diff options
131 files changed, 5828 insertions, 0 deletions
diff --git a/docs/docbook/projdoc/IntroSMB.sgml b/docs/docbook/projdoc/IntroSMB.sgml new file mode 100644 index 0000000000..e81155a36f --- /dev/null +++ b/docs/docbook/projdoc/IntroSMB.sgml @@ -0,0 +1,175 @@ +<chapter id="IntroSMB"> +<chapterinfo> + &author.dlechnyr; + <pubdate>April 13, 2003</pubdate> +</chapterinfo> + +<title>Introduction to Samba</title> + +<para> +Samba provides MS Windows file and print services over TCP/IP and provides compatible support for +all SMB/CIFS enabled clients. Samba can be used to provide seemless interoperability between unix +/ Linux systems and MS Windows clients and servers. A global team of about 30 active programmers +is responsible for the development of Samba, a marvelous tool that was originally developed by +Andrew Tridgell. That team of developers is known as the Samba-Team. +</para> + +<sect1> +<title>Background</title> + +<para> +Once long ago, there was a buzzword referred to as DCE/RPC. This stood for Distributed Computing +Environment/Remote Procedure Calls and conceptually was a good idea. It was originally developed +by Apollo/HP as NCA 1.0 (Network Computing Architecture) and only ran over UDP. When there was +a need to run it over TCP so that it would be compatible with DECnet 3.0, it was redesigned, +submitted to The Open Group, and officially became known as DCE/RPC. Microsoft came along and +decided, rather than pay $20 per seat to license this technology, to reimplement DCE/RPC +themselves as MSRPC. From this, the concept continued in the form of SMB (Server Message Block, +or the "what") using the NetBIOS (Network Basic Input/Output System, or the "how") compatibility +layer. You can run SMB (i.e., transport) over several different protocols; many different +implementations arose as a result, including NBIPX (NetBIOS over IPX, NwLnkNb, or NWNBLink) and +NBT (NetBIOS over TCP/IP, or NetBT). As the years passed, NBT became the most common form of +implementation until the advance of "Direct-Hosted TCP" -- the Microsoft marketing term for +eliminating NetBIOS entirely and running SMB by itself across TCP port 445 only. As of yet, +direct-hosted TCP has yet to catch on. And so the story goes. +</para> + +<para> +Perhaps the best summary of the origins of SMB are voiced in the 1997 article titled, CIFS: +Common Insecurities Fail Scrutiny: +</para> + +<para><emphasis> +Several megabytes of NT-security archives, random whitepapers, RFCs, the CIFS spec, the Samba +stuff, a few MS knowledge-base articles, strings extracted from binaries, and packet dumps have +been dutifully waded through during the information-gathering stages of this project, and there +are *still* many missing pieces... While often tedious, at least the way has been generously +littered with occurrences of clapping hand to forehead and muttering 'crikey, what are they +thinking? +</emphasis></para> + +<sect2> +<title>Terminology</title> + +<itemizedlist> + + <listitem><para> + SMB: Acronym for "Server Message Block". This is a Microsoft's file and printer + sharing protocol. + </para></listitem> + + <listitem><para> + CIFS: Acronym for the "Common Internet File System". Around 1996, Microsoft apparently + decided that SMB needed the word "Internet" in it, so they changed it to CIFS. + </para></listitem> + + <listitem><para> + Direct-Hosted: A method of providing file/printer sharing services over port 445/tcp + only, using DNS for name resolution instead of WINS. + </para></listitem> + + <listitem><para> + IPC: Acronym for "Inter-process Communication". A method to communicate specific + information between programs. + </para></listitem> + + <listitem><para> + Marshalling: - A method of serializing (i.e., sequential ordering of) variable data + suitable for transmission via a network connection or storing in a file. The source + data can be re-created using a similar process called unmarshalling. + </para></listitem> + + <listitem><para> + NetBIOS: Acronym for "Network Basic Input/Output System". This is not a protocol; + it is a method of communication across an existing protocol. This is a standard which + was originally developed for IBM by Sytek in 1983. To exaggerate the analogy a bit, + it can help to think of this in comparison your computer's BIOS -- it controlls the + essential functions of your input/output hardware -- whereas NetBIOS controlls the + essential functions of your input/output traffic via the network. Again, this is a bit + of an exaggeration but it should help that paradigm shift. What is important to realize + is that NetBIOS is a transport standard, not a protocol. Unfortunately, even technically + brilliant people tend to interchange NetBIOS with terms like NetBEUI without a second + thought; this will cause no end (and no doubt) of confusion. + </para></listitem> + + <listitem><para> + NetBEUI: Acronym for the "NetBIOS Extended User Interface". Unlike NetBIOS, NetBEUI + is a protocol, not a standard. It is also not routable, so traffic on one side of a + router will be unable to communicate with the other side. Understanding NetBEUI is + not essential to deciphering SMB; however it helps to point out that it is not the + same as NetBIOS and to improve your score in trivia at parties. NetBEUI was originally + referred to by Microsoft as "NBF", or "The Windows NT NetBEUI Frame protocol driver". + It is not often heard from these days. + </para></listitem> + + <listitem><para> + NBT: Acronym for "NetBIOS over TCP"; also known as "NetBT". Allows the continued use + of NetBIOS traffic proxied over TCP/IP. As a result, NetBIOS names are made equivilant + to IP addresses and NetBIOS name types are conceptually equivilant to TCP/IP ports. + This is how file and printer sharing are accomplished in Windows 95/98/ME. They + traditionally rely on three ports: NetBIOS Name Service (nbname) via UDP port 137, + NetBIOS Datagram Service (nbdatagram) via UDP port 138, and NetBIOS Session Service + (nbsession) via TCP port 139. All name resolution is done via WINS, NetBIOS broadcasts, + and DNS. NetBIOS over TCP is documented in RFC 1001 (Concepts and methods) and RFC 1002 + (Detailed specifications). + </para></listitem> + + <listitem><para> + W2K: Acronym for Windows 2000 Professional or Server + </para></listitem> + + <listitem><para> + W3K: Acronym for Windows 2003 Server + </para></listitem> + +</itemizedlist> + +</sect2> + +<sect2> +<title>Related Projects> + +<para> +Currently, there are two projects that are directly related to Samba: SMBFS and CIFS network +client file systems for Linux, both available in the Linux kernel itself. +</para> + +<itemizedlist> + + <listitem><para> + SMBFS (Server Message Block File System) allows you to mount SMB shares (the protocol + Windows 95/98/ME, Windows NT/2000/XP and OS/2 Lan Manager use to share files and printers + over local networks) and access them just like any other Unix directory. This is useful + if you just want to mount such filesystems without being a SMBFS server. + </para></listitem> + + <listitem><para> + CIFS (Common Internet File System) is the successor to SMB, and is actively being worked + on in the upcoming version of the Linux kernel (2.5/2.6). The intent of this module is to + provide advanced network file system functionality including support for dfs (heirarchical + name space), secure per-user session establishment, safe distributed caching (oplock), + optional packet signing, Unicode and other internationalization improvements, and optional + Winbind (nsswitch) integration. If you enable CONFIG_CIFS in the Linux kernel, be aware + that it is currently in an early development stage and may not be as stable as the existing + CONFIG_SMB_FS option. + </para></listitem> + +</itemizedlist> + +<para> +Again, it's important to note that these are implementations for client filesystems, and have +nothing to do with acting as a file and print server for SMB/CIFS clients. +</para> + +</sect2> + +<sect2> +<title>Miscellaneous</title> + +<para> +This chapter is Copyright © 2003 David Lechnyr. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation. A copy of the license is available at http://www.gnu.org/licenses/fdl.txt. +</para> + +</sect2> +</sect1> +</chapter> diff --git a/docs/docbook/projdoc/Problems.sgml b/docs/docbook/projdoc/Problems.sgml new file mode 100644 index 0000000000..1f880a78cd --- /dev/null +++ b/docs/docbook/projdoc/Problems.sgml @@ -0,0 +1,276 @@ +<chapter id="problems"> + +<chapterinfo> + &author.jerry; + &author.jelmer; + <author> + <firstname>David</firstname><surname>Bannon</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address><email>dbannon@samba.org</email></address> + </affiliation> + </author> + <pubdate>8 Apr 2003</pubdate> +</chapterinfo> + +<title>Analysing and solving samba problems</title> + +<para> +There are many sources of information available in the form +of mailing lists, RFC's and documentation. The docs that come +with the samba distribution contain very good explanations of +general SMB topics such as browsing.</para> + +<sect1> +<title>Diagnostics tools</title> + + <para> +One of the best diagnostic tools for debugging problems is Samba itself. +You can use the -d option for both smbd and nmbd to specify what +'debug level' at which to run. See the man pages on smbd, nmbd and +smb.conf for more information on debugging options. The debug +level can range from 1 (the default) to 10 (100 for debugging passwords). +</para> + +<para> +Another helpful method of debugging is to compile samba using the +<command>gcc -g </command> flag. This will include debug +information in the binaries and allow you to attach gdb to the +running smbd / nmbd process. In order to attach gdb to an smbd +process for an NT workstation, first get the workstation to make the +connection. Pressing ctrl-alt-delete and going down to the domain box +is sufficient (at least, on the first time you join the domain) to +generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation +maintains an open connection, and therefore there will be an smbd +process running (assuming that you haven't set a really short smbd +idle timeout) So, in between pressing ctrl alt delete, and actually +typing in your password, you can gdb attach and continue. +</para> + +<para> +Some useful samba commands worth investigating: +</para> + +<itemizedlist> + <listitem><para>testparam | more</para></listitem> + <listitem><para>smbclient -L //{netbios name of server}</para></listitem> +</itemizedlist> + +<para> +An SMB enabled version of tcpdump is available from +<ulink url="http://www.tcpdump.org/">http://www.tcpdup.org/</ulink>. +Ethereal, another good packet sniffer for Unix and Win32 +hosts, can be downloaded from <ulink +url="http://www.ethereal.com/">http://www.ethereal.com</ulink>. +</para> + +<para> +For tracing things on the Microsoft Windows NT, Network Monitor +(aka. netmon) is available on the Microsoft Developer Network CD's, +the Windows NT Server install CD and the SMS CD's. The version of +netmon that ships with SMS allows for dumping packets between any two +computers (i.e. placing the network interface in promiscuous mode). +The version on the NT Server install CD will only allow monitoring +of network traffic directed to the local NT box and broadcasts on the +local subnet. Be aware that Ethereal can read and write netmon +formatted files. +</para> + +</sect1> + +<sect1> +<title>Installing 'Network Monitor' on an NT Workstation or a Windows 9x box</title> + +<para> +Installing netmon on an NT workstation requires a couple +of steps. The following are for installing Netmon V4.00.349, which comes +with Microsoft Windows NT Server 4.0, on Microsoft Windows NT +Workstation 4.0. The process should be similar for other version of +Windows NT / Netmon. You will need both the Microsoft Windows +NT Server 4.0 Install CD and the Workstation 4.0 Install CD. +</para> + +<para> +Initially you will need to install 'Network Monitor Tools and Agent' +on the NT Server. To do this +</para> + +<itemizedlist> + <listitem><para>Goto Start - Settings - Control Panel - + Network - Services - Add </para></listitem> + + <listitem><para>Select the 'Network Monitor Tools and Agent' and + click on 'OK'.</para></listitem> + + <listitem><para>Click 'OK' on the Network Control Panel. + </para></listitem> + + <listitem><para>Insert the Windows NT Server 4.0 install CD + when prompted.</para></listitem> +</itemizedlist> + +<para> +At this point the Netmon files should exist in +<filename>%SYSTEMROOT%\System32\netmon\*.*</filename>. +Two subdirectories exist as well, <filename>parsers\</filename> +which contains the necessary DLL's for parsing the netmon packet +dump, and <filename>captures\</filename>. +</para> + +<para> +In order to install the Netmon tools on an NT Workstation, you will +first need to install the 'Network Monitor Agent' from the Workstation +install CD. +</para> + +<itemizedlist> + <listitem><para>Goto Start - Settings - Control Panel - + Network - Services - Add</para></listitem> + + <listitem><para>Select the 'Network Monitor Agent' and click + on 'OK'.</para></listitem> + + <listitem><para>Click 'OK' on the Network Control Panel. + </para></listitem> + + <listitem><para>Insert the Windows NT Workstation 4.0 install + CD when prompted.</para></listitem> +</itemizedlist> + +<para> +Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* +to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set +permissions as you deem appropriate for your site. You will need +administrative rights on the NT box to run netmon. +</para> + +<para> +To install Netmon on a Windows 9x box install the network monitor agent +from the Windows 9x CD (\admin\nettools\netmon). There is a readme +file located with the netmon driver files on the CD if you need +information on how to do this. Copy the files from a working +Netmon installation. +</para> + +</sect1> + +<sect1> +<title>Useful URL's</title> +<itemizedlist> + +<listitem><para>Home of Samba site <ulink url="http://samba.org"> + http://samba.org</ulink>. We have a mirror near you !</para></listitem> + +<listitem><para> The <emphasis>Development</emphasis> document +on the Samba mirrors might mention your problem. If so, +it might mean that the developers are working on it.</para></listitem> + +<listitem><para>See how Scott Merrill simulates a BDC behavior at + <ulink url="http://www.skippy.net/linux/smb-howto.html"> + http://www.skippy.net/linux/smb-howto.html</ulink>. </para></listitem> + +<listitem><para>Although 2.0.7 has almost had its day as a PDC, David Bannon will + keep the 2.0.7 PDC pages at <ulink url="http://bioserve.latrobe.edu.au/samba"> + http://bioserve.latrobe.edu.au/samba</ulink> going for a while yet.</para></listitem> + +<listitem><para>Misc links to CIFS information + <ulink url="http://samba.org/cifs/">http://samba.org/cifs/</ulink></para></listitem> + +<listitem><para>NT Domains for Unix <ulink url="http://mailhost.cb1.com/~lkcl/ntdom/"> + http://mailhost.cb1.com/~lkcl/ntdom/</ulink></para></listitem> + +<listitem><para>FTP site for older SMB specs: + <ulink url="ftp://ftp.microsoft.com/developr/drg/CIFS/"> + ftp://ftp.microsoft.com/developr/drg/CIFS/</ulink></para></listitem> + +</itemizedlist> + +</sect1> + +<sect1> +<title>Getting help from the mailing lists</title> + +<para> +There are a number of Samba related mailing lists. Go to <ulink +url="http://samba.org">http://samba.org</ulink>, click on your nearest mirror +and then click on <command>Support</command> and then click on <command> +Samba related mailing lists</command>. +</para> + +<para> +For questions relating to Samba TNG go to +<ulink url="http://www.samba-tng.org/">http://www.samba-tng.org/</ulink> +It has been requested that you don't post questions about Samba-TNG to the +main stream Samba lists.</para> + +<para> +If you post a message to one of the lists please observe the following guide lines : +</para> + +<itemizedlist> + +<listitem><para> Always remember that the developers are volunteers, they are +not paid and they never guarantee to produce a particular feature at +a particular time. Any time lines are 'best guess' and nothing more. +</para></listitem> + +<listitem><para> Always mention what version of samba you are using and what +operating system its running under. You should probably list the +relevant sections of your &smb.conf; file, at least the options +in [global] that affect PDC support.</para></listitem> + +<listitem><para>In addition to the version, if you obtained Samba via +CVS mention the date when you last checked it out.</para></listitem> + +<listitem><para> Try and make your question clear and brief, lots of long, +convoluted questions get deleted before they are completely read ! +Don't post html encoded messages (if you can select colour or font +size its html).</para></listitem> + +<listitem><para> If you run one of those nifty 'I'm on holidays' things when +you are away, make sure its configured to not answer mailing lists. +</para></listitem> + +<listitem><para> Don't cross post. Work out which is the best list to post to +and see what happens, i.e. don't post to both samba-ntdom and samba-technical. +Many people active on the lists subscribe to more +than one list and get annoyed to see the same message two or more times. +Often someone will see a message and thinking it would be better dealt +with on another, will forward it on for you.</para></listitem> + +<listitem><para>You might include <emphasis>partial</emphasis> +log files written at a debug level set to as much as 20. +Please don't send the entire log but enough to give the context of the +error messages.</para></listitem> + +<listitem><para>(Possibly) If you have a complete netmon trace ( from the opening of +the pipe to the error ) you can send the *.CAP file as well.</para></listitem> + +<listitem><para>Please think carefully before attaching a document to an email. +Consider pasting the relevant parts into the body of the message. The samba +mailing lists go to a huge number of people, do they all need a copy of your +smb.conf in their attach directory?</para></listitem> + +</itemizedlist> + +</sect1> + +<sect1> +<title>How to get off the mailinglists</title> + +<para>To have your name removed from a samba mailing list, go to the +same place you went to to get on it. Go to <ulink +url="http://lists.samba.org/">http://lists.samba.org</ulink>, +click on your nearest mirror and then click on <command>Support</command> and +then click on <command> Samba related mailing lists</command>. Or perhaps see +<ulink url="http://lists.samba.org/mailman/roster/samba-ntdom">here</ulink> +</para> + +<para> +Please don't post messages to the list asking to be removed, you will just +be referred to the above address (unless that process failed in some way...) +</para> + +</sect1> + +</chapter> diff --git a/docs/docbook/smbdotconf/README b/docs/docbook/smbdotconf/README new file mode 100644 index 0000000000..9a037149ad --- /dev/null +++ b/docs/docbook/smbdotconf/README @@ -0,0 +1,158 @@ +DocBook XML 4.2 source code for smb.conf(5) documentation for Samba 3.0 + +Author of the document: Alexander Bokovoy <ab@samba.org> + +Welcome to new smb.conf(5) documentation build system! This directory +contains a new incarnation of Samba's smb.conf(5) Docbook XML 4.2 +sources. Note that the output might be unsatisfying untill all smb.conf(5) +parameters will converted to new format (see Chapter 4 for details). + +Content +------- + +0. Prerequisites +1. Structure +2. XSLT stylesheets +3. Usage +4. Current status of converted parameters + +Prerequisites +------------- + +In order to compile smb.conf(5) documentation from Docbook XML 4.2 +sources you'll need: + + - a working libxml2 and libxslt installation, together with xsltproc utility + + - a locally installed Docbook XSL 4.2 or higher + + - a working xmlcatalog to eliminate Web access for Docbook XSL + +The latter requisite is important: we do not specify local copies of +Docbook XSL stylesheets in our XSLTs because of real nightmare in their +location in most distributions. Fortunately, libxml2 provides standard +way to access locally installed external resources via so-called +'xmlcatalog' tool. It is working in RedHat, Mandrake, ALT Linux, and +some other distributions but wasn't at the moment of this writting (Late +March'03) in Debian. + +Structure +--------- + +smb.conf(5) sources consist of a number of XML files distributed across +a number of subdirectories. Each subdirectory represents a group of +smb.conf(5) parameters dedicated to one specific task as described in +Samba's loadparm.c source file (and shown in SWAT). + +Each XML file in subdirectories represents one parameter description, +together with some additional meta-information about it. Complete list +of meta-information attributes + +attribute description +------------------------------------------------------------------- +name smb.conf(5) parameter name +context G for global, S for services +basic set to 1 if loadparm.c's description +wizard includes appropriate flag for +advanced this parameter (FLAG_BASIC, +developer FLAG_ADVANCED, FLAG_WIZARD, FLAG_DEVELOPER) +------------------------------------------------------------------- + +Main XML file for smb.conf(5) is smb.conf.5.xml. It contains a general +stub for man page and several XML instructions to include: + + - a list of global parameters (auto-generated); + + - a list of service parameters (auto-generated); + + - a complete list of alphabetically sorted parameters (auto-generated). + +XSLT stylesheets +---------------- + +In order to combine and build final version of smb.conf(5) we apply a +set of XSLT stylesheets to smb.conf(5) sources. Following is the +complete description of existing stylesheets in smb.conf(5) source tree: + +1. [expand-smb.conf.xsl] Main driver, produces big XML source with all +smaller components combined. The resulted tree is then feed to Docbook +XSL for final producing. + +This stylesheet performs two main transformations: + + - Replaces <samba:parameter> tag by <varlistentry> one; + + - Generates <term> and <anchor> tags for each <samba:parameter>. + +The latter step needs some explanation. We generate automatically +<anchor> and <term> tags based on meta-information about parameter. This +way all anchors have predictable names (capitalized parameter name with +all spaces supressed) and we really don't need to dublicate data. + +There was only one exception to the generation rule in smb.conf.5.sgml: +"use spnego" parameter had anchor SPNEGO which is now unified to +USESPNEGO. This also fixes a bug in SWAT which was unable to find SPNEGO +achnor. + +2. [generate-context.xsl] An utility stylesheet which main purpose is to +produce a list of parameters which are applicable for selected context +(global or service). + +The generate-context.xsl is run twice to generate both +parameters.global.xml and parameters.service.xml which are included then +by smb.conf.5.xml. This stylesheet relies on parameters.all.xml file +which is generated by [generate-file-list.sh] shell script. + +The parameters.all.xml file contains a complete list of include +instructions for XSLT processor to include all small XML files from +subdirectories. + +3. [man.xsl] Our local copy of Docbook XML to man(5) transformer. It +fixes some annoying errors in official Docbook XSL stylesheets and adds +our tuned parameters. This file really belongs to upper level where it +would occur later, as we'll move to Docbook XML completely. + +4. [split-original-smb.conf.xsl] This stylesheet isn't required anymore. +It was used for initial split of SGML-based smb.conf.5.sgml onto a set +of per-parameter XML files. I left it in source tree just for historical +interest. :) + +Usage +----- + +1. Generate [parameters.all.xml]: + sh generate-file-list.sh >parameters.all.xml + +2. Generate [parameters.global.xml]: + xsltproc --xinclude \ + --param smb.context "'G'" \ + --output parameters.global.xml \ + generate-context.xsl parameters.all.xml + +3. Generate [parameters.service.xml]: + xsltproc --xinclude \ + --param smb.context "'S'" \ + --output parameters.service.xml \ + generate-context.xsl parameters.all.xml + +4. Process smb.conf.5.xml (for example, to HTML): + xsltproc --xinclude expand-smb.conf.xsl smb.conf.5.xml | \ + xsltproc http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl - > smb.conf.5.html + +Note that in step 4 we are not saving preprocessed smb.conf.5.xml to +disk and directly passing it to the next XSLT processor (in this case -- +Docbook XML to HTML generator). + +For convenience, this sequence of commands is added into source tree as +process-all.sh + +Current state of converted parameters +------------------------------------- + +Only 'misc' parameters don't converted so far. + +All undocumented parameters are listed in doc-status file in of Samba's +docs/ directory. + +Any help is greatly appreciated. + diff --git a/docs/docbook/smbdotconf/browse/browsable.xml b/docs/docbook/smbdotconf/browse/browsable.xml new file mode 100644 index 0000000000..bd35732927 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/browsable.xml @@ -0,0 +1,9 @@ +<samba:parameter name="browsable" + context="S" + hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>See the <link linkend="BROWSEABLE"> + <parameter moreinfo="none">browseable</parameter></link>.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/browseable.xml b/docs/docbook/smbdotconf/browse/browseable.xml new file mode 100644 index 0000000000..5da61cccfb --- /dev/null +++ b/docs/docbook/smbdotconf/browse/browseable.xml @@ -0,0 +1,11 @@ +<samba:parameter name="browseable" + context="S" + basic="1" advanced="1" print="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether this share is seen in + the list of available shares in a net view and in the browse list.