('NetBIOS - Nameserver' in IBM and RFC terminology). For Warp Connect you - may need to download an update for 'IBM Peer' to bring it on - the same level as Warp 4. See the webpage mentioned above.</P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN20" ->How can I configure OS/2 Warp 3 (not Connect), - OS/2 1.2, 1.3 or 2.x for Samba?</A -></H2 -><P ->You can use the free Microsoft LAN Manager 2.2c Client - for OS/2 from - <A -HREF="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/" -TARGET="_top" -> ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</A ->. - See <A -HREF="http://carol.wins.uva.nl/~leeuw/lanman.html" -TARGET="_top" -> http://carol.wins.uva.nl/~leeuw/lanman.html</A -> for - more information on how to install and use this client. In - a nutshell, edit the file \OS2VER in the root directory of - the OS/2 boot partition and add the lines:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> 20=setup.exe - 20=netwksta.sys - 20=netvdd.sys - </PRE -></P -><P ->before you install the client. Also, don't use the - included NE2000 driver because it is buggy. Try the NE2000 - or NS2000 driver from - <A -HREF="ftp://ftp.cdrom.com/pub/os2/network/ndis/" -TARGET="_top" -> ftp://ftp.cdrom.com/pub/os2/network/ndis/</A -> instead. - </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN29" ->Are there any other issues when OS/2 (any version) - is used as a client?</A -></H2 -><P ->When you do a NET VIEW or use the "File and Print - Client Resource Browser", no Samba servers show up. This can - be fixed by a patch from <A -HREF="http://carol.wins.uva.nl/~leeuw/samba/fix.html" -TARGET="_top" -> http://carol.wins.uva.nl/~leeuw/samba/fix.html</A ->. - The patch will be included in a later version of Samba. It also - fixes a couple of other problems, such as preserving long - filenames when objects are dragged from the Workplace Shell - to the Samba server. </P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN33" ->How do I get printer driver download working - for OS/2 clients?</A -></H2 -><P ->First, create a share called [PRINTDRV] that is - world-readable. Copy your OS/2 driver files there. Note - that the .EA_ files must still be separate, so you will need - to use the original install files, and not copy an installed - driver from an OS/2 system.</P -><P ->Install the NT driver first for that printer. Then, - add to your smb.conf a parameter, "os2 driver map = - <TT -CLASS="REPLACEABLE" -><I ->filename</I -></TT ->". Then, in the file - specified by <TT -CLASS="REPLACEABLE" -><I ->filename</I -></TT ->, map the - name of the NT driver name to the OS/2 driver name as - follows:</P -><P -><nt driver name> = <os2 driver - name>.<device name>, e.g.: - HP LaserJet 5L = LASERJET.HP LaserJet 5L</P -><P ->You can have multiple drivers mapped in this file.</P -><P ->If you only specify the OS/2 driver name, and not the - device name, the first attempt to download the driver will - actually download the files, but the OS/2 client will tell - you the driver is not available. On the second attempt, it - will work. This is fixed simply by adding the device name - to the mapping, after which it will work on the first attempt. - </P -></DIV -></DIV -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/PAM-Authentication-And-Samba.html b/docs/htmldocs/PAM-Authentication-And-Samba.html deleted file mode 100644 index 6dc815b87bf..00000000000 --- a/docs/htmldocs/PAM-Authentication-And-Samba.html +++ /dev/null @@ -1,318 +0,0 @@ -<HTML -><HEAD -><TITLE ->Configuring PAM for distributed but centrally -managed authentication</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="ARTICLE" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="ARTICLE" -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="PAM" ->Configuring PAM for distributed but centrally -managed authentication</A -></H1 -><HR></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3" ->Samba and PAM</A -></H1 -><P ->A number of Unix systems (eg: Sun Solaris), as well as the -xxxxBSD family and Linux, now utilize the Pluggable Authentication -Modules (PAM) facility to provide all authentication, -authorization and resource control services. Prior to the -introduction of PAM, a decision to use an alternative to -the system password database (<TT -CLASS="FILENAME" ->/etc/passwd</TT ->) -would require the provision of alternatives for all programs that provide -security services. Such a choice would involve provision of -alternatives to such programs as: <B -CLASS="COMMAND" ->login</B ->, -<B -CLASS="COMMAND" ->passwd</B ->, <B -CLASS="COMMAND" ->chown</B ->, etc.</P -><P ->PAM provides a mechanism that disconnects these security programs -from the underlying authentication/authorization infrastructure. -PAM is configured either through one file <TT -CLASS="FILENAME" ->/etc/pam.conf</TT -> (Solaris), -or by editing individual files that are located in <TT -CLASS="FILENAME" ->/etc/pam.d</TT ->.</P -><P ->The following is an example <TT -CLASS="FILENAME" ->/etc/pam.d/login</TT -> configuration file. -This example had all options been uncommented is probably not usable -as it stacks many conditions before allowing successful completion -of the login process. Essentially all conditions can be disabled -by commenting them out except the calls to <TT -CLASS="FILENAME" ->pam_pwdb.so</TT ->.</P -><P -><PRE -CLASS="PROGRAMLISTING" ->#%PAM-1.0 -# The PAM configuration file for the `login' service -# -auth required pam_securetty.so -auth required pam_nologin.so -# auth required pam_dialup.so -# auth optional pam_mail.so -auth required pam_pwdb.so shadow md5 -# account requisite pam_time.so -account required pam_pwdb.so -session required pam_pwdb.so -# session optional pam_lastlog.so -# password required pam_cracklib.so retry=3 -password required pam_pwdb.so shadow md5</PRE -></P -><P ->PAM allows use of replacable modules. Those available on a -sample system include:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->$ /bin/ls /lib/security -pam_access.so pam_ftp.so pam_limits.so -pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so -pam_cracklib.so pam_group.so pam_listfile.so -pam_nologin.so pam_rootok.so pam_tally.so -pam_deny.so pam_issue.so pam_mail.so -pam_permit.so pam_securetty.so pam_time.so -pam_dialup.so pam_lastlog.so pam_mkhomedir.so -pam_pwdb.so pam_shells.so pam_unix.so -pam_env.so pam_ldap.so pam_motd.so -pam_radius.so pam_smbpass.so pam_unix_acct.so -pam_wheel.so pam_unix_auth.so pam_unix_passwd.so -pam_userdb.so pam_warn.so pam_unix_session.so</PRE -></P -><P ->The following example for the login program replaces the use of -the <TT -CLASS="FILENAME" ->pam_pwdb.so</TT -> module which uses the system -password database (<TT -CLASS="FILENAME" ->/etc/passwd</TT ->, -<TT -CLASS="FILENAME" ->/etc/shadow</TT ->, <TT -CLASS="FILENAME" ->/etc/group</TT ->) with -the module <TT -CLASS="FILENAME" ->pam_smbpass.so</TT -> which uses the Samba -database which contains the Microsoft MD4 encrypted password -hashes. This database is stored in either -<TT -CLASS="FILENAME" ->/usr/local/samba/private/smbpasswd</TT ->, -<TT -CLASS="FILENAME" ->/etc/samba/smbpasswd</TT ->, or in -<TT -CLASS="FILENAME" ->/etc/samba.d/smbpasswd</TT ->, depending on the -Samba implementation for your Unix/Linux system. The -<TT -CLASS="FILENAME" ->pam_smbpass.so</TT -> module is provided by -Samba version 2.2.1 or later. It can be compiled by specifying the -<B -CLASS="COMMAND" ->--with-pam_smbpass</B -> options when running Samba's -<TT -CLASS="FILENAME" ->configure</TT -> script. For more information -on the <TT -CLASS="FILENAME" ->pam_smbpass</TT -> module, see the documentation -in the <TT -CLASS="FILENAME" ->source/pam_smbpass</TT -> directory of the Samba -source distribution.</P -><P -><PRE -CLASS="PROGRAMLISTING" ->#%PAM-1.0 -# The PAM configuration file for the `login' service -# -auth required pam_smbpass.so nodelay -account required pam_smbpass.so nodelay -session required pam_smbpass.so nodelay -password required pam_smbpass.so nodelay</PRE -></P -><P ->The following is the PAM configuration file for a particular -Linux system. The default condition uses <TT -CLASS="FILENAME" ->pam_pwdb.so</TT ->.</P -><P -><PRE -CLASS="PROGRAMLISTING" ->#%PAM-1.0 -# The PAM configuration file for the `samba' service -# -auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit -account required /lib/security/pam_pwdb.so audit nodelay -session required /lib/security/pam_pwdb.so nodelay -password required /lib/security/pam_pwdb.so shadow md5</PRE -></P -><P ->In the following example the decision has been made to use the -smbpasswd database even for basic samba authentication. Such a -decision could also be made for the passwd program and would -thus allow the smbpasswd passwords to be changed using the passwd -program.</P -><P -><PRE -CLASS="PROGRAMLISTING" ->#%PAM-1.0 -# The PAM configuration file for the `samba' service -# -auth required /lib/security/pam_smbpass.so nodelay -account required /lib/security/pam_pwdb.so audit nodelay -session required /lib/security/pam_pwdb.so nodelay -password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf</PRE -></P -><P ->Note: PAM allows stacking of authentication mechanisms. It is -also possible to pass information obtained within on PAM module through -to the next module in the PAM stack. Please refer to the documentation for -your particular system implementation for details regarding the specific -capabilities of PAM in this environment. Some Linux implmentations also -provide the <TT -CLASS="FILENAME" ->pam_stack.so</TT -> module that allows all -authentication to be configured in a single central file. The -<TT -CLASS="FILENAME" ->pam_stack.so</TT -> method has some very devoted followers -on the basis that it allows for easier administration. As with all issues in -life though, every decision makes trade-offs, so you may want examine the -PAM documentation for further helpful information.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN47" ->Distributed Authentication</A -></H1 -><P ->The astute administrator will realize from this that the -combination of <TT -CLASS="FILENAME" ->pam_smbpass.so</TT ->, -<B -CLASS="COMMAND" ->winbindd</B ->, and <B -CLASS="COMMAND" ->rsync</B -> (see -<A -HREF="http://rsync.samba.org/" -TARGET="_top" ->http://rsync.samba.org/</A ->) -will allow the establishment of a centrally managed, distributed -user/password database that can also be used by all -PAM (eg: Linux) aware programs and applications. This arrangement -can have particularly potent advantages compared with the -use of Microsoft Active Directory Service (ADS) in so far as -reduction of wide area network authentication traffic.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN54" ->PAM Configuration in smb.conf</A -></H1 -><P ->There is an option in smb.conf called <A -HREF="smb.conf.5.html#OBEYPAMRESTRICTIONS" -TARGET="_top" ->obey pam restrictions</A ->. -The following is from the on-line help for this option in SWAT;</P -><P ->When Samba 2.2 is configure to enable PAM support (i.e. -<TT -CLASS="CONSTANT" ->--with-pam</TT ->), this parameter will -control whether or not Samba should obey PAM's account -and session management directives. The default behavior -is to use PAM for clear text authentication only and to -ignore any account or session management. Note that Samba always -ignores PAM for authentication in the case of -<A -HREF="smb.conf.5.html#ENCRYPTPASSWORDS" -TARGET="_top" ->encrypt passwords = yes</A ->. -The reason is that PAM modules cannot support the challenge/response -authentication mechanism needed in the presence of SMB -password encryption. </P -><P ->Default: <B -CLASS="COMMAND" ->obey pam restrictions = no</B -></P -></DIV -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/Samba-PDC-HOWTO.html b/docs/htmldocs/Samba-PDC-HOWTO.html deleted file mode 100644 index 58f3989b4f0..00000000000 --- a/docs/htmldocs/Samba-PDC-HOWTO.html +++ /dev/null @@ -1,2284 +0,0 @@ -<HTML -><HEAD -><TITLE ->How to Configure Samba 2.2 as a Primary Domain Controller</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="ARTICLE" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="ARTICLE" -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="SAMBA-PDC" ->How to Configure Samba 2.2 as a Primary Domain Controller</A -></H1 -><HR></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3" ->Prerequisite Reading</A -></H1 -><P ->Before you continue reading in this chapter, please make sure -that you are comfortable with configuring basic files services -in smb.conf and how to enable and administer password -encryption in Samba. Theses two topics are covered in the -<A -HREF="smb.conf.5.html" -TARGET="_top" -><TT -CLASS="FILENAME" ->smb.conf(5)</TT -></A -> -manpage and the <A -HREF="ENCRYPTION.html" -TARGET="_top" ->Encryption chapter</A -> -of this HOWTO Collection.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN9" ->Background</A -></H1 -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B -><I -CLASS="EMPHASIS" ->Author's Note:</I -> This document is a combination -of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". -Both documents are superseded by this one.</P -></BLOCKQUOTE -></DIV -><P ->Versions of Samba prior to release 2.2 had marginal capabilities to act -as a Windows NT 4.0 Primary Domain Controller - -(PDC). With Samba 2.2.0, we are proud to announce official support for -Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows -2000 clients. This article outlines the steps -necessary for configuring Samba as a PDC. It is necessary to have a -working Samba server prior to implementing the PDC functionality. If -you have not followed the steps outlined in <A -HREF="UNIX_INSTALL.html" -TARGET="_top" -> UNIX_INSTALL.html</A ->, please make sure -that your server is configured correctly before proceeding. Another -good resource in the <A -HREF="smb.conf.5.html" -TARGET="_top" ->smb.conf(5) man -page</A ->. The following functionality should work in 2.2:</P -><P -></P -><UL -><LI -><P -> domain logons for Windows NT 4.0/2000 clients. - </P -></LI -><LI -><P -> placing a Windows 9x client in user level security - </P -></LI -><LI -><P -> retrieving a list of users and groups from a Samba PDC to - Windows 9x/NT/2000 clients - </P -></LI -><LI -><P -> roving (roaming) user profiles - </P -></LI -><LI -><P -> Windows NT 4.0-style system policies - </P -></LI -></UL -><P ->The following pieces of functionality are not included in the 2.2 release:</P -><P -></P -><UL -><LI -><P -> Windows NT 4 domain trusts - </P -></LI -><LI -><P -> SAM replication with Windows NT 4.0 Domain Controllers - (i.e. a Samba PDC and a Windows NT BDC or vice versa) - </P -></LI -><LI -><P -> Adding users via the User Manager for Domains - </P -></LI -><LI -><P -> Acting as a Windows 2000 Domain Controller (i.e. Kerberos and - Active Directory) - </P -></LI -></UL -><P ->Please note that Windows 9x clients are not true members of a domain -for reasons outlined in this article. Therefore the protocol for -support Windows 9x-style domain logons is completely different -from NT4 domain logons and has been officially supported for some -time.</P -><P ->Implementing a Samba PDC can basically be divided into 2 broad -steps.</P -><P -></P -><OL -TYPE="1" -><LI -><P -> Configuring the Samba PDC - </P -></LI -><LI -><P -> Creating machine trust accounts and joining clients - to the domain - </P -></LI -></OL -><P ->There are other minor details such as user profiles, system -policies, etc... However, these are not necessarily specific -to a Samba PDC as much as they are related to Windows NT networking -concepts. They will be mentioned only briefly here.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN48" ->Configuring the Samba Domain Controller</A -></H1 -><P ->The first step in creating a working Samba PDC is to -understand the parameters necessary in smb.conf. I will not -attempt to re-explain the parameters here as they are more that -adequately covered in <A -HREF="smb.conf.5.html" -TARGET="_top" -> the smb.conf -man page</A ->. For convenience, the parameters have been -linked with the actual smb.conf description.</P -><P ->Here is an example <TT -CLASS="FILENAME" ->smb.conf</TT -> for acting as a PDC:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->[global] - ; Basic server settings - <A -HREF="smb.conf.5.html#NETBIOSNAME" -TARGET="_top" ->netbios name</A -> = <TT -CLASS="REPLACEABLE" -><I ->POGO</I -></TT -> - <A -HREF="smb.conf.5.html#WORKGROUP" -TARGET="_top" ->workgroup</A -> = <TT -CLASS="REPLACEABLE" -><I ->NARNIA</I -></TT -> - - ; we should act as the domain and local master browser - <A -HREF="smb.conf.5.html#OSLEVEL" -TARGET="_top" ->os level</A -> = 64 - <A -HREF="smb.conf.5.html#PERFERREDMASTER" -TARGET="_top" ->preferred master</A -> = yes - <A -HREF="smb.conf.5.html#DOMAINMASTER" -TARGET="_top" ->domain master</A -> = yes - <A -HREF="smb.conf.5.html#LOCALMASTER" -TARGET="_top" ->local master</A -> = yes - - ; security settings (must user security = user) - <A -HREF="smb.conf.5.html#SECURITYEQUALSUSER" -TARGET="_top" ->security</A -> = user - - ; encrypted passwords are a requirement for a PDC - <A -HREF="smb.conf.5.html#ENCRYPTPASSWORDS" -TARGET="_top" ->encrypt passwords</A -> = yes - - ; support domain logons - <A -HREF="smb.conf.5.html#DOMAINLOGONS" -TARGET="_top" ->domain logons</A -> = yes - - ; where to store user profiles? - <A -HREF="smb.conf.5.html#LOGONPATH" -TARGET="_top" ->logon path</A -> = \\%N\profiles\%u - - ; where is a user's home directory and where should it - ; be mounted at? - <A -HREF="smb.conf.5.html#LOGONDRIVE" -TARGET="_top" ->logon drive</A -> = H: - <A -HREF="smb.conf.5.html#LOGONHOME" -TARGET="_top" ->logon home</A -> = \\homeserver\%u - - ; specify a generic logon script for all users - ; this is a relative **DOS** path to the [netlogon] share - <A -HREF="smb.conf.5.html#LOGONSCRIPT" -TARGET="_top" ->logon script</A -> = logon.cmd - -; necessary share for domain controller -[netlogon] - <A -HREF="smb.conf.5.html#PATH" -TARGET="_top" ->path</A -> = /usr/local/samba/lib/netlogon - <A -HREF="smb.conf.5.html#READONLY" -TARGET="_top" ->read only</A -> = yes - <A -HREF="smb.conf.5.html#WRITELIST" -TARGET="_top" ->write list</A -> = <TT -CLASS="REPLACEABLE" -><I ->ntadmin</I -></TT -> - -; share for storing user profiles -[profiles] - <A -HREF="smb.conf.5.html#PATH" -TARGET="_top" ->path</A -> = /export/smb/ntprofile - <A -HREF="smb.conf.5.html#READONLY" -TARGET="_top" ->read only</A -> = no - <A -HREF="smb.conf.5.html#CREATEMASK" -TARGET="_top" ->create mask</A -> = 0600 - <A -HREF="smb.conf.5.html#DIRECTORYMASK" -TARGET="_top" ->directory mask</A -> = 0700</PRE -></P -><P ->There are a couple of points to emphasize in the above configuration.</P -><P -></P -><UL -><LI -><P -> Encrypted passwords must be enabled. For more details on how - to do this, refer to <A -HREF="ENCRYPTION.html" -TARGET="_top" ->ENCRYPTION.html</A ->. - </P -></LI -><LI -><P -> The server must support domain logons and a - <TT -CLASS="FILENAME" ->[netlogon]</TT -> share - </P -></LI -><LI -><P -> The server must be the domain master browser in order for Windows - client to locate the server as a DC. Please refer to the various - Network Browsing documentation included with this distribution for - details. - </P -></LI -></UL -><P ->As Samba 2.2 does not offer a complete implementation of group mapping -between Windows NT groups and Unix groups (this is really quite -complicated to explain in a short space), you should refer to the -<A -HREF="smb.conf.5.html#DOMAINADMINGROUP" -TARGET="_top" ->domain admin -group</A -> smb.conf parameter for information of creating "Domain -Admins" style accounts.</P -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN91" ->Creating Machine Trust Accounts and Joining Clients to the -Domain</A -></H1 -><P ->A machine trust account is a Samba account that is used to -authenticate a client machine (rather than a user) to the Samba -server. In Windows terminology, this is known as a "Computer -Account."</P -><P ->The password of a machine trust account acts as the shared secret for -secure communication with the Domain Controller. This is a security -feature to prevent an unauthorized machine with the same NetBIOS name -from joining the domain and gaining access to domain user/group -accounts. Windows NT and 2000 clients use machine trust accounts, but -Windows 9x clients do not. Hence, a Windows 9x client is never a true -member of a domain because it does not possess a machine trust -account, and thus has no shared secret with the domain controller.</P -><P ->A Windows PDC stores each machine trust account in the Windows -Registry. A Samba PDC, however, stores each machine trust account -in two parts, as follows: - -<P -></P -><UL -><LI -><P ->A Samba account, stored in the same location as user - LanMan and NT password hashes (currently - <TT -CLASS="FILENAME" ->smbpasswd</TT ->). The Samba account - possesses and uses only the NT password hash.</P -></LI -><LI -><P ->A corresponding Unix account, typically stored in - <TT -CLASS="FILENAME" ->/etc/passwd</TT ->. (Future releases will alleviate the need to - create <TT -CLASS="FILENAME" ->/etc/passwd</TT -> entries.) </P -></LI -></UL -></P -><P ->There are two ways to create machine trust accounts:</P -><P -></P -><UL -><LI -><P -> Manual creation. Both the Samba and corresponding - Unix account are created by hand.</P -></LI -><LI -><P -> "On-the-fly" creation. The Samba machine trust - account is automatically created by Samba at the time the client - is joined to the domain. (For security, this is the - recommended method.) The corresponding Unix account may be - created automatically or manually. </P -></LI -></UL -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN110" ->Manual Creation of Machine Trust Accounts</A -></H2 -><P ->The first step in manually creating a machine trust account is to -manually create the corresponding Unix account in -<TT -CLASS="FILENAME" ->/etc/passwd</TT ->. This can be done using -<B -CLASS="COMMAND" ->vipw</B -> or other 'add user' command that is normally -used to create new Unix accounts. The following is an example for a -Linux based Samba server:</P -><P -> <TT -CLASS="PROMPT" ->root# </TT -><B -CLASS="COMMAND" ->/usr/sbin/useradd -g 100 -d /dev/null -c <TT -CLASS="REPLACEABLE" -><I ->"machine -nickname"</I -></TT -> -s /bin/false <TT -CLASS="REPLACEABLE" -><I ->machine_name</I -></TT ->$ </B -></P -><P -><TT -CLASS="PROMPT" ->root# </TT -><B -CLASS="COMMAND" ->passwd -l <TT -CLASS="REPLACEABLE" -><I ->machine_name</I -></TT ->$</B -></P -><P ->The <TT -CLASS="FILENAME" ->/etc/passwd</TT -> entry will list the machine name -with a "$" appended, won't have a password, will have a null shell and no -home directory. For example a machine named 'doppy' would have an -<TT -CLASS="FILENAME" ->/etc/passwd</TT -> entry like this:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->doppy$:x:505:501:<TT -CLASS="REPLACEABLE" -><I ->machine_nickname</I -></TT ->:/dev/null:/bin/false</PRE -></P -><P ->Above, <TT -CLASS="REPLACEABLE" -><I ->machine_nickname</I -></TT -> can be any -descriptive name for the client, i.e., BasementComputer. -<TT -CLASS="REPLACEABLE" -><I ->machine_name</I -></TT -> absolutely must be the NetBIOS -name of the client to be joined to the domain. The "$" must be -appended to the NetBIOS name of the client or Samba will not recognize -this as a machine trust account.</P -><P ->Now that the corresponding Unix account has been created, the next step is to create -the Samba account for the client containing the well-known initial -machine trust account password. This can be done using the <A -HREF="smbpasswd.8.html" -TARGET="_top" -><B -CLASS="COMMAND" ->smbpasswd(8)</B -></A -> command -as shown here:</P -><P -><TT -CLASS="PROMPT" ->root# </TT -><B -CLASS="COMMAND" ->smbpasswd -a -m <TT -CLASS="REPLACEABLE" -><I ->machine_name</I -></TT -></B -></P -><P ->where <TT -CLASS="REPLACEABLE" -><I ->machine_name</I -></TT -> is the machine's NetBIOS -name. The RID of the new machine account is generated from the UID of -the corresponding Unix account.</P -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -BORDER="1" -WIDTH="100%" -><TR -><TD -ALIGN="CENTER" -><B ->Join the client to the domain immediately</B -></TD -></TR -><TR -><TD -ALIGN="LEFT" -><P -> Manually creating a machine trust account using this method is the - equivalent of creating a machine trust account on a Windows NT PDC using - the "Server Manager". From the time at which the account is created - to the time which the client joins the domain and changes the password, - your domain is vulnerable to an intruder joining your domain using a - a machine with the same NetBIOS name. A PDC inherently trusts - members of the domain and will serve out a large degree of user - information to such clients. You have been warned! - </P -></TD -></TR -></TABLE -></DIV -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN145" ->"On-the-Fly" Creation of Machine Trust Accounts</A -></H2 -><P ->The second (and recommended) way of creating machine trust accounts is -simply to allow the Samba server to create them as needed when the client -is joined to the domain. </P -><P ->Since each Samba machine trust account requires a corresponding -Unix account, a method for automatically creating the -Unix account is usually supplied; this requires configuration of the -<A -HREF="smb.conf.5.html#ADDUSERSCRIPT" -TARGET="_top" ->add user script</A -> -option in <TT -CLASS="FILENAME" ->smb.conf</TT ->. This -method is not required, however; corresponding Unix accounts may also -be created manually.</P -><P ->Below is an example for a RedHat 6.2 Linux system.</P -><P -><PRE -CLASS="PROGRAMLISTING" ->[global] - # <...remainder of parameters...> - add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE -></P -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN154" ->Joining the Client to the Domain</A -></H2 -><P ->The procedure for joining a client to the domain varies with the -version of Windows.</P -><P -></P -><UL -><LI -><P -><I -CLASS="EMPHASIS" ->Windows 2000</I -></P -><P -> When the user elects to join the client to a domain, Windows prompts for - an account and password that is privileged to join the domain. A - Samba administrative account (i.e., a Samba account that has root - privileges on the Samba server) must be entered here; the - operation will fail if an ordinary user account is given. - The password for this account should be - set to a different password than the associated - <TT -CLASS="FILENAME" ->/etc/passwd</TT -> entry, for security - reasons. </P -><P ->The session key of the Samba administrative account acts as an - encryption key for setting the password of the machine trust - account. The machine trust account will be created on-the-fly, or - updated if it already exists.</P -></LI -><LI -><P -><I -CLASS="EMPHASIS" ->Windows NT</I -></P -><P -> If the machine trust account was created manually, on the - Identification Changes menu enter the domain name, but do not - check the box "Create a Computer Account in the Domain." In this case, - the existing machine trust account is used to join the machine to - the domain.</P -><P -> If the machine trust account is to be created - on-the-fly, on the Identification Changes menu enter the domain - name, and check the box "Create a Computer Account in the Domain." In - this case, joining the domain proceeds as above for Windows 2000 - (i.e., you must supply a Samba administrative account when - prompted).</P -></LI -></UL -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN169" ->Common Problems and Errors</A -></H1 -><P -></P -><P -></P -><UL -><LI -><P -> <I -CLASS="EMPHASIS" ->I cannot include a '$' in a machine name.</I -> - </P -><P -> A 'machine name' in (typically) <TT -CLASS="FILENAME" ->/etc/passwd</TT -> - of the machine name with a '$' appended. FreeBSD (and other BSD - systems?) won't create a user with a '$' in their name. - </P -><P -> The problem is only in the program used to make the entry, once - made, it works perfectly. So create a user without the '$' and - use <B -CLASS="COMMAND" ->vipw</B -> to edit the entry, adding the '$'. Or create - the whole entry with vipw if you like, make sure you use a - unique User ID ! - </P -></LI -><LI -><P -> <I -CLASS="EMPHASIS" ->I get told "You already have a connection to the Domain...." - or "Cannot join domain, the credentials supplied conflict with an - existing set.." when creating a machine trust account.</I -> - </P -><P -> This happens if you try to create a machine trust account from the - machine itself and already have a connection (e.g. mapped drive) - to a share (or IPC$) on the Samba PDC. The following command - will remove all network drive connections: - </P -><P -> <TT -CLASS="PROMPT" ->C:\WINNT\></TT -> <B -CLASS="COMMAND" ->net use * /d</B -> - </P -><P -> Further, if the machine is a already a 'member of a workgroup' that - is the same name as the domain you are joining (bad idea) you will - get this message. Change the workgroup name to something else, it - does not matter what, reboot, and try again. - </P -></LI -><LI -><P -> <I -CLASS="EMPHASIS" ->The system can not log you on (C000019B)....</I -> - </P -><P ->I joined the domain successfully but after upgrading - to a newer version of the Samba code I get the message, "The system - can not log you on (C000019B), Please try a gain or consult your - system administrator" when attempting to logon. - </P -><P -> This occurs when the domain SID stored in - <TT -CLASS="FILENAME" ->private/WORKGROUP.SID</TT -> is - changed. For example, you remove the file and <B -CLASS="COMMAND" ->smbd</B -> automatically - creates a new one. Or you are swapping back and forth between - versions 2.0.7, TNG and the HEAD branch code (not recommended). The - only way to correct the problem is to restore the original domain - SID or remove the domain client from the domain and rejoin. - </P -></LI -><LI -><P -> <I -CLASS="EMPHASIS" ->The machine trust account for this computer either does not - exist or is not accessible.