13 files changed, 115 insertions, 49 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 218ce19955..f9c29fd41d 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -552,9 +552,12 @@ char *mktemp(char *); /* No standard include */
 #include <sys/vfs.h>
 #include <sys/id.h>
 #include <sys/priv.h>
+/* According to AIX 4.1 man pages, inet_ntoa needs the following headers */
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
 #include <netinet/tcp.h>
 #include <locale.h>
-#include <arpa/inet.h>    /* needed for inet_ntoa proto */
 #define SYSV
 #define USE_WAITPID
 #define USE_SIGBLOCK
diff --git a/source3/include/local.h b/source3/include/local.h
index 0e2a927d2e..b2a8f5ec57 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -17,16 +17,6 @@
    refer to the special "printers" service */
 #define PRINTERS_NAME "printers"
 
-/* this affects server level security. With this set (recommended)
-   samba will do a full NetWkstaUserLogon to confirm that the client
-   really should have login rights. This can cause problems with
-   machines in trust relationships in which case you can disable it
-   here, but be warned, we have heard that some NT machines will then
-   allow anyone in with any password! Make sure you test it. */
-#ifndef USE_NETWKSTAUSERLOGON
-#define USE_NETWKSTAUSERLOGON 1
-#endif
-
 /* define what facility to use for syslog */
 #ifndef SYSLOG_FACILITY
 #define SYSLOG_FACILITY LOG_DAEMON
@@ -37,7 +27,7 @@
    MAX_CONNECTIONS services, but any number of machines may connect at
    one time. */
 #define MAX_CONNECTIONS 127
-#define MAX_OPEN_FILES 100
+#define MAX_OPEN_FILES 10
 
 /* Default size of shared memory used for share mode locking */
 #ifndef SHMEM_SIZE
diff --git a/source3/include/proto.h b/source3/include/proto.h
index fd31db7e62..7f6321c869 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -279,6 +279,7 @@ BOOL lp_unix_realname(void);
 BOOL lp_nis_home_map(void);
 BOOL lp_time_server(void);
 BOOL lp_bind_interfaces_only(void);
+BOOL lp_net_wksta_user_logon(void);
 int lp_os_level(void);
 int lp_max_ttl(void);
 int lp_max_wins_ttl(void);
@@ -1340,6 +1341,7 @@ time_t make_unix_date2(void *date_ptr);
 time_t make_unix_date3(void *date_ptr);
 char *timestring(void );
 time_t get_create_time(struct stat *st);
+time_t get_access_time(struct stat *st);
 
 /*The following definitions come from  trans2.c  */
 
diff --git a/source3/lib/kanji.c b/source3/lib/kanji.c
index 2027a344c2..d63798914e 100644
--- a/source3/lib/kanji.c
+++ b/source3/lib/kanji.c
@@ -693,7 +693,39 @@ static char *sj_to_hex(char *from, BOOL overwrite)
 }
 
 /*******************************************************************
-  kanji/kana -> ":xx" 
+  CAP <-> SJIS
+********************************************************************/
+/* ":xx" CAP -> a byte */
+static char *cap_to_sj(char *from, BOOL overwrite)
+{
+    char *sp, *dp;
+
+    sp = (char *) from;
+    dp = cvtbuf;
+    while (*sp) {
+        /*
+         * The only change between this and hex_to_sj is here. sj_to_cap only
+         * translates characters greater or equal to 0x80 - make sure that here
+         * we only do the reverse (that's why the strchr is used rather than
+         * isxdigit. Based on fix from ado@elsie.nci.nih.gov (Arthur David Olson).
+         */
+        if (*sp == hex_tag && (strchr ("89abcdefABCDEF", sp[1]) != NULL) && isxdigit (sp[2])) {
+            *dp++ = (hex2bin (sp[1])<<4) | (hex2bin (sp[2]));
+            sp += 3;
+        } else
+            *dp++ = *sp++;
+    }
+    *dp = '\0';
+    if (overwrite) {
+        strcpy ((char *) from, (char *) cvtbuf);
+        return (char *) from;
+    } else {
+        return cvtbuf;
+    }
+}
+
+/*******************************************************************
+  kanji/kana -> ":xx" - CAP format.
 ********************************************************************/
 static char *sj_to_cap(char *from, BOOL overwrite)
 {
@@ -778,7 +810,7 @@ static int setup_string_function(int codes)
 
