From 1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 16 Jul 2003 05:42:34 +0000 Subject: ading new files from 3.0 (This used to be commit 99feae7b5b1c229a925367b87c0c0f636d9a2d75) --- docs/docbook/devdoc/.cvsignore | 1 + docs/docbook/devdoc/vfs.xml | 797 +++++++++++++++++++++ docs/docbook/devdoc/windows-debug.xml | 19 + docs/docbook/manpages/profiles.1.sgml | 86 +++ docs/docbook/projdoc/.cvsignore | 1 + docs/docbook/projdoc/Backup.xml | 36 + docs/docbook/projdoc/DNS-DHCP-Configuration.xml | 17 + docs/docbook/projdoc/FastStart.xml | 17 + docs/docbook/projdoc/HighAvailability.xml | 17 + docs/docbook/projdoc/WindowsClientConfig.xml | 17 + docs/docbook/smbdotconf/misc/valid.xml | 18 + .../docbook/smbdotconf/printing/totalprintjobs.xml | 22 + .../smbdotconf/protocol/clientusespnego.xml | 13 + docs/docbook/smbdotconf/protocol/mapaclinherit.xml | 17 + docs/docbook/smbdotconf/protocol/profileacls.xml | 33 + .../smbdotconf/security/clientlanmanauth.xml | 28 + .../smbdotconf/security/clientntlmv2auth.xml | 26 + docs/docbook/smbdotconf/vfs/vfsobjects.xml | 14 + .../smbdotconf/winbind/enableridalgorithm.xml | 17 + docs/docbook/smbdotconf/winbind/idmapgid.xml | 18 + docs/docbook/smbdotconf/winbind/idmapuid.xml | 14 + .../smbdotconf/winbind/templateprimarygroup.xml | 14 + .../winbind/winbindenablelocalaccounts.xml | 16 + .../winbind/winbindtrusteddomainsonly.xml | 16 + docs/docbook/xslt/generate-attributions.xsl | 67 ++ 25 files changed, 1341 insertions(+) create mode 100644 docs/docbook/devdoc/.cvsignore create mode 100644 docs/docbook/devdoc/vfs.xml create mode 100644 docs/docbook/devdoc/windows-debug.xml create mode 100644 docs/docbook/manpages/profiles.1.sgml create mode 100644 docs/docbook/projdoc/.cvsignore create mode 100644 docs/docbook/projdoc/Backup.xml create mode 100644 docs/docbook/projdoc/DNS-DHCP-Configuration.xml create mode 100644 docs/docbook/projdoc/FastStart.xml create mode 100644 docs/docbook/projdoc/HighAvailability.xml create mode 100644 docs/docbook/projdoc/WindowsClientConfig.xml create mode 100644 docs/docbook/smbdotconf/misc/valid.xml create mode 100644 docs/docbook/smbdotconf/printing/totalprintjobs.xml create mode 100644 docs/docbook/smbdotconf/protocol/clientusespnego.xml create mode 100644 docs/docbook/smbdotconf/protocol/mapaclinherit.xml create mode 100644 docs/docbook/smbdotconf/protocol/profileacls.xml create mode 100644 docs/docbook/smbdotconf/security/clientlanmanauth.xml create mode 100644 docs/docbook/smbdotconf/security/clientntlmv2auth.xml create mode 100644 docs/docbook/smbdotconf/vfs/vfsobjects.xml create mode 100644 docs/docbook/smbdotconf/winbind/enableridalgorithm.xml create mode 100644 docs/docbook/smbdotconf/winbind/idmapgid.xml create mode 100644 docs/docbook/smbdotconf/winbind/idmapuid.xml create mode 100644 docs/docbook/smbdotconf/winbind/templateprimarygroup.xml create mode 100644 docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml create mode 100644 docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml create mode 100644 docs/docbook/xslt/generate-attributions.xsl (limited to 'docs/docbook') diff --git a/docs/docbook/devdoc/.cvsignore b/docs/docbook/devdoc/.cvsignore new file mode 100644 index 0000000000..3bbac303f5 --- /dev/null +++ b/docs/docbook/devdoc/.cvsignore @@ -0,0 +1 @@ +attributions.xml diff --git a/docs/docbook/devdoc/vfs.xml b/docs/docbook/devdoc/vfs.xml new file mode 100644 index 0000000000..ed2afef53e --- /dev/null +++ b/docs/docbook/devdoc/vfs.xml @@ -0,0 +1,797 @@ + + + + AlexanderBokovoy + +
ab@samba.org
+ + + + StefanMetzmacher + +
metze@metzemix.de
+ + + 27 May 2003 + + +VFS Modules + + +The Samba (Posix) VFS layer + + +The general interface + + +Each VFS operation has a vfs_op_type, a function pointer and a handle pointer in the +struct vfs_ops and tree macros to make it easier to call the operations. +(Take a look at include/vfs.h and include/vfs_macros.h.) + + + +typedef enum _vfs_op_type { + SMB_VFS_OP_NOOP = -1, + + ... + + /* File operations */ + + SMB_VFS_OP_OPEN, + SMB_VFS_OP_CLOSE, + SMB_VFS_OP_READ, + SMB_VFS_OP_WRITE, + SMB_VFS_OP_LSEEK, + SMB_VFS_OP_SENDFILE, + + ... + + SMB_VFS_OP_LAST +} vfs_op_type; + + +This struct contains the function and handle pointers for all operations. +struct vfs_ops { + struct vfs_fn_pointers { + ... + + /* File operations */ + + int (*open)(struct vfs_handle_struct *handle, + struct connection_struct *conn, + const char *fname, int flags, mode_t mode); + int (*close)(struct vfs_handle_struct *handle, + struct files_struct *fsp, int fd); + ssize_t (*read)(struct vfs_handle_struct *handle, + struct files_struct *fsp, int fd, void *data, size_t n); + ssize_t (*write)(struct vfs_handle_struct *handle, + struct files_struct *fsp, int fd, + const void *data, size_t n); + SMB_OFF_T (*lseek)(struct vfs_handle_struct *handle, + struct files_struct *fsp, int fd, + SMB_OFF_T offset, int whence); + ssize_t (*sendfile)(struct vfs_handle_struct *handle, + int tofd, files_struct *fsp, int fromfd, + const DATA_BLOB *header, SMB_OFF_T offset, size_t count); + + ... + } ops; + + struct vfs_handles_pointers { + ... + + /* File operations */ + + struct vfs_handle_struct *open; + struct vfs_handle_struct *close; + struct vfs_handle_struct *read; + struct vfs_handle_struct *write; + struct vfs_handle_struct *lseek; + struct vfs_handle_struct *sendfile; + + ... + } handles; +}; + + + +This macros SHOULD be used to call any vfs operation. +DO NOT ACCESS conn->vfs.ops.