1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

sync 3_0 branch with HEAD

This commit is contained in:
Jelmer Vernooij 0001-01-01 00:00:00 +00:00
parent 6938b5b98a
commit 19ab776bf9
32 changed files with 6522 additions and 4064 deletions

View File

@ -1,6 +1,12 @@
WHATS NEW IN Samba 3.0 alphaX WHATS NEW IN Samba 3.0 alphaX
============================= =============================
Changes in alpha18
- huge number of changes! really too many to list ... (and its 1am
here, and I'm too tired)
See the cvs tree at http://build.samba.org/
Changes in alpha17 Changes in alpha17
- OpenLinux packaging updates (jht) - OpenLinux packaging updates (jht)
- Locking updates - fix zero timeout (tridge, jra) - Locking updates - fix zero timeout (tridge, jra)

Binary file not shown.

View File

@ -61,7 +61,9 @@ HOWTOSRC=projdoc/DOMAIN_MEMBER.sgml projdoc/NT_Security.sgml \
projdoc/Samba-PDC-HOWTO.sgml projdoc/ENCRYPTION.sgml \ projdoc/Samba-PDC-HOWTO.sgml projdoc/ENCRYPTION.sgml \
projdoc/CVS-Access.sgml projdoc/Integrating-with-Windows.sgml \ projdoc/CVS-Access.sgml projdoc/Integrating-with-Windows.sgml \
projdoc/PAM-Authentication-And-Samba.sgml projdoc/Samba-LDAP-HOWTO.sgml \ projdoc/PAM-Authentication-And-Samba.sgml projdoc/Samba-LDAP-HOWTO.sgml \
projdoc/Samba-BDC-HOWTO.sgml projdoc/Samba-BDC-HOWTO.sgml projdoc/Printing.sgml projdoc/Diagnosis.sgml \
projdoc/security_level.sgml projdoc/Browsing.sgml projdoc/Bugs.sgml \
projdoc/Speed.sgml

View File

@ -728,7 +728,7 @@
<listitem><para><link linkend="SOCKETADDRESS"><parameter>socket address</parameter></link></para></listitem> <listitem><para><link linkend="SOCKETADDRESS"><parameter>socket address</parameter></link></para></listitem>
<listitem><para><link linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link></para></listitem> <listitem><para><link linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link></para></listitem>
<listitem><para><link linkend="SOURCEENVIRONMENT"><parameter>source environment</parameter></link></para></listitem> <listitem><para><link linkend="SOURCEENVIRONMENT"><parameter>source environment</parameter></link></para></listitem>
<listitem><para><link linkend="SPNEGO"><parameter>use spnego</parameter></link></para></listitem>
<listitem><para><link linkend="STATCACHE"><parameter>stat cache</parameter></link></para></listitem> <listitem><para><link linkend="STATCACHE"><parameter>stat cache</parameter></link></para></listitem>
<listitem><para><link linkend="STATCACHESIZE"><parameter>stat cache size</parameter></link></para></listitem> <listitem><para><link linkend="STATCACHESIZE"><parameter>stat cache size</parameter></link></para></listitem>
<listitem><para><link linkend="STRIPDOT"><parameter>strip dot</parameter></link></para></listitem> <listitem><para><link linkend="STRIPDOT"><parameter>strip dot</parameter></link></para></listitem>
@ -1102,7 +1102,13 @@
%u</command></para> %u</command></para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry><term><anchor id="ADDGROUPSCRIPT">add group script (G)</term>
<listitem><para>This is the full pathname to a script that will
be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">smbd(8) when a new group is requested. It will expand any <parameter>%g</parameter> to the group name passed. This script is only useful for installations using the Windows NT domain administration tools.
</ulink>
</para></listitem>
</varlistentry>
<varlistentry> <varlistentry>
@ -1910,6 +1916,7 @@
<para>This script is called when a remote client removes a user <para>This script is called when a remote client removes a user
from the server, normally using 'User Manager for Domains' or from the server, normally using 'User Manager for Domains' or
<command>rpcclient</command>. <command>rpcclient</command>.
</para>
<para>This script should delete the given UNIX username. <para>This script should delete the given UNIX username.
</para> </para>
@ -2762,6 +2769,10 @@
<command>su -</command> command) and trying to print using the <command>su -</command> command) and trying to print using the
system print command such as <command>lpr(1)</command> or <command> system print command such as <command>lpr(1)</command> or <command>
lp(1)</command>.</para> lp(1)</command>.</para>
<para>This paramater does not accept % marcos, becouse
many parts of the system require this value to be
constant for correct operation</para>
<para>Default: <emphasis>specified at compile time, usually <para>Default: <emphasis>specified at compile time, usually
"nobody"</emphasis></para> "nobody"</emphasis></para>
@ -3281,10 +3292,9 @@
<varlistentry> <varlistentry>
<term><anchor id="LDAPADMINDN">ldap admin dn (G)</term> <term><anchor id="LDAPADMINDN">ldap admin dn (G)</term>
<para> <listitem><para> The <parameter>ldap admin dn</parameter> defines the Distinguished
The <parameter>ldap admin dn</parameter> defines the Distinguished Name (DN) name used by Samba to contact the ldap server when retreiving
Name (DN) name used by Samba to contact the <link linkend="LDAPSERVER">ldap user account information. The <parameter>ldap
server</link> when retreiving user account information. The <parameter>ldap
admin dn</parameter> is used in conjunction with the admin dn password admin dn</parameter> is used in conjunction with the admin dn password
stored in the <filename>private/secrets.tdb</filename> file. See the stored in the <filename>private/secrets.tdb</filename> file. See the
<ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> man <ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> man
@ -3301,8 +3311,7 @@
<varlistentry> <varlistentry>
<term><anchor id="LDAPFILTER">ldap filter (G)</term> <term><anchor id="LDAPFILTER">ldap filter (G)</term>
<para> <listitem><para>This parameter specifies the RFC 2254 compliant LDAP search filter.
This parameter specifies the RFC 2254 compliant LDAP search filter.
The default is to match the login name with the <constant>uid</constant> The default is to match the login name with the <constant>uid</constant>
attribute for all entries matching the <constant>sambaAccount</constant> attribute for all entries matching the <constant>sambaAccount</constant>
objectclass. Note that this filter should only return one entry. objectclass. Note that this filter should only return one entry.
@ -3316,10 +3325,9 @@
<varlistentry> <varlistentry>
<term><anchor id="LDAPSSL">ldap ssl (G)</term> <term><anchor id="LDAPSSL">ldap ssl (G)</term>
<para> <listitem><para>This option is used to define whether or not Samba should
This option is used to define whether or not Samba should use SSL when connecting to the ldap server
use SSL when connecting to the <link linkend="LDAPSERVER"><parameter>ldap This is <emphasis>NOT</emphasis> related to
server</parameter></link>. This is <emphasis>NOT</emphasis> related to
Samba's previous SSL support which was enabled by specifying the Samba's previous SSL support which was enabled by specifying the
<command>--with-ssl</command> option to the <filename>configure</filename> <command>--with-ssl</command> option to the <filename>configure</filename>
script. script.
@ -3365,7 +3373,7 @@
<varlistentry> <varlistentry>
<term><anchor id="LDAPSUFFIX">ldap machine suffix (G)</term> <term><anchor id="LDAPMACHINESUFFIX">ldap machine suffix (G)</term>
<listitem><para>It specifies where machines should be <listitem><para>It specifies where machines should be
added to the ldap tree. added to the ldap tree.
</para> </para>
@ -3606,15 +3614,18 @@
<varlistentry> <varlistentry>
<term><anchor id="LOGLEVEL">log level (G)</term> <term><anchor id="LOGLEVEL">log level (G)</term>
<listitem><para>The value of the parameter (an integer) allows <listitem><para>The value of the parameter (a astring) allows
the debug level (logging level) to be specified in the the debug level (logging level) to be specified in the
<filename>smb.conf</filename> file. This is to give greater <filename>smb.conf</filename> file. This parameter has been
extended since 2.2.x series, now it allow to specify the debug
level for multiple debug classes. This is to give greater
flexibility in the configuration of the system.</para> flexibility in the configuration of the system.</para>
<para>The default will be the log level specified on <para>The default will be the log level specified on
the command line or level zero if none was specified.</para> the command line or level zero if none was specified.</para>
<para>Example: <command>log level = 3</command></para></listitem> <para>Example: <command>log level = 3 passdb:5 auth:10 winbind:2
</command></para></listitem>
</varlistentry> </varlistentry>
@ -6959,7 +6970,12 @@
/usr/local/smb_env_vars</command></para> /usr/local/smb_env_vars</command></para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><anchor id="SPNEGO">use spnego (G)</term>
<listitem><para> This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller. It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.</para>
<para>Default: <emphasis>use spnego = yes</emphasis></para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><anchor id="STATCACHE">stat cache (G)</term> <term><anchor id="STATCACHE">stat cache (G)</term>
@ -7570,6 +7586,12 @@
connection is made to a Samba server. Sites may use this to record the connection is made to a Samba server. Sites may use this to record the
user connecting to a Samba share.</para> user connecting to a Samba share.</para>
<para>Due to the requirements of the utmp record, we
are required to create a unique identifier for the
incoming user. Enabling this option creates an n^2
algorithm to find this number. This may impede
performance on large installations. </para>
<para>See also the <link linkend="UTMPDIRECTORY"><parameter> <para>See also the <link linkend="UTMPDIRECTORY"><parameter>
utmp directory</parameter></link> parameter.</para> utmp directory</parameter></link> parameter.</para>

View File

@ -76,7 +76,7 @@
<constant>force-election</constant>, <constant>ping <constant>force-election</constant>, <constant>ping
</constant>, <constant>profile</constant>, <constant> </constant>, <constant>profile</constant>, <constant>
debuglevel</constant>, <constant>profilelevel</constant>, debuglevel</constant>, <constant>profilelevel</constant>,
or <constant>printer-notify</constant>.</para> or <constant>printnotify</constant>.</para>
<para>The <constant>close-share</constant> message-type sends a <para>The <constant>close-share</constant> message-type sends a
message to smbd which will then close the client connections to message to smbd which will then close the client connections to
@ -119,11 +119,55 @@
setting is returned by a "profilelevel" message. This can be sent setting is returned by a "profilelevel" message. This can be sent
to any smbd or nmbd destinations.</para> to any smbd or nmbd destinations.</para>
<para>The <constant>printer-notify</constant> message-type sends a <para>The <constant>printnotify</constant> message-type sends a
message to smbd which in turn sends a printer notify message to message to smbd which in turn sends a printer notify message to
any Windows NT clients connected to a printer. This message-type any Windows NT clients connected to a printer. This message-type
takes an argument of the printer name to send notify messages to. takes the following arguments:
This message can only be sent to <constant>smbd</constant>.</para>
<variablelist>
<varlistentry>
<term>queuepause printername</term>
<listitem><para>Send a queue pause change notify
message to the printer specified.</para></listitem>
</varlistentry>
<varlistentry>
<term>queueresume printername</term>
<listitem><para>Send a queue resume change notify
message for the printer specified.</para></listitem>
</varlistentry>
<varlistentry>
<term>jobpause printername unixjobid</term>
<listitem><para>Send a job pause change notify
message for the printer and unix jobid
specified.</para></listitem>
</varlistentry>
<varlistentry>
<term>jobresume printername unixjobid</term>
<listitem><para>Send a job resume change notify
message for the printer and unix jobid
specified.</para></listitem>
</varlistentry>
<varlistentry>
<term>jobdelete printername unixjobid</term>
<listitem><para>Send a job delete change notify
message for the printer and unix jobid
specified.</para></listitem>
</varlistentry>
</variablelist>
Note that this message only sends notification that an
event has occured. It doesn't actually cause the
event to happen.
This message can only be sent to <constant>smbd</constant>.
</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

View File

@ -326,7 +326,7 @@ use with an LDAP directory could appear as
ldap suffix = "ou=people,dc=samba,dc=org" ldap suffix = "ou=people,dc=samba,dc=org"
# generally the default ldap search filter is ok # generally the default ldap search filter is ok
# ldap filter = "(&(uid=%u)(objectclass=sambaAccount))" # ldap filter = "(&amp;(uid=%u)(objectclass=sambaAccount))"
</programlisting></para> </programlisting></para>

View File

@ -1652,7 +1652,7 @@ I think this is all bogus, but have not deleted it. (Richard Sharpe)
</warning> </warning>
<para> <para>
The default logon path is \\%N\U%. NT Workstation will attempt to create The default logon path is \\%N\%U. NT Workstation will attempt to create
a directory "\\samba-server\username.PDS" if you specify the logon path a directory "\\samba-server\username.PDS" if you specify the logon path
as "\\samba-server\username" with the NT User Manager. Therefore, you as "\\samba-server\username" with the NT User Manager. Therefore, you
will need to specify (for example) "\\samba-server\username\profile". will need to specify (for example) "\\samba-server\username\profile".

View File

@ -13,6 +13,12 @@
<!ENTITY IntegratingWithWindows SYSTEM "Integrating-with-Windows.sgml"> <!ENTITY IntegratingWithWindows SYSTEM "Integrating-with-Windows.sgml">
<!ENTITY Samba-PAM SYSTEM "PAM-Authentication-And-Samba.sgml"> <!ENTITY Samba-PAM SYSTEM "PAM-Authentication-And-Samba.sgml">
<!ENTITY Samba-LDAP SYSTEM "Samba-LDAP-HOWTO.sgml"> <!ENTITY Samba-LDAP SYSTEM "Samba-LDAP-HOWTO.sgml">
<!ENTITY Diagnosis SYSTEM "Diagnosis.sgml">
<!ENTITY PRINTING SYSTEM "Printing.sgml">
<!ENTITY BUGS SYSTEM "Bugs.sgml">
<!ENTITY SECURITY-LEVEL SYSTEM "security_level.sgml">
<!ENTITY SPEED SYSTEM "Speed.sgml">
<!ENTITY BROWSING SYSTEM "Browsing.sgml">
<!ENTITY INDEX-FILE SYSTEM "index.sgml"> <!ENTITY INDEX-FILE SYSTEM "index.sgml">
]> ]>
@ -31,7 +37,7 @@
<title>Abstract</title> <title>Abstract</title>
<para> <para>
<emphasis>Last Update</emphasis> : Mon Apr 1 08:47:26 CST 2002 <emphasis>Last Update</emphasis> : Thu Aug 15 12:48:45 CDT 2002
</para> </para>
<para> <para>
@ -58,18 +64,24 @@ Cheers, jerry
<!-- Chapters --> <!-- Chapters -->
&UNIX-INSTALL; &UNIX-INSTALL;
&Diagnosis;
&IntegratingWithWindows; &IntegratingWithWindows;
&Samba-PAM; &Samba-PAM;
&MS-Dfs-Setup; &MS-Dfs-Setup;
&NT-Security; &NT-Security;
&PRINTER-DRIVER2; &PRINTER-DRIVER2;
&PRINTING;
&SECURITY-LEVEL;
&DOMAIN-MEMBER; &DOMAIN-MEMBER;
&WINBIND;
&Samba-PDC-HOWTO; &Samba-PDC-HOWTO;
&Samba-BDC-HOWTO; &Samba-BDC-HOWTO;
&Samba-LDAP; &Samba-LDAP;
&WINBIND; &BROWSING;
&SPEED;
&OS2-Client; &OS2-Client;
&CVS-Access; &CVS-Access;
&BUGS;
<!-- Autogenerated Index --> <!-- Autogenerated Index -->
&INDEX-FILE; &INDEX-FILE;

