* sync more files from 3.0

* set version string to "CVS 3.1.0alpha1"

source/Makefile.in

@@ -1205,7 +1205,10 @@ installscripts: installdirs
 installdat: installdirs
 	@$(SHELL) $(srcdir)/script/installdat.sh $(DESTDIR)$(LIBDIR) $(srcdir)
 
-installswat: installdirs
+installmsg: installdirs
+	@$(SHELL) $(srcdir)/script/installmsg.sh $(DESTDIR)$(LIBDIR) $(srcdir)
+
+installswat: installdirs installmsg
 	@$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir)
 
 installclientlib: installdirs libsmbclient

source/VERSION

@@ -18,8 +18,8 @@
 #  ->  "3.0.0"                                         #
 ########################################################
 SAMBA_VERSION_MAJOR=3
-SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=1
+SAMBA_VERSION_MINOR=1
+SAMBA_VERSION_RELEASE=0
 
 ########################################################
 # If a official release has a serious bug              #
@@ -41,7 +41,7 @@ SAMBA_VERSION_REVISION=
 # e.g. SAMBA_VERSION_PRE_RELEASE=1                     #
 #  ->  "2.2.9pre1"                                     #
 ########################################################
-SAMBA_VERSION_PRE_RELEASE=1
+SAMBA_VERSION_PRE_RELEASE=
 
 ########################################################
 # For 'rc' releases the version will be                #
@@ -71,7 +71,7 @@ SAMBA_VERSION_BETA_RELEASE=
 # e.g. SAMBA_VERSION_ALPHA_RELEASE=1                   #
 #  ->  "4.0.0alpha1"                                   #
 ########################################################
-SAMBA_VERSION_ALPHA_RELEASE=
+SAMBA_VERSION_ALPHA_RELEASE=1
 
 ########################################################
 # For 'test' releases the version will be              #

source/lib/afs.c

@@ -35,18 +35,6 @@ _syscall5(int, afs_syscall, int, subcall,
 	  char *, cmarg,
 	  int, follow);
 
-char *afs_cell(void)
-{
-	static char *cell = NULL;
-
-	if (cell == NULL) {
-		cell = strdup(lp_realm());
-		strlower_m(cell);
-	}
-
-	return cell;
-}
-
 struct ClearToken {
 	uint32 AuthHandle;
 	char HandShakeKey[8];
@@ -65,7 +53,8 @@ struct ClearToken {
   to avoid. 
 */
 
-static BOOL afs_settoken(char *username, const struct ClearToken *ctok,
+static BOOL afs_settoken(const char *username, const char *cell,
+			 const struct ClearToken *ctok,
 			 char *v4tkt_data, int v4tkt_length)
 {
 	int ret;
@@ -94,13 +83,13 @@ static BOOL afs_settoken(char *username, const struct ClearToken *ctok,
 	memcpy(p, &tmp, sizeof(uint32));
 	p += sizeof(uint32);
 
-	tmp = strlen(afs_cell());
+	tmp = strlen(cell);
 	if (tmp >= MAXKTCREALMLEN) {
 		DEBUG(1, ("Realm too long\n"));
 		return False;
 	}
 
-	strncpy(p, afs_cell(), tmp);
+	strncpy(p, cell, tmp);
 	p += tmp;
 	*p = 0;
 	p +=1;
@@ -135,12 +124,14 @@ static BOOL afs_settoken(char *username, const struct ClearToken *ctok,
   For the comments "Alice" is the User to be auth'ed, and "Bob" is the
   AFS server.  */
 
-BOOL afs_login(char *username)
+BOOL afs_login(connection_struct *conn)
 {
 	fstring ticket;
 	char *p = ticket;
 	uint32 len;
 	struct afs_key key;
+	pstring afs_username;
+	char *cell;
 
 	struct ClearToken ct;
 
@@ -148,13 +139,28 @@ BOOL afs_login(char *username)
 
 	des_key_schedule key_schedule;
 
-	DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
-		   username, afs_cell()));
+	pstrcpy(afs_username, lp_afs_username_map());
+	standard_sub_conn(conn, afs_username, sizeof(afs_username));
+
+	cell = strchr(afs_username, '@');
+
+	if (cell == NULL) {
+		DEBUG(1, ("AFS username doesn't contain a @, "
+			  "could not find cell\n"));
+		return False;
+	}
+
+	*cell = '\0';
+	cell += 1;
+	strlower_m(cell);
+
+	DEBUG(10, ("Trying to log into AFS for user %s@%s\n", 
+		   afs_username, cell));
 
 	if (!secrets_init()) 
 		return False;
 
-	if (!secrets_fetch_afs_key(afs_cell(), &key)) {
+	if (!secrets_fetch_afs_key(cell, &key)) {
 		DEBUG(5, ("Could not fetch AFS service key\n"));
 		return False;
 	}
@@ -172,14 +178,20 @@ BOOL afs_login(char *username)
 	p += 1;
 
 	/* "Alice", the client username */
-	strncpy(p, username, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
+	strncpy(p, afs_username, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
 	p += strlen(p)+1;
 	strncpy(p, "", sizeof(ticket)-PTR_DIFF(p,ticket)-1);
 	p += strlen(p)+1;
-	strncpy(p, afs_cell(), sizeof(ticket)-PTR_DIFF(p,ticket)-1);
+	strncpy(p, cell, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
 	p += strlen(p)+1;
 
-	ct.ViceId = getuid();
+	/* As long as we still only use the effective UID we need to set the
+	 * token for it here as well. This involves patching AFS in two
+	 * places. Once we start using the real uid where we have the
+	 * setresuid function, we can use getuid() here which would be more
+	 * correct. */
+
+	ct.ViceId = geteuid();
 	DEBUG(10, ("Creating Token for uid %d\n", ct.ViceId));
 