* directly !!! + +... + +/* File operations */ +#define SMB_VFS_OPEN(conn, fname, flags, mode) \ + ((conn)->vfs.ops.open((conn)->vfs.handles.open,\ + (conn), (fname), (flags), (mode))) +#define SMB_VFS_CLOSE(fsp, fd) \ + ((fsp)->conn->vfs.ops.close(\ + (fsp)->conn->vfs.handles.close, (fsp), (fd))) +#define SMB_VFS_READ(fsp, fd, data, n) \ + ((fsp)->conn->vfs.ops.read(\ + (fsp)->conn->vfs.handles.read,\ + (fsp), (fd), (data), (n))) +#define SMB_VFS_WRITE(fsp, fd, data, n) \ + ((fsp)->conn->vfs.ops.write(\ + (fsp)->conn->vfs.handles.write,\ + (fsp), (fd), (data), (n))) +#define SMB_VFS_LSEEK(fsp, fd, offset, whence) \ + ((fsp)->conn->vfs.ops.lseek(\ + (fsp)->conn->vfs.handles.lseek,\ + (fsp), (fd), (offset), (whence))) +#define SMB_VFS_SENDFILE(tofd, fsp, fromfd, header, offset, count) \ + ((fsp)->conn->vfs.ops.sendfile(\ + (fsp)->conn->vfs.handles.sendfile,\ + (tofd), (fsp), (fromfd), (header), (offset), (count))) + +... + + + + + +Possible VFS operation layers + + +These values are used by the VFS subsystem when building the conn->vfs +and conn->vfs_opaque structs for a connection with multiple VFS modules. +Internally, Samba differentiates only opaque and transparent layers at this process. +Other types are used for providing better diagnosing facilities. + + + +Most modules will provide transparent layers. Opaque layer is for modules +which implement actual file system calls (like DB-based VFS). For example, +default POSIX VFS which is built in into Samba is an opaque VFS module. + + + +Other layer types (logger, splitter, scanner) were designed to provide different +degree of transparency and for diagnosing VFS module behaviour. + + + +Each module can implement several layers at the same time provided that only +one layer is used per each operation. + + + +typedef enum _vfs_op_layer { + SMB_VFS_LAYER_NOOP = -1, /* - For using in VFS module to indicate end of array */ + /* of operations description */ + SMB_VFS_LAYER_OPAQUE = 0, /* - Final level, does not call anything beyond itself */ + SMB_VFS_LAYER_TRANSPARENT, /* - Normal operation, calls underlying layer after */ + /* possibly changing passed data */ + SMB_VFS_LAYER_LOGGER, /* - Logs data, calls underlying layer, logging may not */ + /* use Samba VFS */ + SMB_VFS_LAYER_SPLITTER, /* - Splits operation, calls underlying layer _and_ own facility, */ + /* then combines result */ + SMB_VFS_LAYER_SCANNER /* - Checks data and possibly initiates additional */ + /* file activity like logging to files _inside_ samba VFS */ +} vfs_op_layer; + + + + + + + +The Interaction between the Samba VFS subsystem and the modules + + +Initialization and registration + + +As each Samba module a VFS module should have a +NTSTATUS vfs_example_init(void); function if it's staticly linked to samba or +NTSTATUS init_module(void); function if it's a shared module. + + + +This should be the only non static function inside the module. +Global variables should also be static! + + + +The module should register its functions via the + +NTSTATUS smb_register_vfs(int version, const char *name, vfs_op_tuple *vfs_op_tuples); + function. + + + + +version +should be filled with SMB_VFS_INTERFACE_VERSION + + +name +this is the name witch can be listed in the +vfs objects parameter to use this module. + + +vfs_op_tuples + +this is an array of vfs_op_tuple's. +(vfs_op_tuples is descripted in details below.) + + + + + + +For each operation the module wants to provide it has a entry in the +vfs_op_tuple array. + + + +typedef struct _vfs_op_tuple { + void* op; + vfs_op_type type; + vfs_op_layer layer; +} vfs_op_tuple; + + + + +op +the function pointer to the specified function. + + +type +the vfs_op_type of the function to specified witch operation the function provides. + + +layer +the vfs_op_layer in whitch the function operates. + + + + +A simple example: + + +static vfs_op_tuple example_op_tuples[] = { + {SMB_VFS_OP(example_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(example_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT}, + + {SMB_VFS_OP(example_rename), SMB_VFS_OP_RENAME, SMB_VFS_LAYER_OPAQUE}, + + /* This indicates the end of the array */ + {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} +}; + +NTSTATUS init_module(void) +{ + return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "example", example_op_tuples); +} + + + + + +How