</I -> - </P -><P -> When I try to join the domain I get the message "The machine account - for this computer either does not exist or is not accessible". What's - wrong? - </P -><P -> This problem is caused by the PDC not having a suitable machine trust account. - If you are using the <TT -CLASS="PARAMETER" -><I ->add user script</I -></TT -> method to create - accounts then this would indicate that it has not worked. Ensure the domain - admin user system is working. - </P -><P -> Alternatively if you are creating account entries manually then they - have not been created correctly. Make sure that you have the entry - correct for the machine trust account in smbpasswd file on the Samba PDC. - If you added the account using an editor rather than using the smbpasswd - utility, make sure that the account name is the machine NetBIOS name - with a '$' appended to it ( i.e. computer_name$ ). There must be an entry - in both /etc/passwd and the smbpasswd file. Some people have reported - that inconsistent subnet masks between the Samba server and the NT - client have caused this problem. Make sure that these are consistent - for both client and server. - </P -></LI -><LI -><P -> <I -CLASS="EMPHASIS" ->When I attempt to login to a Samba Domain from a NT4/W2K workstation, - I get a message about my account being disabled.</I -> - </P -><P -> This problem is caused by a PAM related bug in Samba 2.2.0. This bug is - fixed in 2.2.1. Other symptoms could be unaccessible shares on - NT/W2K member servers in the domain or the following error in your smbd.log: - passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user% - </P -><P -> At first be ensure to enable the useraccounts with <B -CLASS="COMMAND" ->smbpasswd -e - %user%</B ->, this is normally done, when you create an account. - </P -><P -> In order to work around this problem in 2.2.0, configure the - <TT -CLASS="PARAMETER" -><I ->account</I -></TT -> control flag in - <TT -CLASS="FILENAME" ->/etc/pam.d/samba</TT -> file as follows: - </P -><P -><PRE -CLASS="PROGRAMLISTING" -> account required pam_permit.so - </PRE -></P -><P -> If you want to remain backward compatibility to samba 2.0.x use - <TT -CLASS="FILENAME" ->pam_permit.so</TT ->, it's also possible to use - <TT -CLASS="FILENAME" ->pam_pwdb.so</TT ->. There are some bugs if you try to - use <TT -CLASS="FILENAME" ->pam_unix.so</TT ->, if you need this, be ensure to use - the most recent version of this file. - </P -></LI -></UL -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN217" ->System Policies and Profiles</A -></H1 -><P ->Much of the information necessary to implement System Policies and -Roving User Profiles in a Samba domain is the same as that for -implementing these same items in a Windows NT 4.0 domain. -You should read the white paper <A -HREF="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp" -TARGET="_top" ->Implementing -Profiles and Policies in Windows NT 4.0</A -> available from Microsoft.</P -><P ->Here are some additional details:</P -><P -></P -><UL -><LI -><P -> <I -CLASS="EMPHASIS" ->What about Windows NT Policy Editor?</I -> - </P -><P -> To create or edit <TT -CLASS="FILENAME" ->ntconfig.pol</TT -> you must use - the NT Server Policy Editor, <B -CLASS="COMMAND" ->poledit.exe</B -> which - is included with NT Server but <I -CLASS="EMPHASIS" ->not NT Workstation</I ->. - There is a Policy Editor on a NTws - but it is not suitable for creating <I -CLASS="EMPHASIS" ->Domain Policies</I ->. - Further, although the Windows 95 - Policy Editor can be installed on an NT Workstation/Server, it will not - work with NT policies because the registry key that are set by the policy templates. - However, the files from the NT Server will run happily enough on an NTws. - You need <TT -CLASS="FILENAME" ->poledit.exe, common.adm</TT -> and <TT -CLASS="FILENAME" ->winnt.adm</TT ->. It is convenient - to put the two *.adm files in <TT -CLASS="FILENAME" ->c:\winnt\inf</TT -> which is where - the binary will look for them unless told otherwise. Note also that that - directory is 'hidden'. - </P -><P -> The Windows NT policy editor is also included with the Service Pack 3 (and - later) for Windows NT 4.0. Extract the files using <B -CLASS="COMMAND" ->servicepackname /x</B ->, - i.e. that's <B -CLASS="COMMAND" ->Nt4sp6ai.exe /x</B -> for service pack 6a. The policy editor, - <B -CLASS="COMMAND" ->poledit.exe</B -> and the associated template files (*.adm) should - be extracted as well. It is also possible to downloaded the policy template - files for Office97 and get a copy of the policy editor. Another possible - location is with the Zero Administration Kit available for download from Microsoft. - </P -></LI -><LI -><P -> <I -CLASS="EMPHASIS" ->Can Win95 do Policies?</I -> - </P -><P -> Install the group policy handler for Win9x to pick up group - policies. Look on the Win98 CD in <TT -CLASS="FILENAME" ->\tools\reskit\netadmin\poledit</TT ->. - Install group policies on a Win9x client by double-clicking - <TT -CLASS="FILENAME" ->grouppol.inf</TT ->. Log off and on again a couple of - times and see if Win98 picks up group policies. Unfortunately this needs - to be done on every Win9x machine that uses group policies.... - </P -><P -> If group policies don't work one reports suggests getting the updated - (read: working) grouppol.dll for Windows 9x. The group list is grabbed - from /etc/group. - </P -></LI -><LI -><P -> <I -CLASS="EMPHASIS" ->How do I get 'User Manager' and 'Server Manager'</I -> - </P -><P -> Since I don't need to buy an NT Server CD now, how do I get - the 'User Manager for Domains', the 'Server Manager'? - </P -><P -> Microsoft distributes a version of these tools called nexus for - installation on Windows 95 systems. The tools set includes - </P -><P -></P -><UL -><LI -><P ->Server Manager</P -></LI -><LI -><P ->User Manager for Domains</P -></LI -><LI -><P ->Event Viewer</P -></LI -></UL -><P -> Click here to download the archived file <A -HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE" -TARGET="_top" ->ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A -> - </P -><P -> The Windows NT 4.0 version of the 'User Manager for - Domains' and 'Server Manager' are available from Microsoft via ftp - from <A -HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" -TARGET="_top" ->ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A -> - </P -></LI -></UL -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN261" ->What other help can I get?</A -></H1 -><P ->There are many sources of information available in the form -of mailing lists, RFC's and documentation. The docs that come -with the samba distribution contain very good explanations of -general SMB topics such as browsing.</P -><P -></P -><UL -><LI -><P -> <I -CLASS="EMPHASIS" ->What are some diagnostics tools I can use to debug the domain logon - process and where can I find them?</I -> - </P -><P -> One of the best diagnostic tools for debugging problems is Samba itself. - You can use the -d option for both smbd and nmbd to specify what - 'debug level' at which to run. See the man pages on smbd, nmbd and - smb.conf for more information on debugging options. The debug - level can range from 1 (the default) to 10 (100 for debugging passwords). - </P -><P -> Another helpful method of debugging is to compile samba using the - <B -CLASS="COMMAND" ->gcc -g </B -> flag. This will include debug - information in the binaries and allow you to attach gdb to the - running smbd / nmbd process. In order to attach gdb to an smbd - process for an NT workstation, first get the workstation to make the - connection. Pressing ctrl-alt-delete and going down to the domain box - is sufficient (at least, on the first time you join the domain) to - generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation - maintains an open connection, and therefore there will be an smbd - process running (assuming that you haven't set a really short smbd - idle timeout) So, in between pressing ctrl alt delete, and actually - typing in your password, you can gdb attach and continue. - </P -><P -> Some useful samba commands worth investigating: - </P -><P -></P -><UL -><LI -><P ->testparam | more</P -></LI -><LI -><P ->smbclient -L //{netbios name of server}</P -></LI -></UL -><P -> An SMB enabled version of tcpdump is available from - <A -HREF="http://www.tcpdump.org/" -TARGET="_top" ->http://www.tcpdup.org/</A ->. - Ethereal, another good packet sniffer for Unix and Win32 - hosts, can be downloaded from <A -HREF="http://www.ethereal.com/" -TARGET="_top" ->http://www.ethereal.com</A ->. - </P -><P -> For tracing things on the Microsoft Windows NT, Network Monitor - (aka. netmon) is available on the Microsoft Developer Network CD's, - the Windows NT Server install CD and the SMS CD's. The version of - netmon that ships with SMS allows for dumping packets between any two - computers (i.e. placing the network interface in promiscuous mode). - The version on the NT Server install CD will only allow monitoring - of network traffic directed to the local NT box and broadcasts on the - local subnet. Be aware that Ethereal can read and write netmon - formatted files. - </P -></LI -><LI -><P -> <I -CLASS="EMPHASIS" ->How do I install 'Network Monitor' on an NT Workstation - or a Windows 9x box?</I -> - </P -><P -> Installing netmon on an NT workstation requires a couple - of steps. The following are for installing Netmon V4.00.349, which comes - with Microsoft Windows NT Server 4.0, on Microsoft Windows NT - Workstation 4.0. The process should be similar for other version of - Windows NT / Netmon. You will need both the Microsoft Windows - NT Server 4.0 Install CD and the Workstation 4.0 Install CD. - </P -><P -> Initially you will need to install 'Network Monitor Tools and Agent' - on the NT Server. To do this - </P -><P -></P -><UL -><LI -><P ->Goto Start - Settings - Control Panel - - Network - Services - Add </P -></LI -><LI -><P ->Select the 'Network Monitor Tools and Agent' and - click on 'OK'.</P -></LI -><LI -><P ->Click 'OK' on the Network Control Panel. - </P -></LI -><LI -><P ->Insert the Windows NT Server 4.0 install CD - when prompted.</P -></LI -></UL -><P -> At this point the Netmon files should exist in - <TT -CLASS="FILENAME" ->%SYSTEMROOT%\System32\netmon\*.*</TT ->. - Two subdirectories exist as well, <TT -CLASS="FILENAME" ->parsers\</TT -> - which contains the necessary DLL's for parsing the netmon packet - dump, and <TT -CLASS="FILENAME" ->captures\</TT ->. - </P -><P -> In order to install the Netmon tools on an NT Workstation, you will - first need to install the 'Network Monitor Agent' from the Workstation - install CD. - </P -><P -></P -><UL -><LI -><P ->Goto Start - Settings - Control Panel - - Network - Services - Add</P -></LI -><LI -><P ->Select the 'Network Monitor Agent' and click - on 'OK'.</P -></LI -><LI -><P ->Click 'OK' on the Network Control Panel. - </P -></LI -><LI -><P ->Insert the Windows NT Workstation 4.0 install - CD when prompted.</P -></LI -></UL -><P -> Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* - to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set - permissions as you deem appropriate for your site. You will need - administrative rights on the NT box to run netmon. - </P -><P -> To install Netmon on a Windows 9x box install the network monitor agent - from the Windows 9x CD (\admin\nettools\netmon). There is a readme - file located with the netmon driver files on the CD if you need - information on how to do this. Copy the files from a working - Netmon installation. - </P -></LI -><LI -><P -> The following is a list if helpful URLs and other links: - </P -><P -></P -><UL -><LI -><P ->Home of Samba site <A -HREF="http://samba.org" -TARGET="_top" -> http://samba.org</A ->. We have a mirror near you !</P -></LI -><LI -><P -> The <I -CLASS="EMPHASIS" ->Development</I -> document - on the Samba mirrors might mention your problem. If so, - it might mean that the developers are working on it.</P -></LI -><LI -><P ->See how Scott Merrill simulates a BDC behavior at - <A -HREF="http://www.skippy.net/linux/smb-howto.html" -TARGET="_top" -> http://www.skippy.net/linux/smb-howto.html</A ->. </P -></LI -><LI -><P ->Although 2.0.7 has almost had its day as a PDC, David Bannon will - keep the 2.0.7 PDC pages at <A -HREF="http://bioserve.latrobe.edu.au/samba" -TARGET="_top" -> http://bioserve.latrobe.edu.au/samba</A -> going for a while yet.</P -></LI -><LI -><P ->Misc links to CIFS information - <A -HREF="http://samba.org/cifs/" -TARGET="_top" ->http://samba.org/cifs/</A -></P -></LI -><LI -><P ->NT Domains for Unix <A -HREF="http://mailhost.cb1.com/~lkcl/ntdom/" -TARGET="_top" -> http://mailhost.cb1.com/~lkcl/ntdom/</A -></P -></LI -><LI -><P ->FTP site for older SMB specs: - <A -HREF="ftp://ftp.microsoft.com/developr/drg/CIFS/" -TARGET="_top" -> ftp://ftp.microsoft.com/developr/drg/CIFS/</A -></P -></LI -></UL -></LI -></UL -><P -></P -><UL -><LI -><P -> <I -CLASS="EMPHASIS" ->How do I get help from the mailing lists?</I -> - </P -><P -> There are a number of Samba related mailing lists. Go to <A -HREF="http://samba.org" -TARGET="_top" ->http://samba.org</A ->, click on your nearest mirror - and then click on <B -CLASS="COMMAND" ->Support</B -> and then click on <B -CLASS="COMMAND" -> Samba related mailing lists</B ->. - </P -><P -> For questions relating to Samba TNG go to - <A -HREF="http://www.samba-tng.org/" -TARGET="_top" ->http://www.samba-tng.org/</A -> - It has been requested that you don't post questions about Samba-TNG to the - main stream Samba lists.</P -><P -> If you post a message to one of the lists please observe the following guide lines : - </P -><P -></P -><UL -><LI -><P -> Always remember that the developers are volunteers, they are - not paid and they never guarantee to produce a particular feature at - a particular time. Any time lines are 'best guess' and nothing more. - </P -></LI -><LI -><P -> Always mention what version of samba you are using and what - operating system its running under. You should probably list the - relevant sections of your smb.conf file, at least the options - in [global] that affect PDC support.</P -></LI -><LI -><P ->In addition to the version, if you obtained Samba via - CVS mention the date when you last checked it out.</P -></LI -><LI -><P -> Try and make your question clear and brief, lots of long, - convoluted questions get deleted before they are completely read ! - Don't post html encoded messages (if you can select colour or font - size its html).</P -></LI -><LI -><P -> If you run one of those nifty 'I'm on holidays' things when - you are away, make sure its configured to not answer mailing lists. - </P -></LI -><LI -><P -> Don't cross post. Work out which is the best list to post to - and see what happens, i.e. don't post to both samba-ntdom and samba-technical. - Many people active on the lists subscribe to more - than one list and get annoyed to see the same message two or more times. - Often someone will see a message and thinking it would be better dealt - with on another, will forward it on for you.</P -></LI -><LI -><P ->You might include <I -CLASS="EMPHASIS" ->partial</I -> - log files written at a debug level set to as much as 20. - Please don't send the entire log but enough to give the context of the - error messages.</P -></LI -><LI -><P ->(Possibly) If you have a complete netmon trace ( from the opening of - the pipe to the error ) you can send the *.CAP file as well.</P -></LI -><LI -><P ->Please think carefully before attaching a document to an email. - Consider pasting the relevant parts into the body of the message. The samba - mailing lists go to a huge number of people, do they all need a copy of your - smb.conf in their attach directory?</P -></LI -></UL -></LI -><LI -><P -> <I -CLASS="EMPHASIS" ->How do I get off the mailing lists?</I -> - </P -><P ->To have your name removed from a samba mailing list, go to the - same place you went to to get on it. Go to <A -HREF="http://lists.samba.org/" -TARGET="_top" ->http://lists.samba.org</A ->, - click on your nearest mirror and then click on <B -CLASS="COMMAND" ->Support</B -> and - then click on <B -CLASS="COMMAND" -> Samba related mailing lists</B ->. Or perhaps see - <A -HREF="http://lists.samba.org/mailman/roster/samba-ntdom" -TARGET="_top" ->here</A -> - </P -><P -> Please don't post messages to the list asking to be removed, you will just - be referred to the above address (unless that process failed in some way...) - </P -></LI -></UL -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN375" ->Domain Control for Windows 9x/ME</A -></H1 -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->The following section contains much of the original -DOMAIN.txt file previously included with Samba. Much of -the material is based on what went into the book <I -CLASS="EMPHASIS" ->Special -Edition, Using Samba</I ->, by Richard Sharpe.</P -></BLOCKQUOTE -></DIV -><P ->A domain and a workgroup are exactly the same thing in terms of network -browsing. The difference is that a distributable authentication -database is associated with a domain, for secure login access to a -network. Also, different access rights can be granted to users if they -successfully authenticate against a domain logon server (NT server and -other systems based on NT server support this, as does at least Samba TNG now).</P -><P ->The SMB client logging on to a domain has an expectation that every other -server in the domain should accept the same authentication information. -Network browsing functionality of domains and workgroups is -identical and is explained in BROWSING.txt. It should be noted, that browsing -is totally orthogonal to logon support.</P -><P ->Issues related to the single-logon network model are discussed in this -section. Samba supports domain logons, network logon scripts, and user -profiles for MS Windows for workgroups and MS Windows 9X/ME clients -which will be the focus of this section.</P -><P ->When an SMB client in a domain wishes to logon it broadcast requests for a -logon server. The first one to reply gets the job, and validates its -password using whatever mechanism the Samba administrator has installed. -It is possible (but very stupid) to create a domain where the user -database is not shared between servers, i.e. they are effectively workgroup -servers advertising themselves as participating in a domain. This -demonstrates how authentication is quite different from but closely -involved with domains.</P -><P ->Using these features you can make your clients verify their logon via -the Samba server; make clients run a batch file when they logon to -the network and download their preferences, desktop and start menu.</P -><P ->Before launching into the configuration instructions, it is -worthwhile lookingat how a Windows 9x/ME client performs a logon:</P -><P -></P -><OL -TYPE="1" -><LI -><P -> The client broadcasts (to the IP broadcast address of the subnet it is in) - a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the - NetBIOS layer. The client chooses the first response it receives, which - contains the NetBIOS name of the logon server to use in the format of - \\SERVER. - </P -></LI -><LI -><P -> The client then connects to that server, logs on (does an SMBsessetupX) and - then connects to the IPC$ share (using an SMBtconX). - </P -></LI -><LI -><P -> The client then does a NetWkstaUserLogon request, which retrieves the name - of the user's logon script. - </P -></LI -><LI -><P -> The client then connects to the NetLogon share and searches for this - and if it is found and can be read, is retrieved and executed by the client. - After this, the client disconnects from the NetLogon share. - </P -></LI -><LI -><P -> The client then sends a NetUserGetInfo request to the server, to retrieve - the user's home share, which is used to search for profiles. Since the - response to the NetUserGetInfo request does not contain much more - the user's home share, profiles for Win9X clients MUST reside in the user - home directory. - </P -></LI -><LI -><P -> The client then connects to the user's home share and searches for the - user's profile. As it turns out, you can specify the user's home share as - a sharename and path. For example, \\server\fred\.profile. - If the profiles are found, they are implemented. - </P -></LI -><LI -><P -> The client then disconnects from the user's home share, and reconnects to - the NetLogon share and looks for CONFIG.POL, the policies file. If this is - found, it is read and implemented. - </P -></LI -></OL -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN401" ->Configuration Instructions: Network Logons</A -></H2 -><P ->The main difference between a PDC and a Windows 9x logon -server configuration is that</P -><P -></P -><UL -><LI -><P ->Password encryption is not required for a Windows 9x logon server.</P -></LI -><LI -><P ->Windows 9x/ME clients do not possess machine trust accounts.</P -></LI -></UL -><P ->Therefore, a Samba PDC will also act as a Windows 9x logon -server.</P -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -BORDER="1" -WIDTH="100%" -><TR -><TD -ALIGN="CENTER" -><B ->security mode and master browsers</B -></TD -></TR -><TR -><TD -ALIGN="LEFT" -><P ->There are a few comments to make in order to tie up some -loose ends. There has been much debate over the issue of whether -or not it is ok to configure Samba as a Domain Controller in security -modes other than <TT -CLASS="CONSTANT" ->USER</TT ->. The only security mode -which will not work due to technical reasons is <TT -CLASS="CONSTANT" ->SHARE</TT -> -mode security. <TT -CLASS="CONSTANT" ->DOMAIN</TT -> and <TT -CLASS="CONSTANT" ->SERVER</TT -> -mode security is really just a variation on SMB user level security.</P -><P ->Actually, this issue is also closely tied to the debate on whether -or not Samba must be the domain master browser for its workgroup -when operating as a DC. While it may technically be possible -to configure a server as such (after all, browsing and domain logons -are two distinctly different functions), it is not a good idea to -so. You should remember that the DC must register the DOMAIN#1b NetBIOS -name. This is the name used by Windows clients to locate the DC. -Windows clients do not distinguish between the DC and the DMB. -For this reason, it is very wise to configure the Samba DC as the DMB.</P -><P ->Now back to the issue of configuring a Samba DC to use a mode other -than "security = user". If a Samba host is configured to use -another SMB server or DC in order to validate user connection -requests, then it is a fact that some other machine on the network -(the "password server") knows more about user than the Samba host. -99% of the time, this other host is a domain controller. Now -in order to operate in domain mode security, the "workgroup" parameter -must be set to the name of the Windows NT domain (which already -has a domain controller, right?)</P -><P ->Therefore configuring a Samba box as a DC for a domain that -already by definition has a PDC is asking for trouble. -Therefore, you should always configure the Samba DC to be the DMB -for its domain.</P -></TD -></TR -></TABLE -></DIV -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN420" ->Configuration Instructions: Setting up Roaming User Profiles</A -></H2 -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -BORDER="1" -WIDTH="100%" -><TR -><TD -ALIGN="CENTER" -><B ->Warning</B -></TD -></TR -><TR -><TD -ALIGN="LEFT" -><P -><I -CLASS="EMPHASIS" ->NOTE!</I -> Roaming profiles support is different -for Win9X and WinNT.</P -></TD -></TR -></TABLE -></DIV -><P ->Before discussing how to configure roaming profiles, it is useful to see how -Win9X and WinNT clients implement these features.</P -><P ->Win9X clients send a NetUserGetInfo request to the server to get the user's -profiles location. However, the response does not have room for a separate -profiles location field, only the user's home share. This means that Win9X -profiles are restricted to being in the user's home directory.</P -><P ->WinNT clients send a NetSAMLogon RPC request, which contains many fields, -including a separate field for the location of the user's profiles. -This means that support for profiles is different for Win9X and WinNT.</P -><DIV -CLASS="SECT3" -><HR><H3 -CLASS="SECT3" -><A -NAME="AEN428" ->Windows NT Configuration</A -></H3 -><P ->To support WinNT clients, in the [global] section of smb.conf set the -following (for example):</P -><P -><PRE -CLASS="PROGRAMLISTING" ->logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE -></P -><P ->The default for this option is \\%N\%U\profile, namely -\\sambaserver\username\profile. The \\N%\%U service is created -automatically by the [homes] service. -If you are using a samba server for the profiles, you _must_ make the -share specified in the logon path browseable. </P -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->[lkcl 26aug96 - we have discovered a problem where Windows clients can -maintain a connection to the [homes] share in between logins. The -[homes] share must NOT therefore be used in a profile path.]</P -></BLOCKQUOTE -></DIV -></DIV -><DIV -CLASS="SECT3" -><HR><H3 -CLASS="SECT3" -><A -NAME="AEN436" ->Windows 9X Configuration</A -></H3 -><P ->To support Win9X clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use/home" now works as well, and it, too, relies -on the "logon home" parameter.</P -><P ->By using the logon home parameter, you are restricted to putting Win9X -profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the [global] section of your -smb.conf file:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->logon home = \\%L\%U\.profiles</PRE -></P -><P ->then your Win9X clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden).</P -><P ->Not only that, but 'net use/home' will also work, because of a feature in -Win9X. It removes any directory stuff off the end of the home directory area -and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home".</P -></DIV -><DIV -CLASS="SECT3" -><HR><H3 -CLASS="SECT3" -><A -NAME="AEN444" ->Win9X and WinNT Configuration</A -></H3 -><P ->You can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->logon home = \\%L\%U\.profiles -logon path = \\%L\profiles\%U</PRE -></P -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->I have not checked what 'net use /home' does on NT when "logon home" is -set as above.</P -></BLOCKQUOTE -></DIV -></DIV -><DIV -CLASS="SECT3" -><HR><H3 -CLASS="SECT3" -><A -NAME="AEN451" ->Windows 9X Profile Setup</A -></H3 -><P ->When a user first logs in on Windows 9X, the file user.DAT is created, -as are folders "Start Menu", "Desktop", "Programs" and "Nethood". -These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each. You will need to use the [global] -options "preserve case = yes", "short preserve case = yes" and -"case sensitive = no" in order to maintain capital letters in shortcuts -in any of the profile folders.</P -><P ->The user.DAT file contains all the user's preferences. If you wish to -enforce a set of preferences, rename their user.DAT file to user.MAN, -and deny them write access to this file.</P -><P -></P -><OL -TYPE="1" -><LI -><P -> On the Windows 95 machine, go to Control Panel | Passwords and - select the User Profiles tab. Select the required level of - roaming preferences. Press OK, but do _not_ allow the computer - to reboot. - </P -></LI -><LI -><P -> On the Windows 95 machine, go to Control Panel | Network | - Client for Microsoft Networks | Preferences. Select 'Log on to - NT Domain'. Then, ensure that the Primary Logon is 'Client for - Microsoft Networks'. Press OK, and this time allow the computer - to reboot. - </P -></LI -></OL -><P ->Under Windows 95, Profiles are downloaded from the Primary Logon. -If you have the Primary Logon as 'Client for Novell Networks', then -the profiles and logon script will be downloaded from your Novell -Server. If you have the Primary Logon as 'Windows Logon', then the -profiles will be loaded from the local machine - a bit against the -concept of roaming profiles, if you ask me.</P -><P ->You will now find that the Microsoft Networks Login box contains -[user, password, domain] instead of just [user, password]. Type in -the samba server's domain name (or any other domain known to exist, -but bear in mind that the user will be authenticated against this -domain and profiles downloaded from it, if that domain logon server -supports it), user name and user's password.</P -><P ->Once the user has been successfully validated, the Windows 95 machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences? Select 'yes'.</P -><P ->Once the Windows 95 client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -on the samba server and verify that the "Desktop", "Start Menu", -"Programs" and "Nethood" folders have been created.</P -><P ->These folders will be cached locally on the client, and updated when -the user logs off (if you haven't made them read-only by then :-). -You will find that if the user creates further folders or short-cuts, -that the client will merge the profile contents downloaded with the -contents of the profile directory already on the local client, taking -the newest folders and short-cuts from each set.</P -><P ->If you have made the folders / files read-only on the samba server, -then you will get errors from the w95 machine on logon and logout, as -it attempts to merge the local and the remote profile. Basically, if -you have any errors reported by the w95 machine, check the Unix file -permissions and ownership rights on the profile directory contents, -on the samba server.</P -><P ->If you have problems creating user profiles, you can reset the user's -local desktop cache, as shown below. When this user then next logs in, -they will be told that they are logging in "for the first time".