summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/docbook/projdoc/IntroSMB.sgml175
-rw-r--r--docs/docbook/projdoc/Problems.sgml276
-rw-r--r--docs/docbook/smbdotconf/README158
-rw-r--r--docs/docbook/smbdotconf/browse/browsable.xml9
-rw-r--r--docs/docbook/smbdotconf/browse/browseable.xml11
-rw-r--r--docs/docbook/smbdotconf/browse/browselist.xml14
-rw-r--r--docs/docbook/smbdotconf/browse/domainmaster.xml38
-rw-r--r--docs/docbook/smbdotconf/browse/enhancedbrowsing.xml27
-rw-r--r--docs/docbook/smbdotconf/browse/lmannounce.xml27
-rw-r--r--docs/docbook/smbdotconf/browse/lminterval.xml20
-rw-r--r--docs/docbook/smbdotconf/browse/localmaster.xml22
-rw-r--r--docs/docbook/smbdotconf/browse/oslevel.xml25
-rw-r--r--docs/docbook/smbdotconf/browse/preferedmaster.xml9
-rw-r--r--docs/docbook/smbdotconf/browse/preferredmaster.xml29
-rw-r--r--docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml21
-rw-r--r--docs/docbook/smbdotconf/filename/casesensitive.xml9
-rw-r--r--docs/docbook/smbdotconf/filename/casesignames.xml8
-rw-r--r--docs/docbook/smbdotconf/filename/defaultcase.xml11
-rw-r--r--docs/docbook/smbdotconf/filename/deletevetofiles.xml28
-rw-r--r--docs/docbook/smbdotconf/filename/hidedotfiles.xml10
-rw-r--r--docs/docbook/smbdotconf/filename/hidefiles.xml39
-rw-r--r--docs/docbook/smbdotconf/filename/hidespecialfiles.xml12
-rw-r--r--docs/docbook/smbdotconf/filename/hideunreadable.xml10
-rw-r--r--docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml12
-rw-r--r--docs/docbook/smbdotconf/filename/manglecase.xml9
-rw-r--r--docs/docbook/smbdotconf/filename/mangledmap.xml26
-rw-r--r--docs/docbook/smbdotconf/filename/manglednames.xml67
-rw-r--r--docs/docbook/smbdotconf/filename/mangledstack.xml27
-rw-r--r--docs/docbook/smbdotconf/filename/mangleprefix.xml16
-rw-r--r--docs/docbook/smbdotconf/filename/manglingchar.xml14
-rw-r--r--docs/docbook/smbdotconf/filename/manglingmethod.xml19
-rw-r--r--docs/docbook/smbdotconf/filename/maparchive.xml19
-rw-r--r--docs/docbook/smbdotconf/filename/maphidden.xml15
-rw-r--r--docs/docbook/smbdotconf/filename/mapsystem.xml15
-rw-r--r--docs/docbook/smbdotconf/filename/preservecase.xml14
-rw-r--r--docs/docbook/smbdotconf/filename/shortpreservecase.xml17
-rw-r--r--docs/docbook/smbdotconf/filename/statcache.xml13
-rw-r--r--docs/docbook/smbdotconf/filename/stripdot.xml12
-rw-r--r--docs/docbook/smbdotconf/filename/vetooplockfiles.xml25
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapadmindn.xml16
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapdeletedn.xml13
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapfilter.xml14
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml10
-rw-r--r--docs/docbook/smbdotconf/ldap/ldappasswdsync.xml35
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapport.xml19
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapserver.xml15
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapssl.xml39
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapsuffix.xml14
-rw-r--r--docs/docbook/smbdotconf/ldap/ldaptrustids.xml23
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapusersuffix.xml10
-rw-r--r--docs/docbook/smbdotconf/locking/blockinglocks.xml23
-rw-r--r--docs/docbook/smbdotconf/locking/cscpolicy.xml20
-rw-r--r--docs/docbook/smbdotconf/locking/fakeoplocks.xml31
-rw-r--r--docs/docbook/smbdotconf/locking/kerneloplocks.xml27
-rw-r--r--docs/docbook/smbdotconf/locking/level2oplocks.xml41
-rw-r--r--docs/docbook/smbdotconf/locking/locking.xml27
-rw-r--r--docs/docbook/smbdotconf/locking/lockspincount.xml17
-rw-r--r--docs/docbook/smbdotconf/locking/lockspintime.xml12
-rw-r--r--docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml18
-rw-r--r--docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml22
-rw-r--r--docs/docbook/smbdotconf/locking/oplocks.xml29
-rw-r--r--docs/docbook/smbdotconf/locking/posixlocking.xml16
-rw-r--r--docs/docbook/smbdotconf/locking/sharemodes.xml28
-rw-r--r--docs/docbook/smbdotconf/locking/strictlocking.xml19
-rw-r--r--docs/docbook/smbdotconf/logon/abortshutdownscript.xml18
-rw-r--r--docs/docbook/smbdotconf/logon/addgroupscript.xml17
-rw-r--r--docs/docbook/smbdotconf/logon/addmachinescript.xml21
-rw-r--r--docs/docbook/smbdotconf/logon/adduserscript.xml50
-rw-r--r--docs/docbook/smbdotconf/logon/addusertogroupscript.xml18
-rw-r--r--docs/docbook/smbdotconf/logon/deletegroupscript.xml13
-rw-r--r--docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml18
-rw-r--r--docs/docbook/smbdotconf/logon/deleteuserscript.xml22
-rw-r--r--docs/docbook/smbdotconf/logon/domainlogons.xml15
-rw-r--r--docs/docbook/smbdotconf/logon/logondrive.xml18
-rw-r--r--docs/docbook/smbdotconf/logon/logonhome.xml45
-rw-r--r--docs/docbook/smbdotconf/logon/logonpath.xml49
-rw-r--r--docs/docbook/smbdotconf/logon/logonscript.xml44
-rw-r--r--docs/docbook/smbdotconf/logon/setprimarygroupscript.xml21
-rw-r--r--docs/docbook/smbdotconf/logon/shutdownscript.xml59
-rw-r--r--docs/docbook/smbdotconf/printing/addprintercommand.xml63
-rw-r--r--docs/docbook/smbdotconf/printing/defaultdevmode.xml37
-rw-r--r--docs/docbook/smbdotconf/printing/deleteprintercommand.xml38
-rw-r--r--docs/docbook/smbdotconf/printing/enumportscommand.xml25
-rw-r--r--docs/docbook/smbdotconf/printing/lppausecommand.xml43
-rw-r--r--docs/docbook/smbdotconf/printing/lpresumecommand.xml39
-rw-r--r--docs/docbook/smbdotconf/printing/os2drivermap.xml23
-rw-r--r--docs/docbook/smbdotconf/printing/printer.xml9
-rw-r--r--docs/docbook/smbdotconf/printing/printername.xml18
-rw-r--r--docs/docbook/smbdotconf/printing/printing.xml31
-rw-r--r--docs/docbook/smbdotconf/printing/queuepausecommand.xml29
-rw-r--r--docs/docbook/smbdotconf/printing/queueresumecommand.xml33
-rw-r--r--docs/docbook/smbdotconf/printing/showaddprinterwizard.xml35
-rw-r--r--docs/docbook/smbdotconf/security/encryptpasswords.xml24
-rw-r--r--docs/docbook/smbdotconf/vfs/hostmsdfs.xml20
-rw-r--r--docs/docbook/smbdotconf/vfs/msdfsproxy.xml18
-rw-r--r--docs/docbook/smbdotconf/vfs/msdfsroot.xml20
-rw-r--r--docs/docbook/smbdotconf/vfs/vfsobject.xml12
-rw-r--r--docs/docbook/smbdotconf/vfs/vfsoptions.xml12
-rw-r--r--docs/docbook/smbdotconf/vfs/vfspath.xml13
-rw-r--r--docs/docbook/smbdotconf/winbind/templatehomedir.xml17
-rw-r--r--docs/docbook/smbdotconf/winbind/templateshell.xml13
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindcachetime.xml14
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindenumgroups.xml21
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindenumusers.xml23
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindgid.xml16
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindseparator.xml21
-rw-r--r--docs/docbook/smbdotconf/winbind/winbinduid.xml16
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml19
-rw-r--r--docs/docbook/smbdotconf/wins/dnsproxy.xml25
-rw-r--r--docs/docbook/smbdotconf/wins/winshook.xml57
-rw-r--r--docs/docbook/smbdotconf/wins/winspartners.xml17
-rw-r--r--docs/docbook/smbdotconf/wins/winsproxy.xml13
-rw-r--r--docs/docbook/smbdotconf/wins/winsserver.xml37
-rw-r--r--docs/docbook/smbdotconf/wins/winssupport.xml15
-rw-r--r--source3/groupdb/.cvsignore2
-rw-r--r--source3/include/authdata.h152
-rw-r--r--source3/include/fake_file.h46
-rw-r--r--source3/include/ntquotas.h97
-rw-r--r--source3/include/rpc_echo.h74
-rw-r--r--source3/libads/authdata.c614
-rw-r--r--source3/libsmb/clifsinfo.c76
-rw-r--r--source3/rpc_client/cli_echo.c187
-rw-r--r--source3/rpc_parse/parse_echo.c166
-rw-r--r--source3/rpc_server/srv_echo.c137
-rw-r--r--source3/rpc_server/srv_echo_nt.c78
-rw-r--r--source3/rpcclient/cmd_echo.c157
-rwxr-xr-xsource3/stf/smbcontrol.py238
-rw-r--r--source3/stf/unicodenames.py33
-rw-r--r--source3/torture/t_push_ucs2.c54
-rw-r--r--source3/torture/t_strcmp.c32
-rw-r--r--source3/utils/smbcquotas.c545
131 files changed, 5828 insertions, 0 deletions
diff --git a/docs/docbook/projdoc/IntroSMB.sgml b/docs/docbook/projdoc/IntroSMB.sgml
new file mode 100644
index 0000000000..e81155a36f
--- /dev/null
+++ b/docs/docbook/projdoc/IntroSMB.sgml
@@ -0,0 +1,175 @@
+<chapter id="IntroSMB">
+<chapterinfo>
+ &author.dlechnyr;
+ <pubdate>April 13, 2003</pubdate>
+</chapterinfo>
+
+<title>Introduction to Samba</title>
+
+<para>
+Samba provides MS Windows file and print services over TCP/IP and provides compatible support for
+all SMB/CIFS enabled clients. Samba can be used to provide seemless interoperability between unix
+/ Linux systems and MS Windows clients and servers. A global team of about 30 active programmers
+is responsible for the development of Samba, a marvelous tool that was originally developed by
+Andrew Tridgell. That team of developers is known as the Samba-Team.
+</para>
+
+<sect1>
+<title>Background</title>
+
+<para>
+Once long ago, there was a buzzword referred to as DCE/RPC. This stood for Distributed Computing
+Environment/Remote Procedure Calls and conceptually was a good idea. It was originally developed
+by Apollo/HP as NCA 1.0 (Network Computing Architecture) and only ran over UDP. When there was
+a need to run it over TCP so that it would be compatible with DECnet 3.0, it was redesigned,
+submitted to The Open Group, and officially became known as DCE/RPC. Microsoft came along and
+decided, rather than pay $20 per seat to license this technology, to reimplement DCE/RPC
+themselves as MSRPC. From this, the concept continued in the form of SMB (Server Message Block,
+or the "what") using the NetBIOS (Network Basic Input/Output System, or the "how") compatibility
+layer. You can run SMB (i.e., transport) over several different protocols; many different
+implementations arose as a result, including NBIPX (NetBIOS over IPX, NwLnkNb, or NWNBLink) and
+NBT (NetBIOS over TCP/IP, or NetBT). As the years passed, NBT became the most common form of
+implementation until the advance of "Direct-Hosted TCP" -- the Microsoft marketing term for
+eliminating NetBIOS entirely and running SMB by itself across TCP port 445 only. As of yet,
+direct-hosted TCP has yet to catch on. And so the story goes.
+</para>
+
+<para>
+Perhaps the best summary of the origins of SMB are voiced in the 1997 article titled, CIFS:
+Common Insecurities Fail Scrutiny:
+</para>
+
+<para><emphasis>
+Several megabytes of NT-security archives, random whitepapers, RFCs, the CIFS spec, the Samba
+stuff, a few MS knowledge-base articles, strings extracted from binaries, and packet dumps have
+been dutifully waded through during the information-gathering stages of this project, and there
+are *still* many missing pieces... While often tedious, at least the way has been generously
+littered with occurrences of clapping hand to forehead and muttering 'crikey, what are they
+thinking?
+</emphasis></para>
+
+<sect2>
+<title>Terminology</title>
+
+<itemizedlist>
+
+ <listitem><para>
+ SMB: Acronym for "Server Message Block". This is a Microsoft's file and printer
+ sharing protocol.
+ </para></listitem>
+
+ <listitem><para>
+ CIFS: Acronym for the "Common Internet File System". Around 1996, Microsoft apparently
+ decided that SMB needed the word "Internet" in it, so they changed it to CIFS.
+ </para></listitem>
+
+ <listitem><para>
+ Direct-Hosted: A method of providing file/printer sharing services over port 445/tcp
+ only, using DNS for name resolution instead of WINS.
+ </para></listitem>
+
+ <listitem><para>
+ IPC: Acronym for "Inter-process Communication". A method to communicate specific
+ information between programs.
+ </para></listitem>
+
+ <listitem><para>
+ Marshalling: - A method of serializing (i.e., sequential ordering of) variable data
+ suitable for transmission via a network connection or storing in a file. The source
+ data can be re-created using a similar process called unmarshalling.
+ </para></listitem>
+
+ <listitem><para>
+ NetBIOS: Acronym for "Network Basic Input/Output System". This is not a protocol;
+ it is a method of communication across an existing protocol. This is a standard which
+ was originally developed for IBM by Sytek in 1983. To exaggerate the analogy a bit,
+ it can help to think of this in comparison your computer's BIOS -- it controlls the
+ essential functions of your input/output hardware -- whereas NetBIOS controlls the
+ essential functions of your input/output traffic via the network. Again, this is a bit
+ of an exaggeration but it should help that paradigm shift. What is important to realize
+ is that NetBIOS is a transport standard, not a protocol. Unfortunately, even technically
+ brilliant people tend to interchange NetBIOS with terms like NetBEUI without a second
+ thought; this will cause no end (and no doubt) of confusion.
+ </para></listitem>
+
+ <listitem><para>
+ NetBEUI: Acronym for the "NetBIOS Extended User Interface". Unlike NetBIOS, NetBEUI
+ is a protocol, not a standard. It is also not routable, so traffic on one side of a
+ router will be unable to communicate with the other side. Understanding NetBEUI is
+ not essential to deciphering SMB; however it helps to point out that it is not the
+ same as NetBIOS and to improve your score in trivia at parties. NetBEUI was originally
+ referred to by Microsoft as "NBF", or "The Windows NT NetBEUI Frame protocol driver".
+ It is not often heard from these days.
+ </para></listitem>
+
+ <listitem><para>
+ NBT: Acronym for "NetBIOS over TCP"; also known as "NetBT". Allows the continued use
+ of NetBIOS traffic proxied over TCP/IP. As a result, NetBIOS names are made equivilant
+ to IP addresses and NetBIOS name types are conceptually equivilant to TCP/IP ports.
+ This is how file and printer sharing are accomplished in Windows 95/98/ME. They
+ traditionally rely on three ports: NetBIOS Name Service (nbname) via UDP port 137,
+ NetBIOS Datagram Service (nbdatagram) via UDP port 138, and NetBIOS Session Service
+ (nbsession) via TCP port 139. All name resolution is done via WINS, NetBIOS broadcasts,
+ and DNS. NetBIOS over TCP is documented in RFC 1001 (Concepts and methods) and RFC 1002
+ (Detailed specifications).
+ </para></listitem>
+
+ <listitem><para>
+ W2K: Acronym for Windows 2000 Professional or Server
+ </para></listitem>
+
+ <listitem><para>
+ W3K: Acronym for Windows 2003 Server
+ </para></listitem>
+
+</itemizedlist>
+
+</sect2>
+
+<sect2>
+<title>Related Projects>
+
+<para>
+Currently, there are two projects that are directly related to Samba: SMBFS and CIFS network
+client file systems for Linux, both available in the Linux kernel itself.
+</para>
+
+<itemizedlist>
+
+ <listitem><para>
+ SMBFS (Server Message Block File System) allows you to mount SMB shares (the protocol
+ Windows 95/98/ME, Windows NT/2000/XP and OS/2 Lan Manager use to share files and printers
+ over local networks) and access them just like any other Unix directory. This is useful
+ if you just want to mount such filesystems without being a SMBFS server.
+ </para></listitem>
+
+ <listitem><para>
+ CIFS (Common Internet File System) is the successor to SMB, and is actively being worked
+ on in the upcoming version of the Linux kernel (2.5/2.6). The intent of this module is to
+ provide advanced network file system functionality including support for dfs (heirarchical
+ name space), secure per-user session establishment, safe distributed caching (oplock),
+ optional packet signing, Unicode and other internationalization improvements, and optional
+ Winbind (nsswitch) integration. If you enable CONFIG_CIFS in the Linux kernel, be aware
+ that it is currently in an early development stage and may not be as stable as the existing
+ CONFIG_SMB_FS option.
+ </para></listitem>
+
+</itemizedlist>
+
+<para>
+Again, it's important to note that these are implementations for client filesystems, and have
+nothing to do with acting as a file and print server for SMB/CIFS clients.
+</para>
+
+</sect2>
+
+<sect2>
+<title>Miscellaneous</title>
+
+<para>
+This chapter is Copyright © 2003 David Lechnyr. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation. A copy of the license is available at http://www.gnu.org/licenses/fdl.txt.
+</para>
+
+</sect2>
+</sect1>
+</chapter>
diff --git a/docs/docbook/projdoc/Problems.sgml b/docs/docbook/projdoc/Problems.sgml
new file mode 100644
index 0000000000..1f880a78cd
--- /dev/null
+++ b/docs/docbook/projdoc/Problems.sgml
@@ -0,0 +1,276 @@
+<chapter id="problems">
+
+<chapterinfo>
+ &author.jerry;
+ &author.jelmer;
+ <author>
+ <firstname>David</firstname><surname>Bannon</surname>
+ <affiliation>
+ <orgname>Samba Team</orgname>
+ <address><email>dbannon@samba.org</email></address>
+ </affiliation>
+ </author>
+ <pubdate>8 Apr 2003</pubdate>
+</chapterinfo>
+
+<title>Analysing and solving samba problems</title>
+
+<para>
+There are many sources of information available in the form
+of mailing lists, RFC's and documentation. The docs that come
+with the samba distribution contain very good explanations of
+general SMB topics such as browsing.</para>
+
+<sect1>
+<title>Diagnostics tools</title>
+
+ <para>
+One of the best diagnostic tools for debugging problems is Samba itself.
+You can use the -d option for both smbd and nmbd to specify what
+'debug level' at which to run. See the man pages on smbd, nmbd and
+smb.conf for more information on debugging options. The debug
+level can range from 1 (the default) to 10 (100 for debugging passwords).
+</para>
+
+<para>
+Another helpful method of debugging is to compile samba using the
+<command>gcc -g </command> flag. This will include debug
+information in the binaries and allow you to attach gdb to the
+running smbd / nmbd process. In order to attach gdb to an smbd
+process for an NT workstation, first get the workstation to make the
+connection. Pressing ctrl-alt-delete and going down to the domain box
+is sufficient (at least, on the first time you join the domain) to
+generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation
+maintains an open connection, and therefore there will be an smbd
+process running (assuming that you haven't set a really short smbd
+idle timeout) So, in between pressing ctrl alt delete, and actually
+typing in your password, you can gdb attach and continue.
+</para>
+
+<para>
+Some useful samba commands worth investigating:
+</para>
+
+<itemizedlist>
+ <listitem><para>testparam | more</para></listitem>
+ <listitem><para>smbclient -L //{netbios name of server}</para></listitem>
+</itemizedlist>
+
+<para>
+An SMB enabled version of tcpdump is available from
+<ulink url="http://www.tcpdump.org/">http://www.tcpdup.org/</ulink>.
+Ethereal, another good packet sniffer for Unix and Win32
+hosts, can be downloaded from <ulink
+url="http://www.ethereal.com/">http://www.ethereal.com</ulink>.
+</para>
+
+<para>
+For tracing things on the Microsoft Windows NT, Network Monitor
+(aka. netmon) is available on the Microsoft Developer Network CD's,
+the Windows NT Server install CD and the SMS CD's. The version of
+netmon that ships with SMS allows for dumping packets between any two
+computers (i.e. placing the network interface in promiscuous mode).
+The version on the NT Server install CD will only allow monitoring
+of network traffic directed to the local NT box and broadcasts on the
+local subnet. Be aware that Ethereal can read and write netmon
+formatted files.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Installing 'Network Monitor' on an NT Workstation or a Windows 9x box</title>
+
+<para>
+Installing netmon on an NT workstation requires a couple
+of steps. The following are for installing Netmon V4.00.349, which comes
+with Microsoft Windows NT Server 4.0, on Microsoft Windows NT
+Workstation 4.0. The process should be similar for other version of
+Windows NT / Netmon. You will need both the Microsoft Windows
+NT Server 4.0 Install CD and the Workstation 4.0 Install CD.
+</para>
+
+<para>
+Initially you will need to install 'Network Monitor Tools and Agent'
+on the NT Server. To do this
+</para>
+
+<itemizedlist>
+ <listitem><para>Goto Start - Settings - Control Panel -
+ Network - Services - Add </para></listitem>
+
+ <listitem><para>Select the 'Network Monitor Tools and Agent' and
+ click on 'OK'.</para></listitem>
+
+ <listitem><para>Click 'OK' on the Network Control Panel.
+ </para></listitem>
+
+ <listitem><para>Insert the Windows NT Server 4.0 install CD
+ when prompted.</para></listitem>
+</itemizedlist>
+
+<para>
+At this point the Netmon files should exist in
+<filename>%SYSTEMROOT%\System32\netmon\*.*</filename>.
+Two subdirectories exist as well, <filename>parsers\</filename>
+which contains the necessary DLL's for parsing the netmon packet
+dump, and <filename>captures\</filename>.
+</para>
+
+<para>
+In order to install the Netmon tools on an NT Workstation, you will
+first need to install the 'Network Monitor Agent' from the Workstation
+install CD.
+</para>
+
+<itemizedlist>
+ <listitem><para>Goto Start - Settings - Control Panel -
+ Network - Services - Add</para></listitem>
+
+ <listitem><para>Select the 'Network Monitor Agent' and click
+ on 'OK'.</para></listitem>
+
+ <listitem><para>Click 'OK' on the Network Control Panel.
+ </para></listitem>
+
+ <listitem><para>Insert the Windows NT Workstation 4.0 install
+ CD when prompted.</para></listitem>
+</itemizedlist>
+
+<para>
+Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.*
+to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set
+permissions as you deem appropriate for your site. You will need
+administrative rights on the NT box to run netmon.
+</para>
+
+<para>
+To install Netmon on a Windows 9x box install the network monitor agent
+from the Windows 9x CD (\admin\nettools\netmon). There is a readme
+file located with the netmon driver files on the CD if you need
+information on how to do this. Copy the files from a working
+Netmon installation.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Useful URL's</title>
+<itemizedlist>
+
+<listitem><para>Home of Samba site <ulink url="http://samba.org">
+ http://samba.org</ulink>. We have a mirror near you !</para></listitem>
+
+<listitem><para> The <emphasis>Development</emphasis> document
+on the Samba mirrors might mention your problem. If so,
+it might mean that the developers are working on it.</para></listitem>
+
+<listitem><para>See how Scott Merrill simulates a BDC behavior at
+ <ulink url="http://www.skippy.net/linux/smb-howto.html">
+ http://www.skippy.net/linux/smb-howto.html</ulink>. </para></listitem>
+
+<listitem><para>Although 2.0.7 has almost had its day as a PDC, David Bannon will
+ keep the 2.0.7 PDC pages at <ulink url="http://bioserve.latrobe.edu.au/samba">
+ http://bioserve.latrobe.edu.au/samba</ulink> going for a while yet.</para></listitem>
+
+<listitem><para>Misc links to CIFS information
+ <ulink url="http://samba.org/cifs/">http://samba.org/cifs/</ulink></para></listitem>
+
+<listitem><para>NT Domains for Unix <ulink url="http://mailhost.cb1.com/~lkcl/ntdom/">
+ http://mailhost.cb1.com/~lkcl/ntdom/</ulink></para></listitem>
+
+<listitem><para>FTP site for older SMB specs:
+ <ulink url="ftp://ftp.microsoft.com/developr/drg/CIFS/">
+ ftp://ftp.microsoft.com/developr/drg/CIFS/</ulink></para></listitem>
+
+</itemizedlist>
+
+</sect1>
+
+<sect1>
+<title>Getting help from the mailing lists</title>
+
+<para>
+There are a number of Samba related mailing lists. Go to <ulink
+url="http://samba.org">http://samba.org</ulink>, click on your nearest mirror
+and then click on <command>Support</command> and then click on <command>
+Samba related mailing lists</command>.
+</para>
+
+<para>
+For questions relating to Samba TNG go to
+<ulink url="http://www.samba-tng.org/">http://www.samba-tng.org/</ulink>
+It has been requested that you don't post questions about Samba-TNG to the
+main stream Samba lists.</para>
+
+<para>
+If you post a message to one of the lists please observe the following guide lines :
+</para>
+
+<itemizedlist>
+
+<listitem><para> Always remember that the developers are volunteers, they are
+not paid and they never guarantee to produce a particular feature at
+a particular time. Any time lines are 'best guess' and nothing more.
+</para></listitem>
+
+<listitem><para> Always mention what version of samba you are using and what
+operating system its running under. You should probably list the
+relevant sections of your &smb.conf; file, at least the options
+in [global] that affect PDC support.</para></listitem>
+
+<listitem><para>In addition to the version, if you obtained Samba via
+CVS mention the date when you last checked it out.</para></listitem>
+
+<listitem><para> Try and make your question clear and brief, lots of long,
+convoluted questions get deleted before they are completely read !
+Don't post html encoded messages (if you can select colour or font
+size its html).</para></listitem>
+
+<listitem><para> If you run one of those nifty 'I'm on holidays' things when
+you are away, make sure its configured to not answer mailing lists.