the Modules handle per connection data + +Each VFS function has as first parameter a pointer to the modules vfs_handle_struct. + + + +typedef struct vfs_handle_struct { + struct vfs_handle_struct *next, *prev; + const char *param; + struct vfs_ops vfs_next; + struct connection_struct *conn; + void *data; + void (*free_data)(void **data); +} vfs_handle_struct; + + + + +param +this is the module parameter specified in the vfs objects parameter. +e.g. for 'vfs objects = example:test' param would be "test". + + +vfs_next +This vfs_ops struct contains the information for calling the next module operations. +Use the SMB_VFS_NEXT_* macros to call a next module operations and +don't access handle->vfs_next.ops.* directly! + + +conn +This is a pointer back to the connection_struct to witch the handle belongs. + + +data +This is a pointer for holding module private data. +You can alloc data with connection life time on the handle->conn->mem_ctx TALLOC_CTX. +But you can also manage the memory allocation yourself. + + +free_data +This is a function pointer to a function that free's the module private data. +If you talloc your private data on the TALLOC_CTX handle->conn->mem_ctx, +you can set this function pointer to NULL. + + + + +Some useful MACROS for handle private data. + + + +#define SMB_VFS_HANDLE_GET_DATA(handle, datap, type, ret) { \ + if (!(handle)||((datap=(type *)(handle)->data)==NULL)) { \ + DEBUG(0,("%s() failed to get vfs_handle->data!\n",FUNCTION_MACRO)); \ + ret; \ + } \ +} + +#define SMB_VFS_HANDLE_SET_DATA(handle, datap, free_fn, type, ret) { \ + if (!(handle)) { \ + DEBUG(0,("%s() failed to set handle->data!\n",FUNCTION_MACRO)); \ + ret; \ + } else { \ + if ((handle)->free_data) { \ + (handle)->free_data(&(handle)->data); \ + } \ + (handle)->data = (void *)datap; \ + (handle)->free_data = free_fn; \ + } \ +} + +#define SMB_VFS_HANDLE_FREE_DATA(handle) { \ + if ((handle) && (handle)->free_data) { \ + (handle)->free_data(&(handle)->data); \ + } \ +} + + +How SMB_VFS_LAYER_TRANSPARENT functions can call the SMB_VFS_LAYER_OPAQUE functions. + +The easiest way to do this is to use the SMB_VFS_OPAQUE_* macros. + + + +... +/* File operations */ +#define SMB_VFS_OPAQUE_OPEN(conn, fname, flags, mode) \ + ((conn)->vfs_opaque.ops.open(\ + (conn)->vfs_opaque.handles.open,\ + (conn), (fname), (flags), (mode))) +#define SMB_VFS_OPAQUE_CLOSE(fsp, fd) \ + ((fsp)->conn->vfs_opaque.ops.close(\ + (fsp)->conn->vfs_opaque.handles.close,\ + (fsp), (fd))) +#define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) \ + ((fsp)->conn->vfs_opaque.ops.read(\ + (fsp)->conn->vfs_opaque.handles.read,\ + (fsp), (fd), (data), (n))) +#define SMB_VFS_OPAQUE_WRITE(fsp, fd, data, n) \ + ((fsp)->conn->vfs_opaque.ops.write(\ + (fsp)->conn->vfs_opaque.handles.write,\ + (fsp), (fd), (data), (n))) +#define SMB_VFS_OPAQUE_LSEEK(fsp, fd, offset, whence) \ + ((fsp)->conn->vfs_opaque.ops.lseek(\ + (fsp)->conn->vfs_opaque.handles.lseek,\ + (fsp), (fd), (offset), (whence))) +#define SMB_VFS_OPAQUE_SENDFILE(tofd, fsp, fromfd, header, offset, count) \ + ((fsp)->conn->vfs_opaque.ops.sendfile(\ + (fsp)->conn->vfs_opaque.handles.sendfile,\ + (tofd), (fsp), (fromfd), (header), (offset), (count))) +... + + +How SMB_VFS_LAYER_TRANSPARENT functions can call the next modules functions. + +The easiest way to do this is to use the SMB_VFS_NEXT_* macros. + + + +... +/* File operations */ +#define SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode) \ + ((handle)->vfs_next.ops.open(\ + (handle)->vfs_next.handles.open,\ + (conn), (fname), (flags), (mode))) +#define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) \ + ((handle)->vfs_next.ops.close(\ + (handle)->vfs_next.handles.close,\ + (fsp), (fd))) +#define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) \ + ((handle)->vfs_next.ops.read(\ + (handle)->vfs_next.handles.read,\ + (fsp), (fd), (data), (n))) +#define SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n) \ + ((handle)->vfs_next.ops.write(\ + (handle)->vfs_next.handles.write,\ + (fsp), (fd), (data), (n))) +#define SMB_VFS_NEXT_LSEEK(handle, fsp, fd, offset, whence) \ + ((handle)->vfs_next.ops.lseek(\ + (handle)->vfs_next.handles.lseek,\ + (fsp), (fd), (offset), (whence))) +#define SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, header, offset, count) \ + ((handle)->vfs_next.ops.sendfile(\ + (handle)->vfs_next.handles.sendfile,\ + (tofd), (fsp), (fromfd), (header), (offset), (count))) +... + + + + + + + +Upgrading to the New VFS Interface + + +Upgrading from 2.2.