</P -><P -></P -><OL -TYPE="1" -><LI -><P -> instead of logging in under the [user, password, domain] dialog, - press escape. - </P -></LI -><LI -><P -> run the regedit.exe program, and look in: - </P -><P -> HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList - </P -><P -> you will find an entry, for each user, of ProfilePath. Note the - contents of this key (likely to be c:\windows\profiles\username), - then delete the key ProfilePath for the required user. - </P -><P -> [Exit the registry editor]. - </P -></LI -><LI -><P -> <I -CLASS="EMPHASIS" ->WARNING</I -> - before deleting the contents of the - directory listed in - the ProfilePath (this is likely to be c:\windows\profiles\username), - ask them if they have any important files stored on their desktop - or in their start menu. delete the contents of the directory - ProfilePath (making a backup if any of the files are needed). - </P -><P -> This will have the effect of removing the local (read-only hidden - system file) user.DAT in their profile directory, as well as the - local "desktop", "nethood", "start menu" and "programs" folders. - </P -></LI -><LI -><P -> search for the user's .PWL password-caching file in the c:\windows - directory, and delete it. - </P -></LI -><LI -><P -> log off the windows 95 client. - </P -></LI -><LI -><P -> check the contents of the profile path (see "logon path" described - above), and delete the user.DAT or user.MAN file for the user, - making a backup if required. - </P -></LI -></OL -><P ->If all else fails, increase samba's debug log levels to between 3 and 10, -and / or run a packet trace program such as tcpdump or netmon.exe, and -look for any error reports.</P -><P ->If you have access to an NT server, then first set up roaming profiles -and / or netlogons on the NT server. Make a packet trace, or examine -the example packet traces provided with NT server, and see what the -differences are with the equivalent samba trace.</P -></DIV -><DIV -CLASS="SECT3" -><HR><H3 -CLASS="SECT3" -><A -NAME="AEN487" ->Windows NT Workstation 4.0</A -></H3 -><P ->When a user first logs in to a Windows NT Workstation, the profile -NTuser.DAT is created. The profile location can be now specified -through the "logon path" parameter. </P -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->[lkcl 10aug97 - i tried setting the path to -\\samba-server\homes\profile, and discovered that this fails because -a background process maintains the connection to the [homes] share -which does _not_ close down in between user logins. you have to -have \\samba-server\%L\profile, where user is the username created -from the [homes] share].</P -></BLOCKQUOTE -></DIV -><P ->There is a parameter that is now available for use with NT Profiles: -"logon drive". This should be set to "h:" or any other drive, and -should be used in conjunction with the new "logon home" parameter.</P -><P ->The entry for the NT 4.0 profile is a _directory_ not a file. The NT -help on profiles mentions that a directory is also created with a .PDS -extension. The user, while logging in, must have write permission to -create the full profile path (and the folder with the .PDS extension) -[lkcl 10aug97 - i found that the creation of the .PDS directory failed, -and had to create these manually for each user, with a shell script. -also, i presume, but have not tested, that the full profile path must -be browseable just as it is for w95, due to the manner in which they -attempt to create the full profile path: test existence of each path -component; create path component].</P -><P ->In the profile directory, NT creates more folders than 95. It creates -"Application Data" and others, as well as "Desktop", "Nethood", -"Start Menu" and "Programs". The profile itself is stored in a file -NTuser.DAT. Nothing appears to be stored in the .PDS directory, and -its purpose is currently unknown.</P -><P ->You can use the System Control Panel to copy a local profile onto -a samba server (see NT Help on profiles: it is also capable of firing -up the correct location in the System Control Panel for you). The -NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN -turns a profile into a mandatory one.</P -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->[lkcl 10aug97 - i notice that NT Workstation tells me that it is -downloading a profile from a slow link. whether this is actually the -case, or whether there is some configuration issue, as yet unknown, -that makes NT Workstation _think_ that the link is a slow one is a -matter to be resolved].</P -><P ->[lkcl 20aug97 - after samba digest correspondence, one user found, and -another confirmed, that profiles cannot be loaded from a samba server -unless "security = user" and "encrypt passwords = yes" (see the file -ENCRYPTION.txt) or "security = server" and "password server = ip.address. -of.yourNTserver" are used. Either of these options will allow the NT -workstation to access the samba server using LAN manager encrypted -passwords, without the user intervention normally required by NT -workstation for clear-text passwords].</P -><P ->[lkcl 25aug97 - more comments received about NT profiles: the case of -the profile _matters_. the file _must_ be called NTuser.DAT or, for -a mandatory profile, NTuser.MAN].</P -></BLOCKQUOTE -></DIV -></DIV -><DIV -CLASS="SECT3" -><HR><H3 -CLASS="SECT3" -><A -NAME="AEN500" ->Windows NT Server</A -></H3 -><P ->There is nothing to stop you specifying any path that you like for the -location of users' profiles. Therefore, you could specify that the -profile be stored on a samba server, or any other SMB server, as long as -that SMB server supports encrypted passwords.</P -></DIV -><DIV -CLASS="SECT3" -><HR><H3 -CLASS="SECT3" -><A -NAME="AEN503" ->Sharing Profiles between W95 and NT Workstation 4.0</A -></H3 -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -BORDER="1" -WIDTH="100%" -><TR -><TD -ALIGN="CENTER" -><B ->Potentially outdated or incorrect material follows</B -></TD -></TR -><TR -><TD -ALIGN="LEFT" -><P ->I think this is all bogus, but have not deleted it. (Richard Sharpe)</P -></TD -></TR -></TABLE -></DIV -><P ->The default logon path is \\%N\U%. NT Workstation will attempt to create -a directory "\\samba-server\username.PDS" if you specify the logon path -as "\\samba-server\username" with the NT User Manager. Therefore, you -will need to specify (for example) "\\samba-server\username\profile". -NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which -is more likely to succeed.</P -><P ->If you then want to share the same Start Menu / Desktop with W95, you will -need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97 -this has its drawbacks: i created a shortcut to telnet.exe, which attempts -to run from the c:\winnt\system32 directory. this directory is obviously -unlikely to exist on a Win95-only host].</P -><P -> If you have this set up correctly, you will find separate user.DAT and -NTuser.DAT files in the same profile directory.</P -><DIV -CLASS="NOTE" -><BLOCKQUOTE -CLASS="NOTE" -><P -><B ->Note: </B ->[lkcl 25aug97 - there are some issues to resolve with downloading of -NT profiles, probably to do with time/date stamps. i have found that -NTuser.DAT is never updated on the workstation after the first time that -it is copied to the local workstation profile directory. this is in -contrast to w95, where it _does_ transfer / update profiles correctly].</P -></BLOCKQUOTE -></DIV -></DIV -></DIV -></DIV -><DIV -CLASS="SECT1" -><HR><H1 -CLASS="SECT1" -><A -NAME="AEN513" ->DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A -></H1 -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -BORDER="1" -WIDTH="100%" -><TR -><TD -ALIGN="CENTER" -><B ->Possibly Outdated Material</B -></TD -></TR -><TR -><TD -ALIGN="LEFT" -><P -> This appendix was originally authored by John H Terpstra of - the Samba Team and is included here for posterity. - </P -></TD -></TR -></TABLE -></DIV -><P -><I -CLASS="EMPHASIS" ->NOTE :</I -> -The term "Domain Controller" and those related to it refer to one specific -method of authentication that can underly an SMB domain. Domain Controllers -prior to Windows NT Server 3.1 were sold by various companies and based on -private extensions to the LAN Manager 2.1 protocol. Windows NT introduced -Microsoft-specific ways of distributing the user authentication database. -See DOMAIN.txt for examples of how Samba can participate in or create -SMB domains based on shared authentication database schemes other than the -Windows NT SAM.</P -><P ->Windows NT Server can be installed as either a plain file and print server -(WORKGROUP workstation or server) or as a server that participates in Domain -Control (DOMAIN member, Primary Domain controller or Backup Domain controller). -The same is true for OS/2 Warp Server, Digital Pathworks and other similar -products, all of which can participate in Domain Control along with Windows NT.</P -><P ->To many people these terms can be confusing, so let's try to clear the air.</P -><P ->Every Windows NT system (workstation or server) has a registry database. -The registry contains entries that describe the initialization information -for all services (the equivalent of Unix Daemons) that run within the Windows -NT environment. The registry also contains entries that tell application -software where to find dynamically loadable libraries that they depend upon. -In fact, the registry contains entries that describes everything that anything -may need to know to interact with the rest of the system.</P -><P ->The registry files can be located on any Windows NT machine by opening a -command prompt and typing:</P -><P -><TT -CLASS="PROMPT" ->C:\WINNT\></TT -> dir %SystemRoot%\System32\config</P -><P ->The environment variable %SystemRoot% value can be obtained by typing:</P -><P -><TT -CLASS="PROMPT" ->C:\WINNT></TT ->echo %SystemRoot%</P -><P ->The active parts of the registry that you may want to be familiar with are -the files called: default, system, software, sam and security.</P -><P ->In a domain environment, Microsoft Windows NT domain controllers participate -in replication of the SAM and SECURITY files so that all controllers within -the domain have an exactly identical copy of each.</P -><P ->The Microsoft Windows NT system is structured within a security model that -says that all applications and services must authenticate themselves before -they can obtain permission from the security manager to do what they set out -to do.</P -><P ->The Windows NT User database also resides within the registry. This part of -the registry contains the user's security identifier, home directory, group -memberships, desktop profile, and so on.</P -><P ->Every Windows NT system (workstation as well as server) will have its own -registry. Windows NT Servers that participate in Domain Security control -have a database that they share in common - thus they do NOT own an -independent full registry database of their own, as do Workstations and -plain Servers.</P -><P ->The User database is called the SAM (Security Access Manager) database and -is used for all user authentication as well as for authentication of inter- -process authentication (i.e. to ensure that the service action a user has -requested is permitted within the limits of that user's privileges).</P -><P ->The Samba team have produced a utility that can dump the Windows NT SAM into -smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and -/pub/samba/pwdump on your nearest Samba mirror for the utility. This -facility is useful but cannot be easily used to implement SAM replication -to Samba systems.</P -><P ->Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers -can participate in a Domain security system that is controlled by Windows NT -servers that have been correctly configured. Almost every domain will have -ONE Primary Domain Controller (PDC). It is desirable that each domain will -have at least one Backup Domain Controller (BDC).</P -><P ->The PDC and BDCs then participate in replication of the SAM database so that -each Domain Controlling participant will have an up to date SAM component -within its registry.</P -></DIV -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/make_unicodemap.1.html b/docs/htmldocs/make_unicodemap.1.html deleted file mode 100644 index b8b768ce40d..00000000000 --- a/docs/htmldocs/make_unicodemap.1.html +++ /dev/null @@ -1,276 +0,0 @@ -<HTML -><HEAD -><TITLE ->make_unicodemap</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="REFENTRY" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><H1 -><A -NAME="MAKE-UNICODEMAP" ->make_unicodemap</A -></H1 -><DIV -CLASS="REFNAMEDIV" -><A -NAME="AEN5" -></A -><H2 ->Name</H2 ->make_unicodemap -- construct a unicode map file for Samba</DIV -><DIV -CLASS="REFSYNOPSISDIV" -><A -NAME="AEN8" -></A -><H2 ->Synopsis</H2 -><P -><B -CLASS="COMMAND" ->make_unicodemap</B -> {codepage} {inputfile} {outputfile}</P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN14" -></A -><H2 ->DESCRIPTION</H2 -><P -> This tool is part of the <A -HREF="samba.7.html" -TARGET="_top" ->Samba</A -> - suite. - </P -><P -> <B -CLASS="COMMAND" ->make_unicodemap</B -> compiles text unicode map - files into binary unicode map files for use with the - internationalization features of Samba 2.2. - </P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN20" -></A -><H2 ->OPTIONS</H2 -><P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT ->codepage</DT -><DD -><P ->This is the codepage or UNIX character - set we are processing (a number, e.g. 850). - </P -></DD -><DT ->inputfile</DT -><DD -><P ->This is the input file to process. This is a - text unicode map file such as the ones found in the Samba - <TT -CLASS="FILENAME" ->source/codepages</TT -> directory. - </P -></DD -><DT ->outputfile</DT -><DD -><P ->This is the binary output file to produce. - </P -></DD -></DL -></DIV -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN36" -></A -><H2 ->Samba Unicode Map Files</H2 -><P -> A text Samba unicode map file is a description that tells Samba - how to map characters from a specified DOS code page or UNIX character - set to 16 bit unicode. - </P -><P ->A binary Samba unicode map file is a binary representation - of the same information, including a value that specifies what - codepage or UNIX character set this file is describing. - </P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN40" -></A -><H2 ->Files</H2 -><P -><TT -CLASS="FILENAME" ->CP<codepage>.TXT</TT -></P -><P -> These are the input (text) unicode map files provided - in the Samba <TT -CLASS="FILENAME" ->source/codepages</TT -> - directory. - </P -><P -> A text unicode map file consists of multiple lines - containing two fields. These fields are : - </P -><P -></P -><UL -><LI -><P -><TT -CLASS="PARAMETER" -><I ->character</I -></TT -> - which is - the (hex) character mapped on this line. - </P -></LI -><LI -><P -><TT -CLASS="PARAMETER" -><I ->unicode</I -></TT -> - which - is the (hex) 16 bit unicode character that the character - will map to. - </P -></LI -></UL -><P -> <TT -CLASS="FILENAME" ->unicode_map.<codepage></TT -> - These are - the output (binary) unicode map files produced and placed in - the Samba destination <TT -CLASS="FILENAME" ->lib/codepage</TT -> - directory. - </P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN57" -></A -><H2 ->Installation</H2 -><P -> The location of the server and its support files is a matter - for individual system administrators. The following are thus - suggestions only. - </P -><P -> It is recommended that the <B -CLASS="COMMAND" ->make_unicodemap</B -> - program be installed under the - <TT -CLASS="FILENAME" ->$prefix/samba</TT -> hierarchy, - in a directory readable by all, writeable only by root. The - program itself should be executable by all. The program - should NOT be setuid or setgid! - </P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN63" -></A -><H2 ->VERSION</H2 -><P ->This man page is correct for version 2.2 of - the Samba suite.</P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN66" -></A -><H2 ->SEE ALSO</H2 -><P -><A -HREF="smbd.8.html" -TARGET="_top" -><B -CLASS="COMMAND" ->smbd(8)</B -></A ->, - <A -HREF="smb.conf.5.html" -TARGET="_top" ->smb.conf(5)</A -> - </P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN72" -></A -><H2 ->AUTHOR</H2 -><P ->The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</P -><P ->The original Samba man pages were written by Karl Auer. - The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at - <A -HREF="ftp://ftp.icce.rug.nl/pub/unix/" -TARGET="_top" -> ftp://ftp.icce.rug.nl/pub/unix/</A ->) and updated for the Samba 2.0 - release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter</P -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/msdfs_setup.html b/docs/htmldocs/msdfs_setup.html deleted file mode 100644 index 36b9911baec..00000000000 --- a/docs/htmldocs/msdfs_setup.html +++ /dev/null @@ -1,210 +0,0 @@ -<HTML -><HEAD -><TITLE ->Hosting a Microsoft Distributed File System tree on Samba</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="ARTICLE" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="ARTICLE" -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="MSDFS" ->Hosting a Microsoft Distributed File System tree on Samba</A -></H1 -><HR></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3" ->Instructions</A -></H1 -><P ->The Distributed File System (or Dfs) provides a means of - separating the logical view of files and directories that users - see from the actual physical locations of these resources on the - network. It allows for higher availability, smoother storage expansion, - load balancing etc. For more information about Dfs, refer to <A -HREF="http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp" -TARGET="_top" -> Microsoft documentation</A ->. </P -><P ->This document explains how to host a Dfs tree on a Unix - machine (for Dfs-aware clients to browse) using Samba.</P -><P ->To enable SMB-based DFS for Samba, configure it with the - <TT -CLASS="PARAMETER" -><I ->--with-msdfs</I -></TT -> option. Once built, a - Samba server can be made a Dfs server by setting the global - boolean <A -HREF="smb.conf.5.html#HOSTMSDFS" -TARGET="_top" -><TT -CLASS="PARAMETER" -><I -> host msdfs</I -></TT -></A -> parameter in the <TT -CLASS="FILENAME" ->smb.conf - </TT -> file. You designate a share as a Dfs root using the share - level boolean <A -HREF="smb.conf.5.html#MSDFSROOT" -TARGET="_top" -><TT -CLASS="PARAMETER" -><I -> msdfs root</I -></TT -></A -> parameter. A Dfs root directory on - Samba hosts Dfs links in the form of symbolic links that point - to other servers. For example, a symbolic link - <TT -CLASS="FILENAME" ->junction->msdfs:storage1\share1</TT -> in - the share directory acts as the Dfs junction. When Dfs-aware - clients attempt to access the junction link, they are redirected - to the storage location (in this case, \\storage1\share1).</P -><P ->Dfs trees on Samba work with all Dfs-aware clients ranging - from Windows 95 to 2000.</P -><P ->Here's an example of setting up a Dfs tree on a Samba - server.</P -><P -><PRE -CLASS="PROGRAMLISTING" -># The smb.conf file: -[global] - netbios name = SAMBA - host msdfs = yes - -[dfs] - path = /export/dfsroot - msdfs root = yes - </PRE -></P -><P ->In the /export/dfsroot directory we set up our dfs links to - other servers on the network.</P -><P -><TT -CLASS="PROMPT" ->root# </TT -><TT -CLASS="USERINPUT" -><B ->cd /export/dfsroot</B -></TT -></P -><P -><TT -CLASS="PROMPT" ->root# </TT -><TT -CLASS="USERINPUT" -><B ->chown root /export/dfsroot</B -></TT -></P -><P -><TT -CLASS="PROMPT" ->root# </TT -><TT -CLASS="USERINPUT" -><B ->chmod 755 /export/dfsroot</B -></TT -></P -><P -><TT -CLASS="PROMPT" ->root# </TT -><TT -CLASS="USERINPUT" -><B ->ln -s msdfs:storageA\\shareA linka</B -></TT -></P -><P -><TT -CLASS="PROMPT" ->root# </TT -><TT -CLASS="USERINPUT" -><B ->ln -s msdfs:serverB\\share,serverC\\share linkb</B -></TT -></P -><P ->You should set up the permissions and ownership of - the directory acting as the Dfs root such that only designated - users can create, delete or modify the msdfs links. Also note - that symlink names should be all lowercase. This limitation exists - to have Samba avoid trying all the case combinations to get at - the link name. Finally set up the symbolic links to point to the - network shares you want, and start Samba.</P -><P ->Users on Dfs-aware clients can now browse the Dfs tree - on the Samba server at \\samba\dfs. Accessing - links linka or linkb (which appear as directories to the client) - takes users directly to the appropriate shares on the network.</P -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN38" ->Notes</A -></H2 -><P -></P -><UL -><LI -><P ->Windows clients need to be rebooted - if a previously mounted non-dfs share is made a dfs - root or vice versa. A better way is to introduce a - new share and make it the dfs root.</P -></LI -><LI -><P ->Currently there's a restriction that msdfs - symlink names should all be lowercase.</P -></LI -><LI -><P ->For security purposes, the directory - acting as the root of the Dfs tree should have ownership - and permissions set so that only designated users can - modify the symbolic links in the directory.</P -></LI -></UL -></DIV -></DIV -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/smbmnt.8.html b/docs/htmldocs/smbmnt.8.html deleted file mode 100644 index a7d10b6e191..00000000000 --- a/docs/htmldocs/smbmnt.8.html +++ /dev/null @@ -1,178 +0,0 @@ -<HTML -><HEAD -><TITLE ->smbmnt</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="REFENTRY" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><H1 -><A -NAME="SMBMNT" ->smbmnt</A -></H1 -><DIV -CLASS="REFNAMEDIV" -><A -NAME="AEN5" -></A -><H2 ->Name</H2 ->smbmnt -- helper utility for mounting SMB filesystems</DIV -><DIV -CLASS="REFSYNOPSISDIV" -><A -NAME="AEN8" -></A -><H2 ->Synopsis</H2 -><P -><B -CLASS="COMMAND" ->smbmnt</B -> {mount-point} [-s <share>] [-r] [-u <uid>] [-g <gid>] [-f <mask>] [-d <mask>] [-o <options>]</P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN19" -></A -><H2 ->DESCRIPTION</H2 -><P -><B -CLASS="COMMAND" ->smbmnt</B -> is a helper application used - by the smbmount program to do the actual mounting of SMB shares. - <B -CLASS="COMMAND" ->smbmnt</B -> can be installed setuid root if you want - normal users to be able to mount their SMB shares.</P -><P ->A setuid smbmnt will only allow mounts on directories owned - by the user, and that the user has write permission on.</P -><P ->The <B -CLASS="COMMAND" ->smbmnt</B -> program is normally invoked - by <A -HREF="smbmount.8.html" -TARGET="_top" -><B -CLASS="COMMAND" ->smbmount(8)</B -> - </A ->. It should not be invoked directly by users. </P -><P ->smbmount searches the normal PATH for smbmnt. You must ensure - that the smbmnt version in your path matches the smbmount used.</P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN30" -></A -><H2 ->OPTIONS</H2 -><P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT ->-r</DT -><DD -><P ->mount the filesystem read-only - </P -></DD -><DT ->-u uid</DT -><DD -><P ->specify the uid that the files will - be owned by </P -></DD -><DT ->-g gid</DT -><DD -><P ->specify the gid that the files will be - owned by </P -></DD -><DT ->-f mask</DT -><DD -><P ->specify the octal file mask applied - </P -></DD -><DT ->-d mask</DT -><DD -><P ->specify the octal directory mask - applied </P -></DD -><DT ->-o options</DT -><DD -><P -> list of options that are passed as-is to smbfs, if this - command is run on a 2.4 or higher Linux kernel. - </P -></DD -></DL -></DIV -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN57" -></A -><H2 ->AUTHOR</H2 -><P ->Volker Lendecke, Andrew Tridgell, Michael H. Warfield - and others.</P -><P ->The current maintainer of smbfs and the userspace - tools <B -CLASS="COMMAND" ->smbmount</B ->, <B -CLASS="COMMAND" ->smbumount</B ->, - and <B -CLASS="COMMAND" ->smbmnt</B -> is <A -HREF="mailto:urban@teststation.com" -TARGET="_top" ->Urban Widmark</A ->. - The <A -HREF="mailto:samba@samba.org" -TARGET="_top" ->SAMBA Mailing list</A -> - is the preferred place to ask questions regarding these programs. - </P -><P ->The conversion of this manpage for Samba 2.2 was performed - by Gerald Carter</P -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/smbumount.8.html b/docs/htmldocs/smbumount.8.html deleted file mode 100644 index 68929fd5f91..00000000000 --- a/docs/htmldocs/smbumount.8.html +++ /dev/null @@ -1,140 +0,0 @@ -<HTML -><HEAD -><TITLE ->smbumount</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD -><BODY -CLASS="REFENTRY" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><H1 -><A -NAME="SMBUMOUNT" ->smbumount</A -></H1 -><DIV -CLASS="REFNAMEDIV" -><A -NAME="AEN5" -></A -><H2 ->Name</H2 ->smbumount -- smbfs umount for normal users</DIV -><DIV -CLASS="REFSYNOPSISDIV" -><A -NAME="AEN8" -></A -><H2 ->Synopsis</H2 -><P -><B -CLASS="COMMAND" ->smbumount</B -> {mount-point}</P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN12" -></A -><H2 ->DESCRIPTION</H2 -><P ->With this program, normal users can unmount smb-filesystems, - provided that it is suid root. <B -CLASS="COMMAND" ->smbumount</B -> has - been written to give normal Linux users more control over their - resources. It is safe to install this program suid root, because only - the user who has mounted a filesystem is allowed to unmount it again. - For root it is not necessary to use smbumount. The normal umount - program works perfectly well, but it would certainly be problematic - to make umount setuid root.</P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN16" -></A -><H2 ->OPTIONS</H2 -><P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT ->mount-point</DT -><DD -><P ->The directory to unmount.</P -></DD -></DL -></DIV -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN23" -></A -><H2 ->SEE ALSO</H2 -><P -><A -HREF="smbmount.8.html" -TARGET="_top" -><B -CLASS="COMMAND" ->smbmount(8)</B -> - </A -></P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN28" -></A -><H2 ->AUTHOR</H2 -><P ->Volker Lendecke, Andrew Tridgell, Michael H. Warfield - and others.</P -><P ->The current maintainer of smbfs and the userspace - tools <B -CLASS="COMMAND" ->smbmount</B ->, <B -CLASS="COMMAND" ->smbumount</B ->, - and <B -CLASS="COMMAND" ->smbmnt</B -> is <A -HREF="mailto:urban@teststation.com" -TARGET="_top" ->Urban Widmark</A ->. - The <A -HREF="mailto:samba@samba.org" -TARGET="_top" ->SAMBA Mailing list</A -> - is the preferred place to ask questions regarding these programs. - </P -><P ->The conversion of this manpage for Samba 2.2 was performed - by Gerald Carter</P -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/textdocs/README.NOW b/docs/textdocs/README.NOW deleted file mode 100644 index 1184a9d057f..00000000000 --- a/docs/textdocs/README.NOW +++ /dev/null @@ -1,8 +0,0 @@ -The files in the directory have either yet to -converted into SGML/DocBook format or are outdated. -To create ASCII versions of the documentation -in the ../htmldocs/ directory, run - - $ lynx -dump file.html > file.txt - - diff --git a/docs/textdocs/Samba-OpenSSL.txt b/docs/textdocs/Samba-OpenSSL.txt deleted file mode 100644 index e1b54b1a032..00000000000 --- a/docs/textdocs/Samba-OpenSSL.txt +++ /dev/null @@ -1,405 +0,0 @@ -Contributor: Christian Starkjohann <cs@obdev.at> -Date: May 29, 1998 -Status: - -Comment: Updated by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> -Date: July 16, 2001 - -Subject: Compiling and using samba with SSL support -============================================================================ - -What is SSL and SSLeay/OpenSSL? -=============================== -SSL (Secure Socket Layer) is a protocol for encrypted and authenticated data -transport. It is used by secure web servers for shopping malls, telebanking -and things like that. - -SSLeay is a free implementation of the SSL protocol. The successor of it is -OpenSSL, available from - - http://www.openssl.org/ - -The current version while these lines are written is 0.9.6b. In some countries -encryption is plagued by legal problems, even though things have relaxed a -lot in the last years. - -To compile samba with SSL support, you must first compile and install OpenSSL. -At least version 0.9.5 of OpenSSL is required. Version 0.9.6b is the latest -version and is strongly recommended. -OpenSSL consists of a library (which can be linked to other applications like -samba) and several utility programs needed for key generation, certification -etc. OpenSSL installs to /usr/local/ssl/ by default. - - -Compiling samba with OpenSSL -============================ -1. Get and install OpenSSL. The rest of this documentation assumes that you - have installed it at the default location, which is /usr/local/ssl/. -2. Call "configure" with the "--with-ssl" flag. If OpenSSL is not installed in - the default directory, you can use the "--with-sslinc" and "--with-ssllib" - flags to specify the location. -3. Compile and install as usual. - - -Configuring SSL in samba -======================== -Before you configure SSL, you should know the basics of cryptography and how -SSL relates to all of this. A basic introduction can be found further down in -this document. The following variables in the "[global]" section of the -configuration file are used to configure SSL: - -ssl = yes - This variable enables or disables the entire SSL mode. If it is set to - "no", the SSL enabled samba behaves exactly like the non-SSL samba. If set - to "yes", it depends on the variables "ssl hosts" and "ssl hosts resign" - whether an SSL connection will be required. -ssl hosts = -ssl hosts resign = 192.168. - These two variables define whether samba will go into SSL mode or not. If - none of them is defined, samba will allow only SSL connections. If the - "ssl hosts" variable lists hosts (by IP-address, IP-address range, net - group or name), only these hosts will be forced into SSL mode. If the - "ssl hosts resign" variable lists hosts, only these hosts will NOT be - forced into SSL mode. The syntax for these two variables is the same as - for the "hosts allow" and "hosts deny" pair of variables, only that the - subject of the decision is different: It's not the access right but - whether SSL is used or not. See the man page of smb.conf (section about - "allow hosts") for details. The above example requires SSL connections - from all hosts outside the local net (which is 192.168.*.