diff --git a/GNUmakefile b/GNUmakefile new file mode 100644 index 0000000..0f9fc6b --- /dev/null +++ b/GNUmakefile @@ -0,0 +1,228 @@ +########################################################################### +# +# This program is part of Zenoss Core, an open source monitoring platform. +# Copyright (C) 2008-2010, Zenoss Inc. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2, or (at your +# option) any later version, as published by the Free Software Foundation. +# +# For complete information please visit: http://www.zenoss.com/oss/ +# +########################################################################### +build: pywmi-build +install: pywmi-installed +all: build install +.PHONY: clean debug tarball + +WMI_BUILD_TARGETS = proto bin/wmic bin/winexe libraries +SAMBA_SRCDIR = Samba/source +ZENOSS_BINDIR = $(ZENHOME)/bin +ZENPYTHON = $(ZENOSS_BINDIR)/python +PYTHON ?= $(ZENPYTHON) +PYTHON_EXISTS := $(wildcard $(PYTHON)) + +# Assuming python was found, tease out path to headers we should +# compile against: e.g., $ZENHOME/include/python#.# +# Extract WMI version for subversion tagging as desired. +# +ifeq ($(PYTHON_EXISTS),$(PYTHON)) +PY_INCDIR = $(shell $(PYTHON) pyinclude.py) +GET_VERSION = "import version as v; print v.VERSION" +WMI_VERSION := $(shell cd pysamba ; $(PYTHON) -c $(GET_VERSION)) +WMI_CPPFLAGS := -I$(PY_INCDIR) +endif + +# Install dir for libasync_wmi_lib.so.* and pysamba wrapper code. +# e.g., Samba/source/bin/shared/libasync_wmi_lib.so.0.0.1 --> $(PY_LIBDIR) +# +PY_LIBDIR = $(ZENHOME)/lib/python + +#-------------------------------------------------------------------------# +# A key deliverable of this build process is the libasync_wmi shared # +# library. Derive the complete filename for this target from config data # +# and the build platform so we know precisely what should get built and # +# installed. # +# # +# e.g., libasync_wmi_lib.dylib versus libasync_wmi_lib.so.0.0.2 # +#-------------------------------------------------------------------------# +LIBASYNC_WMI_LIB_BASENAME = libasync_wmi_lib +WMI_CONFIG_MK = $(SAMBA_SRCDIR)/wmi/config.mk +LIBASYNC_WMI_LIB_VERSION_nnn = $(shell fgrep -A1 "[LIBRARY::async_wmi_lib]" $(WMI_CONFIG_MK) | sed -e "s/^VERSION=\(.*\)/\1/g" | tail -1) +LIBASYNC_WMI_LIB_VERSION_n = $(shell fgrep -A2 "[LIBRARY::async_wmi_lib]" $(WMI_CONFIG_MK) | sed -e "s/^SO_VERSION=\(.*\)/\1/g" | tail -1) +ifeq ($(shell uname), Darwin) +LIBASYNC_WMI_LIB = $(LIBASYNC_WMI_LIB_BASENAME).dylib.$(LIBASYNC_WMI_LIB_VERSION_nnn) +else +# e.g., libasync_wmi_lib.so.0.0.2 and libasync_wmi_lib.so.0 respectively +LIBASYNC_WMI_LIB := $(LIBASYNC_WMI_LIB_BASENAME).so.$(LIBASYNC_WMI_LIB_VERSION_nnn) +LIBASYNC_WMI_LIB_SO_N := $(LIBASYNC_WMI_LIB_BASENAME).so.$(LIBASYNC_WMI_LIB_VERSION_n) +endif +PATHED_LIBASYNC_WMI_LIB := $(SAMBA_SRCDIR)/bin/shared/$(LIBASYNC_WMI_LIB) + +#-------------------------------------------------------------------------# +# Google Breakpad Integration # +#-------------------------------------------------------------------------# +# libasync_wmi_lib.so can be built with google-breakpad crash reporting. # +# http://code.google.com/p/google-breakpad # +# # +# Minidumps are typically written to /tmp. # +# See: Samba/source/librpc/rpc/dcerpc.c # +#-------------------------------------------------------------------------# +# Comment out the next line to disable google-breakpad dependency. +#ifneq ($(shell uname), Darwin) +#USE_BREAKPAD = 1 +#endif + +ifneq ($(USE_BREAKPAD),) +breakpad_CPPFLAGS = -DBREAKPAD +WMI_CPPFLAGS += $(breakpad_CPPFLAGS) +breakpad_LIB = libbreakpad_client.a +breakpad_LIBDIR ?= $(ZENHOME)/lib +_fqp_breakpad_LIB := $(DESTDIR)$(breakpad_LIBDIR)/$(breakpad_LIB) +fqp_breakpad_LIB = $(patsubst //%,/%,$(_fqp_breakpad_LIB)) +breakpad_LIB_SYMLINK = $(SAMBA_SRCDIR)/bin/static/$(breakpad_LIB) +endif +#-------------------------------------------------------------------------# + +# Check existence of a directory or file. Bail out of the build if it is missing. +# +define check + @if [ "$1" = "directory" ]; then \ + if [ ! -d "$2" ];then \ + echo $3 | awk '{printf("Missing: %-20s\n",$$1)}';\ + exit 1 ;\ + else \ + echo "$3 $2" | awk '{printf("Found: %-20s %20s\n",$$1,$$2)}' 1>/dev/null;\ + fi ;\ + fi + @if [ "$1" = "file" ]; then \ + if [ ! -f "$2" ];then \ + echo "$3 $2" | awk '{printf("Missing: %-20s %s\n",$$1,$$2)}';\ + exit 1 ;\ + else \ + echo "$3 $2" | awk '{printf("Found: %-20s %20s\n",$$1,$$2)}' 1>/dev/null;\ + fi ;\ + fi +endef + +build-prereqs: + @echo + @echo "Checking prequisites for building WMI" + $(call check,directory,$(ZENHOME),"ZENHOME") + $(call check,file,$(PYTHON),"PYTHON") + $(call check,directory,$(PY_INCDIR),"PY_INCDIR") +ifneq ($(USE_BREAKPAD),) + @if [ ! -f "$(fqp_breakpad_LIB)" ];then \ + echo "Unable to find the google breakpad client library we require at:" ;\ + echo " $(fqp_breakpad_LIB)" ;\ + echo ;\ + echo "Either comment out USE_BREAKPAD in this makefile or build the" ;\ + echo "breakpad library." ;\ + echo ;\ + exit 1 ;\ + fi +endif + @touch $@ + +install-prereqs: + @echo + @echo "Checking prequisites for installing WMI" + $(call check,directory,$(ZENHOME),"ZENHOME") + $(call check,directory,$(DESTDIR)$(ZENOSS_BINDIR),"ZENOSS_BINDIR") + $(call check,directory,$(DESTDIR)$(PY_LIBDIR),"PY_LIBDIR") + @touch $@ + +LIBRPC_CONFIG_MK = $(SAMBA_SRCDIR)/librpc/config.mk +ifeq ($(USE_BREAKPAD),) +LIBRPC_CONFIG_MK_NOBP = $(SAMBA_SRCDIR)/librpc/config.mk.nobreakpad +$(LIBRPC_CONFIG_MK): $(LIBRPC_CONFIG_MK_NOBP) + cp $< $@ +else +# Tell the build how to link against the breakpad library. +# e.g., Muck with Samba/source/librpc/config.mk to provide that visibility. +# +LIBRPC_CONFIG_MK_BP = $(SAMBA_SRCDIR)/librpc/config.mk.breakpad +LIBRPC_CONFIG_TAG := $(fqp_breakpad_LIB) +$(LIBRPC_CONFIG_MK): $(LIBRPC_CONFIG_MK_BP) + sed -e "s|_sed_tag_libbreakpad_client_path_|$(LIBRPC_CONFIG_TAG)|" $< >$@ || rm $@ + +# Create symlink to actual google breakpad library. +# e.g., Samba/source/bin/static/libbreakpad_client.a -> /actual/path/to/libbreakpad_client.a +$(breakpad_LIB_SYMLINK): $(fqp_breakpad_LIB) + @if [ ! -d "$(@D)" ];then \ + mkdir -p $(@D) ;\ + fi + ln -sf $(fqp_breakpad_LIB) $@ +endif + +$(SAMBA_SRCDIR)/Makefile: $(SAMBA_SRCDIR)/autogen.sh + cd $(SAMBA_SRCDIR) ;\ + ./autogen.sh ;\ + CPPFLAGS="$(WMI_CPPFLAGS)" ./configure --without-readline --enable-debug + +ifeq ($(USE_BREAKPAD),) +pywmi-build: build-prereqs $(LIBRPC_CONFIG_MK) $(SAMBA_SRCDIR)/Makefile +else +pywmi-build: build-prereqs $(LIBRPC_CONFIG_MK) $(SAMBA_SRCDIR)/Makefile $(breakpad_LIB_SYMLINK) +endif + cd $(SAMBA_SRCDIR);\ + $(MAKE) $(WMI_BUILD_TARGETS) ;\ + touch $@ + +pywmi-installed: install-prereqs $(DESTDIR)$(PY_LIBDIR) $(DESTDIR)$(ZENOSS_BINDIR) $(SAMBA_SRCDIR)/bin/wmic $(SAMBA_SRCDIR)/bin/winexe $(PATHED_LIBASYNC_WMI_LIB) + cp $(SAMBA_SRCDIR)/bin/wmic $(DESTDIR)$(ZENOSS_BINDIR) + cp $(SAMBA_SRCDIR)/bin/winexe $(DESTDIR)$(ZENOSS_BINDIR) +ifeq ($(shell uname), Darwin) + -(cd $(DESTDIR)$(PY_LIBDIR) && rm -f $(LIBASYNC_WMI_LIB_BASENAME)*) + cp $(PATHED_LIBASYNC_WMI_LIB) $(DESTDIR)$(PY_LIBDIR)/$(LIBASYNC_WMI_LIB_BASENAME).$(LIBASYNC_WMI_LIB_VERSION_nnn).dylib + (cd $(DESTDIR)$(PY_LIBDIR) && ln -sf $(LIBASYNC_WMI_LIB_BASENAME).$(LIBASYNC_WMI_LIB_VERSION_nnn).dylib $(LIBASYNC_WMI_LIB_BASENAME).dylib) +else + -(cd $(DESTDIR)$(PY_LIBDIR) && rm -f $(LIBASYNC_WMI_LIB_BASENAME)*) + cp $(PATHED_LIBASYNC_WMI_LIB) $(DESTDIR)$(PY_LIBDIR) + (cd $(DESTDIR)$(PY_LIBDIR) && ln -sf $(LIBASYNC_WMI_LIB) $(LIBASYNC_WMI_LIB_SO_N)) +endif + rm -rf $(DESTDIR)$(PY_LIBDIR)/pysamba + cp -r pysamba $(DESTDIR)$(PY_LIBDIR) + +$(DESTDIR)$(ZENOSS_BINDIR) $(DESTDIR)$(PY_LIBDIR): + mkdir -p $@ + +clean: $(LIBRPC_CONFIG_MK) + -if [ -f "$(SAMBA_SRCDIR)/Makefile" ] ; then\ + cd $(SAMBA_SRCDIR) ;\ + make distclean ;\ + fi + rm -f $(SAMBA_SRCDIR)/bin/shared/* + rm -f $(SAMBA_SRCDIR)/bin/static/* + rm -f $(SAMBA_SRCDIR)/heimdal/lib/des/hcrypto + rm -f build-prereqs + rm -f install-prereqs + rm -f $(LIBRPC_CONFIG_MK) + @-[ -L $(breakpad_LIB_SYMLINK) ] && rm -f $(breakpad_LIB_SYMLINK) + +tarball: + -svn rm -m 'cleanup' http://dev.zenoss.org/svn/tags/wmi-$(WMI_VERSION) + svn cp -m "tagging wmi-$(WMI_VERSION)" http://dev.zenoss.org/svn/trunk/wmi http://dev.zenoss.org/svn/tags/wmi-$(WMI_VERSION) + svn export http://dev.zenoss.org/svn/tags/wmi-$(WMI_VERSION) + tar -cjf ../wmi-$(WMI_VERSION).tar.bz2 wmi-$(WMI_VERSION) + rm -rf wmi-$(WMI_VERSION) + +debug: + @echo "WMI_VERSION = $(WMI_VERSION)" + @echo "SAMBA_SRCDIR = $(SAMBA_SRCDIR)" + @echo "PY_INCDIR = $(PY_INCDIR)" + @echo "PY_LIBDIR = $(PY_LIBDIR)" + @echo "ZENOSS_BINDIR = $(ZENOSS_BINDIR)" + @echo "PYTHON = $(PYTHON_EXISTS)" + @echo "WMI_CONFIGURE CPPFLAGS="$(WMI_CPPFLAGS)" ./configure --without-readline --enable-debug" + @echo "WMI_MAKE $(MAKE) $(WMI_BUILD_TARGETS)" +ifeq ($(USE_BREAKPAD),) + @echo "USE_BREAKPAD [ disabled ]" +else + @echo "LIBRPC_CONFIG_TAG = $(LIBRPC_CONFIG_TAG)" + @echo "USE_BREAKPAD [ enabled ]" + @echo "breakpad_CPPFLAGS = $(breakpad_CPPFLAGS)" + @echo "breakpad_LIB = $(breakpad_LIB)" + @echo "breakpad_LIBDIR = $(breakpad_LIBDIR)" + @echo "fqp_breakpad_LIB = $(fqp_breakpad_LIB)" +endif diff --git a/Samba/.bzrignore b/Samba/.bzrignore new file mode 100644 index 0000000..30535bf --- /dev/null +++ b/Samba/.bzrignore @@ -0,0 +1,134 @@ +source/lib/gencache/gencache.h +source/lib/ldb/bin +*.pc +autom4te.cache +*.d +*.o +*.x +*.hd +*.ho +Makefile +configure +source/bin/* +config.log +source/config.mk +config.status +config.cache +source/extra_cflags.txt +source/version.h +source/heimdal/lib/des/hcrypto +source/build/smb_build/config.pm +source/auth/auth_proto.h +source/auth/auth_sam.h +source/auth/pam_errors.h +source/auth/credentials/credentials_proto.h +source/auth/gensec/gensec_proto.h +source/auth/gensec/schannel_proto.h +source/auth/gensec/schannel_state.h +source/auth/gensec/spnego_proto.h +source/auth/kerberos/proto.h +source/auth/ntlmssp/msrpc_parse.h +source/auth/ntlmssp/proto.h +source/cldap_server/proto.h +source/dsdb/samdb/samdb_proto.h +source/heimdal/lib/asn1/asn1_* +source/heimdal/lib/asn1/krb5_asn1.h +source/heimdal/lib/asn1/krb5_asn1_files +source/heimdal/lib/gssapi/asn1_*.c +source/heimdal/lib/gssapi/spnego_asn1.h +source/heimdal/lib/gssapi/spnego_asn1_files +source/heimdal/lib/hdb/asn1_*.c +source/heimdal/lib/hdb/hdb_asn1.h +source/heimdal/lib/hdb/hdb_asn1_files +source/heimdal/lib/hdb/hdb_err.? +source/heimdal/lib/krb5/heim_err.? +source/heimdal/lib/krb5/k524_err.? +source/heimdal/lib/krb5/krb5_err.? +source/heimdal/lib/roken/vis.h +source/include/build.h +config.h +config.h.in +source/include/config_tmp.h +source/include/config_tmp.h.in +source/ldap_server/proto.h +source/lib/db_wrap_proto.h +source/lib/charset/charset_proto.h +source/lib/cmdline/credentials.h +source/lib/ldb/samba/ldif_handlers.h +source/lib/registry/reg_backend_rpc.h +source/lib/registry/regf.h +source/lib/registry/registry_proto.h +source/lib/registry/tdr_regf.c +source/lib/registry/tdr_regf.h +source/lib/samba3/samba3_proto.h +source/lib/socket/netif_proto.h +source/lib/tdr/tdr_proto.h +source/lib/util/pidfile.h +source/lib/util/unix_privs.h +source/lib/util/util_proto.h +source/lib/util/wrap_xattr.h +source/libcli/finddcs.h +source/libcli/libcli_proto.h +source/libcli/auth/proto.h +source/libcli/composite/proto.h +source/libcli/ldap/ldap_proto.h +source/libcli/nbt/nbt_proto.h +source/libcli/nbt/nbtname.h +source/libcli/raw/raw_proto.h +source/libcli/resolve/proto.h +source/libcli/security/proto.h +source/libcli/smb2/smb2_proto.h +source/libcli/smb_composite/proto.h +source/libcli/util/asn1_proto.h +source/libcli/util/clilsa.h +source/libcli/util/proto.h +source/libcli/wrepl/winsrepl_proto.h +source/libnet/libnet_proto.h +source/librpc/gen_ndr +source/librpc/ndr/libndr_proto.h +source/librpc/ndr/ndr_compression.h +source/librpc/ndr/ndr_spoolss_buf.h +source/librpc/rpc/dcerpc_proto.h +source/librpc/rpc/dcerpc_table.h +source/nbt_server/nbt_server_proto.h +source/nbt_server/dgram/proto.h +source/nbt_server/wins/winsdb_proto.h +source/nbt_server/wins/winsserver_proto.h +source/ntptr/ntptr_proto.h +source/ntvfs/ntvfs_proto.h +source/ntvfs/common/proto.h +source/ntvfs/ipc/proto.h +source/ntvfs/posix/vfs_posix_proto.h +source/ntvfs/simple/proto.h +source/param/proto.h +source/param/share_proto.h +source/passdb/proto.h +source/rpc_server/dcerpc_server_proto.h +source/rpc_server/common/proto.h +source/rpc_server/samr/proto.h +source/rpc_server/srvsvc/proto.h +source/scripting/ejs/proto.h +source/smb_server/service_smb_proto.h +source/smb_server/smb_server_proto.h +source/smb_server/smb/smb_proto.h +source/smb_server/smb2/smb2_proto.h +source/smbd/process_model_proto.h +source/smbd/service_proto.h +source/torture/proto.h +source/torture/util.h +source/torture/auth/proto.h +source/torture/basic/proto.h +source/torture/ldap/proto.h +source/torture/libnet/proto.h +source/torture/local/proto.h +source/torture/nbench/proto.h +source/torture/nbt/proto.h +source/torture/raw/proto.h +source/torture/rpc/proto.h +source/torture/smb2/proto.h +source/utils/net/net_proto.h +source/web_server/proto.h +source/winbind/wb_helper.h +source/winbind/wb_proto.h +source/wrepl_server/wrepl_server_proto.h +tags diff --git a/Samba/BUGS.txt b/Samba/BUGS.txt new file mode 100644 index 0000000..906b291 --- /dev/null +++ b/Samba/BUGS.txt @@ -0,0 +1,6 @@ +Samba 4 is still feature incomplete. If you are using it for anything other +than education you are insane. + +Please file bug reports at https://bugzilla.samba.org/, product: Samba4. +Please include as much information as possible, such as SVN revision number +and backtraces. diff --git a/Samba/COPYING b/Samba/COPYING new file mode 100644 index 0000000..a43ea21 --- /dev/null +++ b/Samba/COPYING @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 675 Mass Ave, Cambridge, MA 02139, USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + Appendix: How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/Samba/NEWS b/Samba/NEWS new file mode 100644 index 0000000..44c84a4 --- /dev/null +++ b/Samba/NEWS @@ -0,0 +1,512 @@ +This file aims to document the major changes since the latest released