</para> + + <para>Default: <command moreinfo="none">browseable = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/browselist.xml b/docs/docbook/smbdotconf/browse/browselist.xml new file mode 100644 index 0000000000..17a962a3f5 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/browselist.xml @@ -0,0 +1,14 @@ +<samba:parameter name="browse list" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will serve a browse list to + a client doing a <command moreinfo="none">NetServerEnum</command> call. Normally + set to <constant>yes</constant>. You should never need to change + this.</para> + + <para>Default: <command moreinfo="none">browse list = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/domainmaster.xml b/docs/docbook/smbdotconf/browse/domainmaster.xml new file mode 100644 index 0000000000..7bd334bbb5 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/domainmaster.xml @@ -0,0 +1,38 @@ +<samba:parameter name="domain master" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Tell <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> to enable WAN-wide browse list + collation. Setting this option causes <command moreinfo="none">nmbd</command> to + claim a special domain specific NetBIOS name that identifies + it as a domain master browser for its given <link linkend="WORKGROUP"> + <parameter moreinfo="none">workgroup</parameter></link>. Local master browsers + in the same <parameter moreinfo="none">workgroup</parameter> on broadcast-isolated + subnets will give this <command moreinfo="none">nmbd</command> their local browse lists, + and then ask <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> for a complete copy of the browse + list for the whole wide area network. Browser clients will then contact + their local master browser, and will receive the domain-wide browse list, + instead of just the list for their broadcast-isolated subnet.</para> + + <para>Note that Windows NT Primary Domain Controllers expect to be + able to claim this <parameter moreinfo="none">workgroup</parameter> specific special + NetBIOS name that identifies them as domain master browsers for + that <parameter moreinfo="none">workgroup</parameter> by default (i.e. there is no + way to prevent a Windows NT PDC from attempting to do this). This + means that if this parameter is set and <command moreinfo="none">nmbd</command> claims + the special name for a <parameter moreinfo="none">workgroup</parameter> before a Windows + NT PDC is able to do so then cross subnet browsing will behave + strangely and may fail.</para> + + <para>If <link linkend="DOMAINLOGONS"><command moreinfo="none">domain logons = yes</command> + </link>, then the default behavior is to enable the <parameter moreinfo="none">domain + master</parameter> parameter. If <parameter moreinfo="none">domain logons</parameter> is + not enabled (the default setting), then neither will <parameter moreinfo="none">domain + master</parameter> be enabled by default.</para> + + <para>Default: <command moreinfo="none">domain master = auto</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml b/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml new file mode 100644 index 0000000000..8fb3be1603 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml @@ -0,0 +1,27 @@ +<samba:parameter name="enhanced browsing" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option enables a couple of enhancements to + cross-subnet browse propagation that have been added in Samba + but which are not standard in Microsoft implementations. + </para> + + <para>The first enhancement to browse propagation consists of a regular + wildcard query to a Samba WINS server for all Domain Master Browsers, + followed by a browse synchronization with each of the returned + DMBs. The second enhancement consists of a regular randomised browse + synchronization with all currently known DMBs.</para> + + <para>You may wish to disable this option if you have a problem with empty + workgroups not disappearing from browse lists. Due to the restrictions + of the browse protocols these enhancements can cause a empty workgroup + to stay around forever which can be annoying.</para> + + <para>In general you should leave this option enabled as it makes + cross-subnet browse propagation much more reliable.</para> + + <para>Default: <command moreinfo="none">enhanced browsing = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/lmannounce.xml b/docs/docbook/smbdotconf/browse/lmannounce.xml new file mode 100644 index 0000000000..b18234443a --- /dev/null +++ b/docs/docbook/smbdotconf/browse/lmannounce.xml @@ -0,0 +1,27 @@ +<samba:parameter name="lm announce" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will produce Lanman announce + broadcasts that are needed by OS/2 clients in order for them to see + the Samba server in their browse list. This parameter can have three + values, <constant>yes</constant>, <constant>no</constant>, or + <constant>auto</constant>. The default is <constant>auto</constant>. + If set to <constant>no</constant> Samba will never produce these + broadcasts. If set to <constant>yes</constant> Samba will produce + Lanman announce broadcasts at a frequency set by the parameter + <parameter moreinfo="none">lm interval</parameter>. If set to <constant>auto</constant> + Samba will not send Lanman announce broadcasts by default but will + listen for them. If it hears such a broadcast on the wire it will + then start sending them at a frequency set by the parameter + <parameter moreinfo="none">lm interval</parameter>.</para> + + <para>See also <link linkend="LMINTERVAL"><parameter moreinfo="none">lm interval</parameter></link>.</para> + + <para>Default: <command moreinfo="none">lm announce = auto</command></para> + + <para>Example: <command moreinfo="none">lm announce = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/lminterval.xml b/docs/docbook/smbdotconf/browse/lminterval.xml new file mode 100644 index 0000000000..58e4cc30ba --- /dev/null +++ b/docs/docbook/smbdotconf/browse/lminterval.xml @@ -0,0 +1,20 @@ +<samba:parameter name="lm interval" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>If Samba is set to produce Lanman announce + broadcasts needed by OS/2 clients (see the <link linkend="LMANNOUNCE"> + <parameter moreinfo="none">lm announce</parameter></link> parameter) then this + parameter defines the frequency in seconds with which they will be + made. If this is set to zero then no Lanman announcements will be + made despite the setting of the <parameter moreinfo="none">lm announce</parameter> + parameter.</para> + + <para>See also <link linkend="LMANNOUNCE"><parameter moreinfo="none">lm announce</parameter></link>.</para> + + <para>Default: <command moreinfo="none">lm interval = 60</command></para> + + <para>Example: <command moreinfo="none">lm interval = 120</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/localmaster.xml b/docs/docbook/smbdotconf/browse/localmaster.xml new file mode 100644 index 0000000000..ac2626c679 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/localmaster.xml @@ -0,0 +1,22 @@ +<samba:parameter name="local master" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option allows <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> to try and become a local master browser + on a subnet. If set to <constant>no</constant> then <command moreinfo="none"> + nmbd</command> will not attempt to become a local master browser + on a subnet and will also lose in all browsing elections. By + default this value is set to <constant>yes</constant>. Setting this value to + <constant>yes</constant> doesn't mean that Samba will <emphasis>become</emphasis> the + local master browser on a subnet, just that <command moreinfo="none">nmbd</command> + will <emphasis>participate</emphasis> in elections for local master browser.</para> + + <para>Setting this value to <constant>no</constant> will cause <command + moreinfo="none">nmbd</command> <emphasis>never</emphasis> to become a local + master browser.</para> + + <para>Default: <command moreinfo="none">local master = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/oslevel.xml b/docs/docbook/smbdotconf/browse/oslevel.xml new file mode 100644 index 0000000000..560516e3f8 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/oslevel.xml @@ -0,0 +1,25 @@ +<samba:parameter name="os level" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This integer value controls what level Samba + advertises itself as for browse elections. The value of this + parameter determines whether <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> + has a chance of becoming a local master browser for the <parameter moreinfo="none"> + WORKGROUP</parameter> in the local broadcast area.</para> + + <para><emphasis>Note :</emphasis>By default, Samba will win + a local master browsing election over all Microsoft operating + systems except a Windows NT 4.0/2000 Domain Controller. This + means that a misconfigured Samba host can effectively isolate + a subnet for browsing purposes. See <filename moreinfo="none">BROWSING.txt + </filename> in the Samba <filename moreinfo="none">docs/</filename> directory + for details.</para> + + <para>Default: <command moreinfo="none">os level = 20</command></para> + + <para>Example: <command moreinfo="none">os level = 65 </command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/preferedmaster.xml b/docs/docbook/smbdotconf/browse/preferedmaster.xml new file mode 100644 index 0000000000..2e8cd938ea --- /dev/null +++ b/docs/docbook/smbdotconf/browse/preferedmaster.xml @@ -0,0 +1,9 @@ +<samba:parameter name="prefered master" + context="G" + hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Synonym for <link linkend="PREFERREDMASTER"><parameter moreinfo="none"> + preferred master</parameter></link> for people who cannot spell :-).</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/preferredmaster.xml b/docs/docbook/smbdotconf/browse/preferredmaster.xml new file mode 100644 index 0000000000..31c966b4ac --- /dev/null +++ b/docs/docbook/smbdotconf/browse/preferredmaster.xml @@ -0,0 +1,29 @@ +<samba:parameter name="preferred master" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean parameter controls if + <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> is a preferred master + browser for its workgroup.</para> + + <para>If this is set to <constant>yes</constant>, on startup, <command moreinfo="none">nmbd</command> + will force an election, and it will have a slight advantage in + winning the election. It is recommended that this parameter is + used in conjunction with <command moreinfo="none"><link linkend="DOMAINMASTER"> + <parameter moreinfo="none">domain master</parameter></link> = yes</command>, so + that <command moreinfo="none">nmbd</command> can guarantee becoming a domain master.</para> + + <para>Use this option with caution, because if there are several + hosts (whether Samba servers, Windows 95 or NT) that are + preferred master browsers on the same subnet, they will each + periodically and continuously attempt to become the local + master browser. This will result in unnecessary broadcast + traffic and reduced browsing capabilities.</para> + + <para>See also <link linkend="OSLEVEL"><parameter moreinfo="none">os level</parameter></link>.</para> + + <para>Default: <command moreinfo="none">preferred master = auto</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml new file mode 100644 index 0000000000..06017fce59 --- /dev/null +++ b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml @@ -0,0 +1,21 @@ +<samba:parameter name="machine password timeout" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>If a Samba server is a member of a Windows + NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>) + parameter) then periodically a running <ulink url="smbd.8.html"> + smbd(8)</ulink> process will try and change the MACHINE ACCOUNT + PASSWORD stored in the TDB called <filename moreinfo="none">private/secrets.tdb + </filename>. This parameter specifies how often this password + will be changed, in seconds. The default is one week (expressed in + seconds), the same as a Windows NT Domain member server.</para> + + <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, and the <link linkend="SECURITYEQUALSDOMAIN"> + security = domain</link>) parameter.</para> + + <para>Default: <command moreinfo="none">machine password timeout = 604800</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/casesensitive.xml b/docs/docbook/smbdotconf/filename/casesensitive.xml new file mode 100644 index 0000000000..94b20d6c0c --- /dev/null +++ b/docs/docbook/smbdotconf/filename/casesensitive.xml @@ -0,0 +1,9 @@ +<samba:parameter name="case sensitive" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>See the discussion in the section <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para> + + <para>Default: <command moreinfo="none">case sensitive = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/casesignames.xml b/docs/docbook/smbdotconf/filename/casesignames.xml new file mode 100644 index 0000000000..3254b545c5 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/casesignames.xml @@ -0,0 +1,8 @@ +<samba:parameter name="casesignames" + context="S" + hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Synonym for <link linkend="CASESENSITIVE">case sensitive</link>.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/defaultcase.xml b/docs/docbook/smbdotconf/filename/defaultcase.xml new file mode 100644 index 0000000000..de3ad35c0c --- /dev/null +++ b/docs/docbook/smbdotconf/filename/defaultcase.xml @@ -0,0 +1,11 @@ +<samba:parameter name="default case" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>See the section on <link linkend="NAMEMANGLINGSECT"> + NAME MANGLING</link>. Also note the <link linkend="SHORTPRESERVECASE"> + <parameter moreinfo="none">short preserve case</parameter></link> parameter.</para> + + <para>Default: <command moreinfo="none">default case = lower</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/deletevetofiles.xml b/docs/docbook/smbdotconf/filename/deletevetofiles.xml new file mode 100644 index 0000000000..c851824b7e --- /dev/null +++ b/docs/docbook/smbdotconf/filename/deletevetofiles.xml @@ -0,0 +1,28 @@ +<samba:parameter name="delete veto files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option is used when Samba is attempting to + delete a directory that contains one or more vetoed directories + (see the <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link> + option). If this option is set to <constant>no</constant> (the default) then if a vetoed + directory contains any non-vetoed files or directories then the + directory delete will fail. This is usually what you want.</para> + + <para>If this option is set to <constant>yes</constant>, then Samba + will attempt to recursively delete any files and directories within + the vetoed directory. This can be useful for integration with file + serving systems such as NetAtalk which create meta-files within + directories you might normally veto DOS/Windows users from seeing + (e.g. <filename moreinfo="none">.AppleDouble</filename>)</para> + + <para>Setting <command moreinfo="none">delete veto files = yes</command> allows these + directories to be transparently deleted when the parent directory + is deleted (so long as the user has permissions to do so).</para> + + <para>See also the <link linkend="VETOFILES"><parameter moreinfo="none">veto + files</parameter></link> parameter.</para> + + <para>Default: <command moreinfo="none">delete veto files = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidedotfiles.xml b/docs/docbook/smbdotconf/filename/hidedotfiles.xml new file mode 100644 index 0000000000..1728f01f8f --- /dev/null +++ b/docs/docbook/smbdotconf/filename/hidedotfiles.xml @@ -0,0 +1,10 @@ +<samba:parameter name="hide dot files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a boolean parameter that controls whether + files starting with a dot appear as hidden files.</para> + + <para>Default: <command moreinfo="none">hide dot files = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidefiles.xml b/docs/docbook/smbdotconf/filename/hidefiles.xml new file mode 100644 index 0000000000..b687fc5a1f --- /dev/null +++ b/docs/docbook/smbdotconf/filename/hidefiles.xml @@ -0,0 +1,39 @@ +<samba:parameter name="hide files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a list of files or directories that are not + visible but are accessible. The DOS 'hidden' attribute is applied + to any files or directories that match.</para> + + <para>Each entry in the list must be separated by a '/', + which allows spaces to be included in the entry. '*' + and '?' can be used to specify multiple files or directories + as in DOS wildcards.</para> + + <para>Each entry must be a Unix path, not a DOS path and must + not include the Unix directory separator '/'.</para> + + <para>Note that the case sensitivity option is applicable + in hiding files.</para> + + <para>Setting this parameter will affect the performance of Samba, + as it will be forced to check all files and directories for a match + as they are scanned.</para> + + <para>See also <link linkend="HIDEDOTFILES"><parameter moreinfo="none">hide + dot files</parameter></link>, <link linkend="VETOFILES"><parameter moreinfo="none"> + veto files</parameter></link> and <link linkend="CASESENSITIVE"> + <parameter moreinfo="none">case sensitive</parameter></link>.</para> + + <para>Default: <emphasis>no file are hidden</emphasis></para> + + <para>Example: <command moreinfo="none">hide files = + /.*/DesktopFolderDB/TrashFor%m/resource.frk/</command></para> + + <para>The above example is based on files that the Macintosh + SMB client (DAVE) available from <ulink url="http://www.thursby.com"> + Thursby</ulink> creates for internal use, and also still hides + all files beginning with a dot.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidespecialfiles.xml b/docs/docbook/smbdotconf/filename/hidespecialfiles.xml new file mode 100644 index 0000000000..815e8ea63c --- /dev/null +++ b/docs/docbook/smbdotconf/filename/hidespecialfiles.xml @@ -0,0 +1,12 @@ +<samba:parameter name="hide special files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter prevents clients from seeing + special files such as sockets, devices and fifo's in directory + listings. + </para> + + <para>Default: <command moreinfo="none">hide special files = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hideunreadable.xml b/docs/docbook/smbdotconf/filename/hideunreadable.xml new file mode 100644 index 0000000000..f34a3a597d --- /dev/null +++ b/docs/docbook/smbdotconf/filename/hideunreadable.xml @@ -0,0 +1,10 @@ +<samba:parameter name="hide unreadable" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter prevents clients from seeing the + existance of files that cannot be read. Defaults to off.</para> + + <para>Default: <command moreinfo="none">hide unreadable = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml b/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml new file mode 100644 index 0000000000..7d20296ff2 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml @@ -0,0 +1,12 @@ +<samba:parameter name="hide unwriteable files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter prevents clients from seeing + the existance of files that cannot be written to. Defaults to off. + Note that unwriteable directories are shown as usual. + </para> + + <para>Default: <command moreinfo="none">hide unwriteable = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglecase.xml b/docs/docbook/smbdotconf/filename/manglecase.xml new file mode 100644 index 0000000000..d514375c3b --- /dev/null +++ b/docs/docbook/smbdotconf/filename/manglecase.xml @@ -0,0 +1,9 @@ +<samba:parameter name="mangle case" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link></para> + + <para>Default: <command moreinfo="none">mangle case = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangledmap.xml b/docs/docbook/smbdotconf/filename/mangledmap.xml new file mode 100644 index 0000000000..e790fa877d --- /dev/null +++ b/docs/docbook/smbdotconf/filename/mangledmap.xml @@ -0,0 +1,26 @@ +<samba:parameter name="mangled map" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is for those who want to directly map UNIX + file names which cannot be represented on Windows/DOS. The mangling + of names is not always what is needed. In particular you may have + documents with file extensions that differ between DOS and UNIX. + For example, under UNIX it is common to use <filename moreinfo="none">.html</filename> + for HTML files, whereas under Windows/DOS <filename moreinfo="none">.htm</filename> + is more commonly used.</para> + + <para>So to map <filename moreinfo="none">html</filename> to <filename moreinfo="none">htm</filename> + you would use:</para> + + <para><command moreinfo="none">mangled map = (*.html *.htm)</command></para> + + <para>One very useful case is to remove the annoying <filename moreinfo="none">;1 + </filename> off the ends of filenames on some CDROMs (only visible + under some UNIXes). To do this use a map of (*;1 *;).</para> + + <para>Default: <emphasis>no mangled map</emphasis></para> + + <para>Example: <command moreinfo="none">mangled map = (*;1 *;)</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglednames.xml b/docs/docbook/smbdotconf/filename/manglednames.xml new file mode 100644 index 0000000000..4ec088d16f --- /dev/null +++ b/docs/docbook/smbdotconf/filename/manglednames.xml @@ -0,0 +1,67 @@ +<samba:parameter name="mangled names" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether non-DOS names under UNIX + should be mapped to DOS-compatible names ("mangled") and made visible, + or whether non-DOS names should simply be ignored.</para> + + <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link> for + details on how to control the mangling process.</para> + + <para>If mangling is used then the mangling algorithm is as follows:</para> + + <itemizedlist> + <listitem> + <para>The first (up to) five alphanumeric characters + before the rightmost dot of the filename are preserved, forced + to upper case, and appear as the first (up to) five characters + of the mangled name.</para> + </listitem> + + <listitem> + <para>A tilde "~" is appended to the first part of the mangled + name, followed by a two-character unique sequence, based on the + original root name (i.e., the original filename minus its final + extension). The final extension is included in the hash calculation + only if it contains any upper case characters or is longer than three + characters.</para> + + <para>Note that the character to use may be specified using + the <link linkend="MANGLINGCHAR"><parameter moreinfo="none">mangling char</parameter> + </link> option, if you don't like '~'.</para> + </listitem> + + <listitem> + <para>The first three alphanumeric characters of the final + extension are preserved, forced to upper case and appear as the + extension of the mangled name. The final extension is defined as that + part of the original filename after the rightmost dot. If there are no + dots in the filename, the mangled name will have no extension (except + in the case of "hidden files" - see below).</para> + </listitem> + + <listitem> + <para>Files whose UNIX name begins with a dot will be + presented as DOS hidden files. The mangled name will be created as + for other filenames, but with the leading dot removed and "___" as + its extension regardless of actual original extension (that's three + underscores).</para> + </listitem> + </itemizedlist> + + <para>The two-digit hash value consists of upper case alphanumeric characters.</para> + + <para>This algorithm can cause name collisions only if files + in a directory share the same first five alphanumeric characters. + The probability of such a clash is 1/1300.</para> + + <para>The name mangling (if enabled) allows a file to be + copied between UNIX directories from Windows/DOS while retaining + the long UNIX filename. UNIX files can be renamed to a new extension + from Windows/DOS and will retain the same basename. Mangled names + do not change between sessions.</para> + + <para>Default: <command moreinfo="none">mangled names = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangledstack.xml b/docs/docbook/smbdotconf/filename/mangledstack.xml new file mode 100644 index 0000000000..42083d13a2 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/mangledstack.xml @@ -0,0 +1,27 @@ +<samba:parameter name="mangling stack" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter controls the number of mangled names + that should be cached in the Samba server <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>.</para> + + <para>This stack is a list of recently mangled base names + (extensions are only maintained if they are longer than 3 characters + or contains upper case characters).</para> + + <para>The larger this value, the more likely it is that mangled + names can be successfully converted to correct long UNIX names. + However, large stack sizes will slow most directory accesses. Smaller + stacks save memory in the server (each stack element costs 256 bytes). + </para> + + <para>It is not possible to absolutely guarantee correct long + filenames, so be prepared for some surprises!</para> + + <para>Default: <command moreinfo="none">mangled stack = 50</command></para> + + <para>Example: <command moreinfo="none">mangled stack = 100</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangleprefix.xml b/docs/docbook/smbdotconf/filename/mangleprefix.xml new file mode 100644 index 0000000000..5476ed1f08 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/mangleprefix.xml @@ -0,0 +1,16 @@ +<samba:parameter name="mangling prefix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> controls the number of prefix + characters from the original name used when generating + the mangled names. A larger value will give a weaker + hash and therefore more name collisions. The minimum + value is 1 and the maximum value is 6.