+</para></listitem>
+
+<listitem><para> Don't cross post. Work out which is the best list to post to
+and see what happens, i.e. don't post to both samba-ntdom and samba-technical.
+Many people active on the lists subscribe to more
+than one list and get annoyed to see the same message two or more times.
+Often someone will see a message and thinking it would be better dealt
+with on another, will forward it on for you.</para></listitem>
+
+<listitem><para>You might include <emphasis>partial</emphasis>
+log files written at a debug level set to as much as 20.
+Please don't send the entire log but enough to give the context of the
+error messages.</para></listitem>
+
+<listitem><para>(Possibly) If you have a complete netmon trace ( from the opening of
+the pipe to the error ) you can send the *.CAP file as well.</para></listitem>
+
+<listitem><para>Please think carefully before attaching a document to an email.
+Consider pasting the relevant parts into the body of the message. The samba
+mailing lists go to a huge number of people, do they all need a copy of your
+smb.conf in their attach directory?</para></listitem>
+
+</itemizedlist>
+
+</sect1>
+
+<sect1>
+<title>How to get off the mailinglists</title>
+
+<para>To have your name removed from a samba mailing list, go to the
+same place you went to to get on it. Go to <ulink
+url="http://lists.samba.org/">http://lists.samba.org</ulink>,
+click on your nearest mirror and then click on <command>Support</command> and
+then click on <command> Samba related mailing lists</command>. Or perhaps see
+<ulink url="http://lists.samba.org/mailman/roster/samba-ntdom">here</ulink>
+</para>
+
+<para>
+Please don't post messages to the list asking to be removed, you will just
+be referred to the above address (unless that process failed in some way...)
+</para>
+
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/smbdotconf/README b/docs/docbook/smbdotconf/README
new file mode 100644
index 0000000000..9a037149ad
--- /dev/null
+++ b/docs/docbook/smbdotconf/README
@@ -0,0 +1,158 @@
+DocBook XML 4.2 source code for smb.conf(5) documentation for Samba 3.0
+
+Author of the document: Alexander Bokovoy <ab@samba.org>
+
+Welcome to new smb.conf(5) documentation build system! This directory
+contains a new incarnation of Samba's smb.conf(5) Docbook XML 4.2
+sources. Note that the output might be unsatisfying untill all smb.conf(5)
+parameters will converted to new format (see Chapter 4 for details).
+
+Content
+-------
+
+0. Prerequisites
+1. Structure
+2. XSLT stylesheets
+3. Usage
+4. Current status of converted parameters
+
+Prerequisites
+-------------
+
+In order to compile smb.conf(5) documentation from Docbook XML 4.2
+sources you'll need:
+
+ - a working libxml2 and libxslt installation, together with xsltproc utility
+
+ - a locally installed Docbook XSL 4.2 or higher
+
+ - a working xmlcatalog to eliminate Web access for Docbook XSL
+
+The latter requisite is important: we do not specify local copies of
+Docbook XSL stylesheets in our XSLTs because of real nightmare in their
+location in most distributions. Fortunately, libxml2 provides standard
+way to access locally installed external resources via so-called
+'xmlcatalog' tool. It is working in RedHat, Mandrake, ALT Linux, and
+some other distributions but wasn't at the moment of this writting (Late
+March'03) in Debian.
+
+Structure
+---------
+
+smb.conf(5) sources consist of a number of XML files distributed across
+a number of subdirectories. Each subdirectory represents a group of
+smb.conf(5) parameters dedicated to one specific task as described in
+Samba's loadparm.c source file (and shown in SWAT).
+
+Each XML file in subdirectories represents one parameter description,
+together with some additional meta-information about it. Complete list
+of meta-information attributes
+
+attribute description
+-------------------------------------------------------------------
+name smb.conf(5) parameter name
+context G for global, S for services
+basic set to 1 if loadparm.c's description
+wizard includes appropriate flag for
+advanced this parameter (FLAG_BASIC,
+developer FLAG_ADVANCED, FLAG_WIZARD, FLAG_DEVELOPER)
+-------------------------------------------------------------------
+
+Main XML file for smb.conf(5) is smb.conf.5.xml. It contains a general
+stub for man page and several XML instructions to include:
+
+ - a list of global parameters (auto-generated);
+
+ - a list of service parameters (auto-generated);
+
+ - a complete list of alphabetically sorted parameters (auto-generated).
+
+XSLT stylesheets
+----------------
+
+In order to combine and build final version of smb.conf(5) we apply a
+set of XSLT stylesheets to smb.conf(5) sources. Following is the
+complete description of existing stylesheets in smb.conf(5) source tree:
+
+1. [expand-smb.conf.xsl] Main driver, produces big XML source with all
+smaller components combined. The resulted tree is then feed to Docbook
+XSL for final producing.
+
+This stylesheet performs two main transformations:
+
+ - Replaces <samba:parameter> tag by <varlistentry> one;
+
+ - Generates <term> and <anchor> tags for each <samba:parameter>.
+
+The latter step needs some explanation. We generate automatically
+<anchor> and <term> tags based on meta-information about parameter. This
+way all anchors have predictable names (capitalized parameter name with
+all spaces supressed) and we really don't need to dublicate data.
+
+There was only one exception to the generation rule in smb.conf.5.sgml:
+"use spnego" parameter had anchor SPNEGO which is now unified to
+USESPNEGO. This also fixes a bug in SWAT which was unable to find SPNEGO
+achnor.
+
+2. [generate-context.xsl] An utility stylesheet which main purpose is to
+produce a list of parameters which are applicable for selected context
+(global or service).
+
+The generate-context.xsl is run twice to generate both
+parameters.global.xml and parameters.service.xml which are included then
+by smb.conf.5.xml. This stylesheet relies on parameters.all.xml file
+which is generated by [generate-file-list.sh] shell script.
+
+The parameters.all.xml file contains a complete list of include
+instructions for XSLT processor to include all small XML files from
+subdirectories.
+
+3. [man.xsl] Our local copy of Docbook XML to man(5) transformer. It
+fixes some annoying errors in official Docbook XSL stylesheets and adds
+our tuned parameters. This file really belongs to upper level where it
+would occur later, as we'll move to Docbook XML completely.
+
+4. [split-original-smb.conf.xsl] This stylesheet isn't required anymore.
+It was used for initial split of SGML-based smb.conf.5.sgml onto a set
+of per-parameter XML files. I left it in source tree just for historical
+interest. :)
+
+Usage
+-----
+
+1. Generate [parameters.all.xml]:
+ sh generate-file-list.sh >parameters.all.xml
+
+2. Generate [parameters.global.xml]:
+ xsltproc --xinclude \
+ --param smb.context "'G'" \
+ --output parameters.global.xml \
+ generate-context.xsl parameters.all.xml
+
+3. Generate [parameters.service.xml]:
+ xsltproc --xinclude \
+ --param smb.context "'S'" \
+ --output parameters.service.xml \
+ generate-context.xsl parameters.all.xml
+
+4. Process smb.conf.5.xml (for example, to HTML):
+ xsltproc --xinclude expand-smb.conf.xsl smb.conf.5.xml | \
+ xsltproc http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl - > smb.conf.5.html
+
+Note that in step 4 we are not saving preprocessed smb.conf.5.xml to
+disk and directly passing it to the next XSLT processor (in this case --
+Docbook XML to HTML generator).
+
+For convenience, this sequence of commands is added into source tree as
+process-all.sh
+
+Current state of converted parameters
+-------------------------------------
+
+Only 'misc' parameters don't converted so far.
+
+All undocumented parameters are listed in doc-status file in of Samba's
+docs/ directory.
+
+Any help is greatly appreciated.
+
diff --git a/docs/docbook/smbdotconf/browse/browsable.xml b/docs/docbook/smbdotconf/browse/browsable.xml
new file mode 100644
index 0000000000..bd35732927
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/browsable.xml
@@ -0,0 +1,9 @@
+<samba:parameter name="browsable"
+ context="S"
+ hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>See the <link linkend="BROWSEABLE">
+ <parameter moreinfo="none">browseable</parameter></link>.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/browseable.xml b/docs/docbook/smbdotconf/browse/browseable.xml
new file mode 100644
index 0000000000..5da61cccfb
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/browseable.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="browseable"
+ context="S"
+ basic="1" advanced="1" print="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether this share is seen in
+ the list of available shares in a net view and in the browse list.</para>
+
+ <para>Default: <command moreinfo="none">browseable = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/browselist.xml b/docs/docbook/smbdotconf/browse/browselist.xml
new file mode 100644
index 0000000000..17a962a3f5
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/browselist.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="browse list"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will serve a browse list to
+ a client doing a <command moreinfo="none">NetServerEnum</command> call. Normally
+ set to <constant>yes</constant>. You should never need to change
+ this.</para>
+
+ <para>Default: <command moreinfo="none">browse list = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/domainmaster.xml b/docs/docbook/smbdotconf/browse/domainmaster.xml
new file mode 100644
index 0000000000..7bd334bbb5
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/domainmaster.xml
@@ -0,0 +1,38 @@
+<samba:parameter name="domain master"
+ context="G"
+ basic="1" advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Tell <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> to enable WAN-wide browse list
+ collation. Setting this option causes <command moreinfo="none">nmbd</command> to
+ claim a special domain specific NetBIOS name that identifies
+ it as a domain master browser for its given <link linkend="WORKGROUP">
+ <parameter moreinfo="none">workgroup</parameter></link>. Local master browsers
+ in the same <parameter moreinfo="none">workgroup</parameter> on broadcast-isolated
+ subnets will give this <command moreinfo="none">nmbd</command> their local browse lists,
+ and then ask <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> for a complete copy of the browse
+ list for the whole wide area network. Browser clients will then contact
+ their local master browser, and will receive the domain-wide browse list,
+ instead of just the list for their broadcast-isolated subnet.</para>
+
+ <para>Note that Windows NT Primary Domain Controllers expect to be
+ able to claim this <parameter moreinfo="none">workgroup</parameter> specific special
+ NetBIOS name that identifies them as domain master browsers for
+ that <parameter moreinfo="none">workgroup</parameter> by default (i.e. there is no
+ way to prevent a Windows NT PDC from attempting to do this). This
+ means that if this parameter is set and <command moreinfo="none">nmbd</command> claims
+ the special name for a <parameter moreinfo="none">workgroup</parameter> before a Windows
+ NT PDC is able to do so then cross subnet browsing will behave
+ strangely and may fail.</para>
+
+ <para>If <link linkend="DOMAINLOGONS"><command moreinfo="none">domain logons = yes</command>
+ </link>, then the default behavior is to enable the <parameter moreinfo="none">domain
+ master</parameter> parameter. If <parameter moreinfo="none">domain logons</parameter> is
+ not enabled (the default setting), then neither will <parameter moreinfo="none">domain
+ master</parameter> be enabled by default.</para>
+
+ <para>Default: <command moreinfo="none">domain master = auto</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml b/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml
new file mode 100644
index 0000000000..8fb3be1603
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="enhanced browsing"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option enables a couple of enhancements to
+ cross-subnet browse propagation that have been added in Samba
+ but which are not standard in Microsoft implementations.
+ </para>
+
+ <para>The first enhancement to browse propagation consists of a regular
+ wildcard query to a Samba WINS server for all Domain Master Browsers,
+ followed by a browse synchronization with each of the returned
+ DMBs. The second enhancement consists of a regular randomised browse
+ synchronization with all currently known DMBs.</para>
+
+ <para>You may wish to disable this option if you have a problem with empty
+ workgroups not disappearing from browse lists. Due to the restrictions
+ of the browse protocols these enhancements can cause a empty workgroup
+ to stay around forever which can be annoying.</para>
+
+ <para>In general you should leave this option enabled as it makes
+ cross-subnet browse propagation much more reliable.</para>
+
+ <para>Default: <command moreinfo="none">enhanced browsing = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/lmannounce.xml b/docs/docbook/smbdotconf/browse/lmannounce.xml
new file mode 100644
index 0000000000..b18234443a
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/lmannounce.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="lm announce"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will produce Lanman announce
+ broadcasts that are needed by OS/2 clients in order for them to see
+ the Samba server in their browse list. This parameter can have three
+ values, <constant>yes</constant>, <constant>no</constant>, or
+ <constant>auto</constant>. The default is <constant>auto</constant>.
+ If set to <constant>no</constant> Samba will never produce these
+ broadcasts. If set to <constant>yes</constant> Samba will produce
+ Lanman announce broadcasts at a frequency set by the parameter
+ <parameter moreinfo="none">lm interval</parameter>. If set to <constant>auto</constant>
+ Samba will not send Lanman announce broadcasts by default but will
+ listen for them. If it hears such a broadcast on the wire it will
+ then start sending them at a frequency set by the parameter
+ <parameter moreinfo="none">lm interval</parameter>.</para>
+
+ <para>See also <link linkend="LMINTERVAL"><parameter moreinfo="none">lm interval</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">lm announce = auto</command></para>
+
+ <para>Example: <command moreinfo="none">lm announce = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/lminterval.xml b/docs/docbook/smbdotconf/browse/lminterval.xml
new file mode 100644
index 0000000000..58e4cc30ba
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/lminterval.xml
@@ -0,0 +1,20 @@
+<samba:parameter name="lm interval"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>If Samba is set to produce Lanman announce
+ broadcasts needed by OS/2 clients (see the <link linkend="LMANNOUNCE">
+ <parameter moreinfo="none">lm announce</parameter></link> parameter) then this
+ parameter defines the frequency in seconds with which they will be
+ made. If this is set to zero then no Lanman announcements will be
+ made despite the setting of the <parameter moreinfo="none">lm announce</parameter>
+ parameter.</para>
+
+ <para>See also <link linkend="LMANNOUNCE"><parameter moreinfo="none">lm announce</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">lm interval = 60</command></para>
+
+ <para>Example: <command moreinfo="none">lm interval = 120</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/localmaster.xml b/docs/docbook/smbdotconf/browse/localmaster.xml
new file mode 100644
index 0000000000..ac2626c679
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/localmaster.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="local master"
+ context="G"
+ basic="1" advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option allows <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> to try and become a local master browser
+ on a subnet. If set to <constant>no</constant> then <command moreinfo="none">
+ nmbd</command> will not attempt to become a local master browser
+ on a subnet and will also lose in all browsing elections. By
+ default this value is set to <constant>yes</constant>. Setting this value to
+ <constant>yes</constant> doesn't mean that Samba will <emphasis>become</emphasis> the
+ local master browser on a subnet, just that <command moreinfo="none">nmbd</command>
+ will <emphasis>participate</emphasis> in elections for local master browser.</para>
+
+ <para>Setting this value to <constant>no</constant> will cause <command
+ moreinfo="none">nmbd</command> <emphasis>never</emphasis> to become a local
+ master browser.</para>
+
+ <para>Default: <command moreinfo="none">local master = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/oslevel.xml b/docs/docbook/smbdotconf/browse/oslevel.xml
new file mode 100644
index 0000000000..560516e3f8
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/oslevel.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="os level"
+ context="G"
+ basic="1" advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This integer value controls what level Samba
+ advertises itself as for browse elections. The value of this
+ parameter determines whether <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>
+ has a chance of becoming a local master browser for the <parameter moreinfo="none">
+ WORKGROUP</parameter> in the local broadcast area.</para>
+
+ <para><emphasis>Note :</emphasis>By default, Samba will win
+ a local master browsing election over all Microsoft operating
+ systems except a Windows NT 4.0/2000 Domain Controller. This
+ means that a misconfigured Samba host can effectively isolate
+ a subnet for browsing purposes. See <filename moreinfo="none">BROWSING.txt
+ </filename> in the Samba <filename moreinfo="none">docs/</filename> directory
+ for details.</para>
+
+ <para>Default: <command moreinfo="none">os level = 20</command></para>
+
+ <para>Example: <command moreinfo="none">os level = 65 </command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/preferedmaster.xml b/docs/docbook/smbdotconf/browse/preferedmaster.xml
new file mode 100644
index 0000000000..2e8cd938ea
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/preferedmaster.xml
@@ -0,0 +1,9 @@
+<samba:parameter name="prefered master"
+ context="G"
+ hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Synonym for <link linkend="PREFERREDMASTER"><parameter moreinfo="none">
+ preferred master</parameter></link> for people who cannot spell :-).</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/preferredmaster.xml b/docs/docbook/smbdotconf/browse/preferredmaster.xml
new file mode 100644
index 0000000000..31c966b4ac
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/preferredmaster.xml
@@ -0,0 +1,29 @@
+<samba:parameter name="preferred master"
+ context="G"
+ basic="1" advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean parameter controls if
+ <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> is a preferred master
+ browser for its workgroup.</para>
+
+ <para>If this is set to <constant>yes</constant>, on startup, <command moreinfo="none">nmbd</command>
+ will force an election, and it will have a slight advantage in
+ winning the election. It is recommended that this parameter is
+ used in conjunction with <command moreinfo="none"><link linkend="DOMAINMASTER">
+ <parameter moreinfo="none">domain master</parameter></link> = yes</command>, so
+ that <command moreinfo="none">nmbd</command> can guarantee becoming a domain master.</para>
+
+ <para>Use this option with caution, because if there are several
+ hosts (whether Samba servers, Windows 95 or NT) that are
+ preferred master browsers on the same subnet, they will each
+ periodically and continuously attempt to become the local
+ master browser. This will result in unnecessary broadcast
+ traffic and reduced browsing capabilities.</para>
+
+ <para>See also <link linkend="OSLEVEL"><parameter moreinfo="none">os level</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">preferred master = auto</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml
new file mode 100644
index 0000000000..06017fce59
--- /dev/null
+++ b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="machine password timeout"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>If a Samba server is a member of a Windows
+ NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>)
+ parameter) then periodically a running <ulink url="smbd.8.html">
+ smbd(8)</ulink> process will try and change the MACHINE ACCOUNT
+ PASSWORD stored in the TDB called <filename moreinfo="none">private/secrets.tdb
+ </filename>. This parameter specifies how often this password
+ will be changed, in seconds. The default is one week (expressed in
+ seconds), the same as a Windows NT Domain member server.</para>
+
+ <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>, and the <link linkend="SECURITYEQUALSDOMAIN">
+ security = domain</link>) parameter.</para>
+
+ <para>Default: <command moreinfo="none">machine password timeout = 604800</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/casesensitive.xml b/docs/docbook/smbdotconf/filename/casesensitive.xml
new file mode 100644
index 0000000000..94b20d6c0c
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/casesensitive.xml
@@ -0,0 +1,9 @@
+<samba:parameter name="case sensitive"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>See the discussion in the section <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para>
+
+ <para>Default: <command moreinfo="none">case sensitive = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/casesignames.xml b/docs/docbook/smbdotconf/filename/casesignames.xml
new file mode 100644
index 0000000000..3254b545c5
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/casesignames.xml
@@ -0,0 +1,8 @@
+<samba:parameter name="casesignames"
+ context="S"
+ hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Synonym for <link linkend="CASESENSITIVE">case sensitive</link>.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/defaultcase.xml b/docs/docbook/smbdotconf/filename/defaultcase.xml
new file mode 100644
index 0000000000..de3ad35c0c
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/defaultcase.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="default case"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">
+ NAME MANGLING</link>. Also note the <link linkend="SHORTPRESERVECASE">
+ <parameter moreinfo="none">short preserve case</parameter></link> parameter.</para>
+
+ <para>Default: <command moreinfo="none">default case = lower</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/deletevetofiles.xml b/docs/docbook/smbdotconf/filename/deletevetofiles.xml
new file mode 100644
index 0000000000..c851824b7e
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/deletevetofiles.xml
@@ -0,0 +1,28 @@
+<samba:parameter name="delete veto files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option is used when Samba is attempting to
+ delete a directory that contains one or more vetoed directories
+ (see the <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link>
+ option). If this option is set to <constant>no</constant> (the default) then if a vetoed
+ directory contains any non-vetoed files or directories then the
+ directory delete will fail. This is usually what you want.</para>
+
+ <para>If this option is set to <constant>yes</constant>, then Samba
+ will attempt to recursively delete any files and directories within
+ the vetoed directory. This can be useful for integration with file
+ serving systems such as NetAtalk which create meta-files within
+ directories you might normally veto DOS/Windows users from seeing
+ (e.g. <filename moreinfo="none">.AppleDouble</filename>)</para>
+
+ <para>Setting <command moreinfo="none">delete veto files = yes</command> allows these
+ directories to be transparently deleted when the parent directory
+ is deleted (so long as the user has permissions to do so).</para>
+
+ <para>See also the <link linkend="VETOFILES"><parameter moreinfo="none">veto
+ files</parameter></link> parameter.</para>
+
+ <para>Default: <command moreinfo="none">delete veto files = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/hidedotfiles.xml b/docs/docbook/smbdotconf/filename/hidedotfiles.xml
new file mode 100644
index 0000000000..1728f01f8f
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/hidedotfiles.xml
@@ -0,0 +1,10 @@
+<samba:parameter name="hide dot files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a boolean parameter that controls whether
+ files starting with a dot appear as hidden files.</para>
+
+ <para>Default: <command moreinfo="none">hide dot files = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/hidefiles.xml b/docs/docbook/smbdotconf/filename/hidefiles.xml
new file mode 100644
index 0000000000..b687fc5a1f
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/hidefiles.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="hide files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a list of files or directories that are not
+ visible but are accessible. The DOS 'hidden' attribute is applied
+ to any files or directories that match.</para>
+
+ <para>Each entry in the list must be separated by a '/',
+ which allows spaces to be included in the entry. '*'
+ and '?' can be used to specify multiple files or directories
+ as in DOS wildcards.</para>
+
+ <para>Each entry must be a Unix path, not a DOS path and must
+ not include the Unix directory separator '/'.</para>
+
+ <para>Note that the case sensitivity option is applicable
+ in hiding files.</para>
+
+ <para>Setting this parameter will affect the performance of Samba,
+ as it will be forced to check all files and directories for a match
+ as they are scanned.</para>
+
+ <para>See also <link linkend="HIDEDOTFILES"><parameter moreinfo="none">hide
+ dot files</parameter></link>, <link linkend="VETOFILES"><parameter moreinfo="none">
+ veto files</parameter></link> and <link linkend="CASESENSITIVE">
+ <parameter moreinfo="none">case sensitive</parameter></link>.</para>
+
+ <para>Default: <emphasis>no file are hidden</emphasis></para>
+
+ <para>Example: <command moreinfo="none">hide files =
+ /.*/DesktopFolderDB/TrashFor%m/resource.frk/</command></para>
+
+ <para>The above example is based on files that the Macintosh
+ SMB client (DAVE) available from <ulink url="http://www.thursby.com">
+ Thursby</ulink> creates for internal use, and also still hides
+ all files beginning with a dot.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/hidespecialfiles.xml b/docs/docbook/smbdotconf/filename/hidespecialfiles.xml
new file mode 100644
index 0000000000..815e8ea63c
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/hidespecialfiles.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="hide special files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter prevents clients from seeing
+ special files such as sockets, devices and fifo's in directory
+ listings.
+ </para>
+
+ <para>Default: <command moreinfo="none">hide special files = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/hideunreadable.xml b/docs/docbook/smbdotconf/filename/hideunreadable.xml
new file mode 100644
index 0000000000..f34a3a597d
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/hideunreadable.xml
@@ -0,0 +1,10 @@
+<samba:parameter name="hide unreadable"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter prevents clients from seeing the
+ existance of files that cannot be read. Defaults to off.</para>
+
+ <para>Default: <command moreinfo="none">hide unreadable = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml b/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml
new file mode 100644
index 0000000000..7d20296ff2
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="hide unwriteable files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter prevents clients from seeing
+ the existance of files that cannot be written to. Defaults to off.
+ Note that unwriteable directories are shown as usual.
+ </para>
+
+ <para>Default: <command moreinfo="none">hide unwriteable = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/manglecase.xml b/docs/docbook/smbdotconf/filename/manglecase.xml
new file mode 100644
index 0000000000..d514375c3b
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/manglecase.xml
@@ -0,0 +1,9 @@
+<samba:parameter name="mangle case"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link></para>
+
+ <para>Default: <command moreinfo="none">mangle case = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/mangledmap.xml b/docs/docbook/smbdotconf/filename/mangledmap.xml
new file mode 100644
index 0000000000..e790fa877d
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/mangledmap.xml
@@ -0,0 +1,26 @@
+<samba:parameter name="mangled map"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is for those who want to directly map UNIX
+ file names which cannot be represented on Windows/DOS. The mangling
+ of names is not always what is needed. In particular you may have
+ documents with file extensions that differ between DOS and UNIX.
+ For example, under UNIX it is common to use <filename moreinfo="none">.html</filename>
+ for HTML files, whereas under Windows/DOS <filename moreinfo="none">.htm</filename>
+ is more commonly used.</para>
+
+ <para>So to map <filename moreinfo="none">html</filename> to <filename moreinfo="none">htm</filename>
+ you would use:</para>
+
+ <para><command moreinfo="none">mangled map = (*.html *.htm)</command></para>
+
+ <para>One very useful case is to remove the annoying <filename moreinfo="none">;1
+ </filename> off the ends of filenames on some CDROMs (only visible
+ under some UNIXes). To do this use a map of (*;1 *;).</para>
+
+ <para>Default: <emphasis>no mangled map</emphasis></para>
+
+ <para>Example: <command moreinfo="none">mangled map = (*;1 *;)</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/manglednames.xml b/docs/docbook/smbdotconf/filename/manglednames.xml
new file mode 100644
index 0000000000..4ec088d16f
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/manglednames.xml
@@ -0,0 +1,67 @@
+<samba:parameter name="mangled names"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether non-DOS names under UNIX
+ should be mapped to DOS-compatible names (&quot;mangled&quot;) and made visible,
+ or whether non-DOS names should simply be ignored.</para>
+
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link> for
+ details on how to control the mangling process.</para>
+
+ <para>If mangling is used then the mangling algorithm is as follows:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The first (up to) five alphanumeric characters
+ before the rightmost dot of the filename are preserved, forced
+ to upper case, and appear as the first (up to) five characters
+ of the mangled name.</para>
+ </listitem>
+
+ <listitem>
+ <para>A tilde &quot;~&quot; is appended to the first part of the mangled
+ name, followed by a two-character unique sequence, based on the
+ original root name (i.e., the original filename minus its final
+ extension). The final extension is included in the hash calculation
+ only if it contains any upper case characters or is longer than three
+ characters.</para>
+
+ <para>Note that the character to use may be specified using
+ the <link linkend="MANGLINGCHAR"><parameter moreinfo="none">mangling char</parameter>
+ </link> option, if you don't like '~'.</para>
+ </listitem>
+
+ <listitem>
+ <para>The first three alphanumeric characters of the final
+ extension are preserved, forced to upper case and appear as the
+ extension of the mangled name. The final extension is defined as that
+ part of the original filename after the rightmost dot. If there are no
+ dots in the filename, the mangled name will have no extension (except
+ in the case of &quot;hidden files&quot; - see below).</para>
+ </listitem>
+
+ <listitem>
+ <para>Files whose UNIX name begins with a dot will be
+ presented as DOS hidden files. The mangled name will be created as
+ for other filenames, but with the leading dot removed and &quot;___&quot; as
+ its extension regardless of actual original extension (that's three
+ underscores).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The two-digit hash value consists of upper case alphanumeric characters.</para>
+
+ <para>This algorithm can cause name collisions only if files
+ in a directory share the same first five alphanumeric characters.