version +of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems +and uses a different internal format for most data. Since this +file is an initial draft, please update missing items. + +One of the main goals of Samba 4 was Active Directory Domain Controller +support. This means Samba now implements several protocols that are required +by AD such as Kerberos and DNS. + +An (experimental) upgrade script that performs a one-way upgrade +from Samba 3 is available in source/setup/upgrade. + +Removal of nmbd and introduction of process models +================================================== +smbd now implements several network protocols other than just CIFS and +DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports +various 'process models' that specify how concurrent connections are +handled (when to fork, use threads, etc). + +Introduction of LDB +=================== +Samba now stores most of its persistent data in a LDAP-like database +called LDB (see ldb(7) for more info). + +Much improved SWAT +================== +SWAT has had some rather large improvements and is now more than just a +direct editor for smb.conf. Its layout has been improved. SWAT can now also +be used for editing run-time data - maintaining user information, provisioning, +etc. TLS is supported out of the box. + +Built-in KDC +============ +Samba4 ships with an integrated KDC (Kerberos Key Distribution +Center). Backed directly onto our main internal database, and +integrated with custom code to handle the PAC, Samba4's KDC is an +integral part of our support for AD logon protocols. + +Built-in LDAP Server +==================== +Like the situation with the KDC, Samba4 ships with it's own LDAP +server, included to provide simple, built-in LDAP services in an AD +(rather than distinctly standards) matching manner. The database is +LDB, and it shares that in common with the rest of Samba. + +Changed configuration options +============================= +Several configuration options have been removed in Samba4 while others have +been introduced. This section contains a summary of changes to smb.conf and +where these settings moved. Configuration options that have disappeared may be +re-added later when the functionality that uses them gets reimplemented in +Samba 4. + +The 'security' parameter has been split up. It is now only used to choose +between the 'user' and 'share' security levels (the latter is not supported +in Samba 4 yet). The other values of this option and the 'domain master' and +'domain logons' parameters have been merged into a 'server role' parameter +that can be either 'bdc', 'pdc', 'member server' or 'standalone'. Note that +member server support does not work yet. + +The following parameters have been removed: +- passdb backend: accounts are now stored in a LDB-based SAM database, + see 'sam database' below. +- update encrypted +- public +- guest ok +- client schannel +- server schannel +- allow trusted domains +- hosts equiv +- map to guest +- smb passwd file +- algorithmic rid base +- root directory +- root dir +- root +- guest account +- enable privileges +- pam password change +- passwd program +- passwd chat debug +- passwd chat timeout +- check password script +- username map +- username level +- unix password sync +- restrict anonymous +- username +- user +- users +- invalid users +- valid users +- admin users +- read list +- write list +- printer admin +- force user +- force group +- group +- write ok +- writeable +- writable +- acl check permissions +- acl group control +- acl map full control +- create mask +- create mode +- force create mode +- security mask +- force security mode +- directory mask +- directory mode +- force directory mode +- directory security mask +- force directory security mode +- force unknown acl user +- inherit permissions +- inherit acls +- inherit owner +- guest only +- only guest +- only user +- allow hosts +- deny hosts +- preload modules +- use kerberos keytab +- syslog +- syslog only +- max log size +- debug timestamp +- timestamp logs +- debug hires timestamp +- debug pid +- debug uid +- allocation roundup size +- aio read size +- aio write size +- aio write behind +- large readwrite +- protocol +- read bmpx +- reset on zero vc +- acl compatibility +- defer sharing violations +- ea support +- nt acl support +- nt pipe support +- profile acls +- map acl inherit +- afs share +- max ttl +- client use spnego +- enable asu support +- svcctl list +- block size +- change notify timeout +- deadtime +- getwd cache +- keepalive +- kernel change notify +- lpq cache time +- max smbd processes +- max disk size +- max open files +- min print space +- strict allocate +- sync always +- use mmap +- use sendfile +- hostname lookups +- write cache size +- name cache timeout +- max reported print jobs +- load printers +- printcap cache time +- printcap name +- printcap +- printing +- cups options +- cups server +- iprint server +- print command +- disable spoolss +- enable spoolss +- lpq command +- lprm command +- lppause command +- lpresume command +- queuepause command +- queueresume command +- enumports command +- addprinter command +- deleteprinter command +- show add printer wizard +- os2 driver map +- use client driver +- default devmode +- force printername +- mangling method +- mangle prefix +- default case +- case sensitive +- casesignames +- preserve case +- short preserve case +- mangling char +- hide dot files +- hide special files +- hide unreadable +- hide unwriteable files +- delete veto files +- veto files +- hide files +- veto oplock files +- map readonly +- mangled names +- mangled map +- max stat cache size +- stat cache +- store dos attributes +- machine password timeout +- add user script +- rename user script +- delete user script +- add group script +- delete group script +- add user to group script +- delete user from group script +- set primary group script +- add machine script +- shutdown script +- abort shutdown script +- username map script +- logon script +- logon path +- logon drive +- logon home +- domain logons +- os level +- lm announce +- lm interval +- domain master +- browse list +- enhanced browsing +- wins proxy +- wins hook +- wins partners +- blocking locks +- fake oplocks +- kernel oplocks +- locking +- lock spin count +- lock spin time +- oplocks +- level2 oplocks +- oplock break wait time +- oplock contention limit +- posix locking +- share modes +- ldap server +- ldap port +- ldap admin dn +- ldap delete dn +- ldap group suffix +- ldap idmap suffix +- ldap machine suffix +- ldap passwd sync +- ldap password sync +- ldap replication sleep +- ldap suffix +- ldap ssl +- ldap timeout +- ldap page size +- ldap user suffix +- add share command +- change share command +- delete share command +- eventlog list +- utmp directory +- wtmp directory +- utmp +- default service +- default +- message command +- dfree cache time +- dfree command +- get quota command +- set quota command +- remote announce +- remote browse sync +- homedir map +- afs username map +- afs token lifetime +- log nt token command +- time offset +- NIS homedir +- preexec +- exec +- preexec close +- postexec +- root preexec +- root preexec close +- root postexec +- set directory +- wide links +- follow symlinks +- dont descend +- magic script +- magic output +- delete readonly +- dos filemode +- dos filetimes +- dos filetime resolution +- fake directory create times +- panic action +- vfs objects +- vfs object +- msdfs root +- msdfs proxy +- host msdfs +- enable rid algorithm +- passdb expand explicit +- idmap backend +- idmap uid +- winbind uid +- idmap gid +- winbind gid +- template homedir +- template shell +- winbind separator +- winbind cache time +- winbind enum users +- winbind enum groups +- winbind use default domain +- winbind trusted domains only +- winbind nested groups +- winbind max idle children +- winbind nss info + +The following parameters have been added: ++ rpc big endian (G) + Make Samba fake it is running on a bigendian machine when using DCE/RPC. + Useful for debugging. + + Default: no + ++ case insensitive filesystem (S) + Set to true if this share is located on a case-insensitive filesystem. + This disables looking for a filename by trying all possible combinations of + uppercase/lowercase characters and thus speeds up operations when a + file cannot be found. + + Default: no + ++ js include (G) + Path to JavaScript library. + + Default: Set at compile-time + ++ setup directory + Path to data used by provisioning script. + + Default: Set at compile-time + ++ ncalrpc dir + Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport. + + Default: Set at compile-time + ++ ntvfs handler + Backend to the NT VFS to use (more than one can be specified). Available + backends include: + + - posix: + Maps POSIX FS semantics to NT semantics + + - simple: + Very simple backend (original testing backend). + + - unixuid: + Sets up user credentials based on POSIX gid/uid. + + - cifs: + Proxies a remote CIFS FS. Mainly useful for testing. + + - nbench: + Filter module that saves data useful to the nbench benchmark suite. + + - ipc: + Allows using SMB for inter process communication. Only used for + the IPC$ share. + + - print: + Allows printing over SMB. This is LANMAN-style printing (?), not + the be confused with the spoolss DCE/RPC interface used by later + versions of Windows. + + Default: unixuid default + ++ ntptr providor + FIXME + ++ dcerpc endpoint servers + What DCE/RPC servers to start. + + Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup + ++ server services + Services Samba should provide. + + Default: smb rpc nbt wrepl ldap cldap web kdc + ++ sam database + Location of the SAM (account database) database. This should be a + LDB URL. + + Default: set at compile-time + ++ spoolss database + Spoolss (printer) DCE/RPC server database. This should be a LDB URL. + + Default: set at compile-time + ++ wins config database + WINS configuration database location. This should be a LDB URL. + + Default: set at compile-time + ++ wins database + WINS database location. This should be a LDB URL. + + Default: set at compile-time + ++ client use spnego principal + Tells the client to use the Kerberos service principal specified by the + server during the security protocol negotation rather than + looking up the principal itself (cifs/hostname). + + Default: false + ++ nbt port + TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation. + + Default: 137 + ++ dgram port + UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation. + + Default: 138 + ++ cldap port + UDP/IP port used by the CLDAP protocol. + + Default: 389 + ++ krb5 port + IP port used by the kerberos KDC. + + Default: 88 + ++ kpasswd port + IP port used by the kerberos password change protocol. + + Default: 464 + ++ web port + TCP/IP port SWAT should listen on. + + Default: 901 + ++ tls enabled + Enable TLS support for SWAT + + Default: true + ++ tls keyfile + Path to TLS key file (PEM format) to be used by SWAT. If no + path is specified, Samba will create a key. + + Default: none + ++ tls certfile + Path to TLS certificate file (PEM format) to be used by SWAT. If no + path is specified, Samba will create a certificate. + + Default: none + ++ tls cafile + Path to CA authority file Samba will use to sign TLS keys it generates. If + no path is specified, Samba will create a self-signed CA certificate. + + Default: none + ++ tls crlfile + Path to TLS certificate revocation lists file. + + Default: none + ++ swat directory + SWAT data directory. + + Default: set at compile-time + ++ large readwrite + Indicate the CIFS server is able to do large reads/writes. + + Default: true + ++ unicode + Enable/disable unicode support in the protocol. + + Default: true diff --git a/Samba/README b/Samba/README new file mode 100644 index 0000000..982c07f --- /dev/null +++ b/Samba/README @@ -0,0 +1,131 @@ +This directory contains Samba's very simple COM implementation. +It is by no means finished yet. + +The main aim of this implementation is for use by our DCOM implementation, +which lives in the dcom subdirectory. The local version is used mostly for +testing. + +More information on this effort can be found in the DCOM whitepaper in +the lorikeet repository. +Samba 4 is the ambitious next version of the Samba suite that is being +developed in parallel to the stable 3.0 series. The main emphasis in +this branch is support for the Active Directory logon protocols used +by Windows 2000 and above. + +Samba 4 is currently not yet in a state where it is usable in +production environments. Note the WARNINGS below, and the STATUS file, +which aims to document what should and should not work. + +With 3 years of development under our belt since Tridge first proposed +a new Virtual File System (VFS) layer for Samba3 (a project which +eventually lead to our Active Directory efforts), it was felt that we +should create something we could 'show off' to our users. This is a +Technology Preview (TP), aimed at allowing users, managers and +developers to see how we have progressed, and to invite feedback and +support. + +WARNINGS +======== + +Samba4 TP is currently a pre-alpha technology. It may eat your cat, but +is far more likely to choose to munch on your password database. We +recommend against upgrading any production servers from Samba 3 to +Samba 4 at this stage. If you are upgrading an experimental server, +you should backup all configuration and data. + +We expect that format changes will require that the user database be +rebuilt from scratch a number of times before we make a final release, +losing password data each time. + +Samba 4 Technology Preview includes basic Access Control List (ACL) +protection on the main user database, but due to time constraints, +none on the registry at this stage. We also do not currently have +ACLs on the SWAT web-based management tool. This means that Samba 4 +Technology Preview is not secure. + +File system access should occur as the logged in user, much as Samba3 +does. + +Again, we strongly recommend against use in a production