     case CAP_CODE:
 	_dos_to_unix = sj_to_cap;
-	_unix_to_dos = hex_to_sj;
+	_unix_to_dos = cap_to_sj;
 	break;
     }
     return codes;
diff --git a/source3/lib/time.c b/source3/lib/time.c
index f60af60c7a..62a7016994 100644
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -499,3 +499,14 @@ time_t get_create_time(struct stat *st)
    */
   return ret;
 }
+
+/****************************************************************************
+  return the 'access time' under UNIX from a stat structure. 
+  This function exists to allow modifications to be done depending
+  on what we want to return. Just return the normal atime (for now).
+****************************************************************************/
+    
+time_t get_access_time(struct stat *st)
+{
+  return st->st_atime;
+}
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 1b9ed00c31..1d65269f95 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1990,6 +1990,10 @@ int write_socket(int fd,char *buf,int len)
   ret = write_data(fd,buf,len);
       
   DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd,len,ret));
+  if(ret <= 0)
+    DEBUG(0,("write_socket: Error writing %d bytes to socket %d: ERRNO = %s\n", 
+       len, fd, strerror(errno) ));
+
   return(ret);
 }
 
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index d2db90fd67..0e55bc4ac1 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -188,6 +188,7 @@ typedef struct
   BOOL bNISHomeMap;
   BOOL bTimeServer;
   BOOL bBindInterfacesOnly;
+  BOOL bNetWkstaUserLogon;
 } global;
 
 static global Globals;
@@ -444,6 +445,7 @@ static struct parm_struct
   {"strip dot",        P_BOOL,    P_GLOBAL, &Globals.bStripDot,         NULL,   NULL},
   {"interfaces",       P_STRING,  P_GLOBAL, &Globals.szInterfaces,      NULL,   NULL},
   {"bind interfaces only", P_BOOL,P_GLOBAL, &Globals.bBindInterfacesOnly,NULL,   NULL},
+  {"networkstation user login", P_BOOL,P_GLOBAL, &Globals.bNetWkstaUserLogon,NULL,   NULL},
   {"password server",  P_STRING,  P_GLOBAL, &Globals.szPasswordServer,  NULL,   NULL},
   {"socket options",   P_GSTRING, P_GLOBAL, user_socket_options,        NULL,   NULL},
   {"netbios name",     P_UGSTRING,P_GLOBAL, myname,                     NULL,   NULL},
@@ -720,6 +722,7 @@ static void init_globals(void)
   Globals.client_code_page = DEFAULT_CLIENT_CODE_PAGE;
   Globals.bTimeServer = False;
   Globals.bBindInterfacesOnly = False;
+  Globals.bNetWkstaUserLogon = True;
 
 /* these parameters are set to defaults that are more appropriate
    for the increasing samba install base:
@@ -935,6 +938,7 @@ FN_GLOBAL_BOOL(lp_unix_realname,&Globals.bUnixRealname)
 FN_GLOBAL_BOOL(lp_nis_home_map,&Globals.bNISHomeMap)
 FN_GLOBAL_BOOL(lp_time_server,&Globals.bTimeServer)
 FN_GLOBAL_BOOL(lp_bind_interfaces_only,&Globals.bBindInterfacesOnly)
+FN_GLOBAL_BOOL(lp_net_wksta_user_logon,&Globals.bNetWkstaUserLogon)
 