+ The probability of such a clash is 1/1300.</para>
+
+ <para>The name mangling (if enabled) allows a file to be
+ copied between UNIX directories from Windows/DOS while retaining
+ the long UNIX filename. UNIX files can be renamed to a new extension
+ from Windows/DOS and will retain the same basename. Mangled names
+ do not change between sessions.</para>
+
+ <para>Default: <command moreinfo="none">mangled names = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/mangledstack.xml b/docs/docbook/smbdotconf/filename/mangledstack.xml
new file mode 100644
index 0000000000..42083d13a2
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/mangledstack.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="mangling stack"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter controls the number of mangled names
+ that should be cached in the Samba server <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>.</para>
+
+ <para>This stack is a list of recently mangled base names
+ (extensions are only maintained if they are longer than 3 characters
+ or contains upper case characters).</para>
+
+ <para>The larger this value, the more likely it is that mangled
+ names can be successfully converted to correct long UNIX names.
+ However, large stack sizes will slow most directory accesses. Smaller
+ stacks save memory in the server (each stack element costs 256 bytes).
+ </para>
+
+ <para>It is not possible to absolutely guarantee correct long
+ filenames, so be prepared for some surprises!</para>
+
+ <para>Default: <command moreinfo="none">mangled stack = 50</command></para>
+
+ <para>Example: <command moreinfo="none">mangled stack = 100</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/mangleprefix.xml b/docs/docbook/smbdotconf/filename/mangleprefix.xml
new file mode 100644
index 0000000000..5476ed1f08
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/mangleprefix.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="mangling prefix"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para> controls the number of prefix
+ characters from the original name used when generating
+ the mangled names. A larger value will give a weaker
+ hash and therefore more name collisions. The minimum
+ value is 1 and the maximum value is 6.</para>
+
+ <para>Default: <command moreinfo="none">mangle prefix = 1</command></para>
+
+ <para>Example: <command moreinfo="none">mangle prefix = 4</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/manglingchar.xml b/docs/docbook/smbdotconf/filename/manglingchar.xml
new file mode 100644
index 0000000000..57c4fa2acd
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/manglingchar.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="mangling char"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls what character is used as
+ the <emphasis>magic</emphasis> character in <link linkend="NAMEMANGLINGSECT">name mangling</link>. The
+ default is a '~' but this may interfere with some software. Use this option to set
+ it to whatever you prefer.</para>
+
+ <para>Default: <command moreinfo="none">mangling char = ~</command></para>
+
+ <para>Example: <command moreinfo="none">mangling char = ^</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/manglingmethod.xml b/docs/docbook/smbdotconf/filename/manglingmethod.xml
new file mode 100644
index 0000000000..74366483bd
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/manglingmethod.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="mangling method"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para> controls the algorithm used for the generating
+ the mangled names. Can take two different values, &quot;hash&quot; and
+ &quot;hash2&quot;. &quot;hash&quot; is the default and is the algorithm that has been
+ used in Samba for many years. &quot;hash2&quot; is a newer and considered
+ a better algorithm (generates less collisions) in the names.
+ However, many Win32 applications store the mangled names and so
+ changing to the new algorithm must not be done
+ lightly as these applications may break unless reinstalled.</para>
+
+ <para>Default: <command moreinfo="none">mangling method = hash2</command></para>
+
+ <para>Example: <command moreinfo="none">mangling method = hash</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/maparchive.xml b/docs/docbook/smbdotconf/filename/maparchive.xml
new file mode 100644
index 0000000000..b44088efe3
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/maparchive.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="map archive"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether the DOS archive attribute
+ should be mapped to the UNIX owner execute bit. The DOS archive bit
+ is set when a file has been modified since its last backup. One
+ motivation for this option it to keep Samba/your PC from making
+ any file it touches from becoming executable under UNIX. This can
+ be quite annoying for shared source code, documents, etc...</para>
+
+ <para>Note that this requires the <parameter moreinfo="none">create mask</parameter>
+ parameter to be set such that owner execute bit is not masked out
+ (i.e. it must include 100). See the parameter <link linkend="CREATEMASK">
+ <parameter moreinfo="none">create mask</parameter></link> for details.</para>
+
+ <para>Default: <command moreinfo="none">map archive = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/maphidden.xml b/docs/docbook/smbdotconf/filename/maphidden.xml
new file mode 100644
index 0000000000..4c1a932788
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/maphidden.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="map hidden"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether DOS style hidden files
+ should be mapped to the UNIX world execute bit.</para>
+
+ <para>Note that this requires the <parameter moreinfo="none">create mask</parameter>
+ to be set such that the world execute bit is not masked out (i.e.
+ it must include 001). See the parameter <link linkend="CREATEMASK">
+ <parameter moreinfo="none">create mask</parameter></link> for details.</para>
+
+ <para>Default: <command moreinfo="none">map hidden = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/mapsystem.xml b/docs/docbook/smbdotconf/filename/mapsystem.xml
new file mode 100644
index 0000000000..7fe50bb19f
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/mapsystem.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="map system"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether DOS style system files
+ should be mapped to the UNIX group execute bit.</para>
+
+ <para>Note that this requires the <parameter moreinfo="none">create mask</parameter>
+ to be set such that the group execute bit is not masked out (i.e.
+ it must include 010). See the parameter <link linkend="CREATEMASK">
+ <parameter moreinfo="none">create mask</parameter></link> for details.</para>
+
+ <para>Default: <command moreinfo="none">map system = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/preservecase.xml b/docs/docbook/smbdotconf/filename/preservecase.xml
new file mode 100644
index 0000000000..d8a4e2342d
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/preservecase.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="preserve case"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para> This controls if new filenames are created
+ with the case that the client passes, or if they are forced to
+ be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case
+ </parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">preserve case = yes</command></para>
+
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link> for a fuller discussion.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/shortpreservecase.xml b/docs/docbook/smbdotconf/filename/shortpreservecase.xml
new file mode 100644
index 0000000000..52c93e1370
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/shortpreservecase.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="short preserve case"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean parameter controls if new files
+ which conform to 8.3 syntax, that is all in upper case and of
+ suitable length, are created upper case, or if they are forced
+ to be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case
+ </parameter></link>. This option can be use with <link linkend="PRESERVECASE"><command moreinfo="none">preserve case = yes</command>
+ </link> to permit long filenames to retain their case, while short
+ names are lowered. </para>
+
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para>
+
+ <para>Default: <command moreinfo="none">short preserve case = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/statcache.xml b/docs/docbook/smbdotconf/filename/statcache.xml
new file mode 100644
index 0000000000..ee2a48732e
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/statcache.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="stat cache"
+ context="G"
+ developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter determines if <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will use a cache in order to
+ speed up case insensitive name mappings. You should never need
+ to change this parameter.</para>
+
+ <para>Default: <command moreinfo="none">stat cache = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/stripdot.xml b/docs/docbook/smbdotconf/filename/stripdot.xml
new file mode 100644
index 0000000000..afed63a12b
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/stripdot.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="strip dot"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a boolean that controls whether to
+ strip trailing dots off UNIX filenames. This helps with some
+ CDROMs that have filenames ending in a single dot.</para>
+
+ <para>Default: <command moreinfo="none">strip dot = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/vetooplockfiles.xml b/docs/docbook/smbdotconf/filename/vetooplockfiles.xml
new file mode 100644
index 0000000000..e7c683a518
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/vetooplockfiles.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="veto oplock files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter is only valid when the <link linkend="OPLOCKS">
+ <parameter moreinfo="none">oplocks</parameter></link>
+ parameter is turned on for a share. It allows the Samba administrator
+ to selectively turn off the granting of oplocks on selected files that
+ match a wildcarded list, similar to the wildcarded list used in the
+ <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link>
+ parameter.</para>
+
+ <para>Default: <emphasis>No files are vetoed for oplock grants</emphasis></para>
+
+ <para>You might want to do this on files that you know will
+ be heavily contended for by clients. A good example of this
+ is in the NetBench SMB benchmark program, which causes heavy
+ client contention for files ending in <filename moreinfo="none">.SEM</filename>.
+ To cause Samba not to grant oplocks on these files you would use
+ the line (either in the [global] section or in the section for
+ the particular NetBench share :</para>
+
+ <para>Example: <command moreinfo="none">veto oplock files = /*.SEM/</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapadmindn.xml b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml
new file mode 100644
index 0000000000..301c88df7b
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="ldap admin dn"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para> The <parameter moreinfo="none">ldap admin dn</parameter>
+ defines the Distinguished Name (DN) name used by Samba to
+ contact the ldap server when retreiving user account
+ information. The <parameter moreinfo="none">ldap admin
+ dn</parameter> is used in conjunction with the admin dn password
+ stored in the <filename moreinfo="none">private/secrets.tdb</filename> file.
+ See the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> man page for more
+ information on how to accmplish this.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml
new file mode 100644
index 0000000000..89a75e02fd
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="ldap delete dn"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para> This parameter specifies whether a delete
+ operation in the ldapsam deletes the complete entry or only the attributes
+ specific to Samba.
+ </para>
+
+ <para>Default: <emphasis>ldap delete dn = no</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapfilter.xml b/docs/docbook/smbdotconf/ldap/ldapfilter.xml
new file mode 100644
index 0000000000..1d0ab33d89
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapfilter.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="ldap filter"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the RFC 2254 compliant LDAP search filter.
+ The default is to match the login name with the <constant>uid</constant>
+ attribute for all entries matching the <constant>sambaAccount</constant>
+ objectclass. Note that this filter should only return one entry.
+ </para>
+
+ <para>Default: <command moreinfo="none">ldap filter = (&amp;(uid=%u)(objectclass=sambaAccount))</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml
new file mode 100644
index 0000000000..0ef6a04abf
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml
@@ -0,0 +1,10 @@
+<samba:parameter name="ldap machine suffix"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>It specifies where machines should be added to the ldap tree.</para>
+
+ <para>Default: <emphasis>none</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml
new file mode 100644
index 0000000000..8015b2fb2d
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml
@@ -0,0 +1,35 @@
+<samba:parameter name="ldap passwd sync"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option is used to define whether
+ or not Samba should sync the LDAP password with the NT
+ and LM hashes for normal accounts (NOT for
+ workstation, server or domain trusts) on a password
+ change via SAMBA.
+ </para>
+
+ <para>The <parameter moreinfo="none">ldap passwd
+ sync</parameter> can be set to one of three values: </para>
+
+ <itemizedlist>
+ <listitem>
+ <para><parameter moreinfo="none">Yes</parameter> = Try
+ to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">No</parameter> = Update NT and
+ LM passwords and update the pwdLastSet time.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">Only</parameter> = Only update
+ the LDAP password and let the LDAP server do the rest.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Default: <command moreinfo="none">ldap passwd sync = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapport.xml b/docs/docbook/smbdotconf/ldap/ldapport.xml
new file mode 100644
index 0000000000..c00c525db0
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapport.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="ldap port"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter is only available if Samba has been
+ configure to include the <command moreinfo="none">--with-ldapsam</command> option
+ at compile time.</para>
+
+ <para>This option is used to control the tcp port number used to contact
+ the <link linkend="LDAPSERVER"><parameter moreinfo="none">ldap server</parameter></link>.
+ The default is to use the stand LDAPS port 636.</para>
+
+ <para>See Also: <link linkend="LDAPSSL">ldap ssl</link></para>
+
+ <para>Default : <command moreinfo="none">ldap port = 636 ; if ldap ssl = on</command></para>
+
+ <para>Default : <command moreinfo="none">ldap port = 389 ; if ldap ssl = off</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapserver.xml b/docs/docbook/smbdotconf/ldap/ldapserver.xml
new file mode 100644
index 0000000000..e7a4c670ab
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapserver.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="ldap server"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter is only available if Samba has been
+ configure to include the <command moreinfo="none">--with-ldapsam</command>
+ option at compile time.</para>
+
+ <para>This parameter should contain the FQDN of the ldap directory
+ server which should be queried to locate user account information.
+ </para>
+
+ <para>Default : <command moreinfo="none">ldap server = localhost</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapssl.xml b/docs/docbook/smbdotconf/ldap/ldapssl.xml
new file mode 100644
index 0000000000..13bafdf3a7
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapssl.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="ldap ssl"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option is used to define whether or not Samba should
+ use SSL when connecting to the ldap server
+ This is <emphasis>NOT</emphasis> related to
+ Samba's previous SSL support which was enabled by specifying the
+ <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename>
+ script.</para>
+
+ <para>The <parameter moreinfo="none">ldap ssl</parameter> can be set to one of three values:</para>
+ <itemizedlist>
+ <listitem>
+ <para><parameter moreinfo="none">Off</parameter> = Never
+ use SSL when querying the directory.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">Start_tls</parameter> = Use
+ the LDAPv3 StartTLS extended operation (RFC2830) for
+ communicating with the directory server.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">On</parameter> = Use SSL
+ on the ldaps port when contacting the <parameter
+ moreinfo="none">ldap server</parameter>. Only available when the
+ backwards-compatiblity <command
+ moreinfo="none">--with-ldapsam</command> option is specified
+ to configure. See <link linkend="PASSDBBACKEND"><parameter
+ moreinfo="none">passdb backend</parameter></link></para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Default : <command moreinfo="none">ldap ssl = start_tls</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml
new file mode 100644
index 0000000000..609f171096
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="ldap suffix"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Specifies where user and machine accounts are added to the
+ tree. Can be overriden by <command moreinfo="none">ldap user
+ suffix</command> and <command moreinfo="none">ldap machine
+ suffix</command>. It also used as the base dn for all ldap
+ searches. </para>
+
+ <para>Default: <emphasis>none</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldaptrustids.xml b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml
new file mode 100644
index 0000000000..36bbcb2fb4
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="ldap trust ids"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+
+ <para>Normally, Samba validates each entry in the LDAP server
+ against getpwnam(). This allows LDAP to be used for Samba with
+ the unix system using NIS (for example) and also ensures that
+ Samba does not present accounts that do not otherwise exist.
+ </para>
+
+ <para>This option is used to disable this functionality, and
+ instead to rely on the presence of the appropriate attributes
+ in LDAP directly, which can result in a significant performance
+ boost in some situations. Setting this option to yes effectivly
+ assumes that the local machine is running <command
+ moreinfo="none">nss_ldap</command> against the same LDAP
+ server.</para>
+
+ <para>Default: <command moreinfo="none">ldap trust ids = No</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml
new file mode 100644
index 0000000000..731fba3420
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml
@@ -0,0 +1,10 @@
+<samba:parameter name="ldap user suffix"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>It specifies where users are added to the tree.</para>
+
+ <para>Default: <emphasis>none</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/blockinglocks.xml b/docs/docbook/smbdotconf/locking/blockinglocks.xml
new file mode 100644
index 0000000000..f11d92f4f5
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/blockinglocks.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="blocking locks"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter controls the behavior
+ of <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when given a request by a client
+ to obtain a byte range lock on a region of an open file, and the
+ request has a time limit associated with it.</para>
+
+ <para>If this parameter is set and the lock range requested
+ cannot be immediately satisfied, samba will internally
+ queue the lock request, and periodically attempt to obtain
+ the lock until the timeout period expires.</para>
+
+ <para>If this parameter is set to <constant>no</constant>, then
+ samba will behave as previous versions of Samba would and
+ will fail the lock request immediately if the lock range
+ cannot be obtained.</para>
+
+ <para>Default: <command moreinfo="none">blocking locks = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/cscpolicy.xml b/docs/docbook/smbdotconf/locking/cscpolicy.xml
new file mode 100644
index 0000000000..7567ed9286
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/cscpolicy.xml
@@ -0,0 +1,20 @@
+<samba:parameter name="csc policy"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This stands for <emphasis>client-side caching
+ policy</emphasis>, and specifies how clients capable of offline
+ caching will cache the files in the share. The valid values
+ are: manual, documents, programs, disable.</para>
+
+ <para>These values correspond to those used on Windows servers.</para>
+
+ <para>For example, shares containing roaming profiles can have
+ offline caching disabled using <command
+ moreinfo="none">csc policy = disable</command>.</para>
+
+ <para>Default: <command moreinfo="none">csc policy = manual</command></para>
+
+ <para>Example: <command moreinfo="none">csc policy = programs</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/fakeoplocks.xml b/docs/docbook/smbdotconf/locking/fakeoplocks.xml
new file mode 100644
index 0000000000..b7deac68ba
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/fakeoplocks.xml
@@ -0,0 +1,31 @@
+<samba:parameter name="fake oplocks"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Oplocks are the way that SMB clients get permission
+ from a server to locally cache file operations. If a server grants
+ an oplock (opportunistic lock) then the client is free to assume
+ that it is the only one accessing the file and it will aggressively
+ cache file data. With some oplock types the client may even cache
+ file open/close operations. This can give enormous performance benefits.
+ </para>
+
+ <para>When you set <command moreinfo="none">fake oplocks = yes</command>, <citerefentry>
+ <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry> will
+ always grant oplock requests no matter how many clients are using the file.</para>
+
+ <para>It is generally much better to use the real <link linkend="OPLOCKS">
+ <parameter moreinfo="none">oplocks</parameter></link> support rather
+ than this parameter.</para>
+
+ <para>If you enable this option on all read-only shares or
+ shares that you know will only be accessed from one client at a
+ time such as physically read-only media like CDROMs, you will see
+ a big performance improvement on many operations. If you enable
+ this option on shares where multiple clients may be accessing the
+ files read-write at the same time you can get data corruption. Use
+ this option carefully!</para>
+
+ <para>Default: <command moreinfo="none">fake oplocks = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/kerneloplocks.xml b/docs/docbook/smbdotconf/locking/kerneloplocks.xml
new file mode 100644
index 0000000000..f155fddc8f
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/kerneloplocks.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="kernel oplocks"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>For UNIXes that support kernel based <link linkend="OPLOCKS">
+ <parameter moreinfo="none">oplocks</parameter></link>
+ (currently only IRIX and the Linux 2.4 kernel), this parameter
+ allows the use of them to be turned on or off.</para>
+
+ <para>Kernel oplocks support allows Samba <parameter moreinfo="none">oplocks
+ </parameter> to be broken whenever a local UNIX process or NFS operation
+ accesses a file that <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> has oplocked. This allows complete
+ data consistency between SMB/CIFS, NFS and local file access (and is
+ a <emphasis>very</emphasis> cool feature :-).</para>
+
+ <para>This parameter defaults to <constant>on</constant>, but is translated
+ to a no-op on systems that no not have the necessary kernel support.
+ You should never need to touch this parameter.</para>
+
+ <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter>
+ </link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none">level2 oplocks
+ </parameter></link> parameters.</para>
+
+ <para>Default: <command moreinfo="none">kernel oplocks = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/level2oplocks.xml b/docs/docbook/smbdotconf/locking/level2oplocks.xml
new file mode 100644
index 0000000000..c2c090b1a8
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/level2oplocks.xml
@@ -0,0 +1,41 @@
+<samba:parameter name="level2 oplocks"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter controls whether Samba supports
+ level2 (read-only) oplocks on a share.</para>
+
+ <para>Level2, or read-only oplocks allow Windows NT clients
+ that have an oplock on a file to downgrade from a read-write oplock
+ to a read-only oplock once a second client opens the file (instead
+ of releasing all oplocks on a second open, as in traditional,
+ exclusive oplocks). This allows all openers of the file that
+ support level2 oplocks to cache the file for read-ahead only (ie.
+ they may not cache writes or lock requests) and increases performance
+ for many accesses of files that are not commonly written (such as
+ application .EXE files).</para>
+
+ <para>Once one of the clients which have a read-only oplock
+ writes to the file all clients are notified (no reply is needed
+ or waited for) and told to break their oplocks to &quot;none&quot; and
+ delete any read-ahead caches.</para>
+
+ <para>It is recommended that this parameter be turned on to
+ speed access to shared executables.</para>
+
+ <para>For more discussions on level2 oplocks see the CIFS spec.</para>
+
+ <para>Currently, if <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel
+ oplocks</parameter></link> are supported then level2 oplocks are
+ not granted (even if this parameter is set to <constant>yes</constant>).
+ Note also, the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter>
+ </link> parameter must be set to <constant>yes</constant> on this share in order for
+ this parameter to have any effect.</para>
+
+ <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter>
+ </link> and <link linkend="OPLOCKS"><parameter moreinfo="none">kernel oplocks</parameter>
+ </link> parameters.</para>
+
+ <para>Default: <command moreinfo="none">level2 oplocks = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/locking.xml b/docs/docbook/smbdotconf/locking/locking.xml
new file mode 100644
index 0000000000..8526224316
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/locking.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="locking"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether or not locking will be
+ performed by the server in response to lock requests from the
+ client.</para>
+
+ <para>If <command moreinfo="none">locking = no</command>, all lock and unlock
+ requests will appear to succeed and all lock queries will report
+ that the file in question is available for locking.</para>
+
+ <para>If <command moreinfo="none">locking = yes</command>, real locking will be performed
+ by the server.</para>
+
+ <para>This option <emphasis>may</emphasis> be useful for read-only
+ filesystems which <emphasis>may</emphasis> not need locking (such as
+ CDROM drives), although setting this parameter of <constant>no</constant>
+ is not really recommended even in this case.</para>
+
+ <para>Be careful about disabling locking either globally or in a
+ specific service, as lack of locking may result in data corruption.
+ You should never need to set this parameter.</para>
+
+ <para>Default: <command moreinfo="none">locking = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/lockspincount.xml b/docs/docbook/smbdotconf/locking/lockspincount.xml
new file mode 100644
index 0000000000..d308f5d845
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/lockspincount.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="lock spin count"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter controls the number of times
+ that smbd should attempt to gain a byte range lock on the
+ behalf of a client request. Experiments have shown that
+ Windows 2k servers do not reply with a failure if the lock
+ could not be immediately granted, but try a few more times
+ in case the lock could later be aquired. This behavior
+ is used to support PC database formats such as MS Access
+ and FoxPro.
+ </para>
+
+ <para>Default: <command moreinfo="none">lock spin count = 2</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/lockspintime.xml b/docs/docbook/smbdotconf/locking/lockspintime.xml
new file mode 100644
index 0000000000..460b2827b4
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/lockspintime.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="lock spin time"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The time in microseconds that smbd should
+ pause before attempting to gain a failed lock. See
+ <link linkend="LOCKSPINCOUNT"><parameter moreinfo="none">lock spin
+ count</parameter></link> for more details.</para>
+
+ <para>Default: <command moreinfo="none">lock spin time = 10</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml b/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml
new file mode 100644
index 0000000000..0dc130eab3
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="oplock break wait time"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a tuning parameter added due to bugs in
+ both Windows 9x and WinNT. If Samba responds to a client too
+ quickly when that client issues an SMB that can cause an oplock
+ break request, then the network client can fail and not respond
+ to the break request. This tuning parameter (which is set in milliseconds)
+ is the amount of time Samba will wait before sending an oplock break
+ request to such (broken) clients.</para>
+
+ <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND
+ UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para>
+
+ <para>Default: <command moreinfo="none">oplock break wait time = 0</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml b/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml
new file mode 100644
index 0000000000..1b24e5cdec
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="oplock contention limit"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a <emphasis>very</emphasis> advanced
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> tuning option to
+ improve the efficiency of the granting of oplocks under multiple
+ client contention for the same file.</para>
+
+ <para>In brief it specifies a number, which causes <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>not to grant an oplock even when requested
+ if the approximate number of clients contending for an oplock on the same file goes over this
+ limit. This causes <command moreinfo="none">smbd</command> to behave in a similar
+ way to Windows NT.</para>
+
+ <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ
+ AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para>
+
+ <para>Default: <command moreinfo="none">oplock contention limit = 2</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/oplocks.xml b/docs/docbook/smbdotconf/locking/oplocks.xml
new file mode 100644
index 0000000000..0ba53ba765
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/oplocks.xml
@@ -0,0 +1,29 @@
+<samba:parameter name="oplocks"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean option tells <command moreinfo="none">smbd</command> whether to
+ issue oplocks (opportunistic locks) to file open requests on this
+ share. The oplock code can dramatically (approx. 30% or more) improve
+ the speed of access to files on Samba servers. It allows the clients
+ to aggressively cache files locally and you may want to disable this
+ option for unreliable network environments (it is turned on by
+ default in Windows NT Servers). For more information see the file
+ <filename moreinfo="none">Speed.txt</filename> in the Samba <filename moreinfo="none">docs/</filename>
+ directory.</para>
+
+ <para>Oplocks may be selectively turned off on certain files with a
+ share. See the <link linkend="VETOOPLOCKFILES"><parameter moreinfo="none">
+ veto oplock files</parameter></link> parameter. On some systems
+ oplocks are recognized by the underlying operating system. This
+ allows data synchronization between all access to oplocked files,
+ whether it be via Samba or NFS or a local UNIX process. See the
+ <parameter moreinfo="none">kernel oplocks</parameter> parameter for details.</para>
+
+ <para>See also the <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel
+ oplocks</parameter></link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none">
+ level2 oplocks</parameter></link> parameters.</para>
+
+ <para>Default: <command moreinfo="none">oplocks = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/posixlocking.xml b/docs/docbook/smbdotconf/locking/posixlocking.xml
new file mode 100644
index 0000000000..c81bdcff38
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/posixlocking.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="posix locking"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>
+ daemon maintains an database of file locks obtained by SMB clients.