*). -ssl CA certDir = /usr/local/ssl/certs - This variable defines where to look up the Certification Autorities. The - given directory should contain one file for each CA that samba will trust. - The file name must be the hash value over the "Distinguished Name" of the - CA. How this directory is set up is explained later in this document. All - files within the directory that don't fit into this naming scheme are - ignored. You don't need this variable if you don't verify client - certificates. -ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem - This variable is a second way to define the trusted CAs. The certificates - of the trusted CAs are collected in one big file and this variable points - to the file. You will probably only use one of the two ways to define your - CAs. The first choice is preferable if you have many CAs or want to be - flexible, the second is perferable if you only have one CA and want to - keep things simple (you won't need to create the hashed file names). You - don't need this variable if you don't verify client certificates. -ssl server cert = /usr/local/ssl/certs/samba.pem - This is the file containing the server's certificate. The server _must_ - have a certificate. The file may also contain the server's private key. - See later for how certificates and private keys are created. -ssl server key = /usr/local/ssl/private/samba.pem - This file contains the private key of the server. If this variable is not - defined, the key is looked up in the certificate file (it may be appended - to the certificate). The server _must_ have a private key and the - certificate _must_ match this private key. -ssl client cert = /usr/local/ssl/certs/smbclient.pem - The certificate in this file is used by smbclient if it exists. It's needed - if the server requires a client certificate. -ssl client key = /usr/local/ssl/private/smbclient.pem - This is the private key for smbclient. It's only needed if the client - should have a certificate. -ssl require clientcert = yes - If this variable is set to "yes", the server will not tolerate connections - from clients that don't have a valid certificate. The directory/file - given in "ssl CA certDir" and "ssl CA certFile" will be used to look up - the CAs that issued the client's certificate. If the certificate can't be - verified positively, the connection will be terminated. - If this variable is set to "no", clients don't need certificates. Contrary - to web applications you really _should_ require client certificates. In - the web environment the client's data is sensitive (credit card numbers) - and the server must prove to be trustworthy. In a file server environment - the server's data will be sensitive and the clients must prove to be - trustworthy. -ssl require servercert = yes - If this variable is set to "yes", the smbclient will request a certificate - from the server. Same as "ssl require clientcert" for the server. -ssl ciphers = ??? - This variable defines the ciphers that should be offered during SSL - negotiation. You should not set this variable unless you know what you do. -ssl version = ssl2or3 - This enumeration variable defines the versions of the SSL protocol that - will be used. "ssl2or3" allows dynamic negotiation of SSL v2 or v3, "ssl2" - results SSL v2, "ssl3" results in SSL v3 and "tls1" results in TLS v1. TLS - (Transport Layer Security) is the (proposed?) new standard for SSL. The - default value is "ssl2or3". -ssl compatibility = no - This variable defines whether SSLeay should be configured for bug - compatibility with other SSL implementations. This is probably not - desirable because currently no clients with SSL implementations other than - SSLeay exist. -ssl entropy file = - Specifies a file from which processes will read "random bytes" on startup. - In order to seed the internal pseudo random number generator, entropy - must be provided. On system with a /dev/urandom device file, the processes - will retrieve its entropy from the kernel. On systems without kernel - entropy support, a file can be supplied that will be read on startup - and that will be used to seed the PRNG. -ssl entropy bytes = 256 - Number of bytes that will be read from entropy file. If -1 is given, the - complete file will be read. -ssl egd socket = - Location of the communiation socket of an EGD or PRNGD daemon, from which - entropy can be retrieved. This option can be used instead of or together - with the "ssl entropy file" directive. 255bytes of entropy will be - retrieved from the daemon. - - -Running samba with OpenSSL -========================== -Samba is started as usual. The daemon will ask for the private key's pass -phrase before it goes to background if the private key has been encrypted. -If you start smbd from inetd, this won't work. Therefore you must not encrypt -your private key if you run smbd from inetd. - -Windows clients will try to connect to the SSL enabled samba daemon and they -will fail. This can fill your log with failed SSL negotiation messages. To -avoid this, you can either not run nmbd (if all clients use DNS to look up -the server), which will leave the Windows machine unaware of the server, or -list all (local) Windows machines in the "ssl hosts resign" variable. - - -About certificates -================== -Secure samba servers will not be set up for public use as it is the case with -secure web servers. Most installations will probably use it for distributed -offices that use parts of the internet for their intranet, for access to a -web server that's physically hosted by the provider or simply for teleworking. -All these applications work with a known group of users that can easily agree -on a certification authority. The CA can be operated by the company and the -policy for issuing certificates can be determined by the company. If samba is -configured to verify client certificates, it (currently) only verifies -whether a valid certificate exists. It does not verify any of the data within -the certificate (although it prints some of the data to the log file). - - -Which clients are available that support SSL? -============================================= -Currently there are only smbclient which is part of the samba package and -Sharity. Shariy versions newer than 0.14 in the beta branch and 1.01 in the -main branch can be compiled with SSLeay. Sharity is a CIFS/SMB client -implementation for Unix. It is a commercial product, but it is available in -source code and the demo-mode allows access to the first three layers of the -mounted directory hierarchy. Licenses for universities and students are free. -Sharity is available at - - http://www.obdev.at/Products/Sharity.html - - - -########################################################################### -Basics about Cryptography and SSL(eay) -########################################################################### - -There are many good introductions to cryptography. I assume that the reader -is familiar with the words "encryption", "digital signature" and RSA. If you -don't know these terms, please read the cryptography FAQ part 6 and 7, which -is posted to the usenet newsgroup sci.crypt. It is also available from - - ftp://rtfm.mit.edu/pub/usenet/news.answers/cryptography-faq -and - http://www.cis.ohio-state.edu/hypertext/faq/usenet/cryptography-faq - -I'll concentrate on the questions specific to SSL and samba here. - - -What is a certificate? -====================== -A certificate is issued by an issuer, usually a "Certification Authority" -(CA), who confirms something by issuing the certificate. The subject of this -confirmation depends on the CA's policy. CAs for secure web servers (used for -shopping malls etc.) usually only attest that the given public key belongs the -the given domain name. Company-wide CAs might attest that you are an employee -of the company, that you have permissions to use a server or whatever. - - -What is an X.509 certificate technically? -========================================= -Technically, the certificate is a block of data signed by the certificate -issuer (the CA). The relevant fields are: - - unique identifier (name) of the certificate issuer - - time range during that the certificate is valid - - unique identifier (name) of the certified subject - - public key of the certified subject - - the issuer's signature over all of the above -If this certificate should be verified, the verifier must have a table of the -names and public keys of trusted CAs. For simplicity, these tables are lists -of certificates issued by the respective CAs for themselves (self-signed -certificates). - - -What are the implications of this certificate structure? -======================================================== - - Because the certificate contains the subject's public key, the - certificate and the private key together are all that's needed to encrypt - and decrypt. - - To verify certificates, you need the certificates of all CAs you trust. - - The simplest form of a dummy-certificate is one that's signed by the - subject itself. - - A CA is needed. The client can't simply issue local certificates for - servers it trusts because the server determines which certificate it - presents. - - - -########################################################################### -Setting up files and directories for OpenSSL -########################################################################### - -The first thing you should do is to change your PATH environment variable to -include the bin directory of OpenSSL. E.g.: - - PATH=$PATH:/usr/local/ssl/bin - -If your system's kernel supports a /dev/urandom device, all OpenSSL operations -will automatically retrieve its entropy from it. If your system does not -support /dev/urandom, you may install an EGD/PRNGD daemon for entropy -supply or can generate seed from reading files (that should contain information -unpredictable/unknown to attackers). Use the "-rand" option to the openssl -commands to specify the entropy source (if /dev/urandom is not available). - -OpenSSL additionally keeps random seed in the $HOME/.rnd file. You can -initialize this file using: - - openssl rand -rand /tmp/rfile.txt > $HOME/.rnd - rm -f /tmp/rfile.txt # nobody must know!! - -or - - openssl rand -rand /path/to/egd-socket > $HOME/.rnd - -How to create a keypair -======================= -This is done with 'genrsa' for RSA keys and 'gendsa' for DSA keys. For an RSA -key with 1024 bits which is written to the file "key.pem" type: - - openssl genrsa -des3 -rand /path/to/source 1024 > key.pem - -You will be asked for a pass phrase to protect this key. If you don't want to -protect your private key with a pass phrase, just omit the parameter "-des3". -If you want a different key size, replace the parameter "1024". You really -should use a pass phrase. - -If you want to remove the pass phrase from a key use: - - openssl rsa -in key.pem -out newkey.pem - -And to add or change a pass phrase: - - openssl rsa -des3 -in key.pem -out newkey.pem - - -How to create a dummy certificate -================================= -If you still have your keypair in the file "key.pem", the command - - openssl req -new -x509 -key key.pem -out cert.pem - -will write a self-signed dummy certificate to the file "cert.pem". This can -be used for testing or if only encryption and no certification is needed. -Please bear in mind that encryption without authentication (certification) -can never be secure. It's open to (at least) "man-in-the-middle" attacks. - - -How to create a certificate signing request -=========================================== -You must not simply send your keypair to the CA for signing because it -contains the private key which _must_ be kept secret. A signing request -consists of your public key and some additional information you want to have -bound to that key by the certificate. If you operate a secure web server, -this additional information will (among other things) contain the URL of -your server in the field "Common Name". The certificate signing request is -created from the keypair with the following command (assuming that the key -pair is still in "key.pem"): - - openssl req -new -key key.pem -out csr.pem - -This command will ask you for the information which must be included in the -certificate and will write the signing request to the file "csr.pem". This -signing request is all the CA needs for signing, at least technically. Most -CAs will demand bureaucratic material and money, too. - - -How to set up a Certification Authority (CA) -============================================ -Being a certification authority requires a database that holds the CA's -keypair, the CA's certificate, a list of all signed certificates and other -information. This database is kept in a directory hierarchy below a -configurable starting point. The starting point must be configured in the -ssleay.conf file. This file is at /usr/local/ssl/lib/ssleay.conf if you have -not changed the default installation path. - -The first thing you should do is to edit this file according to your needs. -Let's assume that you want to hold the CA's database at the directory -"/usr/local/ssl/CA". Change the variable "dir" in section "CA_default" to -this path. You may also want to edit the default settings for some variables, -but the values given should be OK. This path is also contained in the shell -script CA.sh, which should be at "/usr/local/ssl/bin/CA.sh". Change the path -in the shell script: - - CATOP=/usr/local/ssl/CA - CAKEY=./cakey.pem # relative to $CATOP/ - CACERT=./cacert.pem # relative to $CATOP/private/ - -Then create the directory "/usr/local/ssl/CA" and make it writable for the -user that operates the CA. You should also initialize SSLeay as CA user (set -up the random number generator). Now you should call the shell script CA.sh -to set up the initial database: - - CA.sh -newca - -This command will ask you whether you want to use an existing certificate or -create one. Just press enter to create a new key pair and certificate. You -will be asked the usual questions for certificates: the country, state, city, -"Common Name", etc. Enter the appropriate values for the CA. When CA.sh -finishes, it has set up a bunch of directories and files. A CA must publish -it's certificate, which is in the file "/usr/local/ssl/CA/cacert.pem". - - -How to sign a certificate request -================================= -After setting up the CA stuff, you can start signing certificate requests. -Make sure that the SSLeay utilities know where the configuration file is. -The default is compiled in, if you don't use the default location, add the -parameter "-config <cfg-file>". Make also sure that the configuration file -contains the correct path to the CA database. If all this is set up properly, -you can sign the request in the file "csr.pem" with the command: - - openssl ca -policy policy_anything -days 365 -infiles csr.pem >cert.pem - -The resulting certificate (and additional information) will be in "cert.pem". -If you want the certificate to be valid for a period different from 365 days, -simply change the "-days" parameter. - - -How to install a new CA certificate -=================================== -Whereever a certificate must be checked, the CA's certificate must be -available. Let's take the common case where the client verifies the server's -certificate. The case where the server verfies the client's certificate works -the same way. The client receives the server's certificate, which contains -the "Distinguished Name" of the CA. To verify whether the signature in this -certificate is OK, it must look up the public key of that CA. Therefore each -client must hold a database of CAs, indexed by CA name. This database is best -kept in a directory where each file contains the certificate of one CA and is -named after the hashvalue (checksum) of the CA's name. This section describes -how such a database is managed technically. Whether or not to install (and -thereby trust) a CA is a totally different matter. - -The client must know the directory of the CA database. This can be configured. -There may also be a configuration option to set up a CA database file which -contains all CA certs in one file. Let's assume that the CA database is kept -in the directory "/usr/local/ssl/certs". The following example assumes that -the CA's certificate is in the file "cacert.pem" and the CA is known as -"myCA". To install the certificate, do the following: - - cp cacert.pem /usr/local/ssl/cers/myCA.pem - cd /usr/local/ssl/certs - ln -s myCA.pem `openssl x509 -noout -hash < myCA.pem`.0 - -The last command creates a link from the hashed name to the real file. - -From now on all certificates signed by the myCA authority will be accepted by -clients that use the directory "/usr/local/ssl/certs/" as their CA certificate -database. - - - diff --git a/docs/yodldocs/README-NOW b/docs/yodldocs/README-NOW deleted file mode 100644 index 592d38c1351..00000000000 --- a/docs/yodldocs/README-NOW +++ /dev/null @@ -1,14 +0,0 @@ -!== -!== Notice of change of documentation format -!== - -Samba is no longer using yodl as the source markup -language for our documentation. As of release 2.2.0, -we are using DocBook V4.1 exclusively (assuming you are not -counting the ASCII files yet to be converted). - -Please see ../docbook/docbook.txt for more information -on this. - -jerry carter -SAMBA Team diff --git a/packaging/Caldera/OpenLinux/.cvsignore b/packaging/Caldera/OpenLinux/.cvsignore deleted file mode 100644 index 062afa2b04f..00000000000 --- a/packaging/Caldera/OpenLinux/.cvsignore +++ /dev/null @@ -1,6 +0,0 @@ -convertsmbpasswd.perl -make_smbpasswd.perl -makerpms.sh -samba2.spec -samba2.spec-lsb -samba3.spec diff --git a/packaging/Caldera/OpenLinux/README.Public b/packaging/Caldera/OpenLinux/README.Public deleted file mode 100644 index 00f41f37382..00000000000 --- a/packaging/Caldera/OpenLinux/README.Public +++ /dev/null @@ -1,9 +0,0 @@ -This directory is exported to any windows computer, if the daemon -"SMB server processes (samba)" is started and the distributed -configuration is used. So be careful about any data you put into -this directory. - -The default configuration restricts the access rights to read only -access. - -2000-03-13, Klaus Singvogel, Caldera (Deutschland) GmbH. diff --git a/packaging/Caldera/OpenLinux/README.home b/packaging/Caldera/OpenLinux/README.home deleted file mode 100644 index 5a893eb0e12..00000000000 --- a/packaging/Caldera/OpenLinux/README.home +++ /dev/null @@ -1,15 +0,0 @@ -This directory $HOME/Samba is exported to any windows computer, if -the daemon "SMB server processes (samba)" is started and the distributed -configuration is used. So be careful about the data you put into this -directory. - -Note: Only the user of this account can connect to this share. The -shares name is equal to the users Linux account, e.g. -\\your_linuxmachine\\your_linuxaccount - -If you want to have the files public accessible use the public browseable -share instead. It's currently /srv/samba/Public, but have a look at file -/etc/samba.d/smb.conf to get the latest name. - - -2000-03-13, Klaus Singvogel, Caldera (Deutschland) GmbH. diff --git a/packaging/Caldera/OpenLinux/README.profiles b/packaging/Caldera/OpenLinux/README.profiles deleted file mode 100644 index b629e10966b..00000000000 --- a/packaging/Caldera/OpenLinux/README.profiles +++ /dev/null @@ -1,10 +0,0 @@ -This directory is used to store the roaming Profiles of your Windows -users. For more information install the package samba-doc and read the -file /usr/share/doc/packages/samba-2.0.7/docs/textdocs/DOMAIN.txt - -The default configuration sets the access rights to read/write for -anyone. If you see a problem in this, disable the Profiles support in -your samba configuration: either edit file /etc/samba.d/smb.conf or -use swat (http://localhost:901/). - -2000-03-13, Klaus Singvogel, Caldera (Deutschland) GmbH. diff --git a/packaging/Caldera/OpenLinux/smb.conf b/packaging/Caldera/OpenLinux/smb.conf deleted file mode 100644 index e62c7bf1e4c..00000000000 --- a/packaging/Caldera/OpenLinux/smb.conf +++ /dev/null @@ -1,51 +0,0 @@ -# Samba config file created using SWAT -# from localhost (127.0.0.1) - -# Global parameters -[global] - workgroup = MYGROUP - server string = Samba Server on Caldera OpenLinux - encrypt passwords = Yes - username map = /etc/samba.d/smbusers - password level = 8 - username level = 8 - log file = /var/log/samba.d/smb.%m - max log size = 200 - socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 - logon path = \\%L\Profiles\%U - dns proxy = No - printing = cups - -[homes] - comment = Home Directories - path = %H/Samba - username = %S - valid users = %S - writeable = Yes - create mask = 0750 - only user = Yes - browseable = No - -[netlogon] - comment = Samba Network Logon Service - path = @samba_home@/netlogon - guest ok = Yes - share modes = No - -[profiles] - path = @samba_home@/profiles - writeable = Yes - guest ok = Yes - browseable = No - -[printers] - comment = All Printers - path = /var/spool/samba - create mask = 0700 - printable = Yes - browseable = No - -[public] - comment = Public Stuff - path = @samba_home@/Public - write list = @users diff --git a/packaging/PHT/TurboLinux/.cvsignore b/packaging/PHT/TurboLinux/.cvsignore deleted file mode 100644 index 0238ed8cae6..00000000000 --- a/packaging/PHT/TurboLinux/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -makefile-path.patch -makerpms.sh -samba2.spec diff --git a/packaging/README.UnixWare b/packaging/README.UnixWare deleted file mode 100644 index a4b08954ecc..00000000000 --- a/packaging/README.UnixWare +++ /dev/null @@ -1,6 +0,0 @@ -Date: January 9, 2001 -Maintainer: John H Terpstra -Subject: UnixWare Packaging Files -Modifications: Initial release 20010109 - -Note: The packaging build files for UnixWare are located under ~samba/packaging/Caldera/UnixWare. diff --git a/packaging/RedHat/.cvsignore b/packaging/RedHat/.cvsignore deleted file mode 100644 index 4ce9d934e6e..00000000000 --- a/packaging/RedHat/.cvsignore +++ /dev/null @@ -1,6 +0,0 @@ -makefile-path.patch -makerpms.sh -samba2.spec -smbadduser -smbw.patch -samba2.rpm?.spec
\ No newline at end of file diff --git a/packaging/RedHat/samba.pamd.stack b/packaging/RedHat/samba.pamd.stack deleted file mode 100644 index 6a948f92cbd..00000000000 --- a/packaging/RedHat/samba.pamd.stack +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth required pam_nologin.so -auth required pam_stack.so service=system-auth -account required pam_stack.so service=system-auth -session required pam_stack.so service=system-auth -password required pam_stack.so service=system-auth diff --git a/packaging/RedHat/samba.xinetd b/packaging/RedHat/samba.xinetd deleted file mode 100644 index 8c38b354218..00000000000 --- a/packaging/RedHat/samba.xinetd +++ /dev/null @@ -1,15 +0,0 @@ -# default: off -# description: SWAT is the Samba Web Admin Tool. Use swat \ -# to configure your Samba server. To use SWAT, \ -# connect to port 901 with your favorite web browser. -service swat -{ - port = 901 - socket_type = stream - wait = no - only_from = localhost - user = root - server = /usr/sbin/swat - log_on_failure += USERID - disable = yes -} diff --git a/packaging/Solaris/README b/packaging/Solaris/README deleted file mode 100644 index b918cf91732..00000000000 --- a/packaging/Solaris/README +++ /dev/null @@ -1,18 +0,0 @@ - -INSTRUCTIONS: Preparing Samba packages for Solaris - -To produce a package: - -* Build the binaries (by running ./configure; make; in the source directory) -* Type sh makepkg.sh - -The package will be created in the /tmp directory. - -By default, the package will be built to install samba in /usr/local -To change the default, modify the INSTALL_BASE variable in makepkg.sh -This is after you have configured samba with a --prefix option of the -alternate samba location and then created the binaries. - -Shirish Kalele <kalele@samba.org> -Date: 2000.01.12 - diff --git a/packaging/Solaris/copyright b/packaging/Solaris/copyright deleted file mode 100644 index 1792668d174..00000000000 --- a/packaging/Solaris/copyright +++ /dev/null @@ -1 +0,0 @@ -Copyright (C) 2001 Samba Team diff --git a/packaging/Solaris/inetd.conf.master b/packaging/Solaris/inetd.conf.master deleted file mode 100644 index b11fb7c3db2..00000000000 --- a/packaging/Solaris/inetd.conf.master +++ /dev/null @@ -1 +0,0 @@ -swat stream tcp nowait.400 root __BASEDIR__/samba/bin/swat swat diff --git a/packaging/Solaris/makepkg.sh b/packaging/Solaris/makepkg.sh deleted file mode 100755 index b57e182e4a3..00000000000 --- a/packaging/Solaris/makepkg.sh +++ /dev/null @@ -1,185 +0,0 @@ -#!/bin/sh -# -# Copyright (C) Shirish A Kalele 2000 -# -# Builds a Samba package from the samba distribution. -# By default, the package will be built to install samba in /usr/local -# Change the INSTALL_BASE variable to change this: will modify the pkginfo -# and samba.server files to point to the new INSTALL_BASE -# -INSTALL_BASE=/usr/local - -add_dynamic_entries() -{ - # First build the codepages and append codepage entries to prototype - echo "#\n# Codepages \n#" - echo d none samba/lib/codepages 0755 root other - - CODEPAGELIST="437 737 850 852 861 932 866 949 950 936" - # Check if make_smbcodepage exists - if [ ! -f $DISTR_BASE/source/bin/make_smbcodepage ]; then - echo "Could not find $DISTR_BASE/source/bin/make_smbcodepage to generate codepages.\n\ - Please create the binaries before packaging." >&2 - exit 1 - fi - - for p in $CODEPAGELIST; do - $DISTR_BASE/source/bin/make_smbcodepage c $p $DISTR_BASE/source/codepages/codepage_def.$p $DISTR_BASE/source/codepages/codepage.$p - echo f none samba/lib/codepages/codepage.$p=source/codepages/codepage.$p 0644 root other - done - - # Create unicode maps - if [ ! -f $DISTR_BASE/source/bin/make_unicodemap ]; then - echo "Missing $DISTR_BASE/source/bin/make_unicodemap. Aborting." >&2 - exit 1 - fi - - # Pull in all the unicode map files from source/codepages/CP*.TXT - list=`find $DISTR_BASE/source/codepages -name "CP*.TXT" | sed 's|^.*CP\(.*\)\.TXT|\1|'` - for umap in $list - do - $DISTR_BASE/source/bin/make_unicodemap $umap $DISTR_BASE/source/codepages/CP$umap.TXT $DISTR_BASE/source/codepages/unicode_map.$umap - echo f none samba/lib/codepages/unicode_map.$umap=source/codepages/unicode_map.$umap 0644 root other - done - - # Add the binaries, docs and SWAT files - - echo "#\n# Binaries \n#" - cd $DISTR_BASE/source/bin - for binfile in * - do - if [ -f $binfile ]; then - echo f none samba/bin/$binfile=source/bin/$binfile 0755 root other - fi - done - - # Add the scripts to bin/ - echo "#\n# Scripts \n#" - cd $DISTR_BASE/source/script - for shfile in * - do - if [ -f $shfile ]; then - echo f none samba/bin/$shfile=source/script/$shfile 0755 root other - fi - done - - # Add the manpages - echo "#\n# man pages \n#" - echo d none /usr ? ? ? - echo d none /usr/share ? ? ? - echo d none /usr/share/man ? ? ? - - # Create directories for man page sections if nonexistent - cd $DISTR_BASE/docs/manpages - for i in 1 2 3 4 5 6 7 8 9 - do - manpages=`ls *.$i 2>/dev/null` - if [ $? -eq 0 ] - then - echo d none /usr/share/man/man$i ? ? ? - for manpage in $manpages - do - echo f none /usr/share/man/man${i}/${manpage}=docs/manpages/$manpage 0644 root other - done - fi - done - - echo "#\n# HTML documentation \n#" - cd $DISTR_BASE - list=`find docs/htmldocs -type d | grep -v "/CVS$"` - for docdir in $list - do - if [ -d $docdir ]; then - echo d none samba/$docdir 0755 root other - fi - done - - list=`find docs/htmldocs -type f | grep -v /CVS/` - for htmldoc in $list - do - if [ -f $htmldoc ]; then - echo f none samba/$htmldoc=$htmldoc 0644 root other - fi - done - - # Create a symbolic link to the Samba book in docs/ for beginners - echo 's none samba/docs/samba_book=htmldocs/using_samba' - - echo "#\n# Text Docs \n#" - echo d none samba/docs/textdocs 0755 root other - cd $DISTR_BASE/docs/textdocs - for textdoc in * - do - if [ -f $textdoc ]; then - echo f none samba/docs/textdocs/$textdoc=docs/textdocs/$textdoc 0644 root other - fi - done - echo "#\n# SWAT \n#" - cd $DISTR_BASE - list=`find swat -type d | grep -v "/CVS$"` - for i in $list - do - echo "d none samba/$i 0755 root other" - done - list=`find swat -type f | grep -v /CVS/` - for i in $list - do - echo "f none samba/$i=$i 0644 root other" - done - echo "#\n# HTML documentation for SWAT\n#" - cd $DISTR_BASE/docs/htmldocs - for htmldoc in * - do - if [ -f $htmldoc ]; then - echo f none samba/swat/help/$htmldoc=docs/htmldocs/$htmldoc 0644 root other - fi - done - - echo "#\n# Using Samba Book files for SWAT\n#" - cd $DISTR_BASE/docs/htmldocs - -# set up a symbolic link instead of duplicating the book tree - echo 's none samba/swat/using_samba=../docs/htmldocs/using_samba' - -} - -if [ $# = 0 ] -then - # Try to guess the distribution base.. - CURR_DIR=`pwd` - DISTR_BASE=`echo $CURR_DIR | sed 's|\(.*\)/packaging.*|\1|'` - echo "Assuming Samba distribution is rooted at $DISTR_BASE.." -else - DISTR_BASE=$1 -fi - -# -if [ ! -d $DISTR_BASE ]; then - echo "Source build directory $DISTR_BASE does not exist." - exit 1 -fi - -# Set up the prototype file from prototype.master -if [ -f prototype ]; then - rm prototype -fi - -# Setup version from version.h -VERSION=`sed 's/#define VERSION \"\(.