 	/* Alice's network layer address. At least Openafs-1.2.10
@@ -235,12 +247,12 @@ BOOL afs_login(char *username)
 
 	ZERO_STRUCT(key);
 
-	return afs_settoken(username, &ct, ticket, len);
+	return afs_settoken(afs_username, cell, &ct, ticket, len);
 }
 
 #else
 
-BOOL afs_login(char *username)
+BOOL afs_login(connection_struct *conn)
 {
 	return True;
 }

source/lib/util_sec.c

@@ -183,6 +183,10 @@ void gain_root_group_privilege(void)
 void set_effective_uid(uid_t uid)
 {
 #if USE_SETRESUID
+        /* On Systems which have this function, would it not be more
+         * appropriate to also set the real uid by doing
+         * setresuid(uid,uid,-1)? This would make patching AFS
+         * unnecessary. See comment in lib/afs.c. */
 	setresuid(-1,uid,-1);
 #endif
 

source/param/loadparm.c

@@ -126,6 +126,7 @@ typedef struct
 	char *szPasswordServer;
 	char *szSocketOptions;
 	char *szRealm;
+	char *szAfsUsernameMap;
 	char *szUsernameMap;
 	char *szLogonScript;
 	char *szLogonPath;
@@ -413,6 +414,7 @@ typedef struct
 	BOOL bUseSendfile;
 	BOOL bProfileAcls;
 	BOOL bMap_acl_inherit;
+	BOOL bAfs_Share;
 	param_opt_struct *param_opt;
 
 	char dummy[3];		/* for alignment */
@@ -533,6 +535,7 @@ static service sDefault = {
 	False,			/* bUseSendfile */
 	False,			/* bProfileAcls */
 	False,			/* bMap_acl_inherit */
+	False,			/* bAfs_Share */
 	
 	NULL,			/* Parametric options */
 
@@ -762,6 +765,7 @@ static struct parm_struct parm_table[] = {
 #ifdef WITH_ADS
 	{"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, 
 #endif
+	{"afs username map", P_USTRING, P_GLOBAL, &Globals.szAfsUsernameMap, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, 
 	{"netbios name", P_USTRING, P_GLOBAL, &Globals.szNetbiosName, handle_netbios_name, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, 
 	{"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, handle_netbios_aliases,  NULL, FLAG_ADVANCED}, 
 	{"netbios scope", P_USTRING, P_GLOBAL, &Globals.szNetbiosScope, handle_netbios_scope,  NULL, FLAG_ADVANCED}, 
@@ -890,6 +894,7 @@ static struct parm_struct parm_table[] = {
 	{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_ADVANCED}, 
 	{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as,  FLAG_ADVANCED}, 
 	{"map acl inherit", P_BOOL, P_LOCAL, &sDefault.bMap_acl_inherit, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, 
+	{"afs share", P_BOOL, P_LOCAL, &sDefault.bAfs_Share, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
 	{"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, FLAG_ADVANCED}, 
 	{"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, FLAG_ADVANCED}, 
 
@@ -1634,6 +1639,7 @@ FN_GLOBAL_STRING(lp_passwd_chat, &Globals.szPasswdChat)
 FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer)
 FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder)
 FN_GLOBAL_STRING(lp_realm, &Globals.szRealm)
+FN_GLOBAL_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap)
 FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
 FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript)
 FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath)
@@ -1871,6 +1877,7 @@ FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport)
 FN_LOCAL_BOOL(_lp_use_sendfile, bUseSendfile)
 FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls)
 FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit)
+FN_LOCAL_BOOL(lp_afs_share, bAfs_Share)
 FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
 FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
 FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)

source/script/gaptab.awk

@@ -23,9 +23,9 @@ function tonum(str)
 function fmt(val)
 {
   if (f++ % 8 == 0)
-    { printf ("\n  '\\x%02x',", val); }
+    { printf ("\n  0x%02x,", val); }
   else
-    { printf (" '\\x%02x',", val); }
+    { printf (" 0x%02x,", val); }
 }
 
 {

source/script/installmsg.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+# first version (Sept 2003) written by Shiro Yamada <shiro@miraclelinux.com>
+# based on the first verion (March 2002) of installdat.sh written by Herb Lewis
+
+MSGDIR=$1
+SRCDIR=$2/
+
+echo Installing msg files in $MSGDIR
+
+for f in $SRCDIR/po/*.msg; do
+	FNAME=$MSGDIR/`basename $f`
+	echo $FNAME
+	cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
+	chmod 0644 $FNAME
+done
+
+cat << EOF
+======================================================================
+The msg files have been installed. 
+======================================================================
+EOF
+
+exit 0

source/smbd/service.c

@@ -644,7 +644,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 	}
 
 #ifdef WITH_FAKE_KASERVER
-	afs_login(user);
+	if (lp_afs_share(SNUM(conn))) {
+		afs_login(conn);
+	}
 #endif
 	
 #if CHECK_PATH_ON_TCONX

source/utils/net.c

@@ -476,8 +476,8 @@ static int net_afskey(int argc, const char **argv)
 	int fd;
 	struct afs_keyfile keyfile;
 
-	if (argc != 1) {
-		d_printf("usage: 'net afskey <keyfile>'\n");
+	if (argc != 2) {
+		d_printf("usage: 'net afskey <keyfile> cell'\n");
 		return -1;
 	}
 
@@ -496,7 +496,7 @@ static int net_afskey(int argc, const char **argv)
 		return -1;
 	}
 
-	if (!secrets_store_afs_keyfile(afs_cell(), &keyfile)) {
+	if (!secrets_store_afs_keyfile(argv[1], &keyfile)) {
 		d_printf("Could not write keyfile to secrets.tdb\n");
 		return -1;
 	}