[Pkg-samba-maint] r3293 - in branches/samba/lenny: debian debian/patches docs/htmldocs docs/manpages examples/LDAP source source/client source/include source/lib source/libads source/libgpo source/librpc/gen_ndr source/librpc/idl source/libsmb source/m4 source/modules source/nmbd source/nsswitch source/pam_smbpass source/param source/passdb source/po source/printing source/script source/smbd source/utils source/winbindd

vorlon at alioth.debian.org vorlon at alioth.debian.org
Sat Feb 13 22:40:06 UTC 2010


tags 567554 pending
thanks

Author: vorlon
Date: 2010-02-13 22:40:02 +0000 (Sat, 13 Feb 2010)
New Revision: 3293

Added:
   branches/samba/lenny/debian/patches/security-CVE-2009-3297.patch
Modified:
   branches/samba/lenny/debian/changelog
   branches/samba/lenny/debian/patches/series
   branches/samba/lenny/docs/htmldocs/index.html
   branches/samba/lenny/docs/manpages/lmhosts.5
   branches/samba/lenny/docs/manpages/net.8
   branches/samba/lenny/docs/manpages/nmbd.8
   branches/samba/lenny/docs/manpages/ntlm_auth.1
   branches/samba/lenny/docs/manpages/smb.conf.5
   branches/samba/lenny/docs/manpages/smbd.8
   branches/samba/lenny/docs/manpages/swat.8
   branches/samba/lenny/docs/manpages/tdbbackup.8
   branches/samba/lenny/docs/manpages/winbindd.8
   branches/samba/lenny/examples/LDAP/README
   branches/samba/lenny/source/Makefile.in
   branches/samba/lenny/source/VERSION
   branches/samba/lenny/source/client/client.c
   branches/samba/lenny/source/client/mount.cifs.c
   branches/samba/lenny/source/configure
   branches/samba/lenny/source/configure.in
   branches/samba/lenny/source/include/config.h.in
   branches/samba/lenny/source/include/local.h
   branches/samba/lenny/source/include/smb.h
   branches/samba/lenny/source/lib/system.c
   branches/samba/lenny/source/lib/util.c
   branches/samba/lenny/source/lib/util_sock.c
   branches/samba/lenny/source/libads/ldap.c
   branches/samba/lenny/source/libgpo/gpo_fetch.c
   branches/samba/lenny/source/librpc/gen_ndr/ndr_samr.c
   branches/samba/lenny/source/librpc/idl/samr.idl
   branches/samba/lenny/source/libsmb/clidfs.c
   branches/samba/lenny/source/libsmb/clientgen.c
   branches/samba/lenny/source/libsmb/clilist.c
   branches/samba/lenny/source/libsmb/samlogon_cache.c
   branches/samba/lenny/source/m4/aclocal.m4
   branches/samba/lenny/source/m4/check_path.m4
   branches/samba/lenny/source/modules/vfs_full_audit.c
   branches/samba/lenny/source/modules/vfs_xattr_tdb.c
   branches/samba/lenny/source/nmbd/nmbd_serverlistdb.c
   branches/samba/lenny/source/nsswitch/wins.c
   branches/samba/lenny/source/pam_smbpass/README
   branches/samba/lenny/source/pam_smbpass/pam_smb_acct.c
   branches/samba/lenny/source/pam_smbpass/pam_smb_auth.c
   branches/samba/lenny/source/pam_smbpass/pam_smb_passwd.c
   branches/samba/lenny/source/pam_smbpass/support.c
   branches/samba/lenny/source/pam_smbpass/support.h
   branches/samba/lenny/source/param/loadparm.c
   branches/samba/lenny/source/passdb/login_cache.c
   branches/samba/lenny/source/passdb/pdb_interface.c
   branches/samba/lenny/source/passdb/pdb_ldap.c
   branches/samba/lenny/source/passdb/pdb_tdb.c
   branches/samba/lenny/source/passdb/secrets.c
   branches/samba/lenny/source/po/de.msg
   branches/samba/lenny/source/printing/nt_printing.c
   branches/samba/lenny/source/printing/printing.c
   branches/samba/lenny/source/printing/printing_db.c
   branches/samba/lenny/source/script/installswat.sh
   branches/samba/lenny/source/script/smbtar
   branches/samba/lenny/source/smbd/lanman.c
   branches/samba/lenny/source/smbd/mangle_hash.c
   branches/samba/lenny/source/smbd/open.c
   branches/samba/lenny/source/smbd/posix_acls.c
   branches/samba/lenny/source/smbd/process.c
   branches/samba/lenny/source/smbd/server.c
   branches/samba/lenny/source/smbd/service.c
   branches/samba/lenny/source/utils/smbcontrol.c
   branches/samba/lenny/source/winbindd/idmap_cache.c
   branches/samba/lenny/source/winbindd/idmap_tdb2.c
   branches/samba/lenny/source/winbindd/winbindd_cache.c
Log:
* Security update, fixing the following issues:
  - CVE-2009-3297: fix a race condition that allows an attacker with local
    access to mount remote filesystems over arbitrary mount points via
    a symlink attack.  Closes: #567554.

Modified: branches/samba/lenny/debian/changelog
===================================================================
--- branches/samba/lenny/debian/changelog	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/debian/changelog	2010-02-13 22:40:02 UTC (rev 3293)
@@ -1,3 +1,12 @@
+samba (2:3.2.5-4lenny9) UNRELEASED; urgency=low
+
+  * Security update, fixing the following issues:
+    - CVE-2009-3297: fix a race condition that allows an attacker with local
+      access to mount remote filesystems over arbitrary mount points via
+      a symlink attack.  Closes: #567554.
+
+ -- Steve Langasek <vorlon at debian.org>  Sat, 13 Feb 2010 14:27:42 -0800
+
 samba (2:3.2.5-4lenny8) stable-proposed-updates; urgency=low
 