*\)\"$/\1/' ../../source/include/version.h` -sed -e "s|__VERSION__|$VERSION|" -e "s|__ARCH__|`uname -p`|" -e "s|__BASEDIR__|$INSTALL_BASE|g" pkginfo.master >pkginfo - -sed -e "s|__BASEDIR__|$INSTALL_BASE|g" inetd.conf.master >inetd.conf -sed -e "s|__BASEDIR__|$INSTALL_BASE|g" samba.server.master >samba.server - -cp prototype.master prototype - -# Add the dynamic part to the prototype file -(add_dynamic_entries >> prototype) - -# Create the package -pkgmk -o -d /tmp -b $DISTR_BASE -f prototype -if [ $? = 0 ] -then - pkgtrans /tmp samba.pkg samba -fi -echo The samba package is in /tmp diff --git a/packaging/Solaris/pkginfo.master b/packaging/Solaris/pkginfo.master deleted file mode 100644 index 33e7cdb471d..00000000000 --- a/packaging/Solaris/pkginfo.master +++ /dev/null @@ -1,12 +0,0 @@ -PKG=samba -NAME=SMB based file/printer sharing -ARCH=__ARCH__ -VERSION=__VERSION__ -CATEGORY=system -VENDOR=Samba Team -DESC=File and printer sharing for Windows workstations -HOTLINE=Please contact your local UNIX support group -EMAIL=samba@samba.org -CLASSES=none -BASEDIR=__BASEDIR__ -INTONLY=1 diff --git a/packaging/Solaris/postinstall b/packaging/Solaris/postinstall deleted file mode 100644 index 0b7f40a85d0..00000000000 --- a/packaging/Solaris/postinstall +++ /dev/null @@ -1,21 +0,0 @@ -cat <<EOF -___________________________________________________________________________ - -INSTALLATION COMPLETE. - -All files comprising the Samba Server have been installed. - -You can configure Samba by creating a configuration file at -${BASEDIR}/samba/lib/smb.conf. For details on configuration, -refer to the Samba man pages under ${PKG_INSTALL_ROOT}/usr/share/man -and the documentation at ${BASEDIR}/samba/docs. - -BEGINNERS: -Beginners can also refer to the excellent "Using Samba" book published -by O'Reilly and Associates and officially supported by the Samba Team. -This book is supplied with this package and can be accessed at -${BASEDIR}/samba/docs/samba_book/index.html -___________________________________________________________________________ - -EOF - diff --git a/packaging/Solaris/preremove b/packaging/Solaris/preremove deleted file mode 100644 index 28e8d75c298..00000000000 --- a/packaging/Solaris/preremove +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -# If this is a local deinstall, stop samba -if [ -z "$PKG_INSTALL_ROOT" ] -then - SMBD=`ps -e -o pid,comm | grep smbd | awk '{print $1}'` - NMBD=`ps -e -o pid,comm | grep nmbd | awk '{print $1}'` - [ ! -z "$SMBD" ] && kill $SMBD - [ ! -z "$NMBD" ] && kill $NMBD - sleep 2 -fi - diff --git a/packaging/Solaris/prototype.master b/packaging/Solaris/prototype.master deleted file mode 100644 index bfcb3e00492..00000000000 --- a/packaging/Solaris/prototype.master +++ /dev/null @@ -1,52 +0,0 @@ -# -# The static master prototype file for the Samba package. -# For files that can't be dynamically added to the prototype file at -# package build time -# -# Information files. -# -i pkginfo=./pkginfo -i copyright=./copyright -i request=./request -i checkinstall -i preremove=./preremove -i postinstall=./postinstall -i i.swat=./i.swat -i r.swat=./r.swat -# -# Stuff that goes into the system areas of the filesystem. -# -d none /etc ? ? ? -d initscript /etc/init.d ? ? ? -f initscript /etc/init.d/samba.server=packaging/Solaris/samba.server 0744 root sys -d initscript /etc/rc3.d ? ? ? -s initscript /etc/rc3.d/S99samba.server=../init.d/samba.server -# -# Stuff to set up SWAT -# -d swat /etc/inet ? ? ? -e swat /etc/inet/services=packaging/Solaris/services ? ? ? -e swat /etc/inet/inetd.conf=packaging/Solaris/inetd.conf ? ? ? -# -# Create the samba subtree. (Usually /usr/local/samba ) -# -d none samba 0755 root other -d none samba/var 0755 root other -d none samba/bin 0755 root other -d none samba/lib 0755 root other -d none samba/docs 0755 root other -# -# Stuff that goes into lib -# -f none samba/lib/smb.conf.example=examples/smb.conf.default 0644 root other -d none samba/lib/regeditscripts 0755 root other -f none samba/lib/regeditscripts/NT4_PlainPassword.reg=docs/NT4_PlainPassword.reg 0444 root other -f none samba/lib/regeditscripts/Win95_PlainPassword.reg=docs/Win95_PlainPassword.reg 0444 root other -f none samba/lib/regeditscripts/Win98_PlainPassword.reg=docs/Win98_PlainPassword.reg 0444 root other -f none samba/lib/regeditscripts/Win2000_PlainPassword.reg=docs/Win2000_PlainPassword.reg 0444 root other -# -# Random files -f none samba/docs/Samba-HOWTO-Collection.pdf=docs/Samba-HOWTO-Collection.pdf 0644 root other -# -# Static part of prototype file ends. -# diff --git a/packaging/Solaris/r.swat b/packaging/Solaris/r.swat deleted file mode 100644 index 11c776646da..00000000000 --- a/packaging/Solaris/r.swat +++ /dev/null @@ -1,16 +0,0 @@ -while read dest -do - sed -e '/^swat.*swat$/d' $dest >/tmp/$$swat || exit 2 - # Use cp;rm; instead of mv because $dest might be a symlink - cp -f /tmp/$$swat $dest || exit 2 - rm -f /tmp/$$swat -done - -if [ "$1" = ENDOFCLASS ] -then - if [ -z "$PKG_INSTALL_ROOT" ] - then - kill -HUP `ps -e -o pid,comm | grep inetd | awk '{print $1}'` - fi -fi - diff --git a/packaging/Solaris/request b/packaging/Solaris/request deleted file mode 100644 index 59cdd0ab22a..00000000000 --- a/packaging/Solaris/request +++ /dev/null @@ -1,17 +0,0 @@ -trap 'exit 3' 15 - -VALSTR=/usr/sadm/bin/valstr - -resp=`ckyorn -d y -p "Do you wish to have Samba start whenever the system boots up? (default:y) " -Q` -$VALSTR -r "^[yY]" $resp -[ $? -eq 0 ] && CLASSES="$CLASSES initscript" - -resp=`ckyorn -d y -p "Do you wish to set up the Samba Web Admin Tool (SWAT)? (default:y) " -Q` -$VALSTR -r "^[yY]" $resp -[ $? -eq 0 ] && CLASSES="$CLASSES swat" - -cat >$1 <<! -CLASSES=$CLASSES -! -exit 0 - diff --git a/packaging/Solaris/samba.server.master b/packaging/Solaris/samba.server.master deleted file mode 100755 index 6de77780b34..00000000000 --- a/packaging/Solaris/samba.server.master +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -#ident "@(#)samba.server 1.0 96/06/19 TK" /* SVr4.0 1.1.13.1*/ -# -# Please send info on modifications to knuutila@cs.utu.fi -# -# This file should have uid root, gid sys and chmod 744 -# -if [ ! -d /usr/bin ] -then # /usr not mounted - exit -fi - -killproc() { # kill the named process(es) - pid=`/usr/bin/ps -e | - /usr/bin/grep -w $1 | - /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` - [ "$pid" != "" ] && kill $pid -} - -# Start/stop processes required for samba server - -case "$1" in - -'start') -# -# Edit these lines to suit your installation (paths, workgroup, host) -# - BASE=__BASEDIR__/samba - $BASE/bin/smbd -D -s$BASE/lib/smb.conf - $BASE/bin/nmbd -D -s$BASE/lib/smb.conf - ;; -'stop') - killproc nmbd - killproc smbd - ;; - -'restart') - killproc nmbd - killproc smbd - BASE=/usr/local/samba - $BASE/bin/smbd -D -s$BASE/lib/smb.conf - $BASE/bin/nmbd -D -l$BASE/var/log -s$BASE/lib/smb.conf - ;; - -*) - echo "Usage: /etc/init.d/samba.server { start | stop | restart }" - ;; -esac diff --git a/packaging/Solaris/services b/packaging/Solaris/services deleted file mode 100644 index fc691200c8d..00000000000 --- a/packaging/Solaris/services +++ /dev/null @@ -1 +0,0 @@ -swat 901/tcp # Samba Web Admin Tool - swat diff --git a/source/codepages/lowcase.dat b/source/codepages/lowcase.dat Binary files differdeleted file mode 100644 index 62b6e2e952b..00000000000 --- a/source/codepages/lowcase.dat +++ /dev/null diff --git a/source/codepages/upcase.dat b/source/codepages/upcase.dat Binary files differdeleted file mode 100644 index bb6f9beb4e3..00000000000 --- a/source/codepages/upcase.dat +++ /dev/null diff --git a/source/codepages/valid.dat b/source/codepages/valid.dat Binary files differdeleted file mode 100644 index 78c14b33f0f..00000000000 --- a/source/codepages/valid.dat +++ /dev/null diff --git a/source/intl/.cvsignore b/source/intl/.cvsignore deleted file mode 100644 index 5f2a5c4cf75..00000000000 --- a/source/intl/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -*.po -*.po32 diff --git a/source/intl/linux-msg.sed b/source/intl/linux-msg.sed deleted file mode 100644 index 5918e720a9a..00000000000 --- a/source/intl/linux-msg.sed +++ /dev/null @@ -1,100 +0,0 @@ -# po2msg.sed - Convert Uniforum style .po file to Linux style .msg file -# Copyright (C) 1995 Free Software Foundation, Inc. -# Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# -# The first directive in the .msg should be the definition of the -# message set number. We use always set number 1. -# -1 { - i\ -$set 1 # Automatically created by po2msg.sed - h - s/.*/0/ - x -} -# -# Mitch's old catalog format does not allow comments. -# -# We copy the original message as a comment into the .msg file. -# -/^msgid/ { - s/msgid[ ]*"// -# -# This does not work now with the new format. -# /"$/! { -# s/\\$// -# s/$/ ... (more lines following)"/ -# } - x -# The following nice solution is by -# Bruno <Haible@ma2s2.mathematik.uni-karlsruhe.de> - td -# Increment a decimal number in pattern space. -# First hide trailing `9' digits. - :d - s/9\(_*\)$/_\1/ - td -# Assure at least one digit is available. - s/^\(_*\)$/0\1/ -# Increment the last digit. - s/8\(_*\)$/9\1/ - s/7\(_*\)$/8\1/ - s/6\(_*\)$/7\1/ - s/5\(_*\)$/6\1/ - s/4\(_*\)$/5\1/ - s/3\(_*\)$/4\1/ - s/2\(_*\)$/3\1/ - s/1\(_*\)$/2\1/ - s/0\(_*\)$/1\1/ -# Convert the hidden `9' digits to `0's. - s/_/0/g - x - G - s/\(.*\)"\n\([0-9]*\)/$ #\2 Original Message:(\1)/p -} -# -# The .msg file contains, other then the .po file, only the translations -# but each given a unique ID. Starting from 1 and incrementing by 1 for -# each message we assign them to the messages. -# It is important that the .po file used to generate the cat-id-tbl.c file -# (with po-to-tbl) is the same as the one used here. (At least the order -# of declarations must not be changed.) -# -/^msgstr/ { - s/msgstr[ ]*"\(.*\)"/# \1/ -# Clear substitution flag. - tb -# Append the next line. - :b - N -# Look whether second part is continuation line. - s/\(.*\n\)"\(.*\)"/\1\2/ -# Yes, then branch. - ta - P - D -# Note that D includes a jump to the start!! -# We found a continuation line. But before printing insert '\'. - :a - s/\(.*\)\(\n.*\)/\1\\\2/ - P -# We cannot use D here. - s/.*\n\(.*\)/\1/ - tb -} -d diff --git a/source/lib/domain_namemap.c b/source/lib/domain_namemap.c deleted file mode 100644 index 988f5e5d659..00000000000 --- a/source/lib/domain_namemap.c +++ /dev/null @@ -1,1317 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Groupname handling - Copyright (C) Jeremy Allison 1998. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* - * UNIX gid and Local or Domain SID resolution. This module resolves - * only those entries in the map files, it is *NOT* responsible for - * resolving UNIX groups not listed: that is an entirely different - * matter, altogether... - */ - -/* - * - * - - format of the file is: - - unixname NT Group name - unixname Domain Admins (well-known Domain Group) - unixname DOMAIN_NAME\NT Group name - unixname OTHER_DOMAIN_NAME\NT Group name - unixname DOMAIN_NAME\Domain Admins (well-known Domain Group) - .... - - if the DOMAIN_NAME\ component is left off, then your own domain is assumed. - - * - * - */ - - -#include "includes.h" -extern int DEBUGLEVEL; - -extern fstring global_myworkgroup; -extern DOM_SID global_member_sid; -extern fstring global_sam_name; -extern DOM_SID global_sam_sid; -extern DOM_SID global_sid_S_1_5_20; - -/******************************************************************* - converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uid_t pwdb_user_rid_to_uid(uint32 user_rid) -{ - return ((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER; -} - -/******************************************************************* - converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_group_rid_to_gid(uint32 group_rid) -{ - return ((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER; -} - -/******************************************************************* - converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_alias_rid_to_gid(uint32 alias_rid) -{ - return ((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER; -} - -/******************************************************************* - converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_gid_to_group_rid(uint32 gid) -{ - uint32 grp_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP); - return grp_rid; -} - -/****************************************************************** - converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_gid_to_alias_rid(uint32 gid) -{ - uint32 alias_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS); - return alias_rid; -} - -/******************************************************************* - converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_uid_to_user_rid(uint32 uid) -{ - uint32 user_rid = ((((uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER); - return user_rid; -} - -/****************************************************************** - converts SID + SID_NAME_USE type to a UNIX id. the Domain SID is, - and can only be, our own SID. - ********************************************************************/ -static BOOL pwdb_sam_sid_to_unixid(DOM_SID *sid, uint8 type, uint32 *id) -{ - DOM_SID tmp_sid; - uint32 rid; - - sid_copy(&tmp_sid, sid); - sid_split_rid(&tmp_sid, &rid); - if (!sid_equal(&global_sam_sid, &tmp_sid)) - { - return False; - } - - switch (type) - { - case SID_NAME_USER: - { - *id = pwdb_user_rid_to_uid(rid); - return True; - } - case SID_NAME_ALIAS: - { - *id = pwdb_alias_rid_to_gid(rid); - return True; - } - case SID_NAME_DOM_GRP: - case SID_NAME_WKN_GRP: - { - *id = pwdb_group_rid_to_gid(rid); - return True; - } - } - return False; -} - -/****************************************************************** - converts UNIX gid + SID_NAME_USE type to a SID. the Domain SID is, - and can only be, our own SID. - ********************************************************************/ -static BOOL pwdb_unixid_to_sam_sid(uint32 id, uint8 type, DOM_SID *sid) -{ - sid_copy(sid, &global_sam_sid); - switch (type) - { - case SID_NAME_USER: - { - sid_append_rid(sid, pwdb_uid_to_user_rid(id)); - return True; - } - case SID_NAME_ALIAS: - { - sid_append_rid(sid, pwdb_gid_to_alias_rid(id)); - return True; - } - case SID_NAME_DOM_GRP: - case SID_NAME_WKN_GRP: - { - sid_append_rid(sid, pwdb_gid_to_group_rid(id)); - return True; - } - } - return False; -} - -/******************************************************************* - Decides if a RID is a well known RID. - ********************************************************************/ -static BOOL pwdb_rid_is_well_known(uint32 rid) -{ - return (rid < 1000); -} - -/******************************************************************* - determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_rid_type(uint32 rid) -{ - /* lkcl i understand that NT attaches an enumeration to a RID - * such that it can be identified as either a user, group etc - * type: SID_ENUM_TYPE. - */ - if (pwdb_rid_is_well_known(rid)) - { - /* - * The only well known user RIDs are DOMAIN_USER_RID_ADMIN - * and DOMAIN_USER_RID_GUEST. - */ - if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) - { - return RID_TYPE_USER; - } - if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS) - { - return RID_TYPE_GROUP; - } - if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR) - { - return RID_TYPE_ALIAS; - } - } - return (rid & RID_TYPE_MASK); -} - -/******************************************************************* - checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -BOOL pwdb_rid_is_user(uint32 rid) -{ - return pwdb_rid_type(rid) == RID_TYPE_USER; -} - -/************************************************************************** - Groupname map functionality. The code loads a groupname map file and - (currently) loads it into a linked list. This is slow and memory - hungry, but can be changed into a more efficient storage format - if the demands on it become excessive. -***************************************************************************/ - -typedef struct name_map -{ - ubi_slNode next; - DOM_NAME_MAP grp; - -} name_map_entry; - -static ubi_slList groupname_map_list; -static ubi_slList aliasname_map_list; -static ubi_slList ntusrname_map_list; - -static void delete_name_entry(name_map_entry *gmep) -{ - if (gmep->grp.nt_name) - { - free(gmep->grp.nt_name); - } - if (gmep->grp.nt_domain) - { - free(gmep->grp.nt_domain); - } - if (gmep->grp.unix_name) - { - free(gmep->grp.unix_name); - } - free((char*)gmep); -} - -/************************************************************************** - Delete all the entries in the name map list. -***************************************************************************/ - -static void delete_map_list(ubi_slList *map_list) -{ - name_map_entry *gmep; - - while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL) - { - delete_name_entry(gmep); - } -} - - -/************************************************************************** - makes a group sid out of a domain sid and a _unix_ gid. -***************************************************************************/ -static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type) -{ - int ret = False; - fstring sid_str; - - if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain))) - { - DEBUG(0,("make_mydomain_sid: unknown domain %s\n", - grp->nt_domain)); - return False; - } - - if (sid_equal(&grp->sid, &global_sid_S_1_5_20)) - { - /* - * only builtin aliases are recognised in S-1-5-20 - */ - DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n", - grp->nt_name)); - - if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0) - { - DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n", - grp->unix_name, grp->nt_name)); - return False; - } - ret = True; - } - else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0) - { - if (type != DOM_MAP_USER) - { - DEBUG(0,("well-known NT user %s\\%s listed in wrong map file\n", - grp->nt_domain, grp->nt_name)); - return False; - } - ret = True; - } - else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0) - { - if (type != DOM_MAP_DOMAIN) - { - DEBUG(0,("well-known NT group %s\\%s listed in wrong map file\n", - grp->nt_domain, grp->nt_name)); - return False; - } - ret = True; - } - else - { - switch (type) - { - case DOM_MAP_USER: - { - grp->type = SID_NAME_USER; - break; - } - case DOM_MAP_DOMAIN: - { - grp->type = SID_NAME_DOM_GRP; - break; - } - case DOM_MAP_LOCAL: - { - grp->type = SID_NAME_ALIAS; - break; - } - } - - ret = pwdb_unixid_to_sam_sid(grp->unix_id, grp->type, &grp->sid); - } - - sid_to_string(sid_str, &grp->sid); - DEBUG(10,("nt name %s\\%s gid %d mapped to %s\n", - grp->nt_domain, grp->nt_name, grp->unix_id, sid_str)); - return ret; -} - -/************************************************************************** - makes a group sid out of an nt domain, nt group name or a unix group name. -***************************************************************************/ -static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP *map, DOM_MAP_TYPE type) -{ - /* - * Attempt to get the unix gid_t for this name. - */ - - DEBUG(5,("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name)); - - if (type == DOM_MAP_USER) - { - const struct passwd *pwptr = Get_Pwnam(map->unix_name, False); - if (pwptr == NULL) - { - DEBUG(0,("unix_name_to_nt_name_info: Get_Pwnam for user %s\ -failed. Error was %s.\n", map->unix_name, strerror(errno) )); - return False; - } - - map->unix_id = (uint32)pwptr->pw_uid; - } - else - { - struct group *gptr = getgrnam(map->unix_name); - if (gptr == NULL) - { - DEBUG(0,("unix_name_to_nt_name_info: getgrnam for group %s\ -failed. Error was %s.\n", map->unix_name, strerror(errno) )); - return False; - } - - map->unix_id = (uint32)gptr->gr_gid; - } - - DEBUG(5,("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id)); - - /* - * Now map the name to an NT SID+RID. - */ - - if (map->nt_domain != NULL && !strequal(map->nt_domain, global_sam_name)) - { - /* Must add client-call lookup code here, to - * resolve remote domain's sid and the group's rid, - * in that domain. - * - * NOTE: it is _incorrect_ to put code here that assumes - * we are responsible for lookups for foriegn domains' RIDs. - * - * for foriegn domains for which we are *NOT* the PDC, all - * we can be responsible for is the unix gid_t to which - * the foriegn SID+rid maps to, on this _local_ machine. - * we *CANNOT* make any short-cuts or assumptions about - * RIDs in a foriegn domain. - */ - - if (!map_domain_name_to_sid(&map->sid, &(map->nt_domain))) - { - DEBUG(0,("unix_name_to_nt_name_info: no known sid for %s\n", - map->nt_domain)); - return False; - } - } - - return make_mydomain_sid(map, type); -} - -static BOOL make_name_entry(name_map_entry **new_ep, - char *nt_domain, char *nt_group, char *unix_group, - DOM_MAP_TYPE type) -{ - /* - * Create the list entry and add it onto the list. - */ - - DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group)); - - (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry)); - if ((*new_ep) == NULL) - { - DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n")); - return False; - } - - ZERO_STRUCTP(*new_ep); - - (*new_ep)->grp.nt_name = strdup(nt_group ); - (*new_ep)->grp.nt_domain = strdup(nt_domain ); - (*new_ep)->grp.unix_name = strdup(unix_group); - - if ((*new_ep)->grp.nt_name == NULL || - (*new_ep)->grp.unix_name == NULL) - { - DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n")); - delete_name_entry((*new_ep)); - return False; - } - - /* - * look up the group names, make the Group-SID and unix gid - */ - - if (!unix_name_to_nt_name_info(&(*new_ep)->grp, type)) - { - delete_name_entry((*new_ep)); - return False; - } - - return True; -} - -/************************************************************************** - Load a name map file. Sets last accessed timestamp. -***************************************************************************/ -static ubi_slList *load_name_map(DOM_MAP_TYPE type) -{ - static time_t groupmap_file_last_modified = (time_t)0; - static time_t aliasmap_file_last_modified = (time_t)0; - static time_t ntusrmap_file_last_modified = (time_t)0; - static BOOL initialised_group = False; - static BOOL initialised_alias = False; - static BOOL initialised_ntusr = False; - char *groupname_map_file = lp_groupname_map(); - char *aliasname_map_file = lp_aliasname_map(); - char *ntusrname_map_file = lp_ntusrname_map(); - - FILE *fp; - char *s; - pstring buf; - name_map_entry *new_ep; - - time_t *file_last_modified = NULL; - int *initialised = NULL; - char *map_file = NULL; - ubi_slList *map_list = NULL; - - switch (type) - { - case DOM_MAP_DOMAIN: - { - file_last_modified = &groupmap_file_last_modified; - initialised = &initialised_group; - map_file = groupname_map_file; - map_list = &groupname_map_list; - - break; - } - case DOM_MAP_LOCAL: - { - file_last_modified = &aliasmap_file_last_modified; - initialised = &initialised_alias; - map_file = aliasname_map_file; - map_list = &aliasname_map_list; - - break; - } - case DOM_MAP_USER: - { - file_last_modified = &ntusrmap_file_last_modified; - initialised = &initialised_ntusr; - map_file = ntusrname_map_file; - map_list = &ntusrname_map_list; - - break; - } - } - - if (!(*initialised)) - { - DEBUG(10,("initialising map %s\n", map_file)); - ubi_slInitList(map_list); - (*initialised) = True; - } - - if (!*map_file) - { - return map_list; - } - - /* - * Load the file. - */ - - fp = open_file_if_modified(map_file, "r", file_last_modified); - if (!fp) - { - return map_list; - } - - /* - * Throw away any previous list. - */ - delete_map_list(map_list); - - DEBUG(4,("load_name_map: Scanning name map %s\n",map_file)); - - while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL) - { - pstring unixname; - pstring nt_name; - fstring nt_domain; - fstring ntname; - char *p; - - DEBUG(10,("Read line |%s|\n", s)); - - memset(nt_name, 0, sizeof(nt_name)); - - if (!*s || strchr("#;",*s)) - continue; - - if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname))) - continue; - - if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name))) - continue; - - trim_string(unixname, " ", " "); - trim_string(nt_name, " ", " "); - - if (!*nt_name) - continue; - - if (!*unixname) - continue; - - p = strchr(nt_name, '\\'); - - if (p == NULL) - { - memset(nt_domain, 0, sizeof(nt_domain)); - fstrcpy(ntname, nt_name); - } - else - { - *p = 0; - p++; - fstrcpy(nt_domain, nt_name); - fstrcpy(ntname , p); - } - - if (make_name_entry(&new_ep, nt_domain, ntname, unixname, type)) - { - ubi_slAddTail(map_list, (ubi_slNode *)new_ep); - DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n", - new_ep->grp.unix_name, - new_ep->grp.nt_domain, - new_ep->grp.nt_name, - new_ep->grp.type)); - } - } - - DEBUG(10,("load_name_map: Added %ld entries to name map.\n", - ubi_slCount(map_list))); - - fclose(fp); - - return map_list; -} - -static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from) -{ - sid_copy(&grp->sid, &from->sid); - grp->unix_id = from->unix_id; - grp->nt_name = from->nt_name; - grp->nt_domain = from->nt_domain; - grp->unix_name = from->unix_name; - grp->type = from->type; -} - -#if 0 -/*********************************************************** - Lookup unix name. -************************************************************/ -static BOOL map_unixname(DOM_MAP_TYPE type, - char *unixname, DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (strequal(gmep->grp.unix_name, unixname)) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_unixname: Mapping unix name %s to nt group %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - -#endif - -/*********************************************************** - Lookup nt name. -************************************************************/ -static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain, - DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (strequal(gmep->grp.nt_name , ntname) && - strequal(gmep->grp.nt_domain, ntdomain)) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_ntname: Mapping unix name %s to nt name %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - - -/*********************************************************** - Lookup by SID -************************************************************/ -static BOOL map_sid(DOM_MAP_TYPE type, - DOM_SID *psid, DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (sid_equal(&gmep->grp.sid, psid)) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_sid: Mapping unix name %s to nt name %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - -/*********************************************************** - Lookup by gid_t. -************************************************************/ -static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - fstring sid_str; - sid_to_string(sid_str, &gmep->grp.sid); - DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n", - gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str)); - if (gmep->grp.unix_id == unix_id) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_unixid: Mapping unix name %s to nt name %s type %d\n", - gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type)); - return True; - } - } - - return False; -} - -/*********************************************************** - * - * Call four functions to resolve unix group ids and either - * local group SIDs or domain group SIDs listed in the local group - * or domain group map files. - * - * Note that it is *NOT* the responsibility of these functions to - * resolve entries that are not in the map files. - * - * Any SID can be in the map files (i.e from any Domain). - * - ***********************************************************/ - -#if 0 - -/*********************************************************** - Lookup a UNIX Group entry by name. -************************************************************/ -BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info) -{ - return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info); -} - -/*********************************************************** - Lookup a UNIX Alias entry by name. -************************************************************/ -BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info) -{ - return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info); -} - -/*********************************************************** - Lookup an Alias name entry -************************************************************/ -BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info) -{ - return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info); -} - -/*********************************************************** - Lookup a Group entry -************************************************************/ -BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info) -{ - return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info); -} - -#endif - -/*********************************************************** - Lookup a Username entry by name. -************************************************************/ -static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_info) -{ - return map_ntname(DOM_MAP_USER, nt_name, nt_domain, grp_info); -} - -/*********************************************************** - Lookup a Username entry by SID. -************************************************************/ -static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info) -{ - return map_sid(DOM_MAP_USER, sid, grp_info); -} - -/*********************************************************** - Lookup a Username SID entry by uid. -************************************************************/ -static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info) -{ - return map_unixid(DOM_MAP_USER, (uint32)gid, grp_info); -} - -/*********************************************************** - Lookup an Alias SID entry by name. -************************************************************/ -BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info) -{ - return map_sid(DOM_MAP_LOCAL, psid, grp_info); -} - -/*********************************************************** - Lookup a Group entry by sid. -************************************************************/ -BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info) -{ - return map_sid(DOM_MAP_DOMAIN, psid, grp_info); -} - -/*********************************************************** - Lookup an Alias SID entry by gid_t. -************************************************************/ -static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info) -{ - return map_unixid(DOM_MAP_LOCAL, (uint32)gid, grp_info); -} - -/*********************************************************** - Lookup a Group SID entry by gid_t. -************************************************************/ -static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info) -{ - return map_unixid(DOM_MAP_DOMAIN, (uint32)gid, grp_info); -} - - -/************************************************************************ - Routine to look up User details by UNIX name -*************************************************************************/ -BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp) -{ - uid_t uid; - DEBUG(10,("lookupsmbpwnam: unix user name %s\n", unix_usr_name)); - if (nametouid(unix_usr_name, &uid)) - { - return lookupsmbpwuid(uid, grp); - } - else - { - return False; - } -} - -/************************************************************************ - Routine to look up a remote nt name -*************************************************************************/ -static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type) -{ - struct cli_state cli; - POLICY_HND lsa_pol; - fstring srv_name; - extern struct ntuser_creds *usr_creds; - struct ntuser_creds usr; - - BOOL res3 = True; - BOOL res4 = True; - uint32 num_sids; - DOM_SID *sids; - uint8 *types; - char *names[1]; - - usr_creds = &usr; - - ZERO_STRUCT(usr); - pwd_set_nullpwd(&usr.pwd); - - DEBUG(5,("lookup_remote_ntname: %s\n", ntname)); - - if (!cli_connect_serverlist(&cli, lp_passwordserver())) - { - return False; - } - - names[0] = ntname; - - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, cli.desthost); - strupper(srv_name); - - /* lookup domain controller; receive a policy handle */ - res3 = res3 ? lsa_open_policy( srv_name, - &lsa_pol, True) : False; - - /* send lsa lookup sids call */ - res4 = res3 ? lsa_lookup_names( &lsa_pol, - 1, names, - &sids, &types, &num_sids) : False; - - res3 = res3 ? lsa_close(&lsa_pol) : False; - - if (res4 && res3 && sids != NULL && types != NULL) - { - sid_copy(sid, &sids[0]); - *type = types[0]; - } - else - { - res3 = False; - } - if (types != NULL) - { - free(types); - } - - if (sids != NULL) - { - free(sids); - } - - return res3 && res4; -} - -/************************************************************************ - Routine to look up a remote nt name -*************************************************************************/ -static BOOL get_sid_and_type(const char *fullntname, uint8 expected_type, - DOM_NAME_MAP *gmep) -{ - /* - * check with the PDC to see if it owns the name. if so, - * the SID is resolved with the PDC database. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { - if (lookup_remote_ntname(fullntname, &gmep->sid, &gmep->type)) - { - if (sid_front_equal(&gmep->sid, &global_member_sid) && - strequal(gmep->nt_domain, global_myworkgroup) && - gmep->type == expected_type) - { - return True; - } - return False; - } - } - - /* - * ... otherwise, it's one of ours. map the sid ourselves, - * which can only happen in our own SAM database. - */ - - if (!strequal(gmep->nt_domain, global_sam_name)) - { - return False; - } - if (!pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid)) - { - return False; - } - - return True; -} - -/* - * used by lookup functions below - */ - -static fstring nt_name; -static fstring unix_name; -static fstring nt_domain; - -/************************************************************************* - looks up a uid, returns User Information. -*************************************************************************/ -BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep) -{ - DEBUG(10,("lookupsmbpwuid: unix uid %d\n", uid)); - if (map_username_uid(uid, gmep)) - { - return True; - } -#if 0 - if (lp_server_role() != ROLE_DOMAIN_NONE) -#endif - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - gmep->unix_id = (uint32)uid; - - /* - * ok, assume it's one of ours. then double-check it - * if we are a member of a domain - */ - - gmep->type = SID_NAME_USER; - fstrcpy(gmep->nt_name, uidtoname(uid)); - fstrcpy(gmep->unix_name, gmep->nt_name); - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...); -#endif - } - - /* - * ok, it's one of ours. - */ - - gmep->nt_domain = global_sam_name; - pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid); - - return True; - } - - /* oops. */ - - return False; -} - -/************************************************************************* - looks up by NT name, returns User Information. -*************************************************************************/ -BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep) -{ - DEBUG(10,("lookupsmbpwntnam: nt user name %s\n", fullntname)); - - if (!split_domain_name(fullntname, nt_domain, nt_name)) - { - return False; - } - - if (map_nt_username(nt_name, nt_domain, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - uid_t uid; - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - /* - * ok, it's one of ours. we therefore "create" an nt user named - * after the unix user. this is the point where "appliance mode" - * should get its teeth in, as unix users won't really exist, - * they will only be numbers... - */ - - gmep->type = SID_NAME_USER; - fstrcpy(gmep->unix_name, gmep->nt_name); - if (!nametouid(gmep->unix_name, &uid)) - { - return False; - } - gmep->unix_id = (uint32)uid; - - return get_sid_and_type(fullntname, gmep->type, gmep); - } - - /* oops. */ - - return False; -} - -/************************************************************************* - looks up by RID, returns User Information. -*************************************************************************/ -BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep) -{ - fstring sid_str; - sid_to_string(sid_str, sid); - DEBUG(10,("lookupsmbpwsid: nt sid %s\n", sid_str)); - - if (map_username_sid(sid, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - if (lookup_remote_sid(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...); -#endif - } - - /* - * ok, it's one of ours. we therefore "create" an nt user named - * after the unix user. this is the point where "appliance mode" - * should get its teeth in, as unix users won't really exist, - * they will only be numbers... - */ - - gmep->type = SID_NAME_USER; - sid_copy(&gmep->sid, sid); - if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id)) - { - return False; - } - fstrcpy(gmep->nt_name, uidtoname((uid_t)gmep->unix_id)); - fstrcpy(gmep->unix_name, gmep->nt_name); - gmep->nt_domain = global_sam_name; - - return True; - } - - /* oops. */ - - return False; -} - -/************************************************************************ - Routine to look up group / alias / well-known group RID by UNIX name -*************************************************************************/ -BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp) -{ - gid_t gid; - DEBUG(10,("lookupsmbgrpnam: unix user group %s\n", unix_grp_name)); - if (nametogid(unix_grp_name, &gid)) - { - return lookupsmbgrpgid(gid, grp); - } - else - { - return False; - } -} - -/************************************************************************* - looks up a SID, returns name map entry -*************************************************************************/ -BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep) -{ - fstring sid_str; - sid_to_string(sid_str, sid); - DEBUG(10,("lookupsmbgrpsid: nt sid %s\n", sid_str)); - - if (map_alias_sid(sid, gmep)) - { - return True; - } - if (map_group_sid(sid, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...); -#endif - } - - /* - * ok, it's one of ours. we therefore "create" an nt group or - * alias name named after the unix group. this is the point - * where "appliance mode" should get its teeth in, as unix - * groups won't really exist, they will only be numbers... - */ - - /* name is not explicitly mapped - * with map files or the PDC - * so we are responsible for it... - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { - /* ... as a LOCAL group. */ - gmep->type = SID_NAME_ALIAS; - } - else - { - /* ... as a DOMAIN group. */ - gmep->type = SID_NAME_DOM_GRP; - } - - sid_copy(&gmep->sid, sid); - if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id)) - { - return False; - } - fstrcpy(gmep->nt_name, gidtoname((gid_t)gmep->unix_id)); - fstrcpy(gmep->unix_name, gmep->nt_name); - gmep->nt_domain = global_sam_name; - - return True; - } - - /* oops */ - return False; -} - -/************************************************************************* - looks up a gid, returns RID and type local, domain or well-known domain group -*************************************************************************/ -BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep) -{ - DEBUG(10,("lookupsmbgrpgid: unix gid %d\n", (int)gid)); - if (map_alias_gid(gid, gmep)) - { - return True; - } - if (map_group_gid(gid, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - gmep->unix_id = (uint32)gid; - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - if (lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...); - { - return True; - } -#endif - } - - /* - * ok, it's one of ours. we therefore "create" an nt group or - * alias name named after the unix group. this is the point - * where "appliance mode" should get its teeth in, as unix - * groups won't really exist, they will only be numbers... - */ - - /* name is not explicitly mapped - * with map files or the PDC - * so we are responsible for it... - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { - /* ... as a LOCAL group. */ - gmep->type = SID_NAME_ALIAS; - } - else - { - /* ... as a DOMAIN group. */ - gmep->type = SID_NAME_DOM_GRP; - } - fstrcpy(gmep->nt_name, gidtoname(gid)); - fstrcpy(gmep->unix_name, gmep->nt_name); - - return get_sid_and_type(gmep->nt_name, gmep->type, gmep); - } - - /* oops */ - return False; -} - diff --git a/source/libads/.cvsignore b/source/libads/.cvsignore deleted file mode 100644 index 5f2a5c4cf75..00000000000 --- a/source/libads/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -*.po -*.po32 diff --git a/source/passdb/.cvsignore b/source/passdb/.cvsignore deleted file mode 100644 index 5f2a5c4cf75..00000000000 --- a/source/passdb/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -*.po -*.po32 diff --git a/source/popt/.cvsignore b/source/popt/.cvsignore deleted file mode 100644 index 86b08b58d2c..00000000000 --- a/source/popt/.cvsignore +++ /dev/null @@ -1,8 +0,0 @@ -ID -Makefile -config.cache -config.h -config.log -config.status -rsync -zlib/dummy diff --git a/source/popt/CHANGES b/source/popt/CHANGES deleted file mode 100644 index b6ab2aa3088..00000000000 --- a/source/popt/CHANGES +++ /dev/null @@ -1,43 +0,0 @@ -1.3 -> - - heavy dose of const's - - poptParseArgvString() now NULL terminates the list - -1.2.3 -> 1.3 - - added support for single - - - misc bug fixes - - portability improvements - -1.2.2 -> 1.2.3 - - fixed memset() in help message generation (Dale Hawkins) - - added extern "C" stuff to popt.h for C++ compilers (Dale Hawkins) - - const'ified poptParseArgvString (Jeff Garzik) - -1.2.1 -> 1.2.2 - - fixed bug in chaind alias happens which seems to have only - affected --triggers in rpm - - added POPT_ARG_VAL - - popt.3 installed by default - -1.2 -> 1.2.1 - - added POPT_ARG_INTL_DOMAIN (Elliot Lee) - - updated Makefile's to be more GNUish (Elliot Lee) - -1.1 -> 1.2 - - added popt.3 man page (Robert Lynch) - - don't use mmap anymore (its lack of portability isn't worth the - trouble) - - added test script - - added support for exec - - removed support for *_POPT_ALIASES env variable -- it was a bad - idea - - reorganized into multiple source files - - added automatic help generation, POPT_AUTOHELP - - added table callbacks - - added table inclusion - - updated man page for new features - - added test scripts - -1.0 -> 1.1 - - moved to autoconf (Fred Fish) - - added STRERROR replacement (Norbert Warmuth) - - added const keywords (Bruce Perens) diff --git a/source/popt/COPYING b/source/popt/COPYING deleted file mode 100644 index b4c7ca876c6..00000000000 --- a/source/popt/COPYING +++ /dev/null @@ -1,22 +0,0 @@ -Copyright (c) 1998 Red Hat Software - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of the X Consortium shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from the X Consortium. diff --git a/source/popt/README b/source/popt/README deleted file mode 100644 index 7fccc836ffa..00000000000 --- a/source/popt/README +++ /dev/null @@ -1,18 +0,0 @@ -This is the popt command line option parsing library. While it is similiar -to getopt(3), it contains a number of enhancements, including: - - 1) popt is fully reentrant - 2) popt can parse arbitrary argv[] style arrays while - getopt(2) makes this quite difficult - 3) popt allows users to alias command line arguments - 4) popt provides convience functions for parsting strings - into argv[] style arrays - -popt is used by rpm, the Red Hat install program, and many other Red Hat -utilities, all of which provide excellent examples of how to use popt. -Complete documentation on popt is available in popt.ps (included in this -tarball), which is excerpted with permission from the book "Linux -Application Development" by Michael K. Johnson and Erik Troan (availble -from Addison Wesley in May, 1998). - -Comments on popt should be addressed to ewt@redhat.com. diff --git a/source/popt/dummy.in b/source/popt/dummy.in deleted file mode 100644 index e69de29bb2d..00000000000 --- a/source/popt/dummy.in +++ /dev/null diff --git a/source/popt/findme.c b/source/popt/findme.c deleted file mode 100644 index f2ad05bb3fb..00000000000 --- a/source/popt/findme.c +++ /dev/null @@ -1,46 +0,0 @@ -/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING - file accompanying popt source distributions, available from - ftp://ftp.redhat.com/pub/code/popt */ - -#include "system.h" -#include "findme.h" - -const char * findProgramPath(const char * argv0) { - char * path = getenv("PATH"); - char * pathbuf; - char * start, * chptr; - char * buf, *local = NULL; - - /* If there is a / in the argv[0], it has to be an absolute - path */ - if (strchr(argv0, '/')) - return xstrdup(argv0); - - if (!path) return NULL; - - local = start = pathbuf = malloc(strlen(path) + 1); - buf = malloc(strlen(path) + strlen(argv0) + 2); - strcpy(pathbuf, path); - - chptr = NULL; - do { - if ((chptr = strchr(start, ':'))) - *chptr = '\0'; - sprintf(buf, "%s/%s", start, argv0); - - if (!access(buf, X_OK)) { - if (local) free(local); - return buf; - } - - if (chptr) - start = chptr + 1; - else - start = NULL; - } while (start && *start); - - free(buf); - if (local) free(local); - - return NULL; -} diff --git a/source/popt/findme.h b/source/popt/findme.h deleted file mode 100644 index 5e93963d603..00000000000 --- a/source/popt/findme.h +++ /dev/null @@ -1,10 +0,0 @@ -/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING - file accompanying popt source distributions, available from - ftp://ftp.redhat.com/pub/code/popt */ - -#ifndef H_FINDME -#define H_FINDME - -const char * findProgramPath(const char * argv0); - -#endif diff --git a/source/popt/popt.c b/source/popt/popt.c deleted file mode 100644 index 9fa8650312c..00000000000 --- a/source/popt/popt.c +++ /dev/null @@ -1,782 +0,0 @@ -/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING - file accompanying popt source distributions, available from - ftp://ftp.redhat.com/pub/code/popt */ - -#include "system.h" -#include "findme.h" -#include "poptint.h" - -#ifndef HAVE_STRERROR -static char * strerror(int errno) { - extern int sys_nerr; - extern char * sys_errlist[]; - - if ((0 <= errno) && (errno < sys_nerr)) - return sys_errlist[errno]; - else - return POPT_("unknown errno"); -} -#endif - -void poptSetExecPath(poptContext con, const char * path, int allowAbsolute) { - if (con->execPath) xfree(con->execPath); - con->execPath = xstrdup(path); - con->execAbsolute = allowAbsolute; -} - -static void invokeCallbacks(poptContext con, const struct poptOption * table, - int post) { - const struct poptOption * opt = table; - poptCallbackType cb; - - while (opt->longName || opt->shortName || opt->arg) { - if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE) { - invokeCallbacks(con, opt->arg, post); - } else if (((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_CALLBACK) && - ((!post && (opt->argInfo & POPT_CBFLAG_PRE)) || - ( post && (opt->argInfo & POPT_CBFLAG_POST)))) { - cb = (poptCallbackType)opt->arg; - cb(con, post ? POPT_CALLBACK_REASON_POST : POPT_CALLBACK_REASON_PRE, - NULL, NULL, opt->descrip); - } - opt++; - } -} - -poptContext poptGetContext(const char * name, int argc, const char ** argv, - const struct poptOption * options, int flags) { - poptContext con = malloc(sizeof(*con)); - - memset(con, 0, sizeof(*con)); - - con->os = con->optionStack; - con->os->argc = argc; - con->os->argv = argv; - con->os->argb = NULL; - - if (!(flags & POPT_CONTEXT_KEEP_FIRST)) - con->os->next = 1; /* skip argv[0] */ - - con->leftovers = calloc( (argc + 1), sizeof(char *) ); - con->options = options; - con->aliases = NULL; - con->numAliases = 0; - con->flags = flags; - con->execs = NULL; - con->numExecs = 0; - con->finalArgvAlloced = argc * 2; - con->finalArgv = calloc( con->finalArgvAlloced, sizeof(*con->finalArgv) ); - con->execAbsolute = 1; - con->arg_strip = NULL; - - if (getenv("POSIXLY_CORRECT") || getenv("POSIX_ME_HARDER")) - con->flags |= POPT_CONTEXT_POSIXMEHARDER; - - if (name) - con->appName = strcpy(malloc(strlen(name) + 1), name); - - invokeCallbacks(con, con->options, 0); - - return con; -} - -static void cleanOSE(struct optionStackEntry *os) -{ - if (os->nextArg) { - xfree(os->nextArg); - os->nextArg = NULL; - } - if (os->argv) { - xfree(os->argv); - os->argv = NULL; - } - if (os->argb) { - PBM_FREE(os->argb); - os->argb = NULL; - } -} - -void poptResetContext(poptContext con) { - int i; - - while (con->os > con->optionStack) { - cleanOSE(con->os--); - } - if (con->os->argb) { - PBM_FREE(con->os->argb); - con->os->argb = NULL; - } - con->os->currAlias = NULL; - con->os->nextCharArg = NULL; - con->os->nextArg = NULL; - con->os->next = 1; /* skip argv[0] */ - - con->numLeftovers = 0; - con->nextLeftover = 0; - con->restLeftover = 0; - con->doExec = NULL; - - for (i = 0; i < con->finalArgvCount; i++) { - if (con->finalArgv[i]) { - xfree(con->finalArgv[i]); - con->finalArgv[i] = NULL; - } - } - - con->finalArgvCount = 0; - - if (con->arg_strip) { - PBM_FREE(con->arg_strip); - con->arg_strip = NULL; - } -} - -/* Only one of longName, shortName may be set at a time */ -static int handleExec(poptContext con, char * longName, char shortName) { - int i; - - i = con->numExecs - 1; - if (longName) { - while (i >= 0 && (!con->execs[i].longName || - strcmp(con->execs[i].longName, longName))) i--; - } else { - while (i >= 0 && - con->execs[i].shortName != shortName) i--; - } - - if (i < 0) return 0; - - if (con->flags & POPT_CONTEXT_NO_EXEC) - return 1; - - if (con->doExec == NULL) { - con->doExec = con->execs + i; - return 1; - } - - /* We already have an exec to do; remember this option for next - time 'round */ - if ((con->finalArgvCount + 1) >= (con->finalArgvAlloced)) { - con->finalArgvAlloced += 10; - con->finalArgv = realloc(con->finalArgv, - sizeof(*con->finalArgv) * con->finalArgvAlloced); - } - - i = con->finalArgvCount++; - { char *s = malloc((longName ? strlen(longName) : 0) + 3); - if (longName) - sprintf(s, "--%s", longName); - else - sprintf(s, "-%c", shortName); - con->finalArgv[i] = s; - } - - return 1; -} - -/* Only one of longName, shortName may be set at a time */ -static int handleAlias(poptContext con, const char * longName, char shortName, - /*@keep@*/ const char * nextCharArg) { - int i; - - if (con->os->currAlias && con->os->currAlias->longName && longName && - !strcmp(con->os->currAlias->longName, longName)) - return 0; - if (con->os->currAlias && shortName && - shortName == con->os->currAlias->shortName) - return 0; - - i = con->numAliases - 1; - if (longName) { - while (i >= 0 && (!con->aliases[i].longName || - strcmp(con->aliases[i].longName, longName))) i--; - } else { - while (i >= 0 && - con->aliases[i].shortName != shortName) i--; - } - - if (i < 0) return 0; - - if ((con->os - con->optionStack + 1) == POPT_OPTION_DEPTH) - return POPT_ERROR_OPTSTOODEEP; - - if (nextCharArg && *nextCharArg) - con->os->nextCharArg = nextCharArg; - - con->os++; - con->os->next = 0; - con->os->stuffed = 0; - con->os->nextArg = NULL; - con->os->nextCharArg = NULL; - con->os->currAlias = con->aliases + i; - poptDupArgv(con->os->currAlias->argc, con->os->currAlias->argv, - &con->os->argc, &con->os->argv); - con->os->argb = NULL; - - return 1; -} - -static void execCommand(poptContext con) { - const char ** argv; - int pos = 0; - const char * script = con->doExec->script; - - argv = malloc(sizeof(*argv) * - (6 + con->numLeftovers + con->finalArgvCount)); - - if (!con->execAbsolute && strchr(script, '/')) return; - - if (!strchr(script, '/') && con->execPath) { - char *s = malloc(strlen(con->execPath) + strlen(script) + 2); - sprintf(s, "%s/%s", con->execPath, script); - argv[pos] = s; - } else { - argv[pos] = script; - } - pos++; - - argv[pos] = findProgramPath(con->os->argv[0]); - if (argv[pos]) pos++; - argv[pos++] = ";"; - - memcpy(argv + pos, con->finalArgv, sizeof(*argv) * con->finalArgvCount); - pos += con->finalArgvCount; - - if (con->numLeftovers) { - argv[pos++] = "--"; - memcpy(argv + pos, con->leftovers, sizeof(*argv) * con->numLeftovers); - pos += con->numLeftovers; - } - - argv[pos++] = NULL; - -#ifdef __hpux - setresuid(getuid(), getuid(),-1); -#else -/* - * XXX " ... on BSD systems setuid() should be preferred over setreuid()" - * XXX sez' Timur Bakeyev <mc@bat.ru> - * XXX from Norbert Warmuth <nwarmuth@privat.circular.de> - */ -#if defined(HAVE_SETUID) - setuid(getuid()); -#elif defined (HAVE_SETREUID) - setreuid(getuid(), getuid()); /*hlauer: not portable to hpux9.01 */ -#else - ; /* Can't drop privileges */ -#endif -#endif - - execvp(argv[0], (char *const *)argv); -} - -/*@observer@*/ static const struct poptOption * -findOption(const struct poptOption * table, const char * longName, - char shortName, - /*@out@*/ poptCallbackType * callback, /*@out@*/ const void ** callbackData, - int singleDash) -{ - const struct poptOption * opt = table; - const struct poptOption * opt2; - const struct poptOption * cb = NULL; - - /* This happens when a single - is given */ - if (singleDash && !shortName && !*longName) - shortName = '-'; - - while (opt->longName || opt->shortName || opt->arg) { - if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE) { - opt2 = findOption(opt->arg, longName, shortName, callback, - callbackData, singleDash); - if (opt2) { - if (*callback && !*callbackData) - *callbackData = opt->descrip; - return opt2; - } - } else if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_CALLBACK) { - cb = opt; - } else if (longName && opt->longName && - (!singleDash || (opt->argInfo & POPT_ARGFLAG_ONEDASH)) && - !strcmp(longName, opt->longName)) { - break; - } else if (shortName && shortName == opt->shortName) { - break; - } - opt++; - } - - if (!opt->longName && !opt->shortName) return NULL; - *callbackData = NULL; - *callback = NULL; - if (cb) { - *callback = (poptCallbackType)cb->arg; - if (!(cb->argInfo & POPT_CBFLAG_INC_DATA)) - *callbackData = cb->descrip; - } - - return opt; -} - -static const char *findNextArg(poptContext con, unsigned argx, int delete) -{ - struct optionStackEntry * os = con->os; - const char * arg; - - do { - int i; - arg = NULL; - while (os->next == os->argc && os > con->optionStack) os--; - if (os->next == os->argc && os == con->optionStack) break; - for (i = os->next; i < os->argc; i++) { - if (os->argb && PBM_ISSET(i, os->argb)) continue; - if (*os->argv[i] == '-') continue; - if (--argx > 0) continue; - arg = os->argv[i]; - if (delete) { - if (os->argb == NULL) os->argb = PBM_ALLOC(os->argc); - PBM_SET(i, os->argb); - } - break; - } - if (os > con->optionStack) os--; - } while (arg == NULL); - return arg; -} - -static /*@only@*/ const char * expandNextArg(poptContext con, const char * s) -{ - const char *a; - size_t alen; - char *t, *te; - size_t tn = strlen(s) + 1; - char c; - - te = t = malloc(tn);; - while ((c = *s++) != '\0') { - switch (c) { -#if 0 /* XXX can't do this */ - case '\\': /* escape */ - c = *s++; - break; -#endif - case '!': - if (!(s[0] == '#' && s[1] == ':' && s[2] == '+')) - break; - if ((a = findNextArg(con, 1, 1)) == NULL) - break; - s += 3; - - alen = strlen(a); - tn += alen; - *te = '\0'; - t = realloc(t, tn); - te = t + strlen(t); - strncpy(te, a, alen); te += alen; - continue; - /*@notreached@*/ break; - default: - break; - } - *te++ = c; - } - *te = '\0'; - t = realloc(t, strlen(t)+1); /* XXX memory leak, hard to plug */ - return t; -} - -static void poptStripArg(poptContext con, int which) -{ - if(con->arg_strip == NULL) { - con->arg_strip = PBM_ALLOC(con->optionStack[0].argc); - } - PBM_SET(which, con->arg_strip); -} - -/* returns 'val' element, -1 on last item, POPT_ERROR_* on error */ -int poptGetNextOpt(poptContext con) -{ - const struct poptOption * opt = NULL; - int done = 0; - - /* looks a bit tricky to get rid of alloca properly in this fn */ -#if HAVE_ALLOCA_H -#define ALLOCA(x) alloca(x) -#else -#define ALLOCA(x) malloc(x) -#endif - - - while (!done) { - const char * origOptString = NULL; - poptCallbackType cb = NULL; - const void * cbData = NULL; - const char * longArg = NULL; - int canstrip = 0; - - while (!con->os->nextCharArg && con->os->next == con->os->argc - && con->os > con->optionStack) { - cleanOSE(con->os--); - } - if (!con->os->nextCharArg && con->os->next == con->os->argc) { - invokeCallbacks(con, con->options, 1); - if (con->doExec) execCommand(con); - return -1; - } - - /* Process next long option */ - if (!con->os->nextCharArg) { - char * localOptString, * optString; - int thisopt; - - if (con->os->argb && PBM_ISSET(con->os->next, con->os->argb)) { - con->os->next++; - continue; - } - thisopt=con->os->next; - origOptString = con->os->argv[con->os->next++]; - - if (con->restLeftover || *origOptString != '-') { - con->leftovers[con->numLeftovers++] = origOptString; - if (con->flags & POPT_CONTEXT_POSIXMEHARDER) - con->restLeftover = 1; - continue; - } - - /* Make a copy we can hack at */ - localOptString = optString = - strcpy(ALLOCA(strlen(origOptString) + 1), - origOptString); - - if (!optString[0]) - return POPT_ERROR_BADOPT; - - if (optString[1] == '-' && !optString[2]) { - con->restLeftover = 1; - continue; - } else { - char *oe; - int singleDash; - - optString++; - if (*optString == '-') - singleDash = 0, optString++; - else - singleDash = 1; - - /* XXX aliases with arg substitution need "--alias=arg" */ - if (handleAlias(con, optString, '\0', NULL)) - continue; - if (handleExec(con, optString, '\0')) - continue; - - /* Check for "--long=arg" option. */ - for (oe = optString; *oe && *oe != '='; oe++) - ; - if (*oe == '=') { - *oe++ = '\0'; - /* XXX longArg is mapped back to persistent storage. */ - longArg = origOptString + (oe - localOptString); - } - - opt = findOption(con->options, optString, '\0', &cb, &cbData, - singleDash); - if (!opt && !singleDash) - return POPT_ERROR_BADOPT; - } - - if (!opt) { - con->os->nextCharArg = origOptString + 1; - } else { - if(con->os == con->optionStack && - opt->argInfo & POPT_ARGFLAG_STRIP) { - canstrip = 1; - poptStripArg(con, thisopt); - } - } - } - - /* Process next short option */ - if (con->os->nextCharArg) { - origOptString = con->os->nextCharArg; - - con->os->nextCharArg = NULL; - - if (handleAlias(con, NULL, *origOptString, - origOptString + 1)) { - origOptString++; - continue; - } - if (handleExec(con, NULL, *origOptString)) - continue; - - opt = findOption(con->options, NULL, *origOptString, &cb, - &cbData, 0); - if (!opt) - return POPT_ERROR_BADOPT; - - origOptString++; - if (*origOptString) - con->os->nextCharArg = origOptString; - } - - if (opt->arg && (opt->argInfo & POPT_ARG_MASK) == POPT_ARG_NONE) { - *((int *)opt->arg) = 1; - } else if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_VAL) { - if (opt->arg) - *((int *) opt->arg) = opt->val; - } else if ((opt->argInfo & POPT_ARG_MASK) != POPT_ARG_NONE) { - if (con->os->nextArg) { - xfree(con->os->nextArg); - con->os->nextArg = NULL; - } - if (longArg) { - con->os->nextArg = expandNextArg(con, longArg); - } else if (con->os->nextCharArg) { - con->os->nextArg = expandNextArg(con, con->os->nextCharArg); - con->os->nextCharArg = NULL; - } else { - while (con->os->next == con->os->argc && - con->os > con->optionStack) { - cleanOSE(con->os--); - } - if (con->os->next == con->os->argc) - return POPT_ERROR_NOARG; - - /* make sure this isn't part of a short arg or the - result of an alias expansion */ - if(con->os == con->optionStack && - opt->argInfo & POPT_ARGFLAG_STRIP && - canstrip) { - poptStripArg(con, con->os->next); - } - - con->os->nextArg = expandNextArg(con, con->os->argv[con->os->next++]); - } - - if (opt->arg) { - long aLong; - char *end; - - switch (opt->argInfo & POPT_ARG_MASK) { - case POPT_ARG_STRING: - /* XXX memory leak, hard to plug */ - *((const char **) opt->arg) = xstrdup(con->os->nextArg); - break; - - case POPT_ARG_INT: - case POPT_ARG_LONG: - aLong = strtol(con->os->nextArg, &end, 0); - if (!