environment +at this stage. + +NEW FEATURES +============ + +Samba4 supports the server-side of the Active Directory logon environment +used by Windows 2000 and later, so we can do full domain join +and domain logon operations with these clients. + +Our Domain Controller (DC) implementation includes our own built-in +LDAP server and Kerberos Key Distribution Center (KDC) as well as the +Samba3-like logon services provided over CIFS. We correctly generate +the infamous Kerberos PAC, and include it with the Kerberos tickets we +issue. + +SWAT is now integrated into Samba 4 as the user-friendly interface to +Samba server management. SWAT provides easy access to our +setup and migration tools. Using SWAT, you can migrate windows +domains in Samba 4, allowing easy setup of initial user databases, and +upgrades from Samba 3. + +The new VFS features in Samba 4 adapts the filesystem on the server to +match the Windows client semantics, allowing Samba 4 to better match +windows behaviour and application expectations. This includes file +annotation information (in streams) and NT ACLs in particular. The +VFS is backed with an extensive automated test suite. + +A new scripting interface has been added to Samba 4, allowing +JavaScript programs to interface to Samba's internals. + +The Samba 4 architecture is based around an LDAP-like database that +can use a range of modular backends. One of the backends supports +standards compliant LDAP servers (including OpenLDAP), and we are +working on modules to map between AD-like behaviours and this backend. +We are aiming for Samba 4 to be powerful frontend to large +directories. + +CHANGES +======= + +Those familiar with Samba 3 can find a list of user-visible changes +since that release series in the NEWS file. + + - An optional password is no longer supported as the second argument to + smbclient. + + - The default location of smb.conf in non-FHS builds has changed from the + PREFIX/lib directory to the PREFIX/etc directory. + +KNOWN ISSUES +============ + +- Standalone server and domain member roles are not currently + supported. While we have much of the infrastructure required, we + have not collected these pieces together. + +- There is no printing support in the current release. + +- SWAT can be painful with and forms. Just use the mouse, as + the JavaScript layer doing this will change. + +- Domain logons (using Kerberos) from windows clients incorrectly + state that the password expires today. + +RUNNING Samba4 +============== + +A short guide to setting up Samba 4 can be found in the howto.txt file +in root of the tarball. + +DEVELOPMENT and FEEDBACK +======================== +Bugs can be filed at https://bugzilla.samba.org/. Please +look at the STATUS file before filing a bug to see if a particular +is supposed to work yet. + +Development and general discussion about Samba 4 happens mainly on +the #samba-technical IRC channel (on irc.freenode.net) and +the samba-technical mailing list (see http://lists.samba.org/ for +details). + + diff --git a/Samba/STATUS b/Samba/STATUS new file mode 100644 index 0000000..3e72ef6 --- /dev/null +++ b/Samba/STATUS @@ -0,0 +1,2 @@ +This file documents the features that are known to work or known to +still need work in the current version of Samba 4. diff --git a/Samba/TODO b/Samba/TODO new file mode 100644 index 0000000..36c05d5 --- /dev/null +++ b/Samba/TODO @@ -0,0 +1,281 @@ +source/build/smb_build/TODO +source/lib/registry/TODO +source/lib/tdr/TODO +source/pidl/TODO + +upgrade process (from Samba3): + - Rename upgrade to upgrade3 (to avoid confusion with upgrades + from earlier Samba4 releases in the future) + - Add support for reading WINS TDB files as well as WINS dat files. + +- seperate adminlog mechanism (as opposed to the current DEBUG log, + which is not really aimed at administrators but more at developers) + Perhaps similar to eventlog so we can also use eventlog to retrieve the data? +- improve handling of test results in testsuite + +- testsuite for the 'net' tool + +Configuration options +===================== + +The following options don't exist in Samba4 yet +or are not converted by the upgrade script +or will be removed: + +- update encrypted +- public +- guest ok +- client schannel +- server schannel +- allow trusted domains +- hosts equiv +- map to guest +- algorithmic rid base +- root directory +- root dir +- root +- guest account +- enable privileges +- pam password change +- passwd program +- passwd chat debug +- passwd chat timeout +- check password script +- username map +- username level +- unix password sync +- restrict anonymous +- username +- user +- users +- invalid users +- valid users +- admin users +- read list +- write list +- printer admin +- force user +- force group +- group +- write ok +- writeable +- writable +- acl check permissions +- acl group control +- acl map full control +- create mask +- create mode +- force create mode +- security mask +- force security mode +- directory mask +- directory mode +- force directory mode +- directory security mask +- force directory security mode +- force unknown acl user +- inherit permissions +- inherit acls +- inherit owner +- guest only +- only guest +- only user +- allow hosts +- deny hosts +- preload modules +- use kerberos keytab +- syslog +- syslog only +- max log size +- debug timestamp +- timestamp logs +- debug hires timestamp +- debug pid +- debug uid +- allocation roundup size +- aio read size +- aio write size +- aio write behind +- large readwrite +- protocol +- read bmpx +- reset on zero vc +- acl compatibility +- defer sharing violations +- ea support +- nt acl support +- nt pipe support +- profile acls +- map acl inherit +- afs share +- max ttl +- client use spnego +- enable asu support +- svcctl list +- block size +- change notify timeout +- deadtime +- getwd cache +- keepalive +- kernel change notify +- lpq cache time +- max smbd processes +- max disk size +- max open files +- min print space +- strict allocate +- sync always +- use mmap +- use sendfile +- hostname lookups +- write cache size +- name cache timeout +- max reported print jobs +- load printers +- printcap cache time +- printcap name +- printcap +- printing +- cups options +- cups server +- iprint server +- print command +- disable spoolss +- enable spoolss +- lpq command +- lprm command +- lppause command +- lpresume command +- queuepause command +- queueresume command +- enumports command +- addprinter command +- deleteprinter command +- show add printer wizard +- os2 driver map +- use client driver +- default devmode +- force printername +- mangling method +- mangle prefix +- default case +- case sensitive +- casesignames +- preserve case +- short preserve case +- mangling char +- hide dot files +- hide special files +- hide unreadable +- hide unwriteable files +- delete veto files +- veto files +- hide files +- veto oplock files +- map readonly +- mangled names +- mangled map +- max stat cache size +- stat cache +- store dos attributes +- machine password timeout +- add user script +- rename user script +- delete user script +- add group script +- delete group script +- add user to group script +- delete user from group script +- set primary group script +- add machine script +- shutdown script +- abort shutdown script +- username map script +- logon script +- logon path +- logon drive +- logon home +- domain logons +- os level +- lm announce +- lm interval +- domain master +- browse list +- enhanced browsing +- wins proxy +- blocking locks +- fake oplocks +- kernel oplocks +- locking +- lock spin count +- lock spin time +- oplocks +- level2 oplocks +- oplock break wait time +- oplock contention limit +- posix locking +- share modes +- add share command +- change share command +- delete share command +- eventlog list +- utmp directory +- wtmp directory +- utmp +- default service +- default +- message command +- dfree cache time +- dfree command +- get quota command +- set quota command +- remote announce +- remote browse sync +- homedir map +- afs username map +- afs token lifetime +- log nt token command +- time offset +- NIS homedir +- preexec +- exec +- preexec close +- postexec +- root preexec +- root preexec close +- root postexec +- set directory +- wide links +- follow symlinks +- dont descend +- magic script +- magic output +- delete readonly +- dos filemode +- dos filetimes +- dos filetime resolution +- fake directory create times +- panic action +- vfs objects +- vfs object +- msdfs root +- msdfs proxy +- host msdfs +- enable rid algorithm +- passdb expand explicit +- idmap backend +- idmap uid +- winbind uid +- idmap gid +- winbind gid +- template homedir +- template shell +- winbind separator +- winbind cache time +- winbind enum users +- winbind enum groups +- winbind use default domain +- winbind trusted domains only +- winbind nested groups +- winbind max idle children +- winbind nss info diff --git a/Samba/WHATSNEW.txt b/Samba/WHATSNEW.txt new file mode 100644 index 0000000..ef131d2 --- /dev/null +++ b/Samba/WHATSNEW.txt @@ -0,0 +1,171 @@ +This file contains a history of changes since the first Samba 4 Technology +Preview. For a general introduction to Samba 4, see the README file in this +directory. The NEWS file contains a list of differences between +Samba 3 and Samba 4. + +======================================== +Changes in Samba4-TP2 +Release date: 22 March 2006 +======================================== + + * Make ldb async internally (idra) + + * Use HDB-LDB as the keytab (abartlet) + + * Call the wins hook script again (metze) + + * Make sure no more than 25 records are added in the WINS database (metze) + + * Documentation updates (jelmer) + + * Fix termination issue in winreg server (metze) + + * AES fix for Samba 4 <-> Samba4 (abartlet) + + * Better conformance to FHS (abartlet, jelmer) + + * Improve internal API and code quality in smbclient (jelmer) + + * Add testsuite for smbclient (jelmer) + + * Remove support for password as an optional second parameter in + smbclient (jelmer) + + * Various warning fixes (metze) + + * Several clarifications of comments (abartlet) + + * Remove use of pstring in some places (jelmer) + + * Re-add the global -k option to enable kerberos (abartlet) + + * Various memory allocation fixes (abartlet) + + * Add new cifsdd client (jpeach) + + * Add tests for even more insane delete-on-close semantics (jra, tridge) + + * Initial work on BASE-DELETE test passing (tridge) + + * Optimizations in tdb (tridge) + + * Improvements to ldb documentation (idra, Brad Hards) + + * Check attribute names to obey rfc2251 (idra) + + * Allow WINS replication with NT4SP6A (metze) + + * Add ManageDSAIT control (Pete Rowley, idra) + + * Add tests for LDB controls (idra) + + * Various LDB crash fixes (idra) + + * Initial work on vlv LDB control (idra) + + * Add -p option to smbtorture (jpeach) + + * Several improvements to the SMB URL and UNC parsing (jpeach) + + * Make DCE/RPC connect functions work async (rafal) + + * Fix invalid steal on supportedControls (closes: #3525) (abartlet) + + * Start parsing saslauthd requests (metze) + + * Split the NBT-WINSREPLICATION test into multiple tests (metze) + + * Add new ACB-bits as seen in acct_flags in the PAC info3 (gd) + + * Move header files out of include/ (jelmer) + + * Create separate library for generic utility functions (jelmer) + + * Add highestCommittedUSN, uSNChanged and uSNCreated support to LDB (tridge) + + * Allow more control over the the winbindd socket location (abartlet) + + * Allow messaging without a server messaging context (abartlet) + + * Make GSSAPI SASL mech work (abartlet) + + * Write out Samba4 version when provisioning (idra) + + * Allow servers to bind to non-broadcast interfaces (tridge, abartlet) + + * Initialize some ASN.1 elements that are optional (metze) + + * Various improvements to RPC-SCHANNEL (abartlet) + + * Make Samba4 pass some of the newer schannel tests (abartlet) + + * Better handling of connections without SPNEGO (abartlet) + + * Generate seperate headers for RPC client functions (jelmer) + + * Improve NTLMSSP tests (abartlet, vl) + + * Support any size pointers in pidl (tridge) + + * Large overhaul of the opendb code to pass BASE-DELETE (tridge) + + * Use doxygen for documenting lib/util and lib/registry (jelmer) + + * Add registration mechanism for modules and backends in ldb (idra, jelmer) + + * Support building shared libraries in the build system (metze, jelmer) + + * Install headers in a sane location (jelmer) + + * Fix BASE-NEGNOWAIT (tridge) + + * Add prefixes to most of the SMB-related functions (metze) + + * Get rid of proto.h (jelmer) + + * Reduce number of headers included in includes.h (jelmer) + + * Support header dependencies (jelmer) + + * Add RAW-NOTIFY (tridge, metze) + + * Fix 'your password has expired' on every login (abartlet) + + * Improvements to RPC-SAMSYNC (abartlet) + + * Work on supporting change notify (tridge, metze) + + * Reopen log files after SIGHUP (metze) + + * Add BUGS.txt (#3523) (jelmer) + + * Add summary to configure (#3442) (metze, jelmer) + + * Swig fixes (idra) + + * Improve NBT-WINSREPLICATION-OWNED test (metze) + + * Fix a lot of compiler warnings (metze) + + * Several code improvements found by static code checker (tridge, metze) + + * Force correct alignment when in ASCII mode (#2921) (tridge) + + * Fix coverity bug #127 (vl) + + * Add support for changing process titles (metze) + + * Support raw NTLMSSP (abartlet) + + * Fix debug levels in several places (abartlet) + + * Work to unify the ntvfs structures for smb and smb2 (metze, tridge) + + * Initial work on asynchronous libnet (rafal) + + * Improvements to the wide character set functions (tridge) + + * Several heimdal build improvements (abartlet, jelmer) + + * A lot of small cleanups and typo fixes + (metze, abartlet, idra, jpeach, tridge, jelmer) diff --git a/Samba/howto.txt b/Samba/howto.txt new file mode 100644 index 0000000..3991781 --- /dev/null +++ b/Samba/howto.txt @@ -0,0 +1,183 @@ +Samba4 developer howto +---------------------- + +tridge@samba.org, December 2004 + + +This