   * Fix regression in name mangling. Only short

Added: branches/samba/lenny/debian/patches/security-CVE-2009-3297.patch
===================================================================
--- branches/samba/lenny/debian/patches/security-CVE-2009-3297.patch	                        (rev 0)
+++ branches/samba/lenny/debian/patches/security-CVE-2009-3297.patch	2010-02-13 22:40:02 UTC (rev 3293)
@@ -0,0 +1,88 @@
+From eb54b01fb0ad211a386278152c57d65fb081a5d6 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton at redhat.com>
+Date: Tue, 26 Jan 2010 09:16:39 -0500
+Subject: [PATCH 5/7] mount.cifs: take extra care that mountpoint isn't changed during mount
+
+It's possible to trick mount.cifs into mounting onto the wrong directory
+by replacing the mountpoint with a symlink to a directory. mount.cifs
+attempts to check the validity of the mountpoint, but there's still a
+possible race between those checks and the mount(2) syscall.
+
+To guard against this, chdir to the mountpoint very early, and only deal
+with it as "." from then on out.
+
+Signed-off-by: Jeff Layton <jlayton at redhat.com>
+---
+ source/client/mount.cifs.c |   34 ++++++++++++++++++++++++++--------
+ 1 files changed, 26 insertions(+), 8 deletions(-)
+
+diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c
+index 794b720..0fbb790 100644
+--- a/source/client/mount.cifs.c
++++ b/source/client/mount.cifs.c
+@@ -179,7 +179,7 @@ check_mountpoint(const char *progname, char *mountpoint)
+ 	struct stat statbuf;
+ 
+ 	/* does mountpoint exist and is it a directory? */
+-	err = stat(mountpoint, &statbuf);
++	err = stat(".", &statbuf);
+ 	if (err) {
+ 		fprintf(stderr, "%s: failed to stat %s: %s\n", progname,
+ 				mountpoint, strerror(errno));
+@@ -1384,6 +1384,14 @@ int main(int argc, char ** argv)
+ 	}
+ 
+ 	/* make sure mountpoint is legit */
++	rc = chdir(mountpoint);
++	if (rc) {
++		fprintf(stderr, "Couldn't chdir to %s: %s\n", mountpoint,
++				strerror(errno));
++		rc = EX_USAGE;
++		goto mount_exit;
++	}
++
+ 	rc = check_mountpoint(thisprogram, mountpoint);
+ 	if (rc)
+ 		goto mount_exit;
+@@ -1446,13 +1454,23 @@ int main(int argc, char ** argv)
+ 	
+ 	/* BB save off path and pop after mount returns? */
+ 	resolved_path = (char *)malloc(PATH_MAX+1);
+-	if(resolved_path) {
+-		/* Note that if we can not canonicalize the name, we get
+-		another chance to see if it is valid when we chdir to it */
+-		if (realpath(mountpoint, resolved_path)) {
+-			mountpoint = resolved_path; 
+-		}
++	if (!resolved_path) {
++		fprintf(stderr, "Unable to allocate memory.\n");
++		rc = EX_SYSERR;
++		goto mount_exit;
+ 	}
++
++	/* Note that if we can not canonicalize the name, we get
++	   another chance to see if it is valid when we chdir to it */
++	if(!realpath(".", resolved_path)) {
++		fprintf(stderr, "Unable to resolve %s to canonical path: %s\n",
++				mountpoint, strerror(errno));
++		rc = EX_SYSERR;
++		goto mount_exit;
++	}
++
++	mountpoint = resolved_path; 
++
+ 	if(got_user == 0) {
+ 		/* Note that the password will not be retrieved from the
+ 		   USER env variable (ie user%password form) as there is
+@@ -1586,7 +1604,7 @@ mount_retry:
+ 	if (verboseflag)
+ 		fprintf(stderr, "\n");
+ 
+-	if (!fakemnt && mount(dev_name, mountpoint, "cifs", flags, options)) {
++	if (!fakemnt && mount(dev_name, ".", "cifs", flags, options)) {
+ 		switch (errno) {
+ 		case ECONNREFUSED:
+ 		case EHOSTUNREACH:
+-- 
+1.6.6
+

Modified: branches/samba/lenny/debian/patches/series
===================================================================
--- branches/samba/lenny/debian/patches/series	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/debian/patches/series	2010-02-13 22:40:02 UTC (rev 3293)
@@ -22,6 +22,7 @@
 documentation-links-debian.patch
 smbd-prevent-access-to-root-filesystem-when-connect.patch
 bug_500129_upstream_5953.patch
+security-CVE-2009-3297.patch
 bug_509101_upstream_5904.patch
 bug_514151_upstream_5825.patch
 bug_514703_upstream_6021.patch
@@ -39,3 +40,4 @@
 
 bug_561545_upstream_6969.patch
 bug_561545_upstream_7005.patch
+security-CVE-2009-3297.patch

Modified: branches/samba/lenny/docs/htmldocs/index.html
===================================================================
--- branches/samba/lenny/docs/htmldocs/index.html	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/docs/htmldocs/index.html	2010-02-13 22:40:02 UTC (rev 3293)
@@ -23,19 +23,11 @@
  <td valign="top">This book provides example configurations, it documents key aspects of Microsoft Windows networking, provides in-depth insight into the important configuration of Samba-3, and helps to put all of these into a useful framework.</td>
 </tr>
 <tr>
- <td valign="top"><a href="../using_samba/toc.html">Using Samba</a>, 2nd Edition</td>
+ <td valign="top"><a href="using_samba/toc.html">Using Samba</a>, 2nd Edition</td>
  <td valign="top"><i>Using Samba</i>, Second Edition is a comprehensive guide to Samba administration. It covers all versions of Samba from 2.0 to 2.2, including selected features from an alpha version of 3.0, as well as the SWAT graphical configuration tool. Updated for Windows 2000, ME, and XP, the book also explores Samba's new role as a primary domain controller and domain member server, its support for the use of Windows NT/2000/XP authentication and filesystem security on the host Unix system, and accessing shared files and printers from Unix clients.</td>
 </tr>
 <tr>
- <td valign="top"><a href="manpages-3/index.html">Man pages</a></td>
+ <td valign="top"><a href="manpages/index.html">Man pages</a></td>
  <td valign="top">The Samba man pages in HTML.</td>
 </tr>
-<tr>
- <td valign="top"><a href="../../WHATSNEW.txt">WHATSNEW</a></td>
-  <td valign="top">Samba Release Notes.</td>
-</tr>
-<tr>
- <td valign="top"><a href="../../README.VENDOR">README.VENDOR</a></td>
-  <td valign="top">VENDOR specific information.</td>
-</tr>
 </table></body></html>

Modified: branches/samba/lenny/docs/manpages/lmhosts.5
===================================================================
--- branches/samba/lenny/docs/manpages/lmhosts.5	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/docs/manpages/lmhosts.5	2010-02-13 22:40:02 UTC (rev 3293)
@@ -83,10 +83,8 @@
 file\.
 .SH "FILES"
 .PP
-lmhosts is loaded from the configuration directory\. This is usually
-\fI/etc/samba\fR
-or
-\fI/usr/local/samba/lib\fR\.
+lmhosts is loaded from the configuration directory. This is
+\fI/etc/samba\fR.
 .SH "VERSION"
 .PP
 This man page is correct for version 3 of the Samba suite\.

Modified: branches/samba/lenny/docs/manpages/net.8
===================================================================
--- branches/samba/lenny/docs/manpages/net.8	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/docs/manpages/net.8	2010-02-13 22:40:02 UTC (rev 3293)
@@ -660,9 +660,9 @@
 Store a secret for the specified domain, used primarily for domains that use idmap_ldap as a backend\. In this case the secret is used as the password for the user DN used to bind to the ldap server\.
 .SS "USERSHARE"
 .PP
-Starting with version 3\.0\.23, a Samba server now supports the ability for non\-root users to add user defined shares to be exported using the "net usershare" commands\.
+Starting with version 3\.0\.23, a Samba server now supports the ability for non\-root users to add user-defined shares to be exported using the "net usershare" commands\.
 .PP
-To set this up, first set up your smb\.conf by adding to the [global] section: usershare path = /usr/local/samba/lib/usershares Next create the directory /usr/local/samba/lib/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example a group called "serverops"\. Set the permissions on /usr/local/samba/lib/usershares to 01770\. (Owner and group all access, no access for others, plus the sticky bit, which means that a file in that directory can be renamed or deleted only by the owner of the file)\. Finally, tell smbd how many usershares you will allow by adding to the [global] section of smb\.conf a line such as : usershare max shares = 100\. To allow 100 usershare definitions\. Now, members of the UNIX group "serverops" can create user defined shares on demand using the commands below\.
+Members of the UNIX group "sambashare" can create user-defined shares on demand using the commands below.
 .PP
 The usershare commands are:
 .IP "" 4

