summaryrefslogtreecommitdiff
path: root/docs/docbook
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-07-16 05:42:34 +0000
committerGerald Carter <jerry@samba.org>2003-07-16 05:42:34 +0000
commit1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e (patch)
tree8bdf608593fc37227886691b0a12190dd1e8ba66 /docs/docbook
parent4a090ba06a54f5da179ac02bb307cc03d08831bf (diff)
downloadsamba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.tar.gz
samba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.tar.bz2
samba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.zip
ading new files from 3.0
(This used to be commit 99feae7b5b1c229a925367b87c0c0f636d9a2d75)
Diffstat (limited to 'docs/docbook')
-rw-r--r--docs/docbook/devdoc/.cvsignore1
-rw-r--r--docs/docbook/devdoc/vfs.xml797
-rw-r--r--docs/docbook/devdoc/windows-debug.xml19
-rw-r--r--docs/docbook/manpages/profiles.1.sgml86
-rw-r--r--docs/docbook/projdoc/.cvsignore1
-rw-r--r--docs/docbook/projdoc/Backup.xml36
-rw-r--r--docs/docbook/projdoc/DNS-DHCP-Configuration.xml17
-rw-r--r--docs/docbook/projdoc/FastStart.xml17
-rw-r--r--docs/docbook/projdoc/HighAvailability.xml17
-rw-r--r--docs/docbook/projdoc/WindowsClientConfig.xml17
-rw-r--r--docs/docbook/smbdotconf/misc/valid.xml18
-rw-r--r--docs/docbook/smbdotconf/printing/totalprintjobs.xml22
-rw-r--r--docs/docbook/smbdotconf/protocol/clientusespnego.xml13
-rw-r--r--docs/docbook/smbdotconf/protocol/mapaclinherit.xml17
-rw-r--r--docs/docbook/smbdotconf/protocol/profileacls.xml33
-rw-r--r--docs/docbook/smbdotconf/security/clientlanmanauth.xml28
-rw-r--r--docs/docbook/smbdotconf/security/clientntlmv2auth.xml26
-rw-r--r--docs/docbook/smbdotconf/vfs/vfsobjects.xml14
-rw-r--r--docs/docbook/smbdotconf/winbind/enableridalgorithm.xml17
-rw-r--r--docs/docbook/smbdotconf/winbind/idmapgid.xml18
-rw-r--r--docs/docbook/smbdotconf/winbind/idmapuid.xml14
-rw-r--r--docs/docbook/smbdotconf/winbind/templateprimarygroup.xml14
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml16
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml16
-rw-r--r--docs/docbook/xslt/generate-attributions.xsl67
25 files changed, 1341 insertions, 0 deletions
diff --git a/docs/docbook/devdoc/.cvsignore b/docs/docbook/devdoc/.cvsignore
new file mode 100644
index 0000000000..3bbac303f5
--- /dev/null
+++ b/docs/docbook/devdoc/.cvsignore
@@ -0,0 +1 @@
+attributions.xml
diff --git a/docs/docbook/devdoc/vfs.xml b/docs/docbook/devdoc/vfs.xml
new file mode 100644
index 0000000000..ed2afef53e
--- /dev/null
+++ b/docs/docbook/devdoc/vfs.xml
@@ -0,0 +1,797 @@
+<chapter id="vfs">
+<chapterinfo>
+ <author>
+ <firstname>Alexander</firstname><surname>Bokovoy</surname>
+ <affiliation>
+ <address><email>ab@samba.org</email></address>
+ </affiliation>
+ </author>
+ <author>
+ <firstname>Stefan</firstname><surname>Metzmacher</surname>
+ <affiliation>
+ <address><email>metze@metzemix.de</email></address>
+ </affiliation>
+ </author>
+ <pubdate> 27 May 2003 </pubdate>
+</chapterinfo>
+
+<title>VFS Modules</title>
+
+<sect1>
+<title>The Samba (Posix) VFS layer</title>
+
+<sect2>
+<title>The general interface</title>
+
+<para>
+Each VFS operation has a vfs_op_type, a function pointer and a handle pointer in the
+struct vfs_ops and tree macros to make it easier to call the operations.
+(Take a look at <filename>include/vfs.h</filename> and <filename>include/vfs_macros.h</filename>.)
+</para>
+
+<para><programlisting>
+typedef enum _vfs_op_type {
+ SMB_VFS_OP_NOOP = -1,
+
+ ...
+
+ /* File operations */
+
+ SMB_VFS_OP_OPEN,
+ SMB_VFS_OP_CLOSE,
+ SMB_VFS_OP_READ,
+ SMB_VFS_OP_WRITE,
+ SMB_VFS_OP_LSEEK,
+ SMB_VFS_OP_SENDFILE,
+
+ ...
+
+ SMB_VFS_OP_LAST
+} vfs_op_type;
+</programlisting></para>
+
+<para>This struct contains the function and handle pointers for all operations.<programlisting>
+struct vfs_ops {
+ struct vfs_fn_pointers {
+ ...
+
+ /* File operations */
+
+ int (*open)(struct vfs_handle_struct *handle,
+ struct connection_struct *conn,
+ const char *fname, int flags, mode_t mode);
+ int (*close)(struct vfs_handle_struct *handle,
+ struct files_struct *fsp, int fd);
+ ssize_t (*read)(struct vfs_handle_struct *handle,
+ struct files_struct *fsp, int fd, void *data, size_t n);
+ ssize_t (*write)(struct vfs_handle_struct *handle,
+ struct files_struct *fsp, int fd,
+ const void *data, size_t n);
+ SMB_OFF_T (*lseek)(struct vfs_handle_struct *handle,
+ struct files_struct *fsp, int fd,
+ SMB_OFF_T offset, int whence);
+ ssize_t (*sendfile)(struct vfs_handle_struct *handle,
+ int tofd, files_struct *fsp, int fromfd,
+ const DATA_BLOB *header, SMB_OFF_T offset, size_t count);
+
+ ...
+ } ops;
+
+ struct vfs_handles_pointers {
+ ...
+
+ /* File operations */
+
+ struct vfs_handle_struct *open;
+ struct vfs_handle_struct *close;
+ struct vfs_handle_struct *read;
+ struct vfs_handle_struct *write;
+ struct vfs_handle_struct *lseek;
+ struct vfs_handle_struct *sendfile;
+
+ ...
+ } handles;
+};
+</programlisting></para>
+
+<para>
+This macros SHOULD be used to call any vfs operation.
+DO NOT ACCESS conn-&gt;vfs.ops.* directly !!!