View File

@ -23,9 +23,19 @@
<address><email>jtrostel@snapserver.com</email></address> <address><email>jtrostel@snapserver.com</email></address>
</affiliation> </affiliation>
</author> </author>
<author>
<firstname>Naag</firstname><surname>Mummaneni</surname>
<pubdate>16 Oct 2000</pubdate> <affiliation>
<address><email>getnag@rediffmail.com</email></address>
</affiliation>
</author>
<author>
<firstname>Jelmer</firstname><surname>Vernooij</surname>
<affiliation>
<address><email>jelmer@nl.linux.org</email></address>
</affiliation>
</author>
<pubdate>27 June 2002</pubdate>
</chapterinfo> </chapterinfo>
<title>Unified Logons between Windows NT and UNIX using Winbind</title> <title>Unified Logons between Windows NT and UNIX using Winbind</title>
@ -489,6 +499,13 @@ I also found it necessary to make the following symbolic link:
<prompt>root#</prompt> <command>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</command> <prompt>root#</prompt> <command>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</command>
</para> </para>
<para>And, in the case of Sun solaris:</para>
<para>
<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1</command>
<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1</command>
<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2</command>
</para>
<para> <para>
Now, as root you need to edit <filename>/etc/nsswitch.conf</filename> to Now, as root you need to edit <filename>/etc/nsswitch.conf</filename> to
allow user and group entries to be visible from the <command>winbindd</command> allow user and group entries to be visible from the <command>winbindd</command>
@ -682,14 +699,18 @@ The same thing can be done for groups with the command
<sect3> <sect3>
<title>Fix the <filename>/etc/rc.d/init.d/smb</filename> startup files</title> <title>Fix the init.d startup scripts</title>
<sect4>
<title>Linux</title>
<para> <para>
The <command>winbindd</command> daemon needs to start up after the The <command>winbindd</command> daemon needs to start up after the
<command>smbd</command> and <command>nmbd</command> daemons are running. <command>smbd</command> and <command>nmbd</command> daemons are running.
To accomplish this task, you need to modify the <filename>/etc/init.d/smb</filename> To accomplish this task, you need to modify the startup scripts of your system. They are located at <filename>/etc/init.d/smb</filename> in RedHat and
<filename>/etc/init.d/samba</filename> in Debian.
script to add commands to invoke this daemon in the proper sequence. My script to add commands to invoke this daemon in the proper sequence. My
<filename>/etc/init.d/smb</filename> file starts up <command>smbd</command>, startup script starts up <command>smbd</command>,
<command>nmbd</command>, and <command>winbindd</command> from the <command>nmbd</command>, and <command>winbindd</command> from the
<filename>/usr/local/samba/bin</filename> directory directly. The 'start' <filename>/usr/local/samba/bin</filename> directory directly. The 'start'
function in the script looks like this: function in the script looks like this:
@ -744,18 +765,79 @@ stop() {
return $RETVAL return $RETVAL
} }
</programlisting></para> </programlisting></para>
</sect4>
<sect4>
<title>Solaris</title>
<para>On solaris, you need to modify the
<filename>/etc/init.d/samba.server</filename> startup script. It usually
only starts smbd and nmbd but should now start winbindd too. If you
have samba installed in <filename>/usr/local/samba/bin</filename>,
the file could contains something like this:
</para>
<para><programlisting>
##
## samba.server
##
if [ ! -d /usr/bin ]
then # /usr not mounted
exit
fi
killproc() { # kill the named process(es)
pid=`/usr/bin/ps -e |
/usr/bin/grep -w $1 |
/usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
[ "$pid" != "" ] && kill $pid
}
# Start/stop processes required for samba server
case "$1" in
'start')
#
# Edit these lines to suit your installation (paths, workgroup, host)
#
echo Starting SMBD
/usr/local/samba/bin/smbd -D -s \
/usr/local/samba/smb.conf
echo Starting NMBD
/usr/local/samba/bin/nmbd -D -l \
/usr/local/samba/var/log -s /usr/local/samba/smb.conf
echo Starting Winbind Daemon
/usr/local/samba/bin/winbindd
;;
'stop')
killproc nmbd
killproc smbd
killproc winbindd
;;
*)
echo "Usage: /etc/init.d/samba.server { start | stop }"
;;
esac
</programlisting></para>
</sect4>
<sect4>
<title>Restarting</title>
<para> <para>
If you restart the <command>smbd</command>, <command>nmbd</command>, If you restart the <command>smbd</command>, <command>nmbd</command>,
and <command>winbindd</command> daemons at this point, you and <command>winbindd</command> daemons at this point, you
should be able to connect to the samba server as a domain member just as should be able to connect to the samba server as a domain member just as
if you were a local user. if you were a local user.
</para> </para>
</sect4>
</sect3> </sect3>
<sect3> <sect3>
<title>Configure Winbind and PAM</title> <title>Configure Winbind and PAM</title>
@ -781,13 +863,17 @@ by invoking the command
from the <filename>../source</filename> directory. The from the <filename>../source</filename> directory. The
<filename>pam_winbind.so</filename> file should be copied to the location of <filename>pam_winbind.so</filename> file should be copied to the location of
your other pam security modules. On my RedHat system, this was the your other pam security modules. On my RedHat system, this was the
<filename>/lib/security</filename> directory. <filename>/lib/security</filename> directory. On Solaris, the pam security
modules reside in <filename>/usr/lib/security</filename>.
</para> </para>
<para> <para>
<prompt>root#</prompt> <command>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</command> <prompt>root#</prompt> <command>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</command>
</para> </para>
<sect4>
<title>Linux/FreeBSD-specific PAM configuration</title>
<para> <para>
The <filename>/etc/pam.d/samba</filename> file does not need to be changed. I The <filename>/etc/pam.d/samba</filename> file does not need to be changed. I
just left this fileas it was: just left this fileas it was:
@ -875,6 +961,92 @@ line after the <command>winbind.so</command> line to get rid of annoying
double prompts for passwords. double prompts for passwords.
</para> </para>
</sect4>
<sect4>
<title>Solaris-specific configuration</title>
<para>
The /etc/pam.conf needs to be changed. I changed this file so that my Domain
users can logon both locally as well as telnet.The following are the changes
that I made.You can customize the pam.conf file as per your requirements,but
be sure of those changes because in the worst case it will leave your system
nearly impossible to boot.
</para>
<para><programlisting>
#
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
login auth required /usr/lib/security/pam_winbind.so
login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass
#
rlogin auth sufficient /usr/lib/security/pam_winbind.so
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
dtlogin auth sufficient /usr/lib/security/pam_winbind.so
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth sufficient /usr/lib/security/pam_winbind.so
other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
# Account management
#
login account sufficient /usr/lib/security/pam_winbind.so
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account sufficient /usr/lib/security/pam_winbind.so
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other account sufficient /usr/lib/security/pam_winbind.so
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
#other password sufficient /usr/lib/security/pam_winbind.so
other password required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
</programlisting></para>
<para>
I also added a try_first_pass line after the winbind.so line to get rid of
annoying double prompts for passwords.
</para>
<para>
Now restart your Samba & try connecting through your application that you
configured in the pam.conf.
</para>
</sect4>
</sect3> </sect3>

View File

@ -191,7 +191,7 @@ CLASS="FILENAME"
> is one such file.</P > is one such file.</P
><P ><P
>When the IP address of the destination interface has been >When the IP address of the destination interface has been
determined a protocol called ARP/RARP isused to identify determined a protocol called ARP/RARP is used to identify
the MAC address of the target interface. ARP stands for Address the MAC address of the target interface. ARP stands for Address
Resolution Protocol, and is a broadcast oriented method that Resolution Protocol, and is a broadcast oriented method that
uses UDP (User Datagram Protocol) to send a request to all uses UDP (User Datagram Protocol) to send a request to all
@ -414,7 +414,7 @@ architecture of the MS Windows network. The term "workgroup" indicates
that the primary nature of the network environment is that of a that the primary nature of the network environment is that of a
peer-to-peer design. In a WORKGROUP all machines are responsible for peer-to-peer design. In a WORKGROUP all machines are responsible for
their own security, and generally such security is limited to use of their own security, and generally such security is limited to use of
just a password (known as SHARE MORE security). In most situations just a password (known as SHARE MODE security). In most situations
with peer-to-peer networking the users who control their own machines with peer-to-peer networking the users who control their own machines
will simply opt to have no security at all. It is possible to have will simply opt to have no security at all. It is possible to have
USER MODE security in a WORKGROUP environment, thus requiring use USER MODE security in a WORKGROUP environment, thus requiring use
@ -444,8 +444,8 @@ NAME="AEN100"
></H2 ></H2
><P ><P
>All MS Windows machines employ an in memory buffer in which is >All MS Windows machines employ an in memory buffer in which is
stored the NetBIOS names and their IP addresses for all external stored the NetBIOS names and IP addresses for all external
machines that that the local machine has communicated with over the machines that that machine has communicated with over the
past 10-15 minutes. It is more efficient to obtain an IP address past 10-15 minutes. It is more efficient to obtain an IP address
for a machine from the local cache than it is to go through all the for a machine from the local cache than it is to go through all the
configured name resolution mechanisms.</P configured name resolution mechanisms.</P
@ -453,7 +453,7 @@ configured name resolution mechanisms.</P
>If a machine whose name is in the local name cache has been shut >If a machine whose name is in the local name cache has been shut
down before the name had been expired and flushed from the cache, then down before the name had been expired and flushed from the cache, then
an attempt to exchange a message with that machine will be subject an attempt to exchange a message with that machine will be subject
to time-out delays. ie: It's name is in the cache, so a name resolution to time-out delays. i.e.: Its name is in the cache, so a name resolution
lookup will succeed, but the machine can not respond. This can be lookup will succeed, but the machine can not respond. This can be
frustrating for users - but it is a characteristic of the protocol.</P frustrating for users - but it is a characteristic of the protocol.</P
><P ><P
@ -660,7 +660,7 @@ dependable browsing using Samba</A
></H1 ></H1
><P ><P
>As stated above, MS Windows machines register their NetBIOS names >As stated above, MS Windows machines register their NetBIOS names
(ie: the machine name for each service type in operation) on start (i.e.: the machine name for each service type in operation) on start
up. Also, as stated above, the exact method by which this name registration up. Also, as stated above, the exact method by which this name registration
takes place is determined by whether or not the MS Windows client/server takes place is determined by whether or not the MS Windows client/server
has been given a WINS server address, whether or not LMHOSTS lookup has been given a WINS server address, whether or not LMHOSTS lookup
@ -685,7 +685,7 @@ Instead, the domain master browser serves the role of contacting each local
master browser (found by asking WINS or from LMHOSTS) and exchanging browse master browser (found by asking WINS or from LMHOSTS) and exchanging browse
list contents. This way every master browser will eventually obtain a complete list contents. This way every master browser will eventually obtain a complete
list of all machines that are on the network. Every 11-15 minutes an election list of all machines that are on the network. Every 11-15 minutes an election
is held to determine which machine will be the master browser. By nature of is held to determine which machine will be the master browser. By the nature of
the election criteria used, the machine with the highest uptime, or the the election criteria used, the machine with the highest uptime, or the
most senior protocol version, or other criteria, will win the election most senior protocol version, or other criteria, will win the election
as domain master browser.</P as domain master browser.</P
@ -770,8 +770,8 @@ these versions no longer support plain text passwords by default.</P
><P ><P
>MS Windows clients have a habit of dropping network mappings that >MS Windows clients have a habit of dropping network mappings that
have been idle for 10 minutes or longer. When the user attempts to have been idle for 10 minutes or longer. When the user attempts to
use the mapped drive connection that has been dropped the SMB protocol use the mapped drive connection that has been dropped, the client
has a mechanism by which the connection can be re-established using re-establishes the connection using
a cached copy of the password.</P a cached copy of the password.</P
><P ><P
>When Microsoft changed the default password mode, they dropped support for >When Microsoft changed the default password mode, they dropped support for
@ -959,7 +959,7 @@ NAME="AEN196"
></H2 ></H2
><P ><P
>This mode of authentication demands that there be on the >This mode of authentication demands that there be on the
Unix/Linux system both a Unix style account as well as and Unix/Linux system both a Unix style account as well as an
smbpasswd entry for the user. The Unix system account can be smbpasswd entry for the user. The Unix system account can be
locked if required as only the encrypted password will be locked if required as only the encrypted password will be
used for SMB client authentication.</P used for SMB client authentication.</P

File diff suppressed because it is too large Load Diff

View File

@ -152,7 +152,7 @@ Identified (RID).</P
>As a result of these defeciencies, a more robust means of storing user attributes >As a result of these defeciencies, a more robust means of storing user attributes
used by smbd was developed. The API which defines access to user accounts used by smbd was developed. The API which defines access to user accounts
is commonly referred to as the samdb interface (previously this was called the passdb is commonly referred to as the samdb interface (previously this was called the passdb
API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
for a samdb backend (e.g. <TT for a samdb backend (e.g. <TT
CLASS="PARAMETER" CLASS="PARAMETER"
><I ><I
@ -498,7 +498,7 @@ CLASS="REPLACEABLE"
ldap suffix = "ou=people,dc=samba,dc=org" ldap suffix = "ou=people,dc=samba,dc=org"
# generally the default ldap search filter is ok # generally the default ldap search filter is ok
# ldap filter = "(&#38;(uid=%u)(objectclass=sambaAccount))"</PRE # ldap filter = "(&amp;(uid=%u)(objectclass=sambaAccount))"</PRE
></P ></P
></DIV ></DIV
></DIV ></DIV

View File

@ -2124,7 +2124,7 @@ ALIGN="LEFT"
></TABLE ></TABLE
></DIV ></DIV
><P ><P
>The default logon path is \\%N\U%. NT Workstation will attempt to create >The default logon path is \\%N\%U. NT Workstation will attempt to create
a directory "\\samba-server\username.PDS" if you specify the logon path a directory "\\samba-server\username.PDS" if you specify the logon path
as "\\samba-server\username" with the NT User Manager. Therefore, you as "\\samba-server\username" with the NT User Manager. Therefore, you
will need to specify (for example) "\\samba-server\username\profile". will need to specify (for example) "\\samba-server\username\profile".