Modified: branches/samba/lenny/docs/manpages/nmbd.8
===================================================================
--- branches/samba/lenny/docs/manpages/nmbd.8	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/docs/manpages/nmbd.8	2010-02-13 22:40:02 UTC (rev 3293)
@@ -107,11 +107,9 @@
 to answer any name queries\. Adding a line to this file affects name NetBIOS resolution from this host
 \fIONLY\fR\.
 .sp
-The default path to this file is compiled into Samba as part of the build process\. Common defaults are
-\fI/usr/local/samba/lib/lmhosts\fR,
-\fI/usr/samba/lib/lmhosts\fR
-or
-\fI/etc/samba/lmhosts\fR\. See the
+The default path to this file is
+\fI/etc/samba/lmhosts\fR.
+See the
 \fBlmhosts\fR(5)
 man page for details on the contents of this file\.
 .RE
@@ -179,14 +177,11 @@
 inetd, this file must contain a mapping of service name (e\.g\., netbios\-ssn) to service port (e\.g\., 139) and protocol type (e\.g\., tcp)\.
 .RE
 .PP
-\fI/usr/local/samba/lib/smb\.conf\fR
+\fI/etc/samba/smb.conf\fR
 .RS 4
 This is the default location of the
 \fBsmb.conf\fR(5)
-server configuration file\. Other common places that systems install this file are
-\fI/usr/samba/lib/smb\.conf\fR
-and
-\fI/etc/samba/smb\.conf\fR\.
+server configuration file.
 .sp
 When run as a WINS server (see the
 \fIwins support\fR
@@ -230,10 +225,8 @@
 will accept SIGHUP, which will cause it to dump out its namelists into the file
 \fInamelist\.debug \fR
 in the
-\fI/usr/local/samba/var/locks\fR
-directory (or the
-\fIvar/locks\fR
-directory configured under wherever Samba was configured to install itself)\. This will also cause
+\fI/var/run/samba\fR
+directory. This will also cause
 nmbd
 to dump out its server database in the
 \fIlog\.nmb\fR

Modified: branches/samba/lenny/docs/manpages/ntlm_auth.1
===================================================================
--- branches/samba/lenny/docs/manpages/ntlm_auth.1	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/docs/manpages/ntlm_auth.1	2010-02-13 22:40:02 UTC (rev 3293)
@@ -35,7 +35,7 @@
 Some of these commands also require access to the directory
 \fIwinbindd_privileged\fR
 in
-\fI$LOCKDIR\fR\. This should be done either by running this command as root or providing group access to the
+\fI/var/run/samba\fR. This should be done either by running this command as root or providing group access to the
 \fIwinbindd_privileged\fR
 directory\. For security reasons, this directory should not be world\-accessable\.
 .SH "OPTIONS"
@@ -61,7 +61,7 @@
 Requires access to the directory
 \fIwinbindd_privileged\fR
 in
-\fI$LOCKDIR\fR\. The protocol used is described here:
+\fI/var/run/samba\fR. The protocol used is described here:
 http://devel\.squid\-cache\.org/ntlm/squid_helper_protocol\.html\. This protocol has been extended to allow the NTLMSSP Negotiate packet to be included as an argument to the
 YR
 command\. (Thus avoiding loss of information in the protocol exchange)\.
@@ -84,7 +84,7 @@
 Requires access to the directory
 \fIwinbindd_privileged\fR
 in
-\fI$LOCKDIR\fR\.
+\fI/var/run/samba\fR.
 .RE
 .PP
 gss\-spnego\-client

Modified: branches/samba/lenny/docs/manpages/smb.conf.5
===================================================================
--- branches/samba/lenny/docs/manpages/smb.conf.5	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/docs/manpages/smb.conf.5	2010-02-13 22:40:02 UTC (rev 3293)
@@ -269,7 +269,7 @@
 .PP
 usershare path
 .RS 4
-Points to the directory containing the user defined share definitions\. The filesystem permissions on this directory control who can create user defined shares\.
+Points to the directory containing the user-defined share definitions. The filesystem permissions on this directory control who can create user-defined shares.
 .RE
 .PP
 usershare prefix allow list
@@ -287,32 +287,8 @@
 Names a pre\-existing share used as a template for creating new usershares\. All other share parameters not specified in the user defined share definition are copied from this named share\.
 .RE
 .PP
-To allow members of the UNIX group
-foo
-to create user defined shares, create the directory to contain the share definitions as follows:
+Members of the \fBsambashare\fR group can manipulate the user-defined shares using the following commands:
 .PP
-Become root:
-.sp
-.RS 4
-.nf
-mkdir /usr/local/samba/lib/usershares
-chgrp foo /usr/local/samba/lib/usershares
-chmod 1770 /usr/local/samba/lib/usershares
-.fi
-.RE
-.PP
-Then add the parameters
-.sp
-.RS 4
-.nf
-	\fIusershare path = /usr/local/samba/lib/usershares\fR
-	\fIusershare max shares = 10\fR # (or the desired number of shares)
-.fi
-.RE
-.sp
-to the global section of your
-\fIsmb\.conf\fR\. Members of the group foo may then manipulate the user defined shares using the following commands\.
-.PP
 net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]
 .RS 4
 To create or modify (overwrite) a user defined share\.
@@ -750,8 +726,8 @@
 Default:
 \fI\fIadd machine script\fR\fR\fI = \fR\fI\fR\fI \fR
 .sp
-Example:
-\fI\fIadd machine script\fR\fR\fI = \fR\fI/usr/sbin/adduser \-n \-g machines \-c Machine \-d /var/lib/nobody \-s /bin/false %u\fR\fI \fR
+Example for Debian:
+\fB\fIadd machine script\fR = /usr/sbin/adduser -n -g machines -c Machine -d /var/lib/samba -s /bin/false %u \fR
 .RE
 
 add port command (G)
@@ -8802,25 +8778,25 @@
 usershare path (G)
 .PP
 .RS 4
-This parameter specifies the absolute path of the directory on the filesystem used to store the user defined share definition files\. This directory must be owned by root, and have no access for other, and be writable only by the group owner\. In addition the "sticky" bit must also be set, restricting rename and delete to owners of a file (in the same way the /tmp directory is usually configured)\. Members of the group owner of this directory are the users allowed to create usershares\. If this parameter is undefined then no user defined shares are allowed\.
+This parameter specifies the absolute path of the directory on the filesystem used to store the user-defined share definition files. This directory must be owned by root, and have no access for other, and be writable only by the group owner. In addition the "sticky" bit must also be set, restricting rename and delete to owners of a file (in the same way the /tmp directory is usually configured). Members of the group owner of this directory are the users allowed to create usershares. If this parameter is undefined then no user-defined shares are allowed.
 .sp
-For example, a valid usershare directory might be /usr/local/samba/lib/usershares, set up as follows\.
+For example, on Debian the default usershare directory of /var/lib/samba/usershares is set up as follows.
 .sp
 
 .sp
 .RS 4
 .nf
-	ls \-ld /usr/local/samba/lib/usershares/
-	drwxrwx\-\-T  2 root power_users 4096 2006\-05\-05 12:27 /usr/local/samba/lib/usershares/
+	ls -ld /var/lib/samba/usershares/
+	drwxrwx--T  2 root sambashare 4096 2006-05-05 12:27 /var/lib/samba/usershares/
 	