</para> + + <para>Default: <command moreinfo="none">mangle prefix = 1</command></para> + + <para>Example: <command moreinfo="none">mangle prefix = 4</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglingchar.xml b/docs/docbook/smbdotconf/filename/manglingchar.xml new file mode 100644 index 0000000000..57c4fa2acd --- /dev/null +++ b/docs/docbook/smbdotconf/filename/manglingchar.xml @@ -0,0 +1,14 @@ +<samba:parameter name="mangling char" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls what character is used as + the <emphasis>magic</emphasis> character in <link linkend="NAMEMANGLINGSECT">name mangling</link>. The + default is a '~' but this may interfere with some software. Use this option to set + it to whatever you prefer.</para> + + <para>Default: <command moreinfo="none">mangling char = ~</command></para> + + <para>Example: <command moreinfo="none">mangling char = ^</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglingmethod.xml b/docs/docbook/smbdotconf/filename/manglingmethod.xml new file mode 100644 index 0000000000..74366483bd --- /dev/null +++ b/docs/docbook/smbdotconf/filename/manglingmethod.xml @@ -0,0 +1,19 @@ +<samba:parameter name="mangling method" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> controls the algorithm used for the generating + the mangled names. Can take two different values, "hash" and + "hash2". "hash" is the default and is the algorithm that has been + used in Samba for many years. "hash2" is a newer and considered + a better algorithm (generates less collisions) in the names. + However, many Win32 applications store the mangled names and so + changing to the new algorithm must not be done + lightly as these applications may break unless reinstalled.</para> + + <para>Default: <command moreinfo="none">mangling method = hash2</command></para> + + <para>Example: <command moreinfo="none">mangling method = hash</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/maparchive.xml b/docs/docbook/smbdotconf/filename/maparchive.xml new file mode 100644 index 0000000000..b44088efe3 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/maparchive.xml @@ -0,0 +1,19 @@ +<samba:parameter name="map archive" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether the DOS archive attribute + should be mapped to the UNIX owner execute bit. The DOS archive bit + is set when a file has been modified since its last backup. One + motivation for this option it to keep Samba/your PC from making + any file it touches from becoming executable under UNIX. This can + be quite annoying for shared source code, documents, etc...</para> + + <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> + parameter to be set such that owner execute bit is not masked out + (i.e. it must include 100). See the parameter <link linkend="CREATEMASK"> + <parameter moreinfo="none">create mask</parameter></link> for details.</para> + + <para>Default: <command moreinfo="none">map archive = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/maphidden.xml b/docs/docbook/smbdotconf/filename/maphidden.xml new file mode 100644 index 0000000000..4c1a932788 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/maphidden.xml @@ -0,0 +1,15 @@ +<samba:parameter name="map hidden" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether DOS style hidden files + should be mapped to the UNIX world execute bit.</para> + + <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> + to be set such that the world execute bit is not masked out (i.e. + it must include 001). See the parameter <link linkend="CREATEMASK"> + <parameter moreinfo="none">create mask</parameter></link> for details.</para> + + <para>Default: <command moreinfo="none">map hidden = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mapsystem.xml b/docs/docbook/smbdotconf/filename/mapsystem.xml new file mode 100644 index 0000000000..7fe50bb19f --- /dev/null +++ b/docs/docbook/smbdotconf/filename/mapsystem.xml @@ -0,0 +1,15 @@ +<samba:parameter name="map system" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether DOS style system files + should be mapped to the UNIX group execute bit.</para> + + <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> + to be set such that the group execute bit is not masked out (i.e. + it must include 010). See the parameter <link linkend="CREATEMASK"> + <parameter moreinfo="none">create mask</parameter></link> for details.</para> + + <para>Default: <command moreinfo="none">map system = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/preservecase.xml b/docs/docbook/smbdotconf/filename/preservecase.xml new file mode 100644 index 0000000000..d8a4e2342d --- /dev/null +++ b/docs/docbook/smbdotconf/filename/preservecase.xml @@ -0,0 +1,14 @@ +<samba:parameter name="preserve case" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> This controls if new filenames are created + with the case that the client passes, or if they are forced to + be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case + </parameter></link>.</para> + + <para>Default: <command moreinfo="none">preserve case = yes</command></para> + + <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link> for a fuller discussion.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/shortpreservecase.xml b/docs/docbook/smbdotconf/filename/shortpreservecase.xml new file mode 100644 index 0000000000..52c93e1370 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/shortpreservecase.xml @@ -0,0 +1,17 @@ +<samba:parameter name="short preserve case" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean parameter controls if new files + which conform to 8.3 syntax, that is all in upper case and of + suitable length, are created upper case, or if they are forced + to be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case + </parameter></link>. This option can be use with <link linkend="PRESERVECASE"><command moreinfo="none">preserve case = yes</command> + </link> to permit long filenames to retain their case, while short + names are lowered. </para> + + <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para> + + <para>Default: <command moreinfo="none">short preserve case = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/statcache.xml b/docs/docbook/smbdotconf/filename/statcache.xml new file mode 100644 index 0000000000..ee2a48732e --- /dev/null +++ b/docs/docbook/smbdotconf/filename/statcache.xml @@ -0,0 +1,13 @@ +<samba:parameter name="stat cache" + context="G" + developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter determines if <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will use a cache in order to + speed up case insensitive name mappings. You should never need + to change this parameter.</para> + + <para>Default: <command moreinfo="none">stat cache = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/stripdot.xml b/docs/docbook/smbdotconf/filename/stripdot.xml new file mode 100644 index 0000000000..afed63a12b --- /dev/null +++ b/docs/docbook/smbdotconf/filename/stripdot.xml @@ -0,0 +1,12 @@ +<samba:parameter name="strip dot" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a boolean that controls whether to + strip trailing dots off UNIX filenames. This helps with some + CDROMs that have filenames ending in a single dot.</para> + + <para>Default: <command moreinfo="none">strip dot = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/vetooplockfiles.xml b/docs/docbook/smbdotconf/filename/vetooplockfiles.xml new file mode 100644 index 0000000000..e7c683a518 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/vetooplockfiles.xml @@ -0,0 +1,25 @@ +<samba:parameter name="veto oplock files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter is only valid when the <link linkend="OPLOCKS"> + <parameter moreinfo="none">oplocks</parameter></link> + parameter is turned on for a share. It allows the Samba administrator + to selectively turn off the granting of oplocks on selected files that + match a wildcarded list, similar to the wildcarded list used in the + <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link> + parameter.</para> + + <para>Default: <emphasis>No files are vetoed for oplock grants</emphasis></para> + + <para>You might want to do this on files that you know will + be heavily contended for by clients. A good example of this + is in the NetBench SMB benchmark program, which causes heavy + client contention for files ending in <filename moreinfo="none">.SEM</filename>. + To cause Samba not to grant oplocks on these files you would use + the line (either in the [global] section or in the section for + the particular NetBench share :</para> + + <para>Example: <command moreinfo="none">veto oplock files = /*.SEM/</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapadmindn.xml b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml new file mode 100644 index 0000000000..301c88df7b --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml @@ -0,0 +1,16 @@ +<samba:parameter name="ldap admin dn" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> The <parameter moreinfo="none">ldap admin dn</parameter> + defines the Distinguished Name (DN) name used by Samba to + contact the ldap server when retreiving user account + information. The <parameter moreinfo="none">ldap admin + dn</parameter> is used in conjunction with the admin dn password + stored in the <filename moreinfo="none">private/secrets.tdb</filename> file. + See the <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> man page for more + information on how to accmplish this.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml new file mode 100644 index 0000000000..89a75e02fd --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml @@ -0,0 +1,13 @@ +<samba:parameter name="ldap delete dn" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> This parameter specifies whether a delete + operation in the ldapsam deletes the complete entry or only the attributes + specific to Samba. + </para> + + <para>Default: <emphasis>ldap delete dn = no</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapfilter.xml b/docs/docbook/smbdotconf/ldap/ldapfilter.xml new file mode 100644 index 0000000000..1d0ab33d89 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapfilter.xml @@ -0,0 +1,14 @@ +<samba:parameter name="ldap filter" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the RFC 2254 compliant LDAP search filter. + The default is to match the login name with the <constant>uid</constant> + attribute for all entries matching the <constant>sambaAccount</constant> + objectclass. Note that this filter should only return one entry. + </para> + + <para>Default: <command moreinfo="none">ldap filter = (&(uid=%u)(objectclass=sambaAccount))</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml new file mode 100644 index 0000000000..0ef6a04abf --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml @@ -0,0 +1,10 @@ +<samba:parameter name="ldap machine suffix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>It specifies where machines should be added to the ldap tree.</para> + + <para>Default: <emphasis>none</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml new file mode 100644 index 0000000000..8015b2fb2d --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml @@ -0,0 +1,35 @@ +<samba:parameter name="ldap passwd sync" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option is used to define whether + or not Samba should sync the LDAP password with the NT + and LM hashes for normal accounts (NOT for + workstation, server or domain trusts) on a password + change via SAMBA. + </para> + + <para>The <parameter moreinfo="none">ldap passwd + sync</parameter> can be set to one of three values: </para> + + <itemizedlist> + <listitem> + <para><parameter moreinfo="none">Yes</parameter> = Try + to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">No</parameter> = Update NT and + LM passwords and update the pwdLastSet time.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">Only</parameter> = Only update + the LDAP password and let the LDAP server do the rest.</para> + </listitem> + </itemizedlist> + + <para>Default: <command moreinfo="none">ldap passwd sync = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapport.xml b/docs/docbook/smbdotconf/ldap/ldapport.xml new file mode 100644 index 0000000000..c00c525db0 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapport.xml @@ -0,0 +1,19 @@ +<samba:parameter name="ldap port" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter is only available if Samba has been + configure to include the <command moreinfo="none">--with-ldapsam</command> option + at compile time.</para> + + <para>This option is used to control the tcp port number used to contact + the <link linkend="LDAPSERVER"><parameter moreinfo="none">ldap server</parameter></link>. + The default is to use the stand LDAPS port 636.</para> + + <para>See Also: <link linkend="LDAPSSL">ldap ssl</link></para> + + <para>Default : <command moreinfo="none">ldap port = 636 ; if ldap ssl = on</command></para> + + <para>Default : <command moreinfo="none">ldap port = 389 ; if ldap ssl = off</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapserver.xml b/docs/docbook/smbdotconf/ldap/ldapserver.xml new file mode 100644 index 0000000000..e7a4c670ab --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapserver.xml @@ -0,0 +1,15 @@ +<samba:parameter name="ldap server" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter is only available if Samba has been + configure to include the <command moreinfo="none">--with-ldapsam</command> + option at compile time.</para> + + <para>This parameter should contain the FQDN of the ldap directory + server which should be queried to locate user account information. + </para> + + <para>Default : <command moreinfo="none">ldap server = localhost</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapssl.xml b/docs/docbook/smbdotconf/ldap/ldapssl.xml new file mode 100644 index 0000000000..13bafdf3a7 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapssl.xml @@ -0,0 +1,39 @@ +<samba:parameter name="ldap ssl" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option is used to define whether or not Samba should + use SSL when connecting to the ldap server + This is <emphasis>NOT</emphasis> related to + Samba's previous SSL support which was enabled by specifying the + <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename> + script.</para> + + <para>The <parameter moreinfo="none">ldap ssl</parameter> can be set to one of three values:</para> + <itemizedlist> + <listitem> + <para><parameter moreinfo="none">Off</parameter> = Never + use SSL when querying the directory.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">Start_tls</parameter> = Use + the LDAPv3 StartTLS extended operation (RFC2830) for + communicating with the directory server.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">On</parameter> = Use SSL + on the ldaps port when contacting the <parameter + moreinfo="none">ldap server</parameter>. Only available when the + backwards-compatiblity <command + moreinfo="none">--with-ldapsam</command> option is specified + to configure. See <link linkend="PASSDBBACKEND"><parameter + moreinfo="none">passdb backend</parameter></link></para> + </listitem> + </itemizedlist> + + <para>Default : <command moreinfo="none">ldap ssl = start_tls</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml new file mode 100644 index 0000000000..609f171096 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml @@ -0,0 +1,14 @@ +<samba:parameter name="ldap suffix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Specifies where user and machine accounts are added to the + tree. Can be overriden by <command moreinfo="none">ldap user + suffix</command> and <command moreinfo="none">ldap machine + suffix</command>. It also used as the base dn for all ldap + searches. </para> + + <para>Default: <emphasis>none</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldaptrustids.xml b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml new file mode 100644 index 0000000000..36bbcb2fb4 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml @@ -0,0 +1,23 @@ +<samba:parameter name="ldap trust ids" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + + <para>Normally, Samba validates each entry in the LDAP server + against getpwnam(). This allows LDAP to be used for Samba with + the unix system using NIS (for example) and also ensures that + Samba does not present accounts that do not otherwise exist. + </para> + + <para>This option is used to disable this functionality, and + instead to rely on the presence of the appropriate attributes + in LDAP directly, which can result in a significant performance + boost in some situations. Setting this option to yes effectivly + assumes that the local machine is running <command + moreinfo="none">nss_ldap</command> against the same LDAP + server.</para> + + <para>Default: <command moreinfo="none">ldap trust ids = No</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml new file mode 100644 index 0000000000..731fba3420 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml @@ -0,0 +1,10 @@ +<samba:parameter name="ldap user suffix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>It specifies where users are added to the tree.</para> + + <para>Default: <emphasis>none</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/blockinglocks.xml b/docs/docbook/smbdotconf/locking/blockinglocks.xml new file mode 100644 index 0000000000..f11d92f4f5 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/blockinglocks.xml @@ -0,0 +1,23 @@ +<samba:parameter name="blocking locks" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter controls the behavior + of <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when given a request by a client + to obtain a byte range lock on a region of an open file, and the + request has a time limit associated with it.</para> + + <para>If this parameter is set and the lock range requested + cannot be immediately satisfied, samba will internally + queue the lock request, and periodically attempt to obtain + the lock until the timeout period expires.</para> + + <para>If this parameter is set to <constant>no</constant>, then + samba will behave as previous versions of Samba would and + will fail the lock request immediately if the lock range + cannot be obtained.</para> + + <para>Default: <command moreinfo="none">blocking locks = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/cscpolicy.xml b/docs/docbook/smbdotconf/locking/cscpolicy.xml new file mode 100644 index 0000000000..7567ed9286 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/cscpolicy.xml @@ -0,0 +1,20 @@ +<samba:parameter name="csc policy" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This stands for <emphasis>client-side caching + policy</emphasis>, and specifies how clients capable of offline + caching will cache the files in the share. The valid values + are: manual, documents, programs, disable.</para> + + <para>These values correspond to those used on Windows servers.</para> + + <para>For example, shares containing roaming profiles can have + offline caching disabled using <command + moreinfo="none">csc policy = disable</command>.</para> + + <para>Default: <command moreinfo="none">csc policy = manual</command></para> + + <para>Example: <command moreinfo="none">csc policy = programs</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/fakeoplocks.xml b/docs/docbook/smbdotconf/locking/fakeoplocks.xml new file mode 100644 index 0000000000..b7deac68ba --- /dev/null +++ b/docs/docbook/smbdotconf/locking/fakeoplocks.xml @@ -0,0 +1,31 @@ +<samba:parameter name="fake oplocks" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Oplocks are the way that SMB clients get permission + from a server to locally cache file operations. If a server grants + an oplock (opportunistic lock) then the client is free to assume + that it is the only one accessing the file and it will aggressively + cache file data. With some oplock types the client may even cache + file open/close operations. This can give enormous performance benefits. + </para> + + <para>When you set <command moreinfo="none">fake oplocks = yes</command>, <citerefentry> + <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry> will + always grant oplock requests no matter how many clients are using the file.</para> + + <para>It is generally much better to use the real <link linkend="OPLOCKS"> + <parameter moreinfo="none">oplocks</parameter></link> support rather + than this parameter.</para> + + <para>If you enable this option on all read-only shares or + shares that you know will only be accessed from one client at a + time such as physically read-only media like CDROMs, you will see + a big performance improvement on many operations. If you enable + this option on shares where multiple clients may be accessing the + files read-write at the same time you can get data corruption. Use + this option carefully!</para> + + <para>Default: <command moreinfo="none">fake oplocks = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/kerneloplocks.xml b/docs/docbook/smbdotconf/locking/kerneloplocks.xml new file mode 100644 index 0000000000..f155fddc8f --- /dev/null +++ b/docs/docbook/smbdotconf/locking/kerneloplocks.xml @@ -0,0 +1,27 @@ +<samba:parameter name="kernel oplocks" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>For UNIXes that support kernel based <link linkend="OPLOCKS"> + <parameter moreinfo="none">oplocks</parameter></link> + (currently only IRIX and the Linux 2.4 kernel), this parameter + allows the use of them to be turned on or off.</para> + + <para>Kernel oplocks support allows Samba <parameter moreinfo="none">oplocks + </parameter> to be broken whenever a local UNIX process or NFS operation + accesses a file that <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> has oplocked. This allows complete + data consistency between SMB/CIFS, NFS and local file access (and is + a <emphasis>very</emphasis> cool feature :-).</para> + + <para>This parameter defaults to <constant>on</constant>, but is translated + to a no-op on systems that no not have the necessary kernel support. + You should never need to touch this parameter.</para> + + <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> + </link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none">level2 oplocks + </parameter></link> parameters.</para> + + <para>Default: <command moreinfo="none">kernel oplocks = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/level2oplocks.xml b/docs/docbook/smbdotconf/locking/level2oplocks.xml new file mode 100644 index 0000000000..c2c090b1a8 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/level2oplocks.xml @@ -0,0 +1,41 @@ +<samba:parameter name="level2 oplocks" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter controls whether Samba supports + level2 (read-only) oplocks on a share.</para> + + <para>Level2, or read-only oplocks allow Windows NT clients + that have an oplock on a file to downgrade from a read-write oplock + to a read-only oplock once a second client opens the file (instead + of releasing all oplocks on a second open, as in traditional, + exclusive oplocks). This allows all openers of the file that + support level2 oplocks to cache the file for read-ahead only (ie. + they may not cache writes or lock requests) and increases performance + for many accesses of files that are not commonly written (such as + application .EXE files).</para> + + <para>Once one of the clients which have a read-only oplock + writes to the file all clients are notified (no reply is needed + or waited for) and told to break their oplocks to "none" and + delete any read-ahead caches.</para> + + <para>It is recommended that this parameter be turned on to + speed access to shared executables.</para> + + <para>For more discussions on level2 oplocks see the CIFS spec.</para> + + <para>Currently, if <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel + oplocks</parameter></link> are supported then level2 oplocks are + not granted (even if this parameter is set to <constant>yes</constant>). + Note also, the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> + </link> parameter must be set to <constant>yes</constant> on this share in order for + this parameter to have any effect.</para> + + <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> + </link> and <link linkend="OPLOCKS"><parameter moreinfo="none">kernel oplocks</parameter> + </link> parameters.</para> + + <para>Default: <command moreinfo="none">level2 oplocks = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/locking.xml b/docs/docbook/smbdotconf/locking/locking.xml new file mode 100644 index 0000000000..8526224316 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/locking.xml @@ -0,0 +1,27 @@ +<samba:parameter name="locking" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether or not locking will be + performed by the server in response to lock requests from the + client.</para> + + <para>If <command moreinfo="none">locking = no</command>, all lock and unlock + requests will appear to succeed and all lock queries will report + that the file in question is available for locking.</para> + + <para>If <command moreinfo="none">locking = yes</command>, real locking will be performed + by the server.</para> + + <para>This option <emphasis>may</emphasis> be useful for read-only + filesystems which <emphasis>may</emphasis> not need locking (such as + CDROM drives), although setting this parameter of <constant>no</constant> + is not really recommended even in this case.</para> + + <para>Be careful about disabling locking either globally or in a + specific service, as lack of locking may result in data corruption. + You should never need to set this parameter.