View File

@ -478,7 +478,7 @@ CLASS="REPLACEABLE"
></TT ></TT
></P ></P
><P ><P
>Your should get back a list of shares available on >You should get back a list of shares available on
your server. If you don't then something is incorrectly setup. your server. If you don't then something is incorrectly setup.
Note that this method can also be used to see what shares Note that this method can also be used to see what shares
are available on other LanManager clients (such as WfWg).</P are available on other LanManager clients (such as WfWg).</P
@ -656,8 +656,8 @@ NAME="AEN166"
>By default Samba uses a blank scope ID. This means >By default Samba uses a blank scope ID. This means
all your windows boxes must also have a blank scope ID. all your windows boxes must also have a blank scope ID.
If you really want to use a non-blank scope ID then you will If you really want to use a non-blank scope ID then you will
need to use the -i &lt;scope&gt; option to nmbd, smbd, and need to use the 'netbios scope' smb.conf option.
smbclient. All your PCs will need to have the same setting for All your PCs will need to have the same setting for
this to work. I do not recommend scope IDs.</P this to work. I do not recommend scope IDs.</P
></DIV ></DIV
><DIV ><DIV
@ -778,19 +778,13 @@ NAME="AEN182"
its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE
or DENY_ALL. There are also special compatibility modes called or DENY_ALL. There are also special compatibility modes called
DENY_FCB and DENY_DOS.</P DENY_FCB and DENY_DOS.</P
><P
>You can disable share modes using "share modes = no".
This may be useful on a heavily loaded server as the share
modes code is very slow. See also the FAST_SHARE_MODES
option in the Makefile for a way to do full share modes
very fast using shared memory (if your OS supports it).</P
></DIV ></DIV
><DIV ><DIV
CLASS="SECT2" CLASS="SECT2"
><HR><H2 ><HR><H2
CLASS="SECT2" CLASS="SECT2"
><A ><A
NAME="AEN192" NAME="AEN191"
>Mapping Usernames</A >Mapping Usernames</A
></H2 ></H2
><P ><P
@ -798,21 +792,6 @@ NAME="AEN192"
the unix server then take a look at the "username map" option. the unix server then take a look at the "username map" option.
See the smb.conf man page for details.</P See the smb.conf man page for details.</P
></DIV ></DIV
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
NAME="AEN195"
>Other Character Sets</A
></H2
><P
>If you have problems using filenames with accented
characters in them (like the German, French or Scandinavian
character sets) then I recommend you look at the "valid chars"
option in smb.conf and also take a look at the validchars
package in the examples directory.</P
></DIV
></DIV ></DIV
></DIV ></DIV
></BODY ></BODY

View File

@ -37,12 +37,12 @@ NAME="AEN8"
><B ><B
CLASS="COMMAND" CLASS="COMMAND"
>rpcclient</B >rpcclient</B
> [-A authfile] [-c &#60;command string&#62;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &#60;smb config file&#62;] [-U username[%password]] [-W workgroup] [-N] {server}</P > [-A authfile] [-c &#60;command string&#62;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &#60;smb config file&#62;] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}</P
></DIV ></DIV
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN22" NAME="AEN23"
></A ></A
><H2 ><H2
>DESCRIPTION</H2 >DESCRIPTION</H2
@ -65,7 +65,7 @@ CLASS="COMMAND"
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN28" NAME="AEN29"
></A ></A
><H2 ><H2
>OPTIONS</H2 >OPTIONS</H2
@ -151,6 +151,35 @@ CLASS="FILENAME"
</P </P
></DD ></DD
><DT ><DT
>-I IP-address</DT
><DD
><P
><TT
CLASS="REPLACEABLE"
><I
>IP address</I
></TT
> is the address of the server to connect to.
It should be specified in standard "a.b.c.d" notation. </P
><P
>Normally the client would attempt to locate a named
SMB/CIFS server by looking it up via the NetBIOS name resolution
mechanism described above in the <TT
CLASS="PARAMETER"
><I
>name resolve order</I
></TT
>
parameter above. Using this parameter will force the client
to assume that the server is on the machine with the specified IP
address and the NetBIOS name component of the resource being
connected to will be ignored. </P
><P
>There is no default for this parameter. If not supplied,
it will be determined automatically by the client as described
above. </P
></DD
><DT
>-l|--logfile=logbasename</DT >-l|--logfile=logbasename</DT
><DD ><DD
><P ><P
@ -253,7 +282,7 @@ CLASS="COMMAND"
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN92" NAME="AEN101"
></A ></A
><H2 ><H2
>COMMANDS</H2 >COMMANDS</H2
@ -647,7 +676,7 @@ CLASS="COMMAND"
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN212" NAME="AEN221"
></A ></A
><H2 ><H2
>BUGS</H2 >BUGS</H2
@ -688,7 +717,7 @@ CLASS="COMMAND"
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN222" NAME="AEN231"
></A ></A
><H2 ><H2
>VERSION</H2 >VERSION</H2
@ -699,7 +728,7 @@ NAME="AEN222"
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN225" NAME="AEN234"
></A ></A
><H2 ><H2
>AUTHOR</H2 >AUTHOR</H2

File diff suppressed because it is too large Load Diff

View File

@ -170,7 +170,7 @@ CLASS="CONSTANT"
>, >,
or <TT or <TT
CLASS="CONSTANT" CLASS="CONSTANT"
>printer-notify</TT >printnotify</TT
>.</P >.</P
><P ><P
>The <TT >The <TT
@ -246,15 +246,68 @@ CLASS="CONSTANT"
><P ><P
>The <TT >The <TT
CLASS="CONSTANT" CLASS="CONSTANT"
>printer-notify</TT >printnotify</TT
> message-type sends a > message-type sends a
message to smbd which in turn sends a printer notify message to message to smbd which in turn sends a printer notify message to
any Windows NT clients connected to a printer. This message-type any Windows NT clients connected to a printer. This message-type
takes an argument of the printer name to send notify messages to. takes the following arguments:
<P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>queuepause printername</DT
><DD
><P
>Send a queue pause change notify
message to the printer specified.</P
></DD
><DT
>queueresume printername</DT
><DD
><P
>Send a queue resume change notify
message for the printer specified.</P
></DD
><DT
>jobpause printername unixjobid</DT
><DD
><P
>Send a job pause change notify
message for the printer and unix jobid
specified.</P
></DD
><DT
>jobresume printername unixjobid</DT
><DD
><P
>Send a job resume change notify
message for the printer and unix jobid
specified.</P
></DD
><DT
>jobdelete printername unixjobid</DT
><DD
><P
>Send a job delete change notify
message for the printer and unix jobid
specified.</P
></DD
></DL
></DIV
>
Note that this message only sends notification that an
event has occured. It doesn't actually cause the
event to happen.
This message can only be sent to <TT This message can only be sent to <TT
CLASS="CONSTANT" CLASS="CONSTANT"
>smbd</TT >smbd</TT
>.</P >.
</P
></DD ></DD
><DT ><DT
>parameters</DT >parameters</DT
@ -268,7 +321,7 @@ CLASS="CONSTANT"
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN81" NAME="AEN102"
></A ></A
><H2 ><H2
>VERSION</H2 >VERSION</H2
@ -279,7 +332,7 @@ NAME="AEN81"
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN84" NAME="AEN105"
></A ></A
><H2 ><H2
>SEE ALSO</H2 >SEE ALSO</H2
@ -305,7 +358,7 @@ CLASS="COMMAND"
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN91" NAME="AEN112"
></A ></A
><H2 ><H2
>AUTHOR</H2 >AUTHOR</H2

View File

@ -410,12 +410,20 @@ for providing the HOWTO for this section.</P
>This HOWTO describes how to get winbind services up and running >This HOWTO describes how to get winbind services up and running
to control access and authenticate users on your Linux box using to control access and authenticate users on your Linux box using
the winbind services which come with SAMBA 2.2.2.</P the winbind services which come with SAMBA 2.2.2.</P
><P
>There is also some Solaris specific information in
<TT
CLASS="FILENAME"
>docs/textdocs/Solaris-Winbind-HOWTO.txt</TT
>.
Future revisions of this document will incorporate that
information.</P
><DIV ><DIV
CLASS="SECT2" CLASS="SECT2"
><HR><H2 ><HR><H2
CLASS="SECT2" CLASS="SECT2"
><A ><A
NAME="AEN76" NAME="AEN78"
>Introduction</A >Introduction</A
></H2 ></H2
><P ><P
@ -468,7 +476,7 @@ CLASS="SECT2"
><HR><H2 ><HR><H2
CLASS="SECT2" CLASS="SECT2"
><A ><A
NAME="AEN89" NAME="AEN91"
>Requirements</A >Requirements</A
></H2 ></H2
><P ><P
@ -529,7 +537,7 @@ CLASS="SECT2"
><HR><H2 ><HR><H2
CLASS="SECT2" CLASS="SECT2"
><A ><A
NAME="AEN103" NAME="AEN105"
>Testing Things Out</A >Testing Things Out</A
></H2 ></H2
><P ><P
@ -574,7 +582,7 @@ CLASS="SECT3"
><HR><H3 ><HR><H3
CLASS="SECT3" CLASS="SECT3"
><A ><A
NAME="AEN114" NAME="AEN116"
>Configure and compile SAMBA</A >Configure and compile SAMBA</A
></H3 ></H3
><P ><P
@ -640,7 +648,7 @@ CLASS="SECT3"
><HR><H3 ><HR><H3
CLASS="SECT3" CLASS="SECT3"
><A ><A
NAME="AEN133" NAME="AEN135"
>Configure <TT >Configure <TT
CLASS="FILENAME" CLASS="FILENAME"
>nsswitch.conf</TT >nsswitch.conf</TT
@ -672,6 +680,30 @@ CLASS="COMMAND"
>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B >ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B
></P ></P
><P ><P
>And, in the case of Sun solaris:</P
><P
><TT
CLASS="PROMPT"
>root#</TT
> <B
CLASS="COMMAND"
>ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1</B
>
<TT
CLASS="PROMPT"
>root#</TT
> <B
CLASS="COMMAND"
>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1</B
>
<TT
CLASS="PROMPT"
>root#</TT
> <B
CLASS="COMMAND"
>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2</B
></P
><P
>Now, as root you need to edit <TT >Now, as root you need to edit <TT
CLASS="FILENAME" CLASS="FILENAME"
>/etc/nsswitch.conf</TT >/etc/nsswitch.conf</TT
@ -721,7 +753,7 @@ CLASS="SECT3"
><HR><H3 ><HR><H3
CLASS="SECT3" CLASS="SECT3"
><A ><A
NAME="AEN158" NAME="AEN168"
>Configure smb.conf</A >Configure smb.conf</A
></H3 ></H3
><P ><P
@ -796,7 +828,7 @@ CLASS="SECT3"
><HR><H3 ><HR><H3
CLASS="SECT3" CLASS="SECT3"
><A ><A
NAME="AEN174" NAME="AEN184"
>Join the SAMBA server to the PDC domain</A >Join the SAMBA server to the PDC domain</A
></H3 ></H3
><P ><P
@ -842,7 +874,7 @@ CLASS="SECT3"
><HR><H3 ><HR><H3
CLASS="SECT3" CLASS="SECT3"
><A ><A
NAME="AEN185" NAME="AEN195"
>Start up the winbindd daemon and test it!</A >Start up the winbindd daemon and test it!</A
></H3 ></H3
><P ><P
@ -965,12 +997,17 @@ CLASS="SECT3"
><HR><H3 ><HR><H3
CLASS="SECT3" CLASS="SECT3"
><A ><A
NAME="AEN221" NAME="AEN231"
>Fix the <TT >Fix the init.d startup scripts</A
CLASS="FILENAME"
>/etc/rc.d/init.d/smb</TT
> startup files</A
></H3 ></H3
><DIV
CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="AEN233"
>Linux</A
></H4
><P ><P
>The <B >The <B
CLASS="COMMAND" CLASS="COMMAND"
@ -983,15 +1020,16 @@ CLASS="COMMAND"
CLASS="COMMAND" CLASS="COMMAND"
>nmbd</B >nmbd</B
> daemons are running. > daemons are running.
To accomplish this task, you need to modify the <TT To accomplish this task, you need to modify the startup scripts of your system. They are located at <TT
CLASS="FILENAME" CLASS="FILENAME"
>/etc/init.d/smb</TT >/etc/init.d/smb</TT
> > in RedHat and
script to add commands to invoke this daemon in the proper sequence. My
<TT <TT
CLASS="FILENAME" CLASS="FILENAME"
>/etc/init.d/smb</TT >/etc/init.d/samba</TT
> file starts up <B > in Debian.
script to add commands to invoke this daemon in the proper sequence. My
startup script starts up <B
CLASS="COMMAND" CLASS="COMMAND"
>smbd</B >smbd</B
>, >,
@ -1057,6 +1095,86 @@ CLASS="PROGRAMLISTING"
return $RETVAL return $RETVAL
}</PRE }</PRE
></P ></P
></DIV
><DIV
CLASS="SECT4"
><HR><H4
CLASS="SECT4"
><A
NAME="AEN250"
>Solaris</A
></H4
><P
>On solaris, you need to modify the
<TT
CLASS="FILENAME"
>/etc/init.d/samba.server</TT
> startup script. It usually
only starts smbd and nmbd but should now start winbindd too. If you
have samba installed in <TT
CLASS="FILENAME"
>/usr/local/samba/bin</TT
>,
the file could contains something like this:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>##
## samba.server
##
if [ ! -d /usr/bin ]
then # /usr not mounted
exit
fi
killproc() { # kill the named process(es)
pid=`/usr/bin/ps -e |
/usr/bin/grep -w $1 |
/usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
[ "$pid" != "" ] &#38;&#38; kill $pid
}
# Start/stop processes required for samba server
case "$1" in
'start')
#
# Edit these lines to suit your installation (paths, workgroup, host)
#
echo Starting SMBD
/usr/local/samba/bin/smbd -D -s \
/usr/local/samba/smb.conf
echo Starting NMBD
/usr/local/samba/bin/nmbd -D -l \
/usr/local/samba/var/log -s /usr/local/samba/smb.conf
echo Starting Winbind Daemon
/usr/local/samba/bin/winbindd
;;
'stop')
killproc nmbd
killproc smbd
killproc winbindd
;;
*)
echo "Usage: /etc/init.d/samba.server { start | stop }"
;;
esac</PRE
></P
></DIV
><DIV
CLASS="SECT4"
><HR><H4
CLASS="SECT4"
><A
NAME="AEN257"
>Restarting</A
></H4
><P ><P
>If you restart the <B >If you restart the <B
CLASS="COMMAND" CLASS="COMMAND"
@ -1072,12 +1190,13 @@ CLASS="COMMAND"
should be able to connect to the samba server as a domain member just as should be able to connect to the samba server as a domain member just as
if you were a local user.</P if you were a local user.</P
></DIV ></DIV
></DIV
><DIV ><DIV
CLASS="SECT3" CLASS="SECT3"
><HR><H3 ><HR><H3
CLASS="SECT3" CLASS="SECT3"
><A ><A
NAME="AEN243" NAME="AEN263"
>Configure Winbind and PAM</A >Configure Winbind and PAM</A
></H3 ></H3
><P ><P
@ -1117,7 +1236,11 @@ your other pam security modules. On my RedHat system, this was the
<TT <TT
CLASS="FILENAME" CLASS="FILENAME"
>/lib/security</TT >/lib/security</TT
> directory.</P > directory. On Solaris, the pam security
modules reside in <TT
CLASS="FILENAME"
>/usr/lib/security</TT
>.</P
><P ><P
><TT ><TT
CLASS="PROMPT" CLASS="PROMPT"
@ -1126,6 +1249,14 @@ CLASS="PROMPT"
CLASS="COMMAND" CLASS="COMMAND"
>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</B >cp ../samba/source/nsswitch/pam_winbind.so /lib/security</B
></P ></P
><DIV
CLASS="SECT4"
><HR><H4
CLASS="SECT4"
><A
NAME="AEN280"
>Linux/FreeBSD-specific PAM configuration</A
></H4
><P ><P
>The <TT >The <TT
CLASS="FILENAME" CLASS="FILENAME"
@ -1247,6 +1378,91 @@ CLASS="COMMAND"
> line to get rid of annoying > line to get rid of annoying
double prompts for passwords.</P double prompts for passwords.</P
></DIV ></DIV
><DIV
CLASS="SECT4"
><HR><H4
CLASS="SECT4"
><A
NAME="AEN313"
>Solaris-specific configuration</A
></H4
><P
>The /etc/pam.conf needs to be changed. I changed this file so that my Domain
users can logon both locally as well as telnet.The following are the changes
that I made.You can customize the pam.conf file as per your requirements,but
be sure of those changes because in the worst case it will leave your system
nearly impossible to boot.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>#
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
login auth required /usr/lib/security/pam_winbind.so
login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass
#
rlogin auth sufficient /usr/lib/security/pam_winbind.so
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
dtlogin auth sufficient /usr/lib/security/pam_winbind.so
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth sufficient /usr/lib/security/pam_winbind.so
other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
# Account management
#
login account sufficient /usr/lib/security/pam_winbind.so
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account sufficient /usr/lib/security/pam_winbind.so
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other account sufficient /usr/lib/security/pam_winbind.so
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
#other password sufficient /usr/lib/security/pam_winbind.so
other password required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass</PRE
></P
><P
>I also added a try_first_pass line after the winbind.so line to get rid of
annoying double prompts for passwords.</P
><P
>Now restart your Samba &#38; try connecting through your application that you
configured in the pam.conf.</P
></DIV
></DIV
></DIV ></DIV
></DIV ></DIV
><DIV ><DIV
@ -1254,7 +1470,7 @@ CLASS="SECT1"
><HR><H1 ><HR><H1
CLASS="SECT1" CLASS="SECT1"
><A ><A
NAME="AEN290" NAME="AEN320"
>Limitations</A >Limitations</A
></H1 ></H1
><P ><P
@ -1295,7 +1511,7 @@ CLASS="SECT1"
><HR><H1 ><HR><H1
CLASS="SECT1" CLASS="SECT1"
><A ><A
NAME="AEN300" NAME="AEN330"
>Conclusion</A >Conclusion</A
></H1 ></H1
><P ><P