* and 3.0aplha modules + + + +Add "vfs_handle_struct *handle, " as first parameter to all vfs operation functions. +e.g. example_connect(connection_struct *conn, const char *service, const char *user); +-> example_connect(vfs_handle_struct *handle, connection_struct *conn, const char *service, const char *user); + + + +Replace "default_vfs_ops." with "smb_vfs_next_". +e.g. default_vfs_ops.connect(conn, service, user); +-> smb_vfs_next_connect(conn, service, user); + + + +Uppercase all "smb_vfs_next_*" functions. +e.g. smb_vfs_next_connect(conn, service, user); +-> SMB_VFS_NEXT_CONNECT(conn, service, user); + + + +Add "handle, " as first parameter to all SMB_VFS_NEXT_*() calls. +e.g. SMB_VFS_NEXT_CONNECT(conn, service, user); +-> SMB_VFS_NEXT_CONNECT(handle, conn, service, user); + + + +(Only for 2.2.* modules) +Convert the old struct vfs_ops example_ops to +a vfs_op_tuple example_op_tuples[] array. +e.g. + +struct vfs_ops example_ops = { + /* Disk operations */ + example_connect, /* connect */ + example_disconnect, /* disconnect */ + NULL, /* disk free * + /* Directory operations */ + NULL, /* opendir */ + NULL, /* readdir */ + NULL, /* mkdir */ + NULL, /* rmdir */ + NULL, /* closedir */ + /* File operations */ + NULL, /* open */ + NULL, /* close */ + NULL, /* read */ + NULL, /* write */ + NULL, /* lseek */ + NULL, /* sendfile */ + NULL, /* rename */ + NULL, /* fsync */ + example_stat, /* stat */ + example_fstat, /* fstat */ + example_lstat, /* lstat */ + NULL, /* unlink */ + NULL, /* chmod */ + NULL, /* fchmod */ + NULL, /* chown */ + NULL, /* fchown */ + NULL, /* chdir */ + NULL, /* getwd */ + NULL, /* utime */ + NULL, /* ftruncate */ + NULL, /* lock */ + NULL, /* symlink */ + NULL, /* readlink */ + NULL, /* link */ + NULL, /* mknod */ + NULL, /* realpath */ + NULL, /* fget_nt_acl */ + NULL, /* get_nt_acl */ + NULL, /* fset_nt_acl */ + NULL, /* set_nt_acl */ + + NULL, /* chmod_acl */ + NULL, /* fchmod_acl */ + + NULL, /* sys_acl_get_entry */ + NULL, /* sys_acl_get_tag_type */ + NULL, /* sys_acl_get_permset */ + NULL, /* sys_acl_get_qualifier */ + NULL, /* sys_acl_get_file */ + NULL, /* sys_acl_get_fd */ + NULL, /* sys_acl_clear_perms */ + NULL, /* sys_acl_add_perm */ + NULL, /* sys_acl_to_text */ + NULL, /* sys_acl_init */ + NULL, /* sys_acl_create_entry */ + NULL, /* sys_acl_set_tag_type */ + NULL, /* sys_acl_set_qualifier */ + NULL, /* sys_acl_set_permset */ + NULL, /* sys_acl_valid */ + NULL, /* sys_acl_set_file */ + NULL, /* sys_acl_set_fd */ + NULL, /* sys_acl_delete_def_file */ + NULL, /* sys_acl_get_perm */ + NULL, /* sys_acl_free_text */ + NULL, /* sys_acl_free_acl */ + NULL /* sys_acl_free_qualifier */ +}; + +-> + +static vfs_op_tuple example_op_tuples[] = { + {SMB_VFS_OP(example_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(example_disconnect), SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT}, + + {SMB_VFS_OP(example_fstat), SMB_VFS_OP_FSTAT, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(example_stat), SMB_VFS_OP_STAT, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(example_lstat), SMB_VFS_OP_LSTAT, SMB_VFS_LAYER_TRANSPARENT}, + + {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} +}; + + + + +Move the example_op_tuples[] array to the end of the file. + + + +Add the init_module() function at the end of the file. +e.g. + +NTSTATUS init_module(void) +{ + return smb_register_vfs(SMB_VFS_INTERFACE_VERSION,"example",example_op_tuples); +} + + + + +Check if your vfs_init() function does more then just prepare the vfs_ops structs or +remember the struct smb_vfs_handle_struct. + +If NOT you can remove the vfs_init() function. +If YES decide if you want to move the code to the example_connect() operation or to the init_module(). And then remove vfs_init(). + e.g. a debug class registration should go into init_module() and the allocation of private data should go to example_connect(). + + + + +(Only for 3.0alpha* modules) +Check if your vfs_done() function contains needed code. + +If NOT you can remove the vfs_done() function. +If YES decide if you can move the code to the example_disconnect() operation. Otherwise register a SMB_EXIT_EVENT with smb_register_exit_event(); (Described in the modules section) And then remove vfs_done(). e.g. the freeing of private data should go to example_disconnect(). + + + + + +Check if you have any global variables left. +Decide if it wouldn't be better to have this data on a connection basis. + + If NOT leave them as they are. (e.g. this could be the variable for the private debug class.) + If YES pack all this data into a struct. You can use handle->data to point to such a struct on a per connection basis. + + + e.g. if you have such a struct: + +struct example_privates { + char *some_string; + int db_connection; +}; + +first way of doing it: + +static int example_connect(vfs_handle_struct *handle, + connection_struct *conn, const char *service, + const char* user) +{ + struct example_privates *data = NULL; + + /* alloc our private data */ + data = (struct example_privates *)talloc_zero(conn->mem_ctx, sizeof(struct example_privates)); + if (!data) { + DEBUG(0,("talloc_zero() failed\n")); + return -1; + } + + /* init out private data */ + data->some_string = talloc_strdup(conn->mem_ctx,"test"); + if (!data->some_string) { + DEBUG(0,("talloc_strdup() failed\n")); + return -1; + } + + data->db_connection = open_db_conn(); + + /* and now store the private data pointer in handle->data + * we don't need to specify a free_function here because + * we use the connection TALLOC context. + * (return -1 if something failed.) + */ + VFS_HANDLE_SET_DATA(handle, data, NULL, struct example_privates, return -1); + + return SMB_VFS_NEXT_CONNECT(handle,conn,service,user); +} + +static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd) +{ + struct example_privates *data = NULL; + + /* get the pointer to our private data + * return -1 if something failed + */ + SMB_VFS_HANDLE_GET_DATA(handle, data, struct example_privates, return -1); + + /* do something here...*/ + DEBUG(0,("some_string: %s\n",data->some_string)); + + return SMB_VFS_NEXT_CLOSE(handle, fsp, fd); +} + +second way of doing it: + +static void free_example_privates(void **datap) +{ + struct example_privates *data = (struct example_privates *)*datap; + + SAFE_FREE(data->some_string); + SAFE_FREE(data); + + *datap = NULL; + + return; +} + +static int example_connect(vfs_handle_struct *handle, + connection_struct *conn, const char *service, + const char* user) +{ + struct example_privates *data = NULL; + + /* alloc our private data */ + data = (struct example_privates *)malloc(sizeof(struct example_privates)); + if (!data) { + DEBUG(0,("malloc() failed\n")); + return -1; + } + + /* init out private data */ + data->some_string = strdup("test"); + if (!data->some_string) { + DEBUG(0,("strdup() failed\n")); + return -1; + } + + data->db_connection = open_db_conn(); + + /* and now store the private data pointer in handle->data + * we need to specify a free_function because we used malloc() and strdup(). + * (return -1 if something failed.) + */ + SMB_VFS_HANDLE_SET_DATA(handle, data, free_example_privates, struct example_privates, return -1); + + return SMB_VFS_NEXT_CONNECT(handle,conn,service,user); +} + +static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd) +{ + struct example_privates *data = NULL; + + /* get the pointer to our private data + * return -1 if something failed + */ + SMB_VFS_HANDLE_GET_DATA(handle, data, struct example_privates, return -1); + + /* do something here...*/ + DEBUG(0,("some_string: %s\n",data->some_string)); + + return SMB_VFS_NEXT_CLOSE(handle, fsp, fd); +} + + + + +To make it easy to build 3rd party modules it would be usefull to provide +configure.in, (configure), install.sh and Makefile.in with the module. +(Take a look at the example in examples/VFS.) + + + +The configure script accepts to specify +the path to the samba source tree. +It also accept which lets the compiler +give you more warnings. + + + +The idea is that you can extend this +configure.in and Makefile.in scripts +for your module. + + + +Compiling & Testing... + +./configure ... +make +Try to fix all compiler warnings +make +Testing, Testing, Testing ... + + + + + + + + +Some Notes + + +Implement TRANSPARENT functions + + +Avoid writing functions like this: + + +static int example_close(vfs_handle_struct *handle, files_struct *fsp, int fd) +{ + return SMB_VFS_NEXT_CLOSE(handle, fsp, fd); +} + + +Overload only the functions you really need to! + + + + + +Implement OPAQUE functions + + +If you want to just implement a better version of a +default samba opaque function +(e.g. like a disk_free() function for a special filesystem) +it's ok to just overload that specific function. + + + +If you want to implement a database filesystem or +something different from a posix filesystem. +Make sure that you overload every vfs operation!!! + + +Functions your FS does not support should be overloaded by something like this: +e.g. for a readonly filesystem. + + + +static int example_rename(vfs_handle_struct *handle, connection_struct *conn, + char *oldname, char *newname) +{ + DEBUG(10,("function rename() not allowed on vfs 'example'\n")); + errno = ENOSYS; + return -1; +} + + + + + + + diff --git a/docs/docbook/devdoc/windows-debug.xml b/docs/docbook/devdoc/windows-debug.xml new file mode 100644 index 0000000000..3535c38dbd --- /dev/null +++ b/docs/docbook/devdoc/windows-debug.xml @@ -0,0 +1,19 @@ + + + &author.jelmer; + &author.tridge; + + + Finding useful information on windows + + Netlogon debugging output + + + stop netlogon service on PDC + rename original netlogon.dll to netlogon.dll.original + copy checked version of netlogon.dll to system32 directory + set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag to 0x20000004 + start netlogon service on PDC + + + diff --git a/docs/docbook/manpages/profiles.1.sgml b/docs/docbook/manpages/profiles.1.sgml new file mode 100644 index 0000000000..6fd2b6fd86 --- /dev/null +++ b/docs/docbook/manpages/profiles.1.sgml @@ -0,0 +1,86 @@ + %globalentities; +]> + + + + profiles + 1 + + + + + profiles + A utility to report and change SIDs in registry files + + + + + + profiles + -v + -c SID + -n SID + file + + + + + DESCRIPTION + + This tool is part of the Samba + 7 suite. + + profiles is a utility that + reports and changes SIDs in windows registry files. It currently only + supports NT. + + + + + + OPTIONS + + + + file + Registry file to view or edit. + + + + + -v,--verbose + Increases verbosity of messages. + + + + + -c SID1 -n SID2 + Change all occurences of SID1 in file by SID2. + + + + &stdarg.help; + + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The profiles man page was written by Jelmer Vernooij. + + + diff --git a/docs/docbook/projdoc/.cvsignore b/docs/docbook/projdoc/.cvsignore new file mode 100644 index 0000000000..3bbac303f5 --- /dev/null +++ b/docs/docbook/projdoc/.cvsignore @@ -0,0 +1 @@ +attributions.xml diff --git a/docs/docbook/projdoc/Backup.xml b/docs/docbook/projdoc/Backup.xml new file mode 100644 index 0000000000..b3c37aba53 --- /dev/null +++ b/docs/docbook/projdoc/Backup.xml @@ -0,0 +1,36 @@ + + + &author.jht; + + +Samba Backup Techniques + + +Note + + +This chapter did not make it into this release. +It is planned for the published release of this document. +If you have something to contribute for this section please email it to +jht@samba.org/ + + + + + +Features and Benefits + + +We need feedback from people who are backing up samba servers. +We would like to know what software tools you are using to backup +your samba server/s. + + + +In particular, if you have any success and / or failure stories you could +share with other users this would be appreciated. + + + + + diff --git a/docs/docbook/projdoc/DNS-DHCP-Configuration.xml b/docs/docbook/projdoc/DNS-DHCP-Configuration.xml new file mode 100644 index 0000000000..21bda63276 --- /dev/null +++ b/docs/docbook/projdoc/DNS-DHCP-Configuration.xml @@ -0,0 +1,17 @@ + + + &author.jht; + + +DNS and DHCP Configuration Guide + + +Note + + +This chapter did not make it into this release. +It is planned for the published release of this document. + + + + diff --git a/docs/docbook/projdoc/FastStart.xml b/docs/docbook/projdoc/FastStart.xml new file mode 100644 index 0000000000..a1aee9b7df --- /dev/null +++ b/docs/docbook/projdoc/FastStart.xml @@ -0,0 +1,17 @@ + + + &author.jht; + + +Fast Start for the Impatient + + +Note + + +This chapter did not make it into this release. +It is planned for the published release of this document. + + + + diff --git a/docs/docbook/projdoc/HighAvailability.xml b/docs/docbook/projdoc/HighAvailability.xml new file mode 100644 index 0000000000..3cd7fac807 --- /dev/null +++ b/docs/docbook/projdoc/HighAvailability.xml @@ -0,0 +1,17 @@ + + + &author.jht; + + +High Availability Options + + +Note + + +This chapter did not make it into this release. +It is planned for the published release of this document. + + + + diff --git a/docs/docbook/projdoc/WindowsClientConfig.xml b/docs/docbook/projdoc/WindowsClientConfig.xml new file mode 100644 index 0000000000..ea1d4d5aa3 --- /dev/null +++ b/docs/docbook/projdoc/WindowsClientConfig.xml @@ -0,0 +1,17 @@ + + + &author.jht; + + +MS Windows Network Configuration Guide + + +Note + + +This chapter did not make it into this release. +It is planned for the published release of this document. + + + + diff --git a/docs/docbook/smbdotconf/misc/valid.xml b/docs/docbook/smbdotconf/misc/valid.xml new file mode 100644 index 0000000000..b5756f0afe --- /dev/null +++ b/docs/docbook/smbdotconf/misc/valid.xml @@ -0,0 +1,18 @@ + + + This parameter indicates whether a share is + valid and thus can be used. When this parameter is set to false, + the share will be in no way visible nor accessible. + + + + This option should not be + used by regular users but might be of help to developers. + Samba uses this option internally to mark shares as deleted. + + + Default: True + + diff --git a/docs/docbook/smbdotconf/printing/totalprintjobs.xml b/docs/docbook/smbdotconf/printing/totalprintjobs.xml new file mode 100644 index 0000000000..ccdb137a69 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/totalprintjobs.xml @@ -0,0 +1,22 @@ + + + This parameter accepts an integer value which defines + a limit on the maximum number of print jobs that will be accepted + system wide at any given time. If a print job is submitted + by a client which will exceed this number, then smbd + 8 will return an + error indicating that no space is available on the server. The + default value of 0 means that no such limit exists. This parameter + can be used to prevent a server from exceeding its capacity and is + designed as a printing throttle. See also + max print jobs. + + + Default: total print jobs = 0 + + Example: total print jobs = 5000 + + diff --git a/docs/docbook/smbdotconf/protocol/clientusespnego.xml b/docs/docbook/smbdotconf/protocol/clientusespnego.xml new file mode 100644 index 