is a very basic document on how to setup a simple Samba4 +server. This is aimed at developers who are already familiar with +Samba3 and wish to participate in Samba4 development. This is not +aimed at production use of Samba4. + + +Step 1: download Samba4 +----------------------- + +There are 2 methods of doing this: + + method 1: "rsync -avz samba.org::ftp/unpacked/samba4 ." + + method 2: "svn co svn://svnanon.samba.org/samba/branches/SAMBA_4_0 samba4" + +both methods will create a directory called "samba4" in the current +directory. If you don't have rsync or svn then install one of them. + +Since only released versions of Samba contain a pregenerated configure script, +you will have to generate it by hand: + + $ cd samba4/source + $ ./autogen.sh + +Note that the above rsync command will give you a checked out svn +repository. So if you also have svn you can update it to the latest +version at some future date using: + + $ cd samba4 + $ svn up + +Step 2: compile Samba4 +---------------------- + +Recommended optional development libraries: +- acl and xattr development libraries +- gnutls +- readline + +Run this: + + $ cd samba4/source + $ ./configure + $ make proto all + +If you have gcc 3.4 or newer, then substitute "pch" for "proto" to +greatly speed up the compile process (about 5x faster). + +Step 3: install Samba4 +---------------------- + +Run this as a user who have permission to write to the install +directory (defaults to /usr/local/samba). Use --prefix option to +configure above to change this. + + # make install + + +Step 4: provision Samba4 +------------------------ + +The "provision" step sets up a basic user database. Make sure your smbscript +binary is installed in a directory listed in your PATH environment variable. +It is presumed it's available just like any other commands from your shell. +Must be run as a user with permission to write to the install directory. + + # cd source + # ./setup/provision --realm=YOUR.REALM --domain=YOURDOM --adminpass=SOMEPASSWORD + +REMINDER: Add the "bin" directory of the path you installed to + (e.g. /usr/local/samba/bin) to your path, or the provision command + will not work. + +'YOURDOM' is the NT4 style domain name. 'YOUR.REALM' is your kerberos +realm, which is typically your DNS domain name. + +Step 5: Create a simple smb.conf +-------------------------------- + +The provisioning will create a very simple smb.conf with no shares by +default. You will need to update it to add at least one share. For +example: + + [test] + path = /data/test + read only = no + + +Step 6: starting Samba4 +----------------------- + +The simplest is to just run "smbd", but as a developer you may find +the following more useful: + + # smbd -i -M single + +that means "start smbd without messages in stdout, and running a +single process. That mode of operation makes debugging smbd with gdb +particularly easy. + +Note that now it is no longer necessary to have an instance of nmbd +from Samba 3 running. If you are running any smbd or nmbd processes +they need to be stopped before starting smbd from Samba 4. + +Make sure you put the bin and sbin directories from your new install +in your $PATH. Make sure you run the right version! + + +Step 7: testing Samba4 +---------------------- + +try these commands: + + $ smbclient //localhost/test -Uadministrator%SOMEPASSWORD + or + $ ./script/tests/test_posix.sh //localhost/test administrator SOMEPASSWORD + + +NOTE about filesystem support +----------------------------- + +To use the advanced features of Samba4 you need a filesystem that +supports both the "user" and "system" xattr namespaces. + +If you run Linux with a 2.6 kernel and ext3 this means you need to +include the option "user_xattr" in your /etc/fstab. For example: + +/dev/hda3 /home ext3 user_xattr 1 1 + +You also need to compile your kernel with the XATTR and SECURITY +options for your filesystem. For ext3 that means you need: + + CONFIG_EXT3_FS_XATTR=y + CONFIG_EXT3_FS_SECURITY=y + +If you are running a Linux 2.6 kernel with CONFIG_IKCONFIG_PROC +defined you can check this with the following command: + + $ zgrep CONFIG_EXT3_FS /proc/config.gz + +If you don't have a filesystem with xattr support, then you can +simulate it by using the option: + + posix:eadb = /usr/local/samba/eadb.tdb + +that will place all extra file attributes (NT ACLs, DOS EAs, streams +etc), in that tdb. It is not efficient, and doesn't scale well, but at +least it gives you a choice when you don't have a modern filesystem. + +Testing your filesystem +----------------------- + +To test your filesystem support, install the 'attr' package and run +the following 4 commands as root: + + # touch test.txt + # setfattr -n user.test -v test test.txt + # setfattr -n security.test -v test2 test.txt + # getfattr -d test.txt + # getfattr -n security.test -d test.txt + +You should see output like this: + + # file: test.txt + user.test="test" + + # file: test.txt + security.test="test2" + +If you get any "Operation not supported" errors then it means your +kernel is not configured correctly, or your filesystem is not mounted +with the right options. + +If you get any "Operation not permitted" errors then it probably means +you didn't try the test as root. + + diff --git a/Samba/packaging/debian/README b/Samba/packaging/debian/README new file mode 100644 index 0000000..fb4f88e --- /dev/null +++ b/Samba/packaging/debian/README @@ -0,0 +1,30 @@ +The Debian packaging for Samba 4 is maintained in the SVN +repository of the Debian Samba packaging team. + +(parts of this file are from their README.building) + +To build: + +: Check out the official Debian packaging: + + svn co svn://svn.debian.org/pkg-samba/branches/samba4 samba4/debian + +: Samba is not a native Debian package, so you will need to create +: an .orig.tar.gz tarball. Do something along the lines of: + + VER=$( dpkg-parsechangelog -lsamba4/debian/changelog | sed -n 's/^Version: \(.*:\|\)//p' | sed 's/-[0-9.]\+$//' ) + svn export samba4 samba-$VER + ( cd samba-$VER/source && ./autogen.sh ) + ( cd samba-$VER/source && ./script/mkversion.sh VERSION include/version.h ../../samba4/source/ ) + tar zcf samba_$VER.orig.tar.gz samba-$VER + +: With the .orig.tar.gz in place, you can now also export the debian/ +: directory: + + svn export samba4/debian samba-$VER/debian + +: Finally, build the package using whatever method you prefer: + + cd samba-$VER + debuild + diff --git a/Samba/prog_guide.txt b/Samba/prog_guide.txt new file mode 100644 index 0000000..f5ac600 --- /dev/null +++ b/Samba/prog_guide.txt @@ -0,0 +1,788 @@ + + +THIS IS INCOMPLETE! I'M ONLY COMMITING IT IN ORDER TO SOLICIT COMMENTS +FROM A FEW PEOPLE. DON'T TAKE THIS AS THE FINAL VERSION YET. + + +Samba4 Programming Guide +------------------------ + +The internals of Samba4 are quite different from previous versions of +Samba, so even if you are an experienced Samba developer please take +the time to read through this document. + +This document will explain both the broad structure of Samba4, and +some of the common coding elements such as memory management and +dealing with macros. + + +Coding Style +------------ + +In past versions of Samba we have basically let each programmer choose +their own programming style. Unfortunately the result has often been +that code that other members of the team find difficult to read. For +Samba version 4 I would like to standardise on a common coding style +to make the whole tree more readable. For those of you who are +horrified at the idea of having to learn a new style, I can assure you +that it isn't as painful as you might think. I was forced to adopt a +new style when I started working on the Linux kernel, and after some +initial pain found it quite easy. + +That said, I don't want to invent a new style, instead I would like to +adopt the style used by the Linux kernel. It is a widely used style +with plenty of support tools available. See Documentation/CodingStyle +in the Linux source tree. This is the style that I have used to write +all of the core infrastructure for Samba4 and I think that we should +continue with that style. + +I also think that we should most definately *not* adopt an automatic +reformatting system in cvs (or whatever other source code system we +end up using in the future). Such automatic formatters are, in my +experience, incredibly error prone and don't understand the necessary +exceptions. I don't mind if people use automated tools to reformat +their own code before they commit it, but please do not run such +automated tools on large slabs of existing code without being willing +to spend a *lot* of time hand checking the results. + +Finally, I think that for code that is parsing or formatting protocol +packets the code layout should strongly reflect the packet +format. That means ordring the code so that it parses in the same +order as the packet is stored on the wire (where possible) and using +white space to align packet offsets so that a reader can immediately +map any line of the code to the corresponding place in the packet. + + +Static and Global Data +---------------------- + +The basic rule is "avoid static and global data like the plague". What +do I mean by static data? The way to tell if you have static data in a +file is to use the "size" utility in Linux. For example if we run: + + size libcli/raw/*.o + +in Samba4 then you get the following: + + text data bss dec hex filename + 2015 0 0 2015 7df libcli/raw/clikrb5.o + 202 0 0 202 ca libcli/raw/clioplock.o + 35 0 0 35 23 libcli/raw/clirewrite.o + 3891 0 0 3891 f33 libcli/raw/clisession.o + 869 0 0 869 365 libcli/raw/clisocket.o + 4962 0 0 4962 1362 libcli/raw/clispnego.o + 1223 0 0 1223 4c7 libcli/raw/clitransport.o + 2294 0 0 2294 8f6 libcli/raw/clitree.o + 1081 0 0 1081 439 libcli/raw/raweas.o + 6765 0 0 6765 1a6d libcli/raw/rawfile.o + 6824 0 0 6824 1aa8 libcli/raw/rawfileinfo.o + 2944 0 0 2944 b80 libcli/raw/rawfsinfo.o + 541 0 0 541 21d libcli/raw/rawioctl.o + 1728 0 0 1728 6c0 libcli/raw/rawnegotiate.o + 723 0 0 723 2d3 libcli/raw/rawnotify.o + 3779 0 0 3779 ec3 libcli/raw/rawreadwrite.o + 6597 0 0 6597 19c5 libcli/raw/rawrequest.o + 5580 0 0 5580 15cc libcli/raw/rawsearch.o + 3034 0 0 3034 bda libcli/raw/rawsetfileinfo.o + 5187 0 0 5187 1443 libcli/raw/rawtrans.o + 2033 0 0 2033 7f1 libcli/raw/smb_signing.o + +notice that the "data" and "bss" columns are all zero? That is +good. If there are any non-zero values in data or bss then that +indicates static data and is bad (as a rule of thumb). + +Lets compare that result to the equivalent in Samba3: + + text data bss dec hex filename + 3978 0 0 3978 f8a libsmb/asn1.o + 18963 0 288 19251 4b33 libsmb/cliconnect.o + 2815 0 1024 3839 eff libsmb/clidgram.o + 4038 0 0 4038 fc6 libsmb/clientgen.o + 3337 664 256 4257 10a1 libsmb/clierror.o + 10043 0 0 10043 273b libsmb/clifile.o + 332 0 0 332 14c libsmb/clifsinfo.o + 166 0 0 166 a6 libsmb/clikrb5.o + 5212 0 0 5212 145c libsmb/clilist.o + 1367 0 0 1367 557 libsmb/climessage.o + 259 0 0 259 103 libsmb/clioplock.o + 1584 0 0 1584 630 libsmb/cliprint.o + 7565 0 256 7821 1e8d libsmb/cliquota.o + 7694 0 0 7694 1e0e libsmb/clirap.o + 27440 0 0 27440 6b30 libsmb/clirap2.o + 2905 0 0 2905 b59 libsmb/clireadwrite.o + 1698 0 0 1698 6a2 libsmb/clisecdesc.o + 5517 0 0 5517 158d libsmb/clispnego.o + 485 0 0 485 1e5 libsmb/clistr.o + 8449 0 0 8449 2101 libsmb/clitrans.o + 2053 0 4 2057 809 libsmb/conncache.o + 3041 0 256 3297 ce1 libsmb/credentials.o + 1261 0 1024 2285 8ed libsmb/doserr.o + 14560 0 0 14560 38e0 libsmb/errormap.o + 3645 0 0 3645 e3d libsmb/namecache.o + 16815 0 8 16823 41b7 libsmb/namequery.o + 1626 0 0 1626 65a libsmb/namequery_dc.o + 14301 0 1076 15377 3c11 libsmb/nmblib.o + 24516 0 2048 26564 67c4 libsmb/nterr.o + 8661 0 8 8669 21dd libsmb/ntlmssp.o + 3188 0 0 3188 c74 libsmb/ntlmssp_parse.o + 4945 0 0 4945 1351 libsmb/ntlmssp_sign.o + 1303 0 0 1303 517 libsmb/passchange.o + 1221 0 0 1221 4c5 libsmb/pwd_cache.o + 2475 0 4 2479 9af libsmb/samlogon_cache.o + 10768 32 0 10800 2a30 libsmb/smb_signing.o + 4524 0 16 4540 11bc libsmb/smbdes.o + 5708 0 0 5708 164c libsmb/smbencrypt.o + 7049 0 3072 10121 2789 libsmb/smberr.o + 2995 0 0 2995 bb3 libsmb/spnego.o + 3186 0 0 3186 c72 libsmb/trustdom_cache.o + 1742 0 0 1742 6ce libsmb/trusts_util.o + 918 0 28 946 3b2 libsmb/unexpected.o + +notice all of the non-zero data and bss elements? Every bit of that +data is a bug waiting to happen. + +Static data is evil as it has the following consequences: + - it makes code much less likely to be thread-safe + - it makes code much less likely to be recursion-safe + - it leads to subtle side effects when the same code is called from + multiple places + +Static data is particularly evil in library code (such as our internal +smb and rpc libraries). If you can get rid of all static data in +libraries then you can make some fairly strong guarantees about the +behaviour of functions in that library, which really helps. + +Of course, it is possible to write code that uses static data and is +safe, it's just much harder to do that than just avoid static data in +the first place. We have been tripped up countless times by subtle +bugs in Samba due to the use of static data, so I think it is time to +start avoiding it in new code. Much of the core infrastructure of +Samba4 was specifically written to avoid static data, so I'm going to +be really annoyed if everyone starts adding lots of static data back +in. + +So, how do we avoid static data? The basic method is to use context +pointers. When reading the Samba4 code you will notice that just about +every function takes a pointer to a context structure as its first +argument. Any data that the function needs that isn't an explicit +argument to the function can be found by traversing that context. + +Note that this includes all of the little caches that we have lying +all over the code in Samba3. I'm referring to the ones that generally +have a "static int initialised" and then some static string or integer +that remembers the last return value of the function. Get rid of them! +If you are *REALLY* absolutely completely certain that your personal +favourite mini-cache is needed then you should do it properly by +putting it into the appropriate context rather than doing it the lazy +way by putting it inside the target function. I would suggest however +that the vast majority of those little caches are useless - don't +stick it in unless you have really firm benchmarking results that show +that it is needed and helps by a significant amount. + +Note that Samba4 is not yet completely clean of static data like +this. I've gotten the smbd/ directory down to 24 bytes of static data, +and libcli/raw/ down to zero. I've also gotten the ntvfs layer and all +backends down to just 8 bytes in ntvfs_base.c. The rest still needs +some more work. + +Also note that truly constant data is OK, and will not in fact show up +in the data and bss columns in "size" anyway (it will be included in +"text"). So you can have constant tables of protocol data. + + +How to use talloc +----------------- + +Please see the separate document, source/lib/talloc/talloc_guide.txt +You _must_ read this if you want to program in Samba4. + + +Interface Structures +-------------------- + +One of the biggest changes in Samba4 is the universal use of interface +structures. Go take a look through include/smb_interfaces.h now to get +an idea of what I am talking about. + +In Samba3 many of the core wire structures in the SMB protocol were +never explicitly defined in Samba. Instead, our parse and generation +functions just worked directly with wire buffers. The biggest problem +with this is that is tied our parse code with our "business logic" +much too closely, which meant the code got extremely confusing to +read. + +In Samba4 we have explicitly defined interface structures for +everything in the protocol. When we receive a buffer we always parse +it completely into one of these structures, then we pass a pointer to +that structure to a backend handler. What we must *not* do is make any +decisions about the data inside the parse functions. That is critical +as different backends will need different portions of the data. This +leads to a golden rule for Samba4: + + "don't design interfaces that lose information" + +In Samba3 our backends often received "condensed" versions of the +information sent from clients, but this inevitably meant that some +backends could not get at the data they needed to do what they wanted, +so from now on we should expose the backends to all of the available +information and let them choose which bits they want. + +Ok, so now some of you will be thinking "this sounds just like our +msrpc code from Samba3", and while to some extent this is true there +are extremely important differences in the approach that are worth +pointing out. + +In the Samba3 msrpc code we used explicit parse structures for all +msrpc functions. The problem is that we didn't just put all of the +real variables in these structures, we also put in all the artifacts +as well. A good example is the security descriptor strucrure that +looks like this in Samba3: + +typedef struct security_descriptor_info +{ + uint16 revision; + uint16 type; + + uint32 off_owner_sid; + uint32 off_grp_sid; + uint32 off_sacl; + uint32 off_dacl; + + SEC_ACL *dacl; + SEC_ACL *sacl; + DOM_SID *owner_sid; + DOM_SID *grp_sid; +} SEC_DESC; + +The problem with this structure is all the off_* variables. Those are +not part of the interface, and do not appear in any real descriptions +of Microsoft security descriptors. They are parsing artifacts +generated by the IDL compiler that Microsoft use. That doesn't mean +they aren't needed on the wire - indeed they are as they tell the +parser where to find the following four variables, but they should +*NOT* be in the interface structure. + +In Samba3 there were unwritten rules about which variables in a +structure a high level caller has to fill in and which ones are filled +in by the marshalling code. In Samba4 those rules are gone, because +the redundent artifact variables are gone. The high level caller just +sets up the real variables and the marshalling code worries about +generating the right offsets. + +The same rule applies to strings. In many places in the SMB and MSRPC +protocols complex strings are used on the wire, with complex rules +about padding, format, alighment, termination etc. None of that +information is useful to a high level calling routine or to a backend +- its all just so much wire fluff. So, in Samba4 these strings are +just "char *" and are always in our internal multi-byte format (which +is usually UTF8). It is up to the parse functions to worry about +translating the format and getting the padding right. + +The one exception to this is the use of the WIRE_STRING type, but that +has a very good justification in terms of regression testing. Go and +read the comment in smb_interfaces.h about that now. + +So, here is another rule to code by. When writing an interface +structure think carefully about what variables in the structure can be +left out as they are redundent. If some length is effectively defined +twice on the wire then only put it once in the packet. If a length can +be inferred from a null termination then do that and leave the length +out of the structure completely. Don't put redundent stuff in +structures! + + +Async Design +------------ + +Samba4 has an asynchronous design. That affects *lots* of the code, +and the implications of the asynchronous design needs to be considered +just about everywhere. + +The first aspect of the async design to look at is the SMB client +library. Lets take a look at the following three functions in +libcli/raw/rawfile.c: + +struct cli_request *smb_raw_seek_send(struct cli_tree *tree, struct smb_seek *parms); +NTSTATUS smb_raw_seek_recv(struct cli_request *req, struct smb_seek *parms); +NTSTATUS smb_raw_seek(struct cli_tree *tree, struct smb_seek *parms); + +Go and read them now then come back. + +Ok, first notice there there are 3 separate functions, whereas the +equivalent code in Samba3 had just one. Also note that the 3rd +function is extremely simple - its just a wrapper around calling the +first two in order. + +The three separate functions are needed because we need to be able to +generate SMB calls asynchronously. The first call, which for smb calls +is always called smb_raw_XXXX_send(), constructs and sends a SMB +request and returns a "struct cli_request" which acts as a handle for +the request. The caller is then free to do lots of other calls if it +wants to, then when it is ready it can call the smb_raw_XXX_recv() +function to receive the reply. + +If all you want is a synchronous call then call the 3rd interface, the +one called smb_raw_XXXX(). That just calls the first two in order, and +blocks waiting for the reply. + +But what if you want to be called when the reply comes in? Yes, thats +possible. You can do things like this: + + struct cli_request *req; + + req = smb_raw_XXX_send(tree, params); + + req->async.fn = my_callback; + req->async.private = my_private_data; + +then in your callback function you can call the smb_raw_XXXX_recv() +function to receive the reply. Your callback will receive the "req" +pointer, which you can use to retrieve your private data from +req->async.private. + +Then all you need to do is ensure that the main loop in the client +library gets called. You can either do that by polling the connection +using cli_transport_pending() and cli_request_receive_next() or you +can use transport->idle.func to setup an idle function handler to call +back to your main code. Either way, you can build a fully async +application. + +In order to support all of this we have to make sure that when we +write a piece of library code (SMB, MSRPC etc) that we build the +separate _send() and _recv() functions. It really is worth the effort. + +Now about async in smbd, a much more complex topic. + +The SMB protocol is inherently async. Some functions (such as change +notify) often don't return for hours, while hundreds of other +functions pass through the socket. Take a look at the RAW-MUX test in +the Samba4 smbtorture to see some really extreme examples of the sort +of async operations that Windows supports. I particularly like the +open/open/close sequence where the 2nd open (which conflicts with the +first) succeeds because the subsequent close is answered out of order. + +In Samba3 we handled this stuff very badly. We had awful "pending +request" queues that allocated full 128k packet buffers, and even with +all that crap we got the semantics wrong. In Samba4 I intend to make +sure we get this stuff right. + +So, how do we do this? We now have an async interface between smbd and +the NTVFS backends. Whenever smbd calls into a backend the backend has +an option of answer the request in a synchronous fashion if it wants +to just like in Samba3, but it also has the option of answering the +request asynchronously. The only backend that currently does this is +the CIFS backend, but I hope the other backends will soon do this to. + +To make this work you need to do things like this in the backend: + + req->control_flags |= REQ_CONTROL_ASYNC; + +that tells smbd that the backend has elected to reply later rather +than replying immediately. The backend must *only* do this if +req->async.send_fn is not NULL. If send_fn is NULL then it means that +the smbd front end cannot handle this function being replied to in an +async fashion. + +If the backend does this then it is up to the backend to call +req->async.send_fn() when it is ready to reply. It the meantime smbd +puts the call on hold and goes back to answering other requests on the +socket. + +Inside smbd you will find that there is code to support this. The most +obvious change is that smbd splits each SMB reply function into two +parts - just like the client library has a _send() and _recv() +function, so smbd has a _send() function and the parse function for +each SMB. + +As an example go and have a look at reply_getatr_send() and +reply_getatr() in smb_server/reply.c. Read them? Good. + +Notice that reply_getatr() sets up the req->async structure to contain +the send function. Thats how the backend gets to do an async reply, it +calls this function when it is ready. Also notice that reply_getatr() +only does the parsing of the request, and does not do the reply +generation. That is done by the _send() function. + +The only missing piece in the Samba4 right now that prevents it being +fully async is that it currently does the low level socket calls (read +and write on sockets) in a blocking fashion. It does use select() to +make it somewhat async, but if a client were to send a partial packet +then delay before sending the rest then smbd would be stuck waiting +for the second half of the packet. + +To fix this I plan on making the socket calls async as well, which +luckily will not involve any API changes in the core of smbd or the +library. It just involves a little bit of extra code in clitransport.c +and smbd/request.c. As a side effect I hope that this will also reduce +the average number of system calls required to answer a request, so we +may see a performance improvement. + + +NTVFS +----- + +One of the most noticeable changes in Samba4 is the introduction of +the NTVFS layer. This provided the initial motivation for the design +of Samba4 and in many ways lies at the heart of the design. + +In Samba3 the main file serving process (smbd) combined the handling +of the SMB protocol with the mapping to POSIX semantics in the same +code. If you look in smbd/reply.c in Samba3 you see numerous places +where POSIX assumptions are mixed tightly with SMB parsing code. We +did have a VFS layer in Samba3, but it was a POSIX-like VFS layer, so +no matter how you wrote a plugin you could not bypass the POSIX +mapping decisions that had already been made before the VFS layer was +called. + +In Samba4 things are quite different. All SMB parsing is performed in +the smbd front end, then fully parsed requests are passed to the NTVFS +backend. That backend makes any semantic mapping decisions and fills +in the 'out' portion of the request. The front end is then responsible +for putting those results into wire format and sending them to the +client. + +Lets have a look at one of those request structures. Go and read the +definition of "union smb_write" and "enum write_level" in +include/smb_interfaces.h. (no, don't just skip reading it, really go +and read it. Yes, that means you!). + +Notice the union? That's how Samba4 allows a single NTVFS backend +interface to handle the several different ways of doing a write +operation in the SMB protocol. Now lets look at one section of that +union: + + /* SMBwriteX interface */ + struct { + enum write_level level; + + struct { + uint16 fnum; + SMB_BIG_UINT offset; + uint16 wmode; + uint16 remaining; + uint32 count; + const char *data; + } in; + struct { + uint32 nwritten; + uint16 remaining; + } out; + } writex; + +see the "in" and "out" sections? The "in" section is for parameters +that the SMB client sends on the wire as part of the request. The smbd +front end parse code parses the wire request and fills in all those +parameters. It then calls the NTVFS interface which looks like this: + + NTSTATUS (*write)(struct request_context *req, union smb_write *io); + +and the NTVFS backend does the write request. The backend then fills +in the "out" section of the writex structure and gives the union back +to the front end (either by returning, or if done in an async fashion +then by calling the async send function. See the async discussion +elsewhere in this document). + +The NTVFS backend knows which particular function is being requested +by looking at io->generic.level. Notice that this enum is also +repeated inside each of the sub-structures in the union, so the +backend could just as easily look at io->writex.level and would get +the same variable. + +Notice also that some levels (such as splwrite) don't have an "out" +section. This happens because there is no return value apart from a +status code from those SMB calls. + +So what about status codes? The status code is returned directly by +the backend NTVFS interface when the call is performed +synchronously. When performed asynchronously then the status code is +put into req->async.status before the req->async.send_fn() callback is +called. + +Currently the most complete NTVFS backend is the CIFS backend. I don't +expect this backend will be used much in production, but it does +provide the ideal test case for our NTVFS design. As it offers the +full capabilities that are possible with a CIFS server we can be sure +that we don't have any gaping holes in our APIs, and that the front +end code is flexible enough to handle any advances in the NT style +feature sets of Unix filesystems that make come along. + + +Process Models +-------------- + +In Samba3 we supported just one process model. It just so happens that +the process model that Samba3 supported is the "right" one for most +users, but there are situations where this model wasn't ideal. + +In Samba4 you can choose the smbd process model on the smbd command +line. + + +DCERPC binding strings +---------------------- + +When connecting to a dcerpc service you need to specify a binding +string. + +The format is: + + TRANSPORT:host[flags] + +where TRANSPORT is either ncacn_np for SMB or ncacn_ip_tcp for RPC/TCP + +"host" is an IP or hostname or netbios name. If the binding string +identifies the server side of an endpoint, "host" may be an empty +string. + +"flags" can include a SMB pipe name if using the ncacn_np transport or +a TCP port number if using the ncacn_ip_tcp transport, otherwise they +will be auto-determined. + +other recognised flags are: + + sign : enable ntlmssp signing + seal : enable ntlmssp sealing + spnego : use SPNEGO instead of NTLMSSP authentication + krb5 : use KRB5 instead of NTLMSSP authentication + connect : enable rpc connect level auth (auth, but no sign or seal) + validate : enable the NDR validator + print : enable debugging of the packets + bigendian : use bigendian RPC + padcheck : check reply data for non-zero pad bytes + + +Here are some examples: + + ncacn_np:myserver + ncacn_np:myserver[samr] + ncacn_np:myserver[\pipe\samr] + ncacn_np:myserver[/pipe/samr] + ncacn_np:myserver[samr,sign,print] + ncacn_np:myserver[sign,spnego] + ncacn_np:myserver[\pipe\samr,sign,seal,bigendian] + ncacn_np:myserver[/pipe/samr,seal,validate] + ncacn_np: + ncacn_np:[/pipe/samr] + ncacn_ip_tcp:myserver + ncacn_ip_tcp:myserver[1024] + ncacn_ip_tcp:myserver[sign,seal] + ncacn_ip_tcp:myserver[spnego,seal] + + +IDEA: Maybe extend UNC names like this? + + smbclient //server/share + smbclient //server/share[sign,seal,spnego] + +DCERPC Handles +-------------- +The various handles that are used in the RPC servers should be created and +fetch using the dcesrv_handle_* functions. + +Use dcesrv_handle_new(struct dcesrv_connection *, uint8 handle_type) to obtain +a new handle of the specified type. Handle types are unique within each +pipe. + +The handle can later be fetched again using +struct dcesrv_handle *dcesrv_handle_fetch(struct dcesrv_connection *dce_conn, struct policy_handle *p, uint8 handle_type) +and destroyed by dcesrv_handle_destroy(struct dcesrv_handle *). + +User data should be stored in the 'data' member of the dcesrv_handle struct. + + +MSRPC +----- + + + + - ntvfs + - testing + - command line handling + - libcli structure + - posix reliance + - uid/gid handling + - process models + - static data + - msrpc + + +don't zero structures! avoid ZERO_STRUCT() and talloc_zero() + + +GMT vs TZ in printout of QFILEINFO timezones + +put in full UNC path in tconx + +test timezone handling by using a server in different zone from client + +do {} while (0) system + +NT_STATUS_IS_OK() is NOT the opposite of NT_STATUS_IS_ERR() + +need to implement secondary parts of trans2 and nttrans in server and +client + +document access_mask in openx reply + +check all capabilities and flag1, flag2 fields (eg. EAs) + +large files -> pass thru levels + +setpathinfo is very fussy about null termination of the file name + +the overwrite flag doesn't seem to work on setpathinfo RENAME_INFORMATION + +END_OF_FILE_INFORMATION and ALLOCATION_INFORMATION don't seem to work +via setpathinfo + +on w2k3 setpathinfo DISPOSITION_INFORMATION fails, but does have an +effect. It leaves the file with SHARING_VIOLATION. + +on w2k3 trans2 setpathinfo with any invalid low numbered level causes +the file to get into a state where DELETE_PENDING is reported, and the +file cannot be deleted until you reboot + +trans2 qpathinfo doesn't see the delete_pending flag correctly, but +qfileinfo does! + +get rid of pstring, fstring, strtok + +add programming documentation note about lp_set_cmdline() + +need to add a wct checking function in all client parsing code, +similar to REQ_CHECK_WCT() + +need to make sure that NTTIME is a round number of seconds when +converted from time_t + +not using a zero next offset in SMB_FILE_STREAM_INFORMATION for last +entry causes explorer exception under win2000 + + +if the server sets the session key the same for a second SMB socket as +an initial socket then the client will not re-authenticate, it will go +straight to a tconx, skipping session setup and will use all the +existing parameters! This allows two sockets with the same keys!? + + +removed blocking lock code, we now queue the whole request the same as +we queue any other pending request. This allows for things like a +close() while a pending blocking lock is being processed to operate +sanely. + +disabled change notify code + +disabled oplock code + + + +MILESTONES +========== + + +client library and test code +---------------------------- + + convert client library to new structure + get smbtorture working + get smbclient working + expand client library for all requests + write per-request test suite + gentest randomised test suite + separate client code as a library for non-Samba use + +server code +----------- + add remaining core SMB requests + add IPC layer + add nttrans layer + add rpc layer + fix auth models (share, server, rpc) + get net command working + connect CIFS backend to server level auth + get nmbd working + get winbindd working + reconnect printing code + restore removed smbd options + add smb.conf macro substitution code + add async backend notification + add generic timer event mechanism + +clustering code +--------------- + + write CIFS backend + new server models (break 1-1) + test clustered models + add fulcrum statistics gathering + +docs +---- + + conference paper + developer docs + +svn instructions + +Ideas +----- + + - store all config in config.ldb + + - load from smb.conf if modtime changes + + - dump full system config with ldbsearch + + - will need the ability to form a ldif difference file + + - advanced web admin via a web ldb editor + + - normal web admin via web forms -> ldif + + - config.ldb will replace smb.conf, secrets.tdb, shares.tdb etc + + - subsystems in smbd will load config parameters for a share + using ldbsearch at tconx time + + - need a loadparm equivalent module that provides parameter defaults + + - start smbd like this: "smbd -C tdb://etc/samba/config.ldb" or + "smbd -C ldapi://var/run/ldapi" + + - write a tool that generates a template ldap schema from an existing + ldb+tdb file + + - no need to HUP smbd to reload config + + - how to handle configuration comments? same problem as SWAT + + +BUGS: + add a test case for last_entry_offset in trans2 find interfaces + conn refused + connect -> errno + no 137 resolution not possible + should not fallback to anon when pass supplied + should check pass-thu cap bit, and skip lots of tests + possibly allow the test suite to say "allow oversized replies" for + trans2 and other calls + handle servers that don't have the setattre call in torture + add max file coponent length test and max path len test + check for alloc failure in all core reply.c and trans2.c code where + allocation size depends on client parameter + +case-insenstive idea: + all filenames on disk lowercase + real case in extended attribute + keep cache of what dirs are all lowercase + when searching for name, don't search if dir is definately all lowercase + when creating file, use dnotify to tell if someone else creates at + same time + +solve del *.* idea: + make mangle cache dynamic size + fill during a dir scan + setup a timer + destroy cache after 30 sec + destroy if a 2nd dir scan happens on same dir + diff --git a/Samba/services/json.esp b/Samba/services/json.esp new file mode 100644 index 0000000..6c59db0 --- /dev/null +++ b/Samba/services/json.esp @@ -0,0 +1,269 @@ +<% + +/* + * Copyright: + * (C) 2006 by Derrell Lipman + * All rights reserved + * + * License: + * LGPL 2.1: http://creativecommons.org/licenses/LGPL/2.1/ + */ + +/* + * This module provides a JSON encoder. + */ + + +/* escape a string as required by json */ +function _escape(s) +{ + var i; + var arr = new Array(); + + for (i = 0; i < strlen(s); i++) + { + var c = substr(s, i, 1); + if (c == '\x00') + { + arr[i] = '\\u0000'; + } + if (Json._internal.convert[c] != undefined) + { + arr[i] = Json._internal.convert[c]; + } + else + { + arr[i] = c; + } + } + + if (arr.length == 0) + { + return ""; + } + + return join("", arr); +} + +/* encode an arbitrary object. called recursively, for object and array */ +function _encode(o) +{ + var type = nativeTypeOf(o); + + if (type == "undefined") + { + return "null"; /* you really shouldn't count on this! */ + } + else if (type == "null") + { + return "null"; + } + else if (type == "boolean") + { + if (o) + { + return "true"; + } + else + { + return "false"; + } + } + else if (type == "c_function" || + type == "js_function" || + type == "string_c_function") + { + /* no output */ + } + else if (type == "float" || + type == "integer" || + type == "integer64") + { + return o + 0; + } + else if (type == "pointer") + { + var x = "" + o; + return '"' + substr(x, 16, strlen(x) - 16 - 1) + '"'; + } + else if (type == "object") + { + var buf; + + /* Is this an array or an ordinary object? */ + if (o["length"] != undefined) + { + var i; + + /* Assume it's an array if there's a length field */ + buf = "["; + for (i = 0; i < o.length; i++) + { + /* + * NOTE: We don't support sparse arrays nor associative + * arrays. Should we later want to do either, we're supposed + * to send it as an object rather than as an array. + */ + if (i > 0) + { + buf = buf + ","; + } + buf = buf + this.encode(o[i]); + } + buf = buf + "]"; + } + else if (o["__type"] == "_JSON_Date") + { + buf = "" + o.encoding(); + } + else + { + /* No length field, so it must be an ordinary object */ + var key; + var first = true; + + buf = "{"; + for (key in o) + { + if (! first) + { + buf = buf + ","; + } + buf = buf + '"' + key + '":' + this.encode(o[key]); + first = false; + } + buf = buf + "}"; + } + + return buf; + } + else if (type == "string") + { + return '"' + this._internal.escape(o) + '"'; + } + else + { + return '{ "unknown_object":"' + type + '"}'; + } +} + +/* Allocate the public Json access object */ +Json = new Object(); + +/* Json.encode(): encode an arbitrary object */ +Json.encode = _encode; +_encode = null; + +/* Json.decode(): decode a string into its object form */ +Json.decode = literal_to_var; + +/* Internal stuff, not for external access */ +Json._internal = new Object(); + +Json._internal.escape = _escape; +_escape = null; + +Json._internal.convert = new Object(); +Json._internal.convert['\b'] = '\\b'; +Json._internal.convert['\t'] = '\\t'; +Json._internal.convert['\n'] = '\\n'; +Json._internal.convert['\f'] = '\\f'; +Json._internal.convert['\r'] = '\\r'; +Json._internal.convert['"'] = '\\"'; +Json._internal.convert['\\'] = '\\\\'; +Json._internal.convert['\x01'] = '\\u0001'; +Json._internal.convert['\x02'] = '\\u0002'; +Json._internal.convert['\x03'] = '\\u0003'; +Json._internal.convert['\x04'] = '\\u0004'; +Json._internal.convert['\x05'] = '\\u0005'; +Json._internal.convert['\x06'] = '\\u0006'; +Json._internal.convert['\x07'] = '\\u0007'; +Json._internal.convert['\x08'] = '\\u0008'; +Json._internal.convert['\x09'] = '\\u0009'; +Json._internal.convert['\x0a'] = '\\u000a'; +Json._internal.convert['\x0b'] = '\\u000b'; +Json._internal.convert['\x0c'] = '\\u000c'; +Json._internal.convert['\x0d'] = '\\u000d'; +Json._internal.convert['\x0e'] = '\\u000e'; +Json._internal.convert['\x0f'] = '\\u000f'; +Json._internal.convert['\x10'] = '\\u0010'; +Json._internal.convert['\x11'] = '\\u0011'; +Json._internal.convert['\x12'] = '\\u0012'; +Json._internal.convert['\x13'] = '\\u0013'; +Json._internal.convert['\x14'] = '\\u0014'; +Json._internal.convert['\x15'] = '\\u0015'; +Json._internal.convert['\x16'] = '\\u0016'; +Json._internal.convert['\x17'] = '\\u0017'; +Json._internal.convert['\x18'] = '\\u0018'; +Json._internal.convert['\x19'] = '\\u0019'; +Json._internal.convert['\x1a'] = '\\u001a'; +Json._internal.convert['\x1b'] = '\\u001b'; +Json._internal.convert['\x1c'] = '\\u001c'; +Json._internal.convert['\x1d'] = '\\u001d'; +Json._internal.convert['\x1e'] = '\\u001e'; +Json._internal.convert['\x1f'] = '\\u001f'; +/* + * At some point, we probably want to add \x80-\xff as well, and it's then + * probably more efficient to generate these strings dynamically. (Even now + * it may be, but this was the the way I started, and so it remains.) + */ + + +/* Test it */ +/* +libinclude("base.js"); +function testFormat() +{ + var test = new Object(); + test.int = 23; + test.str = "hello world"; + test.float = 223.1; + test.bool = true; + test.array = new Array(); + test.array[0] = "hello"; + test.array[1] = "world"; + test.obj = new Object(); + test.obj.int = 1000; + test.obj.array = new Array(); + test.obj.array[0] = 42; + test.obj.array[1] = 223; + printf("%s\n", Json.encode(test)); +} +testFormat(); +*/ + +/* +libinclude("base.js"); +function testParse() +{ + var s; + + s = '{ "x" : 23 }'; + obj = Json.decode(s); + printf("Decode/encode of\n\t%s\nyielded\n\t%s\n\n", s, Json.encode(obj)); + + s = '{ "x" : [ 23, 42] }'; + obj = Json.decode(s); + printf("Decode/encode of\n\t%s\nyielded\n\t%s\n\n", s, Json.encode(obj)); + + s = '[ 13, 19, { "x" : [ 23, 42] }, 223 ]'; + obj = Json.decode(s); + printf("Decode/encode of\n\t%s\nyielded\n\t%s\n\n", s, Json.encode(obj)); + + s = '{ "x" : [ "hi" ] }'; + obj = Json.decode(s); + printf("Decode/encode of\n\t%s\nyielded\n\t%s\n\n", s, Json.encode(obj)); + + s = '[ 13, 19, { "x" : [ 23, 42, { "y":{"a":"hello", "b":"world", "c":[1,2,3]}}] }, 223 ]'; + obj = Json.decode(s); + printf("Decode/encode of\n\t%s\nyielded\n\t%s\n\n", s, Json.encode(obj)); +} +testParse(); +*/ + +/* + * Local Variables: + * mode: c + * End: + */ +%> diff --git a/Samba/services/json_auth.esp b/Samba/services/json_auth.esp new file mode 100644 index 0000000..2d58b6e --- /dev/null +++ b/Samba/services/json_auth.esp @@ -0,0 +1,13 @@ +<% +/* Return true to allow access; false otherwise */ +function json_authenticate(serviceComponents, method) +{ + return true; +} + +/* + * Local Variables: + * mode: c + * End: + */ +%> diff --git a/Samba/services/jsondate.esp b/Samba/services/jsondate.esp new file mode 100644 index 0000000..3467228 --- /dev/null +++ b/Samba/services/jsondate.esp @@ -0,0 +1,200 @@ +<% +/* + * Copyright: + * (C) 2006 by Derrell Lipman + * All rights reserved + * + * License: + * LGPL 2.1: http://creativecommons.org/licenses/LGPL/2.1/ + */ + +/* + * Date class for JSON-RPC + */ + + +function _JSON_Date_create(secondsSinceEpoch) +{ + var o = new Object(); + o.