View File

@ -3,12 +3,12 @@
.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches, .\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>. .\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "RPCCLIENT" "1" "16 April 2002" "" "" .TH "RPCCLIENT" "1" "15 August 2002" "" ""
.SH NAME .SH NAME
rpcclient \- tool for executing client side MS-RPC functions rpcclient \- tool for executing client side MS-RPC functions
.SH SYNOPSIS .SH SYNOPSIS
.sp .sp
\fBrpcclient\fR [ \fB-A authfile\fR ] [ \fB-c <command string>\fR ] [ \fB-d debuglevel\fR ] [ \fB-h\fR ] [ \fB-l logfile\fR ] [ \fB-N\fR ] [ \fB-s <smb config file>\fR ] [ \fB-U username[%password]\fR ] [ \fB-W workgroup\fR ] [ \fB-N\fR ] \fBserver\fR \fBrpcclient\fR [ \fB-A authfile\fR ] [ \fB-c <command string>\fR ] [ \fB-d debuglevel\fR ] [ \fB-h\fR ] [ \fB-l logfile\fR ] [ \fB-N\fR ] [ \fB-s <smb config file>\fR ] [ \fB-U username[%password]\fR ] [ \fB-W workgroup\fR ] [ \fB-N\fR ] [ \fB-I destinationIP\fR ] \fBserver\fR
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
This tool is part of the Sambasuite. This tool is part of the Sambasuite.
@ -55,6 +55,22 @@ planning on submitting a bug report to the Samba team (see \fIBUGS.txt\fR).
\fB-h|--help\fR \fB-h|--help\fR
Print a summary of command line options. Print a summary of command line options.
.TP .TP
\fB-I IP-address\fR
\fIIP address\fR is the address of the server to connect to.
It should be specified in standard "a.b.c.d" notation.
Normally the client would attempt to locate a named
SMB/CIFS server by looking it up via the NetBIOS name resolution
mechanism described above in the \fIname resolve order\fR
parameter above. Using this parameter will force the client
to assume that the server is on the machine with the specified IP
address and the NetBIOS name component of the resource being
connected to will be ignored.
There is no default for this parameter. If not supplied,
it will be determined automatically by the client as described
above.
.TP
\fB-l|--logfile=logbasename\fR \fB-l|--logfile=logbasename\fR
File name for log/debug files. The extension File name for log/debug files. The extension
\&'.client' will be appended. The log file is never removed \&'.client' will be appended. The log file is never removed

View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches, .\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>. .\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMB.CONF" "5" "08 May 2002" "" "" .TH "SMB.CONF" "5" "15 August 2002" "" ""
.SH NAME .SH NAME
smb.conf \- The configuration file for the Samba suite smb.conf \- The configuration file for the Samba suite
.SH "SYNOPSIS" .SH "SYNOPSIS"
@ -657,18 +657,18 @@ each parameter for details. Note that some are synonyms.
\fIldap filter\fR \fIldap filter\fR
.TP 0.2i .TP 0.2i
\(bu \(bu
\fIldap port\fR
.TP 0.2i
\(bu
\fIldap server\fR
.TP 0.2i
\(bu
\fIldap ssl\fR \fIldap ssl\fR
.TP 0.2i .TP 0.2i
\(bu \(bu
\fIldap suffix\fR \fIldap suffix\fR
.TP 0.2i .TP 0.2i
\(bu \(bu
\fIldap suffix\fR
.TP 0.2i
\(bu
\fIldap suffix\fR
.TP 0.2i
\(bu
\fIlm announce\fR \fIlm announce\fR
.TP 0.2i .TP 0.2i
\(bu \(bu
@ -906,55 +906,7 @@ each parameter for details. Note that some are synonyms.
\fIsource environment\fR \fIsource environment\fR
.TP 0.2i .TP 0.2i
\(bu \(bu
\fIssl\fR \fIuse spnego\fR
.TP 0.2i
\(bu
\fIssl CA certDir\fR
.TP 0.2i
\(bu
\fIssl CA certFile\fR
.TP 0.2i
\(bu
\fIssl ciphers\fR
.TP 0.2i
\(bu
\fIssl client cert\fR
.TP 0.2i
\(bu
\fIssl client key\fR
.TP 0.2i
\(bu
\fIssl compatibility\fR
.TP 0.2i
\(bu
\fIssl egd socket\fR
.TP 0.2i
\(bu
\fIssl entropy bytes\fR
.TP 0.2i
\(bu
\fIssl entropy file\fR
.TP 0.2i
\(bu
\fIssl hosts\fR
.TP 0.2i
\(bu
\fIssl hosts resign\fR
.TP 0.2i
\(bu
\fIssl require clientcert\fR
.TP 0.2i
\(bu
\fIssl require servercert\fR
.TP 0.2i
\(bu
\fIssl server cert\fR
.TP 0.2i
\(bu
\fIssl server key\fR
.TP 0.2i
\(bu
\fIssl version\fR
.TP 0.2i .TP 0.2i
\(bu \(bu
\fIstat cache\fR \fIstat cache\fR
@ -1605,6 +1557,11 @@ Default: \fBadd user script = <empty string>
\fR \fR
Example: \fBadd user script = /usr/local/samba/bin/add_user Example: \fBadd user script = /usr/local/samba/bin/add_user
%u\fR %u\fR
.TP
\fBadd group script (G)\fR
This is the full pathname to a script that will
be run \fBAS ROOT\fR by smbd(8) when a new group is requested. It will expand any \fI%g\fR to the group name passed. This script is only useful for installations using the Windows NT domain administration tools.
.TP .TP
\fBadmin users (S)\fR \fBadmin users (S)\fR
This is a list of users who will be granted This is a list of users who will be granted
@ -2189,44 +2146,14 @@ Example: \fBdelete share command = /usr/local/bin/delshare\fR
.TP .TP
\fBdelete user script (G)\fR \fBdelete user script (G)\fR
This is the full pathname to a script that will This is the full pathname to a script that will
be run \fBAS ROOT\fR by \fBsmbd(8)\fRunder special circumstances be run by \fBsmbd(8)\fR
described below. when managing user's with remote RPC (NT) tools.
Normally, a Samba server requires that UNIX users are This script is called when a remote client removes a user
created for all users accessing files on this server. For sites from the server, normally using 'User Manager for Domains' or
that use Windows NT account databases as their primary user database \fBrpcclient\fR.
creating these users and keeping the user list in sync with the
Windows NT PDC is an onerous task. This option allows \fB smbd\fR to delete the required UNIX users \fBON
DEMAND\fR when a user accesses the Samba server and the
Windows NT user no longer exists.
In order to use this option, \fBsmbd\fR must be This script should delete the given UNIX username.
set to \fIsecurity = domain\fR or \fIsecurity =
user\fR and \fIdelete user script\fR
must be set to a full pathname for a script
that will delete a UNIX user given one argument of \fI%u\fR,
which expands into the UNIX user name to delete.
When the Windows user attempts to access the Samba server,
at \fBlogin\fR (session setup in the SMB protocol)
time, \fBsmbd\fR contacts the \fIpassword server\fR and attempts to authenticate
the given user with the given password. If the authentication fails
with the specific Domain error code meaning that the user no longer
exists then \fBsmbd\fR attempts to find a UNIX user in
the UNIX password database that matches the Windows user account. If
this lookup succeeds, and \fIdelete user script\fR is
set then \fBsmbd\fR will all the specified script
\fBAS ROOT\fR, expanding any \fI%u\fR
argument to be the user name to delete.
This script should delete the given UNIX username. In this way,
UNIX users are dynamically deleted to match existing Windows NT
accounts.
See also security = domain,
\fIpassword server\fR
, \fIadd user script\fR
\&.
Default: \fBdelete user script = <empty string> Default: \fBdelete user script = <empty string>
\fR \fR
@ -2744,7 +2671,7 @@ would force all created directories to have read and execute
permissions set for 'group' and 'other' as well as the permissions set for 'group' and 'other' as well as the
read/write/execute bits set for the 'user'. read/write/execute bits set for the 'user'.
.TP .TP
\fBforce directory security mode (S)\fR \fBforce directory\fR
This parameter controls what UNIX permission bits This parameter controls what UNIX permission bits
can be modified when a Windows NT client is manipulating the UNIX can be modified when a Windows NT client is manipulating the UNIX
permission on a directory using the native NT security dialog box. permission on a directory using the native NT security dialog box.
@ -3302,14 +3229,9 @@ code paths.
Default : \fBlarge readwrite = yes\fR Default : \fBlarge readwrite = yes\fR
.TP .TP
\fBldap admin dn (G)\fR \fBldap admin dn (G)\fR
This parameter is only available if Samba has been
configure to include the \fB--with-ldapsam\fR option
at compile time. This option should be considered experimental and
under active development.
The \fIldap admin dn\fR defines the Distinguished The \fIldap admin dn\fR defines the Distinguished
Name (DN) name used by Samba to contact the ldap Name (DN) name used by Samba to contact the ldap server when retreiving
server when retreiving user account information. The \fIldap user account information. The \fIldap
admin dn\fR is used in conjunction with the admin dn password admin dn\fR is used in conjunction with the admin dn password
stored in the \fIprivate/secrets.tdb\fR file. See the stored in the \fIprivate/secrets.tdb\fR file. See the
\fBsmbpasswd(8)\fRman \fBsmbpasswd(8)\fRman
@ -3318,11 +3240,6 @@ page for more information on how to accmplish this.
Default : \fBnone\fR Default : \fBnone\fR
.TP .TP
\fBldap filter (G)\fR \fBldap filter (G)\fR
This parameter is only available if Samba has been
configure to include the \fB--with-ldapsam\fR option
at compile time. This option should be considered experimental and
under active development.
This parameter specifies the RFC 2254 compliant LDAP search filter. This parameter specifies the RFC 2254 compliant LDAP search filter.
The default is to match the login name with the uid The default is to match the login name with the uid
attribute for all entries matching the sambaAccount attribute for all entries matching the sambaAccount
@ -3330,43 +3247,13 @@ objectclass. Note that this filter should only return one entry.
Default : \fBldap filter = (&(uid=%u)(objectclass=sambaAccount))\fR Default : \fBldap filter = (&(uid=%u)(objectclass=sambaAccount))\fR
.TP .TP
\fBldap port (G)\fR
This parameter is only available if Samba has been
configure to include the \fB--with-ldapsam\fR option
at compile time. This option should be considered experimental and
under active development.
This option is used to control the tcp port number used to contact
the \fIldap server\fR.
The default is to use the stand LDAPS port 636.
See Also: ldap ssl
Default : \fBldap port = 636\fR
.TP
\fBldap server (G)\fR
This parameter is only available if Samba has been
configure to include the \fB--with-ldapsam\fR option
at compile time. This option should be considered experimental and
under active development.
This parameter should contains the FQDN of the ldap directory
server which should be queried to locate user account information.
Default : \fBldap server = localhost\fR
.TP
\fBldap ssl (G)\fR \fBldap ssl (G)\fR
This parameter is only available if Samba has been
configure to include the \fB--with-ldapsam\fR option
at compile time. This option should be considered experimental and
under active development.
This option is used to define whether or not Samba should This option is used to define whether or not Samba should
use SSL when connecting to the \fIldap use SSL when connecting to the ldap server
server\fR. This is \fBNOT\fR related to This is \fBNOT\fR related to
Samba SSL support which is enabled by specifying the Samba's previous SSL support which was enabled by specifying the
\fB--with-ssl\fR option to the \fIconfigure\fR \fB--with-ssl\fR option to the \fIconfigure\fR
script (see \fIssl\fR). script.
The \fIldap ssl\fR can be set to one of three values: The \fIldap ssl\fR can be set to one of three values:
(a) on - Always use SSL when contacting the (a) on - Always use SSL when contacting the
@ -3378,10 +3265,16 @@ Never use SSL when querying the directory, or (c) start_tls
Default : \fBldap ssl = on\fR Default : \fBldap ssl = on\fR
.TP .TP
\fBldap suffix (G)\fR \fBldap suffix (G)\fR
This parameter is only available if Samba has been Default : \fBnone\fR
configure to include the \fB--with-ldapsam\fR option .TP
at compile time. This option should be considered experimental and \fBldap user suffix (G)\fR
under active development. It specifies where users are added to the tree.
Default : \fBnone\fR
.TP
\fBldap machine suffix (G)\fR
It specifies where machines should be
added to the ldap tree.
Default : \fBnone\fR Default : \fBnone\fR
.TP .TP
@ -3546,16 +3439,18 @@ you to have separate log files for each user or machine.
Example: \fBlog file = /usr/local/samba/var/log.%m Example: \fBlog file = /usr/local/samba/var/log.%m
\fR.TP \fR.TP
\fBlog level (G)\fR \fBlog level (G)\fR
The value of the parameter (an integer) allows The value of the parameter (a astring) allows
the debug level (logging level) to be specified in the the debug level (logging level) to be specified in the
\fIsmb.conf\fR file. This is to give greater \fIsmb.conf\fR file. This parameter has been
extended since 2.2.x series, now it allow to specify the debug
level for multiple debug classes. This is to give greater
flexibility in the configuration of the system. flexibility in the configuration of the system.
The default will be the log level specified on The default will be the log level specified on
the command line or level zero if none was specified. the command line or level zero if none was specified.
Example: \fBlog level = 3\fR Example: \fBlog level = 3 passdb:5 auth:10 winbind:2
.TP \fR.TP
\fBlogon drive (G)\fR \fBlogon drive (G)\fR
This parameter specifies the local path to This parameter specifies the local path to
which the home directory will be connected (see \fIlogon home\fR) which the home directory will be connected (see \fIlogon home\fR)
@ -4790,14 +4685,27 @@ arbitary passdb backend from the .so specified as a compulsary argument.
Any characters after the (optional) second : are passed to the plugin Any characters after the (optional) second : are passed to the plugin
for its own processing for its own processing
.TP 0.2i
\(bu
\fBunixsam\fR - Allows samba to map all (other) available unix users
This backend uses the standard unix database for retrieving users. Users included
in this pdb are NOT listed in samba user listings and users included in this pdb won't be
able to login. The use of this backend is to always be able to display the owner of a file
on the samba server - even when the user doesn't have a 'real' samba account in one of the
other passdb backends.
This backend should always be the last backend listed, since it contains all users in
the unix passdb and might 'override' mappings if specified earlier. It's meant to only return
accounts for users that aren't covered by the previous backends.
.RE .RE
.PP .PP
Default: \fBpassdb backend = smbpasswd\fR Default: \fBpassdb backend = smbpasswd unixsam\fR
Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd\fR Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd unixsam\fR
Example: \fBpassdb backend = ldapsam_nua:ldaps://ldap.example.com\fR Example: \fBpassdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam\fR
Example: \fBpassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb\fR Example: \fBpassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb\fR
.TP .TP
@ -6278,246 +6186,10 @@ Examples: \fBsource environment = |/etc/smb.conf.sh
Example: \fBsource environment = Example: \fBsource environment =
/usr/local/smb_env_vars\fR /usr/local/smb_env_vars\fR
.TP .TP
\fBssl (G)\fR \fBuse spnego (G)\fR
This variable is part of SSL-enabled Samba. This This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller. It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This variable enables or disables the entire SSL mode. If Default: \fBuse spnego = yes\fR
it is set to no, the SSL-enabled Samba behaves
exactly like the non-SSL Samba. If set to yes,
it depends on the variables \fI ssl hosts\fR and \fIssl hosts resign\fR whether an SSL
connection will be required.
Default: \fBssl = no\fR
.TP
\fBssl CA certDir (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This variable defines where to look up the Certification
Authorities. The given directory should contain one file for
each CA that Samba will trust. The file name must be the hash
value over the "Distinguished Name" of the CA. How this directory
is set up is explained later in this document. All files within the
directory that don't fit into this naming scheme are ignored. You
don't need this variable if you don't verify client certificates.
Default: \fBssl CA certDir = /usr/local/ssl/certs
\fR.TP
\fBssl CA certFile (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This variable is a second way to define the trusted CAs.
The certificates of the trusted CAs are collected in one big
file and this variable points to the file. You will probably
only use one of the two ways to define your CAs. The first choice is
preferable if you have many CAs or want to be flexible, the second
is preferable if you only have one CA and want to keep things
simple (you won't need to create the hashed file names). You
don't need this variable if you don't verify client certificates.
Default: \fBssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem
\fR.TP
\fBssl ciphers (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This variable defines the ciphers that should be offered
during SSL negotiation. You should not set this variable unless
you know what you are doing.
.TP
\fBssl client cert (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
The certificate in this file is used by \fBsmbclient(1)\fRif it exists. It's needed
if the server requires a client certificate.
Default: \fBssl client cert = /usr/local/ssl/certs/smbclient.pem
\fR.TP
\fBssl client key (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This is the private key for \fBsmbclient(1)\fR. It's only needed if the
client should have a certificate.
Default: \fBssl client key = /usr/local/ssl/private/smbclient.pem
\fR.TP
\fBssl compatibility (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This variable defines whether OpenSSL should be configured
for bug compatibility with other SSL implementations. This is
probably not desirable because currently no clients with SSL
implementations other than OpenSSL exist.
Default: \fBssl compatibility = no\fR
.TP
\fBssl egd socket (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This option is used to define the location of the communiation socket of
an EGD or PRNGD daemon, from which entropy can be retrieved. This option
can be used instead of or together with the \fIssl entropy file\fR
directive. 255 bytes of entropy will be retrieved from the daemon.
Default: \fBnone\fR
.TP
\fBssl entropy bytes (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This parameter is used to define the number of bytes which should
be read from the \fIssl entropy
file\fR If a -1 is specified, the entire file will
be read.
Default: \fBssl entropy bytes = 255\fR
.TP
\fBssl entropy file (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This parameter is used to specify a file from which processes will
read "random bytes" on startup. In order to seed the internal pseudo
random number generator, entropy must be provided. On system with a
\fI/dev/urandom\fR device file, the processes
will retrieve its entropy from the kernel. On systems without kernel
entropy support, a file can be supplied that will be read on startup
and that will be used to seed the PRNG.
Default: \fBnone\fR
.TP
\fBssl hosts (G)\fR
See \fI ssl hosts resign\fR.
.TP
\fBssl hosts resign (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
These two variables define whether Samba will go
into SSL mode or not. If none of them is defined, Samba will
allow only SSL connections. If the \fIssl hosts\fR variable lists
hosts (by IP-address, IP-address range, net group or name),
only these hosts will be forced into SSL mode. If the \fI ssl hosts resign\fR variable lists hosts, only these
hosts will \fBNOT\fR be forced into SSL mode. The syntax for these two
variables is the same as for the \fI hosts allow\fR and \fIhosts deny\fR pair of variables, only
that the subject of the decision is different: It's not the access
right but whether SSL is used or not.
The example below requires SSL connections from all hosts
outside the local net (which is 192.168.*.*).
Default: \fBssl hosts = <empty string>\fR
\fBssl hosts resign = <empty string>\fR
Example: \fBssl hosts resign = 192.168.\fR
.TP
\fBssl require clientcert (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
If this variable is set to yes, the
server will not tolerate connections from clients that don't
have a valid certificate. The directory/file given in \fIssl CA certDir\fR
and \fIssl CA certFile
\fRwill be used to look up the CAs that issued
the client's certificate. If the certificate can't be verified
positively, the connection will be terminated. If this variable
is set to no, clients don't need certificates.
Contrary to web applications you really \fBshould\fR
require client certificates. In the web environment the client's
data is sensitive (credit card numbers) and the server must prove
to be trustworthy. In a file server environment the server's data
will be sensitive and the clients must prove to be trustworthy.
Default: \fBssl require clientcert = no\fR
.TP
\fBssl require servercert (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
If this variable is set to yes, the
\fBsmbclient(1)\fR
will request a certificate from the server. Same as
\fIssl require
clientcert\fR for the server.
Default: \fBssl require servercert = no\fR
.TP
\fBssl server cert (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This is the file containing the server's certificate.
The server \fBmust\fR have a certificate. The
file may also contain the server's private key. See later for
how certificates and private keys are created.
Default: \fBssl server cert = <empty string>
\fR.TP
\fBssl server key (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This file contains the private key of the server. If
this variable is not defined, the key is looked up in the
certificate file (it may be appended to the certificate).
The server \fBmust\fR have a private key
and the certificate \fBmust\fR
match this private key.
Default: \fBssl server key = <empty string>
\fR.TP
\fBssl version (G)\fR
This variable is part of SSL-enabled Samba. This
is only available if the SSL libraries have been compiled on your
system and the configure option \fB--with-ssl\fR was
given at configure time.
This enumeration variable defines the versions of the
SSL protocol that will be used. ssl2or3 allows
dynamic negotiation of SSL v2 or v3, ssl2 results
in SSL v2, ssl3 results in SSL v3 and
tls1 results in TLS v1. TLS (Transport Layer
Security) is the new standard for SSL.
Default: \fBssl version = "ssl2or3"\fR
.TP .TP
\fBstat cache (G)\fR \fBstat cache (G)\fR
This parameter determines if smbd(8)will use a cache in order to This parameter determines if smbd(8)will use a cache in order to
@ -6698,9 +6370,9 @@ Example: \fBtotal print jobs = 5000\fR
.TP .TP
\fBunix extensions(G)\fR \fBunix extensions(G)\fR
This boolean parameter controls whether Samba This boolean parameter controls whether Samba
implments the CIFS UNIX extensions, as defined by HP. These implments the CIFS UNIX extensions, as defined by HP.
extensions enable CIFS to server UNIX clients to UNIX servers These extensions enable Samba to better serve UNIX CIFS clients
better, and allow such things as symbolic links, hard links etc. by supporting features such as symbolic links, hard links, etc...
These extensions require a similarly enabled client, and are of These extensions require a similarly enabled client, and are of
no current use to Windows clients. no current use to Windows clients.
@ -6983,6 +6655,12 @@ to add utmp or utmpx records (depending on the UNIX system) whenever a
connection is made to a Samba server. Sites may use this to record the connection is made to a Samba server. Sites may use this to record the
user connecting to a Samba share. user connecting to a Samba share.
Due to the requirements of the utmp record, we
are required to create a unique identifier for the
incoming user. Enabling this option creates an n^2
algorithm to find this number. This may impede
performance on large installations.
See also the \fI utmp directory\fR parameter. See also the \fI utmp directory\fR parameter.
Default: \fButmp = no\fR Default: \fButmp = no\fR