0000000000..df25fbfb20 --- /dev/null +++ b/docs/docbook/smbdotconf/protocol/clientusespnego.xml @@ -0,0 +1,13 @@ + + + This variable controls controls whether samba clients will try + to use Simple and Protected NEGOciation (as specified by rfc2478) with + WindowsXP and Windows2000 servers to agree upon an authentication mechanism. + + + Default: client use spnego = yes + + diff --git a/docs/docbook/smbdotconf/protocol/mapaclinherit.xml b/docs/docbook/smbdotconf/protocol/mapaclinherit.xml new file mode 100644 index 0000000000..5b8ed7f656 --- /dev/null +++ b/docs/docbook/smbdotconf/protocol/mapaclinherit.xml @@ -0,0 +1,17 @@ + + + This boolean parameter controls whether smbd + 8 will attempt to map the 'inherit' and 'protected' + access control entry flags stored in Windows ACLs into an extended attribute + called user.SAMBA_PAI. This parameter only takes effect if Samba is being run + on a platform that supports extended attributes (Linux and IRIX so far) and + allows the Windows 2000 ACL editor to correctly use inheritance with the Samba + POSIX ACL mapping code. + + + Default: map acl inherit = no + + diff --git a/docs/docbook/smbdotconf/protocol/profileacls.xml b/docs/docbook/smbdotconf/protocol/profileacls.xml new file mode 100644 index 0000000000..6f2b3ec510 --- /dev/null +++ b/docs/docbook/smbdotconf/protocol/profileacls.xml @@ -0,0 +1,33 @@ + + + This boolean parameter controls whether smbd + 8 + This boolean parameter was added to fix the problems that people have been + having with storing user profiles on Samba shares from Windows 2000 or + Windows XP clients. New versions of Windows 2000 or Windows XP service + packs do security ACL checking on the owner and ability to write of the + profile directory stored on a local workstation when copied from a Samba + share. When not in domain mode with winbindd then the security info copied + onto the local workstation has no meaning to the logged in user (SID) on + that workstation so the profile storing fails. Adding this parameter + onto a share used for profile storage changes two things about the + returned Windows ACL. Firstly it changes the owner and group owner + of all reported files and directories to be BUILTIN\\Administrators, + BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly + it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to + every returned ACL. This will allow any Windows 2000 or XP workstation + user to access the profile. Note that if you have multiple users logging + on to a workstation then in order to prevent them from being able to access + each others profiles you must remove the "Bypass traverse checking" advanced + user right. This will prevent access to other users profile directories as + the top level profile directory (named after the user) is created by the + workstation profile code and has an ACL restricting entry to the directory + tree to the owning user. + + + Default: profile acls = no + + diff --git a/docs/docbook/smbdotconf/security/clientlanmanauth.xml b/docs/docbook/smbdotconf/security/clientlanmanauth.xml new file mode 100644 index 0000000000..a427198ea3 --- /dev/null +++ b/docs/docbook/smbdotconf/security/clientlanmanauth.xml @@ -0,0 +1,28 @@ + + + This parameter determines whether or not smbclient + 8 and other samba client + tools will attempt to authenticate itself to servers using the + weaker LANMAN password hash. If disabled, only server which support NT + password hashes (e.g. Windows NT/2000, Samba, etc... but not + Windows 95/98) will be able to be connected from the Samba client. + + The LANMAN encrypted response is easily broken, due to it's + case-insensitive nature, and the choice of algorithm. Clients + without Windows 95/98 servers are advised to disable + this option. + + Disabling this option will also disable the client plaintext auth option + + Likewise, if the client ntlmv2 + auth parameter is enabled, then only NTLMv2 logins will be + attempted. Not all servers support NTLMv2, and most will require + special configuration to us it. + + Default : client lanman auth = yes + + diff --git a/docs/docbook/smbdotconf/security/clientntlmv2auth.xml b/docs/docbook/smbdotconf/security/clientntlmv2auth.xml new file mode 100644 index 0000000000..0bf196488b --- /dev/null +++ b/docs/docbook/smbdotconf/security/clientntlmv2auth.xml @@ -0,0 +1,26 @@ + + + This parameter determines whether or not smbclient + 8 will attempt to + authenticate itself to servers using the NTLMv2 encrypted password + response. + + If enabled, only an NTLMv2 and LMv2 response (both much more + secure than earlier versions) will be sent. Many servers + (including NT4 < SP4, Win9x and Samba 2.2) are not compatible with + NTLMv2. + + If disabled, an NTLM response (and possibly a LANMAN response) + will be sent by the client, depending on the value of client lanman auth. + + Note that some sites (particularly + those