+<programlisting>
+...
+
+/* File operations */
+#define SMB_VFS_OPEN(conn, fname, flags, mode) \
+ ((conn)-&gt;vfs.ops.open((conn)-&gt;vfs.handles.open,\
+ (conn), (fname), (flags), (mode)))
+#define SMB_VFS_CLOSE(fsp, fd) \
+ ((fsp)-&gt;conn-&gt;vfs.ops.close(\
+ (fsp)-&gt;conn-&gt;vfs.handles.close, (fsp), (fd)))
+#define SMB_VFS_READ(fsp, fd, data, n) \
+ ((fsp)-&gt;conn-&gt;vfs.ops.read(\
+ (fsp)-&gt;conn-&gt;vfs.handles.read,\
+ (fsp), (fd), (data), (n)))
+#define SMB_VFS_WRITE(fsp, fd, data, n) \
+ ((fsp)-&gt;conn-&gt;vfs.ops.write(\
+ (fsp)-&gt;conn-&gt;vfs.handles.write,\
+ (fsp), (fd), (data), (n)))
+#define SMB_VFS_LSEEK(fsp, fd, offset, whence) \
+ ((fsp)-&gt;conn-&gt;vfs.ops.lseek(\
+ (fsp)-&gt;conn-&gt;vfs.handles.lseek,\
+ (fsp), (fd), (offset), (whence)))
+#define SMB_VFS_SENDFILE(tofd, fsp, fromfd, header, offset, count) \
+ ((fsp)-&gt;conn-&gt;vfs.ops.sendfile(\
+ (fsp)-&gt;conn-&gt;vfs.handles.sendfile,\
+ (tofd), (fsp), (fromfd), (header), (offset), (count)))
+
+...
+</programlisting></para>
+
+</sect2>
+
+<sect2>
+<title>Possible VFS operation layers</title>
+
+<para>
+These values are used by the VFS subsystem when building the conn-&gt;vfs
+and conn-&gt;vfs_opaque structs for a connection with multiple VFS modules.
+Internally, Samba differentiates only opaque and transparent layers at this process.
+Other types are used for providing better diagnosing facilities.
+</para>
+
+<para>
+Most modules will provide transparent layers. Opaque layer is for modules
+which implement actual file system calls (like DB-based VFS). For example,
+default POSIX VFS which is built in into Samba is an opaque VFS module.
+</para>
+
+<para>
+Other layer types (logger, splitter, scanner) were designed to provide different
+degree of transparency and for diagnosing VFS module behaviour.
+</para>
+
+<para>
+Each module can implement several layers at the same time provided that only
+one layer is used per each operation.
+</para>
+
+<para><programlisting>
+typedef enum _vfs_op_layer {
+ SMB_VFS_LAYER_NOOP = -1, /* - For using in VFS module to indicate end of array */
+ /* of operations description */
+ SMB_VFS_LAYER_OPAQUE = 0, /* - Final level, does not call anything beyond itself */
+ SMB_VFS_LAYER_TRANSPARENT, /* - Normal operation, calls underlying layer after */
+ /* possibly changing passed data */
+ SMB_VFS_LAYER_LOGGER, /* - Logs data, calls underlying layer, logging may not */
+ /* use Samba VFS */
+ SMB_VFS_LAYER_SPLITTER, /* - Splits operation, calls underlying layer _and_ own facility, */
+ /* then combines result */
+ SMB_VFS_LAYER_SCANNER /* - Checks data and possibly initiates additional */
+ /* file activity like logging to files _inside_ samba VFS */
+} vfs_op_layer;
+</programlisting></para>
+
+</sect2>
+
+</sect1>
+
+<sect1>
+<title>The Interaction between the Samba VFS subsystem and the modules</title>
+
+<sect2>
+<title>Initialization and registration</title>
+
+<para>
+As each Samba module a VFS module should have a
+<programlisting>NTSTATUS vfs_example_init(void);</programlisting> function if it's staticly linked to samba or
+<programlisting>NTSTATUS init_module(void);</programlisting> function if it's a shared module.
+</para>
+
+<para>
+This should be the only non static function inside the module.
+Global variables should also be static!
+</para>
+
+<para>
+The module should register its functions via the
+<programlisting>
+NTSTATUS smb_register_vfs(int version, const char *name, vfs_op_tuple *vfs_op_tuples);
+</programlisting> function.
+</para>
+
+<variablelist>
+
+<varlistentry><term>version</term>
+<listitem><para>should be filled with SMB_VFS_INTERFACE_VERSION</para></listitem>
+</varlistentry>
+
+<varlistentry><term>name</term>
+<listitem><para>this is the name witch can be listed in the
+<command>vfs objects</command> parameter to use this module.</para></listitem>
+</varlistentry>
+
+<varlistentry><term>vfs_op_tuples</term>
+<listitem><para>
+this is an array of vfs_op_tuple's.
+(vfs_op_tuples is descripted in details below.)
+</para></listitem>
+</varlistentry>
+
+</variablelist>
+
+<para>
+For each operation the module wants to provide it has a entry in the
+vfs_op_tuple array.
+</para>
+
+<programlisting>
+typedef struct _vfs_op_tuple {
+ void* op;
+ vfs_op_type type;
+ vfs_op_layer layer;
+} vfs_op_tuple;
+</programlisting>
+
+<variablelist>
+
+<varlistentry><term>op</term>
+<listitem><para>the function pointer to the specified function.</para></listitem>
+</varlistentry>
+
+<varlistentry><term>type</term>
+<listitem><para>the vfs_op_type of the function to specified witch operation the function provides.</para></listitem>
+</varlistentry>
+
+<varlistentry><term>layer</term>
+<listitem><para>the vfs_op_layer in whitch the function operates.</para></listitem>
+</varlistentry>
+
+</variablelist>
+
+<para>A simple example:</para>
+
+<programlisting>
+static vfs_op_tuple example_op_tuples[] = {
+ {SMB_VFS_OP(example_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT},
+ {SMB_VFS_OP(example_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT},
+
+ {SMB_VFS_OP(example_rename), SMB_VFS_OP_RENAME, SMB_VFS_LAYER_OPAQUE},
+
+ /* This indicates the end of the array */
+ {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
+};
+
+NTSTATUS init_module(void)
+{
+ return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, &quot;example&quot;, example_op_tuples);
+}
+</programlisting>
+
+</sect2>
+
+<sect2>
+<title>How the Modules handle per connection data</title>
+
+<para>Each VFS function has as first parameter a pointer to the modules vfs_handle_struct.