</para> + + <para>Default: <command moreinfo="none">locking = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/lockspincount.xml b/docs/docbook/smbdotconf/locking/lockspincount.xml new file mode 100644 index 0000000000..d308f5d845 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/lockspincount.xml @@ -0,0 +1,17 @@ +<samba:parameter name="lock spin count" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter controls the number of times + that smbd should attempt to gain a byte range lock on the + behalf of a client request. Experiments have shown that + Windows 2k servers do not reply with a failure if the lock + could not be immediately granted, but try a few more times + in case the lock could later be aquired. This behavior + is used to support PC database formats such as MS Access + and FoxPro. + </para> + + <para>Default: <command moreinfo="none">lock spin count = 2</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/lockspintime.xml b/docs/docbook/smbdotconf/locking/lockspintime.xml new file mode 100644 index 0000000000..460b2827b4 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/lockspintime.xml @@ -0,0 +1,12 @@ +<samba:parameter name="lock spin time" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The time in microseconds that smbd should + pause before attempting to gain a failed lock. See + <link linkend="LOCKSPINCOUNT"><parameter moreinfo="none">lock spin + count</parameter></link> for more details.</para> + + <para>Default: <command moreinfo="none">lock spin time = 10</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml b/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml new file mode 100644 index 0000000000..0dc130eab3 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml @@ -0,0 +1,18 @@ +<samba:parameter name="oplock break wait time" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a tuning parameter added due to bugs in + both Windows 9x and WinNT. If Samba responds to a client too + quickly when that client issues an SMB that can cause an oplock + break request, then the network client can fail and not respond + to the break request. This tuning parameter (which is set in milliseconds) + is the amount of time Samba will wait before sending an oplock break + request to such (broken) clients.</para> + + <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND + UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> + + <para>Default: <command moreinfo="none">oplock break wait time = 0</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml b/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml new file mode 100644 index 0000000000..1b24e5cdec --- /dev/null +++ b/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml @@ -0,0 +1,22 @@ +<samba:parameter name="oplock contention limit" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a <emphasis>very</emphasis> advanced + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> tuning option to + improve the efficiency of the granting of oplocks under multiple + client contention for the same file.</para> + + <para>In brief it specifies a number, which causes <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>not to grant an oplock even when requested + if the approximate number of clients contending for an oplock on the same file goes over this + limit. This causes <command moreinfo="none">smbd</command> to behave in a similar + way to Windows NT.</para> + + <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ + AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> + + <para>Default: <command moreinfo="none">oplock contention limit = 2</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplocks.xml b/docs/docbook/smbdotconf/locking/oplocks.xml new file mode 100644 index 0000000000..0ba53ba765 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/oplocks.xml @@ -0,0 +1,29 @@ +<samba:parameter name="oplocks" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean option tells <command moreinfo="none">smbd</command> whether to + issue oplocks (opportunistic locks) to file open requests on this + share. The oplock code can dramatically (approx. 30% or more) improve + the speed of access to files on Samba servers. It allows the clients + to aggressively cache files locally and you may want to disable this + option for unreliable network environments (it is turned on by + default in Windows NT Servers). For more information see the file + <filename moreinfo="none">Speed.txt</filename> in the Samba <filename moreinfo="none">docs/</filename> + directory.</para> + + <para>Oplocks may be selectively turned off on certain files with a + share. See the <link linkend="VETOOPLOCKFILES"><parameter moreinfo="none"> + veto oplock files</parameter></link> parameter. On some systems + oplocks are recognized by the underlying operating system. This + allows data synchronization between all access to oplocked files, + whether it be via Samba or NFS or a local UNIX process. See the + <parameter moreinfo="none">kernel oplocks</parameter> parameter for details.</para> + + <para>See also the <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel + oplocks</parameter></link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none"> + level2 oplocks</parameter></link> parameters.</para> + + <para>Default: <command moreinfo="none">oplocks = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/posixlocking.xml b/docs/docbook/smbdotconf/locking/posixlocking.xml new file mode 100644 index 0000000000..c81bdcff38 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/posixlocking.xml @@ -0,0 +1,16 @@ +<samba:parameter name="posix locking" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> + daemon maintains an database of file locks obtained by SMB clients. + The default behavior is to map this internal database to POSIX + locks. This means that file locks obtained by SMB clients are + consistent with those seen by POSIX compliant applications accessing + the files via a non-SMB method (e.g. NFS or local file access). + You should never need to disable this parameter.</para> + + <para>Default: <command moreinfo="none">posix locking = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/sharemodes.xml b/docs/docbook/smbdotconf/locking/sharemodes.xml new file mode 100644 index 0000000000..529ec44106 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/sharemodes.xml @@ -0,0 +1,28 @@ +<samba:parameter name="share modes" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This enables or disables the honoring of + the <parameter moreinfo="none">share modes</parameter> during a file open. These + modes are used by clients to gain exclusive read or write access + to a file.</para> + + <para>These open modes are not directly supported by UNIX, so + they are simulated using shared memory, or lock files if your + UNIX doesn't support shared memory (almost all do).</para> + + <para>The share modes that are enabled by this option are + <constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>, + <constant>DENY_READ</constant>, <constant>DENY_WRITE</constant>, + <constant>DENY_NONE</constant> and <constant>DENY_FCB</constant>. + </para> + + <para>This option gives full share compatibility and enabled + by default.</para> + + <para>You should <emphasis>NEVER</emphasis> turn this parameter + off as many Windows applications will break if you do so.</para> + + <para>Default: <command moreinfo="none">share modes = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/strictlocking.xml b/docs/docbook/smbdotconf/locking/strictlocking.xml new file mode 100644 index 0000000000..34c1c7fe5e --- /dev/null +++ b/docs/docbook/smbdotconf/locking/strictlocking.xml @@ -0,0 +1,19 @@ +<samba:parameter name="strict locking" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a boolean that controls the handling of + file locking in the server. When this is set to <constant>yes</constant> + the server will check every read and write access for file locks, and + deny access if locks exist. This can be slow on some systems.</para> + + <para>When strict locking is <constant>no</constant> the server does file + lock checks only when the client explicitly asks for them.</para> + + <para>Well-behaved clients always ask for lock checks when it + is important, so in the vast majority of cases <command moreinfo="none">strict + locking = no</command> is preferable.</para> + + <para>Default: <command moreinfo="none">strict locking = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/abortshutdownscript.xml b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml new file mode 100644 index 0000000000..e9a7dba792 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml @@ -0,0 +1,18 @@ +<samba:parameter name="abort shutdown script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> + This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> that + should stop a shutdown procedure issued by the <link linkend="SHUTDOWNSCRIPT"> + <parameter moreinfo="none">shutdown script</parameter></link>.</para> + + <para>This command will be run as user.</para> + + <para>Default: <emphasis>None</emphasis>.</para> + + <para>Example: <command moreinfo="none">abort shutdown script = /sbin/shutdown -c</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addgroupscript.xml b/docs/docbook/smbdotconf/logon/addgroupscript.xml new file mode 100644 index 0000000000..25906d0889 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/addgroupscript.xml @@ -0,0 +1,17 @@ +<samba:parameter name="add group script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is the full pathname to a script that will be run + <emphasis>AS ROOT</emphasis> by <citerefentry> + <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry> + when a new group is requested. It will expand any <parameter + moreinfo="none">%g</parameter> to the group name passed. This + script is only useful for installations using the Windows NT + domain administration tools. The script is free to create a + group with an arbitrary name to circumvent unix group name + restrictions. In that case the script must print the numeric gid + of the created group on stdout.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addmachinescript.xml b/docs/docbook/smbdotconf/logon/addmachinescript.xml new file mode 100644 index 0000000000..7aef54d8b0 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/addmachinescript.xml @@ -0,0 +1,21 @@ +<samba:parameter name="add machine script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is the full pathname to a script that will be run by + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when a machine is added + to it's domain using the administrator username and password + method. </para> + + <para>This option is only required when using sam back-ends tied + to the Unix uid method of RID calculation such as smbpasswd. + This option is only available in Samba 3.0.</para> + + <para>Default: <command moreinfo="none">add machine script = <empty string></command></para> + + <para>Example: <command moreinfo="none">add machine script = /usr/sbin/adduser -n -g + machines -c Machine -d /dev/null -s /bin/false %u</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/adduserscript.xml b/docs/docbook/smbdotconf/logon/adduserscript.xml new file mode 100644 index 0000000000..34d3e7ea58 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/adduserscript.xml @@ -0,0 +1,50 @@ +<samba:parameter name="add user script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is the full pathname to a script that will + be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para> + + <para>Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows <ulink url="smbd.8.html">smbd</ulink> to create the required UNIX users + <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para> + + <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter moreinfo="none">security = share</parameter> + and <parameter moreinfo="none">add user script</parameter> + must be set to a full pathname for a script that will create a UNIX + user given one argument of <parameter moreinfo="none">%u</parameter>, which expands into + the UNIX user name to create.</para> + + <para>When the Windows user attempts to access the Samba server, + at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> contacts the <parameter moreinfo="none">password server</parameter> and + attempts to authenticate the given user with the given password. If the + authentication succeeds then <command moreinfo="none">smbd</command> + attempts to find a UNIX user in the UNIX password database to map the + Windows user into. If this lookup fails, and <parameter moreinfo="none">add user script + </parameter> is set then <command moreinfo="none">smbd</command> will + call the specified script <emphasis>AS ROOT</emphasis>, expanding + any <parameter moreinfo="none">%u</parameter> argument to be the user name to create.</para> + + <para>If this script successfully creates the user then <command moreinfo="none">smbd + </command> will continue on as though the UNIX user + already existed. In this way, UNIX users are dynamically created to + match existing Windows NT accounts.</para> + + <para>See also <link linkend="SECURITY"><parameter moreinfo="none"> + security</parameter></link>, <link linkend="PASSWORDSERVER"> + <parameter moreinfo="none">password server</parameter></link>, + <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user + script</parameter></link>.</para> + + <para>Default: <command moreinfo="none">add user script = <empty string></command></para> + + <para>Example: <command moreinfo="none">add user script = /usr/local/samba/bin/add_user %u</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addusertogroupscript.xml b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml new file mode 100644 index 0000000000..ed17b9c0d9 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml @@ -0,0 +1,18 @@ +<samba:parameter name="add user to group script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Full path to the script that will be called when + a user is added to a group using the Windows NT domain administration + tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. + Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and + any <parameter moreinfo="none">%u</parameter> will be replaced with the user name. + </para> + + <para>Default: <command moreinfo="none">add user to group script = </command></para> + + <para>Example: <command moreinfo="none">add user to group script = /usr/sbin/adduser %u %g</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deletegroupscript.xml b/docs/docbook/smbdotconf/logon/deletegroupscript.xml new file mode 100644 index 0000000000..2e78c6ae7d --- /dev/null +++ b/docs/docbook/smbdotconf/logon/deletegroupscript.xml @@ -0,0 +1,13 @@ +<samba:parameter name="delete group script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is the full pathname to a script that will + be run <emphasis>AS ROOT</emphasis> <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when a group is requested to be deleted. + It will expand any <parameter moreinfo="none">%g</parameter> to the group name passed. + This script is only useful for installations using the Windows NT domain administration tools. + </para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml new file mode 100644 index 0000000000..76594c75d8 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml @@ -0,0 +1,18 @@ +<samba:parameter name="delete user from group script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Full path to the script that will be called when + a user is removed from a group using the Windows NT domain administration + tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. + Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and + any <parameter moreinfo="none">%u</parameter> will be replaced with the user name. + </para> + + <para>Default: <command moreinfo="none">delete user from group script = </command></para> + + <para>Example: <command moreinfo="none">delete user from group script = /usr/sbin/deluser %u %g</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deleteuserscript.xml b/docs/docbook/smbdotconf/logon/deleteuserscript.xml new file mode 100644 index 0000000000..233844555b --- /dev/null +++ b/docs/docbook/smbdotconf/logon/deleteuserscript.xml @@ -0,0 +1,22 @@ +<samba:parameter name="delete user script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is the full pathname to a script that will + be run by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when managing users + with remote RPC (NT) tools. + </para> + + <para>This script is called when a remote client removes a user + from the server, normally using 'User Manager for Domains' or + <command moreinfo="none">rpcclient</command>.</para> + + <para>This script should delete the given UNIX username.</para> + + <para>Default: <command moreinfo="none">delete user script = <empty string></command></para> + + <para>Example: <command moreinfo="none">delete user script = /usr/local/samba/bin/del_user %u</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/domainlogons.xml b/docs/docbook/smbdotconf/logon/domainlogons.xml new file mode 100644 index 0000000000..e45621e553 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/domainlogons.xml @@ -0,0 +1,15 @@ +<samba:parameter name="domain logons" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>If set to <constant>yes</constant>, the Samba server will serve + Windows 95/98 Domain logons for the <link linkend="WORKGROUP"> + <parameter moreinfo="none">workgroup</parameter></link> it is in. Samba 2.2 + has limited capability to act as a domain controller for Windows + NT 4 Domains. For more details on setting up this feature see + the Samba-PDC-HOWTO included in the Samba documentation.</para> + + <para>Default: <command moreinfo="none">domain logons = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logondrive.xml b/docs/docbook/smbdotconf/logon/logondrive.xml new file mode 100644 index 0000000000..8c6be709bf --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logondrive.xml @@ -0,0 +1,18 @@ +<samba:parameter name="logon drive" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the local path to + which the home directory will be connected (see <link linkend="LOGONHOME"> + <parameter moreinfo="none">logon home</parameter></link>) + and is only used by NT Workstations. </para> + + <para>Note that this option is only useful if Samba is set up as a + logon server.</para> + + <para>Default: <command moreinfo="none">logon drive = z:</command></para> + + <para>Example: <command moreinfo="none">logon drive = h:</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonhome.xml b/docs/docbook/smbdotconf/logon/logonhome.xml new file mode 100644 index 0000000000..05c69524c2 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logonhome.xml @@ -0,0 +1,45 @@ +<samba:parameter name="logon home" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the home directory + location when a Win95/98 or NT Workstation logs into a Samba PDC. + It allows you to do </para> + + <para><prompt moreinfo="none">C:\></prompt> + <userinput moreinfo="none">NET USE H: /HOME</userinput> + </para> + + <para>from a command prompt, for example.</para> + + <para>This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine.</para> + + <para>This parameter can be used with Win9X workstations to ensure + that roaming profiles are stored in a subdirectory of the user's + home directory. This is done in the following way:</para> + + <para><command moreinfo="none">logon home = \\%N\%U\profile</command></para> + + <para>This tells Samba to return the above string, with + substitutions made when a client requests the info, generally + in a NetUserGetInfo request. Win9X clients truncate the info to + \\server\share when a user does <command moreinfo="none">net use /home</command> + but use the whole string when dealing with profiles.</para> + + <para>Note that in prior versions of Samba, the <link linkend="LOGONPATH"> + <parameter moreinfo="none">logon path</parameter></link> was returned rather than + <parameter moreinfo="none">logon home</parameter>. This broke <command + moreinfo="none">net use /home</command> but allowed profiles outside the home directory. + The current implementation is correct, and can be used for profiles if you use + the above trick.</para> + + <para>This option is only useful if Samba is set up as a logon + server.</para> + + <para>Default: <command moreinfo="none">logon home = "\\%N\%U"</command></para> + + <para>Example: <command moreinfo="none">logon home = "\\remote_smb_server\%U"</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonpath.xml b/docs/docbook/smbdotconf/logon/logonpath.xml new file mode 100644 index 0000000000..9abcf0d702 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logonpath.xml @@ -0,0 +1,49 @@ +<samba:parameter name="logon path" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the home directory + where roaming profiles (NTuser.dat etc files for Windows NT) are + stored. Contrary to previous versions of these manual pages, it has + nothing to do with Win 9X roaming profiles. To find out how to + handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME"> + <parameter moreinfo="none">logon home</parameter></link> parameter.</para> + + <para>This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine. It also + specifies the directory from which the "Application Data", + (<filename moreinfo="none">desktop</filename>, <filename moreinfo="none">start menu</filename>, + <filename moreinfo="none">network neighborhood</filename>, <filename moreinfo="none">programs</filename> + and other folders, and their contents, are loaded and displayed on + your Windows NT client.</para> + + <para>The share and the path must be readable by the user for + the preferences and directories to be loaded onto the Windows NT + client. The share must be writeable when the user logs in for the first + time, in order that the Windows NT client can create the NTuser.dat + and other directories.</para> + + <para>Thereafter, the directories and any of the contents can, + if required, be made read-only. It is not advisable that the + NTuser.dat file be made read-only - rename it to NTuser.man to + achieve the desired effect (a <emphasis>MAN</emphasis>datory + profile). </para> + + <para>Windows clients can sometimes maintain a connection to + the [homes] share, even though there is no user logged in. + Therefore, it is vital that the logon path does not include a + reference to the homes share (i.e. setting this parameter to + \%N\%U\profile_path will cause problems).</para> + + <para>This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine.</para> + + <para>Note that this option is only useful if Samba is set up + as a logon server.</para> + + <para>Default: <command moreinfo="none">logon path = \\%N\%U\profile</command></para> + + <para>Example: <command moreinfo="none">logon path = \\PROFILESERVER\PROFILE\%U</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonscript.xml b/docs/docbook/smbdotconf/logon/logonscript.xml new file mode 100644 index 0000000000..65b6253c0c --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logonscript.xml @@ -0,0 +1,44 @@ +<samba:parameter name="logon script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the batch file (.bat) or + NT command file (.cmd) to be downloaded and run on a machine when + a user successfully logs in. The file must contain the DOS + style CR/LF line endings. Using a DOS-style editor to create the + file is recommended.</para> + + <para>The script must be a relative path to the [netlogon] + service. If the [netlogon] service specifies a <link linkend="PATH"> + <parameter moreinfo="none">path</parameter></link> of <filename + moreinfo="none">/usr/local/samba/netlogon</filename>, and <command + moreinfo="none">logon script = STARTUP.BAT</command>, then + the file that will be downloaded is:</para> + + <para><filename moreinfo="none">/usr/local/samba/netlogon/STARTUP.BAT</filename></para> + + <para>The contents of the batch file are entirely your choice. A + suggested command would be to add <command moreinfo="none">NET TIME \\SERVER /SET + /YES</command>, to force every machine to synchronize clocks with + the same time server. Another use would be to add <command moreinfo="none">NET USE + U: \\SERVER\UTILS</command> for commonly used utilities, or <command moreinfo="none"> + NET USE Q: \\SERVER\ISO9001_QA</command> for example.</para> + + <para>Note that it is particularly important not to allow write + access to the [netlogon] share, or to grant users write permission + on the batch files in a secure environment, as this would allow + the batch files to be arbitrarily modified and security to be + breached.</para> + + <para>This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine.</para> + + <para>This option is only useful if Samba is set up as a logon + server.</para> + + <para>Default: <emphasis>no logon script defined</emphasis></para> + + <para>Example: <command moreinfo="none">logon script = scripts\%U.bat</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml b/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml new file mode 100644 index 0000000000..c19c307417 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml @@ -0,0 +1,21 @@ +<samba:parameter name="set primary group script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + + <para>Thanks to the Posix subsystem in NT a Windows User has a + primary group in addition to the auxiliary groups. This script + sets the primary group in the unix userdatase when an + administrator sets the primary group from the windows user + manager or when fetching a SAM with <command>net rpc + vampire</command>. <parameter>%u</parameter> will be replaced + with the user whose primary group is to be set. + <parameter>%g</parameter> will be replaced with the group to + set.</para> + + <para>Default: <emphasis>No default value</emphasis></para> + + <para>Example: <command>set primary group script = /usr/sbin/usermod -g '%g' '%u'</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/shutdownscript.xml b/docs/docbook/smbdotconf/logon/shutdownscript.xml new file mode 100644 index 0000000000..0eaffea747 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/shutdownscript.xml @@ -0,0 +1,59 @@ +<samba:parameter name="shutdown script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> + This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> that should start a shutdown procedure.