 .fi
 .RE
 .sp
 .sp
-In this case, only members of the group "power_users" can create user defined shares\.
+In this case, only members of the group "sambashare" can create user defined shares.
 .sp
 Default:
-\fI\fIusershare path\fR\fR\fI = \fR\fINULL\fR\fI \fR
+\fB\fIusershare path\fR = /var/lib/samba/usershares \fR
 .RE
 
 usershare prefix allow list (G)

Modified: branches/samba/lenny/docs/manpages/smbd.8
===================================================================
--- branches/samba/lenny/docs/manpages/smbd.8	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/docs/manpages/smbd.8	2010-02-13 22:40:02 UTC (rev 3293)
@@ -161,14 +161,11 @@
 inetd, this file must contain a mapping of service name (e\.g\., netbios\-ssn) to service port (e\.g\., 139) and protocol type (e\.g\., tcp)\.
 .RE
 .PP
-\fI/usr/local/samba/lib/smb\.conf\fR
+\fI/etc/samba/smb.conf\fR
 .RS 4
 This is the default location of the
 \fBsmb.conf\fR(5)
-server configuration file\. Other common places that systems install this file are
-\fI/usr/samba/lib/smb\.conf\fR
-and
-\fI/etc/samba/smb\.conf\fR\.
+server configuration file.
 .sp
 This file describes all the services the server is to make available to clients\. See
 \fBsmb.conf\fR(5)

Modified: branches/samba/lenny/docs/manpages/swat.8
===================================================================
--- branches/samba/lenny/docs/manpages/swat.8	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/docs/manpages/swat.8	2010-02-13 22:40:02 UTC (rev 3293)
@@ -103,85 +103,6 @@
 .RS 4
 Print a summary of command line options\.
 .RE
-.SH "INSTALLATION"
-.PP
-Swat is included as binary package with most distributions\. The package manager in this case takes care of the installation and configuration\. This section is only for those who have compiled swat from scratch\.
-.PP
-After you compile SWAT you need to run
-make install
-to install the
-swat
-binary and the various help files and images\. A default install would put these in:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-/usr/local/samba/sbin/swat
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-/usr/local/samba/swat/images/*
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-/usr/local/samba/swat/help/*
-.sp
-.RE
-.SS "Inetd Installation"
-.PP
-You need to edit your
-\fI/etc/inetd\.conf \fR
-and
-\fI/etc/services\fR
-to enable SWAT to be launched via
-inetd\.
-.PP
-In
-\fI/etc/services\fR
-you need to add a line like this:
-.PP
-swat 901/tcp
-.PP
-Note for NIS/YP and LDAP users \- you may need to rebuild the NIS service maps rather than alter your local
-\fI /etc/services\fR
-file\.
-.PP
-the choice of port number isn\'t really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your
-inetd
-daemon)\.
-.PP
-In
-\fI/etc/inetd\.conf\fR
-you should add a line like this:
-.PP
-swat stream tcp nowait\.400 root /usr/local/samba/sbin/swat swat
-.PP
-Once you have edited
-\fI/etc/services\fR
-and
-\fI/etc/inetd\.conf\fR
-you need to send a HUP signal to inetd\. To do this use
-kill \-1 PID
-where PID is the process ID of the inetd daemon\.
 .SH "LAUNCHING"
 .PP
 To launch SWAT just run your favorite web browser and point it at "http://localhost:901/"\.
@@ -199,14 +120,11 @@
 This file must contain a mapping of service name (e\.g\., swat) to service port (e\.g\., 901) and protocol type (e\.g\., tcp)\.
 .RE
 .PP
-\fI/usr/local/samba/lib/smb\.conf\fR
+\fI/etc/samba/smb.conf\fR
 .RS 4
 This is the default location of the
 \fBsmb.conf\fR(5)
-server configuration file that swat edits\. Other common places that systems install this file are
-\fI /usr/samba/lib/smb\.conf\fR
-and
-\fI/etc/smb\.conf \fR\. This file describes all the services the server is to make available to clients\.
+server configuration file that swat edits. This file describes all the services the server is to make available to clients.
 .RE
 .SH "WARNINGS"
 .PP

Modified: branches/samba/lenny/docs/manpages/tdbbackup.8
===================================================================
--- branches/samba/lenny/docs/manpages/tdbbackup.8	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/docs/manpages/tdbbackup.8	2010-02-13 22:40:02 UTC (rev 3293)
@@ -69,7 +69,7 @@
 .\}
 
 secrets\.tdb
-\- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\.
+- usual location is in the /var/lib/samba directory.
 .RE
 .sp
 .RS 4
@@ -82,7 +82,7 @@
 .\}
 
 passdb\.tdb
-\- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\.
+- usual location is in the /var/lib/samba directory.
 .RE
 .sp
 .RS 4
@@ -95,7 +95,7 @@
 .\}
 
 *\.tdb
-located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories\.
+located in the /var/lib/samba and /var/run/samba directories.
 .SH "VERSION"
 .PP
 This man page is correct for version 3 of the Samba suite\.

Modified: branches/samba/lenny/docs/manpages/winbindd.8
===================================================================
--- branches/samba/lenny/docs/manpages/winbindd.8	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/docs/manpages/winbindd.8	2010-02-13 22:40:02 UTC (rev 3293)
@@ -521,16 +521,16 @@
 file are owned by root\.
 .RE
 .PP
-$LOCKDIR/winbindd_privileged/pipe
+/var/run/samba/winbindd_privileged/pipe
 .RS 4
 The UNIX pipe over which \'privileged\' clients communicate with the
 winbindd
 program\. For security reasons, access to some winbindd functions \- like those needed by the
 ntlm_auth
-utility \- is restricted\. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
-\fI$LOCKDIR/winbindd_privileged\fR
+utility - is restricted. By default, only users in the 'root' group will get this access, however the administrator may change the group permissions on /var/run/samba/winbindd_privileged to allow programs like 'squid' to use ntlm_auth. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
+\fI/var/run/samba/winbindd_privileged\fR
 directory and
-\fI$LOCKDIR/winbindd_privileged/pipe\fR
+\fI/var/run/samba/winbindd_privileged/pipe\fR
 file are owned by root\.
 .RE
 .PP
@@ -539,15 +539,12 @@
 Implementation of name service switch library\.
 .RE
 .PP
-$LOCKDIR/winbindd_idmap\.tdb
+/var/run/samba/winbindd_idmap.tdb
 .RS 4
-Storage for the Windows NT rid to UNIX user/group id mapping\. The lock directory is specified when Samba is initially compiled using the
-\fI\-\-with\-lockdir\fR
-option\. This directory is by default
-\fI/usr/local/samba/var/locks \fR\.
+Storage for the Windows NT rid to UNIX user/group id mapping.
 .RE
 .PP
-$LOCKDIR/winbindd_cache\.tdb
+/var/run/samba/winbindd_cache.tdb
 .RS 4
 Storage for cached user and group information\.
 .RE

Modified: branches/samba/lenny/examples/LDAP/README
===================================================================
--- branches/samba/lenny/examples/LDAP/README	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/examples/LDAP/README	2010-02-13 22:40:02 UTC (rev 3293)
@@ -69,6 +69,9 @@
 The smbldap-tools package can be downloaded individually from
 https://gna.org/projects/smbldap-tools/
 
+On Debian systems, the smbldap-tools exists as a separate package
+and is not included in LDAP examples.
+
 !==
 !== end of README
 !==