following 'best practice' security polices) only allow NTLMv2 + responses, and not the weaker LM or NTLM. + + Default : client ntlmv2 auth = no + + diff --git a/docs/docbook/smbdotconf/vfs/vfsobjects.xml b/docs/docbook/smbdotconf/vfs/vfsobjects.xml new file mode 100644 index 0000000000..32a10b5bd6 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/vfsobjects.xml @@ -0,0 +1,14 @@ + + + This parameter specifies the backend names which + are used for Samba VFS I/O operations. By default, normal + disk I/O operations are used but these can be overloaded + with one or more VFS objects. + + Default: no value + + Example: vfs objects = extd_audit recycle + + diff --git a/docs/docbook/smbdotconf/winbind/enableridalgorithm.xml b/docs/docbook/smbdotconf/winbind/enableridalgorithm.xml new file mode 100644 index 0000000000..86786f0734 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/enableridalgorithm.xml @@ -0,0 +1,17 @@ + + + This option is used to control whether or not smbd in Samba 3.0 should fallback + to the algorithm used by Samba 2.2 to generate user and group RIDs. The longterm + development goal is to remove the algorithmic mappings of RIDs altogether, but + this has proved to be difficult. This parameter is mainly provided so that + developers can turn the algorithm on and off and see what breaks. This parameter + should not be disabled by non-developers because certain features in Samba will fail + to work without it. + + + Default: enable rid algorithm = <yes> + + diff --git a/docs/docbook/smbdotconf/winbind/idmapgid.xml b/docs/docbook/smbdotconf/winbind/idmapgid.xml new file mode 100644 index 0000000000..8bd46a80c6 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/idmapgid.xml @@ -0,0 +1,18 @@ + + + + The idmap gid parameter specifies the range of group ids that are allocated for + the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no + existing local or NIS groups within it as strange conflicts can occur otherwise. + + The availability of an idmap gid range is essential for correct operation of + all group mapping. + + Default: idmap gid = <empty string> + + Example: idmap gid = 10000-20000 + + diff --git a/docs/docbook/smbdotconf/winbind/idmapuid.xml b/docs/docbook/smbdotconf/winbind/idmapuid.xml new file mode 100644 index 0000000000..5e6a245bfe --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/idmapuid.xml @@ -0,0 +1,14 @@ + + + The idmap uid parameter specifies the range of user ids that are allocated for use + in mapping UNIX users to NT user SIDs. This range of ids should have no existing local + or NIS users within it as strange conflicts can occur otherwise. + + Default: idmap uid = <empty string> + + Example: idmap uid = 10000-20000 + + diff --git a/docs/docbook/smbdotconf/winbind/templateprimarygroup.xml b/docs/docbook/smbdotconf/winbind/templateprimarygroup.xml new file mode 100644 index 0000000000..bd59ea7ee0 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/templateprimarygroup.xml @@ -0,0 +1,14 @@ + + + This option defines the default primary group for + each user created by winbindd + 8's local account management + functions (similar to the 'add user script'). + + + Default: template primary group = nobody + + diff --git a/docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml b/docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml new file mode 100644 index 0000000000..f6e7cfb359 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml @@ -0,0 +1,16 @@ + + + This parameter controls whether or not winbindd + will act as a stand in replacement for the various account + management hooks in smb.conf (e.g. 'add user script'). + If enabled, winbindd will support the creation of local + users and groups as another source of UNIX account information + available via getpwnam() or getgrgid(), etc... + + + Default: winbind enable local accounts = yes + + diff --git a/docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml b/docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml new file mode 100644 index 0000000000..bf383131d4 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml @@ -0,0 +1,16 @@ + + + This parameter is designed to allow Samba servers that + are members of a Samba controlled domain to use UNIX accounts + distributed vi NIS, rsync, or LDAP as the uid's for winbindd users + in the hosts primary domain. Therefore, the user 'SAMBA\user1' would + be mapped to the account 'user1' in /etc/passwd instead of allocating + a new uid for him or her. + + + Default: winbind trusted domains only = <no> + + diff --git a/docs/docbook/xslt/generate-attributions.xsl b/docs/docbook/xslt/generate-attributions.xsl new file mode 100644 index 0000000000..c781a77cc4 --- /dev/null +++ b/docs/docbook/xslt/generate-attributions.xsl @@ -0,0 +1,67 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + < + + + mailto: + + + + + > + + + + + ( + + ) + + + + + + + -- cgit