View File

@ -3,7 +3,7 @@
.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches, .\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>. .\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "SMBCONTROL" "1" "08 May 2002" "" "" .TH "SMBCONTROL" "1" "15 August 2002" "" ""
.SH NAME .SH NAME
smbcontrol \- send messages to smbd, nmbd or winbindd processes smbcontrol \- send messages to smbd, nmbd or winbindd processes
.SH SYNOPSIS .SH SYNOPSIS
@ -47,7 +47,7 @@ One of: close-share,
debug, debug,
force-election, ping force-election, ping
, profile, debuglevel, profilelevel, , profile, debuglevel, profilelevel,
or printer-notify. or printnotify.
The close-share message-type sends a The close-share message-type sends a
message to smbd which will then close the client connections to message to smbd which will then close the client connections to
@ -90,11 +90,40 @@ a "request profile level" message. The current profile level
setting is returned by a "profilelevel" message. This can be sent setting is returned by a "profilelevel" message. This can be sent
to any smbd or nmbd destinations. to any smbd or nmbd destinations.
The printer-notify message-type sends a The printnotify message-type sends a
message to smbd which in turn sends a printer notify message to message to smbd which in turn sends a printer notify message to
any Windows NT clients connected to a printer. This message-type any Windows NT clients connected to a printer. This message-type
takes an argument of the printer name to send notify messages to. takes the following arguments:
This message can only be sent to smbd. .RS
.TP
\fBqueuepause printername\fR
Send a queue pause change notify
message to the printer specified.
.TP
\fBqueueresume printername\fR
Send a queue resume change notify
message for the printer specified.
.TP
\fBjobpause printername unixjobid\fR
Send a job pause change notify
message for the printer and unix jobid
specified.
.TP
\fBjobresume printername unixjobid\fR
Send a job resume change notify
message for the printer and unix jobid
specified.
.TP
\fBjobdelete printername unixjobid\fR
Send a job delete change notify
message for the printer and unix jobid
specified.
.RE
.PP
Note that this message only sends notification that an
event has occured. It doesn't actually cause the
event to happen.
This message can only be sent to smbd.
.TP .TP
\fBparameters\fR \fBparameters\fR
any parameters required for the message-type any parameters required for the message-type

View File

@ -119,8 +119,20 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
# MUST ( uid $ uidNumber ) # MUST ( uid $ uidNumber )
# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) # MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL #objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
DESC 'Samba Account' # DESC 'Samba Account'
# MUST ( uid $ rid )
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
# description $ userWorkstations $ primaryGroupID $ domain ))
## The X.500 data model (and therefore LDAPv3) says that each entry can
## only have one structural objectclass. OpenLDAP 2.0 does not enforce
## this currently but will in v2.1
objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
DESC 'Samba Auxilary Account'
MUST ( uid $ rid ) MUST ( uid $ rid )
MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $

View File

@ -3,6 +3,7 @@
* facility. * facility.
* *
* Copyright (C) Tim Potter, 1999-2000 * Copyright (C) Tim Potter, 1999-2000
* Copyright (C) Alexander Bokovoy, 2002
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -47,134 +48,79 @@
/* Function prototypes */ /* Function prototypes */
int audit_connect(struct connection_struct *conn, const char *svc, const char *user); static int audit_connect(struct connection_struct *conn, const char *svc, const char *user);
void audit_disconnect(struct connection_struct *conn); static void audit_disconnect(struct connection_struct *conn);
DIR *audit_opendir(struct connection_struct *conn, const char *fname); static DIR *audit_opendir(struct connection_struct *conn, const char *fname);
int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode); static int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode);
int audit_rmdir(struct connection_struct *conn, const char *path); static int audit_rmdir(struct connection_struct *conn, const char *path);
int audit_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode); static int audit_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode);
int audit_close(struct files_struct *fsp, int fd); static int audit_close(struct files_struct *fsp, int fd);
int audit_rename(struct connection_struct *conn, const char *old, const char *new); static int audit_rename(struct connection_struct *conn, const char *old, const char *new);
int audit_unlink(struct connection_struct *conn, const char *path); static int audit_unlink(struct connection_struct *conn, const char *path);
int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode); static int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode);
int audit_chmod_acl(struct connection_struct *conn, const char *name, mode_t mode); static int audit_chmod_acl(struct connection_struct *conn, const char *name, mode_t mode);
int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode); static int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode);
int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode); static int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode);
/* VFS operations */ /* VFS operations */
extern struct vfs_ops default_vfs_ops; /* For passthrough operation */ static struct vfs_ops default_vfs_ops; /* For passthrough operation */
static struct smb_vfs_handle_struct *audit_handle;
struct vfs_ops audit_ops = { static vfs_op_tuple audit_ops[] = {
/* Disk operations */ /* Disk operations */
audit_connect, {audit_connect, SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_LOGGER},
audit_disconnect, {audit_disconnect, SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_LOGGER},
NULL, /* disk free */
/* Directory operations */ /* Directory operations */
audit_opendir, {audit_opendir, SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_LOGGER},
NULL, /* readdir */ {audit_mkdir, SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_LOGGER},
audit_mkdir, {audit_rmdir, SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_LOGGER},
audit_rmdir,
NULL, /* closedir */
/* File operations */ /* File operations */
audit_open, {audit_open, SMB_VFS_OP_OPEN, SMB_VFS_LAYER_LOGGER},
audit_close, {audit_close, SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_LOGGER},
NULL, /* read */ {audit_rename, SMB_VFS_OP_RENAME, SMB_VFS_LAYER_LOGGER},
NULL, /* write */ {audit_unlink, SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_LOGGER},
NULL, /* lseek */ {audit_chmod, SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_LOGGER},
audit_rename, {audit_fchmod, SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_LOGGER},
NULL, /* fsync */ {audit_chmod_acl, SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_LOGGER},
NULL, /* stat */ {audit_fchmod_acl, SMB_VFS_OP_FCHMOD_ACL, SMB_VFS_LAYER_LOGGER},
NULL, /* fstat */
NULL, /* lstat */ /* Finish VFS operations definition */
audit_unlink,
audit_chmod, {NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
audit_fchmod,
NULL, /* chown */
NULL, /* fchown */
NULL, /* chdir */
NULL, /* getwd */
NULL, /* utime */
NULL, /* ftruncate */
NULL, /* lock */
NULL, /* symlink */
NULL, /* readlink */
NULL, /* link */
NULL, /* mknod */
NULL, /* realpath */
NULL, /* fget_nt_acl */
NULL, /* get_nt_acl */
NULL, /* fset_nt_acl */
NULL, /* set_nt_acl */
audit_chmod_acl, /* chmod_acl */
audit_fchmod_acl, /* fchmod_acl */
NULL, /* sys_acl_get_entry */
NULL, /* sys_acl_get_tag_type */
NULL, /* sys_acl_get_permset */
NULL, /*sys_acl_get_qualifier */
NULL, /* sys_acl_get_file */
NULL, /* sys_acl_get_fd */
NULL, /* sys_acl_clear_perms */
NULL, /* sys_acl_add_perm */
NULL, /* sys_acl_to_text */
NULL, /* sys_acl_init */
NULL, /* sys_acl_create_entry */
NULL, /* sys_acl_set_tag_type */
NULL, /* sys_acl_set_qualifier */
NULL, /* sys_acl_set_permset */
NULL, /* sys_acl_valid */
NULL, /* sys_acl_set_file */
NULL, /* sys_acl_set_fd */
NULL, /* sys_acl_delete_def_file */
NULL, /* sys_acl_get_perm */
NULL, /* sys_acl_free_text */
NULL, /* sys_acl_free_acl */
NULL /* sys_acl_free_qualifier */
}; };
/* VFS initialisation function. Return initialised vfs_ops structure /* VFS initialisation function. Return vfs_op_tuple array back to SAMBA. */
back to SAMBA. */
struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops) vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops,
struct smb_vfs_handle_struct *vfs_handle)
{ {
struct vfs_ops tmp_ops;
*vfs_version = SMB_VFS_INTERFACE_VERSION; *vfs_version = SMB_VFS_INTERFACE_VERSION;
memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops)); memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops));
tmp_ops.connect = audit_connect; audit_handle = vfs_handle;
tmp_ops.disconnect = audit_disconnect;
tmp_ops.opendir = audit_opendir;
tmp_ops.mkdir = audit_mkdir;
tmp_ops.rmdir = audit_rmdir;
tmp_ops.open = audit_open;
tmp_ops.close = audit_close;
tmp_ops.rename = audit_rename;
tmp_ops.unlink = audit_unlink;
tmp_ops.chmod = audit_chmod;
tmp_ops.chmod_acl = audit_chmod_acl;
tmp_ops.fchmod = audit_fchmod;
tmp_ops.fchmod_acl = audit_fchmod_acl;
memcpy(&audit_ops, &tmp_ops, sizeof(struct vfs_ops));
openlog("smbd_audit", LOG_PID, SYSLOG_FACILITY); openlog("smbd_audit", LOG_PID, SYSLOG_FACILITY);
syslog(SYSLOG_PRIORITY, "VFS_INIT: vfs_ops loaded\n"); syslog(SYSLOG_PRIORITY, "VFS_INIT: vfs_ops loaded\n");
return &audit_ops; return audit_ops;
}
/* VFS finalization function. */
void vfs_done(connection_struct *conn)
{
syslog(SYSLOG_PRIORITY, "VFS_DONE: vfs module unloaded\n");
} }
/* Implementation of vfs_ops. Pass everything on to the default /* Implementation of vfs_ops. Pass everything on to the default
operation but log event first. */ operation but log event first. */
int audit_connect(struct connection_struct *conn, const char *svc, const char *user) static int audit_connect(struct connection_struct *conn, const char *svc, const char *user)
{ {
syslog(SYSLOG_PRIORITY, "connect to service %s by user %s\n", syslog(SYSLOG_PRIORITY, "connect to service %s by user %s\n",
svc, user); svc, user);
@ -182,13 +128,13 @@ int audit_connect(struct connection_struct *conn, const char *svc, const char *u
return default_vfs_ops.connect(conn, svc, user); return default_vfs_ops.connect(conn, svc, user);
} }
void audit_disconnect(struct connection_struct *conn) static void audit_disconnect(struct connection_struct *conn)
{ {
syslog(SYSLOG_PRIORITY, "disconnected\n"); syslog(SYSLOG_PRIORITY, "disconnected\n");
default_vfs_ops.disconnect(conn); default_vfs_ops.disconnect(conn);
} }
DIR *audit_opendir(struct connection_struct *conn, const char *fname) static DIR *audit_opendir(struct connection_struct *conn, const char *fname)
{ {
DIR *result = default_vfs_ops.opendir(conn, fname); DIR *result = default_vfs_ops.opendir(conn, fname);
@ -200,7 +146,7 @@ DIR *audit_opendir(struct connection_struct *conn, const char *fname)
return result; return result;
} }
int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode) static int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode)
{ {
int result = default_vfs_ops.mkdir(conn, path, mode); int result = default_vfs_ops.mkdir(conn, path, mode);
@ -212,7 +158,7 @@ int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode)
return result; return result;
} }
int audit_rmdir(struct connection_struct *conn, const char *path) static int audit_rmdir(struct connection_struct *conn, const char *path)
{ {
int result = default_vfs_ops.rmdir(conn, path); int result = default_vfs_ops.rmdir(conn, path);
@ -224,7 +170,7 @@ int audit_rmdir(struct connection_struct *conn, const char *path)
return result; return result;
} }
int audit_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode) static int audit_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode)
{ {
int result = default_vfs_ops.open(conn, fname, flags, mode); int result = default_vfs_ops.open(conn, fname, flags, mode);
@ -237,7 +183,7 @@ int audit_open(struct connection_struct *conn, const char *fname, int flags, mod
return result; return result;
} }
int audit_close(struct files_struct *fsp, int fd) static int audit_close(struct files_struct *fsp, int fd)
{ {
int result = default_vfs_ops.close(fsp, fd); int result = default_vfs_ops.close(fsp, fd);
@ -249,7 +195,7 @@ int audit_close(struct files_struct *fsp, int fd)
return result; return result;
} }
int audit_rename(struct connection_struct *conn, const char *old, const char *new) static int audit_rename(struct connection_struct *conn, const char *old, const char *new)
{ {
int result = default_vfs_ops.rename(conn, old, new); int result = default_vfs_ops.rename(conn, old, new);
@ -261,7 +207,7 @@ int audit_rename(struct connection_struct *conn, const char *old, const char *ne
return result; return result;
} }
int audit_unlink(struct connection_struct *conn, const char *path) static int audit_unlink(struct connection_struct *conn, const char *path)
{ {
int result = default_vfs_ops.unlink(conn, path); int result = default_vfs_ops.unlink(conn, path);
@ -273,7 +219,7 @@ int audit_unlink(struct connection_struct *conn, const char *path)
return result; return result;
} }
int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode) static int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode)
{ {
int result = default_vfs_ops.chmod(conn, path, mode); int result = default_vfs_ops.chmod(conn, path, mode);
@ -285,7 +231,7 @@ int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode)
return result; return result;
} }
int audit_chmod_acl(struct connection_struct *conn, const char *path, mode_t mode) static int audit_chmod_acl(struct connection_struct *conn, const char *path, mode_t mode)
{ {
int result = default_vfs_ops.chmod_acl(conn, path, mode); int result = default_vfs_ops.chmod_acl(conn, path, mode);
@ -297,7 +243,7 @@ int audit_chmod_acl(struct connection_struct *conn, const char *path, mode_t mod
return result; return result;
} }
int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode) static int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode)
{ {
int result = default_vfs_ops.fchmod(fsp, fd, mode); int result = default_vfs_ops.fchmod(fsp, fd, mode);
@ -309,7 +255,7 @@ int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode)
return result; return result;
} }
int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode) static int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode)
{ {
int result = default_vfs_ops.fchmod_acl(fsp, fd, mode); int result = default_vfs_ops.fchmod_acl(fsp, fd, mode);

View File

@ -3,6 +3,7 @@
* Block access from links to dev mount points specified in PARAMCONF file * Block access from links to dev mount points specified in PARAMCONF file
* *
* Copyright (C) Ronald Kuetemeier, 2001 * Copyright (C) Ronald Kuetemeier, 2001
* Copyright (C) Alexander Bokovoy, 2002
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -47,93 +48,29 @@
DIR *block_opendir(struct connection_struct *conn, char *fname); static DIR *block_opendir(connection_struct *conn, char *fname);
int block_connect(struct connection_struct *conn, const char *service, const char *user); static int block_connect(connection_struct *conn, const char *service, const char *user);
void block_disconnect(struct connection_struct *conn); static void block_disconnect(connection_struct *conn);
static struct smb_vfs_handle_struct *block_handle;
/* VFS operations */ /* VFS operations */
extern struct vfs_ops default_vfs_ops; /* For passthrough operation */ static struct vfs_ops default_vfs_ops; /* For passthrough operation */
struct vfs_ops execute_vfs_ops = { static vfs_op_tuple block_vfs_ops[] = {
/* Disk operations */ /* Disk operations */
block_connect, {block_connect, SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT},
block_disconnect, {block_disconnect, SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT},
NULL, /* disk free */
/* Directory operations */ /* Directory operations */
block_opendir, {block_opendir, SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_TRANSPARENT},
NULL, /* readdir */
NULL, /* mkdir */ {NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
NULL, /* rmdir */
NULL, /* closedir */
/* File operations */
NULL, /* open */
NULL, /* close */
NULL, /* read */
NULL, /* write */
NULL, /* lseek */
NULL, /* rename */
NULL, /* fsync */
NULL, /* stat */
NULL, /* fstat */
NULL, /* lstat */
NULL, /* unlink */
NULL, /* chmod */
NULL, /* fchmod */
NULL, /* chown */
NULL, /* fchown */
NULL, /* chdir */
NULL, /* getwd */
NULL, /* utime */
NULL, /* ftruncate */
NULL, /* lock */
NULL, /* symlink */
NULL, /* readlink */
NULL, /* link */
NULL, /* mknod */
NULL, /* realpath */
/* NT ACL operations */
NULL, /* fget_nt_acl */
NULL, /* get_nt_acl */
NULL, /* fset_nt_acl */
NULL, /* set_nt_acl */
/* POSIX ACL operations. */
NULL, /* chmod_acl */
NULL, /* fchmod_acl */
NULL, /* sys_acl_get_entry */
NULL, /* sys_acl_get_tag_type */
NULL, /* sys_acl_get_permset */
NULL, /* sys_acl_get_qualifier */
NULL, /* sys_acl_get_file */
NULL, /* sys_acl_get_fd */
NULL, /* sys_acl_clear_perms */
NULL, /* sys_acl_add_perm */
NULL, /* sys_acl_to_text */
NULL, /* sys_acl_init */
NULL, /* sys_acl_create_entry */
NULL, /* sys_acl_set_tag_type */
NULL, /* sys_acl_set_qualifier */
NULL, /* sys_acl_set_permset */
NULL, /* sys_acl_valid */
NULL, /* sys_acl_set_file */
NULL, /* sys_acl_set_fd */
NULL, /* sys_acl_delete_def_file */
NULL, /* sys_acl_get_perm */
NULL, /* sys_acl_free_text */
NULL, /* sys_acl_free_acl */
NULL /* sys_acl_free_qualifier */
}; };
@ -145,13 +82,13 @@ extern BOOL pm_process(char *FileName, BOOL (*sfunc)(char *), BOOL(*pfunc)(char
//functions //functions
BOOL enter_pblock_mount(char *dir); static BOOL enter_pblock_mount(char *dir);
BOOL get_section(char *sect); static BOOL get_section(char *sect);
BOOL get_parameter_value(char *param, char *value); static BOOL get_parameter_value(char *param, char *value);
BOOL load_param(void); static BOOL load_param(void);
BOOL search(struct stat *stat_buf); static BOOL search(struct stat *stat_buf);
BOOL dir_search(char *link, char *dir); static BOOL dir_search(char *link, char *dir);
BOOL enter_pblock_dir(char *dir); static BOOL enter_pblock_dir(char *dir);
@ -176,7 +113,7 @@ static struct block_dir *pblock_dir = NULL;
* Load the conf file into a table * Load the conf file into a table
*/ */
BOOL load_param(void) static BOOL load_param(void)
{ {
if ((pm_process(PARAMCONF,&get_section,&get_parameter_value)) == TRUE) if ((pm_process(PARAMCONF,&get_section,&get_parameter_value)) == TRUE)
@ -194,7 +131,7 @@ BOOL load_param(void)
* *
*/ */
BOOL enter_pblock_mount(char *dir) static BOOL enter_pblock_mount(char *dir)
{ {
struct stat stat_buf; struct stat stat_buf;
static struct block_dir *tmp_pblock; static struct block_dir *tmp_pblock;
@ -242,7 +179,7 @@ BOOL enter_pblock_mount(char *dir)
* *
*/ */
BOOL enter_pblock_dir(char *dir) static BOOL enter_pblock_dir(char *dir)
{ {
static struct block_dir *tmp_pblock; static struct block_dir *tmp_pblock;
@ -285,7 +222,7 @@ BOOL enter_pblock_dir(char *dir)
* Function callback for config section names * Function callback for config section names
*/ */
BOOL get_section(char *sect) static BOOL get_section(char *sect)
{ {
return TRUE; return TRUE;
} }
@ -297,7 +234,7 @@ BOOL get_section(char *sect)
* *
*/ */
BOOL get_parameter_value(char *param, char *value) static BOOL get_parameter_value(char *param, char *value)
{ {
int i = 0, maxargs = sizeof(params) / sizeof(char *); int i = 0, maxargs = sizeof(params) / sizeof(char *);
@ -327,24 +264,25 @@ BOOL get_parameter_value(char *param, char *value)
/* VFS initialisation function. Return initialised vfs_ops structure /* VFS initialisation function. Return initialised vfs_op_tuple array
back to SAMBA. */ back to SAMBA. */
struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops) vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops,
struct smb_vfs_handle_struct *vfs_handle)
{ {
struct vfs_ops tmp_ops;
*vfs_version = SMB_VFS_INTERFACE_VERSION; *vfs_version = SMB_VFS_INTERFACE_VERSION;
memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops)); memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops));
block_handle = vfs_handle;
/* Override the ones we want. */ return block_vfs_ops;
tmp_ops.connect = block_connect; }
tmp_ops.disconnect = block_disconnect;
tmp_ops.opendir = block_opendir;
memcpy(&execute_vfs_ops, &tmp_ops, sizeof(struct vfs_ops));
return(&execute_vfs_ops); /* VFS finalization function. */
void vfs_done(connection_struct *conn)
{
} }
@ -352,7 +290,7 @@ struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops)
* VFS connect and param file loading * VFS connect and param file loading
*/ */
int block_connect(struct connection_struct *conn, char *service, char *user) static int block_connect(connection_struct *conn, const char *service, const char *user)
{ {
if((load_param()) == FALSE) if((load_param()) == FALSE)
{ {
@ -372,7 +310,7 @@ int block_connect(struct connection_struct *conn, char *service, char *user)
*/ */
void block_disconnect(struct connection_struct *conn) static void block_disconnect(struct connection_struct *conn)
{ {
struct block_dir *tmp_pblock = (pblock_mountp == NULL ? pblock_dir : pblock_mountp); struct block_dir *tmp_pblock = (pblock_mountp == NULL ? pblock_dir : pblock_mountp);
@ -403,7 +341,7 @@ void block_disconnect(struct connection_struct *conn)
* VFS opendir * VFS opendir
*/ */
DIR *block_opendir(struct connection_struct *conn, char *fname) static DIR *block_opendir(struct connection_struct *conn, char *fname)
{ {
char *dir_name = NULL; char *dir_name = NULL;
@ -437,7 +375,7 @@ DIR *block_opendir(struct connection_struct *conn, char *fname)
* Find mount point to block in list * Find mount point to block in list
*/ */
BOOL search(struct stat *stat_buf) static BOOL search(struct stat *stat_buf)
{ {
struct block_dir *tmp_pblock = pblock_mountp; struct block_dir *tmp_pblock = pblock_mountp;
@ -459,7 +397,7 @@ BOOL search(struct stat *stat_buf)
* Find dir in list to block id the starting point is link from a share * Find dir in list to block id the starting point is link from a share
*/ */
BOOL dir_search(char *link, char *dir) static BOOL dir_search(char *link, char *dir)
{ {
char buf[PATH_MAX +1], *ext_path; char buf[PATH_MAX +1], *ext_path;
int len = 0; int len = 0;