+ The default behavior is to map this internal database to POSIX
+ locks. This means that file locks obtained by SMB clients are
+ consistent with those seen by POSIX compliant applications accessing
+ the files via a non-SMB method (e.g. NFS or local file access).
+ You should never need to disable this parameter.</para>
+
+ <para>Default: <command moreinfo="none">posix locking = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/sharemodes.xml b/docs/docbook/smbdotconf/locking/sharemodes.xml
new file mode 100644
index 0000000000..529ec44106
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/sharemodes.xml
@@ -0,0 +1,28 @@
+<samba:parameter name="share modes"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This enables or disables the honoring of
+ the <parameter moreinfo="none">share modes</parameter> during a file open. These
+ modes are used by clients to gain exclusive read or write access
+ to a file.</para>
+
+ <para>These open modes are not directly supported by UNIX, so
+ they are simulated using shared memory, or lock files if your
+ UNIX doesn't support shared memory (almost all do).</para>
+
+ <para>The share modes that are enabled by this option are
+ <constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>,
+ <constant>DENY_READ</constant>, <constant>DENY_WRITE</constant>,
+ <constant>DENY_NONE</constant> and <constant>DENY_FCB</constant>.
+ </para>
+
+ <para>This option gives full share compatibility and enabled
+ by default.</para>
+
+ <para>You should <emphasis>NEVER</emphasis> turn this parameter
+ off as many Windows applications will break if you do so.</para>
+
+ <para>Default: <command moreinfo="none">share modes = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/strictlocking.xml b/docs/docbook/smbdotconf/locking/strictlocking.xml
new file mode 100644
index 0000000000..34c1c7fe5e
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/strictlocking.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="strict locking"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a boolean that controls the handling of
+ file locking in the server. When this is set to <constant>yes</constant>
+ the server will check every read and write access for file locks, and
+ deny access if locks exist. This can be slow on some systems.</para>
+
+ <para>When strict locking is <constant>no</constant> the server does file
+ lock checks only when the client explicitly asks for them.</para>
+
+ <para>Well-behaved clients always ask for lock checks when it
+ is important, so in the vast majority of cases <command moreinfo="none">strict
+ locking = no</command> is preferable.</para>
+
+ <para>Default: <command moreinfo="none">strict locking = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/abortshutdownscript.xml b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml
new file mode 100644
index 0000000000..e9a7dba792
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="abort shutdown script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis>
+ This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> that
+ should stop a shutdown procedure issued by the <link linkend="SHUTDOWNSCRIPT">
+ <parameter moreinfo="none">shutdown script</parameter></link>.</para>
+
+ <para>This command will be run as user.</para>
+
+ <para>Default: <emphasis>None</emphasis>.</para>
+
+ <para>Example: <command moreinfo="none">abort shutdown script = /sbin/shutdown -c</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/addgroupscript.xml b/docs/docbook/smbdotconf/logon/addgroupscript.xml
new file mode 100644
index 0000000000..25906d0889
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/addgroupscript.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="add group script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is the full pathname to a script that will be run
+ <emphasis>AS ROOT</emphasis> by <citerefentry>
+ <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ when a new group is requested. It will expand any <parameter
+ moreinfo="none">%g</parameter> to the group name passed. This
+ script is only useful for installations using the Windows NT
+ domain administration tools. The script is free to create a
+ group with an arbitrary name to circumvent unix group name
+ restrictions. In that case the script must print the numeric gid
+ of the created group on stdout.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/addmachinescript.xml b/docs/docbook/smbdotconf/logon/addmachinescript.xml
new file mode 100644
index 0000000000..7aef54d8b0
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/addmachinescript.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="add machine script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is the full pathname to a script that will be run by
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when a machine is added
+ to it's domain using the administrator username and password
+ method. </para>
+
+ <para>This option is only required when using sam back-ends tied
+ to the Unix uid method of RID calculation such as smbpasswd.
+ This option is only available in Samba 3.0.</para>
+
+ <para>Default: <command moreinfo="none">add machine script = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">add machine script = /usr/sbin/adduser -n -g
+ machines -c Machine -d /dev/null -s /bin/false %u</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/adduserscript.xml b/docs/docbook/smbdotconf/logon/adduserscript.xml
new file mode 100644
index 0000000000..34d3e7ea58
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/adduserscript.xml
@@ -0,0 +1,50 @@
+<samba:parameter name="add user script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is the full pathname to a script that will
+ be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para>
+
+ <para>Normally, a Samba server requires that UNIX users are
+ created for all users accessing files on this server. For sites
+ that use Windows NT account databases as their primary user database
+ creating these users and keeping the user list in sync with the
+ Windows NT PDC is an onerous task. This option allows <ulink url="smbd.8.html">smbd</ulink> to create the required UNIX users
+ <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para>
+
+ <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter moreinfo="none">security = share</parameter>
+ and <parameter moreinfo="none">add user script</parameter>
+ must be set to a full pathname for a script that will create a UNIX
+ user given one argument of <parameter moreinfo="none">%u</parameter>, which expands into
+ the UNIX user name to create.</para>
+
+ <para>When the Windows user attempts to access the Samba server,
+ at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> contacts the <parameter moreinfo="none">password server</parameter> and
+ attempts to authenticate the given user with the given password. If the
+ authentication succeeds then <command moreinfo="none">smbd</command>
+ attempts to find a UNIX user in the UNIX password database to map the
+ Windows user into. If this lookup fails, and <parameter moreinfo="none">add user script
+ </parameter> is set then <command moreinfo="none">smbd</command> will
+ call the specified script <emphasis>AS ROOT</emphasis>, expanding
+ any <parameter moreinfo="none">%u</parameter> argument to be the user name to create.</para>
+
+ <para>If this script successfully creates the user then <command moreinfo="none">smbd
+ </command> will continue on as though the UNIX user
+ already existed. In this way, UNIX users are dynamically created to
+ match existing Windows NT accounts.</para>
+
+ <para>See also <link linkend="SECURITY"><parameter moreinfo="none">
+ security</parameter></link>, <link linkend="PASSWORDSERVER">
+ <parameter moreinfo="none">password server</parameter></link>,
+ <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user
+ script</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">add user script = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">add user script = /usr/local/samba/bin/add_user %u</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/addusertogroupscript.xml b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml
new file mode 100644
index 0000000000..ed17b9c0d9
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="add user to group script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Full path to the script that will be called when
+ a user is added to a group using the Windows NT domain administration
+ tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>.
+ Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and
+ any <parameter moreinfo="none">%u</parameter> will be replaced with the user name.
+ </para>
+
+ <para>Default: <command moreinfo="none">add user to group script = </command></para>
+
+ <para>Example: <command moreinfo="none">add user to group script = /usr/sbin/adduser %u %g</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/deletegroupscript.xml b/docs/docbook/smbdotconf/logon/deletegroupscript.xml
new file mode 100644
index 0000000000..2e78c6ae7d
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/deletegroupscript.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="delete group script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is the full pathname to a script that will
+ be run <emphasis>AS ROOT</emphasis> <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when a group is requested to be deleted.
+ It will expand any <parameter moreinfo="none">%g</parameter> to the group name passed.
+ This script is only useful for installations using the Windows NT domain administration tools.
+ </para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml
new file mode 100644
index 0000000000..76594c75d8
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="delete user from group script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Full path to the script that will be called when
+ a user is removed from a group using the Windows NT domain administration
+ tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>.
+ Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and
+ any <parameter moreinfo="none">%u</parameter> will be replaced with the user name.
+ </para>
+
+ <para>Default: <command moreinfo="none">delete user from group script = </command></para>
+
+ <para>Example: <command moreinfo="none">delete user from group script = /usr/sbin/deluser %u %g</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/deleteuserscript.xml b/docs/docbook/smbdotconf/logon/deleteuserscript.xml
new file mode 100644
index 0000000000..233844555b
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/deleteuserscript.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="delete user script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is the full pathname to a script that will
+ be run by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when managing users
+ with remote RPC (NT) tools.
+ </para>
+
+ <para>This script is called when a remote client removes a user
+ from the server, normally using 'User Manager for Domains' or
+ <command moreinfo="none">rpcclient</command>.</para>
+
+ <para>This script should delete the given UNIX username.</para>
+
+ <para>Default: <command moreinfo="none">delete user script = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">delete user script = /usr/local/samba/bin/del_user %u</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/domainlogons.xml b/docs/docbook/smbdotconf/logon/domainlogons.xml
new file mode 100644
index 0000000000..e45621e553
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/domainlogons.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="domain logons"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>If set to <constant>yes</constant>, the Samba server will serve
+ Windows 95/98 Domain logons for the <link linkend="WORKGROUP">
+ <parameter moreinfo="none">workgroup</parameter></link> it is in. Samba 2.2
+ has limited capability to act as a domain controller for Windows
+ NT 4 Domains. For more details on setting up this feature see
+ the Samba-PDC-HOWTO included in the Samba documentation.</para>
+
+ <para>Default: <command moreinfo="none">domain logons = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/logondrive.xml b/docs/docbook/smbdotconf/logon/logondrive.xml
new file mode 100644
index 0000000000..8c6be709bf
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/logondrive.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="logon drive"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the local path to
+ which the home directory will be connected (see <link linkend="LOGONHOME">
+ <parameter moreinfo="none">logon home</parameter></link>)
+ and is only used by NT Workstations. </para>
+
+ <para>Note that this option is only useful if Samba is set up as a
+ logon server.</para>
+
+ <para>Default: <command moreinfo="none">logon drive = z:</command></para>
+
+ <para>Example: <command moreinfo="none">logon drive = h:</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/logonhome.xml b/docs/docbook/smbdotconf/logon/logonhome.xml
new file mode 100644
index 0000000000..05c69524c2
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/logonhome.xml
@@ -0,0 +1,45 @@
+<samba:parameter name="logon home"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the home directory
+ location when a Win95/98 or NT Workstation logs into a Samba PDC.
+ It allows you to do </para>
+
+ <para><prompt moreinfo="none">C:\&gt;</prompt>
+ <userinput moreinfo="none">NET USE H: /HOME</userinput>
+ </para>
+
+ <para>from a command prompt, for example.</para>
+
+ <para>This option takes the standard substitutions, allowing
+ you to have separate logon scripts for each user or machine.</para>
+
+ <para>This parameter can be used with Win9X workstations to ensure
+ that roaming profiles are stored in a subdirectory of the user's
+ home directory. This is done in the following way:</para>
+
+ <para><command moreinfo="none">logon home = \\%N\%U\profile</command></para>
+
+ <para>This tells Samba to return the above string, with
+ substitutions made when a client requests the info, generally
+ in a NetUserGetInfo request. Win9X clients truncate the info to
+ \\server\share when a user does <command moreinfo="none">net use /home</command>
+ but use the whole string when dealing with profiles.</para>
+
+ <para>Note that in prior versions of Samba, the <link linkend="LOGONPATH">
+ <parameter moreinfo="none">logon path</parameter></link> was returned rather than
+ <parameter moreinfo="none">logon home</parameter>. This broke <command
+ moreinfo="none">net use /home</command> but allowed profiles outside the home directory.
+ The current implementation is correct, and can be used for profiles if you use
+ the above trick.</para>
+
+ <para>This option is only useful if Samba is set up as a logon
+ server.</para>
+
+ <para>Default: <command moreinfo="none">logon home = &quot;\\%N\%U&quot;</command></para>
+
+ <para>Example: <command moreinfo="none">logon home = &quot;\\remote_smb_server\%U&quot;</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/logonpath.xml b/docs/docbook/smbdotconf/logon/logonpath.xml
new file mode 100644
index 0000000000..9abcf0d702
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/logonpath.xml
@@ -0,0 +1,49 @@
+<samba:parameter name="logon path"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the home directory
+ where roaming profiles (NTuser.dat etc files for Windows NT) are
+ stored. Contrary to previous versions of these manual pages, it has
+ nothing to do with Win 9X roaming profiles. To find out how to
+ handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME">
+ <parameter moreinfo="none">logon home</parameter></link> parameter.</para>
+
+ <para>This option takes the standard substitutions, allowing you
+ to have separate logon scripts for each user or machine. It also
+ specifies the directory from which the &quot;Application Data&quot;,
+ (<filename moreinfo="none">desktop</filename>, <filename moreinfo="none">start menu</filename>,
+ <filename moreinfo="none">network neighborhood</filename>, <filename moreinfo="none">programs</filename>
+ and other folders, and their contents, are loaded and displayed on
+ your Windows NT client.</para>
+
+ <para>The share and the path must be readable by the user for
+ the preferences and directories to be loaded onto the Windows NT
+ client. The share must be writeable when the user logs in for the first
+ time, in order that the Windows NT client can create the NTuser.dat
+ and other directories.</para>
+
+ <para>Thereafter, the directories and any of the contents can,
+ if required, be made read-only. It is not advisable that the
+ NTuser.dat file be made read-only - rename it to NTuser.man to
+ achieve the desired effect (a <emphasis>MAN</emphasis>datory
+ profile). </para>
+
+ <para>Windows clients can sometimes maintain a connection to
+ the [homes] share, even though there is no user logged in.
+ Therefore, it is vital that the logon path does not include a
+ reference to the homes share (i.e. setting this parameter to
+ \%N\%U\profile_path will cause problems).</para>
+
+ <para>This option takes the standard substitutions, allowing
+ you to have separate logon scripts for each user or machine.</para>
+
+ <para>Note that this option is only useful if Samba is set up
+ as a logon server.</para>
+
+ <para>Default: <command moreinfo="none">logon path = \\%N\%U\profile</command></para>
+
+ <para>Example: <command moreinfo="none">logon path = \\PROFILESERVER\PROFILE\%U</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/logonscript.xml b/docs/docbook/smbdotconf/logon/logonscript.xml
new file mode 100644
index 0000000000..65b6253c0c
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/logonscript.xml
@@ -0,0 +1,44 @@
+<samba:parameter name="logon script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the batch file (.bat) or
+ NT command file (.cmd) to be downloaded and run on a machine when
+ a user successfully logs in. The file must contain the DOS
+ style CR/LF line endings. Using a DOS-style editor to create the
+ file is recommended.</para>
+
+ <para>The script must be a relative path to the [netlogon]
+ service. If the [netlogon] service specifies a <link linkend="PATH">
+ <parameter moreinfo="none">path</parameter></link> of <filename
+ moreinfo="none">/usr/local/samba/netlogon</filename>, and <command
+ moreinfo="none">logon script = STARTUP.BAT</command>, then
+ the file that will be downloaded is:</para>
+
+ <para><filename moreinfo="none">/usr/local/samba/netlogon/STARTUP.BAT</filename></para>
+
+ <para>The contents of the batch file are entirely your choice. A
+ suggested command would be to add <command moreinfo="none">NET TIME \\SERVER /SET
+ /YES</command>, to force every machine to synchronize clocks with
+ the same time server. Another use would be to add <command moreinfo="none">NET USE
+ U: \\SERVER\UTILS</command> for commonly used utilities, or <command moreinfo="none">
+ NET USE Q: \\SERVER\ISO9001_QA</command> for example.</para>
+
+ <para>Note that it is particularly important not to allow write
+ access to the [netlogon] share, or to grant users write permission
+ on the batch files in a secure environment, as this would allow
+ the batch files to be arbitrarily modified and security to be
+ breached.</para>
+
+ <para>This option takes the standard substitutions, allowing you
+ to have separate logon scripts for each user or machine.</para>
+
+ <para>This option is only useful if Samba is set up as a logon
+ server.</para>
+
+ <para>Default: <emphasis>no logon script defined</emphasis></para>
+
+ <para>Example: <command moreinfo="none">logon script = scripts\%U.bat</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml b/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml
new file mode 100644
index 0000000000..c19c307417
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="set primary group script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+
+ <para>Thanks to the Posix subsystem in NT a Windows User has a
+ primary group in addition to the auxiliary groups. This script
+ sets the primary group in the unix userdatase when an
+ administrator sets the primary group from the windows user
+ manager or when fetching a SAM with <command>net rpc
+ vampire</command>. <parameter>%u</parameter> will be replaced
+ with the user whose primary group is to be set.
+ <parameter>%g</parameter> will be replaced with the group to
+ set.</para>
+
+ <para>Default: <emphasis>No default value</emphasis></para>
+
+ <para>Example: <command>set primary group script = /usr/sbin/usermod -g '%g' '%u'</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/shutdownscript.xml b/docs/docbook/smbdotconf/logon/shutdownscript.xml
new file mode 100644
index 0000000000..0eaffea747
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/shutdownscript.xml
@@ -0,0 +1,59 @@
+<samba:parameter name="shutdown script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis>
+ This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> that should start a shutdown procedure.</para>
+
+ <para>This command will be run as the user connected to the server.</para>
+
+ <para>%m %t %r %f parameters are expanded:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><parameter moreinfo="none">%m</parameter> will be substituted with the
+ shutdown message sent to the server.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">%t</parameter> will be substituted with the
+ number of seconds to wait before effectively starting the
+ shutdown procedure.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">%r</parameter> will be substituted with the
+ switch <emphasis>-r</emphasis>. It means reboot after shutdown
+ for NT.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">%f</parameter> will be substituted with the
+ switch <emphasis>-f</emphasis>. It means force the shutdown
+ even if applications do not respond for NT.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Default: <emphasis>None</emphasis>.</para>
+
+ <para>Example: <command moreinfo="none">abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para>
+
+ <para>Shutdown script example:
+<programlisting format="linespecific">
+#!/bin/bash
+
+$time=0
+let &quot;time/60&quot;
+let &quot;time++&quot;
+
+/sbin/shutdown $3 $4 +$time $1 &amp;
+</programlisting>
+Shutdown does not return so we need to launch it in background.
+</para>
+
+ <para>See also <link linkend="ABORTSHUTDOWNSCRIPT">
+ <parameter moreinfo="none">abort shutdown script</parameter></link>.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/addprintercommand.xml b/docs/docbook/smbdotconf/printing/addprintercommand.xml
new file mode 100644
index 0000000000..63b3f567b1
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/addprintercommand.xml
@@ -0,0 +1,63 @@
+<samba:parameter name="addprinter command"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>With the introduction of MS-RPC based printing
+ support for Windows NT/2000 clients in Samba 2.2, The MS Add
+ Printer Wizard (APW) icon is now also available in the
+ &quot;Printers...&quot; folder displayed a share listing. The APW
+ allows for printers to be add remotely to a Samba or Windows
+ NT/2000 print server.</para>
+
+ <para>For a Samba host this means that the printer must be
+ physically added to the underlying printing system. The <parameter moreinfo="none">add
+ printer command</parameter> defines a script to be run which
+ will perform the necessary operations for adding the printer
+ to the print system and to add the appropriate service definition
+ to the <filename moreinfo="none">smb.conf</filename> file in order that it can be
+ shared by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>.</para>
+
+ <para>The <parameter moreinfo="none">addprinter command</parameter> is
+ automatically invoked with the following parameter (in
+ order):</para>
+
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">printer name</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">share name</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">port name</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">driver name</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">location</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">Windows 9x driver location</parameter></para></listitem>
+ </itemizedlist>
+
+ <para>All parameters are filled in from the PRINTER_INFO_2 structure sent
+ by the Windows NT/2000 client with one exception. The &quot;Windows 9x
+ driver location&quot; parameter is included for backwards compatibility
+ only. The remaining fields in the structure are generated from answers
+ to the APW questions.</para>
+
+ <para>Once the <parameter moreinfo="none">addprinter command</parameter> has
+ been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none">
+ smb.conf</filename> to determine if the share defined by the APW
+ exists. If the sharename is still invalid, then <command moreinfo="none">smbd
+ </command> will return an ACCESS_DENIED error to the client.</para>
+
+ <para>
+ The &quot;add printer command&quot; program can output a single line of text,
+ which Samba will set as the port the new printer is connected to.
+ If this line isn't output, Samba won't reload its printer shares.
+ </para>
+
+ <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter moreinfo="none">
+ deleteprinter command</parameter></link>, <link linkend="PRINTING">
+ <parameter moreinfo="none">printing</parameter></link>,
+ <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add
+ printer wizard</parameter></link></para>
+
+ <para>Default: <emphasis>none</emphasis></para>
+
+ <para>Example: <command moreinfo="none">addprinter command = /usr/bin/addprinter</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/defaultdevmode.xml b/docs/docbook/smbdotconf/printing/defaultdevmode.xml
new file mode 100644
index 0000000000..1f14b21f5f
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/defaultdevmode.xml
@@ -0,0 +1,37 @@
+<samba:parameter name="default devmode"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter is only applicable to <link linkend="PRINTOK">printable</link> services.
+ When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
+ server has a Device Mode which defines things such as paper size and
+ orientation and duplex settings. The device mode can only correctly be
+ generated by the printer driver itself (which can only be executed on a
+ Win32 platform). Because smbd is unable to execute the driver code
+ to generate the device mode, the default behavior is to set this field
+ to NULL.
+ </para>
+
+ <para>Most problems with serving printer drivers to Windows NT/2k/XP clients
+ can be traced to a problem with the generated device mode. Certain drivers
+ will do things such as crashing the client's Explorer.exe with a NULL devmode.
+ However, other printer drivers can cause the client's spooler service
+ (spoolsv.exe) to die if the devmode was not created by the driver itself
+ (i.e. smbd generates a default devmode).
+ </para>
+
+ <para>This parameter should be used with care and tested with the printer
+ driver in question. It is better to leave the device mode to NULL
+ and let the Windows client set the correct values. Because drivers do not
+ do this all the time, setting <command moreinfo="none">default devmode = yes</command>
+ will instruct smbd to generate a default one.
+ </para>
+
+ <para>For more information on Windows NT/2k printing and Device Modes,
+ see the <ulink url="http://msdn.microsoft.com/">MSDN documentation</ulink>.
+ </para>
+
+ <para>Default: <command moreinfo="none">default devmode = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/deleteprintercommand.xml b/docs/docbook/smbdotconf/printing/deleteprintercommand.xml
new file mode 100644
index 0000000000..864f75168d
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/deleteprintercommand.xml
@@ -0,0 +1,38 @@
+<samba:parameter name="deleteprinter command"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>With the introduction of MS-RPC based printer
+ support for Windows NT/2000 clients in Samba 2.2, it is now
+ possible to delete printer at run time by issuing the
+ DeletePrinter() RPC call.</para>
+
+ <para>For a Samba host this means that the printer must be
+ physically deleted from underlying printing system. The <parameter moreinfo="none">
+ deleteprinter command</parameter> defines a script to be run which
+ will perform the necessary operations for removing the printer
+ from the print system and from <filename moreinfo="none">smb.conf</filename>.
+ </para>
+
+ <para>The <parameter moreinfo="none">deleteprinter command</parameter> is
+ automatically called with only one parameter: <parameter moreinfo="none">
+ &quot;printer name&quot;</parameter>.</para>
+
+ <para>Once the <parameter moreinfo="none">deleteprinter command</parameter> has
+ been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none">
+ smb.conf</filename> to associated printer no longer exists.
+ If the sharename is still valid, then <command moreinfo="none">smbd
+ </command> will return an ACCESS_DENIED error to the client.</para>
+
+ <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">
+ addprinter command</parameter></link>, <link linkend="PRINTING">
+ <parameter moreinfo="none">printing</parameter></link>,
+ <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add
+ printer wizard</parameter></link></para>
+
+ <para>Default: <emphasis>none</emphasis></para>
+
+ <para>Example: <command moreinfo="none">deleteprinter command = /usr/bin/removeprinter</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/enumportscommand.xml b/docs/docbook/smbdotconf/printing/enumportscommand.xml
new file mode 100644
index 0000000000..7cdf0cc370
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/enumportscommand.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="enumports command"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The concept of a &quot;port&quot; is fairly foreign
+ to UNIX hosts. Under Windows NT/2000 print servers, a port
+ is associated with a port monitor and generally takes the form of
+ a local port (i.e. LPT1:, COM1:, FILE:) or a remote port
+ (i.e. LPD Port Monitor, etc...). By default, Samba has only one
+ port defined--<constant>&quot;Samba Printer Port&quot;</constant>. Under
+ Windows NT/2000, all printers must have a valid port name.
+ If you wish to have a list of ports displayed (<command moreinfo="none">smbd
+ </command> does not use a port name for anything) other than
+ the default <constant>&quot;Samba Printer Port&quot;</constant>, you
+ can define <parameter moreinfo="none">enumports command</parameter> to point to
+ a program which should generate a list of ports, one per line,
+ to standard output. This listing will then be used in response
+ to the level 1 and 2 EnumPorts() RPC.</para>
+
+ <para>Default: <emphasis>no enumports command</emphasis></para>
+
+ <para>Example: <command moreinfo="none">enumports command = /usr/bin/listports</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/lppausecommand.xml b/docs/docbook/smbdotconf/printing/lppausecommand.xml
new file mode 100644
index 0000000000..15c5aca990
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/lppausecommand.xml
@@ -0,0 +1,43 @@
+<samba:parameter name="lppause command"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the command to be
+ executed on the server host in order to stop printing or spooling
+ a specific print job.</para>
+
+ <para>This command should be a program or script which takes
+ a printer name and job number to pause the print job. One way
+ of implementing this is by using job priorities, where jobs
+ having a too low priority won't be sent to the printer.</para>
+
+ <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name
+ is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with
+ the job number (an integer). On HPUX (see <parameter moreinfo="none">printing=hpux
+ </parameter>), if the <parameter moreinfo="none">-p%p</parameter> option is added
+ to the lpq command, the job will show up with the correct status, i.e.