Modified: branches/samba/lenny/source/Makefile.in
===================================================================
--- branches/samba/lenny/source/Makefile.in	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/Makefile.in	2010-02-13 22:40:02 UTC (rev 3293)
@@ -228,7 +228,7 @@
 TDB_OBJ = lib/util_tdb.o \
 	  lib/dbwrap.o lib/dbwrap_tdb.o \
 	  lib/dbwrap_tdb2.o lib/dbwrap_ctdb.o \
-	  lib/dbwrap_rbt.o @LIBTDB_STATIC@
+	  lib/dbwrap_rbt.o
 
 SMBLDAP_OBJ = @SMBLDAP@ @SMBLDAPUTIL@
 
@@ -292,8 +292,7 @@
 SOCKET_WRAPPER_OBJ = @SOCKET_WRAPPER_OBJS@
 NSS_WRAPPER_OBJ = @NSS_WRAPPER_OBJS@
 
-LIBSAMBAUTIL_OBJ = @LIBTALLOC_STATIC@ \
-		$(LIBREPLACE_OBJ) \
+LIBSAMBAUTIL_OBJ = $(LIBREPLACE_OBJ) \
 		$(SOCKET_WRAPPER_OBJ) \
 		$(NSS_WRAPPER_OBJ)
 
@@ -345,7 +344,7 @@
 
 LIBADDNS_OBJ0 = libaddns/dnsrecord.o libaddns/dnsutils.o  libaddns/dnssock.o \
 	       libaddns/dnsgss.o libaddns/dnsmarshall.o
-LIBADDNS_OBJ = $(LIBADDNS_OBJ0) $(SOCKET_WRAPPER_OBJ) @LIBTALLOC_STATIC@
+LIBADDNS_OBJ = $(LIBADDNS_OBJ0) $(SOCKET_WRAPPER_OBJ)
 
 LIBGPO_OBJ0 = libgpo/gpo_ldap.o libgpo/gpo_ini.o libgpo/gpo_util.o \
 	      libgpo/gpo_fetch.o libgpo/gpo_filesync.o libgpo/gpo_sec.o
@@ -1057,15 +1056,15 @@
 		iniparser_build/strlib.o
 
 TDBBACKUP_OBJ = @tdbdir@/tools/tdbbackup.o $(LIBREPLACE_OBJ) \
-	@LIBTDB_STATIC@ $(SOCKET_WRAPPER_OBJ)
+	$(SOCKET_WRAPPER_OBJ)
 
-TDBTOOL_OBJ = @tdbdir@/tools/tdbtool.o @LIBTDB_STATIC@ $(LIBREPLACE_OBJ) \
+TDBTOOL_OBJ = @tdbdir@/tools/tdbtool.o $(LIBREPLACE_OBJ) \
 	$(SOCKET_WRAPPER_OBJ)
 
-TDBDUMP_OBJ = @tdbdir@/tools/tdbdump.o @LIBTDB_STATIC@ $(LIBREPLACE_OBJ) \
+TDBDUMP_OBJ = @tdbdir@/tools/tdbdump.o $(LIBREPLACE_OBJ) \
 	$(SOCKET_WRAPPER_OBJ)
 
-TDBTORTURE_OBJ = @tdbdir@/tools/tdbtorture.o @LIBTDB_STATIC@ $(LIBREPLACE_OBJ) \
+TDBTORTURE_OBJ = @tdbdir@/tools/tdbtorture.o $(LIBREPLACE_OBJ) \
 	$(SOCKET_WRAPPER_OBJ)
 
 
@@ -1260,263 +1259,348 @@
 	  dir=bin $(MAKEDIR); fi
 	@: >> $@ || : > $@ # what a fancy emoticon!
 
-bin/smbd at EXEEXT@: $(BINARY_PREREQS) $(SMBD_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @BUILD_POPT@
+bin/smbd at EXEEXT@: $(BINARY_PREREQS) $(SMBD_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@ @BUILD_POPT@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(LDAP_LIBS) \
+	@$(AR) -rc $@.a $(SMBD_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(LDAP_LIBS) \
 		$(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
 		$(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) \
 		$(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
 		$(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/nmbd at EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/nmbd at EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(NMBD_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(POPT_LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS)
+	@rm -f $@.a
 
-bin/swat at EXEEXT@: $(BINARY_PREREQS) $(SWAT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/swat at EXEEXT@: $(BINARY_PREREQS) $(SWAT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINT_LIBS) \
+	@$(AR) -rc $@.a $(SWAT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(PRINT_LIBS) \
 	  $(AUTH_LIBS) $(LIBS) $(PASSDB_LIBS) $(POPT_LIBS) $(KRB5LIBS) \
 	  $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/rpcclient at EXEEXT@: $(BINARY_PREREQS) $(RPCCLIENT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/rpcclient at EXEEXT@: $(BINARY_PREREQS) $(RPCCLIENT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(PASSDB_LIBS) $(RPCCLIENT_OBJ) \
+	@$(AR) -rc $@.a $(RPCCLIENT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(PASSDB_LIBS) \
 		$(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) $(POPT_LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
 		$(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/smbclient at EXEEXT@: $(BINARY_PREREQS) $(CLIENT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbclient at EXEEXT@: $(BINARY_PREREQS) $(CLIENT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(CLIENT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(TERMLDFLAGS) $(TERMLIBS) $(LIBS) $(POPT_LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(DNSSD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/net at EXEEXT@: $(BINARY_PREREQS) $(NET_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @LIBNETAPI_SHARED@
+bin/net at EXEEXT@: $(BINARY_PREREQS) $(NET_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@ @LIBNETAPI_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		$(POPT_LIBS) $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) \
 		$(PASSDB_LIBS) $(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) \
 		@INIPARSERLIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) $(LIBNETAPI_LIBS)
 
-bin/profiles at EXEEXT@: $(BINARY_PREREQS) $(PROFILES_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/profiles at EXEEXT@: $(BINARY_PREREQS) $(PROFILES_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(PROFILES_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
+	@$(AR) -rc $@.a $(PROFILES_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbspool at EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbspool at EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CUPS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
+	@$(AR) -rc $@.a $(CUPS_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
 bin/mount.cifs at EXEEXT@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ) @BUILD_POPT@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CIFS_MOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(POPT_LIBS)
+	@$(AR) -rc $@.a $(CIFS_MOUNT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) $(POPT_LIBS)
+	@rm -f $@.a
 
 bin/umount.cifs at EXEEXT@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ) @BUILD_POPT@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(POPT_LIBS)
+	@$(AR) -rc $@.a $(CIFS_UMOUNT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) $(POPT_LIBS)
+	@rm -f $@.a
 
-bin/cifs.upcall at EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ1) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/cifs.upcall at EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ1) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(CIFS_UPCALL_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		-lkeyutils $(LIBS) $(LIBSMBCLIENT_OBJ1) $(KRB5LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) \
 		$(LIBTDB_LIBS) $(NSCD_LIBS)
+	@rm -f $@.a
 