View File

@ -4,6 +4,7 @@
* *
* Copyright (C) 2001, Brandon Stone, Amherst College, <bbstone@amherst.edu>. * Copyright (C) 2001, Brandon Stone, Amherst College, <bbstone@amherst.edu>.
* Copyright (C) 2002, Jeremy Allison - modified to make a VFS module. * Copyright (C) 2002, Jeremy Allison - modified to make a VFS module.
* Copyright (C) 2002, Alexander Bokovoy - cascaded VFS adoption,
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -40,139 +41,67 @@
/* VFS operations */ /* VFS operations */
extern struct vfs_ops default_vfs_ops; /* For passthrough operation */ static struct vfs_ops default_vfs_ops; /* For passthrough operation */
static struct smb_vfs_handle_struct *recycle_handle;
static int recycle_unlink(connection_struct *, const char *); static int recycle_unlink(connection_struct *, const char *);
static int recycle_connect(struct connection_struct *conn, const char *service, const char *user); static int recycle_connect(struct connection_struct *conn, const char *service, const char *user);
static void recycle_disconnect(struct connection_struct *conn); static void recycle_disconnect(struct connection_struct *conn);
struct vfs_ops recycle_ops = { static vfs_op_tuple recycle_ops[] = {
/* Disk operations */ /* Disk operations */
recycle_connect, /* connect */ {recycle_connect, SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_OPAQUE},
recycle_disconnect, /* disconnect */ {recycle_disconnect, SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_OPAQUE},
NULL, /* disk free */
/* Directory operations */
NULL, /* opendir */
NULL, /* readdir */
NULL, /* mkdir */
NULL, /* rmdir */
NULL, /* closedir */
/* File operations */ /* File operations */
NULL, /* open */ {recycle_unlink, SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_OPAQUE},
NULL, /* close */
NULL, /* read */ {NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
NULL, /* write */
NULL, /* lseek */
NULL, /* rename */
NULL, /* fsync */
NULL, /* stat */
NULL, /* fstat */
NULL, /* lstat */
recycle_unlink,
NULL, /* chmod */
NULL, /* fchmod */
NULL, /* chown */
NULL, /* fchown */
NULL, /* chdir */
NULL, /* getwd */
NULL, /* utime */
NULL, /* ftruncate */
NULL, /* lock */
NULL, /* symlink */
NULL, /* readlink */
NULL, /* link */
NULL, /* mknod */
NULL, /* realpath */
NULL, /* fget_nt_acl */
NULL, /* get_nt_acl */
NULL, /* fset_nt_acl */
NULL, /* set_nt_acl */
NULL, /* chmod_acl */
NULL, /* fchmod_acl */
NULL, /* sys_acl_get_entry */
NULL, /* sys_acl_get_tag_type */
NULL, /* sys_acl_get_permset */
NULL, /* sys_acl_get_qualifier */
NULL, /* sys_acl_get_file */
NULL, /* sys_acl_get_fd */
NULL, /* sys_acl_clear_perms */
NULL, /* sys_acl_add_perm */
NULL, /* sys_acl_to_text */
NULL, /* sys_acl_init */
NULL, /* sys_acl_create_entry */
NULL, /* sys_acl_set_tag_type */
NULL, /* sys_acl_set_qualifier */
NULL, /* sys_acl_set_permset */
NULL, /* sys_acl_valid */
NULL, /* sys_acl_set_file */
NULL, /* sys_acl_set_fd */
NULL, /* sys_acl_delete_def_file */
NULL, /* sys_acl_get_perm */
NULL, /* sys_acl_free_text */
NULL, /* sys_acl_free_acl */
NULL /* sys_acl_free_qualifier */
}; };
/* VFS initialisation function. Return initialised vfs_ops structure /* VFS initialisation function. Return initialised vfs_op_tuple array back to SAMBA. */
back to SAMBA. */
struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops) vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops,
struct smb_vfs_handle_struct *vfs_handle)
{ {
struct vfs_ops tmp_ops;
*vfs_version = SMB_VFS_INTERFACE_VERSION; *vfs_version = SMB_VFS_INTERFACE_VERSION;
memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops)); memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops));
tmp_ops.unlink = recycle_unlink;
tmp_ops.connect = recycle_connect; /* Remember vfs_id for storing private information at connect */
tmp_ops.disconnect = recycle_disconnect; recycle_handle = vfs_handle;
memcpy(&recycle_ops, &tmp_ops, sizeof(struct vfs_ops));
return &recycle_ops; return recycle_ops;
}
/* VFS finalization function. */
void vfs_done(connection_struct *conn)
{
DEBUG(3,("vfs_done_recycle: called for connection %p\n",conn));
} }
static int recycle_connect(struct connection_struct *conn, const char *service, const char *user) static int recycle_connect(struct connection_struct *conn, const char *service, const char *user)
{ {
pstring opts_str;
fstring recycle_bin; fstring recycle_bin;
char *p;
DEBUG(3,("recycle_connect: called for service %s as user %s\n", service, user)); DEBUG(3,("recycle_connect: called for service %s as user %s\n", service, user));
pstrcpy(opts_str, (const char *)lp_vfs_options(SNUM(conn))); fstrcpy(recycle_bin, (const char *)lp_parm_string(lp_servicename(SNUM(conn)),"vfs","recycle bin"));
if (!*opts_str) { if (!*recycle_bin) {
DEBUG(3,("recycle_connect: No options listed (%s).\n", lp_vfs_options(SNUM(conn)) )); DEBUG(3,("recycle_connect: No options listed (vfs:recycle bin).\n" ));
return 0; /* No options. */ return 0; /* No options. */
} }
p = opts_str; DEBUG(3,("recycle_connect: recycle name is %s\n", recycle_bin ));
if (next_token(&p,recycle_bin,"=",sizeof(recycle_bin))) {
if (!strequal("recycle", recycle_bin)) {
DEBUG(3,("recycle_connect: option %s is not recycle\n", recycle_bin ));
return -1;
}
}
if (!next_token(&p,recycle_bin," \n",sizeof(recycle_bin))) { recycle_handle->data = (void *)strdup(recycle_bin);
DEBUG(3,("recycle_connect: no option after recycle=\n"));
return -1;
}
DEBUG(10,("recycle_connect: recycle name is %s\n", recycle_bin ));
conn->vfs_private = (void *)strdup(recycle_bin);
return 0; return 0;
} }
static void recycle_disconnect(struct connection_struct *conn) static void recycle_disconnect(struct connection_struct *conn)
{ {
SAFE_FREE(conn->vfs_private); SAFE_FREE(recycle_handle->data);
} }
static BOOL recycle_XXX_exist(connection_struct *conn, const char *dname, BOOL isdir) static BOOL recycle_XXX_exist(connection_struct *conn, const char *dname, BOOL isdir)
@ -225,8 +154,8 @@ static int recycle_unlink(connection_struct *conn, const char *inname)
*recycle_bin = '\0'; *recycle_bin = '\0';
pstrcpy(fname, inname); pstrcpy(fname, inname);
if (conn->vfs_private) if (recycle_handle->data)
fstrcpy(recycle_bin, (const char *)conn->vfs_private); fstrcpy(recycle_bin, (const char *)recycle_handle->data);
if(!*recycle_bin) { if(!*recycle_bin) {
DEBUG(3, ("recycle bin: share parameter not set, purging %s...\n", fname)); DEBUG(3, ("recycle bin: share parameter not set, purging %s...\n", fname));

View File

@ -3,6 +3,7 @@
* calls to disk functions. * calls to disk functions.
* *
* Copyright (C) Tim Potter, 1999-2000 * Copyright (C) Tim Potter, 1999-2000
* Copyright (C) Alexander Bokovoy, 2002
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -38,8 +39,8 @@
#include <includes.h> #include <includes.h>
#include <vfs.h> #include <vfs.h>
extern struct vfs_ops default_vfs_ops; /* For passthrough operation */ static struct vfs_ops default_vfs_ops; /* For passthrough operation */
extern struct vfs_ops skel_ops; static struct smb_vfs_handle_struct *skel_handle; /* use skel_handle->data for storing per-instance private data */
static int skel_connect(struct connection_struct *conn, const char *service, const char *user) static int skel_connect(struct connection_struct *conn, const char *service, const char *user)
{ {
@ -349,172 +350,110 @@ static int skel_sys_acl_free_qualifier(struct connection_struct *conn, void *qua
return default_vfs_ops.sys_acl_free_qualifier(conn, qualifier, tagtype); return default_vfs_ops.sys_acl_free_qualifier(conn, qualifier, tagtype);
} }
/* VFS initialisation - return vfs_ops function pointer structure */
struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops)
{
struct vfs_ops tmp_ops;
DEBUG(3, ("Initialising default vfs hooks\n"));
*vfs_version = SMB_VFS_INTERFACE_VERSION;
memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops));
tmp_ops.connect = skel_connect;
tmp_ops.disconnect = skel_disconnect;
tmp_ops.disk_free = skel_disk_free;
/* Directory operations */
tmp_ops.opendir = skel_opendir;
tmp_ops.readdir = skel_readdir;
tmp_ops.mkdir = skel_mkdir;
tmp_ops.rmdir = skel_rmdir;
tmp_ops.closedir = skel_closedir;
/* File operations */
tmp_ops.open = skel_open;
tmp_ops.close = skel_close;
tmp_ops.read = skel_read;
tmp_ops.write = skel_write;
tmp_ops.lseek = skel_lseek;
tmp_ops.rename = skel_rename;
tmp_ops.fsync = skel_fsync;
tmp_ops.stat = skel_stat;
tmp_ops.fstat = skel_fstat;
tmp_ops.lstat = skel_lstat;
tmp_ops.unlink = skel_unlink;
tmp_ops.chmod = skel_chmod;
tmp_ops.fchmod = skel_fchmod;
tmp_ops.chown = skel_chown;
tmp_ops.fchown = skel_fchown;
tmp_ops.chdir = skel_chdir;
tmp_ops.getwd = skel_getwd;
tmp_ops.utime = skel_utime;
tmp_ops.ftruncate = skel_ftruncate;
tmp_ops.lock = skel_lock;
tmp_ops.symlink = skel_symlink;
tmp_ops.readlink = skel_readlink;
tmp_ops.link = skel_link;
tmp_ops.mknod = skel_mknod;
tmp_ops.realpath = skel_realpath;
tmp_ops.fget_nt_acl = skel_fget_nt_acl;
tmp_ops.get_nt_acl = skel_get_nt_acl;
tmp_ops.fset_nt_acl = skel_fset_nt_acl;
tmp_ops.set_nt_acl = skel_set_nt_acl;
/* POSIX ACL operations. */
tmp_ops.chmod_acl = skel_chmod_acl;
tmp_ops.fchmod_acl = skel_fchmod_acl;
tmp_ops.sys_acl_get_entry = skel_sys_acl_get_entry;
tmp_ops.sys_acl_get_tag_type = skel_sys_acl_get_tag_type;
tmp_ops.sys_acl_get_permset = skel_sys_acl_get_permset;
tmp_ops.sys_acl_get_qualifier = skel_sys_acl_get_qualifier;
tmp_ops.sys_acl_get_file = skel_sys_acl_get_file;
tmp_ops.sys_acl_get_fd = skel_sys_acl_get_fd;
tmp_ops.sys_acl_clear_perms = skel_sys_acl_clear_perms;
tmp_ops.sys_acl_add_perm = skel_sys_acl_add_perm;
tmp_ops.sys_acl_to_text = skel_sys_acl_to_text;
tmp_ops.sys_acl_init = skel_sys_acl_init;
tmp_ops.sys_acl_create_entry = skel_sys_acl_create_entry;
tmp_ops.sys_acl_set_tag_type = skel_sys_acl_set_tag_type;
tmp_ops.sys_acl_set_qualifier = skel_sys_acl_set_qualifier;
tmp_ops.sys_acl_set_permset = skel_sys_acl_set_permset;
tmp_ops.sys_acl_valid = skel_sys_acl_valid;
tmp_ops.sys_acl_set_file = skel_sys_acl_set_file;
tmp_ops.sys_acl_set_fd = skel_sys_acl_set_fd;
tmp_ops.sys_acl_delete_def_file = skel_sys_acl_delete_def_file;
tmp_ops.sys_acl_get_perm = skel_sys_acl_get_perm;
tmp_ops.sys_acl_free_text = skel_sys_acl_free_text;
tmp_ops.sys_acl_free_acl = skel_sys_acl_free_acl;
tmp_ops.sys_acl_free_qualifier = skel_sys_acl_free_qualifier;
memcpy(&skel_ops, &tmp_ops, sizeof(struct vfs_ops));
return &skel_ops;
}
/* VFS operations structure */ /* VFS operations structure */
struct vfs_ops skel_ops = { static vfs_op_tuple skel_ops[] = {
/* Disk operations */ /* Disk operations */
skel_connect, {skel_connect, SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT},
skel_disconnect, {skel_disconnect, SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT},
skel_disk_free, {skel_disk_free, SMB_VFS_OP_DISK_FREE, SMB_VFS_LAYER_TRANSPARENT},
/* Directory operations */ /* Directory operations */
skel_opendir, {skel_opendir, SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_TRANSPARENT},
skel_readdir, {skel_readdir, SMB_VFS_OP_READDIR, SMB_VFS_LAYER_TRANSPARENT},
skel_mkdir, {skel_mkdir, SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT},
skel_rmdir, {skel_rmdir, SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT},
skel_closedir, {skel_closedir, SMB_VFS_OP_CLOSEDIR, SMB_VFS_LAYER_TRANSPARENT},
/* File operations */ /* File operations */
skel_open, {skel_open, SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT},
skel_close, {skel_close, SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_TRANSPARENT},
skel_read, {skel_read, SMB_VFS_OP_READ, SMB_VFS_LAYER_TRANSPARENT},
skel_write, {skel_write, SMB_VFS_OP_WRITE, SMB_VFS_LAYER_TRANSPARENT},
skel_lseek, {skel_lseek, SMB_VFS_OP_LSEEK, SMB_VFS_LAYER_TRANSPARENT},
skel_rename, {skel_rename, SMB_VFS_OP_RENAME, SMB_VFS_LAYER_TRANSPARENT},
skel_fsync, {skel_fsync, SMB_VFS_OP_FSYNC, SMB_VFS_LAYER_TRANSPARENT},
skel_stat, {skel_stat, SMB_VFS_OP_STAT, SMB_VFS_LAYER_TRANSPARENT},
skel_fstat, {skel_fstat, SMB_VFS_OP_FSTAT, SMB_VFS_LAYER_TRANSPARENT},
skel_lstat, {skel_lstat, SMB_VFS_OP_LSTAT, SMB_VFS_LAYER_TRANSPARENT},
skel_unlink, {skel_unlink, SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT},
skel_chmod, {skel_chmod, SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_TRANSPARENT},
skel_fchmod, {skel_fchmod, SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_TRANSPARENT},
skel_chown, {skel_chown, SMB_VFS_OP_CHOWN, SMB_VFS_LAYER_TRANSPARENT},
skel_fchown, {skel_fchown, SMB_VFS_OP_FCHOWN, SMB_VFS_LAYER_TRANSPARENT},
skel_chdir, {skel_chdir, SMB_VFS_OP_CHDIR, SMB_VFS_LAYER_TRANSPARENT},
skel_getwd, {skel_getwd, SMB_VFS_OP_GETWD, SMB_VFS_LAYER_TRANSPARENT},
skel_utime, {skel_utime, SMB_VFS_OP_UTIME, SMB_VFS_LAYER_TRANSPARENT},
skel_ftruncate, {skel_ftruncate, SMB_VFS_OP_FTRUNCATE, SMB_VFS_LAYER_TRANSPARENT},
skel_lock, {skel_lock, SMB_VFS_OP_LOCK, SMB_VFS_LAYER_TRANSPARENT},
skel_symlink, {skel_symlink, SMB_VFS_OP_SYMLINK, SMB_VFS_LAYER_TRANSPARENT},
skel_readlink, {skel_readlink, SMB_VFS_OP_READLINK, SMB_VFS_LAYER_TRANSPARENT},
skel_link, {skel_link, SMB_VFS_OP_LINK, SMB_VFS_LAYER_TRANSPARENT},
skel_mknod, {skel_mknod, SMB_VFS_OP_MKNOD, SMB_VFS_LAYER_TRANSPARENT},
skel_realpath, {skel_realpath, SMB_VFS_OP_REALPATH, SMB_VFS_LAYER_TRANSPARENT},
/* NT File ACL operations */ /* NT File ACL operations */
skel_fget_nt_acl, {skel_fget_nt_acl, SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
skel_get_nt_acl, {skel_get_nt_acl, SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
skel_fset_nt_acl, {skel_fset_nt_acl, SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
skel_set_nt_acl, {skel_set_nt_acl, SMB_VFS_OP_SET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
/* POSIX ACL operations */ /* POSIX ACL operations */
skel_chmod_acl, {skel_chmod_acl, SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_TRANSPARENT},
skel_fchmod_acl, {skel_fchmod_acl, SMB_VFS_OP_FCHMOD_ACL, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_get_entry, {skel_sys_acl_get_entry, SMB_VFS_OP_SYS_ACL_GET_ENTRY, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_get_tag_type, {skel_sys_acl_get_tag_type, SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_get_permset, {skel_sys_acl_get_permset, SMB_VFS_OP_SYS_ACL_GET_PERMSET, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_get_qualifier, {skel_sys_acl_get_qualifier, SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_get_file, {skel_sys_acl_get_file, SMB_VFS_OP_SYS_ACL_GET_FILE, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_get_fd, {skel_sys_acl_get_fd, SMB_VFS_OP_SYS_ACL_GET_FD, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_clear_perms, {skel_sys_acl_clear_perms, SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_add_perm, {skel_sys_acl_add_perm, SMB_VFS_OP_SYS_ACL_ADD_PERM, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_to_text, {skel_sys_acl_to_text, SMB_VFS_OP_SYS_ACL_TO_TEXT, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_init, {skel_sys_acl_init, SMB_VFS_OP_SYS_ACL_INIT, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_create_entry, {skel_sys_acl_create_entry, SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_set_tag_type, {skel_sys_acl_set_tag_type, SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_set_qualifier, {skel_sys_acl_set_qualifier, SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_set_permset, {skel_sys_acl_set_permset, SMB_VFS_OP_SYS_ACL_SET_PERMSET, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_valid, {skel_sys_acl_valid, SMB_VFS_OP_SYS_ACL_VALID, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_set_file, {skel_sys_acl_set_file, SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_set_fd, {skel_sys_acl_set_fd, SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_delete_def_file, {skel_sys_acl_delete_def_file, SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_get_perm, {skel_sys_acl_get_perm, SMB_VFS_OP_SYS_ACL_GET_PERM, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_free_text, {skel_sys_acl_free_text, SMB_VFS_OP_SYS_ACL_FREE_TEXT, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_free_acl, {skel_sys_acl_free_acl, SMB_VFS_OP_SYS_ACL_FREE_ACL, SMB_VFS_LAYER_TRANSPARENT},
skel_sys_acl_free_qualifier {skel_sys_acl_free_qualifier, SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, SMB_VFS_LAYER_TRANSPARENT},
{NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
}; };
/* VFS initialisation - return initialized vfs_op_tuple array back to Samba */
vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops,
struct smb_vfs_handle_struct *vfs_handle)
{
DEBUG(3, ("Initialising default vfs hooks\n"));
*vfs_version = SMB_VFS_INTERFACE_VERSION;
memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops));
/* Remember vfs_handle for further allocation and referencing of private
information in vfs_handle->data
*/
skel_handle = vfs_handle;
return skel_ops;
}
/* VFS finalization function */
void vfs_done(connection_struct *conn)
{
DEBUG(3, ("Finalizing default vfs hooks\n"));
}