+</para>
+
+<programlisting>
+typedef struct vfs_handle_struct {
+ struct vfs_handle_struct *next, *prev;
+ const char *param;
+ struct vfs_ops vfs_next;
+ struct connection_struct *conn;
+ void *data;
+ void (*free_data)(void **data);
+} vfs_handle_struct;
+</programlisting>
+
+<variablelist>
+
+<varlistentry><term>param</term>
+<listitem><para>this is the module parameter specified in the <command>vfs objects</command> parameter.</para>
+<para>e.g. for 'vfs objects = example:test' param would be &quot;test&quot;.</para></listitem>
+</varlistentry>
+
+<varlistentry><term>vfs_next</term>
+<listitem><para>This vfs_ops struct contains the information for calling the next module operations.
+Use the SMB_VFS_NEXT_* macros to call a next module operations and
+don't access handle-&gt;vfs_next.ops.* directly!</para></listitem>
+</varlistentry>
+
+<varlistentry><term>conn</term>
+<listitem><para>This is a pointer back to the connection_struct to witch the handle belongs.</para></listitem>
+</varlistentry>
+
+<varlistentry><term>data</term>
+<listitem><para>This is a pointer for holding module private data.
+You can alloc data with connection life time on the handle-&gt;conn-&gt;mem_ctx TALLOC_CTX.
+But you can also manage the memory allocation yourself.</para></listitem>
+</varlistentry>
+
+<varlistentry><term>free_data</term>
+<listitem><para>This is a function pointer to a function that free's the module private data.
+If you talloc your private data on the TALLOC_CTX handle-&gt;conn-&gt;mem_ctx,
+you can set this function pointer to NULL.</para></listitem>
+</varlistentry>
+
+</variablelist>
+
+<para>Some useful MACROS for handle private data.
+</para>
+
+<programlisting>
+#define SMB_VFS_HANDLE_GET_DATA(handle, datap, type, ret) { \
+ if (!(handle)||((datap=(type *)(handle)-&gt;data)==NULL)) { \
+ DEBUG(0,(&quot;%s() failed to get vfs_handle-&gt;data!\n&quot;,FUNCTION_MACRO)); \
+ ret; \
+ } \
+}
+
+#define SMB_VFS_HANDLE_SET_DATA(handle, datap, free_fn, type, ret) { \
+ if (!(handle)) { \
+ DEBUG(0,(&quot;%s() failed to set handle-&gt;data!\n&quot;,FUNCTION_MACRO)); \
+ ret; \
+ } else { \
+ if ((handle)-&gt;free_data) { \
+ (handle)-&gt;free_data(&amp;(handle)-&gt;data); \
+ } \
+ (handle)-&gt;data = (void *)datap; \
+ (handle)-&gt;free_data = free_fn; \
+ } \
+}
+
+#define SMB_VFS_HANDLE_FREE_DATA(handle) { \
+ if ((handle) &amp;&amp; (handle)-&gt;free_data) { \
+ (handle)-&gt;free_data(&amp;(handle)-&gt;data); \
+ } \
+}
+</programlisting>
+
+<para>How SMB_VFS_LAYER_TRANSPARENT functions can call the SMB_VFS_LAYER_OPAQUE functions.</para>
+
+<para>The easiest way to do this is to use the SMB_VFS_OPAQUE_* macros.
+</para>
+
+<programlisting>
+...
+/* File operations */
+#define SMB_VFS_OPAQUE_OPEN(conn, fname, flags, mode) \
+ ((conn)-&gt;vfs_opaque.ops.open(\
+ (conn)-&gt;vfs_opaque.handles.open,\
+ (conn), (fname), (flags), (mode)))
+#define SMB_VFS_OPAQUE_CLOSE(fsp, fd) \
+ ((fsp)-&gt;conn-&gt;vfs_opaque.ops.close(\
+ (fsp)-&gt;conn-&gt;vfs_opaque.handles.close,\
+ (fsp), (fd)))
+#define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) \
+ ((fsp)-&gt;conn-&gt;vfs_opaque.ops.read(\
+ (fsp)-&gt;conn-&gt;vfs_opaque.handles.read,\
+ (fsp), (fd), (data), (n)))
+#define SMB_VFS_OPAQUE_WRITE(fsp, fd, data, n) \
+ ((fsp)-&gt;conn-&gt;vfs_opaque.ops.write(\
+ (fsp)-&gt;conn-&gt;vfs_opaque.handles.write,\
+ (fsp), (fd), (data), (n)))
+#define SMB_VFS_OPAQUE_LSEEK(fsp, fd, offset, whence) \
+ ((fsp)-&gt;conn-&gt;vfs_opaque.ops.lseek(\
+ (fsp)-&gt;conn-&gt;vfs_opaque.handles.lseek,\
+ (fsp), (fd), (offset), (whence)))
+#define SMB_VFS_OPAQUE_SENDFILE(tofd, fsp, fromfd, header, offset, count) \
+ ((fsp)-&gt;conn-&gt;vfs_opaque.ops.sendfile(\
+ (fsp)-&gt;conn-&gt;vfs_opaque.handles.sendfile,\
+ (tofd), (fsp), (fromfd), (header), (offset), (count)))
+...
+</programlisting>
+
+<para>How SMB_VFS_LAYER_TRANSPARENT functions can call the next modules functions.</para>
+
+<para>The easiest way to do this is to use the SMB_VFS_NEXT_* macros.
+</para>
+
+<programlisting>
+...
+/* File operations */
+#define SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode) \
+ ((handle)-&gt;vfs_next.ops.open(\
+ (handle)-&gt;vfs_next.handles.open,\
+ (conn), (fname), (flags), (mode)))
+#define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) \
+ ((handle)-&gt;vfs_next.ops.close(\
+ (handle)-&gt;vfs_next.handles.close,\
+ (fsp), (fd)))
+#define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) \
+ ((handle)-&gt;vfs_next.ops.read(\
+ (handle)-&gt;vfs_next.handles.read,\
+ (fsp), (fd), (data), (n)))
+#define SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n) \
+ ((handle)-&gt;vfs_next.ops.write(\
+ (handle)-&gt;vfs_next.handles.write,\
+ (fsp), (fd), (data), (n)))
+#define SMB_VFS_NEXT_LSEEK(handle, fsp, fd, offset, whence) \
+ ((handle)-&gt;vfs_next.ops.lseek(\
+ (handle)-&gt;vfs_next.handles.lseek,\
+ (fsp), (fd), (offset), (whence)))
+#define SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, header, offset, count) \
+ ((handle)-&gt;vfs_next.ops.sendfile(\
+ (handle)-&gt;vfs_next.handles.sendfile,\
+ (tofd), (fsp), (fromfd), (header), (offset), (count)))
+...