-bin/testparm at EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/testparm at EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(TESTPARM_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbstatus at EXEEXT@: $(BINARY_PREREQS) $(STATUS_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbstatus at EXEEXT@: $(BINARY_PREREQS) $(STATUS_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(STATUS_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(STATUS_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbcontrol at EXEEXT@: $(BINARY_PREREQS) $(SMBCONTROL_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbcontrol at EXEEXT@: $(BINARY_PREREQS) $(SMBCONTROL_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) -DUSING_SMBCONTROL $(FLAGS) -o $@ \
-		$(SMBCONTROL_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(SMBCONTROL_OBJ)
+	@$(CC) -DUSING_SMBCONTROL $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(LDAP_LIBS) @LIBUNWIND_PTRACE@ $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbtree at EXEEXT@: $(BINARY_PREREQS) $(SMBTREE_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbtree at EXEEXT@: $(BINARY_PREREQS) $(SMBTREE_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBTREE_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(SMBTREE_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/smbpasswd at EXEEXT@: $(BINARY_PREREQS) $(SMBPASSWD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbpasswd at EXEEXT@: $(BINARY_PREREQS) $(SMBPASSWD_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(LDFLAGS) $(PASSDB_LIBS) \
+	@$(AR) -rc $@.a $(SMBPASSWD_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(PASSDB_LIBS) \
 		$(DYNEXP) $(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/pdbedit at EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/pdbedit at EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(PDBEDIT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(POPT_LIBS) $(PASSDB_LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) \
 		$(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/smbget at EXEEXT@: $(BINARY_PREREQS) $(SMBGET_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbget at EXEEXT@: $(BINARY_PREREQS) $(SMBGET_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBGET_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(SMBGET_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(POPT_LIBS)  $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/nmblookup at EXEEXT@: $(BINARY_PREREQS) $(NMBLOOKUP_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/nmblookup at EXEEXT@: $(BINARY_PREREQS) $(NMBLOOKUP_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(NMBLOOKUP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(POPT_LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbtorture at EXEEXT@: $(BINARY_PREREQS) $(SMBTORTURE_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbtorture at EXEEXT@: $(BINARY_PREREQS) $(SMBTORTURE_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBTORTURE_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(SMBTORTURE_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) \
 		$(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/talloctort at EXEEXT@: $(BINARY_PREREQS) $(TALLOCTORT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/talloctort at EXEEXT@: $(BINARY_PREREQS) $(TALLOCTORT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(TALLOCTORT_OBJ) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(TALLOCTORT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) \
 		$(DYNEXP) $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/replacetort at EXEEXT@: $(REPLACETORT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@
+bin/replacetort at EXEEXT@: $(REPLACETORT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(REPLACETORT_OBJ) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(REPLACETORT_OBJ)
+	@$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $@.a $(LDFLAGS) \
 		$(DYNEXP) $(LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS)
+	@rm -f $@.a
 
-bin/smbconftort at EXEEXT@: $(SMBCONFTORT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbconftort at EXEEXT@: $(SMBCONFTORT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(SMBCONFTORT_OBJ) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(SMBCONFTORT_OBJ)
+	@$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $@.a $(LDFLAGS) \
 		$(DYNEXP) $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/masktest at EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/masktest at EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(MASKTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/msgtest at EXEEXT@: $(BINARY_PREREQS) $(MSGTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/msgtest at EXEEXT@: $(BINARY_PREREQS) $(MSGTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(MSGTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(MSGTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbcacls at EXEEXT@: $(BINARY_PREREQS) $(SMBCACLS_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbcacls at EXEEXT@: $(BINARY_PREREQS) $(SMBCACLS_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBCACLS_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(SMBCACLS_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/smbcquotas at EXEEXT@: $(BINARY_PREREQS) $(SMBCQUOTAS_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbcquotas at EXEEXT@: $(BINARY_PREREQS) $(SMBCQUOTAS_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBCQUOTAS_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(SMBCQUOTAS_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/eventlogadm at EXEEXT@: $(BINARY_PREREQS) $(EVTLOGADM_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/eventlogadm at EXEEXT@: $(BINARY_PREREQS) $(EVTLOGADM_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(EVTLOGADM_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(EVTLOGADM_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/sharesec at EXEEXT@: $(BINARY_PREREQS) $(SHARESEC_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/sharesec at EXEEXT@: $(BINARY_PREREQS) $(SHARESEC_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SHARESEC_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(SHARESEC_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/locktest at EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/locktest at EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(LOCKTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/nsstest at EXEEXT@: $(BINARY_PREREQS) $(NSSTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/nsstest at EXEEXT@: $(BINARY_PREREQS) $(NSSTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(NSSTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS)  $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/pdbtest at EXEEXT@: $(BINARY_PREREQS) $(PDBTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/pdbtest at EXEEXT@: $(BINARY_PREREQS) $(PDBTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(PDBTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(PDBTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) \
 		$(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/vfstest at EXEEXT@: $(BINARY_PREREQS) $(VFSTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/vfstest at EXEEXT@: $(BINARY_PREREQS) $(VFSTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) \
+	@$(AR) -rc $@.a $(VFSTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(TERMLDFLAGS) \
 		$(TERMLIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
 		$(ACL_LIBS) $(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
 		@SMBD_LIBS@ $(NSCD_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
 		$(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/smbiconv at EXEEXT@: $(BINARY_PREREQS) $(SMBICONV_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbiconv at EXEEXT@: $(BINARY_PREREQS) $(SMBICONV_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBICONV_OBJ) $(LDFLAGS) $(TERMLDFLAGS) \
+	@$(AR) -rc $@.a $(SMBICONV_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(TERMLDFLAGS) \
 		$(TERMLIBS) $(DYNEXP) $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/log2pcap at EXEEXT@: $(BINARY_PREREQS) $(LOG2PCAP_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@
+bin/log2pcap at EXEEXT@: $(BINARY_PREREQS) $(LOG2PCAP_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LOG2PCAP_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(LOG2PCAP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(POPT_LIBS) $(LIBS) $(LIBTALLOC_LIBS)
+	@rm -f $@.a
 
-bin/locktest2 at EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/locktest2 at EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(LOCKTEST2_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/ndrdump at EXEEXT@: $(BINARY_PREREQS) $(NDRDUMP_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/ndrdump at EXEEXT@: $(BINARY_PREREQS) $(NDRDUMP_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(NDRDUMP_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
+	@$(AR) -rc $@.a $(NDRDUMP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		$(POPT_LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/debug2html at EXEEXT@: $(BINARY_PREREQS) $(DEBUG2HTML_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@
+bin/debug2html at EXEEXT@: $(BINARY_PREREQS) $(DEBUG2HTML_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(DEBUG2HTML_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(DEBUG2HTML_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(LIBTALLOC_LIBS)
+	@rm -f $@.a
 
-bin/smbfilter at EXEEXT@: $(BINARY_PREREQS) $(SMBFILTER_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbfilter at EXEEXT@: $(BINARY_PREREQS) $(SMBFILTER_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) \
+	@$(AR) -rc $@.a $(SMBFILTER_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDBEDIT_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(LDBEDIT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/ldbsearch: $(BINARY_PREREQS) $(LDBSEARCH_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/ldbsearch: $(BINARY_PREREQS) $(LDBSEARCH_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDBSEARCH_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(LDBSEARCH_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/ldbadd: $(BINARY_PREREQS) $(LDBADD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/ldbadd: $(BINARY_PREREQS) $(LDBADD_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDBADD_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(LDBADD_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/ldbmodify: $(BINARY_PREREQS) $(LDBMODIFY_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/ldbmodify: $(BINARY_PREREQS) $(LDBMODIFY_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDBMODIFY_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(LDBMODIFY_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/ldbdel: $(BINARY_PREREQS) $(LDBDEL_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/ldbdel: $(BINARY_PREREQS) $(LDBDEL_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDBDEL_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(LDBDEL_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
 