(end && *end == '\0')) - return POPT_ERROR_BADNUMBER; - - if (aLong == LONG_MIN || aLong == LONG_MAX) - return POPT_ERROR_OVERFLOW; - if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_LONG) { - *((long *) opt->arg) = aLong; - } else { - if (aLong > INT_MAX || aLong < INT_MIN) - return POPT_ERROR_OVERFLOW; - *((int *) opt->arg) = aLong; - } - break; - - default: - fprintf(stdout, POPT_("option type (%d) not implemented in popt\n"), - opt->argInfo & POPT_ARG_MASK); - exit(EXIT_FAILURE); - } - } - } - - if (cb) - cb(con, POPT_CALLBACK_REASON_OPTION, opt, con->os->nextArg, cbData); - else if (opt->val && ((opt->argInfo & POPT_ARG_MASK) != POPT_ARG_VAL)) - done = 1; - - if ((con->finalArgvCount + 2) >= (con->finalArgvAlloced)) { - con->finalArgvAlloced += 10; - con->finalArgv = realloc(con->finalArgv, - sizeof(*con->finalArgv) * con->finalArgvAlloced); - } - - { char *s = malloc((opt->longName ? strlen(opt->longName) : 0) + 3); - if (opt->longName) - sprintf(s, "--%s", opt->longName); - else - sprintf(s, "-%c", opt->shortName); - con->finalArgv[con->finalArgvCount++] = s; - } - - if (opt->arg && (opt->argInfo & POPT_ARG_MASK) != POPT_ARG_NONE - && (opt->argInfo & POPT_ARG_MASK) != POPT_ARG_VAL) { - con->finalArgv[con->finalArgvCount++] = xstrdup(con->os->nextArg); - } - } - - return opt->val; -} - -const char * poptGetOptArg(poptContext con) { - const char * ret = con->os->nextArg; - con->os->nextArg = NULL; - return ret; -} - -const char * poptGetArg(poptContext con) { - if (con->numLeftovers == con->nextLeftover) return NULL; - return con->leftovers[con->nextLeftover++]; -} - -const char * poptPeekArg(poptContext con) { - if (con->numLeftovers == con->nextLeftover) return NULL; - return con->leftovers[con->nextLeftover]; -} - -const char ** poptGetArgs(poptContext con) { - if (con->numLeftovers == con->nextLeftover) return NULL; - - /* some apps like [like RPM ;-) ] need this NULL terminated */ - con->leftovers[con->numLeftovers] = NULL; - - return (con->leftovers + con->nextLeftover); -} - -void poptFreeContext(poptContext con) { - int i; - - poptResetContext(con); - if (con->os->argb) free(con->os->argb); - - for (i = 0; i < con->numAliases; i++) { - if (con->aliases[i].longName) xfree(con->aliases[i].longName); - free(con->aliases[i].argv); - } - - for (i = 0; i < con->numExecs; i++) { - if (con->execs[i].longName) xfree(con->execs[i].longName); - xfree(con->execs[i].script); - } - if (con->execs) xfree(con->execs); - - free(con->leftovers); - free(con->finalArgv); - if (con->appName) xfree(con->appName); - if (con->aliases) free(con->aliases); - if (con->otherHelp) xfree(con->otherHelp); - if (con->execPath) xfree(con->execPath); - if (con->arg_strip) PBM_FREE(con->arg_strip); - - free(con); -} - -int poptAddAlias(poptContext con, struct poptAlias newAlias, - /*@unused@*/ int flags) -{ - int aliasNum = con->numAliases++; - struct poptAlias * alias; - - /* SunOS won't realloc(NULL, ...) */ - if (!con->aliases) - con->aliases = malloc(sizeof(newAlias) * con->numAliases); - else - con->aliases = realloc(con->aliases, - sizeof(newAlias) * con->numAliases); - alias = con->aliases + aliasNum; - - alias->longName = (newAlias.longName) - ? strcpy(malloc(strlen(newAlias.longName) + 1), newAlias.longName) - : NULL; - alias->shortName = newAlias.shortName; - alias->argc = newAlias.argc; - alias->argv = newAlias.argv; - - return 0; -} - -const char * poptBadOption(poptContext con, int flags) { - struct optionStackEntry * os; - - if (flags & POPT_BADOPTION_NOALIAS) - os = con->optionStack; - else - os = con->os; - - return os->argv[os->next - 1]; -} - -#define POPT_ERROR_NOARG -10 -#define POPT_ERROR_BADOPT -11 -#define POPT_ERROR_OPTSTOODEEP -13 -#define POPT_ERROR_BADQUOTE -15 /* only from poptParseArgString() */ -#define POPT_ERROR_ERRNO -16 /* only from poptParseArgString() */ - -const char *poptStrerror(const int error) { - switch (error) { - case POPT_ERROR_NOARG: - return POPT_("missing argument"); - case POPT_ERROR_BADOPT: - return POPT_("unknown option"); - case POPT_ERROR_OPTSTOODEEP: - return POPT_("aliases nested too deeply"); - case POPT_ERROR_BADQUOTE: - return POPT_("error in paramter quoting"); - case POPT_ERROR_BADNUMBER: - return POPT_("invalid numeric value"); - case POPT_ERROR_OVERFLOW: - return POPT_("number too large or too small"); - case POPT_ERROR_ERRNO: - return strerror(errno); - default: - return POPT_("unknown error"); - } -} - -int poptStuffArgs(poptContext con, const char ** argv) { - int argc; - - if ((con->os - con->optionStack) == POPT_OPTION_DEPTH) - return POPT_ERROR_OPTSTOODEEP; - - for (argc = 0; argv[argc]; argc++) - ; - - con->os++; - con->os->next = 0; - con->os->nextArg = NULL; - con->os->nextCharArg = NULL; - con->os->currAlias = NULL; - poptDupArgv(argc, argv, &con->os->argc, &con->os->argv); - con->os->argb = NULL; - con->os->stuffed = 1; - - return 0; -} - -const char * poptGetInvocationName(poptContext con) { - return con->os->argv[0]; -} - -int poptStrippedArgv(poptContext con, int argc, char **argv) -{ - int i,j=1, numargs=argc; - - for(i=1; i<argc; i++) { - if(PBM_ISSET(i, con->arg_strip)) { - numargs--; - } - } - - for(i=1; i<argc; i++) { - if(PBM_ISSET(i, con->arg_strip)) { - continue; - } else { - if(j<numargs) { - argv[j++]=argv[i]; - } else { - argv[j++]='\0'; - } - } - } - - return(numargs); -} diff --git a/source/popt/popt.h b/source/popt/popt.h deleted file mode 100644 index c33cedaec99..00000000000 --- a/source/popt/popt.h +++ /dev/null @@ -1,130 +0,0 @@ -/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING - file accompanying popt source distributions, available from - ftp://ftp.redhat.com/pub/code/popt */ - -#ifndef H_POPT -#define H_POPT - -#ifdef __cplusplus -extern "C" { -#endif - -#include <stdio.h> /* for FILE * */ - -#define POPT_OPTION_DEPTH 10 - -#define POPT_ARG_NONE 0 -#define POPT_ARG_STRING 1 -#define POPT_ARG_INT 2 -#define POPT_ARG_LONG 3 -#define POPT_ARG_INCLUDE_TABLE 4 /* arg points to table */ -#define POPT_ARG_CALLBACK 5 /* table-wide callback... must be - set first in table; arg points - to callback, descrip points to - callback data to pass */ -#define POPT_ARG_INTL_DOMAIN 6 /* set the translation domain - for this table and any - included tables; arg points - to the domain string */ -#define POPT_ARG_VAL 7 /* arg should take value val */ -#define POPT_ARG_MASK 0x0000FFFF -#define POPT_ARGFLAG_ONEDASH 0x80000000 /* allow -longoption */ -#define POPT_ARGFLAG_DOC_HIDDEN 0x40000000 /* don't show in help/usage */ -#define POPT_ARGFLAG_STRIP 0x20000000 /* strip this arg from argv (only applies to long args) */ -#define POPT_CBFLAG_PRE 0x80000000 /* call the callback before parse */ -#define POPT_CBFLAG_POST 0x40000000 /* call the callback after parse */ -#define POPT_CBFLAG_INC_DATA 0x20000000 /* use data from the include line, - not the subtable */ - -#define POPT_ERROR_NOARG -10 -#define POPT_ERROR_BADOPT -11 -#define POPT_ERROR_OPTSTOODEEP -13 -#define POPT_ERROR_BADQUOTE -15 /* only from poptParseArgString() */ -#define POPT_ERROR_ERRNO -16 /* only from poptParseArgString() */ -#define POPT_ERROR_BADNUMBER -17 -#define POPT_ERROR_OVERFLOW -18 - -/* poptBadOption() flags */ -#define POPT_BADOPTION_NOALIAS (1 << 0) /* don't go into an alias */ - -/* poptGetContext() flags */ -#define POPT_CONTEXT_NO_EXEC (1 << 0) /* ignore exec expansions */ -#define POPT_CONTEXT_KEEP_FIRST (1 << 1) /* pay attention to argv[0] */ -#define POPT_CONTEXT_POSIXMEHARDER (1 << 2) /* options can't follow args */ - -struct poptOption { - /*@observer@*/ /*@null@*/ const char * longName; /* may be NULL */ - char shortName; /* may be '\0' */ - int argInfo; - /*@shared@*/ /*@null@*/ void * arg; /* depends on argInfo */ - int val; /* 0 means don't return, just update flag */ - /*@shared@*/ /*@null@*/ const char * descrip; /* description for autohelp -- may be NULL */ - /*@shared@*/ /*@null@*/ const char * argDescrip; /* argument description for autohelp */ -}; - -struct poptAlias { - /*@owned@*/ /*@null@*/ const char * longName; /* may be NULL */ - char shortName; /* may be '\0' */ - int argc; - /*@owned@*/ const char ** argv; /* must be free()able */ -}; - -extern struct poptOption poptHelpOptions[]; -#define POPT_AUTOHELP { NULL, '\0', POPT_ARG_INCLUDE_TABLE, poptHelpOptions, \ - 0, "Help options", NULL }, - -typedef struct poptContext_s * poptContext; -#ifndef __cplusplus -typedef struct poptOption * poptOption; -#endif - -enum poptCallbackReason { POPT_CALLBACK_REASON_PRE, - POPT_CALLBACK_REASON_POST, - POPT_CALLBACK_REASON_OPTION }; -typedef void (*poptCallbackType)(poptContext con, - enum poptCallbackReason reason, - const struct poptOption * opt, - const char * arg, const void * data); - -/*@only@*/ poptContext poptGetContext(/*@keep@*/ const char * name, - int argc, /*@keep@*/ const char ** argv, - /*@keep@*/ const struct poptOption * options, int flags); -void poptResetContext(poptContext con); - -/* returns 'val' element, -1 on last item, POPT_ERROR_* on error */ -int poptGetNextOpt(poptContext con); -/* returns NULL if no argument is available */ -/*@observer@*/ /*@null@*/ const char * poptGetOptArg(poptContext con); -/* returns NULL if no more options are available */ -/*@observer@*/ /*@null@*/ const char * poptGetArg(poptContext con); -/*@observer@*/ /*@null@*/ const char * poptPeekArg(poptContext con); -/*@observer@*/ /*@null@*/ const char ** poptGetArgs(poptContext con); -/* returns the option which caused the most recent error */ -/*@observer@*/ const char * poptBadOption(poptContext con, int flags); -void poptFreeContext( /*@only@*/ poptContext con); -int poptStuffArgs(poptContext con, /*@keep@*/ const char ** argv); -int poptAddAlias(poptContext con, struct poptAlias alias, int flags); -int poptReadConfigFile(poptContext con, const char * fn); -/* like above, but reads /etc/popt and $HOME/.popt along with environment - vars */ -int poptReadDefaultConfig(poptContext con, int useEnv); -/* argv should be freed -- this allows ', ", and \ quoting, but ' is treated - the same as " and both may include \ quotes */ -int poptDupArgv(int argc, const char **argv, - /*@out@*/ int * argcPtr, /*@out@*/ const char *** argvPtr); -int poptParseArgvString(const char * s, - /*@out@*/ int * argcPtr, /*@out@*/ const char *** argvPtr); -/*@observer@*/ const char *poptStrerror(const int error); -void poptSetExecPath(poptContext con, const char * path, int allowAbsolute); -void poptPrintHelp(poptContext con, FILE * f, int flags); -void poptPrintUsage(poptContext con, FILE * f, int flags); -void poptSetOtherOptionHelp(poptContext con, const char * text); -/*@observer@*/ const char * poptGetInvocationName(poptContext con); -/* shuffles argv pointers to remove stripped args, returns new argc */ -int poptStrippedArgv(poptContext con, int argc, char **argv); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/source/popt/poptconfig.c b/source/popt/poptconfig.c deleted file mode 100644 index eb769413630..00000000000 --- a/source/popt/poptconfig.c +++ /dev/null @@ -1,142 +0,0 @@ -/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING - file accompanying popt source distributions, available from - ftp://ftp.redhat.com/pub/code/popt */ - -#include "system.h" -#include "poptint.h" - -static void configLine(poptContext con, char * line) { - int nameLength = strlen(con->appName); - char * opt; - struct poptAlias alias; - char * entryType; - char * longName = NULL; - char shortName = '\0'; - - if (strncmp(line, con->appName, nameLength)) return; - line += nameLength; - if (!*line || !isspace(*line)) return; - while (*line && isspace(*line)) line++; - entryType = line; - - while (!*line || !isspace(*line)) line++; - *line++ = '\0'; - while (*line && isspace(*line)) line++; - if (!*line) return; - opt = line; - - while (!*line || !isspace(*line)) line++; - *line++ = '\0'; - while (*line && isspace(*line)) line++; - if (!*line) return; - - if (opt[0] == '-' && opt[1] == '-') - longName = opt + 2; - else if (opt[0] == '-' && !opt[2]) - shortName = opt[1]; - - if (!strcmp(entryType, "alias")) { - if (poptParseArgvString(line, &alias.argc, &alias.argv)) return; - alias.longName = longName, alias.shortName = shortName; - poptAddAlias(con, alias, 0); - } else if (!strcmp(entryType, "exec")) { - con->execs = realloc(con->execs, - sizeof(*con->execs) * (con->numExecs + 1)); - if (longName) - con->execs[con->numExecs].longName = xstrdup(longName); - else - con->execs[con->numExecs].longName = NULL; - - con->execs[con->numExecs].shortName = shortName; - con->execs[con->numExecs].script = xstrdup(line); - - con->numExecs++; - } -} - -int poptReadConfigFile(poptContext con, const char * fn) { - char * file=NULL, * chptr, * end; - char * buf=NULL, * dst; - int fd, rc; - int fileLength; - - fd = open(fn, O_RDONLY); - if (fd < 0) { - if (errno == ENOENT) - return 0; - else - return POPT_ERROR_ERRNO; - } - - fileLength = lseek(fd, 0, SEEK_END); - (void) lseek(fd, 0, 0); - - file = malloc(fileLength + 1); - if (read(fd, file, fileLength) != fileLength) { - rc = errno; - close(fd); - errno = rc; - if (file) free(file); - return POPT_ERROR_ERRNO; - } - close(fd); - - dst = buf = malloc(fileLength + 1); - - chptr = file; - end = (file + fileLength); - while (chptr < end) { - switch (*chptr) { - case '\n': - *dst = '\0'; - dst = buf; - while (*dst && isspace(*dst)) dst++; - if (*dst && *dst != '#') { - configLine(con, dst); - } - chptr++; - break; - case '\\': - *dst++ = *chptr++; - if (chptr < end) { - if (*chptr == '\n') - dst--, chptr++; - /* \ at the end of a line does not insert a \n */ - else - *dst++ = *chptr++; - } - break; - default: - *dst++ = *chptr++; - break; - } - } - - free(file); - free(buf); - - return 0; -} - -int poptReadDefaultConfig(poptContext con, /*@unused@*/ int useEnv) { - char * fn, * home; - int rc; - - if (!con->appName) return 0; - - rc = poptReadConfigFile(con, "/etc/popt"); - if (rc) return rc; - if (getuid() != geteuid()) return 0; - - if ((home = getenv("HOME"))) { - fn = malloc(strlen(home) + 20); - strcpy(fn, home); - strcat(fn, "/.popt"); - rc = poptReadConfigFile(con, fn); - free(fn); - if (rc) return rc; - } - - return 0; -} - diff --git a/source/popt/popthelp.c b/source/popt/popthelp.c deleted file mode 100644 index 6b790a63e78..00000000000 --- a/source/popt/popthelp.c +++ /dev/null @@ -1,301 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 4 -*- */ - -/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING - file accompanying popt source distributions, available from - ftp://ftp.redhat.com/pub/code/popt */ - -#include "system.h" -#include "poptint.h" - -static void displayArgs(poptContext con, - /*@unused@*/ enum poptCallbackReason foo, - struct poptOption * key, - /*@unused@*/ const char * arg, /*@unused@*/ void * data) { - if (key->shortName== '?') - poptPrintHelp(con, stdout, 0); - else - poptPrintUsage(con, stdout, 0); - exit(0); -} - -struct poptOption poptHelpOptions[] = { - { NULL, '\0', POPT_ARG_CALLBACK, (void *)&displayArgs, '\0', NULL, NULL }, - { "help", '?', 0, NULL, '?', N_("Show this help message"), NULL }, - { "usage", '\0', 0, NULL, 'u', N_("Display brief usage message"), NULL }, - { NULL, '\0', 0, NULL, 0, NULL, NULL } -} ; - - -/*@observer@*/ /*@null@*/ static const char * -getTableTranslationDomain(const struct poptOption *table) -{ - const struct poptOption *opt; - - for(opt = table; - opt->longName || opt->shortName || opt->arg; - opt++) { - if(opt->argInfo == POPT_ARG_INTL_DOMAIN) - return opt->arg; - } - - return NULL; -} - -/*@observer@*/ /*@null@*/ static const char * -getArgDescrip(const struct poptOption * opt, const char *translation_domain) -{ - if (!(opt->argInfo & POPT_ARG_MASK)) return NULL; - - if (opt == (poptHelpOptions + 1) || opt == (poptHelpOptions + 2)) - if (opt->argDescrip) return POPT_(opt->argDescrip); - - if (opt->argDescrip) return D_(translation_domain, opt->argDescrip); - return POPT_("ARG"); -} - -static void singleOptionHelp(FILE * f, int maxLeftCol, - const struct poptOption * opt, - const char *translation_domain) { - int indentLength = maxLeftCol + 5; - int lineLength = 79 - indentLength; - const char * help = D_(translation_domain, opt->descrip); - int helpLength; - const char * ch; - char format[10]; - char * left; - const char * argDescrip = getArgDescrip(opt, translation_domain); - - left = malloc(maxLeftCol + 1); - *left = '\0'; - - if (opt->longName && opt->shortName) - sprintf(left, "-%c, --%s", opt->shortName, opt->longName); - else if (opt->shortName) - sprintf(left, "-%c", opt->shortName); - else if (opt->longName) - sprintf(left, "--%s", opt->longName); - if (!*left) return ; - if (argDescrip) { - strcat(left, "="); - strcat(left, argDescrip); - } - - if (help) - fprintf(f," %-*s ", maxLeftCol, left); - else { - fprintf(f," %s\n", left); - goto out; - } - - helpLength = strlen(help); - while (helpLength > lineLength) { - ch = help + lineLength - 1; - while (ch > help && !isspace(*ch)) ch--; - if (ch == help) break; /* give up */ - while (ch > (help + 1) && isspace(*ch)) ch--; - ch++; - - sprintf(format, "%%.%ds\n%%%ds", (int) (ch - help), indentLength); - fprintf(f, format, help, " "); - help = ch; - while (isspace(*help) && *help) help++; - helpLength = strlen(help); - } - - if (helpLength) fprintf(f, "%s\n", help); - -out: - free(left); -} - -static int maxArgWidth(const struct poptOption * opt, - const char * translation_domain) { - int max = 0; - int this; - const char * s; - - while (opt->longName || opt->shortName || opt->arg) { - if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE) { - this = maxArgWidth(opt->arg, translation_domain); - if (this > max) max = this; - } else if (!(opt->argInfo & POPT_ARGFLAG_DOC_HIDDEN)) { - this = opt->shortName ? 2 : 0; - if (opt->longName) { - if (this) this += 2; - this += strlen(opt->longName) + 2; - } - - s = getArgDescrip(opt, translation_domain); - if (s) - this += strlen(s) + 1; - if (this > max) max = this; - } - - opt++; - } - - return max; -} - -static void singleTableHelp(FILE * f, const struct poptOption * table, - int left, - const char *translation_domain) { - const struct poptOption * opt; - const char *sub_transdom; - - opt = table; - while (opt->longName || opt->shortName || opt->arg) { - if ((opt->longName || opt->shortName) && - !(opt->argInfo & POPT_ARGFLAG_DOC_HIDDEN)) - singleOptionHelp(f, left, opt, translation_domain); - opt++; - } - - opt = table; - while (opt->longName || opt->shortName || opt->arg) { - if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE) { - sub_transdom = getTableTranslationDomain(opt->arg); - if(!sub_transdom) - sub_transdom = translation_domain; - - if (opt->descrip) - fprintf(f, "\n%s\n", D_(sub_transdom, opt->descrip)); - - singleTableHelp(f, opt->arg, left, sub_transdom); - } - opt++; - } -} - -static int showHelpIntro(poptContext con, FILE * f) { - int len = 6; - const char * fn; - - fprintf(f, POPT_("Usage:")); - if (!(con->flags & POPT_CONTEXT_KEEP_FIRST)) { - fn = con->optionStack->argv[0]; - if (strchr(fn, '/')) fn = strchr(fn, '/') + 1; - fprintf(f, " %s", fn); - len += strlen(fn) + 1; - } - - return len; -} - -void poptPrintHelp(poptContext con, FILE * f, /*@unused@*/ int flags) { - int leftColWidth; - - showHelpIntro(con, f); - if (con->otherHelp) - fprintf(f, " %s\n", con->otherHelp); - else - fprintf(f, " %s\n", POPT_("[OPTION...]")); - - leftColWidth = maxArgWidth(con->options, NULL); - singleTableHelp(f, con->options, leftColWidth, NULL); -} - -static int singleOptionUsage(FILE * f, int cursor, - const struct poptOption * opt, - const char *translation_domain) { - int len = 3; - char shortStr[2] = { '\0', '\0' }; - const char * item = shortStr; - const char * argDescrip = getArgDescrip(opt, translation_domain); - - if (opt->shortName) { - if (!(opt->argInfo & POPT_ARG_MASK)) - return cursor; /* we did these already */ - len++; - *shortStr = opt->shortName; - shortStr[1] = '\0'; - } else if (opt->longName) { - len += 1 + strlen(opt->longName); - item = opt->longName; - } - - if (len == 3) return cursor; - - if (argDescrip) - len += strlen(argDescrip) + 1; - - if ((cursor + len) > 79) { - fprintf(f, "\n "); - cursor = 7; - } - - fprintf(f, " [-%s%s%s%s]", opt->shortName ? "" : "-", item, - argDescrip ? (opt->shortName ? " " : "=") : "", - argDescrip ? argDescrip : ""); - - return cursor + len + 1; -} - -static int singleTableUsage(FILE * f, int cursor, const struct poptOption * table, - const char *translation_domain) { - const struct poptOption * opt; - - opt = table; - while (opt->longName || opt->shortName || opt->arg) { - if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INTL_DOMAIN) - translation_domain = (const char *)opt->arg; - else if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE) - cursor = singleTableUsage(f, cursor, opt->arg, - translation_domain); - else if ((opt->longName || opt->shortName) && - !(opt->argInfo & POPT_ARGFLAG_DOC_HIDDEN)) - cursor = singleOptionUsage(f, cursor, opt, translation_domain); - - opt++; - } - - return cursor; -} - -static int showShortOptions(const struct poptOption * opt, FILE * f, - char * str) { - char s[300]; /* this is larger then the ascii set, so - it should do just fine */ - - s[0] = '\0'; - if (str == NULL) { - memset(s, 0, sizeof(s)); - str = s; - } - - while (opt->longName || opt->shortName || opt->arg) { - if (opt->shortName && !(opt->argInfo & POPT_ARG_MASK)) - str[strlen(str)] = opt->shortName; - else if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE) - showShortOptions(opt->arg, f, str); - - opt++; - } - - if (s != str || !*s) - return 0; - - fprintf(f, " [-%s]", s); - return strlen(s) + 4; -} - -void poptPrintUsage(poptContext con, FILE * f, /*@unused@*/ int flags) { - int cursor; - - cursor = showHelpIntro(con, f); - cursor += showShortOptions(con->options, f, NULL); - singleTableUsage(f, cursor, con->options, NULL); - - if (con->otherHelp) { - cursor += strlen(con->otherHelp) + 1; - if (cursor > 79) fprintf(f, "\n "); - fprintf(f, " %s", con->otherHelp); - } - - fprintf(f, "\n"); -} - -void poptSetOtherOptionHelp(poptContext con, const char * text) { - if (con->otherHelp) xfree(con->otherHelp); - con->otherHelp = xstrdup(text); -} diff --git a/source/popt/poptint.h b/source/popt/poptint.h deleted file mode 100644 index 1847ffafe67..00000000000 --- a/source/popt/poptint.h +++ /dev/null @@ -1,71 +0,0 @@ -/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING - file accompanying popt source distributions, available from - ftp://ftp.redhat.com/pub/code/popt */ - -#ifndef H_POPTINT -#define H_POPTINT - -/* Bit mask macros. */ -typedef unsigned int __pbm_bits; -#define __PBM_NBITS (8 * sizeof (__pbm_bits)) -#define __PBM_IX(d) ((d) / __PBM_NBITS) -#define __PBM_MASK(d) ((__pbm_bits) 1 << ((d) % __PBM_NBITS)) -typedef struct { - __pbm_bits bits[1]; -} pbm_set; -#define __PBM_BITS(set) ((set)->bits) - -#define PBM_ALLOC(d) calloc(__PBM_IX (d) + 1, sizeof(__pbm_bits)) -#define PBM_FREE(s) free(s); -#define PBM_SET(d, s) (__PBM_BITS (s)[__PBM_IX (d)] |= __PBM_MASK (d)) -#define PBM_CLR(d, s) (__PBM_BITS (s)[__PBM_IX (d)] &= ~__PBM_MASK (d)) -#define PBM_ISSET(d, s) ((__PBM_BITS (s)[__PBM_IX (d)] & __PBM_MASK (d)) != 0) - -struct optionStackEntry { - int argc; - /*@only@*/ const char ** argv; - /*@only@*/ pbm_set * argb; - int next; - /*@only@*/ const char * nextArg; - /*@keep@*/ const char * nextCharArg; - /*@dependent@*/ struct poptAlias * currAlias; - int stuffed; -}; - -struct execEntry { - const char * longName; - char shortName; - const char * script; -}; - -struct poptContext_s { - struct optionStackEntry optionStack[POPT_OPTION_DEPTH]; - /*@dependent@*/ struct optionStackEntry * os; - /*@owned@*/ const char ** leftovers; - int numLeftovers; - int nextLeftover; - /*@keep@*/ const struct poptOption * options; - int restLeftover; - /*@only@*/ const char * appName; - /*@only@*/ struct poptAlias * aliases; - int numAliases; - int flags; - struct execEntry * execs; - int numExecs; - /*@only@*/ const char ** finalArgv; - int finalArgvCount; - int finalArgvAlloced; - /*@dependent@*/ struct execEntry * doExec; - /*@only@*/ const char * execPath; - int execAbsolute; - /*@only@*/ const char * otherHelp; - pbm_set * arg_strip; -}; - -#define xfree(_a) free((void *)_a) - -#define POPT_(foo) (foo) -#define D_(dom, str) (str) -#define N_(foo) (foo) - -#endif diff --git a/source/popt/poptparse.c b/source/popt/poptparse.c deleted file mode 100644 index 8f00769be9f..00000000000 --- a/source/popt/poptparse.c +++ /dev/null @@ -1,102 +0,0 @@ -/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING - file accompanying popt source distributions, available from - ftp://ftp.redhat.com/pub/code/popt */ - -#include "system.h" - -#define POPT_ARGV_ARRAY_GROW_DELTA 5 - -int poptDupArgv(int argc, const char **argv, - int * argcPtr, const char *** argvPtr) -{ - size_t nb = (argc + 1) * sizeof(*argv); - const char ** argv2; - char * dst; - int i; - - for (i = 0; i < argc; i++) { - if (argv[i] == NULL) - return POPT_ERROR_NOARG; - nb += strlen(argv[i]) + 1; - } - - dst = malloc(nb); - argv2 = (void *) dst; - dst += (argc + 1) * sizeof(*argv); - - for (i = 0; i < argc; i++) { - argv2[i] = dst; - dst += strlen(strcpy(dst, argv[i])) + 1; - } - argv2[argc] = NULL; - - *argvPtr = argv2; - *argcPtr = argc; - return 0; -} - -int poptParseArgvString(const char * s, int * argcPtr, const char *** argvPtr) -{ - const char * src; - char quote = '\0'; - int argvAlloced = POPT_ARGV_ARRAY_GROW_DELTA; - const char ** argv = malloc(sizeof(*argv) * argvAlloced); - int argc = 0; - int buflen = strlen(s) + 1; - char *buf0 = calloc(buflen, 1); - char *buf = buf0; - - argv[argc] = buf; - - for (src = s; *src; src++) { - if (quote == *src) { - quote = '\0'; - } else if (quote) { - if (*src == '\\') { - src++; - if (!*src) { - free(argv); - free(buf0); - return POPT_ERROR_BADQUOTE; - } - if (*src != quote) *buf++ = '\\'; - } - *buf++ = *src; - } else if (isspace(*src)) { - if (*argv[argc]) { - buf++, argc++; - if (argc == argvAlloced) { - argvAlloced += POPT_ARGV_ARRAY_GROW_DELTA; - argv = realloc(argv, sizeof(*argv) * argvAlloced); - } - argv[argc] = buf; - } - } else switch (*src) { - case '"': - case '\'': - quote = *src; - break; - case '\\': - src++; - if (!*src) { - free(argv); - free(buf0); - return POPT_ERROR_BADQUOTE; - } - /*@fallthrough@*/ - default: - *buf++ = *src; - break; - } - } - - if (strlen(argv[argc])) { - argc++, buf++; - } - - (void) poptDupArgv(argc, argv, argcPtr, argvPtr); - - free(argv); - free(buf0); - return 0; -} diff --git a/source/popt/system.h b/source/popt/system.h deleted file mode 100644 index 059c0458176..00000000000 --- a/source/popt/system.h +++ /dev/null @@ -1,53 +0,0 @@ -#include "config.h" - -#include <ctype.h> -#include <errno.h> -#include <fcntl.h> -#include <limits.h> - -#if HAVE_MCHECK_H -#include <mcheck.h> -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#if HAVE_UNISTD_H -#include <unistd.h> -#endif - -#ifdef __NeXT -/* access macros are not declared in non posix mode in unistd.h - - don't try to use posix on NeXTstep 3.3 ! */ -#include <libc.h> -#endif - -/* AIX requires this to be the first thing in the file. */ -#ifndef __GNUC__ -# if HAVE_ALLOCA_H -# include <alloca.h> -# else -# ifdef _AIX -#pragma alloca -# else -# ifndef alloca /* predefined by HP cc +Olibcalls */ -char *alloca (); -# endif -# endif -# endif -#elif defined(__GNUC__) && defined(__STRICT_ANSI__) -#define alloca __builtin_alloca -#endif - -/*@only@*/ char * xstrdup (const char *str); - -#if HAVE_MCHECK_H && defined(__GNUC__) -#define vmefail() (fprintf(stderr, "virtual memory exhausted.\n"), exit(EXIT_FAILURE), NULL) -#define xstrdup(_str) (strcpy((malloc(strlen(_str)+1) ? : vmefail()), (_str))) -#else -#define xstrdup(_str) strdup(_str) -#endif /* HAVE_MCHECK_H && defined(__GNUC__) */ - - -#include "popt.h" diff --git a/source/script/scancvslog.pl b/source/script/scancvslog.pl deleted file mode 100755 index c39f9111c10..00000000000 --- a/source/script/scancvslog.pl +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/perl -require"timelocal.pl"; - -# -# usage scancvslog.pl logfile starttime tag -# -# this will extract all entries from the specified cvs log file -# that have a date later than or equal to starttime and a tag -# value of tag. If starttime is not specified, all entries are -# extracted. If tag is not specified then entries for all -# branches are extracted. starttime must be specified as -# "monthname day, year" -# -# Example to extract all entries for SAMBA_2_2 branch from the -# log file named cvs.log -# -# scancvslog.pl cvs.log "" SAMBA_2_2 -# -# -# To extract all log entries after Jan 10, 1999 (Note month name -# must be spelled out completely). -# -# scancvslog.pl cvs.log "January 10, 1999" -# - -open(INFILE,@ARGV[0]) || die "Unable to open @ARGV[0]\n"; - -%Monthnum = ( - "January", 0, - "February", 1, - "March", 2, - "April", 3, - "May", 4, - "June", 5, - "July", 6, - "August", 7, - "September", 8, - "October", 9, - "November", 10, - "December", 11, - "Jan", 0, - "Feb", 1, - "Mar", 2, - "Apr", 3, - "May", 4, - "Jun", 5, - "Jul", 6, - "Aug", 7, - "Sep", 8, - "Oct", 9, - "Nov", 10, - "Dec", 11 -); - -$Starttime = (@ARGV[1]) ? &make_time(@ARGV[1]) : 0; -$Tagvalue = @ARGV[2]; - -while (&get_entry) { - $_=$Entry[0]; -# get rid of extra white space - s/\s+/ /g; -# get rid of any time string in date - s/ \d\d:\d\d:\d\d/,/; - s/^Date:\s*\w*\s*(\w*)\s*(\w*),\s*(\w*).*/$1 $2 $3/; - $Testtime = &make_time($_); - $Testtag = &get_tag; - if (($Testtime >= $Starttime) && ($Tagvalue eq $Testtag)) { - print join("\n",@Entry),"\n"; - } -} -close(INFILE); - -sub make_time { - $_ = @_[0]; - s/,//; - ($month, $day, $year) = split(" ",$_); - if (($year < 1900)||($day < 1)||($day > 31)||not length($Monthnum{$month})) { - print "Bad date format @_[0]\n"; - print "Date needs to be specified as \"Monthname day, year\"\n"; - print "eg: \"January 10, 1999\"\n"; - exit 1; - } - $year = ($year == 19100) ? 2000 : $year; - $month = $Monthnum{$month}; - $Mytime=&timelocal((0,0,0,$day,$month,$year)); -} - -sub get_tag { - @Mytag = grep (/Tag:/,@Entry); - $_ = @Mytag[0]; - s/^.*Tag:\s*(\w*).*/$1/; - return $_; -} - -sub get_entry { - @Entry=(); - if (not eof(INFILE)) { - while (not eof(INFILE)) { - $_ = <INFILE>; - chomp $_; - next if (not ($_)); - if (/^\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*/) { - next if ($#Entry == -1); - push(Entry,$_); - return @Entry; - } else { - push(Entry,$_); - } - } - } - return @Entry; -} diff --git a/source/tdb/tdb.magic b/source/tdb/tdb.magic deleted file mode 100644 index f5619e7327e..00000000000 --- a/source/tdb/tdb.magic +++ /dev/null @@ -1,10 +0,0 @@ -# Magic file(1) information about tdb files. -# -# Install this into /etc/magic or the corresponding location for your -# system, or pass as a -m argument to file(1). - -# You may use and redistribute this file without restriction. - -0 string TDB\ file TDB database ->32 lelong =0x2601196D version 6, little-endian ->>36 lelong x hash size %d bytes diff --git a/source/tests/shlib.c b/source/tests/shlib.c deleted file mode 100644 index 761d9fd5c57..00000000000 --- a/source/tests/shlib.c +++ /dev/null @@ -1,6 +0,0 @@ -/* a trivial function used to test building shared libraries */ - -int foo(void) -{ - return 1; -} diff --git a/source/tests/unixsock.c b/source/tests/unixsock.c deleted file mode 100644 index f2765d68f67..00000000000 --- a/source/tests/unixsock.c +++ /dev/null @@ -1,93 +0,0 @@ -/* -*- c-file-style: "linux" -*- - * - * Try creating a Unix-domain socket, opening it, and reading from it. - * The POSIX name for these is AF_LOCAL/PF_LOCAL. - * - * This is used by the Samba autoconf scripts to detect systems which - * don't have Unix-domain sockets, such as (probably) VMS, or systems - * on which they are broken under some conditions, such as RedHat 7.0 - * (unpatched). We can't build WinBind there at the moment. - * - * Coding standard says to always use exit() for this, not return, so - * we do. - * - * Martin Pool <mbp@samba.org>, June 2000. */ - -/* TODO: Look for AF_LOCAL (most standard), AF_UNIX, and AF_FILE. */ - -#include <stdio.h> - -#ifdef HAVE_SYS_SOCKET_H -# include <sys/socket.h> -#endif - -#ifdef HAVE_SYS_UN_H -# include <sys/un.h> -#endif - -#ifdef HAVE_SYS_TYPES_H -# include <sys/types.h> -#endif - -#if HAVE_SYS_WAIT_H -# include <sys/wait.h> -#endif - -#if HAVE_ERRNO_DECL -# include <errno.h> -#else -extern int errno; -#endif - -static int bind_socket(char const *filename) -{ - int sock_fd; - struct sockaddr_un name; - size_t size; - - /* Create the socket. */ - if ((sock_fd = socket(PF_LOCAL, SOCK_STREAM, 0)) < 0) { - perror ("socket(PF_LOCAL, SOCK_STREAM)"); - exit(1); - } - - /* Bind a name to the socket. */ - name.sun_family = AF_LOCAL; - strncpy(name.sun_path, filename, sizeof (name.sun_path)); - - /* The size of the address is - the offset of the start of the filename, - plus its length, - plus one for the terminating null byte. - Alternatively you can just do: - size = SUN_LEN (&name); - */ - size = SUN_LEN(&name); - /* XXX: This probably won't work on unfriendly libcs */ - - if (bind(sock_fd, (struct sockaddr *) &name, size) < 0) { - perror ("bind"); - exit(1); - } - - return sock_fd; -} - - -int main(void) -{ - int sock_fd; - int kid; - char const *filename = "conftest.unixsock.sock"; - - /* abolish hanging */ - alarm(15); /* secs */ - - if ((sock_fd = bind_socket(filename)) < 0) - exit(1); - - /* the socket will be deleted when autoconf cleans up these - files. */ - - exit(0); -} diff --git a/testsuite/lib/default-nt-names.exp b/testsuite/lib/default-nt-names.exp deleted file mode 100644 index 5d01d2a5bb3..00000000000 --- a/testsuite/lib/default-nt-names.exp +++ /dev/null @@ -1,20 +0,0 @@ -# -# A list of default domain/local users/groups. Unfortunately this is tied -# to the English language version of Windows NT. -# - -global domain - -# Domain users and groups - -set domain_users [list "$domain/Administrator" "$domain/Guest"] - -set domain_groups [list "$domain/Domain Admins" "$domain/Domain Guests" \ - "$domain/Domain Users"] - -# Local groups - -set local_groups [list "BUILTIN/Replicator" "BUILTIN/Server Operators" \ - "BUILTIN/Account Operators" "BUILTIN/Backup Operators" \ - "BUILTIN/Print Operators" "BUILTIN/Guests" "BUILTIN/Users" \ - "BUILTIN/Administrators"] diff --git a/testsuite/lib/nsswitch-config.exp b/testsuite/lib/nsswitch-config.exp deleted file mode 100644 index 38342685dfa..00000000000 --- a/testsuite/lib/nsswitch-config.exp +++ /dev/null @@ -1,21 +0,0 @@ -# -# Load environment variables -# - -global tool - -if { [file exists "deja-$tool.tcl"] } { - source "deja-$tool.tcl" -} - -# Required options - -if { ![info exists WORKGROUP] } { - error "\$WORKGROUP not set in config file" -} - -if { ![info exists PDC] } { - error "\$PDC not set in config file" -} - -set domain $WORKGROUP diff --git a/testsuite/nsswitch/.cvsignore b/testsuite/nsswitch/.cvsignore deleted file mode 100644 index 1c30875a884..00000000000 --- a/testsuite/nsswitch/.cvsignore +++ /dev/null @@ -1,12 +0,0 @@ -initgroups -nss_winbind_syms -getgrent_r -getgrgid -getgrnam -getpwent_r -getpwnam -wbtorture -leaktest? -getpwuid -getent_pwent -getent_grent diff --git a/testsuite/nsswitch/Makefile.longarg b/testsuite/nsswitch/Makefile.longarg deleted file mode 100644 index 6cc7ef8306d..00000000000 --- a/testsuite/nsswitch/Makefile.longarg +++ /dev/null @@ -1,5 +0,0 @@ -# -# Makefile for null tests -# - -longarg_getpwnam: longarg_getpwnam.o