+</programlisting>
+
+</sect2>
+
+</sect1>
+
+<sect1>
+<title>Upgrading to the New VFS Interface</title>
+
+<sect2>
+<title>Upgrading from 2.2.* and 3.0aplha modules</title>
+
+<orderedlist>
+<listitem><para>
+Add &quot;vfs_handle_struct *handle, &quot; as first parameter to all vfs operation functions.
+e.g. example_connect(connection_struct *conn, const char *service, const char *user);
+-&gt; example_connect(vfs_handle_struct *handle, connection_struct *conn, const char *service, const char *user);
+</para></listitem>
+
+<listitem><para>
+Replace &quot;default_vfs_ops.&quot; with &quot;smb_vfs_next_&quot;.
+e.g. default_vfs_ops.connect(conn, service, user);
+-&gt; smb_vfs_next_connect(conn, service, user);
+</para></listitem>
+
+<listitem><para>
+Uppercase all &quot;smb_vfs_next_*&quot; functions.
+e.g. smb_vfs_next_connect(conn, service, user);
+-&gt; SMB_VFS_NEXT_CONNECT(conn, service, user);
+</para></listitem>
+
+<listitem><para>
+Add &quot;handle, &quot; as first parameter to all SMB_VFS_NEXT_*() calls.
+e.g. SMB_VFS_NEXT_CONNECT(conn, service, user);
+-&gt; SMB_VFS_NEXT_CONNECT(handle, conn, service, user);
+</para></listitem>
+
+<listitem><para>
+(Only for 2.2.* modules)
+Convert the old struct vfs_ops example_ops to
+a vfs_op_tuple example_op_tuples[] array.
+e.g.
+<programlisting>
+struct vfs_ops example_ops = {
+ /* Disk operations */
+ example_connect, /* connect */
+ example_disconnect, /* disconnect */
+ NULL, /* disk free *
+ /* Directory operations */
+ NULL, /* opendir */
+ NULL, /* readdir */
+ NULL, /* mkdir */
+ NULL, /* rmdir */
+ NULL, /* closedir */
+ /* File operations */
+ NULL, /* open */
+ NULL, /* close */
+ NULL, /* read */
+ NULL, /* write */
+ NULL, /* lseek */
+ NULL, /* sendfile */
+ NULL, /* rename */
+ NULL, /* fsync */
+ example_stat, /* stat */
+ example_fstat, /* fstat */
+ example_lstat, /* lstat */
+ NULL, /* unlink */
+ NULL, /* chmod */
+ NULL, /* fchmod */
+ NULL, /* chown */
+ NULL, /* fchown */
+ NULL, /* chdir */
+ NULL, /* getwd */
+ NULL, /* utime */
+ NULL, /* ftruncate */
+ NULL, /* lock */
+ NULL, /* symlink */
+ NULL, /* readlink */
+ NULL, /* link */
+ NULL, /* mknod */
+ NULL, /* realpath */
+ NULL, /* fget_nt_acl */
+ NULL, /* get_nt_acl */
+ NULL, /* fset_nt_acl */
+ NULL, /* set_nt_acl */
+
+ NULL, /* chmod_acl */
+ NULL, /* fchmod_acl */
+
+ NULL, /* sys_acl_get_entry */
+ NULL, /* sys_acl_get_tag_type */
+ NULL, /* sys_acl_get_permset */
+ NULL, /* sys_acl_get_qualifier */
+ NULL, /* sys_acl_get_file */
+ NULL, /* sys_acl_get_fd */
+ NULL, /* sys_acl_clear_perms */
+ NULL, /* sys_acl_add_perm */
+ NULL, /* sys_acl_to_text */
+ NULL, /* sys_acl_init */
+ NULL, /* sys_acl_create_entry */
+ NULL, /* sys_acl_set_tag_type */
+ NULL, /* sys_acl_set_qualifier */
+ NULL, /* sys_acl_set_permset */
+ NULL, /* sys_acl_valid */
+ NULL, /* sys_acl_set_file */
+ NULL, /* sys_acl_set_fd */
+ NULL, /* sys_acl_delete_def_file */
+ NULL, /* sys_acl_get_perm */
+ NULL, /* sys_acl_free_text */
+ NULL, /* sys_acl_free_acl */
+ NULL /* sys_acl_free_qualifier */
+};
+</programlisting>
+-&gt;
+<programlisting>
+static vfs_op_tuple example_op_tuples[] = {
+ {SMB_VFS_OP(example_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT},
+ {SMB_VFS_OP(example_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT},
+
+ {SMB_VFS_OP(example_fstat), SMB_VFS_OP_FSTAT, SMB_VFS_LAYER_TRANSPARENT},
+ {SMB_VFS_OP(example_stat), SMB_VFS_OP_STAT, SMB_VFS_LAYER_TRANSPARENT},
+ {SMB_VFS_OP(example_lstat), SMB_VFS_OP_LSTAT, SMB_VFS_LAYER_TRANSPARENT},
+
+ {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
+};
+</programlisting>
+</para></listitem>
+
+<listitem><para>
+Move the example_op_tuples[] array to the end of the file.
+</para></listitem>
+
+<listitem><para>
+Add the init_module() function at the end of the file.
+e.g.
+<programlisting>
+NTSTATUS init_module(void)
+{
+ return smb_register_vfs(SMB_VFS_INTERFACE_VERSION,&quot;example&quot;,example_op_tuples);
+}
+</programlisting>
+</para></listitem>
+
+<listitem><para>
+Check if your vfs_init() function does more then just prepare the vfs_ops structs or
+remember the struct smb_vfs_handle_struct.
+<simplelist>
+<member>If NOT you can remove the vfs_init() function.</member>
+<member>If YES decide if you want to move the code to the example_connect() operation or to the init_module(). And then remove vfs_init().
+ e.g. a debug class registration should go into init_module() and the allocation of private data should go to example_connect().</member>
+</simplelist>
+</para></listitem>
+
+<listitem><para>
+(Only for 3.0alpha* modules)
+Check if your vfs_done() function contains needed code.
+<simplelist>
+<member>If NOT you can remove the vfs_done() function.</member>
+<member>If YES decide if you can move the code to the example_disconnect() operation. Otherwise register a SMB_EXIT_EVENT with smb_register_exit_event(); (Described in the <link linkend="modules">modules section</link>) And then remove vfs_done(). e.g. the freeing of private data should go to example_disconnect().
