add idealx scripts and vfs modules

3 files changed, 507 insertions, 15 deletions

diff --git a/net-fs/samba/files/digest-samba-3.0.0-r1 b/net-fs/samba/files/digest-samba-3.0.0-r1
new file mode 100644
index 000000000000..51eb000cdaf1
--- /dev/null
+++ b/net-fs/samba/files/digest-samba-3.0.0-r1
@@ -0,0 +1,3 @@
+MD5 f54ba49f9a5ef6090272acf8db2e066d samba-3.0.0.tar.bz2 9848974
+MD5 acbcb28cff080dcf2ee732b7f2c0f949 samba-vscan-0.3.4.tar.bz2 131027
+MD5 61858aa44ebc68b485fb9dac2749e82c smbldap-tools-0.8.1.tgz 51142
diff --git a/net-fs/samba/files/smb.conf.example-samba3 b/net-fs/samba/files/smb.conf.example-samba3
new file mode 100644
index 000000000000..29a90dbe0947
--- /dev/null
+++ b/net-fs/samba/files/smb.conf.example-samba3
@@ -0,0 +1,499 @@
+# This is the main Samba configuration file. You should read the
+# smb.conf(5) manual page in order to understand the options listed
+# here. Samba has a huge number of configurable options (perhaps too
+# many!) most of which are not shown in this example
+#
+# Any line which starts with a ; (semi-colon) or a # (hash) 
+# is a comment and is ignored. In this example we will use a #
+# for commentry and a ; for parts of the config file that you
+# may wish to enable
+#
+# NOTE: Whenever you modify this file you should run the command "testparm"
+# to check that you have not made any basic syntactic errors. 
+#
+#======================= Global Settings =====================================
+[global]
+
+# 1. Server Naming Options:
+# workgroup = NT-Domain-Name or Workgroup-Name
+   workgroup = WORKGROUP
+
+# netbios name is the name you will see in "Network Neighbourhood",
+# but defaults to your hostname
+;  netbios name = <name_of_this_server>
+
+# server string is the equivalent of the NT Description field
+   server string = Samba Server %v
+
+# Message command is run by samba when a "popup" message is sent to it.
+# The example below is for use with LinPopUp:
+; message command = /usr/bin/linpopup "%f" "%m" %s; rm %s
+
+# 2. Printing Options:
+# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK
+# if you want to automatically load your printer list rather
+# than setting them up individually then you'll need this
+   printcap name = cups
+   load printers = yes
+
+# It should not be necessary to spell out the print system type unless
+# yours is non-standard. Currently supported print systems include:
+# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
+   printing = cups
+
+# Samba 3.x supports the Windows NT-style point-and-print feature. To
+# use this, you need to be able to upload print drivers to the samba
+# server. The printer admins (or root) may install drivers onto samba.
+# Note that this feature uses the print$ share, so you will need to 
+# enable it below.
+# printer admin = @<group> <user>
+   printer admin = @adm
+# This should work well for winbind:
+;   printer admin = @"Domain Admins"
+
+# 3. Logging Options:
+# this tells Samba to use a separate log file for each machine
+# that connects
+   log file = /var/log/samba3/log.%m
+
+# Put a capping on the size of the log files (in Kb).
+   max log size = 50
+
+# Set the log (verbosity) level (0 <= log level <= 10)
+; log level = 3
+
+# 4. Security and Domain Membership Options:
+# This option is important for security. It allows you to restrict
+# connections to machines which are on your local network. The
+# following example restricts access to two C class networks and
+# the "loopback" interface. For more examples of the syntax see
+# the smb.conf man page. Do not enable this if (tcp/ip) name resolution does
+# not work for all the hosts in your network.
+;   hosts allow = 192.168.1. 192.168.2. 127.
+
+# Uncomment this if you want a guest account, you must add this to /etc/passwd
+# otherwise the user "nobody" is used
+;  guest account = pcguest
+# Allow users to map to guest:
+  map to guest = bad user
+
+# Security mode. Most people will want user level security. See
+# security_level.txt for details.
+   security = user
+# Use password server option only with security = server or security = domain
+# When using security = domain, you should use password server = *
+;   password server = <NT-Server-Name>
+;   password server = *
+
+# Password Level allows matching of _n_ characters of the password for
+# all combinations of upper and lower case.