View File

@ -1,5 +1,9 @@
README for Samba Password Database (PDB) examples README for Samba Password Database (PDB) examples
==================================================== ====================================================
8-8-2002 Jelmer Vernooij <jelmer@samba.org>
Added mysql and xml modules. See README in xml/ and mysql/ for details.
21-6-2002 Stefan (metze) Metzmacher <metze@metzemix.de> 21-6-2002 Stefan (metze) Metzmacher <metze@metzemix.de>
I have added an interface versioning. I have added an interface versioning.

View File

@ -71,7 +71,7 @@ static BOOL testsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user,
Search by sid Search by sid
**************************************************************************/ **************************************************************************/
static BOOL testsam_getsampwsid (struct pdb_methods *methods, SAM_ACCOUNT *user, DOM_SID sid) static BOOL testsam_getsampwsid (struct pdb_methods *methods, SAM_ACCOUNT *user, const DOM_SID *sid)
{ {
DEBUG(10, ("testsam_getsampwsid called\n")); DEBUG(10, ("testsam_getsampwsid called\n"));
return False; return False;
@ -81,7 +81,7 @@ static BOOL testsam_getsampwsid (struct pdb_methods *methods, SAM_ACCOUNT *user,
Delete a SAM_ACCOUNT Delete a SAM_ACCOUNT
****************************************************************************/ ****************************************************************************/
static BOOL testsam_delete_sam_account(struct pdb_methods *methods, const SAM_ACCOUNT *sam_pass) static BOOL testsam_delete_sam_account(struct pdb_methods *methods, SAM_ACCOUNT *sam_pass)
{ {
DEBUG(10, ("testsam_delete_sam_account called\n")); DEBUG(10, ("testsam_delete_sam_account called\n"));
return False; return False;
@ -91,7 +91,7 @@ static BOOL testsam_delete_sam_account(struct pdb_methods *methods, const SAM_AC
Modifies an existing SAM_ACCOUNT Modifies an existing SAM_ACCOUNT
****************************************************************************/ ****************************************************************************/
static BOOL testsam_update_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd) static BOOL testsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
{ {
DEBUG(10, ("testsam_update_sam_account called\n")); DEBUG(10, ("testsam_update_sam_account called\n"));
return False; return False;
@ -101,7 +101,7 @@ static BOOL testsam_update_sam_account (struct pdb_methods *methods, const SAM_A
Adds an existing SAM_ACCOUNT Adds an existing SAM_ACCOUNT
****************************************************************************/ ****************************************************************************/
static BOOL testsam_add_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd) static BOOL testsam_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
{ {
DEBUG(10, ("testsam_add_sam_account called\n")); DEBUG(10, ("testsam_add_sam_account called\n"));
return False; return False;

View File

@ -254,15 +254,15 @@ CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \
make all nsswitch/libnss_wins.so nsswitch/libnss_winbind.so torture nsswitch/pam_winbind.so everything make all nsswitch/libnss_wins.so nsswitch/libnss_winbind.so torture nsswitch/pam_winbind.so everything
(cd tdb; make tdbdump tdbtest tdbtorture tdbtool) (cd tdb; make tdbdump tdbtest tdbtorture tdbtool)
cd ../examples/VFS #cd ../examples/VFS
CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \ #CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \
--prefix='$(DESTDIR)/usr' \ # --prefix='$(DESTDIR)/usr' \
--localstatedir='$(DESTDIR)/var' \ # --localstatedir='$(DESTDIR)/var' \
--libdir='$(DESTDIR)%{EtcSamba}' \ # --libdir='$(DESTDIR)%{EtcSamba}' \
--sbindir='$(DESTDIR)/usr/sbin' # --sbindir='$(DESTDIR)/usr/sbin'
make #make
cd block #cd block
make #make
%Install %Install
%{mkDESTDIR} %{mkDESTDIR}
@ -305,10 +305,10 @@ do
install -m 755 source/tdb/$i $DESTDIR/usr/sbin install -m 755 source/tdb/$i $DESTDIR/usr/sbin
done done
# Add VFS Modules # Add VFS Modules
for i in audit.so recycle.so block/block.so #for i in audit.so recycle.so block/block.so
do #do
install -m755 $i $DESTDIR/lib/samba # install -m755 $i $DESTDIR/lib/samba
done #done
#mv $DESTDIR/usr/bin/{make,add,conv}* $DESTDIR/usr/sbin #mv $DESTDIR/usr/bin/{make,add,conv}* $DESTDIR/usr/sbin

View File

@ -25,7 +25,11 @@ documents are:
http://www.fsf.org/prep/standards_toc.html http://www.fsf.org/prep/standards_toc.html
but note that coding style in Samba varies due to the many different but note that coding style in Samba varies due to the many different
programmers who have contributed. programmers who have contributed.
The indent utility can be used to format C files in the general
samba coding style. The arguments you should give to indent are:
-bad -bap -br -ce -cdw -nbc -brs -bbb -nbc -npsl
Following are some considerations you should use when adding new code to Following are some considerations you should use when adding new code to
Samba. First and foremost remember that: Samba. First and foremost remember that:
@ -137,12 +141,20 @@ Here are some other suggestions:
to and maintain your code. If it would be hard for someone else to to and maintain your code. If it would be hard for someone else to
maintain then do it another way. maintain then do it another way.
26) Always keep the declaration of a function on one line. The autoprototyper
doesn't catch declarations spread over multiple lines.
Use:
static char foo(int bar)
and not:
static char
foo(int bar)
The suggestions above are simply that, suggestions, but the information may The suggestions above are simply that, suggestions, but the information may
help in reducing the routine rework done on new code. The preceeding list help in reducing the routine rework done on new code. The preceeding list
is expected to change routinely as new support routines and macros are is expected to change routinely as new support routines and macros are
added. added.
Written by Steve French, with contributions from Simo Sorce, Andrew Written by Steve French, with contributions from Simo Sorce, Andrew
Bartlett, Tim Potter and Martin Pool. Bartlett, Tim Potter, Martin Pool and Jelmer Vernooij.
**/ **/

View File

@ -1,4 +1,4 @@
########################################################################## #########################################################################
# Makefile.in for Samba - rewritten for autoconf support # Makefile.in for Samba - rewritten for autoconf support
# Copyright Andrew Tridgell 1992-1998 # Copyright Andrew Tridgell 1992-1998
# Copyright (C) 2001 by Martin Pool <mbp@samba.org> # Copyright (C) 2001 by Martin Pool <mbp@samba.org>
@ -52,7 +52,7 @@ INSTALLPERMS = 0755
# set these to where to find various files # set these to where to find various files
# These can be overridden by command line switches (see smbd(8)) # These can be overridden by command line switches (see smbd(8))
# or in smb.conf (see smb.conf(5)) # or in smb.conf (see smb.conf(5))
LOGFILEBASE = $(VARDIR) LOGFILEBASE = @logfilebase@
CONFIGFILE = $(LIBDIR)/smb.conf CONFIGFILE = $(LIBDIR)/smb.conf
LMHOSTSFILE = $(LIBDIR)/lmhosts LMHOSTSFILE = $(LIBDIR)/lmhosts
DRIVERFILE = $(LIBDIR)/printers.def DRIVERFILE = $(LIBDIR)/printers.def
@ -110,7 +110,7 @@ TORTURE_PROGS = bin/smbtorture bin/msgtest bin/masktest bin/locktest \
SHLIBS = @LIBSMBCLIENT@ SHLIBS = @LIBSMBCLIENT@
SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd \ SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd \
$(srcdir)/script/findsmb $(builddir)/script/findsmb
QUOTAOBJS=@QUOTAOBJS@ QUOTAOBJS=@QUOTAOBJS@
@ -129,7 +129,7 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
lib/util_getent.o lib/util_pw.o lib/access.o lib/smbrun.o \ lib/util_getent.o lib/util_pw.o lib/access.o lib/smbrun.o \
lib/bitmap.o lib/crc32.o lib/snprintf.o lib/dprintf.o \ lib/bitmap.o lib/crc32.o lib/snprintf.o lib/dprintf.o \
lib/xfile.o lib/wins_srv.o \ lib/xfile.o lib/wins_srv.o \
lib/util_str.o lib/util_sid.o \ lib/util_str.o lib/util_sid.o lib/util_uuid.o \
lib/util_unistr.o lib/util_file.o lib/data_blob.o \ lib/util_unistr.o lib/util_file.o lib/data_blob.o \
lib/util.o lib/util_sock.o lib/util_sec.o \ lib/util.o lib/util_sock.o lib/util_sec.o \
lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \ lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \
@ -138,7 +138,9 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \ lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
nsswitch/wb_client.o nsswitch/wb_common.o \ nsswitch/wb_client.o nsswitch/wb_common.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \ lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
$(TDB_OBJ) lib/adt_tree.o lib/popt_common.o $(TDB_OBJ)
LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o
READLINE_OBJ = lib/readline.o READLINE_OBJ = lib/readline.o
@ -166,17 +168,21 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \ libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \ libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \
libsmb/passchange.o libsmb/unexpected.o libsmb/doserr.o \ libsmb/passchange.o libsmb/unexpected.o libsmb/doserr.o \
$(RPC_PARSE_OBJ1) libsmb/namecache.o $(RPC_PARSE_OBJ1)
LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o \ LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \
libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_wkssvc.o \ rpc_client/cli_netlogon.o rpc_client/cli_srvsvc.o \
libsmb/cli_dfs.o libsmb/cli_reg.o \ rpc_client/cli_wkssvc.o rpc_client/cli_dfs.o \
rpc_client/cli_pipe.o libsmb/cli_spoolss.o libsmb/cli_spoolss_notify.o rpc_client/cli_reg.o rpc_client/cli_pipe.o \
rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o
LIBMSRPC_SERVER_OBJ = libsmb/trust_passwd.o LIBMSRPC_SERVER_OBJ = libsmb/trust_passwd.o
LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po) LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po)
REGISTRY_OBJ = registry/reg_frontend.o registry/reg_cachehook.o registry/reg_printing.o \
registry/reg_db.o
RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \ RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o \ rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o \
rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o rpc_server/srv_reg_nt.o \ rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o rpc_server/srv_reg_nt.o \
@ -184,7 +190,7 @@ RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \ rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \
rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \ rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \
rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \ rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \
rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o $(REGISTRY_OBJ)
# this includes only the low level parse code, not stuff # this includes only the low level parse code, not stuff
# that requires knowledge of security contexts # that requires knowledge of security contexts
@ -261,7 +267,8 @@ SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
$(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \ $(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \
$(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \ $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \ $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
$(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
$(LIB_SMBD_OBJ)
NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
@ -278,7 +285,7 @@ NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o
NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
$(PROFILE_OBJ) $(LIB_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) $(SECRETS_OBJ)
WREPL_OBJ1 = wrepld/server.o wrepld/process.o wrepld/parser.o wrepld/socket.o \ WREPL_OBJ1 = wrepld/server.o wrepld/process.o wrepld/parser.o wrepld/socket.o \
wrepld/partners.o wrepld/partners.o
@ -438,7 +445,8 @@ PROTO_OBJ = $(SMBD_OBJ1) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \
$(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \ $(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \
$(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \ $(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \
$(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \ $(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \
$(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
$(LIB_SMBD_OBJ)
NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \ NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \
$(LIB_OBJ) $(NSSWINS_OBJ) $(LIB_OBJ) $(NSSWINS_OBJ)
@ -451,16 +459,9 @@ LIBSMBCLIENT_PICOBJS = $(LIBSMBCLIENT_OBJ:.o=.po)
PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
pam_smbpass/pam_smb_acct.o pam_smbpass/support.o \ pam_smbpass/pam_smb_acct.o pam_smbpass/support.o \
lib/debug.o lib/util_sid.o lib/messages.o lib/util_str.o \ libsmb/smbencrypt.o libsmb/smbdes.o libsmb/nterr.o \
lib/wins_srv.o lib/substitute.o lib/select.o lib/util.o \ $(PARAM_OBJ) $(LIB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
nsswitch/wb_client.o nsswitch/wb_common.o \ $(SECRETS_OBJ) $(UBIQX_OBJ)
lib/system.o lib/util_file.o \
lib/genrand.o lib/username.o lib/util_getent.o lib/charcnv.o lib/time.o \
lib/md4.o lib/util_unistr.o lib/signal.o lib/talloc.o \
lib/ms_fnmatch.o lib/util_sock.o lib/smbrun.o \
lib/util_sec.o lib/snprintf.o \
ubiqx/ubi_sLinkList.o libsmb/smbencrypt.o libsmb/smbdes.o \
$(PARAM_OBJ) $(TDB_OBJ) $(PASSDB_OBJ)
PAM_SMBPASS_PICOOBJ = $(PAM_SMBPASS_OBJ_0:.o=.po) PAM_SMBPASS_PICOOBJ = $(PAM_SMBPASS_OBJ_0:.o=.po)

View File

@ -218,3 +218,6 @@
#ifndef _GNU_SOURCE #ifndef _GNU_SOURCE
#undef _GNU_SOURCE #undef _GNU_SOURCE
#endif #endif
#undef LDAP_SET_REBIND_PROC_ARGS