+</member>
+</simplelist>
+</para></listitem>
+
+<listitem><para>
+Check if you have any global variables left.
+Decide if it wouldn't be better to have this data on a connection basis.
+<simplelist>
+ <member>If NOT leave them as they are. (e.g. this could be the variable for the private debug class.)</member>
+ <member>If YES pack all this data into a struct. You can use handle-&gt;data to point to such a struct on a per connection basis.</member>
+</simplelist>
+
+ e.g. if you have such a struct:
+<programlisting>
+struct example_privates {
+ char *some_string;
+ int db_connection;
+};
+</programlisting>
+first way of doing it:
+<programlisting>
+static int example_connect(vfs_handle_struct *handle,
+ connection_struct *conn, const char *service,
+ const char* user)
+{
+ struct example_privates *data = NULL;
+
+ /* alloc our private data */
+ data = (struct example_privates *)talloc_zero(conn-&gt;mem_ctx, sizeof(struct example_privates));
+ if (!data) {
+ DEBUG(0,(&quot;talloc_zero() failed\n&quot;));
+ return -1;
+ }
+
+ /* init out private data */
+ data-&gt;some_string = talloc_strdup(conn-&gt;mem_ctx,&quot;test&quot;);
+ if (!data-&gt;some_string) {
+ DEBUG(0,(&quot;talloc_strdup() failed\n&quot;));
+ return -1;
+ }
+
+ data-&gt;db_connection = open_db_conn();
+
+ /* and now store the private data pointer in handle-&gt;data
+ * we don't need to specify a free_function here because
+ * we use the connection TALLOC context.
+ * (return -1 if something failed.)
+ */
+ VFS_HANDLE_SET_DATA(handle, data, NULL, struct example_privates, return -1);
+
+ return SMB_VFS_NEXT_CONNECT(handle,conn,service,user);
+}
+
+static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
+{
+ struct example_privates *data = NULL;
+
+ /* get the pointer to our private data
+ * return -1 if something failed
+ */
+ SMB_VFS_HANDLE_GET_DATA(handle, data, struct example_privates, return -1);
+
+ /* do something here...*/
+ DEBUG(0,(&quot;some_string: %s\n&quot;,data-&gt;some_string));
+
+ return SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
+}
+</programlisting>
+second way of doing it:
+<programlisting>
+static void free_example_privates(void **datap)
+{
+ struct example_privates *data = (struct example_privates *)*datap;
+
+ SAFE_FREE(data-&gt;some_string);
+ SAFE_FREE(data);
+
+ *datap = NULL;
+
+ return;
+}
+
+static int example_connect(vfs_handle_struct *handle,
+ connection_struct *conn, const char *service,
+ const char* user)
+{
+ struct example_privates *data = NULL;
+
+ /* alloc our private data */
+ data = (struct example_privates *)malloc(sizeof(struct example_privates));
+ if (!data) {
+ DEBUG(0,(&quot;malloc() failed\n&quot;));
+ return -1;
+ }
+
+ /* init out private data */
+ data-&gt;some_string = strdup(&quot;test&quot;);
+ if (!data-&gt;some_string) {
+ DEBUG(0,(&quot;strdup() failed\n&quot;));
+ return -1;
+ }
+
+ data-&gt;db_connection = open_db_conn();
+
+ /* and now store the private data pointer in handle-&gt;data
+ * we need to specify a free_function because we used malloc() and strdup().
+ * (return -1 if something failed.)
+ */
+ SMB_VFS_HANDLE_SET_DATA(handle, data, free_example_privates, struct example_privates, return -1);
+
+ return SMB_VFS_NEXT_CONNECT(handle,conn,service,user);
+}
+
+static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
+{
+ struct example_privates *data = NULL;
+
+ /* get the pointer to our private data
+ * return -1 if something failed
+ */
+ SMB_VFS_HANDLE_GET_DATA(handle, data, struct example_privates, return -1);
+
+ /* do something here...*/
+ DEBUG(0,(&quot;some_string: %s\n&quot;,data-&gt;some_string));
+
+ return SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
+}
+</programlisting>
+</para></listitem>
+
+<listitem><para>
+To make it easy to build 3rd party modules it would be usefull to provide
+configure.in, (configure), install.sh and Makefile.in with the module.
+(Take a look at the example in <filename>examples/VFS</filename>.)
+</para>
+
+<para>
+The configure script accepts <option>--with-samba-source</option> to specify
+the path to the samba source tree.
+It also accept <option>--enable-developer</option> which lets the compiler
+give you more warnings.
+</para>
+
+<para>
+The idea is that you can extend this
+<filename>configure.in</filename> and <filename>Makefile.in</filename> scripts
+for your module.
+</para></listitem>
+
+<listitem><para>
+Compiling &amp; Testing...
+<simplelist>
+<member><userinput>./configure <option>--enable-developer</option></userinput> ...</member>
+<member><userinput>make</userinput></member>
+<member>Try to fix all compiler warnings</member>
+<member><userinput>make</userinput></member>
+<member>Testing, Testing, Testing ...</member>
+</simplelist>
+</para></listitem>
+</orderedlist>
+</sect2>
+
+</sect1>
+
+<sect1>
+<title>Some Notes</title>
+
+<sect2>
+<title>Implement TRANSPARENT functions</title>
+
+<para>
+Avoid writing functions like this:
+
+<programlisting>
+static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
+{
+ return SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
+}
+</programlisting>
+
+Overload only the functions you really need to!
+</para>
+
+</sect2>
+
+<sect2>
+<title>Implement OPAQUE functions</title>
+
+<para>
+If you want to just implement a better version of a
+default samba opaque function
+(e.g. like a disk_free() function for a special filesystem)
+it's ok to just overload that specific function.
+</para>
+
+<para>
+If you want to implement a database filesystem or
+something different from a posix filesystem.
+Make sure that you overload every vfs operation!!!
+</para>
+<para>
+Functions your FS does not support should be overloaded by something like this:
+e.g. for a readonly filesystem.