+;  password level = 8
+;  username level = 8
+
+# You may wish to use password encryption. Please read
+# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
+# Do not enable this option unless you have read those documents
+# Encrypted passwords are required for any use of samba in a Windows NT domain
+# The smbpasswd file is only required by a server doing authentication, thus
+# members of a domain do not need one.
+  encrypt passwords = yes
+  smb passwd file = /etc/samba/private/smbpasswd
+
+# The following are needed to allow password changing from Windows to
+# also update the Linux system password.
+# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
+# NOTE2: You do NOT need these to allow workstations to change only
+#        the encrypted SMB passwords. They allow the Unix password
+#        to be kept in sync with the SMB password.
+;  unix password sync = Yes
+# You either need to setup a passwd program and passwd chat, or
+# enable pam password change
+;  pam password change = yes
+;  passwd program = /usr/bin/passwd %u
+;  passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
+;*passwd:*all*authentication*tokens*updated*successfully*
+
+# Unix users can map to different SMB User names
+;  username map = /etc/samba/smbusers
+
+# Using the following line enables you to customise your configuration
+# on a per machine basis. The %m gets replaced with the netbios name
+# of the machine that is connecting
+;   include = /etc/samba/smb.conf.%m
+
+# Options for using winbind. Winbind allows you to do all account and
+# authentication from a Windows or samba domain controller, creating
+# accounts on the fly, and maintaining a mapping of Windows RIDs to unix uid's 
+# and gid's. winbind uid and winbind gid are the only required parameters.
+#
+# winbind uid is the range of uid's winbind can use when mapping RIDs to uid's
+;  winbind uid = 10000-20000
+#
+# winbind gid is the range of uid's winbind can use when mapping RIDs to gid's
+;  winbind gid = 10000-20000
+#
+# winbind separator is the character a user must use between their domain
+# name and username, defaults to "\"
+;  winbind separator = +
+#
+# winbind use default domain allows you to have winbind return usernames
+# in the form user instead of DOMAIN+user for the domain listed in the
+# workgroup parameter.
+;  winbind use default domain = yes
+#
+# template homedir determines the home directory for winbind users, with 
+# %D expanding to their domain name and %U expanding to their username:
+;  template homedir = /home/%D/%U
+
+# When using winbind, you may want to have samba create home directories
+# on the fly for authenticated users. Ensure that /etc/pam.d/samba is
+# using 'service=system-auth-winbind' in pam_stack modules, and then
+# enable obedience of pam restrictions below:
+;  obey pam restrictions = yes
+
+#
+# template shell determines the shell users authenticated by winbind get
+;  template shell = /bin/bash
+
+# 5. Browser Control and Networking Options:
+# Most people will find that this option gives better performance.
+# See speed.txt and the manual pages for details
+   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
+
+# Configure Samba to use multiple interfaces
+# If you have multiple network interfaces then you must list them
+# here. See the man page for details.
+;   interfaces = 192.168.12.2/24 192.168.13.2/24 
+
+# Configure remote browse list synchronisation here
+#  request announcement to, or browse list sync from:
+#       a specific host or from / to a whole subnet (see below)
+;   remote browse sync = 192.168.3.25 192.168.5.255
+# Cause this host to announce itself to local subnets here
+;   remote announce = 192.168.1.255 192.168.2.44
+
+# set local master to no if you don't want Samba to become a master
+# browser on your network. Otherwise the normal election rules apply
+;   local master = no
+
+# OS Level determines the precedence of this server in master browser
+# elections. The default value should be reasonable
+;   os level = 33
+
+# Domain Master specifies Samba to be the Domain Master Browser. This
+# allows Samba to collate browse lists between subnets. Don't use this
+# if you already have a Windows NT domain controller doing this job
+;   domain master = yes 
+
+# Preferred Master causes Samba to force a local browser election on startup
+# and gives it a slightly higher chance of winning the election
+;   preferred master = yes
+
+# 6. Domain Control Options:
+# Enable this if you want Samba to be a domain logon server for 
+# Windows95 workstations or Primary Domain Controller for WinNT and Win2k
+;   domain logons = yes
+
+# if you enable domain logons then you may want a per-machine or
+# per user logon script
+# run a specific logon batch file per workstation (machine)
+;   logon script = %m.bat
+# run a specific logon batch file per username
+;   logon script = %U.bat
+
+# Where to store roaming profiles for WinNT and Win2k
+#        %L substitutes for this servers netbios name, %U is username
+#        You must uncomment the [Profiles] share below
+;   logon path = \\%L\Profiles\%U
+
+# Where to store roaming profiles for Win9x. Be careful with this as it also
+# impacts where Win2k finds it's /HOME share
+; logon home = \\%L\%U\.profile
+
+
+# The add user script is used by a domain member to add local user accounts
+# that have been authenticated by the domain controller, or when adding
+# users via the Windows NT Tools (ie User Manager for Domains).