 #####################################################################
@@ -1676,7 +1760,7 @@
 		  nsswitch/libwbclient/wbc_pam.o
 LIBWBCLIENT_OBJ = $(LIBWBCLIENT_OBJ0) \
 		  $(WBCOMMON_OBJ) \
-		  @LIBTALLOC_STATIC@ $(LIBREPLACE_OBJ)
+		  $(LIBREPLACE_OBJ)
 
 LIBWBCLIENT_SHARED_TARGET=@LIBWBCLIENT_SHARED_TARGET@
 LIBWBCLIENT_SOVER=@LIBWBCLIENT_SOVER@
@@ -1891,7 +1975,7 @@
 
 $(LIBSMBCLIENT_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking shared library $@
-	@$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) \
+	@$(SHLD_DSO) -Wl,-z,defs $(LIBSMBCLIENT_OBJ) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		@SONAMEFLAG@`basename $@`
@@ -1948,7 +2032,7 @@
 
 LIBSMBSHAREMODES_OBJ0 = libsmb/smb_share_modes.o
 
-LIBSMBSHAREMODES_OBJ = $(LIBSMBSHAREMODES_OBJ0) @LIBTDB_STATIC@
+LIBSMBSHAREMODES_OBJ = $(LIBSMBSHAREMODES_OBJ0)
 
 LIBSMBSHAREMODES_SHARED_TARGET=@LIBSMBSHAREMODES_SHARED_TARGET@
 LIBSMBSHAREMODES_SOVER=@LIBSMBSHAREMODES_SOVER@
@@ -2014,7 +2098,7 @@
 #-------------------------------------------------------------------
 
 # This is probably wrong for anything other than the GNU linker.
-bin/libbigballofmud. at SHLIBEXT@: $(BINARY_PREREQS) $(LIBBIGBALLOFMUD_OBJ) @LIBTALLOC_SHARED@
+bin/libbigballofmud. at SHLIBEXT@: $(BINARY_PREREQS) $(LIBBIGBALLOFMUD_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking shared library $@
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBBIGBALLOFMUD_OBJ) \
 		$(LIBS) $(LIBTALLOC_LIBS) \
@@ -2095,18 +2179,22 @@
 	@echo "Linking $@"
 	@$(SHLD_MODULE) $(RPC_ECHO_OBJ)
 
-bin/winbindd at EXEEXT@: $(BINARY_PREREQS) $(WINBINDD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/winbindd at EXEEXT@: $(BINARY_PREREQS) $(WINBINDD_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo "Linking $@"
-	@$(CC) $(FLAGS) -o $@ $(WINBINDD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(WINBINDD_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
 		$(PASSDB_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/vlp at EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/vlp at EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo "Linking $@"
-	@$(CC) $(FLAGS) -o $@ $(VLP_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(VLP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(TERMLDFLAGS) $(TERMLIBS) $(LIBS) $(POPT_LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
 @WINBIND_NSS@: $(BINARY_PREREQS) $(WINBIND_NSS_OBJ)
 	@echo "Linking $@"
@@ -2114,7 +2202,7 @@
 		$(WINBIND_NSS_EXTRA_LIBS) $(WINBIND_NSS_PTHREAD) \
 		@SONAMEFLAG@`basename $@`@NSSSONAMEVERSIONSUFFIX@
 
- at WINBIND_WINS_NSS@: $(BINARY_PREREQS) $(WINBIND_WINS_NSS_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+ at WINBIND_WINS_NSS@: $(BINARY_PREREQS) $(WINBIND_WINS_NSS_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo "Linking $@"
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_WINS_NSS_OBJ) \
 		$(LDAP_LIBS) $(KRB5LIBS) $(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
@@ -2351,55 +2439,65 @@
 ## None here right now
 #########################################################
 
-bin/wbinfo at EXEEXT@: $(BINARY_PREREQS) $(WBINFO_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/wbinfo at EXEEXT@: $(BINARY_PREREQS) $(WBINFO_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(WBINFO_OBJ) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(WBINFO_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $@.a $(DYNEXP) $(LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
 		$(WINBIND_LIBS)
+	@rm -f $@.a
 
 bin/ntlm_auth at EXEEXT@: $(BINARY_PREREQS) $(NTLM_AUTH_OBJ) $(PARAM_OBJ) \
-	$(LIB_NONSMBD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+	$(LIB_NONSMBD_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(NTLM_AUTH_OBJ) \
 		$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) \
 		$(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
 
-bin/pam_smbpass. at SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) @LIBTALLOC_SHARED@ @LIBWBCLIENT_SHARED@ @LIBTDB_SHARED@
+bin/pam_smbpass. at SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) @LIBTALLOC_TARGET@ @LIBWBCLIENT_SHARED@ @LIBTDB_TARGET@
 	@echo "Linking shared library $@"
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) -lpam $(DYNEXP) \
 		$(LIBS) $(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
 
-bin/tdbbackup at EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/tdbbackup at EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBBACKUP_OBJ) $(DYNEXP) \
+	@$(AR) -rc $@.a $(TDBBACKUP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $@.a $(DYNEXP) \
 		$(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/tdbtool at EXEEXT@: $(BINARY_PREREQS) $(TDBTOOL_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/tdbtool at EXEEXT@: $(BINARY_PREREQS) $(TDBTOOL_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBTOOL_OBJ) $(DYNEXP) \
+	@$(AR) -rc $@.a $(TDBTOOL_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $@.a $(DYNEXP) \
 		$(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/tdbdump at EXEEXT@: $(BINARY_PREREQS) $(TDBDUMP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/tdbdump at EXEEXT@: $(BINARY_PREREQS) $(TDBDUMP_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBDUMP_OBJ) $(DYNEXP) \
+	@$(AR) -rc $@.a $(TDBDUMP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $@.a $(DYNEXP) \
 		$(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/tdbtorture at EXEEXT@: $(BINARY_PREREQS) $(TDBTORTURE_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/tdbtorture at EXEEXT@: $(BINARY_PREREQS) $(TDBTORTURE_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBTORTURE_OBJ) $(DYNEXP) \
+	@$(AR) -rc $@.a $(TDBTORTURE_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $@.a $(DYNEXP) \
 		$(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/t_strcmp at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_SHARED@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strcmp.o
+bin/t_strcmp at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_TARGET@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strcmp.o
 	$(CC) $(FLAGS) -o $@ $(DYNEXP) $(LIBS) $(LIBTALLOC_LIBS) \
 		torture/t_strcmp.o -L ./bin -lbigballofmud
 
-bin/t_strstr at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_SHARED@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strstr.o
+bin/t_strstr at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_TARGET@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strstr.o
 	$(CC) $(FLAGS) -o $@ $(DYNEXP) $(LIBS) $(LIBTALLOC_LIBS) \
 		torture/t_strstr.o -L ./bin -lbigballofmud
 
-bin/t_strappend at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_SHARED@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strappend.o
+bin/t_strappend at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_TARGET@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strappend.o
 	$(CC) $(FLAGS) -o $@ $(DYNEXP) $(LIBS) $(LIBTALLOC_LIBS) \
 		torture/t_strappend.o -L ./bin -lbigballofmud
 