__type = "_JSON_Date"; + + function _setUtcDateTimeFields(year, month, day, hour, minute, second, millisecond) + { + this.year = year + 0; + this.month = month + 0; + this.day = day + 0; + this.hour = hour + 0; + this.minute = minute + 0; + this.second = second + 0; + this.millisecond = millisecond + 0; + } + + o.setUtcYear = _setUtcDateTimeFields; + + function _setUtcYear(year) + { + this.year = year + 0; + } + o.setUtcYear = _setUtcYear; + + function _setUtcMonth(month) + { + this.month = month + 0; + } + o.setUtcMonth = _setUtcMonth; + + function _setUtcDay(day) + { + this.day = day + 0; + } + o.setUtcDay = _setUtcDay; + + function _setUtcHour(hour) + { + this.hour = hour + 0; + } + o.setUtcHour = _setUtcHour; + + function _setUtcMinute(minute) + { + this.minute = minute + 0; + } + o.setUtcMinute = _setUtcMinute; + + function _setUtcSecond(second) + { + this.second = second + 0; + } + o.setUtcSecond = _setUtcSecond; + + function _setUtcMillisecond(millisecond) + { + this.millisecond = millisecond + 0; + } + o.setUtcMillisecond = _setUtcMillisecond; + + function _setEpochTime(secondsSinceEpoch) + { + var microseconds = 0; + + if (typeof(secondsSinceEpoch) != "number") + { + var currentTime = gettimeofday(); + secondsSinceEpoch = currentTime.sec; + microseconds = currentTime.usec; + } + + var tm = gmtime(secondsSinceEpoch); + + this.year = 1900 + tm.tm_year; + this.month = tm.tm_mon; + this.day = tm.tm_mday; + this.hour = tm.tm_hour; + this.minute = tm.tm_min; + this.second = tm.tm_sec; + this.millisecond = 0; + } + o.setEpochTime = _setEpochTime; + + function _getUtcYear() + { + return this.year; + } + o.getUtcYear = _getUtcYear; + + function _getUtcMonth() + { + return this.month; + } + o.getUtcMonth = _getUtcMonth; + + function _getUtcDay() + { + return this.day; + } + o.getUtcDay = _getUtcDay; + + function _getUtcHour() + { + return this.hour; + } + o.getUtcHour = _getUtcHour; + + function _getUtcMinute() + { + return this.minute; + } + o.getUtcMinute = _getUtcMinute; + + function _getUtcSecond() + { + return this.second; + } + o.getUtcSecond = _getUtcSecond; + + function _getUtcMillisecond() + { + return this.millisecond; + } + o.getUtcMillisecond = _getUtcMillisecond; + + function _getEpochTime() + { + var tm = new Object(); + tm.tm_sec = this.second; + tm.tm_min = this.minute; + tm.tm_hour = this.hour; + tm.tm_mday = -1; + tm.tm_mon = this.month; + tm.tm_year = this.year; + tm.tm_wday = -1; + tm.tm_yday = -1; + tm.isdst = 0; + return gmmktime(tm); + } + o.getEpochTime = _getEpochTime; + + function _encoding() + { + /* Encode the date in a well-documented fashion */ + return sprintf("new Date(Date.UTC(%d,%d,%d,%d,%d,%d,%d))", + this.year, + this.month, + this.day, + this.hour, + this.minute, + this.second, + this.millisecond); + } + o.encoding = _encoding; + + if (! secondsSinceEpoch) + { + var now = gettimeofday(); + o.setEpochTime(now.sec); + } + else + { + o.setEpochTime(secondsSinceEpoch); + } + o.year = 0; + o.month = 0; + o.day = 0; + o.hour = 0; + o.minute = 0; + o.second = 0; + o.millisecond = 0; + return o; +} + +JSON_Date = new Object(); +JSON_Date.create = _JSON_Date_create; +_JSON_Date_create = null; + + +/* + * Local Variables: + * mode: c + * End: + */ +%> diff --git a/Samba/services/qooxdoo/test.esp b/Samba/services/qooxdoo/test.esp new file mode 100644 index 0000000..e8686dc --- /dev/null +++ b/Samba/services/qooxdoo/test.esp @@ -0,0 +1,236 @@ +<% +/* + * Copyright: + * (C) 2006 by Derrell Lipman + * All rights reserved + * + * License: + * LGPL 2.1: http://creativecommons.org/licenses/LGPL/2.1/ + */ + +/* + * This is the standard qooxdoo test class. There are tests for each of the + * primitive types here, along with standard named tests "echo", "sink" and + * "sleep". + */ + +/** + * Echo the (one and only) parameter. + * + * @param params + * An array containing the parameters to this method + * + * @param error + * An object of class JsonRpcError. + * + * @return + * Success: The object containing the result of the method; + * Failure: null + */ +function _echo(params, error) +{ + if (params.length != 1) + { + error.setError(JsonRpcError_ParameterMismatch, + "Expected 1 parameter; got " + params.length); + return error; + } + return "Client said: [" + params[0] + "]"; +} +jsonrpc.method.echo = _echo; + +/** + * Sink all data and never return. + * + * @param params + * An array containing the parameters to this method (none expected) + * + * @param error + * An object of class JsonRpcError. + * + * @return + * "Never" + */ +function _sink(params, error) +{ + /* We're never supposed to return. Just sleep for a very long time. */ + sleep(240); +} +jsonrpc.method.sink = _sink; + +/** + * Sleep for the number of seconds specified by the parameter. + * + * @param params + * An array containing the parameters to this method (one expected) + * + * @param error + * An object of class JsonRpcError. + * + * @return + * Success: The object containing the result of the method; + * Failure: null + */ +function _sleep(params, error) +{ + if (params.length != 1) + { + error.setError(JsonRpcError_ParameterMismatch, + "Expected 1 parameter; got " + params.length); + return error; + } + + sleep(params[0]); + return params[0]; +} +jsonrpc.method.sleep = _sleep; + +/*************************************************************************/ + +/* + * The remainder of the functions test each individual primitive type, and + * test echoing arbitrary types. Hopefully the name is self-explanatory. + */ + +function _getInteger(params, error) +{ + return 1; +} +jsonrpc.method.getInteger = _getInteger; + +function _getFloat(params, error) +{ + return 1/3; +} +jsonrpc.method.getFloat = _getFloat; + +function _getString(params, error) +{ + return "Hello world"; +} +jsonrpc.method.getString = _getString; + +function _getBadString(params, error) +{ + return ""; +} +jsonrpc.method.getBadString = _getBadString; + +function _getArrayInteger(params, error) +{ + return new Array(1, 2, 3, 4); +} +jsonrpc.method.getArrayInteger = _getArrayInteger; + +function _getArrayString(params, error) +{ + return new Array("one", "two", "three", "four"); +} +jsonrpc.method.getArrayString = _getArrayString; + +function _getObject(params, error) +{ + o = new Object(); // some arbitrary object + o.something = 23; + o.garbage = 'lkasjdff;lajsdfkl;sadf'; + return o; +} +jsonrpc.method.getObject = _getObject; + +function _getTrue(params, error) +{ + return true; +} +jsonrpc.method.getTrue = _getTrue; + +function _getFalse(params, error) +{ + return false; +} +jsonrpc.method.getFalse = _getFalse; + +function _getNull(params, error) +{ + return null; +} +jsonrpc.method.getNull = _getNull; + +function _isInteger(params, error) +{ + var type = nativeTypeOf(params[0]); + return type == "integer" || type == "integer64"; +} +jsonrpc.method.isInteger = _isInteger; + +function _isFloat(params, error) +{ + return nativeTypeOf(params[0]) == "float"; +} +jsonrpc.method.isFloat = _isFloat; + +function _isString(params, error) +{ + return nativeTypeOf(params[0]) == "string"; +} +jsonrpc.method.isString = _isString; + +function _isBoolean(params, error) +{ + return nativeTypeOf(params[0]) == "boolean"; +} +jsonrpc.method.isBoolean = _isBoolean; + +function _isArray(params, error) +{ + return nativeTypeOf(params[0]) == "object" && params.length != undefined; +} +jsonrpc.method.isArray = _isArray; + +function _isObject(params, error) +{ + return nativeTypeOf(params[0]) == "object"; +} +jsonrpc.method.isObject = _isObject; + +function _isNull(params, error) +{ + return nativeTypeOf(params[0]) == "null"; +} +jsonrpc.method.isNull = _isNull; + +function _getParams(params, error) +{ + return params; +} +jsonrpc.method.getParams = _getParams; + +function _getParam(params, error) +{ + return params[0]; +} +jsonrpc.method.getParam = _getParam; + +function _getCurrentTimestamp() +{ + now = gettimeofday(); + obj = new Object(); + obj.now = now.sec; + obj.json = JSON_Date.create(now); + return obj; +} +jsonrpc.method.getCurrentTimestamp = _getCurrentTimestamp; + +function _getError(params, error) +{ + error.setError(23, "This is an application-provided error"); + return error; +} +jsonrpc.method.getError = _getError; + + +/* + * Local Variables: + * mode: c + * End: + */ +%> diff --git a/Samba/services/request.esp b/Samba/services/request.esp new file mode 100644 index 0000000..970ea6b --- /dev/null +++ b/Samba/services/request.esp @@ -0,0 +1,492 @@ +<% + +/* + * Copyright: + * (C) 2006 by Derrell Lipman + * All rights reserved + * + * License: + * LGPL 2.1: http://creativecommons.org/licenses/LGPL/2.1/ + */ + +/* + * This is a simple JSON-RPC server. + */ + + +/* Bring in the json format/parse functions */ +jsonrpc_include("json.esp"); + +/* Bring in the date class */ +jsonrpc_include("jsondate.esp"); + +/* Load the authentication script */ +jsonrpc_include("json_auth.esp"); + + +/* bring the string functions into the global frame */ +string_init(global); + +/* Bring the system functions into the global frame */ +sys_init(global); + +function printf() +{ + print(vsprintf(arguments)); +} + + +/* + * All of our manipulation of JSON RPC methods will be through this object. + * Each class of methods will assign to here, and all of the constants will + * also be in this object. + */ +jsonrpc = new Object(); +jsonrpc.Constant = new Object(); +jsonrpc.Constant.ErrorOrigin = new Object(); /* error origins */ +jsonrpc.Constant.ErrorCode = new Object(); /* server-generated error codes */ +jsonrpc.method = new Object(); /* methods available in requested class */ + +/* + * ScriptTransport constants + */ +jsonrpc.Constant.ScriptTransport = new Object(); +jsonrpc.Constant.ScriptTransport.NotInUse = -1; + + +/* + * JSON-RPC error origin constants + */ +jsonrpc.Constant.ErrorOrigin.Server = 1; +jsonrpc.Constant.ErrorOrigin.Application = 2; +jsonrpc.Constant.ErrorOrigin.Transport = 3; +jsonrpc.Constant.ErrorOrigin.Client = 4; + + + +/* + * JSON-RPC server-generated error code constants + */ + +/** + * Error code, value 0: Unknown Error + * + * The default error code, used only when no specific error code is passed to + * the JsonRpcError constructor. This code should generally not be used. + */ +jsonrpc.Constant.ErrorCode.Unknown = 0; + +/** + * Error code, value 1: Illegal Service + * + * The service name contains illegal characters or is otherwise deemed + * unacceptable to the JSON-RPC server. + */ +jsonrpc.Constant.ErrorCode.IllegalService = 1; + +/** + * Error code, value 2: Service Not Found + * + * The requested service does not exist at the JSON-RPC server. + */ +jsonrpc.Constant.ErrorCode.ServiceNotFound = 2; + +/** + * Error code, value 3: Class Not Found + * + * If the JSON-RPC server divides service methods into subsets (classes), this + * indicates that the specified class was not found. This is slightly more + * detailed than "Method Not Found", but that error would always also be legal + * (and true) whenever this one is returned. (Not used in this implementation) + */ +jsonrpc.Constant.ErrorCode.ClassNotFound = 3; // not used in this implementation + +/** + * Error code, value 4: Method Not Found + * + * The method specified in the request is not found in the requested service. + */ +jsonrpc.Constant.ErrorCode.MethodNotFound = 4; + +/* + * Error code, value 5: Parameter Mismatch + * + * If a method discovers that the parameters (arguments) provided to it do not + * match the requisite types for the method's parameters, it should return + * this error code to indicate so to the caller. + * + * This error is also used to indicate an illegal parameter value, in server + * scripts. + */ +jsonrpc.Constant.ErrorCode.ParameterMismatch = 5; + +/** + * Error code, value 6: Permission Denied + * + * A JSON-RPC service provider can require authentication, and that + * authentication can be implemented such the method takes authentication + * parameters, or such that a method or class of methods requires prior + * authentication. If the caller has not properly authenticated to use the + * requested method, this error code is returned. + */ +jsonrpc.Constant.ErrorCode.PermissionDenied = 6; + +/* + * Error code, value 7: Unexpected Output + * + * The called method illegally generated output to the browser, which would + * have preceeded the JSON-RPC data. + */ +jsonrpc.Constant.ErrorCode.UnexpectedOutput = 7; + +/* + * Error code, value 8: Resource Error + * + * Too many resources were requested, a system limitation on the total number + * of resources has been reached, or a resource or resource id was misused. + */ +jsonrpc.Constant.ErrorCode.ResourceError = 8; + + + + + +function sendReply(reply, scriptTransportId) +{ + /* If not using ScriptTransport... */ + if (scriptTransportId == jsonrpc.Constant.ScriptTransport.NotInUse) + { + /* ... then just output the reply. */ + write(reply); + } + else + { + /* Otherwise, we need to add a call to a qooxdoo-specific function */ + reply = + "qx.io.remote.ScriptTransport._requestFinished(" + + scriptTransportId + ", " + reply + + ");"; + write(reply); + } +} + + +function _jsonValidRequest(req) +{ + if (req == undefined) + { + return false; + } + + if (typeof(req) != "object") + { + return false; + } + + if (req["id"] == undefined) + { + return false; + } + + if (req["service"] == undefined) + { + return false; + } + + if (req["method"] == undefined) + { + return false; + } + + if (req["params"] == undefined) + { + return false; + } + + return true; +} +jsonrpc.validRequest = _jsonValidRequest; +_jsonValidRequest = null; + +/* + * class JsonRpcError + * + * This class allows service methods to easily provide error information for + * return via JSON-RPC. + */ +function _JsonRpcError_create(origin, code, message) +{ + var o = new Object(); + + o.data = new Object(); + o.data.origin = origin; + o.data.code = code; + o.data.message = message; + o.scriptTransportId = jsonrpc.Constant.ScriptTransport.NotInUse; + o.