+
+# Scripts for file (passwd, smbpasswd) backend:
+; add user script = /usr/sbin/useradd -s /bin/false '%u'
+; delete user script = /usr/sbin/userdel '%s'
+; add user to group script = /usr/bin/gpasswd -a '%u' '%g'
+; delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
+; set primary group script = /usr/sbin/usermod -g '%g' '%u'
+; add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'
+; delete group script = /usr/sbin/groupdel '%g'
+
+# Scripts for LDAP backend (assumes nss_ldap is in use on the domain controller.
+# Needs IDEALX scripts, and configuration in smbldap_conf.pm.
+# This assumes you've installed the IDEALX scripts into /usr/share/samba/scripts...
+; add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'
+; delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'
+; add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m '%u' '%g'
+; delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl -x '%u' '%g'
+; set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g '%g' '%u'
+; add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}'
+; delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'
+
+
+# The add machine script is use by a samba server configured as a domain
+# controller to add local machine accounts when adding machines to the domain.
+# The script must work from the command line when replacing the macros,
+# or the operation will fail. Check that groups exist if forcing a group.
+# Script for domain controller for adding machines:
+; add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u
+# Script for domain controller with LDAP backend for adding machines (You need
+# the IDEALX scripts, and to configure the smbldap_conf.pm first):
+; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u
+
+# Domain groups:
+# Domain groups are now configured by using the 'net groupmap' tool
+
+# Samba Password Database configuration:
+# Samba now has runtime-configurable password database backends. Multiple
+# passdb backends may be used, but users will only be added to the first one
+# Default:
+; passdb backend = smbpasswd guest
+# TDB backen with fallback to smbpasswd and guest
+; passdb backend = tdbsam smbpasswd guest
+# LDAP with fallback to smbpasswd guest
+# Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below.
+; passdb backend = ldapsam:ldaps://ldap.mydomain.com smbpasswd guest
+# Use the samba2 LDAP schema:
+; passdb backend = ldapsam_compat:ldaps://ldap.mydomain.com smbpasswd guest
+
+# idmap uid account range:
+# This is a range of unix user-id's that samba will map non-unix RIDs to,
+# such as when using Winbind
+; idmap uid = 10000-20000
+; idmap gid = 10000-20000
+  
+# LDAP configuration for Domain Controlling:
+# The account (dn) that samba uses to access the LDAP server
+# This account needs to have write access to the LDAP tree
+# You will need to give samba the password for this dn, by 
+# running 'smbpasswd -w mypassword'
+; ldap admin dn = cn=root,dc=mydomain,dc=com
+; ldap ssl = start_tls
+# start_tls should run on 389, but samba defaults incorrectly to 636
+; ldap port = 389
+; ldap suffix = dc=mydomain,dc=com
+; ldap server = ldap.mydomain.com
+# Seperate suffixes are available for machines, users, groups, and idmap, if 
+# ldap suffix appears first, it is appended to the specific suffix.
+# Example for a unix-ish directory layout:
+; ldap machine suffix = ou=Hosts
+; ldap user suffix = ou=People
+; ldap group suffix = ou=Group
+; ldap idmap suffix = ou=Idmap
+# Example for AD-ish layout:
+; ldap machine suffix = cn=Computers
+; ldap user suffix = cn=Users
+; ldap group suffix = cn=Groups
+; ldap idmap suffix = cn=Idmap
+
+
+# 7. Name Resolution Options:
+# All NetBIOS names must be resolved to IP Addresses
+# 'Name Resolve Order' allows the named resolution mechanism to be specified
+# the default order is "host lmhosts wins bcast". "host" means use the unix
+# system gethostbyname() function call that will use either /etc/hosts OR
+# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
+# and the /etc/resolv.conf file. "host" therefore is system configuration
+# dependant. This parameter is most often of use to prevent DNS lookups
+# in order to resolve NetBIOS names to IP Addresses. Use with care!