+ if the job priority is lower than the set fence priority it will
+ have the PAUSED status, whereas if the priority is equal or higher it
+ will have the SPOOLED or PRINTING status.</para>
+
+ <para>Note that it is good practice to include the absolute path
+ in the lppause command as the PATH may not be available to the server.</para>
+
+ <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing
+ </parameter></link> parameter.</para>
+
+ <para>Default: Currently no default value is given to
+ this string, unless the value of the <parameter moreinfo="none">printing</parameter>
+ parameter is <constant>SYSV</constant>, in which case the default is :</para>
+
+ <para><command moreinfo="none">lp -i %p-%j -H hold</command></para>
+
+ <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter
+ is <constant>SOFTQ</constant>, then the default is:</para>
+
+ <para><command moreinfo="none">qstat -s -j%j -h</command></para>
+
+ <para>Example for HPUX: <command moreinfo="none">lppause command = /usr/bin/lpalt %p-%j -p0</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/lpresumecommand.xml b/docs/docbook/smbdotconf/printing/lpresumecommand.xml
new file mode 100644
index 0000000000..ae3241bfa9
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/lpresumecommand.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="lpresume command"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the command to be
+ executed on the server host in order to restart or continue
+ printing or spooling a specific print job.</para>
+
+ <para>This command should be a program or script which takes
+ a printer name and job number to resume the print job. See
+ also the <link linkend="LPPAUSECOMMAND"><parameter moreinfo="none">lppause command
+ </parameter></link> parameter.</para>
+
+ <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name
+ is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with
+ the job number (an integer).</para>
+
+ <para>Note that it is good practice to include the absolute path
+ in the <parameter moreinfo="none">lpresume command</parameter> as the PATH may not
+ be available to the server.</para>
+
+ <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing
+ </parameter></link> parameter.</para>
+
+ <para>Default: Currently no default value is given
+ to this string, unless the value of the <parameter moreinfo="none">printing</parameter>
+ parameter is <constant>SYSV</constant>, in which case the default is :</para>
+
+ <para><command moreinfo="none">lp -i %p-%j -H resume</command></para>
+
+ <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter
+ is <constant>SOFTQ</constant>, then the default is:</para>
+
+ <para><command moreinfo="none">qstat -s -j%j -r</command></para>
+
+ <para>Example for HPUX: <command moreinfo="none">lpresume command = /usr/bin/lpalt %p-%j -p2</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/os2drivermap.xml b/docs/docbook/smbdotconf/printing/os2drivermap.xml
new file mode 100644
index 0000000000..478031c7b9
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/os2drivermap.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="os2 driver map"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The parameter is used to define the absolute
+ path to a file containing a mapping of Windows NT printer driver
+ names to OS/2 printer driver names. The format is:</para>
+
+ <para>&lt;nt driver name&gt; = &lt;os2 driver name&gt;.&lt;device name&gt;</para>
+
+ <para>For example, a valid entry using the HP LaserJet 5
+ printer driver would appear as <command moreinfo="none">HP LaserJet 5L = LASERJET.HP
+ LaserJet 5L</command>.</para>
+
+ <para>The need for the file is due to the printer driver namespace
+ problem described in the <ulink url="printing.html">Samba
+ Printing HOWTO</ulink>. For more details on OS/2 clients, please
+ refer to the OS2-Client-HOWTO containing in the Samba documentation.</para>
+
+ <para>Default: <command moreinfo="none">os2 driver map = &lt;empty string&gt;</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/printer.xml b/docs/docbook/smbdotconf/printing/printer.xml
new file mode 100644
index 0000000000..0a9611ee03
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/printer.xml
@@ -0,0 +1,9 @@
+<samba:parameter name="printer"
+ context="S"
+ hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Synonym for <link linkend="PRINTERNAME"><parameter moreinfo="none">
+ printer name</parameter></link>.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/printername.xml b/docs/docbook/smbdotconf/printing/printername.xml
new file mode 100644
index 0000000000..9f76a673ad
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/printername.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="printer name"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the name of the printer
+ to which print jobs spooled through a printable service will be sent.</para>
+
+ <para>If specified in the [global] section, the printer
+ name given will be used for any printable service that does
+ not have its own printer name specified.</para>
+
+ <para>Default: <emphasis>none (but may be <constant>lp</constant>
+ on many systems)</emphasis></para>
+
+ <para>Example: <command moreinfo="none">printer name = laserwriter</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/printing.xml b/docs/docbook/smbdotconf/printing/printing.xml
new file mode 100644
index 0000000000..633666eea7
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/printing.xml
@@ -0,0 +1,31 @@
+<samba:parameter name="printing"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameters controls how printer status information is
+ interpreted on your system. It also affects the default values for
+ the <parameter moreinfo="none">print command</parameter>, <parameter
+ moreinfo="none">lpq command</parameter>, <parameter
+ moreinfo="none">lppause command </parameter>, <parameter
+ moreinfo="none">lpresume command</parameter>, and <parameter
+ moreinfo="none">lprm command</parameter> if specified in the
+ [global] section.</para>
+
+ <para>Currently nine printing styles are supported. They are
+ <constant>BSD</constant>, <constant>AIX</constant>,
+ <constant>LPRNG</constant>, <constant>PLP</constant>,
+ <constant>SYSV</constant>, <constant>HPUX</constant>,
+ <constant>QNX</constant>, <constant>SOFTQ</constant>,
+ and <constant>CUPS</constant>.</para>
+
+ <para>To see what the defaults are for the other print
+ commands when using the various options use the <citerefentry><refentrytitle>testparm</refentrytitle>
+ <manvolnum>1</manvolnum></citerefentry> program.</para>
+
+ <para>This option can be set on a per printer basis</para>
+
+ <para>See also the discussion in the <link linkend="PRINTERSSECT">
+ [printers]</link> section.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/queuepausecommand.xml b/docs/docbook/smbdotconf/printing/queuepausecommand.xml
new file mode 100644
index 0000000000..13741a0e7f
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/queuepausecommand.xml
@@ -0,0 +1,29 @@
+<samba:parameter name="queuepause command"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the command to be
+ executed on the server host in order to pause the printer queue.</para>
+
+ <para>This command should be a program or script which takes
+ a printer name as its only parameter and stops the printer queue,
+ such that no longer jobs are submitted to the printer.</para>
+
+ <para>This command is not supported by Windows for Workgroups,
+ but can be issued from the Printers window under Windows 95
+ and NT.</para>
+
+ <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name
+ is put in its place. Otherwise it is placed at the end of the command.
+ </para>
+
+ <para>Note that it is good practice to include the absolute
+ path in the command as the PATH may not be available to the
+ server.</para>
+
+ <para>Default: <emphasis>depends on the setting of <parameter moreinfo="none">printing</parameter></emphasis></para>
+
+ <para>Example: <command moreinfo="none">queuepause command = disable %p</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/queueresumecommand.xml b/docs/docbook/smbdotconf/printing/queueresumecommand.xml
new file mode 100644
index 0000000000..23f6702192
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/queueresumecommand.xml
@@ -0,0 +1,33 @@
+<samba:parameter name="queueresume command"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the command to be
+ executed on the server host in order to resume the printer queue. It
+ is the command to undo the behavior that is caused by the
+ previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter moreinfo="none">
+ queuepause command</parameter></link>).</para>
+
+ <para>This command should be a program or script which takes
+ a printer name as its only parameter and resumes the printer queue,
+ such that queued jobs are resubmitted to the printer.</para>
+
+ <para>This command is not supported by Windows for Workgroups,
+ but can be issued from the Printers window under Windows 95
+ and NT.</para>
+
+ <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name
+ is put in its place. Otherwise it is placed at the end of the
+ command.</para>
+
+ <para>Note that it is good practice to include the absolute
+ path in the command as the PATH may not be available to the
+ server.</para>
+
+ <para>Default: <emphasis>depends on the setting of <link linkend="PRINTING">
+ <parameter moreinfo="none">printing</parameter></link></emphasis></para>
+
+ <para>Example: <command moreinfo="none">queuepause command = enable %p</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml b/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml
new file mode 100644
index 0000000000..5a0d5c8877
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml
@@ -0,0 +1,35 @@
+<samba:parameter name="show add printer wizard"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>With the introduction of MS-RPC based printing support
+ for Windows NT/2000 client in Samba 2.2, a &quot;Printers...&quot; folder will
+ appear on Samba hosts in the share listing. Normally this folder will
+ contain an icon for the MS Add Printer Wizard (APW). However, it is
+ possible to disable this feature regardless of the level of privilege
+ of the connected user.</para>
+
+ <para>Under normal circumstances, the Windows NT/2000 client will
+ open a handle on the printer server with OpenPrinterEx() asking for
+ Administrator privileges. If the user does not have administrative
+ access on the print server (i.e is not root or a member of the
+ <parameter moreinfo="none">printer admin</parameter> group), the OpenPrinterEx()
+ call fails and the client makes another open call with a request for
+ a lower privilege level. This should succeed, however the APW
+ icon will not be displayed.</para>
+
+ <para>Disabling the <parameter moreinfo="none">show add printer wizard</parameter>
+ parameter will always cause the OpenPrinterEx() on the server
+ to fail. Thus the APW icon will never be displayed. <emphasis>
+ Note :</emphasis>This does not prevent the same user from having
+ administrative privilege on an individual printer.</para>
+
+ <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">addprinter
+ command</parameter></link>, <link linkend="DELETEPRINTERCOMMAND">
+ <parameter moreinfo="none">deleteprinter command</parameter></link>, <link linkend="PRINTERADMIN">
+ <parameter moreinfo="none">printer admin</parameter></link></para>
+
+ <para>Default :<command moreinfo="none">show add printer wizard = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/security/encryptpasswords.xml b/docs/docbook/smbdotconf/security/encryptpasswords.xml
new file mode 100644
index 0000000000..20b9353648
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/encryptpasswords.xml
@@ -0,0 +1,24 @@
+<samba:parameter name="encrypt passwords"
+ context="G"
+ basic="1" advanced="1" wizard="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean controls whether encrypted passwords
+ will be negotiated with the client. Note that Windows NT 4.0 SP3 and
+ above and also Windows 98 will by default expect encrypted passwords
+ unless a registry entry is changed. To use encrypted passwords in
+ Samba see the chapter "User Database" in the Samba HOWTO Collection. </para>
+
+ <para>In order for encrypted passwords to work correctly
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> must either
+ have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> program for information on how to set up
+ and maintain this file), or set the <link linkend="SECURITY">security = [server|domain|ads]</link> parameter which
+ causes <command moreinfo="none">smbd</command> to authenticate against another
+ server.</para>
+
+ <para>Default: <command moreinfo="none">encrypt passwords = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml
new file mode 100644
index 0000000000..c843969e50
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml
@@ -0,0 +1,20 @@
+<samba:parameter name="host msdfs"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean parameter is only available
+ if Samba has been configured and compiled with the <command moreinfo="none">
+ --with-msdfs</command> option. If set to <constant>yes</constant>,
+ Samba will act as a Dfs server, and allow Dfs-aware clients
+ to browse Dfs trees hosted on the server.</para>
+
+ <para>See also the <link linkend="MSDFSROOT"><parameter moreinfo="none">
+ msdfs root</parameter></link> share level parameter. For
+ more information on setting up a Dfs tree on Samba,
+ refer to <ulink url="msdfs_setup.html">msdfs_setup.html</ulink>.
+ </para>
+
+ <para>Default: <command moreinfo="none">host msdfs = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/msdfsproxy.xml b/docs/docbook/smbdotconf/vfs/msdfsproxy.xml
new file mode 100644
index 0000000000..c16968fda7
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/msdfsproxy.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="msdfs proxy"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter indicates that the share is a
+ stand-in for another CIFS share whose location is specified by
+ the value of the parameter. When clients attempt to connect to
+ this share, they are redirected to the proxied share using
+ the SMB-Dfs protocol.</para>
+
+ <para>Only Dfs roots can act as proxy shares. Take a look at the
+ <link linkend="MSDFSROOT"><parameter moreinfo="none">msdfs root</parameter></link>
+ and <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link>
+ options to find out how to set up a Dfs root share.</para>
+
+ <para>Example: <command moreinfo="none">msdfs proxy = \\\\otherserver\\someshare</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/msdfsroot.xml b/docs/docbook/smbdotconf/vfs/msdfsroot.xml
new file mode 100644
index 0000000000..35142ff037
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/msdfsroot.xml
@@ -0,0 +1,20 @@
+<samba:parameter name="msdfs root"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean parameter is only available if
+ Samba is configured and compiled with the <command moreinfo="none">
+ --with-msdfs</command> option. If set to <constant>yes</constant>,
+ Samba treats the share as a Dfs root and allows clients to browse
+ the distributed file system tree rooted at the share directory.
+ Dfs links are specified in the share directory by symbolic
+ links of the form <filename moreinfo="none">msdfs:serverA\\shareA,serverB\\shareB</filename>
+ and so on. For more information on setting up a Dfs tree
+ on Samba, refer to <ulink url="msdfs.html">&quot;Hosting a Microsoft
+ Distributed File System tree on Samba&quot;</ulink> document.</para>
+
+ <para>See also <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link></para>
+
+ <para>Default: <command moreinfo="none">msdfs root = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/vfsobject.xml b/docs/docbook/smbdotconf/vfs/vfsobject.xml
new file mode 100644
index 0000000000..c68e8d0135
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/vfsobject.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="vfs object"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies a shared object files that
+ are used for Samba VFS I/O operations. By default, normal
+ disk I/O operations are used but these can be overloaded
+ with one or more VFS objects. </para>
+
+ <para>Default: <emphasis>no value</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/vfsoptions.xml b/docs/docbook/smbdotconf/vfs/vfsoptions.xml
new file mode 100644
index 0000000000..d07ec461e2
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/vfsoptions.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="vfs options"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter allows parameters to be passed
+ to the vfs layer at initialization time.
+ See also <link linkend="VFSOBJECT"><parameter moreinfo="none">
+ vfs object</parameter></link>.</para>
+
+ <para>Default: <emphasis>no value</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/vfspath.xml b/docs/docbook/smbdotconf/vfs/vfspath.xml
new file mode 100644
index 0000000000..c6718a0076
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/vfspath.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="vfs path"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the directory
+ to look in for vfs modules. The name of every <command moreinfo="none">vfs object
+ </command> will be prepended by this directory.</para>
+
+ <para>Default: <command moreinfo="none">vfs path = </command></para>
+
+ <para>Example: <command moreinfo="none">vfs path = /usr/lib/samba/vfs</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/templatehomedir.xml b/docs/docbook/smbdotconf/winbind/templatehomedir.xml
new file mode 100644
index 0000000000..6c19617bab
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/templatehomedir.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="template homedir"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>When filling out the user information for a Windows NT
+ user, the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon uses this
+ parameter to fill in the home directory for that user. If the
+ string <parameter moreinfo="none">%D</parameter> is present it
+ is substituted with the user's Windows NT domain name. If the
+ string <parameter moreinfo="none">%U</parameter> is present it
+ is substituted with the user's Windows NT user name.</para>
+
+ <para>Default: <command moreinfo="none">template homedir = /home/%D/%U</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/templateshell.xml b/docs/docbook/smbdotconf/winbind/templateshell.xml
new file mode 100644
index 0000000000..1104387331
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/templateshell.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="template shell"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>When filling out the user information for a Windows NT
+ user, the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon uses this
+ parameter to fill in the login shell for that user.</para>
+
+ <para>Default: <command moreinfo="none">template shell = /bin/false</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindcachetime.xml b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml
new file mode 100644
index 0000000000..3080adc7c8
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="winbind cache time"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the number of
+ seconds the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon will cache
+ user and group information before querying a Windows NT server
+ again.</para>
+
+ <para>Default: <command moreinfo="none">winbind cache type = 15</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml b/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml
new file mode 100644
index 0000000000..1cffca7492
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="winbind enum groups"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> it may be necessary to suppress
+ the enumeration of groups through the <command moreinfo="none">setgrent()</command>,
+ <command moreinfo="none">getgrent()</command> and
+ <command moreinfo="none">endgrent()</command> group of system calls. If
+ the <parameter moreinfo="none">winbind enum groups</parameter> parameter is
+ <constant>no</constant>, calls to the <command moreinfo="none">getgrent()</command> system
+ call will not return any data. </para>
+
+ <para><emphasis>Warning:</emphasis> Turning off group
+ enumeration may cause some programs to behave oddly.
+ </para>
+
+ <para>Default: <command moreinfo="none">winbind enum groups = yes </command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindenumusers.xml b/docs/docbook/smbdotconf/winbind/winbindenumusers.xml
new file mode 100644
index 0000000000..95f1e7ff4c
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindenumusers.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="winbind enum users"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> it may be
+ necessary to suppress the enumeration of users through the <command moreinfo="none">setpwent()</command>,
+ <command moreinfo="none">getpwent()</command> and
+ <command moreinfo="none">endpwent()</command> group of system calls. If
+ the <parameter moreinfo="none">winbind enum users</parameter> parameter is
+ <constant>no</constant>, calls to the <command moreinfo="none">getpwent</command> system call
+ will not return any data. </para>
+
+ <para><emphasis>Warning:</emphasis> Turning off user
+ enumeration may cause some programs to behave oddly. For
+ example, the finger program relies on having access to the
+ full user list when searching for matching
+ usernames. </para>
+
+ <para>Default: <command moreinfo="none">winbind enum users = yes </command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindgid.xml b/docs/docbook/smbdotconf/winbind/winbindgid.xml
new file mode 100644
index 0000000000..a8414e9e8c
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindgid.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="winbind gid"
+ context="G"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The winbind gid parameter specifies the range of group
+ ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon. This range of group ids should have no
+ existing local or NIS groups within it as strange conflicts can
+ occur otherwise.</para>
+
+ <para>Default: <command moreinfo="none">winbind gid = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">winbind gid = 10000-20000</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindseparator.xml b/docs/docbook/smbdotconf/winbind/winbindseparator.xml
new file mode 100644
index 0000000000..cefc69d5bd
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindseparator.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="winbind separator"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter allows an admin to define the character
+ used when listing a username of the form of <replaceable>DOMAIN
+ </replaceable>\<replaceable>user</replaceable>. This parameter
+ is only applicable when using the <filename moreinfo="none">pam_winbind.so</filename>
+ and <filename moreinfo="none">nss_winbind.so</filename> modules for UNIX services.
+ </para>
+
+ <para>Please note that setting this parameter to + causes problems
+ with group membership at least on glibc systems, as the character +
+ is used as a special character for NIS in /etc/group.</para>
+
+ <para>Default: <command moreinfo="none">winbind separator = '\'</command></para>
+
+ <para>Example: <command moreinfo="none">winbind separator = +</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbinduid.xml b/docs/docbook/smbdotconf/winbind/winbinduid.xml
new file mode 100644
index 0000000000..6fee40fcb8
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbinduid.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="winbind uid"
+ context="G"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The winbind gid parameter specifies the range of group
+ ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon. This range of ids should have no
+ existing local or NIS users within it as strange conflicts can
+ occur otherwise.</para>
+
+ <para>Default: <command moreinfo="none">winbind uid = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">winbind uid = 10000-20000</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml
new file mode 100644
index 0000000000..5c31a7f9b0
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="winbind used default domain"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies whether the
+ <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon should operate on users
+ without domain component in their username. Users without a domain
+ component are treated as is part of the winbindd server's own
+ domain. While this does not benifit Windows users, it makes SSH, FTP and
+ e-mail function in a way much closer to the way they
+ would in a native unix system.</para>
+
+ <para>Default: <command moreinfo="none">winbind use default domain = &lt;no&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">winbind use default domain = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/dnsproxy.xml b/docs/docbook/smbdotconf/wins/dnsproxy.xml
new file mode 100644
index 0000000000..45ec160c5a
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/dnsproxy.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="dns proxy"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Specifies that <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server and
+ finding that a NetBIOS name has not been registered, should treat the
+ NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server
+ for that name on behalf of the name-querying client.</para>
+
+ <para>Note that the maximum length for a NetBIOS name is 15
+ characters, so the DNS name (or DNS alias) can likewise only be
+ 15 characters, maximum.</para>
+
+ <para><command moreinfo="none">nmbd</command> spawns a second copy of itself to do the
+ DNS name lookup requests, as doing a name lookup is a blocking
+ action.</para>
+
+ <para>See also the parameter <link linkend="WINSSUPPORT"><parameter moreinfo="none">
+ wins support</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">dns proxy = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/winshook.xml b/docs/docbook/smbdotconf/wins/winshook.xml
new file mode 100644
index 0000000000..e38e93f6b5
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/winshook.xml
@@ -0,0 +1,57 @@
+<samba:parameter name="wins hook"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>When Samba is running as a WINS server this
+ allows you to call an external program for all changes to the
+ WINS database. The primary use for this option is to allow the
+ dynamic update of external name resolution databases such as
+ dynamic DNS.</para>
+
+ <para>The wins hook parameter specifies the name of a script
+ or executable that will be called as follows:</para>
+
+ <para><command moreinfo="none">wins_hook operation name nametype ttl IP_list</command></para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The first argument is the operation and is
+ one of &quot;add&quot;, &quot;delete&quot;, or
+ &quot;refresh&quot;. In most cases the operation
+ can be ignored as the rest of the parameters
+ provide sufficient information. Note that
+ &quot;refresh&quot; may sometimes be called when
+ the name has not previously been added, in that
+ case it should be treated as an add.</para>
+ </listitem>
+
+ <listitem>
+ <para>The second argument is the NetBIOS name. If the
+ name is not a legal name then the wins hook is not called.
+ Legal names contain only letters, digits, hyphens, underscores
+ and periods.</para>
+ </listitem>
+
+ <listitem>
+ <para>The third argument is the NetBIOS name
+ type as a 2 digit hexadecimal number. </para>
+ </listitem>
+
+ <listitem>
+ <para>The fourth argument is the TTL (time to live)
+ for the name in seconds.</para>
+ </listitem>
+
+ <listitem>
+ <para>The fifth and subsequent arguments are the IP
+ addresses currently registered for that name. If this list is
+ empty then the name should be deleted.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>An example script that calls the BIND dynamic DNS update
+ program <command moreinfo="none">nsupdate</command> is provided in the examples
+ directory of the Samba source code. </para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/winspartners.xml b/docs/docbook/smbdotconf/wins/winspartners.xml
new file mode 100644
index 0000000000..9ec277ed2d
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/winspartners.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="wins partner"
+ context="G"
+ advanced="1" wizard="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>A space separated list of partners' IP addresses for
+ WINS replication. WINS partners are always defined as push/pull
+ partners as defining only one way WINS replication is unreliable.
+ WINS replication is currently experimental and unreliable between
+ samba servers.
+ </para>
+
+ <para>Default: <command moreinfo="none">wins partners = </command></para>
+
+ <para>Example: <command moreinfo="none">wins partners = 192.168.0.1 172.16.1.2</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/winsproxy.xml b/docs/docbook/smbdotconf/wins/winsproxy.xml
new file mode 100644
index 0000000000..11f47e31c7
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/winsproxy.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="wins proxy"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a boolean that controls if <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will respond to broadcast name
+ queries on behalf of other hosts. You may need to set this
+ to <constant>yes</constant> for some older clients.</para>
+
+ <para>Default: <command moreinfo="none">wins proxy = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/winsserver.xml b/docs/docbook/smbdotconf/wins/winsserver.xml
new file mode 100644
index 0000000000..12ee635acd
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/winsserver.xml
@@ -0,0 +1,37 @@
+<samba:parameter name="wins server"
+ context="G"
+ basic="1" advanced="1" wizard="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This specifies the IP address (or DNS name: IP
+ address for preference) of the WINS server that <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> should register with. If you have a WINS server on
+ your network then you should set this to the WINS server's IP.</para>
+
+ <para>You should point this at your WINS server if you have a
+ multi-subnetted network.</para>
+
+ <para>If you want to work in multiple namespaces, you can
+ give every wins server a 'tag'. For each tag, only one
+ (working) server will be queried for a name. The tag should be
+ seperated from the ip address by a colon.
+ </para>
+
+ <note><para>You need to set up Samba to point
+ to a WINS server if you have multiple subnets and wish cross-subnet
+ browsing to work correctly.</para></note>
+
+ <para>See the documentation file <ulink url="improved-browsing.html">Browsing</ulink> in the samba howto collection.</para>
+
+ <para>Default: <emphasis>not enabled</emphasis></para>
+
+ <para>Example: <command>wins server = mary:192.9.200.1 fred:192.168.3.199 mary:192.168.2.61</command></para>
+
+ <para>For this example when querying a certain name, 192.19.200.1 will
+ be asked first and if that doesn't respond 192.168.2.61. If either
+ of those doesn't know the name 192.168.3.199 will be queried.
+ </para>
+
+ <para>Example: <command>wins server = 192.9.200.1 192.168.2.61</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/winssupport.xml b/docs/docbook/smbdotconf/wins/winssupport.xml
new file mode 100644
index 0000000000..eef59e708f
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/winssupport.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="wins support"
+ context="G"
+ basic="1" advanced="1" wizard="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean controls if the <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> process in Samba will act as a WINS server. You should
+ not set this to <constant>yes</constant> unless you have a multi-subnetted network and
+ you wish a particular <command moreinfo="none">nmbd</command> to be your WINS server.
+ Note that you should <emphasis>NEVER</emphasis> set this to <constant>yes</constant>
+ on more than one machine in your network.</para>
+
+ <para>Default: <command moreinfo="none">wins support = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/source3/groupdb/.cvsignore b/source3/groupdb/.cvsignore
new file mode 100644
index 0000000000..22beab949c
--- /dev/null
+++ b/source3/groupdb/.cvsignore
@@ -0,0 +1,2 @@
+.po
+.po32
diff --git a/source3/include/authdata.h b/source3/include/authdata.h
new file mode 100644
index 0000000000..0798b72bdf
--- /dev/null
+++ b/source3/include/authdata.h
@@ -0,0 +1,152 @@
+/*
+ Unix SMB/CIFS implementation.
+ Kerberos authorization data
+ Copyright (C) Jim McDonough 2003
+
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _AUTHDATA_H
+#define _AUTHDATA_H
+
+#include "rpc_misc.h"
+
+#define PAC_TYPE_LOGON_INFO 1
+#define PAC_TYPE_SERVER_CHECKSUM 6
+#define PAC_TYPE_PRIVSVR_CHECKSUM 7
+#define PAC_TYPE_UNKNOWN_10 10
+
+typedef struct unknown_type_10 {
+ NTTIME unknown_time;
+ uint16 len;
+ uint16 *username; /* might not be null terminated, so not UNISTR */
+} UNKNOWN_TYPE_10;
+
+typedef struct pac_signature_data {
+ uint32 type;
+ uint8 *signature;
+} PAC_SIGNATURE_DATA;
+
+typedef struct group_membership {
+ uint32 rid;
+ uint32 attrs;
+} GROUP_MEMBERSHIP;
+
+typedef struct group_membership_array {
+ uint32 count;
+ GROUP_MEMBERSHIP *group_membership;
+} GROUP_MEMBERSHIP_ARRAY;
+
+typedef struct krb_sid_and_attrs {
+ uint32 sid_ptr;
+ uint32 attrs;
+ DOM_SID2 *sid;
+} KRB_SID_AND_ATTRS;
+
+typedef struct krb_sid_and_attr_array {
+ uint32 count;
+ KRB_SID_AND_ATTRS *krb_sid_and_attrs;
+} KRB_SID_AND_ATTR_ARRAY;
+
+
+/* This is awfully similar to a samr_user_info_23, but not identical.