+</para>
+
+<programlisting>
+static int example_rename(vfs_handle_struct *handle, connection_struct *conn,
+ char *oldname, char *newname)
+{
+ DEBUG(10,(&quot;function rename() not allowed on vfs 'example'\n&quot;));
+ errno = ENOSYS;
+ return -1;
+}
+</programlisting>
+
+</sect2>
+
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/devdoc/windows-debug.xml b/docs/docbook/devdoc/windows-debug.xml
new file mode 100644
index 0000000000..3535c38dbd
--- /dev/null
+++ b/docs/docbook/devdoc/windows-debug.xml
@@ -0,0 +1,19 @@
+<chapter id="windows-debug">
+ <chapterinfo>
+ &author.jelmer;
+ &author.tridge;
+ </chapterinfo>
+
+ <title>Finding useful information on windows</title>
+
+ <sect1><title>Netlogon debugging output</title>
+
+ <procedure>
+ <step><para>stop netlogon service on PDC</para></step>
+ <step><para>rename original netlogon.dll to netlogon.dll.original</para></step>
+ <step><para>copy checked version of netlogon.dll to system32 directory</para></step>
+ <step><para>set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag to 0x20000004</para></step>
+ <step><para>start netlogon service on PDC</para></step>
+ </procedure>
+</sect1>
+</chapter>
diff --git a/docs/docbook/manpages/profiles.1.sgml b/docs/docbook/manpages/profiles.1.sgml
new file mode 100644
index 0000000000..6fd2b6fd86
--- /dev/null
+++ b/docs/docbook/manpages/profiles.1.sgml
@@ -0,0 +1,86 @@
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
+<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
+]>
+<refentry id="profiles.1">
+
+<refmeta>
+ <refentrytitle>profiles</refentrytitle>
+ <manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+ <refname>profiles</refname>
+ <refpurpose>A utility to report and change SIDs in registry files
+ </refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>profiles</command>
+ <arg choice="opt">-v</arg>
+ <arg choice="opt">-c SID</arg>
+ <arg choice="opt">-n SID</arg>
+ <arg choice="req">file</arg>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para><command>profiles</command> is a utility that
+ reports and changes SIDs in windows registry files. It currently only
+ supports NT.
+ </para>
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>file</term>
+ <listitem><para>Registry file to view or edit. </para></listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>-v,--verbose</term>
+ <listitem><para>Increases verbosity of messages.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c SID1 -n SID2</term>
+ <listitem><para>Change all occurences of SID1 in <filename>file</filename> by SID2.
+ </para></listitem>
+ </varlistentry>
+
+ &stdarg.help;
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is correct for version 3.0 of the Samba
+ suite.</para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+
+ <para>The profiles man page was written by Jelmer Vernooij. </para>
+</refsect1>
+
+</refentry>
diff --git a/docs/docbook/projdoc/.cvsignore b/docs/docbook/projdoc/.cvsignore
new file mode 100644
index 0000000000..3bbac303f5
--- /dev/null
+++ b/docs/docbook/projdoc/.cvsignore
@@ -0,0 +1 @@
+attributions.xml
diff --git a/docs/docbook/projdoc/Backup.xml b/docs/docbook/projdoc/Backup.xml
new file mode 100644
index 0000000000..b3c37aba53
--- /dev/null
+++ b/docs/docbook/projdoc/Backup.xml
@@ -0,0 +1,36 @@
+<chapter id="Backup">
+<chapterinfo>
+ &author.jht;
+</chapterinfo>
+
+<title>Samba Backup Techniques</title>
+
+<sect1>
+<title>Note</title>
+
+<para>
+This chapter did not make it into this release.
+It is planned for the published release of this document.
+If you have something to contribute for this section please email it to
+<link url="mail://jht@samba.org">jht@samba.org</link>/
+</para>
+
+</sect1>
+
+<sect1>
+<title>Features and Benefits</title>
+
+<para>
+We need feedback from people who are backing up samba servers.
+We would like to know what software tools you are using to backup
+your samba server/s.
+</para>
+
+<para>
+In particular, if you have any success and / or failure stories you could
+share with other users this would be appreciated.
+</para>
+
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/projdoc/DNS-DHCP-Configuration.xml b/docs/docbook/projdoc/DNS-DHCP-Configuration.xml
new file mode 100644
index 0000000000..21bda63276
--- /dev/null
+++ b/docs/docbook/projdoc/DNS-DHCP-Configuration.xml
@@ -0,0 +1,17 @@
+<chapter id="DNSDHCP">
+<chapterinfo>
+ &author.jht;
+</chapterinfo>
+
+<title>DNS and DHCP Configuration Guide</title>
+
+<sect1>
+<title>Note</title>
+
+<para>
+This chapter did not make it into this release.
+It is planned for the published release of this document.
+</para>
+
+</sect1>
+</chapter>
diff --git a/docs/docbook/projdoc/FastStart.xml b/docs/docbook/projdoc/FastStart.xml
new file mode 100644
index 0000000000..a1aee9b7df
--- /dev/null
+++ b/docs/docbook/projdoc/FastStart.xml
@@ -0,0 +1,17 @@
+<chapter id="FastStart">
+<chapterinfo>
+ &author.jht;
+</chapterinfo>
+
+<title>Fast Start for the Impatient</title>
+
+<sect1>
+<title>Note</title>
+
+<para>
+This chapter did not make it into this release.
+It is planned for the published release of this document.
+</para>
+
+</sect1>
+</chapter>
diff --git a/docs/docbook/projdoc/HighAvailability.xml b/docs/docbook/projdoc/HighAvailability.xml
new file mode 100644
index 0000000000..3cd7fac807
--- /dev/null
+++ b/docs/docbook/projdoc/HighAvailability.xml
@@ -0,0 +1,17 @@
+<chapter id="SambaHA">
+<chapterinfo>
+ &author.jht;
+</chapterinfo>
+
+<title>High Availability Options</title>
+
+<sect1>
+<title>Note</title>
+
+<para>
+This chapter did not make it into this release.
+It is planned for the published release of this document.
+</para>
+
+</sect1>
+</chapter>
diff --git a/docs/docbook/projdoc/WindowsClientConfig.xml b/docs/docbook/projdoc/WindowsClientConfig.xml
new file mode 100644
index 0000000000..ea1d4d5aa3
--- /dev/null
+++ b/docs/docbook/projdoc/WindowsClientConfig.xml
@@ -0,0 +1,17 @@
+<chapter id="ClientConfig">
+<chapterinfo>
+ &author.jht;
+</chapterinfo>
+
+<title>MS Windows Network Configuration Guide</title>
+
+<sect1>
+<title>Note</title>
+
+<para>
+This chapter did not make it into this release.
+It is planned for the published release of this document.
+</para>
+
+</sect1>
+</chapter>
diff --git a/docs/docbook/smbdotconf/misc/valid.xml b/docs/docbook/smbdotconf/misc/valid.xml
new file mode 100644
index 0000000000..b5756f0afe
--- /dev/null
+++ b/docs/docbook/smbdotconf/misc/valid.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="-valid"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+ <listitem>
+ <para> This parameter indicates whether a share is
+ valid and thus can be used. When this parameter is set to false,
+ the share will be in no way visible nor accessible.