+# The example below excludes use of name resolution for machines that are NOT
+# on the local network segment
+# - OR - are not deliberately to be known via lmhosts or via WINS.
+; name resolve order = wins lmhosts bcast
+
+# Windows Internet Name Serving Support Section:
+# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
+;   wins support = yes
+
+# WINS Server - Tells the NMBD components of Samba to be a WINS Client
+#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
+;   wins server = w.x.y.z
+
+# WINS Proxy - Tells Samba to answer name resolution queries on
+# behalf of a non WINS capable client, for this to work there must be
+# at least one  WINS Server on the network. The default is NO.
+;   wins proxy = yes
+
+# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
+# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
+# this has been changed in version 1.9.18 to no.
+   dns proxy = no 
+
+# 8. File Naming Options:
+# Case Preservation can be handy - system default is _no_
+# NOTE: These can be set on a per share basis
+;  preserve case = no
+;  short preserve case = no
+# Default case is normally upper case for all DOS files
+;  default case = lower
+# Be very careful with case sensitivity - it can break things!
+;  case sensitive = no
+
+# Enabling internationalization:
+# you can match a Windows code page with a UNIX character set.
+# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
+# 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian),
+# 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul),
+# 950 (Trad. Chin.).
+# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
+# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
+# This is an example for french users:
+;   dos charset = 850
+;   unix charset = ISO8859-1
+
+
+#============================ Share Definitions ==============================
+[homes]
+   comment = Home Directories
+   browseable = no
+   writable = yes
+# You can enable VFS recycle bin on a per share basis:
+# Uncomment the next 2 lines (make sure you create a
+# .recycle folder in the base of the share and ensure
+# all users will have write access to it. See
+# examples/VFS/recycle/REAME in the samba docs for details
+;   vfs object = /usr/lib/samba/vfs/recycle.so
+
+# Un-comment the following and create the netlogon directory for Domain Logons
+; [netlogon]
+;   comment = Network Logon Service
+;   path = /var/lib/samba/netlogon
+;   guest ok = yes
+;   writable = no
+
+# Un-comment the following to provide a specific roving profile share
+# the default is to use the user's home directory
+;[Profiles]
+;    path = /var/lib/samba/profiles
+;    browseable = no
+;    guest ok = yes
+# This script can be enabled to create profile directories on the fly
+# You may want to turn off guest acces if you enable this, as it
+# hasn't been thoroughly tested.
+;root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \
+;                then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi
+
+# NOTE: If you have a CUPS print system there is no need to 
+# specifically define each individual printer.
+# You must configure the samba printers with the appropriate Windows
+# drivers on your Windows clients. On the Samba server no filtering is
+# done. If you wish that the server provides the driver and the clients
+# send PostScript ("Generic PostScript Printer" under Windows), you have
+# to swap the 'print command' line below with the commented one.
+[printers]
+   comment = All Printers
+   path = /var/spool/samba
+   browseable = no
+# to allow user 'guest account' to print.
+   guest ok = yes
+   writable = no
+   printable = yes
+   create mode = 0700
+# =====================================
+# print command: see above for details.
+# =====================================
+   print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.
+;   print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
+# The following two commands are the samba defaults for printing=cups
+# change them only if you need different options:
+;   lpq command = lpq -P %p
+;   lprm command = cancel %p-%j
+
+# This share is used for Windows NT-style point-and-print support.
+# To be able to install drivers, you need to be either root, or listed
+# in the printer admin parameter above. Note that you also need write access
+# to the directory and share definition to be able to upload the drivers.