</para> + + <para>This command will be run as the user connected to the server.</para> + + <para>%m %t %r %f parameters are expanded:</para> + + <itemizedlist> + <listitem> + <para><parameter moreinfo="none">%m</parameter> will be substituted with the + shutdown message sent to the server.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">%t</parameter> will be substituted with the + number of seconds to wait before effectively starting the + shutdown procedure.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">%r</parameter> will be substituted with the + switch <emphasis>-r</emphasis>. It means reboot after shutdown + for NT.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">%f</parameter> will be substituted with the + switch <emphasis>-f</emphasis>. It means force the shutdown + even if applications do not respond for NT.</para> + </listitem> + </itemizedlist> + + <para>Default: <emphasis>None</emphasis>.</para> + + <para>Example: <command moreinfo="none">abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para> + + <para>Shutdown script example: +<programlisting format="linespecific"> +#!/bin/bash + +$time=0 +let "time/60" +let "time++" + +/sbin/shutdown $3 $4 +$time $1 & +</programlisting> +Shutdown does not return so we need to launch it in background. +</para> + + <para>See also <link linkend="ABORTSHUTDOWNSCRIPT"> + <parameter moreinfo="none">abort shutdown script</parameter></link>.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/addprintercommand.xml b/docs/docbook/smbdotconf/printing/addprintercommand.xml new file mode 100644 index 0000000000..63b3f567b1 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/addprintercommand.xml @@ -0,0 +1,63 @@ +<samba:parameter name="addprinter command" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>With the introduction of MS-RPC based printing + support for Windows NT/2000 clients in Samba 2.2, The MS Add + Printer Wizard (APW) icon is now also available in the + "Printers..." folder displayed a share listing. The APW + allows for printers to be add remotely to a Samba or Windows + NT/2000 print server.</para> + + <para>For a Samba host this means that the printer must be + physically added to the underlying printing system. The <parameter moreinfo="none">add + printer command</parameter> defines a script to be run which + will perform the necessary operations for adding the printer + to the print system and to add the appropriate service definition + to the <filename moreinfo="none">smb.conf</filename> file in order that it can be + shared by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>.</para> + + <para>The <parameter moreinfo="none">addprinter command</parameter> is + automatically invoked with the following parameter (in + order):</para> + + <itemizedlist> + <listitem><para><parameter moreinfo="none">printer name</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">share name</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">port name</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">driver name</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">location</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">Windows 9x driver location</parameter></para></listitem> + </itemizedlist> + + <para>All parameters are filled in from the PRINTER_INFO_2 structure sent + by the Windows NT/2000 client with one exception. The "Windows 9x + driver location" parameter is included for backwards compatibility + only. The remaining fields in the structure are generated from answers + to the APW questions.</para> + + <para>Once the <parameter moreinfo="none">addprinter command</parameter> has + been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none"> + smb.conf</filename> to determine if the share defined by the APW + exists. If the sharename is still invalid, then <command moreinfo="none">smbd + </command> will return an ACCESS_DENIED error to the client.</para> + + <para> + The "add printer command" program can output a single line of text, + which Samba will set as the port the new printer is connected to. + If this line isn't output, Samba won't reload its printer shares. + </para> + + <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter moreinfo="none"> + deleteprinter command</parameter></link>, <link linkend="PRINTING"> + <parameter moreinfo="none">printing</parameter></link>, + <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add + printer wizard</parameter></link></para> + + <para>Default: <emphasis>none</emphasis></para> + + <para>Example: <command moreinfo="none">addprinter command = /usr/bin/addprinter</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/defaultdevmode.xml b/docs/docbook/smbdotconf/printing/defaultdevmode.xml new file mode 100644 index 0000000000..1f14b21f5f --- /dev/null +++ b/docs/docbook/smbdotconf/printing/defaultdevmode.xml @@ -0,0 +1,37 @@ +<samba:parameter name="default devmode" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter is only applicable to <link linkend="PRINTOK">printable</link> services. + When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba + server has a Device Mode which defines things such as paper size and + orientation and duplex settings. The device mode can only correctly be + generated by the printer driver itself (which can only be executed on a + Win32 platform). Because smbd is unable to execute the driver code + to generate the device mode, the default behavior is to set this field + to NULL. + </para> + + <para>Most problems with serving printer drivers to Windows NT/2k/XP clients + can be traced to a problem with the generated device mode. Certain drivers + will do things such as crashing the client's Explorer.exe with a NULL devmode. + However, other printer drivers can cause the client's spooler service + (spoolsv.exe) to die if the devmode was not created by the driver itself + (i.e. smbd generates a default devmode). + </para> + + <para>This parameter should be used with care and tested with the printer + driver in question. It is better to leave the device mode to NULL + and let the Windows client set the correct values. Because drivers do not + do this all the time, setting <command moreinfo="none">default devmode = yes</command> + will instruct smbd to generate a default one. + </para> + + <para>For more information on Windows NT/2k printing and Device Modes, + see the <ulink url="http://msdn.microsoft.com/">MSDN documentation</ulink>. + </para> + + <para>Default: <command moreinfo="none">default devmode = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/deleteprintercommand.xml b/docs/docbook/smbdotconf/printing/deleteprintercommand.xml new file mode 100644 index 0000000000..864f75168d --- /dev/null +++ b/docs/docbook/smbdotconf/printing/deleteprintercommand.xml @@ -0,0 +1,38 @@ +<samba:parameter name="deleteprinter command" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>With the introduction of MS-RPC based printer + support for Windows NT/2000 clients in Samba 2.2, it is now + possible to delete printer at run time by issuing the + DeletePrinter() RPC call.</para> + + <para>For a Samba host this means that the printer must be + physically deleted from underlying printing system. The <parameter moreinfo="none"> + deleteprinter command</parameter> defines a script to be run which + will perform the necessary operations for removing the printer + from the print system and from <filename moreinfo="none">smb.conf</filename>. + </para> + + <para>The <parameter moreinfo="none">deleteprinter command</parameter> is + automatically called with only one parameter: <parameter moreinfo="none"> + "printer name"</parameter>.</para> + + <para>Once the <parameter moreinfo="none">deleteprinter command</parameter> has + been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none"> + smb.conf</filename> to associated printer no longer exists. + If the sharename is still valid, then <command moreinfo="none">smbd + </command> will return an ACCESS_DENIED error to the client.</para> + + <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none"> + addprinter command</parameter></link>, <link linkend="PRINTING"> + <parameter moreinfo="none">printing</parameter></link>, + <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add + printer wizard</parameter></link></para> + + <para>Default: <emphasis>none</emphasis></para> + + <para>Example: <command moreinfo="none">deleteprinter command = /usr/bin/removeprinter</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/enumportscommand.xml b/docs/docbook/smbdotconf/printing/enumportscommand.xml new file mode 100644 index 0000000000..7cdf0cc370 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/enumportscommand.xml @@ -0,0 +1,25 @@ +<samba:parameter name="enumports command" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The concept of a "port" is fairly foreign + to UNIX hosts. Under Windows NT/2000 print servers, a port + is associated with a port monitor and generally takes the form of + a local port (i.e. LPT1:, COM1:, FILE:) or a remote port + (i.e. LPD Port Monitor, etc...). By default, Samba has only one + port defined--<constant>"Samba Printer Port"</constant>. Under + Windows NT/2000, all printers must have a valid port name. + If you wish to have a list of ports displayed (<command moreinfo="none">smbd + </command> does not use a port name for anything) other than + the default <constant>"Samba Printer Port"</constant>, you + can define <parameter moreinfo="none">enumports command</parameter> to point to + a program which should generate a list of ports, one per line, + to standard output. This listing will then be used in response + to the level 1 and 2 EnumPorts() RPC.</para> + + <para>Default: <emphasis>no enumports command</emphasis></para> + + <para>Example: <command moreinfo="none">enumports command = /usr/bin/listports</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lppausecommand.xml b/docs/docbook/smbdotconf/printing/lppausecommand.xml new file mode 100644 index 0000000000..15c5aca990 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/lppausecommand.xml @@ -0,0 +1,43 @@ +<samba:parameter name="lppause command" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the command to be + executed on the server host in order to stop printing or spooling + a specific print job.</para> + + <para>This command should be a program or script which takes + a printer name and job number to pause the print job. One way + of implementing this is by using job priorities, where jobs + having a too low priority won't be sent to the printer.</para> + + <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name + is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with + the job number (an integer). On HPUX (see <parameter moreinfo="none">printing=hpux + </parameter>), if the <parameter moreinfo="none">-p%p</parameter> option is added + to the lpq command, the job will show up with the correct status, i.e. + if the job priority is lower than the set fence priority it will + have the PAUSED status, whereas if the priority is equal or higher it + will have the SPOOLED or PRINTING status.</para> + + <para>Note that it is good practice to include the absolute path + in the lppause command as the PATH may not be available to the server.</para> + + <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing + </parameter></link> parameter.</para> + + <para>Default: Currently no default value is given to + this string, unless the value of the <parameter moreinfo="none">printing</parameter> + parameter is <constant>SYSV</constant>, in which case the default is :</para> + + <para><command moreinfo="none">lp -i %p-%j -H hold</command></para> + + <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter + is <constant>SOFTQ</constant>, then the default is:</para> + + <para><command moreinfo="none">qstat -s -j%j -h</command></para> + + <para>Example for HPUX: <command moreinfo="none">lppause command = /usr/bin/lpalt %p-%j -p0</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lpresumecommand.xml b/docs/docbook/smbdotconf/printing/lpresumecommand.xml new file mode 100644 index 0000000000..ae3241bfa9 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/lpresumecommand.xml @@ -0,0 +1,39 @@ +<samba:parameter name="lpresume command" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the command to be + executed on the server host in order to restart or continue + printing or spooling a specific print job.</para> + + <para>This command should be a program or script which takes + a printer name and job number to resume the print job. See + also the <link linkend="LPPAUSECOMMAND"><parameter moreinfo="none">lppause command + </parameter></link> parameter.</para> + + <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name + is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with + the job number (an integer).</para> + + <para>Note that it is good practice to include the absolute path + in the <parameter moreinfo="none">lpresume command</parameter> as the PATH may not + be available to the server.</para> + + <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing + </parameter></link> parameter.</para> + + <para>Default: Currently no default value is given + to this string, unless the value of the <parameter moreinfo="none">printing</parameter> + parameter is <constant>SYSV</constant>, in which case the default is :</para> + + <para><command moreinfo="none">lp -i %p-%j -H resume</command></para> + + <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter + is <constant>SOFTQ</constant>, then the default is:</para> + + <para><command moreinfo="none">qstat -s -j%j -r</command></para> + + <para>Example for HPUX: <command moreinfo="none">lpresume command = /usr/bin/lpalt %p-%j -p2</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/os2drivermap.xml b/docs/docbook/smbdotconf/printing/os2drivermap.xml new file mode 100644 index 0000000000..478031c7b9 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/os2drivermap.xml @@ -0,0 +1,23 @@ +<samba:parameter name="os2 driver map" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The parameter is used to define the absolute + path to a file containing a mapping of Windows NT printer driver + names to OS/2 printer driver names. The format is:</para> + + <para><nt driver name> = <os2 driver name>.<device name></para> + + <para>For example, a valid entry using the HP LaserJet 5 + printer driver would appear as <command moreinfo="none">HP LaserJet 5L = LASERJET.HP + LaserJet 5L</command>.</para> + + <para>The need for the file is due to the printer driver namespace + problem described in the <ulink url="printing.html">Samba + Printing HOWTO</ulink>. For more details on OS/2 clients, please + refer to the OS2-Client-HOWTO containing in the Samba documentation.</para> + + <para>Default: <command moreinfo="none">os2 driver map = <empty string></command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printer.xml b/docs/docbook/smbdotconf/printing/printer.xml new file mode 100644 index 0000000000..0a9611ee03 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/printer.xml @@ -0,0 +1,9 @@ +<samba:parameter name="printer" + context="S" + hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Synonym for <link linkend="PRINTERNAME"><parameter moreinfo="none"> + printer name</parameter></link>.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printername.xml b/docs/docbook/smbdotconf/printing/printername.xml new file mode 100644 index 0000000000..9f76a673ad --- /dev/null +++ b/docs/docbook/smbdotconf/printing/printername.xml @@ -0,0 +1,18 @@ +<samba:parameter name="printer name" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the name of the printer + to which print jobs spooled through a printable service will be sent.</para> + + <para>If specified in the [global] section, the printer + name given will be used for any printable service that does + not have its own printer name specified.</para> + + <para>Default: <emphasis>none (but may be <constant>lp</constant> + on many systems)</emphasis></para> + + <para>Example: <command moreinfo="none">printer name = laserwriter</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printing.xml b/docs/docbook/smbdotconf/printing/printing.xml new file mode 100644 index 0000000000..633666eea7 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/printing.xml @@ -0,0 +1,31 @@ +<samba:parameter name="printing" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameters controls how printer status information is + interpreted on your system. It also affects the default values for + the <parameter moreinfo="none">print command</parameter>, <parameter + moreinfo="none">lpq command</parameter>, <parameter + moreinfo="none">lppause command </parameter>, <parameter + moreinfo="none">lpresume command</parameter>, and <parameter + moreinfo="none">lprm command</parameter> if specified in the + [global] section.</para> + + <para>Currently nine printing styles are supported. They are + <constant>BSD</constant>, <constant>AIX</constant>, + <constant>LPRNG</constant>, <constant>PLP</constant>, + <constant>SYSV</constant>, <constant>HPUX</constant>, + <constant>QNX</constant>, <constant>SOFTQ</constant>, + and <constant>CUPS</constant>.</para> + + <para>To see what the defaults are for the other print + commands when using the various options use the <citerefentry><refentrytitle>testparm</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> program.</para> + + <para>This option can be set on a per printer basis</para> + + <para>See also the discussion in the <link linkend="PRINTERSSECT"> + [printers]</link> section.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/queuepausecommand.xml b/docs/docbook/smbdotconf/printing/queuepausecommand.xml new file mode 100644 index 0000000000..13741a0e7f --- /dev/null +++ b/docs/docbook/smbdotconf/printing/queuepausecommand.xml @@ -0,0 +1,29 @@ +<samba:parameter name="queuepause command" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the command to be + executed on the server host in order to pause the printer queue.</para> + + <para>This command should be a program or script which takes + a printer name as its only parameter and stops the printer queue, + such that no longer jobs are submitted to the printer.</para> + + <para>This command is not supported by Windows for Workgroups, + but can be issued from the Printers window under Windows 95 + and NT.</para> + + <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name + is put in its place. Otherwise it is placed at the end of the command. + </para> + + <para>Note that it is good practice to include the absolute + path in the command as the PATH may not be available to the + server.</para> + + <para>Default: <emphasis>depends on the setting of <parameter moreinfo="none">printing</parameter></emphasis></para> + + <para>Example: <command moreinfo="none">queuepause command = disable %p</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/queueresumecommand.xml b/docs/docbook/smbdotconf/printing/queueresumecommand.xml new file mode 100644 index 0000000000..23f6702192 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/queueresumecommand.xml @@ -0,0 +1,33 @@ +<samba:parameter name="queueresume command" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the command to be + executed on the server host in order to resume the printer queue. It + is the command to undo the behavior that is caused by the + previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter moreinfo="none"> + queuepause command</parameter></link>).</para> + + <para>This command should be a program or script which takes + a printer name as its only parameter and resumes the printer queue, + such that queued jobs are resubmitted to the printer.</para> + + <para>This command is not supported by Windows for Workgroups, + but can be issued from the Printers window under Windows 95 + and NT.</para> + + <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name + is put in its place. Otherwise it is placed at the end of the + command.</para> + + <para>Note that it is good practice to include the absolute + path in the command as the PATH may not be available to the + server.</para> + + <para>Default: <emphasis>depends on the setting of <link linkend="PRINTING"> + <parameter moreinfo="none">printing</parameter></link></emphasis></para> + + <para>Example: <command moreinfo="none">queuepause command = enable %p</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml b/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml new file mode 100644 index 0000000000..5a0d5c8877 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml @@ -0,0 +1,35 @@ +<samba:parameter name="show add printer wizard" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>With the introduction of MS-RPC based printing support + for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will + appear on Samba hosts in the share listing. Normally this folder will + contain an icon for the MS Add Printer Wizard (APW). However, it is + possible to disable this feature regardless of the level of privilege + of the connected user.</para> + + <para>Under normal circumstances, the Windows NT/2000 client will + open a handle on the printer server with OpenPrinterEx() asking for + Administrator privileges. If the user does not have administrative + access on the print server (i.e is not root or a member of the + <parameter moreinfo="none">printer admin</parameter> group), the OpenPrinterEx() + call fails and the client makes another open call with a request for + a lower privilege level. This should succeed, however the APW + icon will not be displayed.</para> + + <para>Disabling the <parameter moreinfo="none">show add printer wizard</parameter> + parameter will always cause the OpenPrinterEx() on the server + to fail. Thus the APW icon will never be displayed. <emphasis> + Note :</emphasis>This does not prevent the same user from having + administrative privilege on an individual printer.</para> + + <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">addprinter + command</parameter></link>, <link linkend="DELETEPRINTERCOMMAND"> + <parameter moreinfo="none">deleteprinter command</parameter></link>, <link linkend="PRINTERADMIN"> + <parameter moreinfo="none">printer admin</parameter></link></para> + + <para>Default :<command moreinfo="none">show add printer wizard = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/security/encryptpasswords.xml b/docs/docbook/smbdotconf/security/encryptpasswords.xml new file mode 100644 index 0000000000..20b9353648 --- /dev/null +++ b/docs/docbook/smbdotconf/security/encryptpasswords.xml @@ -0,0 +1,24 @@ +<samba:parameter name="encrypt passwords" + context="G" + basic="1" advanced="1" wizard="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean controls whether encrypted passwords + will be negotiated with the client. Note that Windows NT 4.0 SP3 and + above and also Windows 98 will by default expect encrypted passwords + unless a registry entry is changed. To use encrypted passwords in + Samba see the chapter "User Database" in the Samba HOWTO Collection. </para> + + <para>In order for encrypted passwords to work correctly + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> must either + have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> program for information on how to set up + and maintain this file), or set the <link linkend="SECURITY">security = [server|domain|ads]</link> parameter which + causes <command moreinfo="none">smbd</command> to authenticate against another + server.</para> + + <para>Default: <command moreinfo="none">encrypt passwords = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml new file mode 100644 index 0000000000..c843969e50 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml @@ -0,0 +1,20 @@ +<samba:parameter name="host msdfs" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean parameter is only available + if Samba has been configured and compiled with the <command moreinfo="none"> + --with-msdfs</command> option. If set to <constant>yes</constant>, + Samba will act as a Dfs server, and allow Dfs-aware clients + to browse Dfs trees hosted on the server.</para> + + <para>See also the <link linkend="MSDFSROOT"><parameter moreinfo="none"> + msdfs root</parameter></link> share level parameter. For + more information on setting up a Dfs tree on Samba, + refer to <ulink url="msdfs_setup.html">msdfs_setup.html</ulink>. + </para> + + <para>Default: <command moreinfo="none">host msdfs = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/msdfsproxy.xml b/docs/docbook/smbdotconf/vfs/msdfsproxy.xml new file mode 100644 index 0000000000..c16968fda7 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/msdfsproxy.xml @@ -0,0 +1,18 @@ +<samba:parameter name="msdfs proxy" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter indicates that the share is a + stand-in for another CIFS share whose location is specified by + the value of the parameter. When clients attempt to connect to + this share, they are redirected to the proxied share using + the SMB-Dfs protocol.</para> + + <para>Only Dfs roots can act as proxy shares. Take a look at the + <link linkend="MSDFSROOT"><parameter moreinfo="none">msdfs root</parameter></link> + and <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link> + options to find out how to set up a Dfs root share.