 FN_GLOBAL_INTEGER(lp_os_level,&Globals.os_level)
 FN_GLOBAL_INTEGER(lp_max_ttl,&Globals.max_ttl)
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 71b89022e6..bf49a37203 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -486,7 +486,7 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
   /* we must get 6 tokens */
   if (count < 10)
   {
-      if ((count == 7) && (strcmp(tok[0],"QUEUED") == 0))
+      if ((count == 7) && ((strcmp(tok[0],"QUEUED") == 0) || (strcmp(tok[0],"HELD") == 0)))
       {
           /* the 2nd and 5th columns must be integer */
           if (!isdigit(*tok[1]) || !isdigit(*tok[4])) return(False);
@@ -508,7 +508,7 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
 
 
           buf->job = atoi(tok[1]);
-          buf->status = LPQ_QUEUED;
+          buf->status = strequal(tok[0],"HELD")?LPQ_PAUSED:LPQ_QUEUED;
 	  buf->priority = 0;
           buf->time = time(NULL);
           StrnCpy(buf->user,tok[3],sizeof(buf->user)-1);
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 80c7a43750..fb795e973e 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -437,7 +437,7 @@ BOOL check_lanman_password(char *user, unsigned char *pass1,
   /* Check that the two old passwords match. */
   if(memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
   {
-    DEBUG(0,("check_lanman_password: old password doens't match.\n"));
+    DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
     return False;
   }
 
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 0f8705d4be..607d01d2cf 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -514,9 +514,14 @@ static BOOL dfs_auth(char *this_user,char *password)
    * Assumes local passwd file is kept in sync w/ DCE RGY!
    */
 
-  if (!strcmp((char *)crypt(password,this_salt),this_crypted) ||
-      dcelogin_atmost_once)
-    return(False);
+  /* Fix for original (broken) code from Brett Wooldridge <brettw@austin.ibm.com> */
+  if (dce_login_atmost_once)
+    return (False);
+  /* This can be ifdefed as the DCE check below is stricter... */
+#ifndef NO_CRYPT
+  if ( strcmp((char *)crypt(password,this_salt),this_crypted) )
+    return (False);
+#endif
 
   if (sec_login_setup_identity(
 			       (unsigned char *)this_user,
@@ -1597,28 +1602,40 @@ BOOL server_validate(char *user, char *domain,
 		return False;
 	}
 
+        /*
+         * This patch from Rob Nielsen <ran@adc.com> makes doing
+         * the NetWksaUserLogon a dynamic, rather than compile-time
+         * parameter, defaulting to on. This is somewhat dangerous
+         * as it allows people to turn off this neccessary check,
+         * but so many people have had problems with this that I
+         * think it is a neccessary change. JRA.
+         */
+
+	if (lp_net_wksta_user_logon()) {
+		DEBUG(3,("trying NetWkstaUserLogon with password server %s\n", cli.desthost));
+		if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) {
+			DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost));
+			cli_tdis(&cli);
+			return False;
+		}
 
-#if USE_NETWKSTAUSERLOGON
-	if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) {
-		DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost));
-		cli_tdis(&cli);
-		return False;
-	}
-
-	if (cli.privilages == 0) {
-		DEBUG(1,("password server %s gave guest privilages\n", cli.desthost));
-		cli_tdis(&cli);
-		return False;
-	}
+		if (cli.privilages == 0) {
+			DEBUG(1,("password server %s gave guest privilages\n", cli.desthost));
+			cli_tdis(&cli);
+			return False;
+		}
 
-	if (!strequal(cli.eff_name, user)) {
-		DEBUG(1,("password server %s gave different username %s\n", 
-			 cli.desthost,
-			 cli.eff_name));
-		cli_tdis(&cli);
-		return False;
+		if (!strequal(cli.eff_name, user)) {
+			DEBUG(1,("password server %s gave different username %s\n", 
+			 	cli.desthost,
+			 	cli.eff_name));
+			cli_tdis(&cli);
+			return False;
+		}
 	}
-#endif
+        else {
+		DEBUG(3,("skipping NetWkstaUserLogon with password server %s\n", cli.desthost));
+        }
 
 	DEBUG(3,("password server %s accepted the password\n", cli.desthost));
 