+ </para>
+
+ <para>
+ This option should not be
+ used by regular users but might be of help to developers.
+ Samba uses this option internally to mark shares as deleted.
+ </para>
+
+ <para>Default: <emphasis>True</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/totalprintjobs.xml b/docs/docbook/smbdotconf/printing/totalprintjobs.xml
new file mode 100644
index 0000000000..ccdb137a69
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/totalprintjobs.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="total print jobs"
+ context="G"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter accepts an integer value which defines
+ a limit on the maximum number of print jobs that will be accepted
+ system wide at any given time. If a print job is submitted
+ by a client which will exceed this number, then <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will return an
+ error indicating that no space is available on the server. The
+ default value of 0 means that no such limit exists. This parameter
+ can be used to prevent a server from exceeding its capacity and is
+ designed as a printing throttle. See also <link linkend="MAXPRINTJOBS">
+ <parameter moreinfo="none">max print jobs</parameter></link>.
+ </para>
+
+ <para>Default: <command moreinfo="none">total print jobs = 0</command></para>
+
+ <para>Example: <command moreinfo="none">total print jobs = 5000</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/protocol/clientusespnego.xml b/docs/docbook/smbdotconf/protocol/clientusespnego.xml
new file mode 100644
index 0000000000..df25fbfb20
--- /dev/null
+++ b/docs/docbook/smbdotconf/protocol/clientusespnego.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="client use spnego"
+ context="G"
+ developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para> This variable controls controls whether samba clients will try
+ to use Simple and Protected NEGOciation (as specified by rfc2478) with
+ WindowsXP and Windows2000 servers to agree upon an authentication mechanism.
+ </para>
+
+ <para>Default: <emphasis>client use spnego = yes</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/protocol/mapaclinherit.xml b/docs/docbook/smbdotconf/protocol/mapaclinherit.xml
new file mode 100644
index 0000000000..5b8ed7f656
--- /dev/null
+++ b/docs/docbook/smbdotconf/protocol/mapaclinherit.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="map acl inherit"
+ context="S"
+ advanced="1" wizard="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will attempt to map the 'inherit' and 'protected'
+ access control entry flags stored in Windows ACLs into an extended attribute
+ called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
+ on a platform that supports extended attributes (Linux and IRIX so far) and
+ allows the Windows 2000 ACL editor to correctly use inheritance with the Samba
+ POSIX ACL mapping code.
+ </para>
+
+ <para>Default: <command moreinfo="none">map acl inherit = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/protocol/profileacls.xml b/docs/docbook/smbdotconf/protocol/profileacls.xml
new file mode 100644
index 0000000000..6f2b3ec510
--- /dev/null
+++ b/docs/docbook/smbdotconf/protocol/profileacls.xml
@@ -0,0 +1,33 @@
+<samba:parameter name="profile acls"
+ context="S"
+ advanced="1" wizard="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>
+ This boolean parameter was added to fix the problems that people have been
+ having with storing user profiles on Samba shares from Windows 2000 or
+ Windows XP clients. New versions of Windows 2000 or Windows XP service
+ packs do security ACL checking on the owner and ability to write of the
+ profile directory stored on a local workstation when copied from a Samba
+ share. When not in domain mode with winbindd then the security info copied
+ onto the local workstation has no meaning to the logged in user (SID) on
+ that workstation so the profile storing fails. Adding this parameter
+ onto a share used for profile storage changes two things about the
+ returned Windows ACL. Firstly it changes the owner and group owner
+ of all reported files and directories to be BUILTIN\\Administrators,
+ BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly
+ it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to
+ every returned ACL. This will allow any Windows 2000 or XP workstation
+ user to access the profile. Note that if you have multiple users logging
+ on to a workstation then in order to prevent them from being able to access
+ each others profiles you must remove the "Bypass traverse checking" advanced
+ user right. This will prevent access to other users profile directories as
+ the top level profile directory (named after the user) is created by the
+ workstation profile code and has an ACL restricting entry to the directory
+ tree to the owning user.
+ </para>
+
+ <para>Default: <command moreinfo="none">profile acls = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/security/clientlanmanauth.xml b/docs/docbook/smbdotconf/security/clientlanmanauth.xml
new file mode 100644
index 0000000000..a427198ea3
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/clientlanmanauth.xml
@@ -0,0 +1,28 @@
+<samba:parameter name="client lanman auth"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter determines whether or not <citerefentry><refentrytitle>smbclient</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> and other samba client
+ tools will attempt to authenticate itself to servers using the
+ weaker LANMAN password hash. If disabled, only server which support NT
+ password hashes (e.g. Windows NT/2000, Samba, etc... but not
+ Windows 95/98) will be able to be connected from the Samba client.</para>
+
+ <para>The LANMAN encrypted response is easily broken, due to it's
+ case-insensitive nature, and the choice of algorithm. Clients
+ without Windows 95/98 servers are advised to disable
+ this option. </para>
+
+ <para>Disabling this option will also disable the <command
+ moreinfo="none">client plaintext auth</command> option</para>
+
+ <para>Likewise, if the <command moreinfo="none">client ntlmv2
+ auth</command> parameter is enabled, then only NTLMv2 logins will be
+ attempted. Not all servers support NTLMv2, and most will require
+ special configuration to us it.</para>
+
+ <para>Default : <command moreinfo="none">client lanman auth = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/security/clientntlmv2auth.xml b/docs/docbook/smbdotconf/security/clientntlmv2auth.xml
new file mode 100644
index 0000000000..0bf196488b
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/clientntlmv2auth.xml
@@ -0,0 +1,26 @@
+<samba:parameter name="client ntlmv2 auth"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter determines whether or not <citerefentry><refentrytitle>smbclient</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will attempt to
+ authenticate itself to servers using the NTLMv2 encrypted password
+ response.</para>
+
+ <para>If enabled, only an NTLMv2 and LMv2 response (both much more
+ secure than earlier versions) will be sent. Many servers
+ (including NT4 &lt; SP4, Win9x and Samba 2.2) are not compatible with
+ NTLMv2. </para>
+
+ <para>If disabled, an NTLM response (and possibly a LANMAN response)
+ will be sent by the client, depending on the value of <command
+ moreinfo="none">client lanman auth</command>. </para>
+
+ <para>Note that some sites (particularly
+ those following 'best practice' security polices) only allow NTLMv2
+ responses, and not the weaker LM or NTLM.</para>
+
+ <para>Default : <command moreinfo="none">client ntlmv2 auth = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/vfsobjects.xml b/docs/docbook/smbdotconf/vfs/vfsobjects.xml
new file mode 100644
index 0000000000..32a10b5bd6
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/vfsobjects.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="vfs objects"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the backend names which
+ are used for Samba VFS I/O operations. By default, normal
+ disk I/O operations are used but these can be overloaded
+ with one or more VFS objects. </para>
+
+ <para>Default: <emphasis>no value</emphasis></para>
+
+ <para>Example: <command moreinfo="none">vfs objects = extd_audit recycle</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/enableridalgorithm.xml b/docs/docbook/smbdotconf/winbind/enableridalgorithm.xml
new file mode 100644
index 0000000000..86786f0734
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/enableridalgorithm.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="enable rid algorithm"
+ context="G"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option is used to control whether or not smbd in Samba 3.0 should fallback
+ to the algorithm used by Samba 2.2 to generate user and group RIDs. The longterm
+ development goal is to remove the algorithmic mappings of RIDs altogether, but
+ this has proved to be difficult. This parameter is mainly provided so that
+ developers can turn the algorithm on and off and see what breaks. This parameter
+ should not be disabled by non-developers because certain features in Samba will fail
+ to work without it.