</para> + + <para>Example: <command moreinfo="none">msdfs proxy = \\\\otherserver\\someshare</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/msdfsroot.xml b/docs/docbook/smbdotconf/vfs/msdfsroot.xml new file mode 100644 index 0000000000..35142ff037 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/msdfsroot.xml @@ -0,0 +1,20 @@ +<samba:parameter name="msdfs root" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean parameter is only available if + Samba is configured and compiled with the <command moreinfo="none"> + --with-msdfs</command> option. If set to <constant>yes</constant>, + Samba treats the share as a Dfs root and allows clients to browse + the distributed file system tree rooted at the share directory. + Dfs links are specified in the share directory by symbolic + links of the form <filename moreinfo="none">msdfs:serverA\\shareA,serverB\\shareB</filename> + and so on. For more information on setting up a Dfs tree + on Samba, refer to <ulink url="msdfs.html">"Hosting a Microsoft + Distributed File System tree on Samba"</ulink> document.</para> + + <para>See also <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link></para> + + <para>Default: <command moreinfo="none">msdfs root = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfsobject.xml b/docs/docbook/smbdotconf/vfs/vfsobject.xml new file mode 100644 index 0000000000..c68e8d0135 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/vfsobject.xml @@ -0,0 +1,12 @@ +<samba:parameter name="vfs object" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies a shared object files that + are used for Samba VFS I/O operations. By default, normal + disk I/O operations are used but these can be overloaded + with one or more VFS objects. </para> + + <para>Default: <emphasis>no value</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfsoptions.xml b/docs/docbook/smbdotconf/vfs/vfsoptions.xml new file mode 100644 index 0000000000..d07ec461e2 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/vfsoptions.xml @@ -0,0 +1,12 @@ +<samba:parameter name="vfs options" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter allows parameters to be passed + to the vfs layer at initialization time. + See also <link linkend="VFSOBJECT"><parameter moreinfo="none"> + vfs object</parameter></link>.</para> + + <para>Default: <emphasis>no value</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfspath.xml b/docs/docbook/smbdotconf/vfs/vfspath.xml new file mode 100644 index 0000000000..c6718a0076 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/vfspath.xml @@ -0,0 +1,13 @@ +<samba:parameter name="vfs path" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the directory + to look in for vfs modules. The name of every <command moreinfo="none">vfs object + </command> will be prepended by this directory.</para> + + <para>Default: <command moreinfo="none">vfs path = </command></para> + + <para>Example: <command moreinfo="none">vfs path = /usr/lib/samba/vfs</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/templatehomedir.xml b/docs/docbook/smbdotconf/winbind/templatehomedir.xml new file mode 100644 index 0000000000..6c19617bab --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/templatehomedir.xml @@ -0,0 +1,17 @@ +<samba:parameter name="template homedir" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>When filling out the user information for a Windows NT + user, the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon uses this + parameter to fill in the home directory for that user. If the + string <parameter moreinfo="none">%D</parameter> is present it + is substituted with the user's Windows NT domain name. If the + string <parameter moreinfo="none">%U</parameter> is present it + is substituted with the user's Windows NT user name.</para> + + <para>Default: <command moreinfo="none">template homedir = /home/%D/%U</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/templateshell.xml b/docs/docbook/smbdotconf/winbind/templateshell.xml new file mode 100644 index 0000000000..1104387331 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/templateshell.xml @@ -0,0 +1,13 @@ +<samba:parameter name="template shell" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>When filling out the user information for a Windows NT + user, the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon uses this + parameter to fill in the login shell for that user.</para> + + <para>Default: <command moreinfo="none">template shell = /bin/false</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindcachetime.xml b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml new file mode 100644 index 0000000000..3080adc7c8 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml @@ -0,0 +1,14 @@ +<samba:parameter name="winbind cache time" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the number of + seconds the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon will cache + user and group information before querying a Windows NT server + again.</para> + + <para>Default: <command moreinfo="none">winbind cache type = 15</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml b/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml new file mode 100644 index 0000000000..1cffca7492 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml @@ -0,0 +1,21 @@ +<samba:parameter name="winbind enum groups" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> it may be necessary to suppress + the enumeration of groups through the <command moreinfo="none">setgrent()</command>, + <command moreinfo="none">getgrent()</command> and + <command moreinfo="none">endgrent()</command> group of system calls. If + the <parameter moreinfo="none">winbind enum groups</parameter> parameter is + <constant>no</constant>, calls to the <command moreinfo="none">getgrent()</command> system + call will not return any data. </para> + + <para><emphasis>Warning:</emphasis> Turning off group + enumeration may cause some programs to behave oddly. + </para> + + <para>Default: <command moreinfo="none">winbind enum groups = yes </command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindenumusers.xml b/docs/docbook/smbdotconf/winbind/winbindenumusers.xml new file mode 100644 index 0000000000..95f1e7ff4c --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindenumusers.xml @@ -0,0 +1,23 @@ +<samba:parameter name="winbind enum users" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> it may be + necessary to suppress the enumeration of users through the <command moreinfo="none">setpwent()</command>, + <command moreinfo="none">getpwent()</command> and + <command moreinfo="none">endpwent()</command> group of system calls. If + the <parameter moreinfo="none">winbind enum users</parameter> parameter is + <constant>no</constant>, calls to the <command moreinfo="none">getpwent</command> system call + will not return any data. </para> + + <para><emphasis>Warning:</emphasis> Turning off user + enumeration may cause some programs to behave oddly. For + example, the finger program relies on having access to the + full user list when searching for matching + usernames. </para> + + <para>Default: <command moreinfo="none">winbind enum users = yes </command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindgid.xml b/docs/docbook/smbdotconf/winbind/winbindgid.xml new file mode 100644 index 0000000000..a8414e9e8c --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindgid.xml @@ -0,0 +1,16 @@ +<samba:parameter name="winbind gid" + context="G" + advanced="1" developer="1" hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The winbind gid parameter specifies the range of group + ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon. This range of group ids should have no + existing local or NIS groups within it as strange conflicts can + occur otherwise.</para> + + <para>Default: <command moreinfo="none">winbind gid = <empty string></command></para> + + <para>Example: <command moreinfo="none">winbind gid = 10000-20000</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindseparator.xml b/docs/docbook/smbdotconf/winbind/winbindseparator.xml new file mode 100644 index 0000000000..cefc69d5bd --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindseparator.xml @@ -0,0 +1,21 @@ +<samba:parameter name="winbind separator" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter allows an admin to define the character + used when listing a username of the form of <replaceable>DOMAIN + </replaceable>\<replaceable>user</replaceable>. This parameter + is only applicable when using the <filename moreinfo="none">pam_winbind.so</filename> + and <filename moreinfo="none">nss_winbind.so</filename> modules for UNIX services. + </para> + + <para>Please note that setting this parameter to + causes problems + with group membership at least on glibc systems, as the character + + is used as a special character for NIS in /etc/group.</para> + + <para>Default: <command moreinfo="none">winbind separator = '\'</command></para> + + <para>Example: <command moreinfo="none">winbind separator = +</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbinduid.xml b/docs/docbook/smbdotconf/winbind/winbinduid.xml new file mode 100644 index 0000000000..6fee40fcb8 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbinduid.xml @@ -0,0 +1,16 @@ +<samba:parameter name="winbind uid" + context="G" + advanced="1" developer="1" hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The winbind gid parameter specifies the range of group + ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon. This range of ids should have no + existing local or NIS users within it as strange conflicts can + occur otherwise.</para> + + <para>Default: <command moreinfo="none">winbind uid = <empty string></command></para> + + <para>Example: <command moreinfo="none">winbind uid = 10000-20000</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml new file mode 100644 index 0000000000..5c31a7f9b0 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml @@ -0,0 +1,19 @@ +<samba:parameter name="winbind used default domain" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies whether the + <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon should operate on users + without domain component in their username. Users without a domain + component are treated as is part of the winbindd server's own + domain. While this does not benifit Windows users, it makes SSH, FTP and + e-mail function in a way much closer to the way they + would in a native unix system.</para> + + <para>Default: <command moreinfo="none">winbind use default domain = <no></command></para> + + <para>Example: <command moreinfo="none">winbind use default domain = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/dnsproxy.xml b/docs/docbook/smbdotconf/wins/dnsproxy.xml new file mode 100644 index 0000000000..45ec160c5a --- /dev/null +++ b/docs/docbook/smbdotconf/wins/dnsproxy.xml @@ -0,0 +1,25 @@ +<samba:parameter name="dns proxy" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Specifies that <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server and + finding that a NetBIOS name has not been registered, should treat the + NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server + for that name on behalf of the name-querying client.</para> + + <para>Note that the maximum length for a NetBIOS name is 15 + characters, so the DNS name (or DNS alias) can likewise only be + 15 characters, maximum.</para> + + <para><command moreinfo="none">nmbd</command> spawns a second copy of itself to do the + DNS name lookup requests, as doing a name lookup is a blocking + action.</para> + + <para>See also the parameter <link linkend="WINSSUPPORT"><parameter moreinfo="none"> + wins support</parameter></link>.</para> + + <para>Default: <command moreinfo="none">dns proxy = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winshook.xml b/docs/docbook/smbdotconf/wins/winshook.xml new file mode 100644 index 0000000000..e38e93f6b5 --- /dev/null +++ b/docs/docbook/smbdotconf/wins/winshook.xml @@ -0,0 +1,57 @@ +<samba:parameter name="wins hook" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>When Samba is running as a WINS server this + allows you to call an external program for all changes to the + WINS database. The primary use for this option is to allow the + dynamic update of external name resolution databases such as + dynamic DNS.</para> + + <para>The wins hook parameter specifies the name of a script + or executable that will be called as follows:</para> + + <para><command moreinfo="none">wins_hook operation name nametype ttl IP_list</command></para> + + <itemizedlist> + <listitem> + <para>The first argument is the operation and is + one of "add", "delete", or + "refresh". In most cases the operation + can be ignored as the rest of the parameters + provide sufficient information. Note that + "refresh" may sometimes be called when + the name has not previously been added, in that + case it should be treated as an add.</para> + </listitem> + + <listitem> + <para>The second argument is the NetBIOS name. If the + name is not a legal name then the wins hook is not called. + Legal names contain only letters, digits, hyphens, underscores + and periods.</para> + </listitem> + + <listitem> + <para>The third argument is the NetBIOS name + type as a 2 digit hexadecimal number. </para> + </listitem> + + <listitem> + <para>The fourth argument is the TTL (time to live) + for the name in seconds.</para> + </listitem> + + <listitem> + <para>The fifth and subsequent arguments are the IP + addresses currently registered for that name. If this list is + empty then the name should be deleted.</para> + </listitem> + </itemizedlist> + + <para>An example script that calls the BIND dynamic DNS update + program <command moreinfo="none">nsupdate</command> is provided in the examples + directory of the Samba source code. </para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winspartners.xml b/docs/docbook/smbdotconf/wins/winspartners.xml new file mode 100644 index 0000000000..9ec277ed2d --- /dev/null +++ b/docs/docbook/smbdotconf/wins/winspartners.xml @@ -0,0 +1,17 @@ +<samba:parameter name="wins partner" + context="G" + advanced="1" wizard="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>A space separated list of partners' IP addresses for + WINS replication. WINS partners are always defined as push/pull + partners as defining only one way WINS replication is unreliable. + WINS replication is currently experimental and unreliable between + samba servers. + </para> + + <para>Default: <command moreinfo="none">wins partners = </command></para> + + <para>Example: <command moreinfo="none">wins partners = 192.168.0.1 172.16.1.2</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winsproxy.xml b/docs/docbook/smbdotconf/wins/winsproxy.xml new file mode 100644 index 0000000000..11f47e31c7 --- /dev/null +++ b/docs/docbook/smbdotconf/wins/winsproxy.xml @@ -0,0 +1,13 @@ +<samba:parameter name="wins proxy" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a boolean that controls if <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will respond to broadcast name + queries on behalf of other hosts. You may need to set this + to <constant>yes</constant> for some older clients.</para> + + <para>Default: <command moreinfo="none">wins proxy = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winsserver.xml b/docs/docbook/smbdotconf/wins/winsserver.xml new file mode 100644 index 0000000000..12ee635acd --- /dev/null +++ b/docs/docbook/smbdotconf/wins/winsserver.xml @@ -0,0 +1,37 @@ +<samba:parameter name="wins server" + context="G" + basic="1" advanced="1" wizard="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This specifies the IP address (or DNS name: IP + address for preference) of the WINS server that <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> should register with. If you have a WINS server on + your network then you should set this to the WINS server's IP.</para> + + <para>You should point this at your WINS server if you have a + multi-subnetted network.</para> + + <para>If you want to work in multiple namespaces, you can + give every wins server a 'tag'. For each tag, only one + (working) server will be queried for a name. The tag should be + seperated from the ip address by a colon. + </para> + + <note><para>You need to set up Samba to point + to a WINS server if you have multiple subnets and wish cross-subnet + browsing to work correctly.</para></note> + + <para>See the documentation file <ulink url="improved-browsing.html">Browsing</ulink> in the samba howto collection.</para> + + <para>Default: <emphasis>not enabled</emphasis></para> + + <para>Example: <command>wins server = mary:192.9.200.1 fred:192.168.3.199 mary:192.168.2.61</command></para> + + <para>For this example when querying a certain name, 192.19.200.1 will + be asked first and if that doesn't respond 192.168.2.61. If either + of those doesn't know the name 192.168.3.199 will be queried. + </para> + + <para>Example: <command>wins server = 192.9.200.1 192.168.2.61</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winssupport.xml b/docs/docbook/smbdotconf/wins/winssupport.xml new file mode 100644 index 0000000000..eef59e708f --- /dev/null +++ b/docs/docbook/smbdotconf/wins/winssupport.xml @@ -0,0 +1,15 @@ +<samba:parameter name="wins support" + context="G" + basic="1" advanced="1" wizard="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean controls if the <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> process in Samba will act as a WINS server. You should + not set this to <constant>yes</constant> unless you have a multi-subnetted network and + you wish a particular <command moreinfo="none">nmbd</command> to be your WINS server. + Note that you should <emphasis>NEVER</emphasis> set this to <constant>yes</constant> + on more than one machine in your network.</para> + + <para>Default: <command moreinfo="none">wins support = no</command></para> +</listitem> +</samba:parameter> diff --git a/source3/groupdb/.cvsignore b/source3/groupdb/.cvsignore new file mode 100644 index 0000000000..22beab949c --- /dev/null +++ b/source3/groupdb/.cvsignore @@ -0,0 +1,2 @@ +.po +.po32 diff --git a/source3/include/authdata.h b/source3/include/authdata.h new file mode 100644 index 0000000000..0798b72bdf --- /dev/null +++ b/source3/include/authdata.h @@ -0,0 +1,152 @@ +/* + Unix SMB/CIFS implementation. + Kerberos authorization data + Copyright (C) Jim McDonough 2003 + + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _AUTHDATA_H +#define _AUTHDATA_H + +#include "rpc_misc.h" + +#define PAC_TYPE_LOGON_INFO 1 +#define PAC_TYPE_SERVER_CHECKSUM 6 +#define PAC_TYPE_PRIVSVR_CHECKSUM 7 +#define PAC_TYPE_UNKNOWN_10 10 + +typedef struct unknown_type_10 { + NTTIME unknown_time; + uint16 len; + uint16 *username; /* might not be null terminated, so not UNISTR */ +} UNKNOWN_TYPE_10; + +typedef struct pac_signature_data { + uint32 type; + uint8 *signature; +} PAC_SIGNATURE_DATA; + +typedef struct group_membership { + uint32 rid; + uint32 attrs; +} GROUP_MEMBERSHIP; + +typedef struct group_membership_array { + uint32 count; + GROUP_MEMBERSHIP *group_membership; +} GROUP_MEMBERSHIP_ARRAY; + +typedef struct krb_sid_and_attrs { + uint32 sid_ptr; + uint32 attrs; + DOM_SID2 *sid; +} KRB_SID_AND_ATTRS; + +typedef struct krb_sid_and_attr_array { + uint32 count; + KRB_SID_AND_ATTRS *krb_sid_and_attrs; +} KRB_SID_AND_ATTR_ARRAY; + + +/* This is awfully similar to a samr_user_info_23, but not identical. + Many of the field names have been swiped from there, because it is + so similar that they are likely the same, but many have been verified. + Some are in a different order, though... */ +typedef struct pac_logon_info { + NTTIME logon_time; /* logon time */ + NTTIME logoff_time; /* logoff time */ + NTTIME kickoff_time; /* kickoff time */ + NTTIME pass_last_set_time; /* password last set time */ + NTTIME pass_can_change_time; /* password can change time */ + NTTIME pass_must_change_time; /* password must change time */ + + UNIHDR hdr_user_name; /* user name unicode string header */ + UNIHDR hdr_full_name; /* user's full name unicode string header */ + UNIHDR hdr_logon_script; /* these last 4 appear to be in a different */ + UNIHDR hdr_profile_path; /* order than in the info23 */ + UNIHDR hdr_home_dir; + UNIHDR hdr_dir_drive; + + uint16 logon_count; /* number of times user has logged onto domain */ + uint16 reserved12; + + uint32 user_rid; + uint32 group_rid; + uint32 group_count; + uint32 group_membership_ptr; + uint32 user_flags; + + uint32 reserved13[4]; + UNIHDR hdr_dom_controller; + UNIHDR hdr_dom_name; + + uint32 ptr_dom_sid; + + uint32 reserved16[2]; + uint32 reserved17; /* looks like it may be acb_info */ + uint32 reserved18[7]; + + uint32 sid_count; + uint32 ptr_extra_sids; + + uint32 ptr_res_group_dom_sid; + uint32 res_group_count; + uint32 ptr_res_groups; + + UNISTR2 uni_user_name; /* user name unicode string header */ + UNISTR2 uni_full_name; /* user's full name unicode string header */ + UNISTR2 uni_logon_script; /* these last 4 appear to be in a different*/ + UNISTR2 uni_profile_path; /* order than in the info23 */ + UNISTR2 uni_home_dir; + UNISTR2 uni_dir_drive; + UNISTR2 uni_dom_controller; + UNISTR2 uni_dom_name; + DOM_SID2 dom_sid; + GROUP_MEMBERSHIP_ARRAY groups; + KRB_SID_AND_ATTR_ARRAY extra_sids; + DOM_SID2 res_group_dom_sid; + GROUP_MEMBERSHIP_ARRAY res_groups; + +} PAC_LOGON_INFO; + +typedef struct pac_info_ctr +{ + union + { + PAC_LOGON_INFO *logon_info; + PAC_SIGNATURE_DATA *srv_cksum; + PAC_SIGNATURE_DATA *privsrv_cksum; + UNKNOWN_TYPE_10 *type_10; + } pac; +} PAC_INFO_CTR; + +typedef struct pac_info_hdr { + uint32 type; + uint32 size; + uint32 offset; + uint32 offsethi; + PAC_INFO_CTR *ctr; +} PAC_INFO_HDR; + +typedef struct pac_data { + uint32 num_buffers; + uint32 version; + PAC_INFO_HDR *pac_info_hdr_ptr; +} PAC_DATA; + + +#endif diff --git a/source3/include/fake_file.h b/source3/include/fake_file.h new file mode 100644 index 0000000000..3fe60072e9 --- /dev/null +++ b/source3/include/fake_file.h @@ -0,0 +1,46 @@ +/* + Unix SMB/CIFS implementation. + FAKE FILE suppport, for faking up special files windows want access to + Copyright (C) Stefan (metze) Metzmacher 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _FAKE_FILE_H +#define _FAKE_FILE_H + +enum FAKE_FILE_TYPE { + FAKE_FILE_TYPE_NONE = 0, + FAKE_FILE_TYPE_QUOTA +}; + +#define FAKE_FILE_NAME_QUOTA "\\$Extend\\$Quota:$Q:$INDEX_ALLOCATION" + +typedef struct _FAKE_FILE_HANDLE { + enum FAKE_FILE_TYPE type; + TALLOC_CTX *mem_ctx; + void *pd; /* for private data */ + void (*free_pd)(void **pd); /* free private_data */ +} FAKE_FILE_HANDLE; + +typedef struct _FAKE_FILE { + const char *name; + enum FAKE_FILE_TYPE type; + void *(*init_pd)(TALLOC_CTX *men_ctx); + void (*free_pd)(void **pd); +} FAKE_FILE; + + +#endif /* _FAKE_FILE_H */ diff --git a/source3/include/ntquotas.h b/source3/include/ntquotas.h new file mode 100644 index 0000000000..1425e59bb8 --- /dev/null +++ b/source3/include/ntquotas.h @@ -0,0 +1,97 @@ +/* + Unix SMB/CIFS implementation. + NT QUOTA code constants + Copyright (C) Stefan (metze) Metzmacher 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _NTQUOTAS_H +#define _NTQUOTAS_H + +/* + * details for Quota Flags: + * + * 0x20 Log Limit: log if the user exceeds his Hard Quota + * 0x10 Log Warn: log if the user exceeds his Soft Quota + * 0x02 Deny Disk: deny disk access when the user exceeds his Hard Quota + * 0x01 Enable Quotas: enable quota for this fs + * + */ + +#define QUOTAS_ENABLED 0x0001 +#define QUOTAS_DENY_DISK 0x0002 +#define QUOTAS_LOG_VIOLATIONS 0x0004 +#define CONTENT_INDEX_DISABLED 0x0008 +#define QUOTAS_LOG_THRESHOLD 0x0010 +#define QUOTAS_LOG_LIMIT 0x0020 +#define LOG_VOLUME_THRESHOLD 0x0040 +#define LOG_VOLUME_LIMIT 0x0080 +#define QUOTAS_INCOMPLETE 0x0100 +#define QUOTAS_REBUILDING 0x0200 +#define QUOTAS_0400 0x0400 +#define QUOTAS_0800 0x0800 +#define QUOTAS_1000 0x1000 +#define QUOTAS_2000 0x2000 +#define QUOTAS_4000 0x4000 +#define QUOTAS_8000 0x8000 + +#define SMB_NTQUOTAS_NO_LIMIT ((SMB_BIG_UINT)(-1)) +#define SMB_NTQUOTAS_NO_ENTRY ((SMB_BIG_UINT)(-2)) +#define SMB_NTQUOTAS_NO_SPACE ((SMB_BIG_UINT)(0)) +#define SMB_NTQUOTAS_1_B (SMB_BIG_UINT)0x0000000000000001 +#define SMB_NTQUOTAS_1KB (SMB_BIG_UINT)0x0000000000000400 +#define SMB_NTQUOTAS_1MB (SMB_BIG_UINT)0x0000000000100000 +#define SMB_NTQUOTAS_1GB (SMB_BIG_UINT)0x0000000040000000 +#define SMB_NTQUOTAS_1TB (SMB_BIG_UINT)0x0000010000000000 +#define SMB_NTQUOTAS_1PB (SMB_BIG_UINT)0x0004000000000000 +#define SMB_NTQUOTAS_1EB (SMB_BIG_UINT)0x1000000000000000 + +enum SMB_QUOTA_TYPE { + SMB_INVALID_QUOTA_TYPE = -1, + SMB_USER_FS_QUOTA_TYPE = 1, + SMB_USER_QUOTA_TYPE = 2, + SMB_GROUP_FS_QUOTA_TYPE = 3,/* not used yet */ + SMB_GROUP_QUOTA_TYPE = 4 /* not in use yet, maybe for disk_free queries */ +}; + +typedef struct _SMB_NTQUOTA_STRUCT { + enum SMB_QUOTA_TYPE qtype; + SMB_BIG_UINT usedspace; + SMB_BIG_UINT softlim; + SMB_BIG_UINT hardlim; + enum SMB_QUOTA_TYPE qflags; + DOM_SID sid; +} SMB_NTQUOTA_STRUCT; + +typedef struct _SMB_NTQUOTA_LIST { + struct _SMB_NTQUOTA_LIST *prev,*next; + TALLOC_CTX *mem_ctx; + uid_t uid; + SMB_NTQUOTA_STRUCT *quotas; +} SMB_NTQUOTA_LIST; + +typedef struct _SMB_NTQUOTA_HANDLE { + BOOL valid; + SMB_NTQUOTA_LIST *quota_list; + SMB_NTQUOTA_LIST *tmp_list; +} SMB_NTQUOTA_HANDLE; + +#define CHECK_NTQUOTA_HANDLE_OK(fsp,conn) (FNUM_OK(fsp,conn) &&\ + (fsp)->fake_file_handle &&\ + ((fsp)->fake_file_handle->type == FAKE_FILE_TYPE_QUOTA) &&\ + (fsp)->fake_file_handle->pd) + +#endif /*_NTQUOTAS_H */ diff --git a/source3/include/rpc_echo.h b/source3/include/rpc_echo.h new file mode 100644 index 0000000000..8fa389cf56 --- /dev/null +++ b/source3/include/rpc_echo.h @@ -0,0 +1,74 @@ +/* + Unix SMB/CIFS implementation. + + Samba rpcecho definitions. + + Copyright (C) Tim Potter 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_ECHO_H +#define _RPC_ECHO_H + +#define ECHO_ADD_ONE 0x00 +#define ECHO_DATA 0x01 +#define ECHO_SINK_DATA 0x02 +#define ECHO_SOURCE_DATA 0x03 + +typedef struct echo_q_add_one +{ + uint32 request; +} ECHO_Q_ADD_ONE; + +typedef struct echo_r_add_one +{ + uint32 response; +} ECHO_R_ADD_ONE; + +typedef struct echo_q_echo_data +{ + uint32 size; + char *data; +} ECHO_Q_ECHO_DATA; + +typedef struct echo_r_echo_data +{ + uint32 size; + char *data; +} ECHO_R_ECHO_DATA; + +typedef struct echo_q_source_data +{ + uint32 size; +} ECHO_Q_SOURCE_DATA; + +typedef struct echo_r_source_data +{ + uint32 size; + char *data; +} ECHO_R_SOURCE_DATA; + +typedef