\ No newline at end of file diff --git a/testsuite/nsswitch/envvar.exp b/testsuite/nsswitch/envvar.exp deleted file mode 100644 index 134a8b37a85..00000000000 --- a/testsuite/nsswitch/envvar.exp +++ /dev/null @@ -1,282 +0,0 @@ -# -# @(#) Test operation of WINBINDD_DOMAIN environment variable -# - -load_lib "util-defs.exp" -load_lib "$srcdir/lib/nsswitch-config.exp" - -# -# @(#) Test that there is at least one domain user and domain group -# @(#) in the output of getent passwd and getent group. -# - -# Get list of users and groups - -set user_list [util_start "getent passwd"] -set group_list [util_start "getent group"] - -verbose "user list is:\n$user_list" -verbose "group list is:\n$group_list" - -# Check for domain users - -set no_dom 0 - -if { ![regexp "$domain/" $user_list] } { - fail "no domain users in getent" - set no_dom 1 -} - -# Check for domain groups - -if { ![regexp "$domain/" $group_list] } { - fail "no domain groups in getent group" - set no_dom 1 -} - -if { $no_dom } { - return -} - -# -# @(#) Check for "leakage" between different domains using the -# @(#) WINBINDD_DOMAIN environment variable. -# - -verbose "Domain is $domain" - -set output [util_start "bin/wbinfo" "-m"] -verbose "Trusted domains are $output" -set trusted_domain_list [split $output "\n"] - -# Test simple inclusion by setting $WINBINDD_DOMAIN to each trusted domain -# in turn and checking there are no users/groups from other domains in the -# output of getent. - -set domain_list $trusted_domain_list -lappend domain_list $domain - -foreach { the_domain } $domain_list { - - set env(WINBINDD_DOMAIN) $the_domain - - set user_out [util_start "getent passwd"] - set group_out [util_start "getent group"] - - verbose "users in $the_domain:\n$user_out\n" - verbose "groups in $the_domain:\n$group_out\n" - - # Users - - set test_desc "users in WINBINDD_DOMAIN $the_domain" - set failed 0 - - foreach { user } [split $user_out "\n"] { - set user_name [lindex [split $user ":"] 0] - if { [regexp "/" $user_name] && ![regexp $the_domain $user_name]} { - set failed 1 - } - } - - if { $failed } { - fail $test_desc - } else { - pass $test_desc - } - - # Groups - - set test_desc "groups in WINBINDD_DOMAIN $the_domain" - set failed 0 - - foreach { group } [split $group_out "\n"] { - set group_name [lindex [split $group ":"] 0] - if { [regexp "/" $group_name] && ![regexp $the_domain $group_name]} { - set failed 1 - } - } - - if { $failed } { - fail $test_desc - } else { - pass $test_desc - } -} - -# -# @(#) Test inclusion of a dummy domain doesn't generate users/groups -# @(#) from that domain. -# - -set env(WINBINDD_DOMAIN) "asmithee" -set user_out [util_start "getent passwd"] -set group_out [util_start "getent group"] - -# Users - -set test_desc "users in different WINBINDD_DOMAIN" -if { [regexp $domain $user_out] } { - fail $test_desc -} else { - pass $test_desc -} - -# Groups - -set test_desc "groups in different WINBINDD_DOMAIN" -if { [regexp $domain $group_out] } { - fail $test_desc -} else { - pass $test_desc -} - -# -# @(#) Test comma separated inclusion of dummy domain doesn't generate -# @(#) users/groups in the dummy domain. -# - -foreach { the_domain } $domain_list { - set env(WINBINDD_DOMAIN) "$the_domain,asmithee" - set user_out [util_start "getent passwd"] - set group_out [util_start "getent group"] - - verbose "users in $the_domain:\n$user_out\n" - verbose "groups in $the_domain:\n$group_out\n" - - # Users - - set test_desc "users in comma separated WINBINDD_DOMAIN $the_domain" - set failed 0 - - foreach { user } [split $user_out "\n"] { - set user_name [lindex [split $user ":"] 0] - if { [regexp "/" $user_name] && ![regexp $the_domain $user_name]} { - set failed 1 - } - } - - if { $failed } { - fail $test_desc - } else { - pass $test_desc - } - - # Groups - - set test_desc "groups in comma separated WINBINDD_DOMAIN $the_domain" - set failed 0 - - foreach { group } [split $group_out "\n"] { - set group_name [lindex [split $group ":"] 0] - if { [regexp "/" $group_name] && ![regexp $the_domain $group_name]} { - set failed 1 - } - } - - if { $failed } { - fail $test_desc - } else { - pass $test_desc - } -} - -# -# @(#) Test two comma separated dummy domains do not generate any domain -# @(#) users or groups. -# - -foreach { the_domain } $domain_list { - - set env(WINBINDD_DOMAIN) "moose,asmithee" - set user_out [util_start "getent passwd"] - set group_out [util_start "getent group"] - - verbose "users in $the_domain:\n$user_out\n" - verbose "groups in $the_domain:\n$group_out\n" - - # Users - - set test_desc "users in comma separated invalid WINBINDD_DOMAIN" - if { [regexp $the_domain $user_out] } { - fail $test_desc - } else { - pass $test_desc - } - - # Groups - - set test_desc "groups in comma separated invalid WINBINDD_DOMAIN" - if { [regexp $the_domain $group_out] } { - fail $test_desc - } else { - pass $test_desc - } -} - -set env(WINBINDD_DOMAIN) "" - -# -# @(#) Test _NO_WINBINDD doesn't return any domain users or groups -# - -set env(_NO_WINBINDD) "1" -set user_out [util_start "getent passwd"] -set group_out [util_start "getent group"] - -verbose "users with _NO_WINBINDD:\n$user_out\n" -verbose "groups with _NO_WINBINDD:\n$group_out\n" - -foreach { the_domain } $domain_list { - - # Users - - set test_desc "users found with _NO_WINBINDD environment variable set" - if { [regexp $the_domain $user_out] } { - fail $test_desc - } else { - pass $test_desc - } - - # Groups - - set test_desc "groups found with _NO_WINBINDD environment variable set" - if { [regexp $the_domain $group_out] } { - fail $test_desc - } else { - pass $test_desc - } -} - -# Unset _NO_WINBINDD and make sure everything still works - -unset env(_NO_WINBINDD) - -set user_out [util_start "getent passwd"] -set group_out [util_start "getent group"] - -verbose "users with _NO_WINBINDD unset:\n$user_out\n" -verbose "groups with _NO_WINBINDD unset:\n$group_out\n" - -# Users - -set test_desc "no users found with _NO_WINBINDD environment variable set" -if { $user_out != $user_list } { - fail $test_desc -} else { - pass $test_desc -} - -# Groups - -set test_desc "no groups found with _NO_WINBINDD environment variable set" -if { $group_out != $group_list } { - fail $test_desc -} else { - pass $test_desc -} - -# Make sure we unset the environment vars so we don't cause subsequent tests -# any grief. - -catch { unset env(WINBINDD_DOMAIN) } tmp -catch { unset env(_NO_WINBINDD) } tmp diff --git a/testsuite/nsswitch/getent.c b/testsuite/nsswitch/getent.c deleted file mode 100644 index b4c4e50c6fe..00000000000 --- a/testsuite/nsswitch/getent.c +++ /dev/null @@ -1,151 +0,0 @@ -/* Cut down version of getent which only returns passwd and group database - entries and seems to compile on most systems without too much fuss. - Original copyright notice below. */ - -/* Copyright (c) 1998, 1999, 2000 Free Software Foundation, Inc. - This file is part of the GNU C Library. - Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the GNU C Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ - -#include <stdio.h> -#include <pwd.h> -#include <grp.h> - -group_keys (int number, char *key[]) -{ - int result = 0; - int i; - - for (i = 0; i < number; ++i) - { - struct group *grp; - - if (isdigit (key[i][0])) - grp = getgrgid (atol (key[i])); - else - grp = getgrnam (key[i]); - - if (grp == NULL) - result = 2; - else - print_group (grp); - } - - return result; -} - -passwd_keys (int number, char *key[]) -{ - int result = 0; - int i; - - for (i = 0; i < number; ++i) - { - struct passwd *pwd; - - if (isdigit (key[i][0])) - pwd = getpwuid (atol (key[i])); - else - pwd = getpwnam (key[i]); - - if (pwd == NULL) - result = 2; - else - print_passwd (pwd); - } - - return result; -} - -print_group (struct group *grp) -{ - unsigned int i = 0; - - printf ("%s:%s:%ld:", grp->gr_name ? grp->gr_name : "", - grp->gr_passwd ? grp->gr_passwd : "", - (unsigned long)grp->gr_gid); - - while (grp->gr_mem[i] != NULL) - { - fputs (grp->gr_mem[i], stdout); - ++i; - if (grp->gr_mem[i] != NULL) - fputs (",", stdout); - } - fputs ("\n", stdout); -} - -print_passwd (struct passwd *pwd) -{ - printf ("%s:%s:%ld:%ld:%s:%s:%s\n", - pwd->pw_name ? pwd->pw_name : "", - pwd->pw_passwd ? pwd->pw_passwd : "", - (unsigned long)pwd->pw_uid, - (unsigned long)pwd->pw_gid, - pwd->pw_gecos ? pwd->pw_gecos : "", - pwd->pw_dir ? pwd->pw_dir : "", - pwd->pw_shell ? pwd->pw_shell : ""); -} - -int main(int argc, char **argv) -{ - switch(argv[1][0]) - { - case 'g': /* group */ - if (strcmp (argv[1], "group") == 0) - { - if (argc == 2) - { - struct group *grp; - - setgrent (); - while ((grp = getgrent()) != NULL) - print_group (grp); - endgrent (); - } - else - return group_keys (argc - 2, &argv[2]); - } - else - goto error; - break; - - case 'p': /* passwd, protocols */ - if (strcmp (argv[1], "passwd") == 0) - { - if (argc == 2) - { - struct passwd *pwd; - - setpwent (); - while ((pwd = getpwent()) != NULL) - print_passwd (pwd); - endpwent (); - } - else - return passwd_keys (argc - 2, &argv[2]); - } - else - goto error; - break; - default: - error: - fprintf (stderr, "Unknown database: %s\n", argv[1]); - return 1; - } - return 0; -} diff --git a/testsuite/nsswitch/getent_grent.c b/testsuite/nsswitch/getent_grent.c deleted file mode 100644 index 782cc0c86b7..00000000000 --- a/testsuite/nsswitch/getent_grent.c +++ /dev/null @@ -1,101 +0,0 @@ -/* Test out of order operations with {set,get,end}grent */ - -/* - Unix SMB/Netbios implementation. - Version 1.9. - Security context tests - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include <stdio.h> -#include <grp.h> - -int main (int argc, char **argv) -{ - struct group *gr; - int found = 0; - int num_users, i; - - /* Test getgrent() without setgrent() */ - - for (i = 0; i < 100; i++) { - gr = getgrent(); - - /* This is supposed to work */ - -#if 0 - if (gr != NULL) { - printf("FAIL: getgrent() with no setgrent()\n"); - return 1; - } -#endif - } - - /* Work out how many user till first domain group */ - - num_users = 0; - setgrent(); - - while (1) { - gr = getgrent(); - num_users++; - - if (gr == NULL) break; - - if (strchr(gr->gr_name, '/')) { - found = 1; - break; - } - - } - - if (!found) { - printf("FAIL: could not find any domain groups\n"); - return 1; - } - - /* Test stopping getgrent in the middle of a set of users */ - - endgrent(); - - /* Test setgrent() without any getgrent() calls */ - - setgrent(); - - for (i = 0; i < (num_users - 1); i++) { - getgrent(); - } - - endgrent(); - - /* Test lots of setgrent() calls */ - - for (i = 0; i < 100; i++) { - setgrent(); - } - - /* Test lots of endgrent() calls */ - - for (i = 0; i < 100; i++) { - endgrent(); - } - - /* Everything's cool */ - - printf("PASS\n"); - return 0; -} diff --git a/testsuite/nsswitch/getent_pwent.c b/testsuite/nsswitch/getent_pwent.c deleted file mode 100644 index 96c804433a4..00000000000 --- a/testsuite/nsswitch/getent_pwent.c +++ /dev/null @@ -1,113 +0,0 @@ -/* Test out of order operations with {set,get,end}pwent */ - -/* - Unix SMB/Netbios implementation. - Version 1.9. - Security context tests - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include <stdio.h> -#include <pwd.h> - -int main (int argc, char **argv) -{ - struct passwd *pw; - int found = 0; - int num_users, i; - - /* Test getpwent() without setpwent() */ - - for (i = 0; i < 100; i++) { - pw = getpwent(); - - /* This is supposed to work */ - -#if 0 - if (pw != NULL) { - printf("FAIL: getpwent() with no setpwent()\n"); - return 1; - } -#endif - } - - /* Work out how many user till first domain user */ - - num_users = 0; - setpwent(); - - while (1) { - pw = getpwent(); - num_users++; - - if (pw == NULL) break; - - if (strchr(pw->pw_name, '/')) { - found = 1; - break; - } - - } - - if (!found) { - printf("FAIL: could not find any domain users\n"); - return 1; - } - - /* Test stopping getpwent in the middle of a set of users */ - - endpwent(); - - /* Test setpwent() without any getpwent() calls */ - - setpwent(); - - for (i = 0; i < (num_users - 1); i++) { - getpwent(); - } - - endpwent(); - - /* Test lots of setpwent() calls */ - - setpwent(); - - for (i = 0; i < (num_users - 1); i++) { - getpwent(); - } - - for (i = 0; i < 100; i++) { - setpwent(); - } - - /* Test lots of endpwent() calls */ - - setpwent(); - - for (i = 0; i < (num_users - 1); i++) { - getpwent(); - } - - for (i = 0; i < 100; i++) { - endpwent(); - } - - /* Everything's cool */ - - printf("PASS\n"); - return 0; -} diff --git a/testsuite/nsswitch/groupmem_dom.exp b/testsuite/nsswitch/groupmem_dom.exp deleted file mode 100644 index 3ba34bb810e..00000000000 --- a/testsuite/nsswitch/groupmem_dom.exp +++ /dev/null @@ -1,33 +0,0 @@ -# -# @(#) Test whether members of domain groups all have domain names -# - -load_lib util-defs.exp - -set group_list [split [util_start "getent group" ""] "\n"] -set failed 0 - -foreach { group } $group_list { - set group_entry [split $group ":"] - - set group_name [lindex $group_entry 0] - set group_members [split [lindex $group_entry 3] ","] - - if { [regexp {^[^/]+/} $group_name] } { - - verbose "group $group_name has members $group_members" - - foreach { user } $group_members { - if { ![regexp {^[^/]+/} $user] } { - fail "group $group has non-domain user $user" - set failed 1 - } - } - } else { - verbose "ignoring non-domain group $group_name" - } -} - -if { !$failed } { - pass "domain groups contain only domain members" -} diff --git a/testsuite/nsswitch/initgroups.c b/testsuite/nsswitch/initgroups.c deleted file mode 100644 index b7d9c50eaa3..00000000000 --- a/testsuite/nsswitch/initgroups.c +++ /dev/null @@ -1,42 +0,0 @@ -#include <stdio.h> -#include <unistd.h> -#include <grp.h> -#include <pwd.h> -#include <sys/types.h> - -int main(int argc, char **argv) -{ - int result, ngroups, i; - gid_t *groups; - struct passwd *pw; - - if (!(pw = getpwnam(argv[1]))) { - printf("FAIL: no passwd entry for %s\n", argv[1]); - return 1; - } - - result = initgroups(argv[1], pw->pw_gid); - - if (result == -1) { - printf("FAIL"); - return 1; - } - - ngroups = getgroups(0, NULL); - - groups = (gid_t *)malloc(sizeof(gid_t) * ngroups); - ngroups = getgroups(ngroups, groups); - - printf("%s is a member of groups:\n", argv[1]); - - for (i = 0; i < ngroups; i++) { - struct group *grp; - - grp = getgrgid(groups[i]); - - printf("%d (%s)\n", groups[i], grp ? grp->gr_name : "?"); - } - - printf("PASS\n"); - return 0; -} diff --git a/testsuite/nsswitch/initgroups.exp b/testsuite/nsswitch/initgroups.exp deleted file mode 100644 index ab21bcc9e7b..00000000000 --- a/testsuite/nsswitch/initgroups.exp +++ /dev/null @@ -1,37 +0,0 @@ -# -# @(#) Test initgroups function -# - -load_lib util-defs.exp -load_lib compile.exp - -if { [util_start "id -u"] != 0 } { - set test_desc "must be userid 0 to run" - note $test_desc - untested $test_desc - return -} - -# Compile test program - -simple_compile "initgroups" - -# Test domain users - -set user_list [split [util_start "bin/wbinfo" "-u"] "\n"] - -verbose $user_list - -foreach { user } $user_list { - set output [util_start "$srcdir/$subdir/initgroups" "\"$user\"" ""] - - verbose $output - - set test_desc "initgroups $user" - - if { [regexp "PASS" $output] } { - pass $test_desc - } else { - fail $test_desc - } -} diff --git a/testsuite/nsswitch/login.exp b/testsuite/nsswitch/login.exp deleted file mode 100644 index c2bb0e5a40a..00000000000 --- a/testsuite/nsswitch/login.exp +++ /dev/null @@ -1,102 +0,0 @@ -# -# @(#) Test logins using pam_winbind.so module using telnet -# - -load_lib util-defs.exp -load_lib nsswitch-config.exp - -# -# @(#) Test user can login -# - -spawn telnet localhost - -set test_desc "telnet localhost (login)" - -expect { - "login:" { } - timeout { fail "timed out in $test_desc"; return } - eof { fail "end of file in $test_desc"; return } -} - -send "$domain/$USER\r" - -set test_desc "telnet localhost (password)" - -expect { - "Password:" { } - timeout { fail "timed out in $test_desc"; return } - eof { fail "end of file in $test_desc"; return } -} - -send "$PASSWORD\r" - -expect { - "$ " { } - "Login incorrect" { fail "login incorrect"; return } - timeout { fail "timed out in $test_desc"; return } - eof { fail "end of file in $test_desc"; return } -} - -pass "login $domain/$USER" - -# -# @(#) Check supplementary group membership -# - -set test_desc "supplementary groups" - -# Get list of groups - -send "id -G\r" - -expect { - -re "((\[0-9]+ )*\[0-9]+\r)" { exp_continue; } - "$ " { } - timeout { fail "timed out in $test_desc"; return } - eof { fail "end of file in $test_desc"; return } -} - -set groups $expect_out(1,string) -set wb_groups [util_start "bin/wbinfo" "-r $domain/$USER"] - -verbose "id groups are $groups" -verbose "wbinfo groups are $wb_groups" - -# Check all groups from id are in wbinfo and vice-versa - -set failed 0 - -foreach { group } $groups { - set got_group 0 - foreach { wb_group } $wb_groups { - if { $wb_group == $group } { - set got_group 1 - break - } - } - - if { !$got_group } { - fail "group $group not in output of wbinfo -r" - set failed 1 - } -} - -foreach { wb_group } $wb_groups { - set got_group 0 - foreach { group } $groups { - if { $group == $wb_group } { - set got_group 1 - break - } - } - - if { !$got_group } { - fail "group $group not in output of id -G" - set failed 1 - } -} - -if { !$failed } { - pass "id/wbinfo groups match" -} diff --git a/testsuite/nsswitch/longarg.exp b/testsuite/nsswitch/longarg.exp deleted file mode 100644 index e1d0eda9ccb..00000000000 --- a/testsuite/nsswitch/longarg.exp +++ /dev/null @@ -1,29 +0,0 @@ -# -# @(#) Test handling of long arguments passed to various nss functions -# - -load_lib compile.exp -load_lib util-defs.exp - -# Run tests from C source files - -set longarg_tests [list \ - { "long arg to getpwnam()" "longarg_getpwnam" } \ - { "long arg to getgrnam()" "longarg_getgrnam" } \ - ] - -foreach { test } $longarg_tests { - set test_desc [lindex $test 0] - set test_file [lindex $test 1] - - simple_make "longarg" $test_file - set output [util_start "$srcdir/$subdir/$test_file" ] - - if { [regexp "PASS" $output] } { - pass $test_desc - file delete "$srcdir/$subdir/$test_file" "$srcdir/$subdir/$test_file.o" - } else { - fail $test_desc - puts $output - } -} diff --git a/testsuite/nsswitch/longarg_getgrnam.c b/testsuite/nsswitch/longarg_getgrnam.c deleted file mode 100644 index 84083d2620e..00000000000 --- a/testsuite/nsswitch/longarg_getgrnam.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Security context tests - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include <stdio.h> -#include <stdlib.h> -#include <grp.h> -#include <sys/types.h> - -#include "longarg_utils.h" - -int main(void) -{ - struct group *grp; - char *domain = getenv("TEST_WORKGROUP"); - char long_name[65535]; - int failed = 0; - - sprintf(long_name, "%s/%s", domain, LONG_STRING); - - grp = getgrnam(long_name); - printf("%s\n", !grp ? "PASS" : "FAIL"); - - return grp == NULL; -} diff --git a/testsuite/nsswitch/longarg_getpwnam.c b/testsuite/nsswitch/longarg_getpwnam.c deleted file mode 100644 index f2a0a73ddca..00000000000 --- a/testsuite/nsswitch/longarg_getpwnam.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Security context tests - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include <stdio.h> -#include <stdlib.h> -#include <pwd.h> -#include <sys/types.h> - -#include "longarg_utils.h" - -int main(void) -{ - struct passwd *pwd; - char *domain = getenv("TEST_WORKGROUP"); - char long_name[65535]; - int failed = 0; - - sprintf(long_name, "%s/%s", domain, LONG_STRING); - - pwd = getpwnam(long_name); - printf("%s\n", !pwd ? "PASS" : "FAIL"); - - return pwd == NULL; -} diff --git a/testsuite/nsswitch/longarg_utils.h b/testsuite/nsswitch/longarg_utils.h deleted file mode 100644 index 1f2f2a7065d..00000000000 --- a/testsuite/nsswitch/longarg_utils.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Security context tests - Copyright (C) Tim Potter 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _LONGARG_UTILS_H -#define _LONGARG_UTILS_H - -#define LONG_STRING "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - -#endif diff --git a/testsuite/nsswitch/wbinfo.exp b/testsuite/nsswitch/wbinfo.exp deleted file mode 100644 index 8be25b2a0f1..00000000000 --- a/testsuite/nsswitch/wbinfo.exp +++ /dev/null @@ -1,360 +0,0 @@ -# -# @(#) Test wbinfo client access to winbind daemon -# - -load_lib "util-defs.exp" -load_lib "$srcdir/lib/nsswitch-config.exp" -load_lib "$srcdir/lib/default-nt-names.exp" - -# Name types - -set SID_NAME_USER 1 -set SID_NAME_DOM_GRP 2 -set SID_NAME_DOMAIN 3 -set SID_NAME_ALIAS 4 -set SID_NAME_UNKNOWN 8 - -# Get list of users and groups - -set user_list [util_start "bin/wbinfo" "-u"] -set group_list [util_start "bin/wbinfo" "-g"] - -verbose "user list is:\n$user_list" -verbose "group list is:\n$group_list" - -set user_list [split $user_list "\n"] -set group_list [split $group_list "\n"] - -# -# @(#) Check list of users and groups contain default NT user and group -# @(#) names -# - -# Users - -foreach { user } $domain_users { - set test_desc "user $user in wbinfo domain users" - if {![regexp $user $user_list]} { - fail $test_desc - } else { - pass $test_desc - } -} - -# Groups - -foreach { group } $domain_groups { - set test_desc "group $group in wbinfo domain groups" - if {![regexp $group $group_list]} { - fail $test_desc - } else { - pass $test_desc - } -} - -# -# @(#) Lookup sids for all user and group names returned by wbinfo -# - -# Users - -foreach { user } $user_list { - set test_desc "get sid for user $user" - set output [util_start "bin/wbinfo" "-n \"$user\""] - - verbose $output - - # Split output into name and name_type - - set list [split $output " "] - set sid_type [lindex $list [expr [llength $list] - 1]] - set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "] - - if { ![regexp "S-" $sid] } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "sid type for user $user" - if { $sid_type != $SID_NAME_USER } { - fail $test_desc - } else { - pass $test_desc - } - - lappend user_sid_list $sid -} - -# Groups - -foreach { group } $group_list { - set test_desc "get sid for group $group" - set output [util_start "bin/wbinfo" "-n \"$group\""] - - verbose $output - - # Split output into sid and sid type - - set list [split $output " "] - set sid_type [lindex $list [expr [llength $list] - 1]] - set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "] - - if { ![regexp "S-" $sid] } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "sid type for group group" - if { $sid_type != $SID_NAME_DOM_GRP } { - fail $test_desc - } else { - pass $test_desc - } - - lappend group_sid_list $sid -} - -# -# @(#) Check reverse lookup of sids to names -# - -# Users - -set count 0 - -foreach { sid } $user_sid_list { - set test_desc "reverse user name lookup for sid $sid" - set output [util_start "bin/wbinfo" "-s $sid"] - - verbose $output - - # Split output into name and name_type - - set list [split $output " "] - set name_type [lindex $list [expr [llength $list] - 1]] - set name [join [lrange $list 0 [expr [llength $list] - 2]] " "] - - if { $name != [lindex $user_list $count] } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "reverse user name type lookup for sid $sid" - - if { $name_type != 1 } { - fail $test_desc - } else { - pass $test_desc - } - - incr count -} - -# Groups - -set count 0 - -foreach { sid } $group_sid_list { - set test_desc "reverse group name lookup for sid $sid" - set output [util_start "bin/wbinfo" "-s $sid"] - - verbose $output - - # Split output into name and name_type - - set list [split $output " "] - set name_type [lindex $list [expr [llength $list] - 1]] - set name [join [lrange $list 0 [expr [llength $list] - 2]] " "] - - if { $name != [lindex $group_list $count] } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "reverse group name type lookup for sid $sid" - - if { $name_type != 2 } { - fail $test_desc - } else { - pass $test_desc - } - - incr count -} - -# -# @(#) Cross-check the output of wbinfo -n, getent passwd/group and -# @(#) wbinfo -S -# - -# Get mapped list of uids from winbindd - -set output [util_start "getent" "passwd"] -set user_list [split $output "\n"] - -foreach { user_entry } $user_list { - if { [regexp $domain $user_entry] } { - set field_list [split $user_entry ":"] - set name_output [util_start "bin/wbinfo" \ - "-n \"[lindex $field_list 0]\""] - set list [split $name_output " "] - set name_type [lindex $list [expr [llength $list] - 1]] - set name [join [lrange $list 0 [expr [llength $list] - 2]] " "] - set username_uid_sid [lappend username_uid_sid [list \ - [lindex $field_list 0] \ - [lindex $field_list 2] \ - $name]] - } -} - -# Get mapped list of gids from winbindd - -set output [util_start "getent" "group"] -set group_list [split $output "\n"] - -foreach { group_entry } $group_list { - if { [regexp $domain $group_entry] } { - set field_list [split $group_entry ":"] - set groupname_gid_sid [lappend groupname_gid_sid [list \ - [lindex $field_list 0] \ - [lindex $field_list 2] \ - [util_start "bin/wbinfo" "-n \"[lindex $field_list 0]\""]]] - } -} - -# OK, now we have enough info to cross-check the uid/gid -> sid and -# sid -> uid/gid functions - -foreach { user } $username_uid_sid { - set sid [util_start "bin/wbinfo" "-U [lindex $user 1]"] - set uid [util_start "bin/wbinfo" "-S [lindex $user 2]"] - - set test_desc "lookup sid by uid [lindex $user 1]" - - if { $sid != [lindex $user 2] } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "lookup uid by sid [lindex $user 2]" - - if { $uid != [lindex $user 1] } { - fail $test_desc - } else { - pass $test_desc - } -} - -foreach { group } $groupname_gid_sid { - set sid [util_start "bin/wbinfo" "-G [lindex $group 1]"] - set gid [util_start "bin/wbinfo" "-Y [lindex $group 2]"] - - set test_desc "lookup sid by gid [lindex $group 1]" - - if { $sid != [lindex [split [lindex $group 2] " "] 0] || - [lindex [split [lindex $group 2] " " ] 1] != 2 } { - fail $test_desc - } else { - pass $test_desc - } - - set test_desc "lookup gid by sid [lindex $group 2]" - - if { $gid != [lindex $group 1] } { - fail $test_desc - } else { - pass $test_desc - } -} - -# Check exit codes - -proc check_errcode { args } { - global errorCode - set test_desc [lindex $args 0] - set cmd [lindex $args 1] - set result [lindex $args 2] - - set errorCode "" - verbose "Spawning $cmd" - catch "exec $cmd" output - set exit_code [lindex $errorCode 2] - if { $exit_code == "" } { set exit_code 0 } - - if { $exit_code == $result } { - verbose "process returned correct exit code $exit_code" - pass $test_desc - } else { - verbose "process returned bad exit code $exit_code instead of $result" - fail $test_desc - } -} - -set gooduser_name [lindex [split [lindex $user_list 0] ":"] 0] -set gooduser_sid [util_start "bin/wbinfo" "-n $gooduser_name"] - -set goodgroup_name [lindex [split [lindex $group_list 0] ":"] 0] -set goodgroup_sid [util_start "bin/wbinfo" "-n $goodgroup_name"] - -# Some conditions not tested: -# - bad list users/groups -# - good uid/gid to sid - -set errcode_tests [list \ - { "exit code, no arg" "bin/wbinfo" 1 } \ - { "exit code, invalid arg" "bin/wbinfo -@" 1 } \ - { "exit code, list users" "bin/wbinfo -u" 0 } \ - { "exit code, list groups" "bin/wbinfo -g" 0 } \ - { "exit code, good name to sid" "bin/wbinfo -n $gooduser_name" 0 } \ - { "exit code, bad name to sid" "bin/wbinfo -n asmithee" 1 } \ - { "exit code, good sid to name" "bin/wbinfo -s $gooduser_sid" 0 } \ - { "exit code, bad sid to name" "bin/wbinfo -s S-1234" 1 } \ - { "exit code, bad uid to sid" "bin/wbinfo -U 0" 1 } \ - { "exit code, bad gid to sid" "bin/wbinfo -G 0" 1} \ - { "exit code, good sid to uid" "bin/wbinfo -S $gooduser_sid" 0 } \ - { "exit code, bad sid to uid" "bin/wbinfo -S S-1234" 1 } \ - { "exit code, good sid to gid" "bin/wbinfo -Y $goodgroup_sid" 0 } \ - { "exit code, bad sid to gid" "bin/wbinfo -Y S-1234" 1 } \ - ] - -foreach { test } $errcode_tests { - check_errcode [lindex $test 0] [lindex $test 1] [lindex $test 2] -} - -# Test enumerate trusted domains - -set test_desc "enumerate trusted domains" -set output [util_start "bin/wbinfo" "-m"] - -verbose $output - -foreach { the_domain } $output { - if { $the_domain == $domain} { - fail "own domain appears in trusted list" - } -} - -if {[regexp "Usage" $output] || [regexp "Could not" $output]} { - fail $test_desc -} else { - pass $test_desc -} - -# Test check machine account - -set test_desc "check machine account" -set output [util_start "bin/wbinfo" "-t"] - -verbose $output - -if {[regexp "Usage" $output] || [regexp "Could not" $output] || \ - ![regexp "(good|bad)" $output]} { - fail $test_desc -} else { - pass $test_desc -} |