+ </para>
+
+ <para>Default: <command moreinfo="none">enable rid algorithm = &lt;yes&gt;</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/idmapgid.xml b/docs/docbook/smbdotconf/winbind/idmapgid.xml
new file mode 100644
index 0000000000..8bd46a80c6
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/idmapgid.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="idmap gid"
+ context="G"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+
+ <para>The idmap gid parameter specifies the range of group ids that are allocated for
+ the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no
+ existing local or NIS groups within it as strange conflicts can occur otherwise.</para>
+
+ <para>The availability of an idmap gid range is essential for correct operation of
+ all group mapping.</para>
+
+ <para>Default: <command moreinfo="none">idmap gid = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">idmap gid = 10000-20000</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/idmapuid.xml b/docs/docbook/smbdotconf/winbind/idmapuid.xml
new file mode 100644
index 0000000000..5e6a245bfe
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/idmapuid.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="idmap uid"
+ context="G"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The idmap uid parameter specifies the range of user ids that are allocated for use
+ in mapping UNIX users to NT user SIDs. This range of ids should have no existing local
+ or NIS users within it as strange conflicts can occur otherwise.</para>
+
+ <para>Default: <command moreinfo="none">idmap uid = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">idmap uid = 10000-20000</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/templateprimarygroup.xml b/docs/docbook/smbdotconf/winbind/templateprimarygroup.xml
new file mode 100644
index 0000000000..bd59ea7ee0
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/templateprimarygroup.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="template primary group"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option defines the default primary group for
+ each user created by <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>'s local account management
+ functions (similar to the 'add user script').
+ </para>
+
+ <para>Default: <command moreinfo="none">template primary group = nobody</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml b/docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml
new file mode 100644
index 0000000000..f6e7cfb359
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="winbind enable local accounts"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter controls whether or not winbindd
+ will act as a stand in replacement for the various account
+ management hooks in smb.conf (e.g. 'add user script').
+ If enabled, winbindd will support the creation of local
+ users and groups as another source of UNIX account information
+ available via getpwnam() or getgrgid(), etc...
+ </para>
+
+ <para>Default: <command moreinfo="none">winbind enable local accounts = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml b/docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml
new file mode 100644
index 0000000000..bf383131d4
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="winbind trusted domains only"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter is designed to allow Samba servers that
+ are members of a Samba controlled domain to use UNIX accounts
+ distributed vi NIS, rsync, or LDAP as the uid's for winbindd users
+ in the hosts primary domain. Therefore, the user 'SAMBA\user1' would
+ be mapped to the account 'user1' in /etc/passwd instead of allocating
+ a new uid for him or her.
+ </para>
+
+ <para>Default: <command moreinfo="none">winbind trusted domains only = &lt;no&gt;</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/xslt/generate-attributions.xsl b/docs/docbook/xslt/generate-attributions.xsl
new file mode 100644
index 0000000000..c781a77cc4
--- /dev/null
+++ b/docs/docbook/xslt/generate-attributions.xsl
@@ -0,0 +1,67 @@
+<?xml version='1.0'?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:exsl="http://exslt.org/common"
+ xmlns:samba="http://samba.org/common"
+ version="1.1"
+ extension-element-prefixes="exsl">
+
+<xsl:output method="xml" omit-xml-declaration="yes"/>
+
+<!-- Remove all character data -->
+<xsl:template match="@*|node()">
+ <xsl:apply-templates select="@*|node()"/>
+</xsl:template>
+
+<xsl:template match="book">
+ <xsl:element name="variablelist">
+ <xsl:apply-templates/>
+ </xsl:element>
+</xsl:template>
+
+<xsl:template match="chapter">
+ <xsl:element name="varlistentry">
+ <xsl:element name="term">
+ <xsl:element name="link">
+ <xsl:attribute name="linkend"><xsl:value-of select="@id"/></xsl:attribute>
+ <xsl:value-of select="title"/>
+ </xsl:element>
+ </xsl:element>
+ <xsl:element name="listitem">
+ <xsl:element name="para">
+ <xsl:element name="itemizedlist">
+ <xsl:apply-templates/>
+ </xsl:element>
+ </xsl:element>
+ </xsl:element>
+ </xsl:element>
+</xsl:template>
+
+<xsl:template match="author">
+ <xsl:element name="listitem">
+ <xsl:element name="para">
+ <xsl:value-of select="firstname"/><xsl:text> </xsl:text><xsl:value-of select="surname"/>
+ <xsl:choose>
+ <xsl:when test="affiliation/address/email != ''">
+ <xsl:text> &lt;</xsl:text>
+ <xsl:element name="ulink">
+ <xsl:attribute name="url">
+ <xsl:text>mailto:</xsl:text>
+ <xsl:value-of select="affiliation/address/email"/>
+ </xsl:attribute>
+ <xsl:value-of select="affiliation/address/email"/>
+ </xsl:element>
+ <xsl:text>&gt;</xsl:text>
+ </xsl:when>
+ </xsl:choose>
+ <xsl:choose>
+ <xsl:when test="contrib != ''">
+ <xsl:text> (</xsl:text>
+ <xsl:value-of select="contrib"/>
+ <xsl:text>) </xsl:text>
+ </xsl:when>
+ </xsl:choose>
+ </xsl:element>
+ </xsl:element>
+</xsl:template>
+
+</xsl:stylesheet>