struct echo_q_sink_data +{ + uint32 size; + char *data; +} ECHO_Q_SINK_DATA; + +typedef struct echo_r_sink_data +{ +} ECHO_R_SINK_DATA; + +#endif diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c new file mode 100644 index 0000000000..c554a02e90 --- /dev/null +++ b/source3/libads/authdata.c @@ -0,0 +1,614 @@ +/* + Unix SMB/CIFS implementation. + kerberos authorization data (PAC) utility library + Copyright (C) Jim McDonough 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#ifdef HAVE_KRB5 + +static DATA_BLOB unwrap_pac(DATA_BLOB *auth_data) +{ + DATA_BLOB pac_contents; + ASN1_DATA data; + int data_type; + + asn1_load(&data, *auth_data); + asn1_start_tag(&data, ASN1_SEQUENCE(0)); + asn1_start_tag(&data, ASN1_SEQUENCE(0)); + asn1_start_tag(&data, ASN1_CONTEXT(0)); + asn1_read_Integer(&data, &data_type); + asn1_end_tag(&data); + asn1_start_tag(&data, ASN1_CONTEXT(1)); + asn1_read_OctetString(&data, &pac_contents); + asn1_end_tag(&data); + asn1_end_tag(&data); + asn1_end_tag(&data); + return pac_contents; +} + +static BOOL pac_io_unknown_type_10(const char *desc, UNKNOWN_TYPE_10 *type_10, + prs_struct *ps, int depth) +{ + if (NULL == type_10) + return False; + + prs_debug(ps, depth, desc, "pac_io_unknown_type_10"); + depth++; + + if (!smb_io_time("unknown_time", &type_10->unknown_time, ps, depth)) + return False; + + if (!prs_uint16("len", ps, depth, &type_10->len)) + return False; + + if (UNMARSHALLING(ps) && type_10->len) { + type_10->username = (uint16 *) prs_alloc_mem(ps, type_10->len); + if (!type_10->username) { + DEBUG(3, ("No memory available\n")); + return False; + } + } + + if (!prs_uint16s(True, "name", ps, depth, type_10->username, + (type_10->len / sizeof(uint16)))) + return False; + + return True; + +} + + +static BOOL pac_io_krb_sids(const char *desc, KRB_SID_AND_ATTRS *sid_and_attr, + prs_struct *ps, int depth) +{ + if (NULL == sid_and_attr) + return False; + + prs_debug(ps, depth, desc, "pac_io_krb_sids"); + depth++; + + if (UNMARSHALLING(ps)) { + sid_and_attr->sid = + (DOM_SID2 * ) prs_alloc_mem(ps, sizeof(DOM_SID2)); + if (!sid_and_attr->sid) { + DEBUG(3, ("No memory available\n")); + return False; + } + } + + if(!smb_io_dom_sid2("sid", sid_and_attr->sid, ps, depth)) + return False; + + return True; +} + + +static BOOL pac_io_krb_attrs(const char *desc, KRB_SID_AND_ATTRS *sid_and_attr, + prs_struct *ps, int depth) +{ + if (NULL == sid_and_attr) + return False; + + prs_debug(ps, depth, desc, "pac_io_krb_attrs"); + depth++; + + if (!prs_uint32("sid_ptr", ps, depth, &sid_and_attr->sid_ptr)) + return False; + if (!prs_uint32("attrs", ps, depth, &sid_and_attr->attrs)) + return False; + + return True; +} + +static BOOL pac_io_krb_sid_and_attr_array(const char *desc, + KRB_SID_AND_ATTR_ARRAY *array, + uint32 num, + prs_struct *ps, int depth) +{ + int i; + + if (NULL == array) + return False; + + prs_debug(ps, depth, desc, "pac_io_krb_sid_and_attr_array"); + depth++; + + + if (!prs_uint32("count", ps, depth, &array->count)) + return False; + + if (UNMARSHALLING(ps)) { + array->krb_sid_and_attrs = (KRB_SID_AND_ATTRS *) + prs_alloc_mem(ps, sizeof(KRB_SID_AND_ATTRS) * num); + if (!array->krb_sid_and_attrs) { + DEBUG(3, ("No memory available\n")); + return False; + } + } + + for (i=0; i<num; i++) { + if (!pac_io_krb_attrs(desc, + &array->krb_sid_and_attrs[i], + ps, depth)) + return False; + + } + for (i=0; i<num; i++) { + if (!pac_io_krb_sids(desc, + &array->krb_sid_and_attrs[i], + ps, depth)) + return False; + + } + + return True; + +} + +static BOOL pac_io_group_membership(const char *desc, + GROUP_MEMBERSHIP *membership, + prs_struct *ps, int depth) +{ + if (NULL == membership) + return False; + + prs_debug(ps, depth, desc, "pac_io_group_membership"); + depth++; + + if (!prs_uint32("rid", ps, depth, &membership->rid)) + return False; + if (!prs_uint32("attrs", ps, depth, &membership->attrs)) + return False; + + return True; +} + + +static BOOL pac_io_group_membership_array(const char *desc, + GROUP_MEMBERSHIP_ARRAY *array, + uint32 num, + prs_struct *ps, int depth) +{ + int i; + + if (NULL == array) + return False; + + prs_debug(ps, depth, desc, "pac_io_group_membership_array"); + depth++; + + + if (!prs_uint32("count", ps, depth, &array->count)) + return False; + + if (UNMARSHALLING(ps)) { + array->group_membership = (GROUP_MEMBERSHIP *) + prs_alloc_mem(ps, sizeof(GROUP_MEMBERSHIP) * num); + if (!array->group_membership) { + DEBUG(3, ("No memory available\n")); + return False; + } + } + + for (i=0; i<num; i++) { + if (!pac_io_group_membership(desc, + &array->group_membership[i], + ps, depth)) + return False; + + } + + return True; + +} + +static BOOL pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info, + prs_struct *ps, int depth) +{ + uint32 garbage; + if (NULL == info) + return False; + + prs_debug(ps, depth, desc, "pac_io_pac_logon_info"); + depth++; + + if (!prs_uint32("unknown", ps, depth, &garbage)) + return False; + if (!prs_uint32("unknown", ps, depth, &garbage)) + return False; + if (!prs_uint32("bufferlen", ps, depth, &garbage)) + return False; + if (!prs_uint32("bufferlenhi", ps, depth, &garbage)) + return False; + if (!prs_uint32("pointer", ps, depth, &garbage)) + return False; + + if (!smb_io_time("logon_time", &info->logon_time, ps, depth)) + return False; + if (!smb_io_time("logoff_time", &info->logoff_time, ps, depth)) + return False; + if (!smb_io_time("kickoff_time", &info->kickoff_time, ps, depth)) + return False; + if (!smb_io_time("pass_last_set_time", &info->pass_last_set_time, + ps, depth)) + return False; + if (!smb_io_time("pass_can_change_time", &info->pass_can_change_time, + ps, depth)) + return False; + if (!smb_io_time("pass_must_change_time", &info->pass_must_change_time, + ps, depth)) + return False; + + if (!smb_io_unihdr("hdr_user_name", &info->hdr_user_name, ps, depth)) + return False; + if (!smb_io_unihdr("hdr_full_name", &info->hdr_full_name, ps, depth)) + return False; + if (!smb_io_unihdr("hdr_logon_script", &info->hdr_logon_script, + ps, depth)) + return False; + if (!smb_io_unihdr("hdr_profile_path", &info->hdr_profile_path, + ps, depth)) + return False; + if (!smb_io_unihdr("hdr_home_dir", &info->hdr_home_dir, ps, depth)) + return False; + if (!smb_io_unihdr("hdr_dir_drive", &info->hdr_dir_drive, ps, depth)) + return False; + + if (!prs_uint16("logon_count", ps, depth, &info->logon_count)) + return False; + if (!prs_uint16("reserved12", ps, depth, &info->reserved12)) + return False; + if (!prs_uint32("user_rid", ps, depth, &info->user_rid)) + return False; + if (!prs_uint32("group_rid", ps, depth, &info->group_rid)) + return False; + if (!prs_uint32("group_count", ps, depth, &info->group_count)) + return False; + /* I haven't seen this contain anything yet, but when it does + we will have to make sure we decode the contents in the middle + all the unistr2s ... */ + if (!prs_uint32("group_mem_ptr", ps, depth, + &info->group_membership_ptr)) + return False; + if (!prs_uint32("user_flags", ps, depth, &info->user_flags)) + return False; + + if (!prs_uint32("reserved13.0", ps, depth, &info->reserved13[0])) + return False; + if (!prs_uint32("reserved13.1", ps, depth, &info->reserved13[1])) + return False; + if (!prs_uint32("reserved13.2", ps, depth, &info->reserved13[2])) + return False; + if (!prs_uint32("reserved13.3", ps, depth, &info->reserved13[3])) + return False; + + if (!smb_io_unihdr("hdr_dom_controller", + &info->hdr_dom_controller, ps, depth)) + return False; + if (!smb_io_unihdr("hdr_dom_name", &info->hdr_dom_name, ps, depth)) + return False; + + /* this should be followed, but just get ptr for now */ + if (!prs_uint32("ptr_dom_sid", ps, depth, &info->ptr_dom_sid)) + return False; + + if (!prs_uint32("reserved16.0", ps, depth, &info->reserved16[0])) + return False; + if (!prs_uint32("reserved16.1", ps, depth, &info->reserved16[1])) + return False; + + /* might be acb_info */ + if (!prs_uint32("reserved17", ps, depth, &info->reserved17)) + return False; + + + if (!prs_uint32("reserved18.0", ps, depth, &info->reserved18[0])) + return False; + if (!prs_uint32("reserved18.1", ps, depth, &info->reserved18[1])) + return False; + if (!prs_uint32("reserved18.2", ps, depth, &info->reserved18[2])) + return False; + if (!prs_uint32("reserved18.3", ps, depth, &info->reserved18[3])) + return False; + if (!prs_uint32("reserved18.4", ps, depth, &info->reserved18[4])) + return False; + if (!prs_uint32("reserved18.5", ps, depth, &info->reserved18[5])) + return False; + if (!prs_uint32("reserved18.6", ps, depth, &info->reserved18[6])) + return False; + + if (!prs_uint32("sid_count", ps, depth, &info->sid_count)) + return False; + if (!prs_uint32("ptr_extra_sids", ps, depth, &info->ptr_extra_sids)) + return False; + if (!prs_uint32("ptr_res_group_dom_sid", ps, depth, + &info->ptr_res_group_dom_sid)) + return False; + if (!prs_uint32("res_group_count", ps, depth, &info->res_group_count)) + return False; + if (!prs_uint32("ptr_res_groups", ps, depth, &info->ptr_res_groups)) + return False; + + if(!smb_io_unistr2("uni_user_name", &info->uni_user_name, + info->hdr_user_name.buffer, ps, depth)) + return False; + if(!smb_io_unistr2("uni_full_name", &info->uni_full_name, + info->hdr_full_name.buffer, ps, depth)) + return False; + if(!smb_io_unistr2("uni_logon_script", &info->uni_logon_script, + info->hdr_logon_script.buffer, ps, depth)) + return False; + if(!smb_io_unistr2("uni_profile_path", &info->uni_profile_path, + info->hdr_profile_path.buffer, ps, depth)) + return False; + if(!smb_io_unistr2("uni_home_dir", &info->uni_home_dir, + info->hdr_home_dir.buffer, ps, depth)) + return False; + if(!smb_io_unistr2("uni_dir_drive", &info->uni_dir_drive, + info->hdr_dir_drive.buffer, ps, depth)) + return False; + + if (info->group_membership_ptr) { + if (!pac_io_group_membership_array("group membership", + &info->groups, + info->group_count, + ps, depth)) + return False; + } + + + if(!smb_io_unistr2("uni_dom_controller", &info->uni_dom_controller, + info->hdr_dom_controller.buffer, ps, depth)) + return False; + if(!smb_io_unistr2("uni_dom_name", &info->uni_dom_name, + info->hdr_dom_name.buffer, ps, depth)) + return False; + + if(info->ptr_dom_sid) + if(!smb_io_dom_sid2("dom_sid", &info->dom_sid, ps, depth)) + return False; + + + if (info->sid_count && info->ptr_extra_sids) + if (!pac_io_krb_sid_and_attr_array("extra_sids", + &info->extra_sids, + info->sid_count, + ps, depth)) + return False; + + if (info->ptr_res_group_dom_sid) + if (!smb_io_dom_sid2("res_group_dom_sid", + &info->res_group_dom_sid, ps, depth)) + return False; + + if (info->ptr_res_groups) + if (!pac_io_group_membership_array("res group membership", + &info->res_groups, + info->res_group_count, + ps, depth)) + return False; + + return True; +} + + +static BOOL pac_io_pac_signature_data(const char *desc, + PAC_SIGNATURE_DATA *data, uint32 length, + prs_struct *ps, int depth) +{ + uint32 siglen = length - sizeof(uint32); + if (NULL == data) + return False; + + prs_debug(ps, depth, desc, "pac_io_pac_signature_data"); + depth++; + + if (!prs_uint32("type", ps, depth, &data->type)) + return False; + if (UNMARSHALLING(ps)) { + data->signature = prs_alloc_mem(ps, siglen); + if (!data->signature) { + DEBUG(3, ("No memory available\n")); + return False; + } + } + if (!prs_uint8s(False, "signature", ps, depth, data->signature,siglen)) + return False; + + return True; +} + +static BOOL pac_io_pac_info_hdr_ctr(const char *desc, PAC_INFO_HDR *hdr, + prs_struct *ps, int depth) +{ + if (NULL == hdr) + return False; + + prs_debug(ps, depth, desc, "pac_io_pac_info_hdr_ctr"); + depth++; + + if (!prs_align(ps)) + return False; + + if (hdr->offset != prs_offset(ps)) { + DEBUG(5, ("offset in header(x%x) and data(x%x) do not match\n", + hdr->offset, prs_offset(ps))); + prs_set_offset(ps, hdr->offset); + } + + if (UNMARSHALLING(ps) && hdr->size > 0) { + hdr->ctr = (PAC_INFO_CTR *) + prs_alloc_mem(ps, sizeof(PAC_INFO_CTR)); + if (!hdr->ctr) { + DEBUG(3, ("No memory available\n")); + return False; + } + } + + switch(hdr->type) { + case PAC_TYPE_LOGON_INFO: + DEBUG(5, ("PAC_TYPE_LOGON_INFO\n")); + if (UNMARSHALLING(ps)) + hdr->ctr->pac.logon_info = (PAC_LOGON_INFO *) + prs_alloc_mem(ps, sizeof(PAC_LOGON_INFO)); + if (!hdr->ctr->pac.logon_info) { + DEBUG(3, ("No memory available\n")); + return False; + } + if (!pac_io_pac_logon_info(desc, hdr->ctr->pac.logon_info, + ps, depth)) + return False; + break; + + case PAC_TYPE_SERVER_CHECKSUM: + DEBUG(5, ("PAC_TYPE_SERVER_CHECKSUM\n")); + if (UNMARSHALLING(ps)) + hdr->ctr->pac.srv_cksum = (PAC_SIGNATURE_DATA *) + prs_alloc_mem(ps, sizeof(PAC_SIGNATURE_DATA)); + if (!hdr->ctr->pac.srv_cksum) { + DEBUG(3, ("No memory available\n")); + return False; + } + if (!pac_io_pac_signature_data(desc, hdr->ctr->pac.srv_cksum, + hdr->size, ps, depth)) + return False; + break; + + case PAC_TYPE_PRIVSVR_CHECKSUM: + DEBUG(5, ("PAC_TYPE_PRIVSVR_CHECKSUM\n")); + if (UNMARSHALLING(ps)) + hdr->ctr->pac.privsrv_cksum = (PAC_SIGNATURE_DATA *) + prs_alloc_mem(ps, sizeof(PAC_SIGNATURE_DATA)); + if (!hdr->ctr->pac.privsrv_cksum) { + DEBUG(3, ("No memory available\n")); + return False; + } + if (!pac_io_pac_signature_data(desc, + hdr->ctr->pac.privsrv_cksum, + hdr->size, ps, depth)) + return False; + break; + + case PAC_TYPE_UNKNOWN_10: + DEBUG(5, ("PAC_TYPE_UNKNOWN_10\n")); + if (UNMARSHALLING(ps)) + hdr->ctr->pac.type_10 = (UNKNOWN_TYPE_10 *) + prs_alloc_mem(ps, sizeof(UNKNOWN_TYPE_10)); + if (!hdr->ctr->pac.type_10) { + DEBUG(3, ("No memory available\n")); + return False; + } + if (!pac_io_unknown_type_10(desc, hdr->ctr->pac.type_10, + ps, depth)) + return False; + break; + + default: + /* dont' know, so we need to skip it */ + DEBUG(3, ("unknown PAC type %d\n", hdr->type)); + prs_set_offset(ps, prs_offset(ps) + hdr->size); + } + + return True; +} + +static BOOL pac_io_pac_info_hdr(const char *desc, PAC_INFO_HDR *hdr, + prs_struct *ps, int depth) +{ + if (NULL == hdr) + return False; + + prs_debug(ps, depth, desc, "pac_io_pac_info_hdr"); + depth++; + + if (!prs_align(ps)) + return False; + if (!prs_uint32("type", ps, depth, &hdr->type)) + return False; + if (!prs_uint32("size", ps, depth, &hdr->size)) + return False; + if (!prs_uint32("offset", ps, depth, &hdr->offset)) + return False; + if (!prs_uint32("offsethi", ps, depth, &hdr->offsethi)) + return False; + + return True; +} + +static BOOL pac_io_pac_data(const char *desc, PAC_DATA *data, + prs_struct *ps, int depth) +{ + int i; + + if (NULL == data) + return False; + + prs_debug(ps, depth, desc, "pac_io_pac_data"); + depth++; + + if (!prs_align(ps)) + return False; + if (!prs_uint32("num_buffers", ps, depth, &data->num_buffers)) + return False; + if (!prs_uint32("version", ps, depth, &data->version)) + return False; + + if (UNMARSHALLING(ps) && data->num_buffers > 0) { + if ((data->pac_info_hdr_ptr = (PAC_INFO_HDR *) + prs_alloc_mem(ps, sizeof(PAC_INFO_HDR) * + data->num_buffers)) == NULL) { + return False; + } + } + + for (i=0; i<data->num_buffers; i++) { + if (!pac_io_pac_info_hdr(desc, &data->pac_info_hdr_ptr[i], ps, + depth)) + return False; + } + + for (i=0; i<data->num_buffers; i++) { + if (!pac_io_pac_info_hdr_ctr(desc, &data->pac_info_hdr_ptr[i], + ps, depth)) + return False; + } + + return True; +} + +PAC_DATA *decode_pac_data(DATA_BLOB *auth_data, TALLOC_CTX *ctx) +{ + DATA_BLOB pac_data_blob = unwrap_pac(auth_data); + prs_struct ps; + PAC_DATA *pac_data; + + DEBUG(5,("dump_pac_data\n")); + prs_init(&ps, pac_data_blob.length, ctx, UNMARSHALL); + prs_copy_data_in(&ps, pac_data_blob.data, pac_data_blob.length); + prs_set_offset(&ps, 0); + + pac_data = (PAC_DATA *) talloc_zero(ctx, sizeof(PAC_DATA)); + pac_io_pac_data("pac data", pac_data, &ps, 0); + + prs_mem_free(&ps); + + return pac_data; +} + +#endif diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c new file mode 100644 index 0000000000..00fe189e9a --- /dev/null +++ b/source3/libsmb/clifsinfo.c @@ -0,0 +1,76 @@ +/* + Unix SMB/CIFS implementation. + FS info functions + Copyright (C) Stefan (metze) Metzmacher 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + + +BOOL cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr) +{ + BOOL ret = False; + uint16 setup; + char param[2]; + char *rparam=NULL, *rdata=NULL; + unsigned int rparam_count=0, rdata_count=0; + + if (!cli||!fs_attr) + smb_panic("cli_get_fs_attr_info() called with NULL Pionter!"); + + setup = TRANSACT2_QFSINFO; + + SSVAL(param,0,SMB_QUERY_FS_ATTRIBUTE_INFO); + + if (!cli_send_trans(cli, SMBtrans2, + NULL, + 0, 0, + &setup, 1, 0, + param, 2, 0, + NULL, 0, 560)) { + goto cleanup; + } + + if (!cli_receive_trans(cli, SMBtrans2, + &rparam, &rparam_count, + &rdata, &rdata_count)) { + goto cleanup; + } + + if (cli_is_error(cli)) { + ret = False; + goto cleanup; + } else { + ret = True; + } + + if (rdata_count < 12) { + goto cleanup; + } + + *fs_attr = IVAL(rdata,0); + + /* todo: but not yet needed + * return the other stuff + */ + +cleanup: + SAFE_FREE(rparam); + SAFE_FREE(rdata); + + return ret; +} diff --git a/source3/rpc_client/cli_echo.c b/source3/rpc_client/cli_echo.c new file mode 100644 index 0000000000..03a4ab36ee --- /dev/null +++ b/source3/rpc_client/cli_echo.c @@ -0,0 +1,187 @@ +/* + Unix SMB/CIFS implementation. + + RPC pipe client + + Copyright (C) Tim Potter 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +NTSTATUS cli_echo_add_one(struct cli_state *cli, TALLOC_CTX *mem_ctx, + uint32 request, uint32 *response) +{ + prs_struct qbuf, rbuf; + ECHO_Q_ADD_ONE q; + ECHO_R_ADD_ONE r; + BOOL result = False; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_echo_q_add_one(&q, request); + + if (!echo_io_q_add_one("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, ECHO_ADD_ONE, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!echo_io_r_add_one("", &r, &rbuf, 0)) + goto done; + + if (response) + *response = r.response; + + result = True; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS cli_echo_data(struct cli_state *cli, TALLOC_CTX *mem_ctx, + uint32 size, char *in_data, char **out_data) +{ + prs_struct qbuf, rbuf; + ECHO_Q_ECHO_DATA q; + ECHO_R_ECHO_DATA r; + BOOL result = False; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_echo_q_echo_data(&q, size, in_data); + + if (!echo_io_q_echo_data("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, ECHO_DATA, &qbuf, &rbuf)) + goto done; + + /* Unmarshall response */ + + if (!echo_io_r_echo_data("", &r, &rbuf, 0)) + goto done; + + result = True; + + if (out_data) { + *out_data = talloc(mem_ctx, size); + memcpy(*out_data, r.data, size); + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS cli_echo_sink_data(struct cli_state *cli, TALLOC_CTX *mem_ctx, + uint32 size, char *in_data) +{ + prs_struct qbuf, rbuf; + ECHO_Q_SINK_DATA q; + ECHO_R_SINK_DATA r; + BOOL result = False; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_echo_q_sink_data(&q, size, in_data); + + if (!echo_io_q_sink_data("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, ECHO_SINK_DATA, &qbuf, &rbuf)) { + goto done; + } + + /* Unmarshall response */ + + if (!echo_io_r_sink_data("", &r, &rbuf, 0)) { + goto done; + } + + result = True; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS cli_echo_source_data(struct cli_state *cli, TALLOC_CTX *mem_ctx, + uint32 size, char **out_data) +{ + prs_struct qbuf, rbuf; + ECHO_Q_SOURCE_DATA q; + ECHO_R_SOURCE_DATA r; + BOOL result = False; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_echo_q_source_data(&q, size); + + if (!echo_io_q_source_data("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, ECHO_SOURCE_DATA, &qbuf, &rbuf)) { + goto done; + } + + /* Unmarshall response */ + + if (!echo_io_r_source_data("", &r, &rbuf, 0)) { + goto done; + } + + result = True; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} diff --git a/source3/rpc_parse/parse_echo.c b/source3/rpc_parse/parse_echo.c new file mode 100644 index 0000000000..67f9ad772e --- /dev/null +++ b/source3/rpc_parse/parse_echo.c @@ -0,0 +1,166 @@ +/* + * Unix SMB/CIFS implementation. + * + * RPC Pipe client / server routines + * + * Copyright (C) Tim Potter 2003 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" +#include "nterr.h" +#include "rpc_parse.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + +void init_echo_q_add_one(ECHO_Q_ADD_ONE *q_d, uint32 request) +{ + q_d->request = request; +} + +BOOL echo_io_q_add_one(const char *desc, ECHO_Q_ADD_ONE *q_d, + prs_struct *ps, int depth) +{ + if (!prs_uint32("request", ps, 0, &q_d->request)) + return False; + + return True; +} + +BOOL echo_io_r_add_one(const char *desc, ECHO_R_ADD_ONE *q_d, + prs_struct *ps, int depth) +{ + if (!prs_uint32("response", ps, 0, &q_d->response)) + return False; + + return True; +} + + +void init_echo_q_echo_data(ECHO_Q_ECHO_DATA *q_d, uint32 size, char *data) +{ + q_d->size = size; + q_d->data = data; +} + +BOOL echo_io_q_echo_data(const char *desc, ECHO_Q_ECHO_DATA *q_d, + prs_struct *ps, int depth) +{ + if (!prs_uint32("size", ps, depth, &q_d->size)) + return False; + + if (!prs_uint32("size", ps, depth, &q_d->size)) + return False; + + if (UNMARSHALLING(ps)) { + q_d->data = prs_alloc_mem(ps, q_d->size); + + if (!q_d->data) + return False; + } + + if (!prs_uint8s(False, "data", ps, depth, q_d->data, q_d->size)) + return False; + + return True; +} + +BOOL echo_io_r_echo_data(const char *desc, ECHO_R_ECHO_DATA *q_d, + prs_struct *ps, int depth) +{ + if (!prs_uint32("size", ps, 0, &q_d->size)) + return False; + + if (UNMARSHALLING(ps)) { + q_d->data = prs_alloc_mem(ps, q_d->size); + + if (!q_d->data) + return False; + } + + if (!prs_uint8s(False, "data", ps, depth, q_d->data, q_d->size)) + return False; + + return True; +} + +void init_echo_q_sink_data(ECHO_Q_SINK_DATA *q_d, uint32 size, char *data) +{ + q_d->size = size; + q_d->data = data; +} + +BOOL echo_io_q_sink_data(const char *desc, ECHO_Q_SINK_DATA *q_d, + prs_struct *ps, int depth) +{ + if (!prs_uint32("size", ps, depth, &q_d->size)) + return False; + + if (!prs_uint32("size", ps, depth, &q_d->size)) + return False; + + if (UNMARSHALLING(ps)) { + q_d->data = prs_alloc_mem(ps, q_d->size); + + if (!q_d->data) + return False; + } + + if (!prs_uint8s(False, "data", ps, depth, q_d->data, q_d->size)) + return False; + + return True; +} + +BOOL echo_io_r_sink_data(const char *desc, ECHO_R_SINK_DATA *q_d, + prs_struct *ps, int depth) +{ + return True; +} + +void init_echo_q_source_data(ECHO_Q_SOURCE_DATA *q_d, uint32 size) +{ + q_d->size = size; +} + +BOOL echo_io_q_source_data(const char *desc, ECHO_Q_SOURCE_DATA *q_d, + prs_struct *ps, int depth) +{ + if (!prs_uint32("size", ps, depth, &q_d->size)) + return False; + + return True; +} + +BOOL echo_io_r_source_data(const char *desc, ECHO_R_SOURCE_DATA *q_d, + prs_struct *ps, int depth) +{ + if (!prs_uint32("size", ps, 0, &q_d->size)) + return False; + + if (UNMARSHALLING(ps)) { + q_d->data = prs_alloc_mem(ps, q_d->size); + + if (!q_d->data) + return False; + } + + if (!prs_uint8s(False, "data", ps, depth, q_d->data, q_d->size)) + return False; + + return True; +} diff --git a/source3/rpc_server/srv_echo.c b/source3/rpc_server/srv_echo.c new file mode 100644 index 0000000000..dcd8dd0c53 --- /dev/null +++ b/source3/rpc_server/srv_echo.c @@ -0,0 +1,137 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines for rpcecho + * Copyright (C) Tim Potter 2003. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the interface to the rpcecho pipe. */ + +#include "includes.h" +#include "nterr.h" + +#ifdef DEVELOPER + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +static BOOL api_add_one(pipes_struct *p) +{ + ECHO_Q_ADD_ONE q_u; + ECHO_R_ADD_ONE r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!echo_io_q_add_one("", &q_u, data, 0)) + return False; + + _echo_add_one(p, &q_u, &r_u); + + if(!echo_io_r_add_one("", &r_u, rdata, 0)) + return False; + + return True; +} + +static BOOL api_echo_data(pipes_struct *p) +{ + ECHO_Q_ECHO_DATA q_u; + ECHO_R_ECHO_DATA r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!echo_io_q_echo_data("", &q_u, data, 0)) + return False; + + _echo_data(p, &q_u, &r_u); + + if(!echo_io_r_echo_data("", &r_u, rdata, 0)) + return False; + + return True; +} + +static BOOL api_source_data(pipes_struct *p) +{ + ECHO_Q_SOURCE_DATA q_u; + ECHO_R_SOURCE_DATA r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!echo_io_q_source_data("", &q_u, data, 0)) + return False; + + _source_data(p, &q_u, &r_u); + + if(!echo_io_r_source_data("", &r_u, rdata, 0)) + return False; + + return True; +} + +static BOOL api_sink_data(pipes_struct *p) +{ + ECHO_Q_SINK_DATA q_u; + ECHO_R_SINK_DATA r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!echo_io_q_sink_data("", &q_u, data, 0)) + return False; + + _sink_data(p, &q_u, &r_u); + + if(!echo_io_r_sink_data("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* +\pipe\rpcecho commands +********************************************************************/ + +int rpc_echo_init(void) +{ + struct api_struct api_echo_cmds[] = { + {"ADD_ONE", ECHO_ADD_ONE, api_add_one }, + {"ECHO_DATA", ECHO_DATA, api_echo_data }, + {"SOURCE_DATA", ECHO_SOURCE_DATA, api_source_data }, + {"SINK_DATA", ECHO_SINK_DATA, api_sink_data }, + }; + + return rpc_pipe_register_commands( + "rpcecho", "rpcecho", api_echo_cmds, + sizeof(api_echo_cmds) / sizeof(struct api_struct)); +} + +#endif /* DEVELOPER */ diff --git a/source3/rpc_server/srv_echo_nt.c b/source3/rpc_server/srv_echo_nt.c new file mode 100644 index 0000000000..ddb76b3a21 --- /dev/null +++ b/source3/rpc_server/srv_echo_nt.c @@ -0,0 +1,78 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines for rpcecho + * Copyright (C) Tim Potter 2003. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the interface to the rpcecho pipe. */ + +#include "includes.h" +#include "nterr.h" + +#ifdef DEVELOPER + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/* Add one to the input and return it */ + +void _echo_add_one(pipes_struct *p, ECHO_Q_ADD_ONE *q_u, ECHO_R_ADD_ONE *r_u) +{ + DEBUG(10, ("_echo_add_one\n")); + + r_u->response = q_u->request + 1; +} + +/* Echo back an array of data */ + +void _echo_data(pipes_struct *p, ECHO_Q_ECHO_DATA *q_u, + ECHO_R_ECHO_DATA *r_u) +{ + DEBUG(10, ("_echo_data\n")); + + r_u->data = talloc(p->mem_ctx, q_u->size); + r_u->size = q_u->size; + memcpy(r_u->data, q_u->data, q_u->size); +} + +/* Sink an array of data */ + +void _sink_data(pipes_struct *p, ECHO_Q_SINK_DATA *q_u, + ECHO_R_SINK_DATA *r_u) +{ + DEBUG(10, ("_sink_data\n")); + + /* My that was some yummy data! */ +} + +/* Source an array of data */ + +void _source_data(pipes_struct *p, ECHO_Q_SOURCE_DATA *q_u, + ECHO_R_SOURCE_DATA *r_u) +{ + uint32 i; + + DEBUG(10, ("_source_data\n")); + + r_u->data = talloc(p->mem_ctx, q_u->size); + r_u->size = q_u->size; + + for (i = 0; i < r_u->size; i++) + r_u->data[i] = i & 0xff; +} + +#endif /* DEVELOPER */ diff --git a/source3/rpcclient/cmd_echo.c b/source3/rpcclient/cmd_echo.c new file mode 100644 index 0000000000..79ba744a55 --- /dev/null +++ b/source3/rpcclient/cmd_echo.c @@ -0,0 +1,157 @@ +/* + Unix SMB/CIFS implementation. + RPC pipe client + + Copyright (C) Tim Potter 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "rpcclient.h" + +static NTSTATUS cmd_echo_add_one(struct cli_state *cli, TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + uint32 request = 1, response; + NTSTATUS result; + + if (argc > 2) { + printf("Usage: %s [num]\n", argv[0]); + return NT_STATUS_OK; + } + + if (argc == 2) + request = atoi(argv[1]); + + result = cli_echo_add_one(cli, mem_ctx, request, &response); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + printf("%d + 1 = %d\n", request, response); + +done: + return result; +} + +static NTSTATUS cmd_echo_data(struct cli_state *cli, TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + uint32 size, i; + NTSTATUS result; + char *in_data = NULL, *out_data = NULL; + + if (argc != 2) { + printf("Usage: %s num\n", argv[0]); + return NT_STATUS_OK; + } + + size = atoi(argv[1]); + in_data = malloc(size); + + for (i = 0; i < size; i++) + in_data[i] = i & 0xff; + + result = cli_echo_data(cli, mem_ctx, size, in_data, &out_data); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + for (i = 0; i < size; i++) { + if (in_data[i] != out_data[i]) { + printf("mismatch at offset %d, %d != %d\n", + i, in_data[i], out_data[i]); + } + } + +done: + SAFE_FREE(in_data); + + return result; +} + +static NTSTATUS cmd_echo_source_data(struct cli_state *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + uint32 size, i; + NTSTATUS result; + char *out_data = NULL; + + if (argc != 2) { + printf("Usage: %s num\n", argv[0]); + return NT_STATUS_OK; + } + + size = atoi(argv[1]); + + result = cli_echo_source_data(cli, mem_ctx, size, &out_data); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + for (i = 0; i < size; i++) { + if (out_data && out_data[i] != (i & 0xff)) { + printf("mismatch at offset %d, %d != %d\n", + i, out_data[i], i & 0xff); + } + } + +done: + return result; +} + +static NTSTATUS cmd_echo_sink_data(struct cli_state *cli, TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + uint32 size, i; + NTSTATUS result; + char *in_data = NULL; + + if (argc != 2) { + printf("Usage: %s num\n", argv[0]); + return NT_STATUS_OK; + } + + size = atoi(argv[1]); + in_data = malloc(size); + + for (i = 0; i < size; i++) + in_data[i] = i & 0xff; + + result = cli_echo_sink_data(cli, mem_ctx, size, in_data); + + if (!NT_STATUS_IS_OK(result)) + goto done; + +done: + SAFE_FREE(in_data); + + return result; +} + +/* List of commands exported by this module */ + +struct cmd_set echo_commands[] = { + + { "ECHO" }, + + { "echoaddone", RPC_RTYPE_NTSTATUS, cmd_echo_add_one, NULL, PI_ECHO, "Add one to a number", "" }, + { "echodata", RPC_RTYPE_NTSTATUS, cmd_echo_data, NULL, PI_ECHO, "Echo data", "" }, + { "sinkdata", RPC_RTYPE_NTSTATUS, cmd_echo_sink_data, NULL, PI_ECHO, "Sink data", "" }, + { "sourcedata", RPC_RTYPE_NTSTATUS, cmd_echo_source_data, NULL, PI_ECHO, "Source data", "" }, + { NULL } +}; diff --git a/source3/stf/smbcontrol.py b/source3/stf/smbcontrol.py new file mode 100755 index 0000000000..30c331819c --- /dev/null +++ b/source3/stf/smbcontrol.py @@ -0,0 +1,238 @@ +#!/usr/bin/python +# +# Test for smbcontrol command line argument handling. +# + +import comfychair + +class NoArgs(comfychair.TestCase): + """Test no arguments produces usage message.""" + def runtest(self): + out = self.runcmd("smbcontrol", expectedResult = 1) + self.assert_re_match("Usage: smbcontrol", out[1]) + +class OneArg(comfychair.TestCase): + """Test single argument produces usage message.""" + def runtest(self): + out = self.runcmd("smbcontrol foo", expectedResult = 1) + self.assert_re_match("Usage: smbcontrol", out[1]) + +class SmbdDest(comfychair.TestCase): + """Test the broadcast destination 'smbd'.""" + def runtest(self): + out = self.runcmd("smbcontrol smbd noop") + +class NmbdDest(comfychair.TestCase): + """Test the destination 'nmbd'.""" + def runtest(self): + # We need a way to start/stop/whatever nmbd + raise comfychair.NotRunError, "not implemented" + +class PidDest(comfychair.TestCase): + """Test a pid number destination'.""" + def runtest(self): + out = self.runcmd("smbcontrol 1234 noop") + +class SelfDest(comfychair.TestCase): + """Test the destination 'self'.""" + def runtest(self): + out = self.runcmd("smbcontrol self noop") + +class WinbinddDest(comfychair.TestCase): + """Test the destination 'winbindd'.""" + def runtest(self): + # We need a way to start/stop/whatever winbindd + raise comfychair.NotRunError, "not implemented" + +class BadDest(comfychair.TestCase): + """Test a bad destination.""" + def runtest(self): + out = self.runcmd("smbcontrol foo noop", expectedResult = 1) + +class BadCmd(comfychair.TestCase): + """Test a bad command.""" + def runtest(self): + out = self.runcmd("smbcontrol self spottyfoot", expectedResult = 1) + self.assert_re_match("smbcontrol: unknown command", out[1]); + +class NoArgCmdTest(comfychair.TestCase): + """A test class that tests a command with no argument.""" + def runtest(self): + self.require_root() + out = self.runcmd("smbcontrol self %s" % self.cmd) + out = self.runcmd("smbcontrol self %s spottyfoot" % self.cmd, + expectedResult = 1) + +class ForceElection(NoArgCmdTest): + """Test a force-election message.""" + def setup(self): + self.cmd = "force-election" + +class SamSync(NoArgCmdTest): + """Test a samsync message.""" + def setup(self): + self.cmd = "samsync" + +class SamRepl(NoArgCmdTest): + """Test a samrepl message.""" + def setup(self): + self.cmd = "samrepl" + +class DmallocChanged(NoArgCmdTest): + """Test a dmalloc-changed message.""" + def setup(self): + self.cmd = "dmalloc-log-changed" + +class DmallocMark(NoArgCmdTest): + """Test a dmalloc-mark message.""" + def setup(self): + self.cmd = "dmalloc-mark" + +class Shutdown(NoArgCmdTest): + """Test a shutdown message.""" + def setup(self): + self.cmd = "shutdown" + +class Ping(NoArgCmdTest): + """Test a ping message.""" + def setup(self): + self.cmd = "ping" + +class Debuglevel(NoArgCmdTest): + """Test a debuglevel message.""" + def setup(self): + self.cmd = "debuglevel" + +class OneArgCmdTest(comfychair.TestCase): + """A test class that tests a command with one argument.""" + def runtest(self): + self.require_root() + out = self.runcmd("smbcontrol self %s spottyfoot" % self.cmd) + out = self.runcmd("smbcontrol self %s" % self.cmd, expectedResult = 1) + +class DrvUpgrade(OneArgCmdTest): + """Test driver upgrade message.""" + def setup(self): + self.cmd = "drvupgrade" + +class CloseShare(OneArgCmdTest): + """Test close share message.""" + def setup(self): + self.cmd = "close-share" + +class Debug(OneArgCmdTest): + """Test a debug message.""" + def setup(self): + self.cmd = "debug" + +class PrintNotify(comfychair.TestCase): + """Test print notification commands.""" + def runtest(self): + + # No subcommand + + out = self.runcmd("smbcontrol self printnotify", expectedResult = 1) + self.assert_re_match("Must specify subcommand", out[1]); + + # Invalid subcommand name + + out = self.runcmd("smbcontrol self printnotify spottyfoot", + expectedResult = 1) + self.assert_re_match("Invalid subcommand", out[1]); + + # Queue commands + + for cmd in ["queuepause", "queueresume"]: + + out = self.runcmd("smbcontrol self printnotify %s" % cmd, + expectedResult = 1) + self.assert_re_match("Usage:", out[1]) + + out = self.runcmd("smbcontrol self printnotify %s spottyfoot" + % cmd) + + # Job commands + + for cmd in ["jobpause", "jobresume", "jobdelete"]: + + out = self.runcmd("smbcontrol self printnotify %s" % cmd, + expectedResult = 1) + self.assert_re_match("Usage:", out[1]) + + out = self.runcmd("smbcontrol self printnotify %s spottyfoot" + % cmd, expectedResult = 1) + self.assert_re_match("Usage:", out[1]) + + out = self.runcmd("smbcontrol self printnotify %s spottyfoot 123" + % cmd) + + # Printer properties + + out = self.runcmd("smbcontrol self printnotify printer", + expectedResult = 1) + self.assert_re_match("Usage", out[1]) + + out = self.runcmd("smbcontrol self printnotify printer spottyfoot", + expectedResult = 1) + self.assert_re_match("Usage", out[1]) + + for cmd in ["comment", "port", "driver"]: + + out = self.runcmd("smbcontrol self printnotify printer spottyfoot " + "%s" % cmd, expectedResult = 1) + self.assert_re_match("Usage", out[1]) + + out = self.runcmd("smbcontrol self printnotify printer spottyfoot " + "%s value" % cmd) + +class Profile(comfychair.TestCase): + """Test setting the profiling level.""" + def runtest(self): + self.require_root() + out = self.runcmd("smbcontrol self profile", expectedResult = 1) + self.assert_re_match("Usage", out[1]) + + out = self.runcmd("smbcontrol self profile spottyfoot", + expectedResult = 1) + self.assert_re_match("Unknown", out[1]) + + for cmd in ["off", "count", "on", "flush"]: + out = self.runcmd("smbcontrol self profile %s" % cmd) + +class ProfileLevel(comfychair.TestCase): + """Test requesting the current profiling level.""" + def runtest(self): + self.require_root() + out = self.runcmd("smbcontrol self profilelevel spottyfoot", + expectedResult = 1) + self.assert_re_match("Usage", out[1]) + + out = self.runcmd("smbcontrol self profilelevel") + +class TimeoutArg(comfychair.TestCase): + """Test the --timeout argument.""" + def runtest(self): + out = self.runcmd("smbcontrol --timeout 5 self noop") + out = self.runcmd("smbcontrol --timeout spottyfoot self noop", + expectedResult = 1) + +class ConfigFileArg(comfychair.TestCase): + """Test the --configfile argument.""" + def runtest(self): + out = self.runcmd("smbcontrol --configfile /dev/null self noop") + +class BogusArg(comfychair.TestCase): + """Test a bogus command line argument.""" + def runtest(self): + out = self.runcmd("smbcontrol --bogus self noop", expectedResult = 1) + +tests = [NoArgs, OneArg, SmbdDest, NmbdDest, WinbinddDest, PidDest, + SelfDest, BadDest, BadCmd, Debug, ForceElection, SamSync, + SamRepl, DmallocMark, DmallocChanged, Shutdown, DrvUpgrade, + CloseShare, Ping, Debuglevel, PrintNotify, Profile, ProfileLevel, + TimeoutArg, ConfigFileArg, BogusArg] + +# Handle execution of this file as a main program + +if __name__ == '__main__': + comfychair.main(tests) diff --git a/source3/stf/unicodenames.py b/source3/stf/unicodenames.py new file mode 100644 index 0000000000..d4100cb7f9 --- /dev/null +++ b/source3/stf/unicodenames.py @@ -0,0 +1,33 @@ +#! /usr/bin/python + +# Copyright (C) 2003 by Martin Pool <mbp@samba.org> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA + + +""" +Defines symbolic names for a few UNICODE characters, to make test +source code more readable on machines that don't have all the +necessary fonts. + +You can do "import *" on this file safely. +""" + +LATIN_CAPITAL_LETTER_N_WITH_TILDE = u'\u004e' +LATIN_CAPITAL_LETTER_O_WITH_DIARESIS = u'\u00d6' +LATIN_SMALL_LETTER_O_WITH_DIARESIS = u'\u00f6' + +KATAKANA_LETTER_A = u'\u30a2' diff --git a/source3/torture/t_push_ucs2.c b/source3/torture/t_push_ucs2.c new file mode 100644 index 0000000000..8bfc6f7ad9 --- /dev/null +++ b/source3/torture/t_push_ucs2.c @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2003 by Martin Pool + * Copyright (C) 2003 by Andrew Bartlett + * + * Test harness for push_ucs2 + */ + +#include "includes.h" + +static int check_push_ucs2(const char *orig) +{ + smb_ucs2_t *dest = NULL; + char *orig2 = NULL; + int ret; + + push_ucs2_allocate(&dest, orig); + pull_ucs2_allocate(&orig2, dest); + ret = strcmp(orig, orig2); + if (ret) { + fprintf(stderr, "orig: %s\n", orig); + fprintf(stderr, "orig (UNIX -> UCS2 -> UNIX): %s\n", orig2); + } + + SAFE_FREE(dest); + SAFE_FREE(orig2); + + return ret; +} + +int main(int argc, char *argv[]) +{ + int i, ret = 0; + int count = 1; + + /* Needed to initialize character set */ + lp_load("/dev/null", True, False, False); + + if (argc < 2) { + fprintf(stderr, "usage: %s STRING1 [COUNT]\n" + "Checks that a string translated UNIX->UCS2->UNIX is unchanged\n" + "Should be always 0\n", + argv[0]); + return 2; + } + if (argc >= 3) + count = atoi(argv[2]); + + for (i = 0; ((i < count) && (!ret)); i++) + ret = check_push_ucs2(argv[1]); + + printf("%d\n", ret); + + return 0; +} diff --git a/source3/torture/t_strcmp.c b/source3/torture/t_strcmp.c new file mode 100644 index 0000000000..bc8640ee55 --- /dev/null +++ b/source3/torture/t_strcmp.c @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2003 by Martin Pool + * + * Test harness for StrCaseCmp + */ + +#include "includes.h" + +int main(int argc, char *argv[]) +{ + int i, ret; + int iters = 1; + + /* Needed to initialize character set */ + lp_load("/dev/null", True, False, False); + + if (argc < 3) { + fprintf(stderr, "usage: %s STRING1 STRING2 [ITERS]\n" + "Compares two strings, prints the results of StrCaseCmp\n", + argv[0]); + return 2; + } + if (argc >= 4) + iters = atoi(argv[3]); + + for (i = 0; i < iters; i++) + ret = StrCaseCmp(argv[1], argv[2]); + + printf("%d\n", ret); + + return 0; +} diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c new file mode 100644 index 0000000000..c5d0aa869b --- /dev/null +++ b/source3/utils/smbcquotas.c @@ -0,0 +1,545 @@ +/* + Unix SMB/CIFS implementation. + QUOTA get/set utility + + Copyright (C) Andrew Tridgell 2000 + Copyright (C) Tim Potter 2000 + Copyright (C) Jeremy Allison 2000 + Copyright (C) Stefan (metze) Metzmacher 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +static pstring server; + +/* numeric is set when the user wants numeric SIDs and ACEs rather + than going via LSA calls to resolve them */ +static BOOL numeric; +static BOOL verbose; + +enum todo_values {NOOP_QUOTA=0,FS_QUOTA,USER_QUOTA,LIST_QUOTA,SET_QUOTA}; +enum exit_values {EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR}; + +static struct cli_state *cli_ipc = NULL; +static POLICY_HND pol; +static BOOL got_policy_hnd; + +static struct cli_state *connect_one(const char *share); + +/* Open cli connection and policy handle */ + +static BOOL cli_open_policy_hnd(void) +{ + /* Initialise cli LSA connection */ + + if (!cli_ipc) { + cli_ipc = connect_one("IPC$"); + if (!cli_nt_session_open (cli_ipc, PI_LSARPC)) { + return False; + } + } + + /* Open policy handle */ + + if (!got_policy_hnd) { + + /* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED, + but NT sends 0x2000000 so we might as well do it too. */ + + if (!NT_STATUS_IS_OK(cli_lsa_open_policy(cli_ipc, cli_ipc->mem_ctx, True, + GENERIC_EXECUTE_ACCESS, &pol))) { + return False; + } + + got_policy_hnd = True; + } + + return True; +} + +/* convert a SID to a string, either numeric or username/group */ +static void SidToString(fstring str, DOM_SID *sid, BOOL _numeric) +{ + char **domains = NULL; + char **names = NULL; + uint32 *types = NULL; + + sid_to_string(str, sid); + + if (_numeric) return; + + /* Ask LSA to convert the sid to a name */ + + if (!cli_open_policy_hnd() || + !NT_STATUS_IS_OK(cli_lsa_lookup_sids(cli_ipc, cli_ipc->mem_ctx, + &pol, 1, sid, &domains, + &names, &types)) || + !domains || !domains[0] || !names || !names[0]) { + return; + } + + /* Converted OK */ + + slprintf(str, sizeof(fstring) - 1, "%s%s%s", + domains[0], lp_winbind_separator(), + names[0]); + +} + +/* convert a string to a SID, either numeric or username/group */ +static BOOL StringToSid(DOM_SID *sid, const char *str) +{ + uint32 *types = NULL; + DOM_SID *sids = NULL; + BOOL result = True; + + if (strncmp(str, "S-", 2) == 0) { + return string_to_sid(sid, str); + } + + if (!cli_open_policy_hnd() || + !NT_STATUS_IS_OK(cli_lsa_lookup_names(cli_ipc, cli_ipc->mem_ctx, + &pol, 1, &str, &sids, + &types))) { + result = False; + goto done; + } + + sid_copy(sid, &sids[0]); + done: + + return result; +} + +#define QUOTA_GET 1 +#define QUOTA_SETLIM 2 +#define QUOTA_SETFLAGS 3 +#define QUOTA_LIST 4 + +enum {PARSE_FLAGS,PARSE_LIM}; + +static int parse_quota_set(pstring set_str, pstring username_str, enum SMB_QUOTA_TYPE *qtype, int *cmd, SMB_NTQUOTA_STRUCT *pqt) +{ + char *p = set_str,*p2; + int todo; + BOOL stop = False; + BOOL enable = False; + BOOL deny = False; + + if (strncasecmp(set_str,"UQLIM:",6)==0) { + p += 6; + *qtype = SMB_USER_QUOTA_TYPE; + *cmd = QUOTA_SETLIM; + todo = PARSE_LIM; + if ((p2=strstr(p,":"))==NULL) { + return -1; + } + + *p2 = '\0'; + p2++; + + fstrcpy(username_str,p); + p = p2; + } else if (strncasecmp(set_str,"FSQLIM:",7)==0) { + p +=7; + *qtype = SMB_USER_FS_QUOTA_TYPE; + *cmd = QUOTA_SETLIM; + todo = PARSE_LIM; + } else if (strncasecmp(set_str,"FSQFLAGS:",9)==0) { + p +=9; + todo = PARSE_FLAGS; + *qtype = SMB_USER_FS_QUOTA_TYPE; + *cmd = QUOTA_SETFLAGS; + } else { + return -1; + } + + switch (todo) { + case PARSE_LIM: +#if defined(HAVE_LONGLONG) + if (sscanf(p,"%llu/%llu",&pqt->softlim,&pqt->hardlim)!=2) { +#else + if (sscanf(p,"%lu/%lu",&pqt->softlim,&pqt->hardlim)!=2) { +#endif + return -1; + } + + break; + case PARSE_FLAGS: + while (!stop) { + + if ((p2=strstr(p,"/"))==NULL) { + stop = True; + } else { + *p2 = '\0'; + p2++; + } + + if (strncasecmp(p,"QUOTA_ENABLED",13)==0) { + enable = True; + } else if (strncasecmp(p,"DENY_DISK",9)==0) { + deny = True; + } else if (strncasecmp(p,"LOG_SOFTLIMIT",13)==0) { + pqt->qflags |= QUOTAS_LOG_THRESHOLD; + } else if (strncasecmp(p,"LOG_HARDLIMIT",13)==0) { + pqt->qflags |= QUOTAS_LOG_LIMIT; + } else { + return -1; + } + + p=p2; + } + + if (deny) { + pqt->qflags |= QUOTAS_DENY_DISK; + } else if (enable) { + pqt->qflags |= QUOTAS_ENABLED; + } + + break; + } + + return 0; +} + +static int do_quota(struct cli_state *cli, enum SMB_QUOTA_TYPE qtype, uint16 cmd, pstring username_str, SMB_NTQUOTA_STRUCT *pqt) +{ + uint32 fs_attrs = 0; + int quota_fnum = 0; + SMB_NTQUOTA_LIST *qtl = NULL; + SMB_NTQUOTA_STRUCT qt; + ZERO_STRUCT(qt); + + if (!cli_get_fs_attr_info(cli, &fs_attrs)) { + d_printf("Failed to get the filesystem attributes %s.\n", + cli_errstr(cli)); + return -1; + } + + if (!(fs_attrs & FILE_VOLUME_QUOTAS)) { + d_printf("Quotas are not supported by the server.\n"); + return 0; + } + + if (!cli_get_quota_handle(cli, "a_fnum)) { + d_printf("Failed to open \\%s %s.\n", + FAKE_FILE_NAME_QUOTA,cli_errstr(cli)); + return -1; + } + + switch(qtype) { + case SMB_USER_QUOTA_TYPE: + if (!StringToSid(&qt.sid, username_str)) { + d_printf("StringToSid() failed for [%s]\n",username_str); + return -1; + } + + switch(cmd) { + case QUOTA_GET: + if (!cli_get_user_quota(cli, quota_fnum, &qt)) { + d_printf("%s cli_get_user_quota %s\n", + cli_errstr(cli),username_str); + return -1; + } + dump_ntquota(&qt,verbose,numeric,SidToString); + break; + case QUOTA_SETLIM: + pqt->sid = qt.sid; + if (!cli_set_user_quota(cli, quota_fnum, pqt)) { + d_printf("%s cli_set_user_quota %s\n", + cli_errstr(cli),username_str); + return -1; + } + if (!cli_get_user_quota(cli, quota_fnum, &qt)) { + d_printf("%s cli_get_user_quota %s\n", + cli_errstr(cli),username_str); + return -1; + } + dump_ntquota(&qt,verbose,numeric,SidToString); + break; + case QUOTA_LIST: + if (!cli_list_user_quota(cli, quota_fnum, &qtl)) { + d_printf("%s cli_set_user_quota %s\n", + cli_errstr(cli),username_str); + return -1; + } + dump_ntquota_list(&qtl,verbose,numeric,SidToString); + free_ntquota_list(&qtl); + break; + default: + d_printf("Unknown Error\n"); + return -1; + } + break; + case SMB_USER_FS_QUOTA_TYPE: + switch(cmd) { + case QUOTA_GET: + if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) { + d_printf("%s cli_get_fs_quota_info\n", + cli_errstr(cli)); + return -1; + } + dump_ntquota(&qt,True,numeric,NULL); + break; + case QUOTA_SETLIM: + if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) { + d_printf("%s cli_get_fs_quota_info\n", + cli_errstr(cli)); + return -1; + } + qt.softlim = pqt->softlim; + qt.hardlim = pqt->hardlim; + if (!cli_set_fs_quota_info(cli, quota_fnum, &qt)) { + d_printf("%s cli_set_fs_quota_info\n", + cli_errstr(cli)); + return -1; + } + if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) { + d_printf("%s cli_get_fs_quota_info\n", + cli_errstr(cli)); + return -1; + } + dump_ntquota(&qt,True,numeric,NULL); + break; + case QUOTA_SETFLAGS: + if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) { + d_printf("%s cli_get_fs_quota_info\n", + cli_errstr(cli)); + return -1; + } + qt.qflags = pqt->qflags; + if (!cli_set_fs_quota_info(cli, quota_fnum, &qt)) { + d_printf("%s cli_set_fs_quota_info\n", + cli_errstr(cli)); + return -1; + } + if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) { + d_printf("%s cli_get_fs_quota_info\n", + cli_errstr(cli)); + return -1; + } + dump_ntquota(&qt,True,numeric,NULL); + break; + default: + d_printf("Unknown Error\n"); + return -1; + } + break; + default: + d_printf("Unknown Error\n"); + return -1; + } + + cli_close(cli, quota_fnum); + + return 0; +} + +/***************************************************** +return a connection to a server +*******************************************************/ +static struct cli_state *connect_one(const char *share) +{ + struct cli_state *c; + struct in_addr ip; + NTSTATUS nt_status; + zero_ip(&ip); + + if (!cmdline_auth_info.got_pass) { + char *pass = getpass("Password: "); + if (pass) { + pstrcpy(cmdline_auth_info.password, pass); + cmdline_auth_info.got_pass = True; + } + } + + if (NT_STATUS_IS_OK(nt_status = cli_full_connection(&c, global_myname(), server, + &ip, 0, + share, "?????", + cmdline_auth_info.username, lp_workgroup(), + cmdline_auth_info.password, 0, NULL))) { + return c; + } else { + DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); + return NULL; + } +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc, const char *argv[]) +{ + char *share; + int opt; + int result; + int todo = 0; + pstring username_str = {0}; + pstring path = {0}; + pstring set_str = {0}; + enum SMB_QUOTA_TYPE qtype; + int cmd = 0; + BOOL test_args = False; + struct cli_state *cli; + BOOL fix_user = False; + SMB_NTQUOTA_STRUCT qt; + poptContext pc; + struct poptOption long_options[] = { + POPT_AUTOHELP + { "user", 'u', POPT_ARG_STRING, NULL, 'u', "Show quotas for user", "user" }, + { "list", 'L', POPT_ARG_NONE, NULL, 'L', "List user quotas" }, + { "fs", 'F', POPT_ARG_NONE, NULL, 'F', "Show filesystem quotas" }, + { "set", 'S', POPT_ARG_STRING, NULL, 'S', "Set acls\n\ +SETSTRING:\n\ +UQLIM:<username>/<softlimit>/<hardlimit> for user quotas\n\ +FSQLIM:<softlimit>/<hardlimit> for filesystem defaults\n\ +FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" }, + { "numeric", 'n', POPT_ARG_NONE, &numeric, True, "Don't resolve sids or limits to names" }, + { "verbose", 'v', POPT_ARG_NONE, &verbose, True, "be verbose" }, + { "test-args", 't', POPT_ARG_NONE, &test_args, True, "Test arguments"}, + POPT_COMMON_SAMBA + POPT_COMMON_CREDENTIALS + { NULL } + }; + + ZERO_STRUCT(qt); + + setlinebuf(stdout); + + dbf = x_stderr; + + fault_setup(NULL); + + setup_logging(argv[0],True); + + + lp_load(dyn_CONFIGFILE,True,False,False); + load_interfaces(); + + pc = poptGetContext("smbcquotas", argc, argv, long_options, 0); + + poptSetOtherOptionHelp(pc, "//server1/share1"); + + while ((opt = poptGetNextOpt(pc)) != -1) { + switch (opt) { + case 'L': + if (todo != 0) { + d_printf("Please specify only one option of <-L|-F|-S|-u>\n"); + exit(EXIT_PARSE_ERROR); + } + todo = LIST_QUOTA; + break; + + case 'F': + if (todo != 0) { + d_printf("Please specify only one option of <-L|-F|-S|-u>\n"); + exit(EXIT_PARSE_ERROR); + } + todo = FS_QUOTA; + break; + + case 'u': + if (todo != 0) { + d_printf("Please specify only one option of <-L|-F|-S|-u>\n"); + exit(EXIT_PARSE_ERROR); + } + pstrcpy(username_str,poptGetOptArg(pc)); + todo = USER_QUOTA; + fix_user = True; + break; + + case 'S': + if (todo != 0) { + d_printf("Please specify only one option of <-L|-F|-S|-u>\n"); + exit(EXIT_PARSE_ERROR); + } + pstrcpy(set_str,poptGetOptArg(pc)); + todo = SET_QUOTA; + break; + } + } + + if (todo == 0) + todo = USER_QUOTA; + + if (!fix_user) + pstrcpy(username_str,cmdline_auth_info.username); + + /* Make connection to server */ + if(!poptPeekArg(pc)) { + poptPrintUsage(pc, stderr, 0); + exit(EXIT_PARSE_ERROR); + } + + pstrcpy(path, poptGetArg(pc)); + + all_string_sub(path,"/","\\",0); + + pstrcpy(server,path+2); + share = strchr_m(server,'\\'); + if (!share) { + share = strchr_m(server,'/'); + if (!share) { + printf("Invalid argument: %s\n", share); + exit(EXIT_PARSE_ERROR); + } + } + + *share = 0; + share++; + + if (todo == SET_QUOTA) { + if (parse_quota_set(set_str, username_str, &qtype, &cmd, &qt)) { + printf("Invalid argument: -S %s\n", set_str); + exit(EXIT_PARSE_ERROR); + } + } + + if (!test_args) { + cli = connect_one(share); + if (!cli) { + exit(EXIT_FAILED); + } + } else { + exit(EXIT_OK); + } + + + /* Perform requested action */ + + switch (todo) { + case FS_QUOTA: + result = do_quota(cli,SMB_USER_FS_QUOTA_TYPE, QUOTA_GET, username_str, NULL); + break; + case LIST_QUOTA: + result = do_quota(cli,SMB_USER_QUOTA_TYPE, QUOTA_LIST, username_str, NULL); + break; + case USER_QUOTA: + result = do_quota(cli,SMB_USER_QUOTA_TYPE, QUOTA_GET, username_str, NULL); + break; + case SET_QUOTA: + result = do_quota(cli, qtype, cmd, username_str, &qt); + break; + default: + + result = EXIT_FAILED; + break; + } + + return result; +} + |