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 4703dea475..db494d07db 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -3917,7 +3917,7 @@ int reply_getattrE(char *inbuf,char *outbuf)
      date to be last modify date as UNIX doesn't save
      this */
   put_dos_date2(outbuf,smb_vwv0,get_create_time(&sbuf));
-  put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime);
+  put_dos_date2(outbuf,smb_vwv2,get_access_time(&sbuf));
   put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime);
   if (mode & aDIR)
     {
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 3a12513454..94360a4c37 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1637,13 +1637,15 @@ BOOL check_file_sharing(int cnum,char *fname, BOOL rename_op)
           {
             DEBUG(0,("check_file_sharing: NT redirector workaround - rename attempted on \
 batch oplocked file %s, dev = %x, inode = %x\n", fname, dev, inode));
-#if 0
             /* 
              * This next line is a test that allows the deny-mode
-             * processing to be skipped. JRA.
+             * processing to be skipped. This seems to be needed as
+             * NT insists on the rename succeeding (in Office 9x no less !).
+             * This should be removed as soon as (a) MS fix the redirector
+             * bug or (b) NT SMB support in Samba makes NT not issue the
+             * call (as is my fervent hope). JRA.
              */ 
             continue;
-#endif
           }
           else
           {
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index a9e15f65c4..825dd0a25e 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -375,7 +375,7 @@ static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_l
 
 	  size = sbuf.st_size;
 	  mdate = sbuf.st_mtime;
-	  adate = sbuf.st_atime;
+	  adate = get_access_time(&sbuf);
 	  cdate = get_create_time(&sbuf);
 	  if(mode & aDIR)
 	    size = 0;
@@ -1129,7 +1129,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
     case SMB_INFO_QUERY_EA_SIZE:
       data_size = (info_level==1?22:26);
       put_dos_date2(pdata,l1_fdateCreation,get_create_time(&sbuf));
-      put_dos_date2(pdata,l1_fdateLastAccess,sbuf.st_atime); /* access time */
+      put_dos_date2(pdata,l1_fdateLastAccess,get_access_time(&sbuf));
       put_dos_date2(pdata,l1_fdateLastWrite,sbuf.st_mtime); /* write time */
       SIVAL(pdata,l1_cbFile,size);
       SIVAL(pdata,l1_cbFileAlloc,ROUNDUP(size,1024));
@@ -1140,7 +1140,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
     case SMB_INFO_QUERY_EAS_FROM_LIST:
       data_size = 24;
       put_dos_date2(pdata,0,get_create_time(&sbuf));
-      put_dos_date2(pdata,4,sbuf.st_atime);
+      put_dos_date2(pdata,4,get_access_time(&sbuf));
       put_dos_date2(pdata,8,sbuf.st_mtime);
       SIVAL(pdata,12,size);
       SIVAL(pdata,16,ROUNDUP(size,1024));
@@ -1158,7 +1158,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
     case SMB_QUERY_FILE_BASIC_INFO:
       data_size = 36; /* w95 returns 40 bytes not 36 - why ?. */
       put_long_date(pdata,get_create_time(&sbuf));
-      put_long_date(pdata+8,sbuf.st_atime); /* access time */
+      put_long_date(pdata+8,get_access_time(&sbuf));
       put_long_date(pdata+16,sbuf.st_mtime); /* write time */
       put_long_date(pdata+24,sbuf.st_mtime); /* change time */
       SIVAL(pdata,32,mode);
@@ -1167,8 +1167,9 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
       {
         time_t create_time = get_create_time(&sbuf);
         DEBUG(5,("create: %s ", ctime(&create_time)));
+        create_time = get_access_time(&sbuf);
+        DEBUG(5,("access: %s ", ctime(&create_time)));
       }
-      DEBUG(5,("access: %s ", ctime(&sbuf.st_atime)));
       DEBUG(5,("write: %s ", ctime(&sbuf.st_mtime)));
       DEBUG(5,("change: %s ", ctime(&sbuf.st_mtime)));
       DEBUG(5,("mode: %x\n", mode));
@@ -1222,7 +1223,7 @@ static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length,
 
     case SMB_QUERY_FILE_ALL_INFO:
       put_long_date(pdata,get_create_time(&sbuf));
-      put_long_date(pdata+8,sbuf.st_atime); /* access time */
+      put_long_date(pdata+8,get_access_time(&sbuf));
       put_long_date(pdata+16,sbuf.st_mtime); /* write time */
       put_long_date(pdata+24,sbuf.st_mtime); /* change time */
       SIVAL(pdata,32,mode);