+ Many of the field names have been swiped from there, because it is
+ so similar that they are likely the same, but many have been verified.
+ Some are in a different order, though... */
+typedef struct pac_logon_info {
+ NTTIME logon_time; /* logon time */
+ NTTIME logoff_time; /* logoff time */
+ NTTIME kickoff_time; /* kickoff time */
+ NTTIME pass_last_set_time; /* password last set time */
+ NTTIME pass_can_change_time; /* password can change time */
+ NTTIME pass_must_change_time; /* password must change time */
+
+ UNIHDR hdr_user_name; /* user name unicode string header */
+ UNIHDR hdr_full_name; /* user's full name unicode string header */
+ UNIHDR hdr_logon_script; /* these last 4 appear to be in a different */
+ UNIHDR hdr_profile_path; /* order than in the info23 */
+ UNIHDR hdr_home_dir;
+ UNIHDR hdr_dir_drive;
+
+ uint16 logon_count; /* number of times user has logged onto domain */
+ uint16 reserved12;
+
+ uint32 user_rid;
+ uint32 group_rid;
+ uint32 group_count;
+ uint32 group_membership_ptr;
+ uint32 user_flags;
+
+ uint32 reserved13[4];
+ UNIHDR hdr_dom_controller;
+ UNIHDR hdr_dom_name;
+
+ uint32 ptr_dom_sid;
+
+ uint32 reserved16[2];
+ uint32 reserved17; /* looks like it may be acb_info */
+ uint32 reserved18[7];
+
+ uint32 sid_count;
+ uint32 ptr_extra_sids;
+
+ uint32 ptr_res_group_dom_sid;
+ uint32 res_group_count;
+ uint32 ptr_res_groups;
+
+ UNISTR2 uni_user_name; /* user name unicode string header */
+ UNISTR2 uni_full_name; /* user's full name unicode string header */
+ UNISTR2 uni_logon_script; /* these last 4 appear to be in a different*/
+ UNISTR2 uni_profile_path; /* order than in the info23 */
+ UNISTR2 uni_home_dir;
+ UNISTR2 uni_dir_drive;
+ UNISTR2 uni_dom_controller;
+ UNISTR2 uni_dom_name;
+ DOM_SID2 dom_sid;
+ GROUP_MEMBERSHIP_ARRAY groups;
+ KRB_SID_AND_ATTR_ARRAY extra_sids;
+ DOM_SID2 res_group_dom_sid;
+ GROUP_MEMBERSHIP_ARRAY res_groups;
+
+} PAC_LOGON_INFO;
+
+typedef struct pac_info_ctr
+{
+ union
+ {
+ PAC_LOGON_INFO *logon_info;
+ PAC_SIGNATURE_DATA *srv_cksum;
+ PAC_SIGNATURE_DATA *privsrv_cksum;
+ UNKNOWN_TYPE_10 *type_10;
+ } pac;
+} PAC_INFO_CTR;
+
+typedef struct pac_info_hdr {
+ uint32 type;
+ uint32 size;
+ uint32 offset;
+ uint32 offsethi;
+ PAC_INFO_CTR *ctr;
+} PAC_INFO_HDR;
+
+typedef struct pac_data {
+ uint32 num_buffers;
+ uint32 version;
+ PAC_INFO_HDR *pac_info_hdr_ptr;
+} PAC_DATA;
+
+
+#endif
diff --git a/source3/include/fake_file.h b/source3/include/fake_file.h
new file mode 100644
index 0000000000..3fe60072e9
--- /dev/null
+++ b/source3/include/fake_file.h
@@ -0,0 +1,46 @@
+/*
+ Unix SMB/CIFS implementation.
+ FAKE FILE suppport, for faking up special files windows want access to
+ Copyright (C) Stefan (metze) Metzmacher 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _FAKE_FILE_H
+#define _FAKE_FILE_H
+
+enum FAKE_FILE_TYPE {
+ FAKE_FILE_TYPE_NONE = 0,
+ FAKE_FILE_TYPE_QUOTA
+};
+
+#define FAKE_FILE_NAME_QUOTA "\\$Extend\\$Quota:$Q:$INDEX_ALLOCATION"
+
+typedef struct _FAKE_FILE_HANDLE {
+ enum FAKE_FILE_TYPE type;
+ TALLOC_CTX *mem_ctx;
+ void *pd; /* for private data */
+ void (*free_pd)(void **pd); /* free private_data */
+} FAKE_FILE_HANDLE;
+
+typedef struct _FAKE_FILE {
+ const char *name;
+ enum FAKE_FILE_TYPE type;
+ void *(*init_pd)(TALLOC_CTX *men_ctx);
+ void (*free_pd)(void **pd);
+} FAKE_FILE;
+
+
+#endif /* _FAKE_FILE_H */
diff --git a/source3/include/ntquotas.h b/source3/include/ntquotas.h
new file mode 100644
index 0000000000..1425e59bb8
--- /dev/null
+++ b/source3/include/ntquotas.h
@@ -0,0 +1,97 @@
+/*
+ Unix SMB/CIFS implementation.
+ NT QUOTA code constants
+ Copyright (C) Stefan (metze) Metzmacher 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _NTQUOTAS_H
+#define _NTQUOTAS_H
+
+/*
+ * details for Quota Flags:
+ *
+ * 0x20 Log Limit: log if the user exceeds his Hard Quota
+ * 0x10 Log Warn: log if the user exceeds his Soft Quota
+ * 0x02 Deny Disk: deny disk access when the user exceeds his Hard Quota
+ * 0x01 Enable Quotas: enable quota for this fs
+ *
+ */
+
+#define QUOTAS_ENABLED 0x0001
+#define QUOTAS_DENY_DISK 0x0002
+#define QUOTAS_LOG_VIOLATIONS 0x0004
+#define CONTENT_INDEX_DISABLED 0x0008
+#define QUOTAS_LOG_THRESHOLD 0x0010
+#define QUOTAS_LOG_LIMIT 0x0020
+#define LOG_VOLUME_THRESHOLD 0x0040
+#define LOG_VOLUME_LIMIT 0x0080
+#define QUOTAS_INCOMPLETE 0x0100
+#define QUOTAS_REBUILDING 0x0200
+#define QUOTAS_0400 0x0400
+#define QUOTAS_0800 0x0800
+#define QUOTAS_1000 0x1000
+#define QUOTAS_2000 0x2000
+#define QUOTAS_4000 0x4000
+#define QUOTAS_8000 0x8000
+
+#define SMB_NTQUOTAS_NO_LIMIT ((SMB_BIG_UINT)(-1))
+#define SMB_NTQUOTAS_NO_ENTRY ((SMB_BIG_UINT)(-2))
+#define SMB_NTQUOTAS_NO_SPACE ((SMB_BIG_UINT)(0))
+#define SMB_NTQUOTAS_1_B (SMB_BIG_UINT)0x0000000000000001
+#define SMB_NTQUOTAS_1KB (SMB_BIG_UINT)0x0000000000000400
+#define SMB_NTQUOTAS_1MB (SMB_BIG_UINT)0x0000000000100000
+#define SMB_NTQUOTAS_1GB (SMB_BIG_UINT)0x0000000040000000
+#define SMB_NTQUOTAS_1TB (SMB_BIG_UINT)0x0000010000000000
+#define SMB_NTQUOTAS_1PB (SMB_BIG_UINT)0x0004000000000000
+#define SMB_NTQUOTAS_1EB (SMB_BIG_UINT)0x1000000000000000
+
+enum SMB_QUOTA_TYPE {
+ SMB_INVALID_QUOTA_TYPE = -1,
+ SMB_USER_FS_QUOTA_TYPE = 1,
+ SMB_USER_QUOTA_TYPE = 2,
+ SMB_GROUP_FS_QUOTA_TYPE = 3,/* not used yet */
+ SMB_GROUP_QUOTA_TYPE = 4 /* not in use yet, maybe for disk_free queries */
+};
+
+typedef struct _SMB_NTQUOTA_STRUCT {
+ enum SMB_QUOTA_TYPE qtype;
+ SMB_BIG_UINT usedspace;
+ SMB_BIG_UINT softlim;
+ SMB_BIG_UINT hardlim;
+ enum SMB_QUOTA_TYPE qflags;
+ DOM_SID sid;
+} SMB_NTQUOTA_STRUCT;
+
+typedef struct _SMB_NTQUOTA_LIST {
+ struct _SMB_NTQUOTA_LIST *prev,*next;
+ TALLOC_CTX *mem_ctx;
+ uid_t uid;
+ SMB_NTQUOTA_STRUCT *quotas;
+} SMB_NTQUOTA_LIST;
+
+typedef struct _SMB_NTQUOTA_HANDLE {
+ BOOL valid;
+ SMB_NTQUOTA_LIST *quota_list;
+ SMB_NTQUOTA_LIST *tmp_list;
+} SMB_NTQUOTA_HANDLE;
+
+#define CHECK_NTQUOTA_HANDLE_OK(fsp,conn) (FNUM_OK(fsp,conn) &&\
+ (fsp)->fake_file_handle &&\
+ ((fsp)->fake_file_handle->type == FAKE_FILE_TYPE_QUOTA) &&\
+ (fsp)->fake_file_handle->pd)
+
+#endif /*_NTQUOTAS_H */
diff --git a/source3/include/rpc_echo.h b/source3/include/rpc_echo.h
new file mode 100644
index 0000000000..8fa389cf56
--- /dev/null
+++ b/source3/include/rpc_echo.h
@@ -0,0 +1,74 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Samba rpcecho definitions.
+
+ Copyright (C) Tim Potter 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_ECHO_H
+#define _RPC_ECHO_H
+
+#define ECHO_ADD_ONE 0x00
+#define ECHO_DATA 0x01
+#define ECHO_SINK_DATA 0x02
+#define ECHO_SOURCE_DATA 0x03
+
+typedef struct echo_q_add_one
+{
+ uint32 request;
+} ECHO_Q_ADD_ONE;
+
+typedef struct echo_r_add_one
+{
+ uint32 response;
+} ECHO_R_ADD_ONE;
+
+typedef struct echo_q_echo_data
+{
+ uint32 size;
+ char *data;
+} ECHO_Q_ECHO_DATA;
+
+typedef struct echo_r_echo_data
+{
+ uint32 size;
+ char *data;
+} ECHO_R_ECHO_DATA;
+
+typedef struct echo_q_source_data
+{
+ uint32 size;
+} ECHO_Q_SOURCE_DATA;
+
+typedef struct echo_r_source_data
+{
+ uint32 size;
+ char *data;
+} ECHO_R_SOURCE_DATA;
+
+typedef struct echo_q_sink_data
+{
+ uint32 size;
+ char *data;
+} ECHO_Q_SINK_DATA;
+
+typedef struct echo_r_sink_data
+{
+} ECHO_R_SINK_DATA;
+
+#endif
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
new file mode 100644
index 0000000000..c554a02e90
--- /dev/null
+++ b/source3/libads/authdata.c
@@ -0,0 +1,614 @@
+/*
+ Unix SMB/CIFS implementation.
+ kerberos authorization data (PAC) utility library
+ Copyright (C) Jim McDonough 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_KRB5
+
+static DATA_BLOB unwrap_pac(DATA_BLOB *auth_data)
+{
+ DATA_BLOB pac_contents;
+ ASN1_DATA data;
+ int data_type;
+
+ asn1_load(&data, *auth_data);
+ asn1_start_tag(&data, ASN1_SEQUENCE(0));
+ asn1_start_tag(&data, ASN1_SEQUENCE(0));
+ asn1_start_tag(&data, ASN1_CONTEXT(0));
+ asn1_read_Integer(&data, &data_type);
+ asn1_end_tag(&data);
+ asn1_start_tag(&data, ASN1_CONTEXT(1));
+ asn1_read_OctetString(&data, &pac_contents);
+ asn1_end_tag(&data);
+ asn1_end_tag(&data);
+ asn1_end_tag(&data);
+ return pac_contents;
+}
+
+static BOOL pac_io_unknown_type_10(const char *desc, UNKNOWN_TYPE_10 *type_10,
+ prs_struct *ps, int depth)
+{
+ if (NULL == type_10)
+ return False;
+
+ prs_debug(ps, depth, desc, "pac_io_unknown_type_10");
+ depth++;
+
+ if (!smb_io_time("unknown_time", &type_10->unknown_time, ps, depth))
+ return False;
+
+ if (!prs_uint16("len", ps, depth, &type_10->len))
+ return False;
+
+ if (UNMARSHALLING(ps) && type_10->len) {
+ type_10->username = (uint16 *) prs_alloc_mem(ps, type_10->len);
+ if (!type_10->username) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ }
+
+ if (!prs_uint16s(True, "name", ps, depth, type_10->username,
+ (type_10->len / sizeof(uint16))))
+ return False;
+
+ return True;
+
+}
+
+
+static BOOL pac_io_krb_sids(const char *desc, KRB_SID_AND_ATTRS *sid_and_attr,
+ prs_struct *ps, int depth)
+{
+ if (NULL == sid_and_attr)
+ return False;
+
+ prs_debug(ps, depth, desc, "pac_io_krb_sids");
+ depth++;
+
+ if (UNMARSHALLING(ps)) {
+ sid_and_attr->sid =
+ (DOM_SID2 * ) prs_alloc_mem(ps, sizeof(DOM_SID2));
+ if (!sid_and_attr->sid) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ }
+
+ if(!smb_io_dom_sid2("sid", sid_and_attr->sid, ps, depth))
+ return False;
+
+ return True;
+}
+
+
+static BOOL pac_io_krb_attrs(const char *desc, KRB_SID_AND_ATTRS *sid_and_attr,
+ prs_struct *ps, int depth)
+{
+ if (NULL == sid_and_attr)
+ return False;
+
+ prs_debug(ps, depth, desc, "pac_io_krb_attrs");
+ depth++;
+
+ if (!prs_uint32("sid_ptr", ps, depth, &sid_and_attr->sid_ptr))
+ return False;
+ if (!prs_uint32("attrs", ps, depth, &sid_and_attr->attrs))
+ return False;
+
+ return True;
+}
+
+static BOOL pac_io_krb_sid_and_attr_array(const char *desc,
+ KRB_SID_AND_ATTR_ARRAY *array,
+ uint32 num,
+ prs_struct *ps, int depth)
+{
+ int i;
+
+ if (NULL == array)
+ return False;
+
+ prs_debug(ps, depth, desc, "pac_io_krb_sid_and_attr_array");
+ depth++;
+
+
+ if (!prs_uint32("count", ps, depth, &array->count))
+ return False;
+
+ if (UNMARSHALLING(ps)) {
+ array->krb_sid_and_attrs = (KRB_SID_AND_ATTRS *)
+ prs_alloc_mem(ps, sizeof(KRB_SID_AND_ATTRS) * num);
+ if (!array->krb_sid_and_attrs) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ }
+
+ for (i=0; i<num; i++) {
+ if (!pac_io_krb_attrs(desc,
+ &array->krb_sid_and_attrs[i],
+ ps, depth))
+ return False;
+
+ }
+ for (i=0; i<num; i++) {
+ if (!pac_io_krb_sids(desc,
+ &array->krb_sid_and_attrs[i],
+ ps, depth))
+ return False;
+
+ }
+
+ return True;
+
+}
+
+static BOOL pac_io_group_membership(const char *desc,
+ GROUP_MEMBERSHIP *membership,
+ prs_struct *ps, int depth)
+{
+ if (NULL == membership)
+ return False;
+
+ prs_debug(ps, depth, desc, "pac_io_group_membership");
+ depth++;
+
+ if (!prs_uint32("rid", ps, depth, &membership->rid))
+ return False;
+ if (!prs_uint32("attrs", ps, depth, &membership->attrs))
+ return False;
+
+ return True;
+}
+
+
+static BOOL pac_io_group_membership_array(const char *desc,
+ GROUP_MEMBERSHIP_ARRAY *array,
+ uint32 num,
+ prs_struct *ps, int depth)
+{
+ int i;
+
+ if (NULL == array)
+ return False;
+
+ prs_debug(ps, depth, desc, "pac_io_group_membership_array");
+ depth++;
+
+
+ if (!prs_uint32("count", ps, depth, &array->count))
+ return False;
+
+ if (UNMARSHALLING(ps)) {
+ array->group_membership = (GROUP_MEMBERSHIP *)
+ prs_alloc_mem(ps, sizeof(GROUP_MEMBERSHIP) * num);
+ if (!array->group_membership) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ }
+
+ for (i=0; i<num; i++) {
+ if (!pac_io_group_membership(desc,
+ &array->group_membership[i],
+ ps, depth))
+ return False;
+
+ }
+
+ return True;
+
+}
+
+static BOOL pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info,
+ prs_struct *ps, int depth)
+{
+ uint32 garbage;
+ if (NULL == info)
+ return False;
+
+ prs_debug(ps, depth, desc, "pac_io_pac_logon_info");
+ depth++;
+
+ if (!prs_uint32("unknown", ps, depth, &garbage))
+ return False;
+ if (!prs_uint32("unknown", ps, depth, &garbage))
+ return False;
+ if (!prs_uint32("bufferlen", ps, depth, &garbage))
+ return False;
+ if (!prs_uint32("bufferlenhi", ps, depth, &garbage))
+ return False;
+ if (!prs_uint32("pointer", ps, depth, &garbage))
+ return False;
+
+ if (!smb_io_time("logon_time", &info->logon_time, ps, depth))
+ return False;
+ if (!smb_io_time("logoff_time", &info->logoff_time, ps, depth))
+ return False;
+ if (!smb_io_time("kickoff_time", &info->kickoff_time, ps, depth))
+ return False;
+ if (!smb_io_time("pass_last_set_time", &info->pass_last_set_time,
+ ps, depth))
+ return False;
+ if (!smb_io_time("pass_can_change_time", &info->pass_can_change_time,
+ ps, depth))
+ return False;
+ if (!smb_io_time("pass_must_change_time", &info->pass_must_change_time,
+ ps, depth))
+ return False;
+
+ if (!smb_io_unihdr("hdr_user_name", &info->hdr_user_name, ps, depth))
+ return False;
+ if (!smb_io_unihdr("hdr_full_name", &info->hdr_full_name, ps, depth))
+ return False;
+ if (!smb_io_unihdr("hdr_logon_script", &info->hdr_logon_script,
+ ps, depth))
+ return False;
+ if (!smb_io_unihdr("hdr_profile_path", &info->hdr_profile_path,
+ ps, depth))
+ return False;
+ if (!smb_io_unihdr("hdr_home_dir", &info->hdr_home_dir, ps, depth))
+ return False;
+ if (!smb_io_unihdr("hdr_dir_drive", &info->hdr_dir_drive, ps, depth))
+ return False;
+
+ if (!prs_uint16("logon_count", ps, depth, &info->logon_count))
+ return False;
+ if (!prs_uint16("reserved12", ps, depth, &info->reserved12))
+ return False;
+ if (!prs_uint32("user_rid", ps, depth, &info->user_rid))
+ return False;
+ if (!prs_uint32("group_rid", ps, depth, &info->group_rid))
+ return False;
+ if (!prs_uint32("group_count", ps, depth, &info->group_count))
+ return False;
+ /* I haven't seen this contain anything yet, but when it does
+ we will have to make sure we decode the contents in the middle
+ all the unistr2s ... */
+ if (!prs_uint32("group_mem_ptr", ps, depth,
+ &info->group_membership_ptr))
+ return False;
+ if (!prs_uint32("user_flags", ps, depth, &info->user_flags))
+ return False;
+
+ if (!prs_uint32("reserved13.0", ps, depth, &info->reserved13[0]))
+ return False;
+ if (!prs_uint32("reserved13.1", ps, depth, &info->reserved13[1]))
+ return False;
+ if (!prs_uint32("reserved13.2", ps, depth, &info->reserved13[2]))
+ return False;
+ if (!prs_uint32("reserved13.3", ps, depth, &info->reserved13[3]))
+ return False;
+
+ if (!smb_io_unihdr("hdr_dom_controller",
+ &info->hdr_dom_controller, ps, depth))
+ return False;
+ if (!smb_io_unihdr("hdr_dom_name", &info->hdr_dom_name, ps, depth))
+ return False;
+
+ /* this should be followed, but just get ptr for now */
+ if (!prs_uint32("ptr_dom_sid", ps, depth, &info->ptr_dom_sid))
+ return False;
+
+ if (!prs_uint32("reserved16.0", ps, depth, &info->reserved16[0]))
+ return False;
+ if (!prs_uint32("reserved16.1", ps, depth, &info->reserved16[1]))
+ return False;
+
+ /* might be acb_info */
+ if (!prs_uint32("reserved17", ps, depth, &info->reserved17))
+ return False;
+
+
+ if (!prs_uint32("reserved18.0", ps, depth, &info->reserved18[0]))
+ return False;
+ if (!prs_uint32("reserved18.1", ps, depth, &info->reserved18[1]))
+ return False;
+ if (!prs_uint32("reserved18.2", ps, depth, &info->reserved18[2]))
+ return False;
+ if (!prs_uint32("reserved18.3", ps, depth, &info->reserved18[3]))
+ return False;
+ if (!prs_uint32("reserved18.4", ps, depth, &info->reserved18[4]))
+ return False;
+ if (!prs_uint32("reserved18.5", ps, depth, &info->reserved18[5]))
+ return False;
+ if (!prs_uint32("reserved18.6", ps, depth, &info->reserved18[6]))
+ return False;
+
+ if (!prs_uint32("sid_count", ps, depth, &info->sid_count))
+ return False;
+ if (!prs_uint32("ptr_extra_sids", ps, depth, &info->ptr_extra_sids))
+ return False;
+ if (!prs_uint32("ptr_res_group_dom_sid", ps, depth,
+ &info->ptr_res_group_dom_sid))
+ return False;
+ if (!prs_uint32("res_group_count", ps, depth, &info->res_group_count))
+ return False;
+ if (!prs_uint32("ptr_res_groups", ps, depth, &info->ptr_res_groups))
+ return False;
+
+ if(!smb_io_unistr2("uni_user_name", &info->uni_user_name,
+ info->hdr_user_name.buffer, ps, depth))
+ return False;
+ if(!smb_io_unistr2("uni_full_name", &info->uni_full_name,
+ info->hdr_full_name.buffer, ps, depth))
+ return False;
+ if(!smb_io_unistr2("uni_logon_script", &info->uni_logon_script,
+ info->hdr_logon_script.buffer, ps, depth))
+ return False;
+ if(!smb_io_unistr2("uni_profile_path", &info->uni_profile_path,
+ info->hdr_profile_path.buffer, ps, depth))
+ return False;
+ if(!smb_io_unistr2("uni_home_dir", &info->uni_home_dir,
+ info->hdr_home_dir.buffer, ps, depth))
+ return False;
+ if(!smb_io_unistr2("uni_dir_drive", &info->uni_dir_drive,
+ info->hdr_dir_drive.buffer, ps, depth))
+ return False;
+
+ if (info->group_membership_ptr) {
+ if (!pac_io_group_membership_array("group membership",
+ &info->groups,
+ info->group_count,
+ ps, depth))
+ return False;
+ }
+
+
+ if(!smb_io_unistr2("uni_dom_controller", &info->uni_dom_controller,
+ info->hdr_dom_controller.buffer, ps, depth))
+ return False;
+ if(!smb_io_unistr2("uni_dom_name", &info->uni_dom_name,
+ info->hdr_dom_name.buffer, ps, depth))
+ return False;
+
+ if(info->ptr_dom_sid)
+ if(!smb_io_dom_sid2("dom_sid", &info->dom_sid, ps, depth))
+ return False;
+
+
+ if (info->sid_count && info->ptr_extra_sids)
+ if (!pac_io_krb_sid_and_attr_array("extra_sids",
+ &info->extra_sids,
+ info->sid_count,
+ ps, depth))
+ return False;
+
+ if (info->ptr_res_group_dom_sid)
+ if (!smb_io_dom_sid2("res_group_dom_sid",
+ &info->res_group_dom_sid, ps, depth))
+ return False;
+
+ if (info->ptr_res_groups)
+ if (!pac_io_group_membership_array("res group membership",
+ &info->res_groups,
+ info->res_group_count,
+ ps, depth))
+ return False;
+
+ return True;
+}
+
+
+static BOOL pac_io_pac_signature_data(const char *desc,
+ PAC_SIGNATURE_DATA *data, uint32 length,
+ prs_struct *ps, int depth)
+{
+ uint32 siglen = length - sizeof(uint32);
+ if (NULL == data)
+ return False;
+
+ prs_debug(ps, depth, desc, "pac_io_pac_signature_data");
+ depth++;
+
+ if (!prs_uint32("type", ps, depth, &data->type))
+ return False;
+ if (UNMARSHALLING(ps)) {
+ data->signature = prs_alloc_mem(ps, siglen);
+ if (!data->signature) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ }
+ if (!prs_uint8s(False, "signature", ps, depth, data->signature,siglen))
+ return False;
+
+ return True;
+}
+
+static BOOL pac_io_pac_info_hdr_ctr(const char *desc, PAC_INFO_HDR *hdr,
+ prs_struct *ps, int depth)
+{
+ if (NULL == hdr)
+ return False;
+
+ prs_debug(ps, depth, desc, "pac_io_pac_info_hdr_ctr");
+ depth++;
+
+ if (!prs_align(ps))
+ return False;
+
+ if (hdr->offset != prs_offset(ps)) {
+ DEBUG(5, ("offset in header(x%x) and data(x%x) do not match\n",
+ hdr->offset, prs_offset(ps)));
+ prs_set_offset(ps, hdr->offset);
+ }
+
+ if (UNMARSHALLING(ps) && hdr->size > 0) {
+ hdr->ctr = (PAC_INFO_CTR *)
+ prs_alloc_mem(ps, sizeof(PAC_INFO_CTR));
+ if (!hdr->ctr) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ }
+
+ switch(hdr->type) {
+ case PAC_TYPE_LOGON_INFO:
+ DEBUG(5, ("PAC_TYPE_LOGON_INFO\n"));
+ if (UNMARSHALLING(ps))
+ hdr->ctr->pac.logon_info = (PAC_LOGON_INFO *)
+ prs_alloc_mem(ps, sizeof(PAC_LOGON_INFO));
+ if (!hdr->ctr->pac.logon_info) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ if (!pac_io_pac_logon_info(desc, hdr->ctr->pac.logon_info,
+ ps, depth))
+ return False;
+ break;
+
+ case PAC_TYPE_SERVER_CHECKSUM:
+ DEBUG(5, ("PAC_TYPE_SERVER_CHECKSUM\n"));
+ if (UNMARSHALLING(ps))
+ hdr->ctr->pac.srv_cksum = (PAC_SIGNATURE_DATA *)
+ prs_alloc_mem(ps, sizeof(PAC_SIGNATURE_DATA));
+ if (!hdr->ctr->pac.srv_cksum) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ if (!pac_io_pac_signature_data(desc, hdr->ctr->pac.srv_cksum,
+ hdr->size, ps, depth))
+ return False;
+ break;
+
+ case PAC_TYPE_PRIVSVR_CHECKSUM:
+ DEBUG(5, ("PAC_TYPE_PRIVSVR_CHECKSUM\n"));
+ if (UNMARSHALLING(ps))
+ hdr->ctr->pac.privsrv_cksum = (PAC_SIGNATURE_DATA *)
+ prs_alloc_mem(ps, sizeof(PAC_SIGNATURE_DATA));
+ if (!hdr->ctr->pac.privsrv_cksum) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ if (!pac_io_pac_signature_data(desc,
+ hdr->ctr->pac.privsrv_cksum,
+ hdr->size, ps, depth))
+ return False;
+ break;
+
+ case PAC_TYPE_UNKNOWN_10:
+ DEBUG(5, ("PAC_TYPE_UNKNOWN_10\n"));
+ if (UNMARSHALLING(ps))
+ hdr->ctr->pac.type_10 = (UNKNOWN_TYPE_10 *)
+ prs_alloc_mem(ps, sizeof(UNKNOWN_TYPE_10));
+ if (!hdr->ctr->pac.type_10) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ if (!pac_io_unknown_type_10(desc, hdr->ctr->pac.type_10,
+ ps, depth))
+ return False;
+ break;
+
+ default:
+ /* dont' know, so we need to skip it */
+ DEBUG(3, ("unknown PAC type %d\n", hdr->type));
+ prs_set_offset(ps, prs_offset(ps) + hdr->size);
+ }
+
+ return True;
+}
+
+static BOOL pac_io_pac_info_hdr(const char *desc, PAC_INFO_HDR *hdr,
+ prs_struct *ps, int depth)
+{
+ if (NULL == hdr)
+ return False;
+
+ prs_debug(ps, depth, desc, "pac_io_pac_info_hdr");
+ depth++;
+
+ if (!prs_align(ps))
+ return False;
+ if (!prs_uint32("type", ps, depth, &hdr->type))
+ return False;
+ if (!prs_uint32("size", ps, depth, &hdr->size))
+ return False;
+ if (!prs_uint32("offset", ps, depth, &hdr->offset))
+ return False;
+ if (!prs_uint32("offsethi", ps, depth, &hdr->offsethi))
+ return False;
+
+ return True;
+}
+
+static BOOL pac_io_pac_data(const char *desc, PAC_DATA *data,
+ prs_struct *ps, int depth)
+{
+ int i;
+
+ if (NULL == data)
+ return False;
+
+ prs_debug(ps, depth, desc, "pac_io_pac_data");
+ depth++;
+
+ if (!prs_align(ps))
+ return False;
+ if (!prs_uint32("num_buffers", ps, depth, &data->num_buffers))
+ return False;
+ if (!prs_uint32("version", ps, depth, &data->version))
+ return False;
+
+ if (UNMARSHALLING(ps) && data->num_buffers > 0) {
+ if ((data->pac_info_hdr_ptr = (PAC_INFO_HDR *)
+ prs_alloc_mem(ps, sizeof(PAC_INFO_HDR) *
+ data->num_buffers)) == NULL) {
+ return False;
+ }
+ }
+
+ for (i=0; i<data->num_buffers; i++) {
+ if (!pac_io_pac_info_hdr(desc, &data->pac_info_hdr_ptr[i], ps,
+ depth))
+ return False;
+ }
+
+ for (i=0; i<data->num_buffers; i++) {
+ if (!pac_io_pac_info_hdr_ctr(desc, &data->pac_info_hdr_ptr[i],
+ ps, depth))
+ return False;
+ }
+
+ return True;
+}
+
+PAC_DATA *decode_pac_data(DATA_BLOB *auth_data, TALLOC_CTX *ctx)
+{
+ DATA_BLOB pac_data_blob = unwrap_pac(auth_data);
+ prs_struct ps;
+ PAC_DATA *pac_data;
+
+ DEBUG(5,("dump_pac_data\n"));
+ prs_init(&ps, pac_data_blob.length, ctx, UNMARSHALL);
+ prs_copy_data_in(&ps, pac_data_blob.data, pac_data_blob.length);
+ prs_set_offset(&ps, 0);
+
+ pac_data = (PAC_DATA *) talloc_zero(ctx, sizeof(PAC_DATA));
+ pac_io_pac_data("pac data", pac_data, &ps, 0);
+
+ prs_mem_free(&ps);
+
+ return pac_data;
+}
+
+#endif
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
new file mode 100644
index 0000000000..00fe189e9a
--- /dev/null
+++ b/source3/libsmb/clifsinfo.c
@@ -0,0 +1,76 @@
+/*
+ Unix SMB/CIFS implementation.