__type = "_JsonRpcError"; + + function _origin(origin) + { + this.data.origin = origin; + } + o.setOrigin = _origin; + + function _setError(code, message) + { + this.data.code = code; + this.data.message = message; + } + o.setError = _setError; + + function _setId(id) + { + this.id = id; + } + o.setId = _setId; + + function _setScriptTransportId(id) + { + this.scriptTransportId = id; + } + o.setScriptTransportId = _setScriptTransportId; + + function _Send() + { + var error = this; + var id = this.id; + var ret = new Object(); + ret.error = this.data; + ret.id = this.id; + sendReply(Json.encode(ret), this.scriptTransportId); + } + o.Send = _Send; + + return o; +} + +jsonrpc.createError = _JsonRpcError_create; +_JsonRpcError_create = null; + +/* + * 'input' is the user-provided json-encoded request + * 'jsonInput' is that request, decoded into its object form + */ +var input; +var jsonInput = null; + +/* Allocate a generic error object */ +error = jsonrpc.createError(jsonrpc.Constant.ErrorOrigin.Server, + jsonrpc.Constant.ErrorCode.Unknown, + "Unknown error"); + +/* Assume (default) we're not using ScriptTransport */ +scriptTransportId = jsonrpc.Constant.ScriptTransport.NotInUse; + +/* What type of request did we receive? */ +if (request["REQUEST_METHOD"] == "POST" && + request["CONTENT_TYPE"] == "text/json") +{ + /* We found literal POSTed json-rpc data (we hope) */ + input = request["POST_DATA"]; + jsonInput = Json.decode(input); +} +else if (request["REQUEST_METHOD"] == "GET" && + form["_ScriptTransport_id"] != undefined && + form["_ScriptTransport_data"] != undefined) +{ + /* We have what looks like a valid ScriptTransport request */ + scriptTransportId = form["_ScriptTransport_id"]; + error.setScriptTransportId(scriptTransportId); + input = form["_ScriptTransport_data"]; + jsonInput = Json.decode(input); +} + +/* Ensure that this was a JSON-RPC service request */ +if (! jsonrpc.validRequest(jsonInput)) +{ + /* + * This request was not issued with JSON-RPC so echo the error rather than + * issuing a JsonRpcError response. + */ + write("JSON-RPC request expected; service, method or params missing
"); + return; +} + +/* + * Ok, it looks like JSON-RPC, so we'll return an Error object if we encounter + * errors from here on out. + */ +error.setId(jsonInput.id); + +/* Service and method names may contain these characters */ +var nameChars = + "_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; + +/* The first letter of service and method names must be a letter */ +var nameFirstLetter = + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + +/* + * Ensure the method name is kosher. A meethod name should be: + * + * - first character is in [a-zA-Z] + * - other characters are in [_a-zA-Z0-9] + */ + +/* First check for legal characters */ +if (strspn(jsonInput.method, nameChars) != strlen(jsonInput.method)) +{ + /* There's some illegal character in the service name */ + error.setError(jsonrpc.Constant.ErrorCode.MethodNotFound, + "Illegal character found in method name."); + error.Send(); + return; +} + +/* Now ensure that it begins with a letter */ +if (strspn(substr(jsonInput.method, 0, 1), nameFirstLetter) != 1) +{ + error.setError(jsonrpc.Constant.ErrorCode.MethodNotFound, + "The method name does not begin with a letter"); + error.Send(); + return; +} + +/* + * Ensure the requested service name is kosher. A service name should be: + * + * - a dot-separated sequences of strings; no adjacent dots + * - first character of each string is in [a-zA-Z] + * - other characters are in [_a-zA-Z0-9] + */ + +/* First check for legal characters */ +if (strspn(jsonInput.service, "." + nameChars) != strlen(jsonInput.service)) +{ + /* There's some illegal character in the service name */ + error.setError(jsonrpc.Constant.ErrorCode.IllegalService, + "Illegal character found in service name."); + error.Send(); + return; +} + +/* + * Now ensure there are no double dots. + * + * Frustration with ejs. Result must be NULL, but we can't use the === + * operator: strstr() === null so we have to use typeof. If the result isn't + * null, then it'll be a number and therefore not type "pointer". + */ +if (typeof(strstr(jsonInput.service, "..")) != "pointer") +{ + error.setError(jsonrpc.Constant.ErrorCode.IllegalService, + "Illegal use of two consecutive dots in service name"); + error.Send(); + return; +} + +/* Explode the service name into its dot-separated parts */ +var serviceComponents = split(".", jsonInput.service); + +/* Ensure that each component begins with a letter */ +for (var i = 0; i < serviceComponents.length; i++) +{ + if (strspn(substr(serviceComponents[i], 0, 1), nameFirstLetter) != 1) + { + error.setError(jsonrpc.Constant.ErrorCode.IllegalService, + "A service name component does not begin with a letter"); + error.Send(); + return; + } +} + +/* + * Now replace all dots with slashes so we can locate the service script. We + * also retain the split components of the path, as the class name of the + * service is the last component of the path. + */ +var servicePath = join("/", serviceComponents) + ".esp"; + +/* Load the requested class */ +if (jsonrpc_include(servicePath)) +{ + /* Couldn't find the requested service */ + error.setError(jsonrpc.Constant.ErrorCode.ServiceNotFound, + "Service class `" + servicePath + "` does not exist."); + error.Send(); + return; +} + +/* + * Find the requested method. + * + * What we really want to do here, and could do in any reasonable language, + * is: + * + * method = jsonrpc.method[jsonInput.method]; + * if (method && typeof(method) == "function") ... + * + * The following completely unreasonable sequence of commands is because: + * + * (a) ejs evaluates all OR'ed expressions even if an early one is false, and + * barfs on the typeof(method) call if method is undefined + * + * (b) ejs does not allow comparing against the string "function"!!! What + * the hell is special about that particular string??? + * + * E-gad. What a mess. + */ +var method = jsonrpc.method[jsonInput.method]; +var valid = (method != undefined); +if (valid) +{ + var type = typeof(method); + if (substr(type, 0, 1) != 'f' || substr(type, 1) != "unction") + { + valid = false; + } +} + +if (! valid) +{ + error.setError(jsonrpc.Constant.ErrorCode.MethodNotFound, + "Method `" + method + "` not found."); + error.Send(); + return; +} + +/* Ensure the logged-in user is allowed to issue the requested method */ +if (! json_authenticate(serviceComponents, jsonInput.method)) +{ + error.setError(jsonrpc.Constant.ErrorCode.PermissionDenied, + "Permission denied"); + error.Send(); + return; +} + +/* Most errors from here on out will be Application-generated */ +error.setOrigin(jsonrpc.Constant.ErrorOrigin.Application); + +/* Call the requested method passing it the provided params */ +var retval = method(jsonInput.params, error); + +/* See if the result of the function was actually an error object */ +if (retval["__type"] == "_JsonRpcError") +{ + /* Yup, it was. Return the error */ + retval.Send(); + return; +} + +/* Give 'em what they came for! */ +var ret = new Object(); +ret.result = retval; +ret.id = jsonInput.id; +sendReply(Json.encode(ret), scriptTransportId); + +/* + * Local Variables: + * mode: c + * End: + */ +%> diff --git a/Samba/services/resources.esp b/Samba/services/resources.esp new file mode 100644 index 0000000..d491ed5 --- /dev/null +++ b/Samba/services/resources.esp @@ -0,0 +1,170 @@ +<% + +/* + * Various JSON-RPC calls will want to maintain open resources within a + * session, across multiple calls. We'll provide a standardized way to + * maintain those open resources here, with some protection against rogue + * scripts. + */ + +function _resourcesCreate() +{ + /* The being-created resources object */ + var o = new Object(); + + /* + * The maximum number of resources available to a single session. This + * should be more than is ever needed (even by reasonable recursive + * functions) but limits rogue scripts ability to generate DOS attacks. + */ + o.RESOURCE_LIMIT = 100; + + /* List of current resources */ + o.resourceList = new Object(); + + /* Resource id values will be constantly incrementing; never reset. */ + o.resourceList.id = 0; + + /* We'll maintain our own count of the number of open resources */ + o.resourceList.count = 0; + + + /* + * Set a new saved resource. + */ + function _set(resource, type, error) + { + /* Do they already have the maximum number of resources allocated? */ + if (this.resourceList.count >= this.RESOURCE_LIMIT) + { + /* Yup. */ + error.setOrigin(jsonrpc.Constant.ErrorOrigin.Server); + error.setError(jsonrpc.Constant.ErrorCode.ResourceError, + "Session limit on resources (" + + RESOURCE_LIMIT + + ") exceeded."); + return error; + } + + /* Allocate an object to hold the new resource and its type */ + var r = new Object(); + + /* Save the resource and its type */ + r.resource = resource; + r.type = type; + + /* Add this resource to the list */ + this.resourceList[this.resourceList.id] = r; + + /* There's a new resource in the list! */ + this.resourceList.count++; + + /* + * Return the index of the resource, its resource id, and advance to + * the next resource id for next time. + */ + var id = this.resourceList.id; + this.resourceList.id++; + return id; + } + o.set = _set; + + /* + * Get a previously-saved resource + */ + function _get(resourceId, error) + { + /* Does the specified resource id exist? */ + if (! this.resourceList[resourceId]) + { + /* Nope. */ + error.setOrigin(jsonrpc.Constant.ErrorOrigin.Server); + error.setError(jsonrpc.Constant.ErrorCode.ResourceError, + "Resource not found."); + return error; + } + + /* Retrieve the resource */ + var r = this.resourceList[resourceId]; + + /* Give 'em what they came for! */ + return r.resource; + } + o.get = _get; + + /* + * Find a previously-saved resource + */ + function _find(type, error) + { + /* Does the specified resource id exist? */ + for (var resourceId in this.resourceList) + { + /* Retrieve the resource */ + var r = this.resourceList[resourceId]; + + /* Ignore "id" and "count" integer fields */ + if (typeof(r) == "object") + { + /* Is the specified resource the correct type? */ + if (r.type == type) + { + /* Yup, this is the one they want. */ + return resourceId; + } + } + } + + /* It wasn't found. */ + return undefined; + } + o.find = _find; + + /* + * Release a previously-saved resource, allowing it to be freed + */ + function _release(resourceId, error) + { + /* Does the specified resource id exist? */ + if (! this.resourceList[resourceId]) + { + /* Nope. */ + error.setOrigin(jsonrpc.Constant.ErrorOrigin.Server); + error.setError(jsonrpc.Constant.ErrorCode.ResourceError, + "Resource not found."); + return error; + } + + /* It exists. Delete it. */ + delete this.resourceList[resourceId]; + + /* There's now one fewer resources in the list */ + this.resourceList.count--; + } + o.release = _release; + + /* + * Retrieve the list of resources (for debugging) */ + */ + function _getList(error) + { + return this.resourceList; + } + o.getList = _getList; + + return o; +} + +/* singleton: create session resources list */ +if (! session.resources) +{ + session.resources = _resourcesCreate(); +} + + +/* + * Local Variables: + * mode: c + * End: + */ +%> diff --git a/Samba/services/samba/ldb.esp b/Samba/services/samba/ldb.esp new file mode 100644 index 0000000..2654efe --- /dev/null +++ b/Samba/services/samba/ldb.esp @@ -0,0 +1,632 @@ +<% +/* + * Copyright: + * (C) 2006 by Derrell Lipman + * All rights reserved + * + * License: + * LGPL 2.1: http://creativecommons.org/licenses/LGPL/2.1/ + */ + +/* + * JSON-RPC mappings to the ldb ejs functions + */ + +/* We'll be saving resources in the session */ +jsonrpc_include("resources.esp"); + + +/** + * Local function to determine if the requested database is one which we allow + * access to. + * + * @param dbRequested + * Name of the database which is being requested to be opened + * + * @return + * true if access is allowed; false otherwise. + */ +function accessAllowed(dbRequested) +{ + /* Databases allowed to connect to */ + dbAllowed = new Array(); + dbAllowed[dbAllowed.length] = "sam.ldb"; + + for (var i = 0; i < dbAllowed.length; i++) + { + if (dbRequested == dbAllowed[i]) + { + return true; + } + } + + return false; +} + + +/** + * Connect to a database + * + * @param params[0] + * Database name + * + * @param params[1..n] + * Option (e.g. "modules:modlist") + * + * @param error + * An object of class JsonRpcError. + * + * @return + * Success: The resource id to be used for future access to the database + * Failure: error event + * + * @note + * Credentials or session_info may be set up first. + */ +function _connect(params, error) +{ + if (params.length < 1) + { + error.setError(jsonrpc.Constant.ErrorCode.ParameterMismatch, + "usage: [