+# For more information on this, please see the Printing Support Section of
+# /usr/share/doc/samba-<version>/Samba-HOWTO-Collection.pdf 
+[print$]
+   path = /var/lib/samba/printers
+   browseable = yes
+   read only = yes
+   write list = @adm root
+   guest ok = yes
+
+# This one is useful for people to share files
+;[tmp]
+;   comment = Temporary file space
+;   path = /tmp
+;   read only = no
+;   public = yes
+
+# A publicly accessible directory, but read only, except for people in
+# the "staff" group
+;[public]
+;   comment = Public Stuff
+;   path = /home/samba/public
+;   public = yes
+;   writable = no
+;   write list = @staff
+# Audited directory through experimental VFS audit.so module:
+# Uncomment next line.
+;   vfs object = /usr/lib/samba/vfs/audit.so
+
+# Other examples. 
+#
+# A private printer, usable only by Fred. Spool data will be placed in Fred's
+# home directory. Note that fred must have write access to the spool directory,
+# wherever it is.
+;[fredsprn]
+;   comment = Fred's Printer
+;   valid users = fred
+;   path = /homes/fred
+;   printer = freds_printer
+;   public = no
+;   writable = no
+;   printable = yes
+
+# A private directory, usable only by Fred. Note that Fred requires write
+# access to the directory.
+;[fredsdir]
+;   comment = Fred's Service
+;   path = /usr/somewhere/private
+;   valid users = fred
+;   public = no
+;   writable = yes
+;   printable = no
+
+# a service which has a different directory for each machine that connects
+# this allows you to tailor configurations to incoming machines. You could
+# also use the %u option to tailor it by user name.
+# The %m gets replaced with the machine name that is connecting.
+;[pchome]
+;  comment = PC Directories
+;  path = /usr/pc/%m
+;  public = no
+;  writable = yes
+
+# A publicly accessible directory, read/write to all users. Note that all files
+# created in the directory by users will be owned by the default user, so
+# any user with access can delete any other user's files. Obviously this
+# directory must be writable by the default user. Another user could of course
+# be specified, in which case all files would be owned by that user instead.
+;[public]
+;   path = /usr/somewhere/else/public
+;   public = yes
+;   only guest = yes
+;   writable = yes
+;   printable = no
+
+# The following two entries demonstrate how to share a directory so that two
+# users can place files there that will be owned by the specific users. In this
+# setup, the directory should be writable by both users and should have the
+# sticky bit set on it to prevent abuse. Obviously this could be extended to
+# as many users as required.
+;[myshare]
+;   comment = Mary's and Fred's stuff
+;   path = /usr/somewhere/shared
+;   valid users = mary fred
+;   public = no
+;   writable = yes
+;   printable = no
+;   create mask = 0765
+
diff --git a/net-fs/samba/files/winbind-init b/net-fs/samba/files/winbind-init
index 3cd6c3537a0a..410c8e0d3bbb 100644
--- a/net-fs/samba/files/winbind-init
+++ b/net-fs/samba/files/winbind-init
@@ -1,7 +1,7 @@
 #!/sbin/runscript
 # Copyright 1999-2003 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License, v2 or later
-# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/winbind-init,v 1.2 2003/02/14 23:00:20 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/winbind-init,v 1.3 2003/09/26 00:18:47 woodchip Exp $
 
 depend() {
 	need net
@@ -9,22 +9,12 @@ depend() {
 
 start() {
 	ebegin "Starting winbind"
-	start-stop-daemon --start --quiet --exec /usr/sbin/smbd
-	result=$?
-	start-stop-daemon --start --quiet --exec /usr/sbin/nmbd
-	result=$(( $result + $? ))
 	start-stop-daemon --start --quiet --exec /usr/sbin/winbindd
-	result=$(( $result + $? ))
-	eend $result
+	eend $?
 }
 
 stop() {
-	ebegin "Stopping samba"
-	start-stop-daemon --stop --quiet --pidfile /var/run/samba/smbd.pid
-	result=$?
-	start-stop-daemon --stop --quiet --pidfile /var/run/samba/nmbd.pid
-	result=$(( $result + $? ))
-	start-stop-daemon --stop --quiet --pidfile /var/run/samba/winbindd.pid
-	result=$(( $result + $? ))
-	eend $result
+	ebegin "Stopping winbind"
+	start-stop-daemon --stop --quiet --oknodo --exec /usr/sbin/winbindd
+	eend $?
 }