+ FS info functions
+ Copyright (C) Stefan (metze) Metzmacher 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+BOOL cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr)
+{
+ BOOL ret = False;
+ uint16 setup;
+ char param[2];
+ char *rparam=NULL, *rdata=NULL;
+ unsigned int rparam_count=0, rdata_count=0;
+
+ if (!cli||!fs_attr)
+ smb_panic("cli_get_fs_attr_info() called with NULL Pionter!");
+
+ setup = TRANSACT2_QFSINFO;
+
+ SSVAL(param,0,SMB_QUERY_FS_ATTRIBUTE_INFO);
+
+ if (!cli_send_trans(cli, SMBtrans2,
+ NULL,
+ 0, 0,
+ &setup, 1, 0,
+ param, 2, 0,
+ NULL, 0, 560)) {
+ goto cleanup;
+ }
+
+ if (!cli_receive_trans(cli, SMBtrans2,
+ &rparam, &rparam_count,
+ &rdata, &rdata_count)) {
+ goto cleanup;
+ }
+
+ if (cli_is_error(cli)) {
+ ret = False;
+ goto cleanup;
+ } else {
+ ret = True;
+ }
+
+ if (rdata_count < 12) {
+ goto cleanup;
+ }
+
+ *fs_attr = IVAL(rdata,0);
+
+ /* todo: but not yet needed
+ * return the other stuff
+ */
+
+cleanup:
+ SAFE_FREE(rparam);
+ SAFE_FREE(rdata);
+
+ return ret;
+}
diff --git a/source3/rpc_client/cli_echo.c b/source3/rpc_client/cli_echo.c
new file mode 100644
index 0000000000..03a4ab36ee
--- /dev/null
+++ b/source3/rpc_client/cli_echo.c
@@ -0,0 +1,187 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ RPC pipe client
+
+ Copyright (C) Tim Potter 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+NTSTATUS cli_echo_add_one(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ uint32 request, uint32 *response)
+{
+ prs_struct qbuf, rbuf;
+ ECHO_Q_ADD_ONE q;
+ ECHO_R_ADD_ONE r;
+ BOOL result = False;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+
+ init_echo_q_add_one(&q, request);
+
+ if (!echo_io_q_add_one("", &q, &qbuf, 0) ||
+ !rpc_api_pipe_req(cli, ECHO_ADD_ONE, &qbuf, &rbuf))
+ goto done;
+
+ /* Unmarshall response */
+
+ if (!echo_io_r_add_one("", &r, &rbuf, 0))
+ goto done;
+
+ if (response)
+ *response = r.response;
+
+ result = True;
+
+ done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
+ return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS cli_echo_data(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ uint32 size, char *in_data, char **out_data)
+{
+ prs_struct qbuf, rbuf;
+ ECHO_Q_ECHO_DATA q;
+ ECHO_R_ECHO_DATA r;
+ BOOL result = False;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+
+ init_echo_q_echo_data(&q, size, in_data);
+
+ if (!echo_io_q_echo_data("", &q, &qbuf, 0) ||
+ !rpc_api_pipe_req(cli, ECHO_DATA, &qbuf, &rbuf))
+ goto done;
+
+ /* Unmarshall response */
+
+ if (!echo_io_r_echo_data("", &r, &rbuf, 0))
+ goto done;
+
+ result = True;
+
+ if (out_data) {
+ *out_data = talloc(mem_ctx, size);
+ memcpy(*out_data, r.data, size);
+ }
+
+ done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
+ return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS cli_echo_sink_data(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ uint32 size, char *in_data)
+{
+ prs_struct qbuf, rbuf;
+ ECHO_Q_SINK_DATA q;
+ ECHO_R_SINK_DATA r;
+ BOOL result = False;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+
+ init_echo_q_sink_data(&q, size, in_data);
+
+ if (!echo_io_q_sink_data("", &q, &qbuf, 0) ||
+ !rpc_api_pipe_req(cli, ECHO_SINK_DATA, &qbuf, &rbuf)) {
+ goto done;
+ }
+
+ /* Unmarshall response */
+
+ if (!echo_io_r_sink_data("", &r, &rbuf, 0)) {
+ goto done;
+ }
+
+ result = True;
+
+ done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
+ return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS cli_echo_source_data(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ uint32 size, char **out_data)
+{
+ prs_struct qbuf, rbuf;
+ ECHO_Q_SOURCE_DATA q;
+ ECHO_R_SOURCE_DATA r;
+ BOOL result = False;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+
+ init_echo_q_source_data(&q, size);
+
+ if (!echo_io_q_source_data("", &q, &qbuf, 0) ||
+ !rpc_api_pipe_req(cli, ECHO_SOURCE_DATA, &qbuf, &rbuf)) {
+ goto done;
+ }
+
+ /* Unmarshall response */
+
+ if (!echo_io_r_source_data("", &r, &rbuf, 0)) {
+ goto done;
+ }
+
+ result = True;
+
+ done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
+ return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
diff --git a/source3/rpc_parse/parse_echo.c b/source3/rpc_parse/parse_echo.c
new file mode 100644
index 0000000000..67f9ad772e
--- /dev/null
+++ b/source3/rpc_parse/parse_echo.c
@@ -0,0 +1,166 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * RPC Pipe client / server routines
+ *
+ * Copyright (C) Tim Potter 2003
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+#include "nterr.h"
+#include "rpc_parse.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_RPC_PARSE
+
+void init_echo_q_add_one(ECHO_Q_ADD_ONE *q_d, uint32 request)
+{
+ q_d->request = request;
+}
+
+BOOL echo_io_q_add_one(const char *desc, ECHO_Q_ADD_ONE *q_d,
+ prs_struct *ps, int depth)
+{
+ if (!prs_uint32("request", ps, 0, &q_d->request))
+ return False;
+
+ return True;
+}
+
+BOOL echo_io_r_add_one(const char *desc, ECHO_R_ADD_ONE *q_d,
+ prs_struct *ps, int depth)
+{
+ if (!prs_uint32("response", ps, 0, &q_d->response))
+ return False;
+
+ return True;
+}
+
+
+void init_echo_q_echo_data(ECHO_Q_ECHO_DATA *q_d, uint32 size, char *data)
+{
+ q_d->size = size;
+ q_d->data = data;
+}
+
+BOOL echo_io_q_echo_data(const char *desc, ECHO_Q_ECHO_DATA *q_d,
+ prs_struct *ps, int depth)
+{
+ if (!prs_uint32("size", ps, depth, &q_d->size))
+ return False;
+
+ if (!prs_uint32("size", ps, depth, &q_d->size))
+ return False;
+
+ if (UNMARSHALLING(ps)) {
+ q_d->data = prs_alloc_mem(ps, q_d->size);
+
+ if (!q_d->data)
+ return False;
+ }
+
+ if (!prs_uint8s(False, "data", ps, depth, q_d->data, q_d->size))
+ return False;
+
+ return True;
+}
+
+BOOL echo_io_r_echo_data(const char *desc, ECHO_R_ECHO_DATA *q_d,
+ prs_struct *ps, int depth)
+{
+ if (!prs_uint32("size", ps, 0, &q_d->size))
+ return False;
+
+ if (UNMARSHALLING(ps)) {
+ q_d->data = prs_alloc_mem(ps, q_d->size);
+
+ if (!q_d->data)
+ return False;
+ }
+
+ if (!prs_uint8s(False, "data", ps, depth, q_d->data, q_d->size))
+ return False;
+
+ return True;
+}
+
+void init_echo_q_sink_data(ECHO_Q_SINK_DATA *q_d, uint32 size, char *data)
+{
+ q_d->size = size;
+ q_d->data = data;
+}
+
+BOOL echo_io_q_sink_data(const char *desc, ECHO_Q_SINK_DATA *q_d,
+ prs_struct *ps, int depth)
+{
+ if (!prs_uint32("size", ps, depth, &q_d->size))
+ return False;
+
+ if (!prs_uint32("size", ps, depth, &q_d->size))
+ return False;
+
+ if (UNMARSHALLING(ps)) {
+ q_d->data = prs_alloc_mem(ps, q_d->size);
+
+ if (!q_d->data)
+ return False;
+ }
+
+ if (!prs_uint8s(False, "data", ps, depth, q_d->data, q_d->size))
+ return False;
+
+ return True;
+}
+
+BOOL echo_io_r_sink_data(const char *desc, ECHO_R_SINK_DATA *q_d,
+ prs_struct *ps, int depth)
+{
+ return True;
+}
+
+void init_echo_q_source_data(ECHO_Q_SOURCE_DATA *q_d, uint32 size)
+{
+ q_d->size = size;
+}
+
+BOOL echo_io_q_source_data(const char *desc, ECHO_Q_SOURCE_DATA *q_d,
+ prs_struct *ps, int depth)
+{
+ if (!prs_uint32("size", ps, depth, &q_d->size))
+ return False;
+
+ return True;
+}
+
+BOOL echo_io_r_source_data(const char *desc, ECHO_R_SOURCE_DATA *q_d,
+ prs_struct *ps, int depth)
+{
+ if (!prs_uint32("size", ps, 0, &q_d->size))
+ return False;
+
+ if (UNMARSHALLING(ps)) {
+ q_d->data = prs_alloc_mem(ps, q_d->size);
+
+ if (!q_d->data)
+ return False;
+ }
+
+ if (!prs_uint8s(False, "data", ps, depth, q_d->data, q_d->size))
+ return False;
+
+ return True;
+}
diff --git a/source3/rpc_server/srv_echo.c b/source3/rpc_server/srv_echo.c
new file mode 100644
index 0000000000..dcd8dd0c53
--- /dev/null
+++ b/source3/rpc_server/srv_echo.c
@@ -0,0 +1,137 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * RPC Pipe client / server routines for rpcecho
+ * Copyright (C) Tim Potter 2003.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the interface to the rpcecho pipe. */
+
+#include "includes.h"
+#include "nterr.h"
+
+#ifdef DEVELOPER
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_RPC_SRV
+
+static BOOL api_add_one(pipes_struct *p)
+{
+ ECHO_Q_ADD_ONE q_u;
+ ECHO_R_ADD_ONE r_u;
+
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!echo_io_q_add_one("", &q_u, data, 0))
+ return False;
+
+ _echo_add_one(p, &q_u, &r_u);
+
+ if(!echo_io_r_add_one("", &r_u, rdata, 0))
+ return False;
+
+ return True;
+}
+
+static BOOL api_echo_data(pipes_struct *p)
+{
+ ECHO_Q_ECHO_DATA q_u;
+ ECHO_R_ECHO_DATA r_u;
+
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!echo_io_q_echo_data("", &q_u, data, 0))
+ return False;
+
+ _echo_data(p, &q_u, &r_u);
+
+ if(!echo_io_r_echo_data("", &r_u, rdata, 0))
+ return False;
+
+ return True;
+}
+
+static BOOL api_source_data(pipes_struct *p)
+{
+ ECHO_Q_SOURCE_DATA q_u;
+ ECHO_R_SOURCE_DATA r_u;
+
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!echo_io_q_source_data("", &q_u, data, 0))
+ return False;
+
+ _source_data(p, &q_u, &r_u);
+
+ if(!echo_io_r_source_data("", &r_u, rdata, 0))
+ return False;
+
+ return True;
+}
+
+static BOOL api_sink_data(pipes_struct *p)
+{
+ ECHO_Q_SINK_DATA q_u;
+ ECHO_R_SINK_DATA r_u;
+
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!echo_io_q_sink_data("", &q_u, data, 0))
+ return False;
+
+ _sink_data(p, &q_u, &r_u);
+
+ if(!echo_io_r_sink_data("", &r_u, rdata, 0))
+ return False;
+
+ return True;
+}
+
+/*******************************************************************
+\pipe\rpcecho commands
+********************************************************************/
+
+int rpc_echo_init(void)
+{
+ struct api_struct api_echo_cmds[] = {
+ {"ADD_ONE", ECHO_ADD_ONE, api_add_one },
+ {"ECHO_DATA", ECHO_DATA, api_echo_data },
+ {"SOURCE_DATA", ECHO_SOURCE_DATA, api_source_data },
+ {"SINK_DATA", ECHO_SINK_DATA, api_sink_data },
+ };
+
+ return rpc_pipe_register_commands(
+ "rpcecho", "rpcecho", api_echo_cmds,
+ sizeof(api_echo_cmds) / sizeof(struct api_struct));
+}
+
+#endif /* DEVELOPER */
diff --git a/source3/rpc_server/srv_echo_nt.c b/source3/rpc_server/srv_echo_nt.c
new file mode 100644
index 0000000000..ddb76b3a21
--- /dev/null
+++ b/source3/rpc_server/srv_echo_nt.c
@@ -0,0 +1,78 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * RPC Pipe client / server routines for rpcecho
+ * Copyright (C) Tim Potter 2003.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the interface to the rpcecho pipe. */
+
+#include "includes.h"
+#include "nterr.h"
+
+#ifdef DEVELOPER
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_RPC_SRV
+
+/* Add one to the input and return it */
+
+void _echo_add_one(pipes_struct *p, ECHO_Q_ADD_ONE *q_u, ECHO_R_ADD_ONE *r_u)
+{
+ DEBUG(10, ("_echo_add_one\n"));
+
+ r_u->response = q_u->request + 1;
+}
+
+/* Echo back an array of data */
+
+void _echo_data(pipes_struct *p, ECHO_Q_ECHO_DATA *q_u,
+ ECHO_R_ECHO_DATA *r_u)
+{
+ DEBUG(10, ("_echo_data\n"));
+
+ r_u->data = talloc(p->mem_ctx, q_u->size);
+ r_u->size = q_u->size;
+ memcpy(r_u->data, q_u->data, q_u->size);
+}
+
+/* Sink an array of data */
+
+void _sink_data(pipes_struct *p, ECHO_Q_SINK_DATA *q_u,
+ ECHO_R_SINK_DATA *r_u)
+{
+ DEBUG(10, ("_sink_data\n"));
+
+ /* My that was some yummy data! */
+}
+
+/* Source an array of data */
+
+void _source_data(pipes_struct *p, ECHO_Q_SOURCE_DATA *q_u,
+ ECHO_R_SOURCE_DATA *r_u)
+{
+ uint32 i;
+
+ DEBUG(10, ("_source_data\n"));
+
+ r_u->data = talloc(p->mem_ctx, q_u->size);
+ r_u->size = q_u->size;
+
+ for (i = 0; i < r_u->size; i++)
+ r_u->data[i] = i & 0xff;
+}
+
+#endif /* DEVELOPER */
diff --git a/source3/rpcclient/cmd_echo.c b/source3/rpcclient/cmd_echo.c
new file mode 100644
index 0000000000..79ba744a55
--- /dev/null
+++ b/source3/rpcclient/cmd_echo.c
@@ -0,0 +1,157 @@
+/*
+ Unix SMB/CIFS implementation.
+ RPC pipe client
+
+ Copyright (C) Tim Potter 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+static NTSTATUS cmd_echo_add_one(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
+{
+ uint32 request = 1, response;
+ NTSTATUS result;
+
+ if (argc > 2) {
+ printf("Usage: %s [num]\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ if (argc == 2)
+ request = atoi(argv[1]);
+
+ result = cli_echo_add_one(cli, mem_ctx, request, &response);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ printf("%d + 1 = %d\n", request, response);
+
+done:
+ return result;
+}
+
+static NTSTATUS cmd_echo_data(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
+{
+ uint32 size, i;
+ NTSTATUS result;
+ char *in_data = NULL, *out_data = NULL;
+
+ if (argc != 2) {
+ printf("Usage: %s num\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ size = atoi(argv[1]);
+ in_data = malloc(size);
+
+ for (i = 0; i < size; i++)
+ in_data[i] = i & 0xff;
+
+ result = cli_echo_data(cli, mem_ctx, size, in_data, &out_data);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ for (i = 0; i < size; i++) {
+ if (in_data[i] != out_data[i]) {
+ printf("mismatch at offset %d, %d != %d\n",
+ i, in_data[i], out_data[i]);
+ }
+ }
+
+done:
+ SAFE_FREE(in_data);
+
+ return result;
+}
+
+static NTSTATUS cmd_echo_source_data(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
+{
+ uint32 size, i;
+ NTSTATUS result;
+ char *out_data = NULL;
+
+ if (argc != 2) {
+ printf("Usage: %s num\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ size = atoi(argv[1]);
+
+ result = cli_echo_source_data(cli, mem_ctx, size, &out_data);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ for (i = 0; i < size; i++) {
+ if (out_data && out_data[i] != (i & 0xff)) {
+ printf("mismatch at offset %d, %d != %d\n",
+ i, out_data[i], i & 0xff);
+ }
+ }
+
+done:
+ return result;
+}
+
+static NTSTATUS cmd_echo_sink_data(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
+{
+ uint32 size, i;
+ NTSTATUS result;
+ char *in_data = NULL;
+
+ if (argc != 2) {
+ printf("Usage: %s num\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ size = atoi(argv[1]);
+ in_data = malloc(size);
+
+ for (i = 0; i < size; i++)
+ in_data[i] = i & 0xff;
+
+ result = cli_echo_sink_data(cli, mem_ctx, size, in_data);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+done:
+ SAFE_FREE(in_data);
+
+ return result;
+}
+
+/* List of commands exported by this module */
+
+struct cmd_set echo_commands[] = {
+
+ { "ECHO" },
+
+ { "echoaddone", RPC_RTYPE_NTSTATUS, cmd_echo_add_one, NULL, PI_ECHO, "Add one to a number", "" },
+ { "echodata", RPC_RTYPE_NTSTATUS, cmd_echo_data, NULL, PI_ECHO, "Echo data", "" },
+ { "sinkdata", RPC_RTYPE_NTSTATUS, cmd_echo_sink_data, NULL, PI_ECHO, "Sink data", "" },
+ { "sourcedata", RPC_RTYPE_NTSTATUS, cmd_echo_source_data, NULL, PI_ECHO, "Source data", "" },
+ { NULL }
+};
diff --git a/source3/stf/smbcontrol.py b/source3/stf/smbcontrol.py
new file mode 100755
index 0000000000..30c331819c
--- /dev/null
+++ b/source3/stf/smbcontrol.py
@@ -0,0 +1,238 @@
+#!/usr/bin/python
+#
+# Test for smbcontrol command line argument handling.
+#
+
+import comfychair
+
+class NoArgs(comfychair.TestCase):
+ """Test no arguments produces usage message."""
+ def runtest(self):
+ out = self.runcmd("smbcontrol", expectedResult = 1)
+ self.assert_re_match("Usage: smbcontrol", out[1])
+
+class OneArg(comfychair.TestCase):
+ """Test single argument produces usage message."""
+ def runtest(self):
+ out = self.runcmd("smbcontrol foo", expectedResult = 1)
+ self.assert_re_match("Usage: smbcontrol", out[1])
+
+class SmbdDest(comfychair.TestCase):
+ """Test the broadcast destination 'smbd'."""
+ def runtest(self):
+ out = self.runcmd("smbcontrol smbd noop")
+
+class NmbdDest(comfychair.TestCase):
+ """Test the destination 'nmbd'."""
+ def runtest(self):
+ # We need a way to start/stop/whatever nmbd
+ raise comfychair.NotRunError, "not implemented"
+
+class PidDest(comfychair.TestCase):
+ """Test a pid number destination'."""
+ def runtest(self):
+ out = self.runcmd("smbcontrol 1234 noop")
+
+class SelfDest(comfychair.TestCase):
+ """Test the destination 'self'."""
+ def runtest(self):
+ out = self.runcmd("smbcontrol self noop")
+
+class WinbinddDest(comfychair.TestCase):
+ """Test the destination 'winbindd'."""
+ def runtest(self):
+ # We need a way to start/stop/whatever winbindd
+ raise comfychair.NotRunError, "not implemented"
+
+class BadDest(comfychair.TestCase):
+ """Test a bad destination."""
+ def runtest(self):
+ out = self.runcmd("smbcontrol foo noop", expectedResult = 1)
+
+class BadCmd(comfychair.TestCase):
+ """Test a bad command."""
+ def runtest(self):
+ out = self.runcmd("smbcontrol self spottyfoot", expectedResult = 1)
+ self.assert_re_match("smbcontrol: unknown command", out[1]);
+
+class NoArgCmdTest(comfychair.TestCase):
+ """A test class that tests a command with no argument."""
+ def runtest(self):
+ self.require_root()
+ out = self.runcmd("smbcontrol self %s" % self.cmd)
+ out = self.runcmd("smbcontrol self %s spottyfoot" % self.cmd,
+ expectedResult = 1)
+
+class ForceElection(NoArgCmdTest):
+ """Test a force-election message."""
+ def setup(self):
+ self.cmd = "force-election"
+
+class SamSync(NoArgCmdTest):
+ """Test a samsync message."""
+ def setup(self):
+ self.cmd = "samsync"
+
+class SamRepl(NoArgCmdTest):
+ """Test a samrepl message."""
+ def setup(self):
+ self.cmd = "samrepl"
+
+class DmallocChanged(NoArgCmdTest):
+ """Test a dmalloc-changed message."""
+ def setup(self):
+ self.cmd = "dmalloc-log-changed"
+
+class DmallocMark(NoArgCmdTest):
+ """Test a dmalloc-mark message."""
+ def setup(self):
+ self.cmd = "dmalloc-mark"
+
+class Shutdown(NoArgCmdTest):
+ """Test a shutdown message."""
+ def setup(self):
+ self.cmd = "shutdown"
+
+class Ping(NoArgCmdTest):
+ """Test a ping message."""
+ def setup(self):
+ self.cmd = "ping"
+
+class Debuglevel(NoArgCmdTest):
+ """Test a debuglevel message."""
+ def setup(self):
+ self.cmd = "debuglevel"
+
+class OneArgCmdTest(comfychair.TestCase):
+ """A test class that tests a command with one argument."""
+ def runtest(self):
+ self.require_root()
+ out = self.runcmd("smbcontrol self %s spottyfoot" % self.cmd)
+ out = self.runcmd("smbcontrol self %s" % self.cmd, expectedResult = 1)
+
+class DrvUpgrade(OneArgCmdTest):
+ """Test driver upgrade message."""
+ def setup(self):
+ self.cmd = "drvupgrade"
+
+class CloseShare(OneArgCmdTest):
+ """Test close share message."""
+ def setup(self):
+ self.cmd = "close-share"
+
+class Debug(OneArgCmdTest):
+ """Test a debug message."""
+ def setup(self):
+ self.cmd = "debug"
+
+class PrintNotify(comfychair.TestCase):
+ """Test print notification commands."""
+ def runtest(self):
+
+ # No subcommand
+
+ out = self.runcmd("smbcontrol self printnotify", expectedResult = 1)
+ self.assert_re_match("Must specify subcommand", out[1]);
+
+ # Invalid subcommand name
+
+ out = self.runcmd("smbcontrol self printnotify spottyfoot",
+ expectedResult = 1)
+ self.assert_re_match("Invalid subcommand", out[1]);
+
+ # Queue commands
+
+ for cmd in ["queuepause", "queueresume"]:
+
+ out = self.runcmd("smbcontrol self printnotify %s" % cmd,
+ expectedResult = 1)
+ self.assert_re_match("Usage:", out[1])
+
+ out = self.runcmd("smbcontrol self printnotify %s spottyfoot"
+ % cmd)
+
+ # Job commands
+
+ for cmd in ["jobpause", "jobresume", "jobdelete"]:
+
+ out = self.runcmd("smbcontrol self printnotify %s" % cmd,
+ expectedResult = 1)
+ self.assert_re_match("Usage:", out[1])
+
+ out = self.runcmd("smbcontrol self printnotify %s spottyfoot"
+ % cmd, expectedResult = 1)
+ self.assert_re_match("Usage:", out[1])
+
+ out = self.runcmd("smbcontrol self printnotify %s spottyfoot 123"
+ % cmd)
+
+ # Printer properties
+
+ out = self.runcmd("smbcontrol self printnotify printer",
+ expectedResult = 1)
+ self.assert_re_match("Usage", out[1])
+
+ out = self.runcmd("smbcontrol self printnotify printer spottyfoot",
+ expectedResult = 1)
+ self.assert_re_match("Usage", out[1])
+
+ for cmd in ["comment", "port", "driver"]:
+
+ out = self.runcmd("smbcontrol self printnotify printer spottyfoot "
+ "%s" % cmd, expectedResult = 1)
+ self.assert_re_match("Usage", out[1])
+
+ out = self.runcmd("smbcontrol self printnotify printer spottyfoot "
+ "%s value" % cmd)
+
+class Profile(comfychair.TestCase):
+ """Test setting the profiling level."""
+ def runtest(self):
+ self.require_root()
+ out = self.runcmd("smbcontrol self profile", expectedResult = 1)
+ self.assert_re_match("Usage", out[1])
+
+ out = self.runcmd("smbcontrol self profile spottyfoot",
+ expectedResult = 1)
+ self.assert_re_match("Unknown", out[1])
+
+ for cmd in ["off", "count", "on", "flush"]:
+ out = self.runcmd("smbcontrol self profile %s" % cmd)
+
+class ProfileLevel(comfychair.TestCase):
+ """Test requesting the current profiling level."""
+ def runtest(self):
+ self.require_root()
+ out = self.runcmd("smbcontrol self profilelevel spottyfoot",
+ expectedResult = 1)
+ self.assert_re_match("Usage", out[1])
+
+ out = self.runcmd("smbcontrol self profilelevel")
+
+class TimeoutArg(comfychair.TestCase):
+ """Test the --timeout argument."""
+ def runtest(self):
+ out = self.runcmd("smbcontrol --timeout 5 self noop")
+ out = self.runcmd("smbcontrol --timeout spottyfoot self noop",
+ expectedResult = 1)
+
+class ConfigFileArg(comfychair.TestCase):
+ """Test the --configfile argument."""
+ def runtest(self):
+ out = self.runcmd("smbcontrol --configfile /dev/null self noop")
+
+class BogusArg(comfychair.TestCase):
+ """Test a bogus command line argument."""
+ def runtest(self):
+ out = self.runcmd("smbcontrol --bogus self noop", expectedResult = 1)
+
+tests = [NoArgs, OneArg, SmbdDest, NmbdDest, WinbinddDest, PidDest,
+ SelfDest, BadDest, BadCmd, Debug, ForceElection, SamSync,
+ SamRepl, DmallocMark, DmallocChanged, Shutdown, DrvUpgrade,
+ CloseShare, Ping, Debuglevel, PrintNotify, Profile, ProfileLevel,
+ TimeoutArg, ConfigFileArg, BogusArg]
+
+# Handle execution of this file as a main program
+
+if __name__ == '__main__':
+ comfychair.main(tests)
diff --git a/source3/stf/unicodenames.py b/source3/stf/unicodenames.py
new file mode 100644
index 0000000000..d4100cb7f9
--- /dev/null
+++ b/source3/stf/unicodenames.py
@@ -0,0 +1,33 @@
+#! /usr/bin/python
+
+# Copyright (C) 2003 by Martin Pool <mbp@samba.org>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+# USA
+
+
+"""
+Defines symbolic names for a few UNICODE characters, to make test
+source code more readable on machines that don't have all the
+necessary fonts.
+
+You can do "import *" on this file safely.
+"""
+
+LATIN_CAPITAL_LETTER_N_WITH_TILDE = u'\u004e'
+LATIN_CAPITAL_LETTER_O_WITH_DIARESIS = u'\u00d6'
+LATIN_SMALL_LETTER_O_WITH_DIARESIS = u'\u00f6'
+
+KATAKANA_LETTER_A = u'\u30a2'
diff --git a/source3/torture/t_push_ucs2.c b/source3/torture/t_push_ucs2.c
new file mode 100644
index 0000000000..8bfc6f7ad9
--- /dev/null
+++ b/source3/torture/t_push_ucs2.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2003 by Martin Pool
+ * Copyright (C) 2003 by Andrew Bartlett
+ *
+ * Test harness for push_ucs2
+ */
+
+#include "includes.h"
+
+static int check_push_ucs2(const char *orig)
+{
+ smb_ucs2_t *dest = NULL;
+ char *orig2 = NULL;
+ int ret;
+
+ push_ucs2_allocate(&dest, orig);
+ pull_ucs2_allocate(&orig2, dest);
+ ret = strcmp(orig, orig2);
+ if (ret) {
+ fprintf(stderr, "orig: %s\n", orig);
+ fprintf(stderr, "orig (UNIX -> UCS2 -> UNIX): %s\n", orig2);
+ }
+
+ SAFE_FREE(dest);
+ SAFE_FREE(orig2);
+
+ return ret;
+}
+
+int main(int argc, char *argv[])
+{
+ int i, ret = 0;
+ int count = 1;
+
+ /* Needed to initialize character set */
+ lp_load("/dev/null", True, False, False);
+
+ if (argc < 2) {
+ fprintf(stderr, "usage: %s STRING1 [COUNT]\n"
+ "Checks that a string translated UNIX->UCS2->UNIX is unchanged\n"
+ "Should be always 0\n",
+ argv[0]);
+ return 2;
+ }
+ if (argc >= 3)
+ count = atoi(argv[2]);
+
+ for (i = 0; ((i < count) && (!ret)); i++)
+ ret = check_push_ucs2(argv[1]);
+
+ printf("%d\n", ret);
+
+ return 0;
+}
diff --git a/source3/torture/t_strcmp.c b/source3/torture/t_strcmp.c
new file mode 100644
index 0000000000..bc8640ee55
--- /dev/null
+++ b/source3/torture/t_strcmp.c
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2003 by Martin Pool
+ *
+ * Test harness for StrCaseCmp
+ */
+
+#include "includes.h"
+
+int main(int argc, char *argv[])
+{
+ int i, ret;
+ int iters = 1;
+
+ /* Needed to initialize character set */
+ lp_load("/dev/null", True, False, False);
+
+ if (argc < 3) {
+ fprintf(stderr, "usage: %s STRING1 STRING2 [ITERS]\n"
+ "Compares two strings, prints the results of StrCaseCmp\n",
+ argv[0]);
+ return 2;
+ }
+ if (argc >= 4)
+ iters = atoi(argv[3]);
+
+ for (i = 0; i < iters; i++)
+ ret = StrCaseCmp(argv[1], argv[2]);
+
+ printf("%d\n", ret);
+
+ return 0;
+}
diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c
new file mode 100644
index 0000000000..c5d0aa869b
--- /dev/null
+++ b/source3/utils/smbcquotas.c
@@ -0,0 +1,545 @@
+/*
+ Unix SMB/CIFS implementation.
+ QUOTA get/set utility
+
+ Copyright (C) Andrew Tridgell 2000
+ Copyright (C) Tim Potter 2000
+ Copyright (C) Jeremy Allison 2000
+ Copyright (C) Stefan (metze) Metzmacher 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static pstring server;
+
+/* numeric is set when the user wants numeric SIDs and ACEs rather
+ than going via LSA calls to resolve them */
+static BOOL numeric;
+static BOOL verbose;
+
+enum todo_values {NOOP_QUOTA=0,FS_QUOTA,USER_QUOTA,LIST_QUOTA,SET_QUOTA};
+enum exit_values {EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR};
+
+static struct cli_state *cli_ipc = NULL;
+static POLICY_HND pol;
+static BOOL got_policy_hnd;
+
+static struct cli_state *connect_one(const char *share);
+
+/* Open cli connection and policy handle */
+
+static BOOL cli_open_policy_hnd(void)
+{
+ /* Initialise cli LSA connection */
+
+ if (!cli_ipc) {
+ cli_ipc = connect_one("IPC$");
+ if (!cli_nt_session_open (cli_ipc, PI_LSARPC)) {
+ return False;
+ }
+ }
+
+ /* Open policy handle */
+
+ if (!got_policy_hnd) {
+
+ /* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED,
+ but NT sends 0x2000000 so we might as well do it too. */
+
+ if (!NT_STATUS_IS_OK(cli_lsa_open_policy(cli_ipc, cli_ipc->mem_ctx, True,
+ GENERIC_EXECUTE_ACCESS, &pol))) {
+ return False;
+ }
+
+ got_policy_hnd = True;
+ }
+
+ return True;
+}
+
+/* convert a SID to a string, either numeric or username/group */
+static void SidToString(fstring str, DOM_SID *sid, BOOL _numeric)
+{
+ char **domains = NULL;
+ char **names = NULL;
+ uint32 *types = NULL;
+
+ sid_to_string(str, sid);
+
+ if (_numeric) return;
+
+ /* Ask LSA to convert the sid to a name */
+
+ if (!cli_open_policy_hnd() ||
+ !NT_STATUS_IS_OK(cli_lsa_lookup_sids(cli_ipc, cli_ipc->mem_ctx,
+ &pol, 1, sid, &domains,
+ &names, &types)) ||
+ !domains || !domains[0] || !names || !names[0]) {
+ return;
+ }
+
+ /* Converted OK */
+
+ slprintf(str, sizeof(fstring) - 1, "%s%s%s",
+ domains[0], lp_winbind_separator(),
+ names[0]);
+
+}
+
+/* convert a string to a SID, either numeric or username/group */
+static BOOL StringToSid(DOM_SID *sid, const char *str)
+{
+ uint32 *types = NULL;
+ DOM_SID *sids = NULL;
+ BOOL result = True;
+
+ if (strncmp(str, "S-", 2) == 0) {
+ return string_to_sid(sid, str);
+ }
+
+ if (!cli_open_policy_hnd() ||
+ !NT_STATUS_IS_OK(cli_lsa_lookup_names(cli_ipc, cli_ipc->mem_ctx,
+ &pol, 1, &str, &sids,
+ &types))) {
+ result = False;
+ goto done;
+ }
+
+ sid_copy(sid, &sids[0]);
+ done:
+
+ return result;
+}
+
+#define QUOTA_GET 1
+#define QUOTA_SETLIM 2
+#define QUOTA_SETFLAGS 3
+#define QUOTA_LIST 4
+
+enum {PARSE_FLAGS,PARSE_LIM};
+
+static int parse_quota_set(pstring set_str, pstring username_str, enum SMB_QUOTA_TYPE *qtype, int *cmd, SMB_NTQUOTA_STRUCT *pqt)
+{
+ char *p = set_str,*p2;
+ int todo;
+ BOOL stop = False;
+ BOOL enable = False;
+ BOOL deny = False;
+
+ if (strncasecmp(set_str,"UQLIM:",6)==0) {
+ p += 6;
+ *qtype = SMB_USER_QUOTA_TYPE;
+ *cmd = QUOTA_SETLIM;
+ todo = PARSE_LIM;
+ if ((p2=strstr(p,":"))==NULL) {
+ return -1;
+ }
+
+ *p2 = '\0';
+ p2++;
+
+ fstrcpy(username_str,p);
+ p = p2;
+ } else if (strncasecmp(set_str,"FSQLIM:",7)==0) {
+ p +=7;
+ *qtype = SMB_USER_FS_QUOTA_TYPE;
+ *cmd = QUOTA_SETLIM;
+ todo = PARSE_LIM;
+ } else if (strncasecmp(set_str,"FSQFLAGS:",9)==0) {
+ p +=9;
+ todo = PARSE_FLAGS;
+ *qtype = SMB_USER_FS_QUOTA_TYPE;
+ *cmd = QUOTA_SETFLAGS;
+ } else {
+ return -1;
+ }
+
+ switch (todo) {
+ case PARSE_LIM:
+#if defined(HAVE_LONGLONG)
+ if (sscanf(p,"%llu/%llu",&pqt->softlim,&pqt->hardlim)!=2) {
+#else
+ if (sscanf(p,"%lu/%lu",&pqt->softlim,&pqt->hardlim)!=2) {
+#endif
+ return -1;
+ }
+
+ break;
+ case PARSE_FLAGS:
+ while (!stop) {
+
+ if ((p2=strstr(p,"/"))==NULL) {
+ stop = True;
+ } else {
+ *p2 = '\0';
+ p2++;
+ }
+
+ if (strncasecmp(p,"QUOTA_ENABLED",13)==0) {
+ enable = True;
+ } else if (strncasecmp(p,"DENY_DISK",9)==0) {
+ deny = True;
+ } else if (strncasecmp(p,"LOG_SOFTLIMIT",13)==0) {
+ pqt->qflags |= QUOTAS_LOG_THRESHOLD;
+ } else if (strncasecmp(p,"LOG_HARDLIMIT",13)==0) {
+ pqt->qflags |= QUOTAS_LOG_LIMIT;
+ } else {
+ return -1;
+ }
+
+ p=p2;
+ }
+
+ if (deny) {
+ pqt->qflags |= QUOTAS_DENY_DISK;
+ } else if (enable) {
+ pqt->qflags |= QUOTAS_ENABLED;
+ }
+
+ break;
+ }
+
+ return 0;
+}
+
+static int do_quota(struct cli_state *cli, enum SMB_QUOTA_TYPE qtype, uint16 cmd, pstring username_str, SMB_NTQUOTA_STRUCT *pqt)
+{
+ uint32 fs_attrs = 0;
+ int quota_fnum = 0;
+ SMB_NTQUOTA_LIST *qtl = NULL;
+ SMB_NTQUOTA_STRUCT qt;
+ ZERO_STRUCT(qt);
+
+ if (!cli_get_fs_attr_info(cli, &fs_attrs)) {
+ d_printf("Failed to get the filesystem attributes %s.\n",
+ cli_errstr(cli));
+ return -1;
+ }
+
+ if (!(fs_attrs & FILE_VOLUME_QUOTAS)) {
+ d_printf("Quotas are not supported by the server.\n");
+ return 0;
+ }
+
+ if (!cli_get_quota_handle(cli, &quota_fnum)) {
+ d_printf("Failed to open \\%s %s.\n",
+ FAKE_FILE_NAME_QUOTA,cli_errstr(cli));
+ return -1;
+ }
+
+ switch(qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ if (!StringToSid(&qt.sid, username_str)) {
+ d_printf("StringToSid() failed for [%s]\n",username_str);
+ return -1;
+ }
+
+ switch(cmd) {
+ case QUOTA_GET:
+ if (!cli_get_user_quota(cli, quota_fnum, &qt)) {
+ d_printf("%s cli_get_user_quota %s\n",
+ cli_errstr(cli),username_str);
+ return -1;
+ }
+ dump_ntquota(&qt,verbose,numeric,SidToString);
+ break;
+ case QUOTA_SETLIM:
+ pqt->sid = qt.sid;
+ if (!cli_set_user_quota(cli, quota_fnum, pqt)) {
+ d_printf("%s cli_set_user_quota %s\n",
+ cli_errstr(cli),username_str);
+ return -1;
+ }
+ if (!cli_get_user_quota(cli, quota_fnum, &qt)) {
+ d_printf("%s cli_get_user_quota %s\n",
+ cli_errstr(cli),username_str);
+ return -1;
+ }
+ dump_ntquota(&qt,verbose,numeric,SidToString);
+ break;
+ case QUOTA_LIST:
+ if (!cli_list_user_quota(cli, quota_fnum, &qtl)) {
+ d_printf("%s cli_set_user_quota %s\n",
+ cli_errstr(cli),username_str);
+ return -1;
+ }
+ dump_ntquota_list(&qtl,verbose,numeric,SidToString);
+ free_ntquota_list(&qtl);
+ break;
+ default:
+ d_printf("Unknown Error\n");
+ return -1;
+ }
+ break;
+ case SMB_USER_FS_QUOTA_TYPE:
+ switch(cmd) {
+ case QUOTA_GET:
+ if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
+ d_printf("%s cli_get_fs_quota_info\n",
+ cli_errstr(cli));
+ return -1;
+ }
+ dump_ntquota(&qt,True,numeric,NULL);
+ break;
+ case QUOTA_SETLIM:
+ if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
+ d_printf("%s cli_get_fs_quota_info\n",
+ cli_errstr(cli));
+ return -1;
+ }
+ qt.softlim = pqt->softlim;
+ qt.hardlim = pqt->hardlim;
+ if (!cli_set_fs_quota_info(cli, quota_fnum, &qt)) {
+ d_printf("%s cli_set_fs_quota_info\n",
+ cli_errstr(cli));
+ return -1;
+ }
+ if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
+ d_printf("%s cli_get_fs_quota_info\n",
+ cli_errstr(cli));
+ return -1;
+ }
+ dump_ntquota(&qt,True,numeric,NULL);
+ break;
+ case QUOTA_SETFLAGS:
+ if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
+ d_printf("%s cli_get_fs_quota_info\n",
+ cli_errstr(cli));
+ return -1;
+ }
+ qt.qflags = pqt->qflags;
+ if (!cli_set_fs_quota_info(cli, quota_fnum, &qt)) {
+ d_printf("%s cli_set_fs_quota_info\n",
+ cli_errstr(cli));
+ return -1;
+ }
+ if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
+ d_printf("%s cli_get_fs_quota_info\n",
+ cli_errstr(cli));
+ return -1;
+ }
+ dump_ntquota(&qt,True,numeric,NULL);
+ break;
+ default:
+ d_printf("Unknown Error\n");
+ return -1;
+ }
+ break;
+ default:
+ d_printf("Unknown Error\n");
+ return -1;
+ }
+
+ cli_close(cli, quota_fnum);
+
+ return 0;
+}
+
+/*****************************************************
+return a connection to a server
+*******************************************************/
+static struct cli_state *connect_one(const char *share)
+{
+ struct cli_state *c;
+ struct in_addr ip;
+ NTSTATUS nt_status;
+ zero_ip(&ip);
+
+ if (!cmdline_auth_info.got_pass) {
+ char *pass = getpass("Password: ");
+ if (pass) {
+ pstrcpy(cmdline_auth_info.password, pass);
+ cmdline_auth_info.got_pass = True;
+ }
+ }
+
+ if (NT_STATUS_IS_OK(nt_status = cli_full_connection(&c, global_myname(), server,
+ &ip, 0,
+ share, "?????",
+ cmdline_auth_info.username, lp_workgroup(),
+ cmdline_auth_info.password, 0, NULL))) {
+ return c;
+ } else {
+ DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));
+ return NULL;
+ }
+}
+
+/****************************************************************************
+ main program
+****************************************************************************/
+ int main(int argc, const char *argv[])
+{
+ char *share;
+ int opt;
+ int result;
+ int todo = 0;
+ pstring username_str = {0};
+ pstring path = {0};
+ pstring set_str = {0};
+ enum SMB_QUOTA_TYPE qtype;
+ int cmd = 0;
+ BOOL test_args = False;
+ struct cli_state *cli;
+ BOOL fix_user = False;
+ SMB_NTQUOTA_STRUCT qt;
+ poptContext pc;
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ { "user", 'u', POPT_ARG_STRING, NULL, 'u', "Show quotas for user", "user" },
+ { "list", 'L', POPT_ARG_NONE, NULL, 'L', "List user quotas" },
+ { "fs", 'F', POPT_ARG_NONE, NULL, 'F', "Show filesystem quotas" },
+ { "set", 'S', POPT_ARG_STRING, NULL, 'S', "Set acls\n\
+SETSTRING:\n\
+UQLIM:<username>/<softlimit>/<hardlimit> for user quotas\n\
+FSQLIM:<softlimit>/<hardlimit> for filesystem defaults\n\
+FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" },
+ { "numeric", 'n', POPT_ARG_NONE, &numeric, True, "Don't resolve sids or limits to names" },
+ { "verbose", 'v', POPT_ARG_NONE, &verbose, True, "be verbose" },
+ { "test-args", 't', POPT_ARG_NONE, &test_args, True, "Test arguments"},
+ POPT_COMMON_SAMBA
+ POPT_COMMON_CREDENTIALS
+ { NULL }
+ };
+
+ ZERO_STRUCT(qt);
+
+ setlinebuf(stdout);
+
+ dbf = x_stderr;
+
+ fault_setup(NULL);
+
+ setup_logging(argv[0],True);
+
+
+ lp_load(dyn_CONFIGFILE,True,False,False);
+ load_interfaces();
+
+ pc = poptGetContext("smbcquotas", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "//server1/share1");
+
+ while ((opt = poptGetNextOpt(pc)) != -1) {
+ switch (opt) {
+ case 'L':
+ if (todo != 0) {
+ d_printf("Please specify only one option of <-L|-F|-S|-u>\n");
+ exit(EXIT_PARSE_ERROR);
+ }
+ todo = LIST_QUOTA;
+ break;
+
+ case 'F':
+ if (todo != 0) {
+ d_printf("Please specify only one option of <-L|-F|-S|-u>\n");
+ exit(EXIT_PARSE_ERROR);
+ }
+ todo = FS_QUOTA;
+ break;
+
+ case 'u':
+ if (todo != 0) {
+ d_printf("Please specify only one option of <-L|-F|-S|-u>\n");
+ exit(EXIT_PARSE_ERROR);
+ }
+ pstrcpy(username_str,poptGetOptArg(pc));
+ todo = USER_QUOTA;
+ fix_user = True;
+ break;
+
+ case 'S':
+ if (todo != 0) {
+ d_printf("Please specify only one option of <-L|-F|-S|-u>\n");
+ exit(EXIT_PARSE_ERROR);
+ }
+ pstrcpy(set_str,poptGetOptArg(pc));
+ todo = SET_QUOTA;
+ break;
+ }
+ }
+
+ if (todo == 0)
+ todo = USER_QUOTA;
+
+ if (!fix_user)
+ pstrcpy(username_str,cmdline_auth_info.username);
+
+ /* Make connection to server */
+ if(!poptPeekArg(pc)) {
+ poptPrintUsage(pc, stderr, 0);
+ exit(EXIT_PARSE_ERROR);
+ }
+
+ pstrcpy(path, poptGetArg(pc));
+
+ all_string_sub(path,"/","\\",0);
+
+ pstrcpy(server,path+2);
+ share = strchr_m(server,'\\');
+ if (!share) {
+ share = strchr_m(server,'/');
+ if (!share) {
+ printf("Invalid argument: %s\n", share);
+ exit(EXIT_PARSE_ERROR);
+ }
+ }
+
+ *share = 0;
+ share++;
+
+ if (todo == SET_QUOTA) {
+ if (parse_quota_set(set_str, username_str, &qtype, &cmd, &qt)) {
+ printf("Invalid argument: -S %s\n", set_str);
+ exit(EXIT_PARSE_ERROR);
+ }
+ }
+
+ if (!test_args) {
+ cli = connect_one(share);
+ if (!cli) {
+ exit(EXIT_FAILED);
+ }
+ } else {
+ exit(EXIT_OK);
+ }
+
+
+ /* Perform requested action */
+
+ switch (todo) {
+ case FS_QUOTA:
+ result = do_quota(cli,SMB_USER_FS_QUOTA_TYPE, QUOTA_GET, username_str, NULL);
+ break;
+ case LIST_QUOTA:
+ result = do_quota(cli,SMB_USER_QUOTA_TYPE, QUOTA_LIST, username_str, NULL);
+ break;
+ case USER_QUOTA:
+ result = do_quota(cli,SMB_USER_QUOTA_TYPE, QUOTA_GET, username_str, NULL);
+ break;
+ case SET_QUOTA:
+ result = do_quota(cli, qtype, cmd, username_str, &qt);
+ break;
+ default:
+
+ result = EXIT_FAILED;
+ break;
+ }
+
+ return result;
+}
+