Modified: branches/samba/lenny/source/VERSION
===================================================================
--- branches/samba/lenny/source/VERSION	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/VERSION	2010-02-13 22:40:02 UTC (rev 3293)
@@ -95,5 +95,5 @@
 # e.g. SAMBA_VERSION_VENDOR_SUFFIX=vendor_version()    #
 #  ->  "CVS 3.0.0rc2-VendorVersion"                    #
 ########################################################
-SAMBA_VERSION_VENDOR_SUFFIX=
+SAMBA_VERSION_VENDOR_SUFFIX="Debian"
 SAMBA_VERSION_VENDOR_PATCH=

Modified: branches/samba/lenny/source/client/client.c
===================================================================
--- branches/samba/lenny/source/client/client.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/client/client.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -364,7 +364,7 @@
 
 	/* Ensure cur_dir ends in a DIRSEP */
 	if ((new_cd[0] != '\0') && (*(new_cd+strlen(new_cd)-1) != CLI_DIRSEP_CHAR)) {
-		new_cd = talloc_asprintf_append(new_cd, CLI_DIRSEP_STR);
+		new_cd = talloc_asprintf_append(new_cd, "%s", CLI_DIRSEP_STR);
 		if (!new_cd) {
 			goto out;
 		}
@@ -728,11 +728,11 @@
 				return;
 			}
 			p = strrchr_m(mask2,CLI_DIRSEP_CHAR);
-			if (!p) {
-				TALLOC_FREE(dir);
-				return;
+			if (p) {
+				p[1] = 0;
+			} else {
+				mask2[0] = '\0';
 			}
-			p[1] = 0;
 			mask2 = talloc_asprintf_append(mask2,
 					"%s%s*",
 					f->name,
@@ -871,7 +871,7 @@
 		if (*buf == CLI_DIRSEP_CHAR) {
 			mask = talloc_strdup(ctx, buf);
 		} else {
-			mask = talloc_asprintf_append(mask, buf);
+			mask = talloc_asprintf_append(mask, "%s", buf);
 		}
 	} else {
 		mask = talloc_asprintf_append(mask, "*");
@@ -912,7 +912,7 @@
 		return 1;
 	}
 	if ((mask[0] != '\0') && (mask[strlen(mask)-1]!=CLI_DIRSEP_CHAR)) {
-		mask = talloc_asprintf_append(mask, CLI_DIRSEP_STR);
+		mask = talloc_asprintf_append(mask, "%s", CLI_DIRSEP_STR);
 		if (!mask) {
 			return 1;
 		}
@@ -923,7 +923,7 @@
 		if (*buf == CLI_DIRSEP_CHAR) {
 			mask = talloc_strdup(ctx, buf);
 		} else {
-			mask = talloc_asprintf_append(mask, buf);
+			mask = talloc_asprintf_append(mask, "%s", buf);
 		}
 	} else {
 		mask = talloc_strdup(ctx, "*");
@@ -1107,7 +1107,7 @@
 		d_printf("get <filename> [localname]\n");
 		return 1;
 	}
-	rname = talloc_asprintf_append(rname, fname);
+	rname = talloc_asprintf_append(rname, "%s", fname);
 	if (!rname) {
 		return 1;
 	}
@@ -1266,7 +1266,7 @@
 		unlink(lname);
 		return 1;
 	}
-	rname = talloc_asprintf_append(rname, fname);
+	rname = talloc_asprintf_append(rname, "%s", fname);
 	if (!rname) {
 		return 1;
 	}
@@ -1318,7 +1318,7 @@
 			mget_mask = talloc_strdup(ctx, buf);
 		} else {
 			mget_mask = talloc_asprintf_append(mget_mask,
-							buf);
+							"%s", buf);
 		}
 		if (!mget_mask) {
 			return 1;
@@ -1414,7 +1414,7 @@
 		}
 		return 1;
 	}
-	mask = talloc_asprintf_append(mask, buf);
+	mask = talloc_asprintf_append(mask, "%s", buf);
 	if (!mask) {
 		return 1;
 	}
@@ -1443,14 +1443,14 @@
 		trim_char(ddir,'.','\0');
 		p = strtok_r(ddir, "/\\", &saveptr);
 		while (p) {
-			ddir2 = talloc_asprintf_append(ddir2, p);
+			ddir2 = talloc_asprintf_append(ddir2, "%s", p);
 			if (!ddir2) {
 				return 1;
 			}
 			if (!cli_chkpath(targetcli, ddir2)) {
 				do_mkdir(ddir2);
 			}
-			ddir2 = talloc_asprintf_append(ddir2, CLI_DIRSEP_STR);
+			ddir2 = talloc_asprintf_append(ddir2, "%s", CLI_DIRSEP_STR);
 			if (!ddir2) {
 				return 1;
 			}
@@ -1482,7 +1482,7 @@
 		d_printf("altname <file>\n");
 		return 1;
 	}
-	name = talloc_asprintf_append(name, buf);
+	name = talloc_asprintf_append(name, "%s", buf);
 	if (!name) {
 		return 1;
 	}
@@ -1566,7 +1566,7 @@
 		d_printf("allinfo <file>\n");
 		return 1;
 	}
-	name = talloc_asprintf_append(name, buf);
+	name = talloc_asprintf_append(name, "%s", buf);
 	if (!name) {
 		return 1;
 	}
@@ -1733,9 +1733,9 @@
 	}
 
 	if (next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
-		rname = talloc_asprintf_append(rname, buf);
+		rname = talloc_asprintf_append(rname, "%s", buf);
 	} else {
-		rname = talloc_asprintf_append(rname, lname);
+		rname = talloc_asprintf_append(rname, "%s", lname);
 	}
 	if (!rname) {
 		return 1;
@@ -2132,7 +2132,7 @@
 		d_printf("del <filename>\n");
 		return 1;
 	}
-	mask = talloc_asprintf_append(mask, buf);
+	mask = talloc_asprintf_append(mask, "%s", buf);
 	if (!mask) {
 		return 1;
 	}
@@ -3524,7 +3524,7 @@
 		d_printf("reget <filename>\n");
 		return 1;
 	}
-	remote_name = talloc_asprintf_append(remote_name, fname);
+	remote_name = talloc_asprintf_append(remote_name, "%s", fname);
 	if (!remote_name) {
 		return 1;
 	}
@@ -3571,10 +3571,10 @@
 
 	if (next_token_talloc(ctx, &cmd_ptr, &buf, NULL)) {
 		remote_name = talloc_asprintf_append(remote_name,
-						buf);
+						"%s", buf);
 	} else {
 		remote_name = talloc_asprintf_append(remote_name,
-						local_name);
+						"%s", local_name);
 	}
 	if (!remote_name) {
 		return 1;
@@ -4107,13 +4107,13 @@
 				TALLOC_FREE(ctx);
 				return;
 			}
-			tmp = talloc_asprintf_append(tmp, f->name);
+			tmp = talloc_asprintf_append(tmp, "%s", f->name);
 			if (!tmp) {
 				TALLOC_FREE(ctx);
 				return;
 			}
 			if (f->mode & aDIR) {
-				tmp = talloc_asprintf_append(tmp, CLI_DIRSEP_STR);
+				tmp = talloc_asprintf_append(tmp, "%s", CLI_DIRSEP_STR);
 			}
 			if (!tmp) {
 				TALLOC_FREE(ctx);

Modified: branches/samba/lenny/source/client/mount.cifs.c
===================================================================
--- branches/samba/lenny/source/client/mount.cifs.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/client/mount.cifs.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -190,6 +190,11 @@
 	char * temp_val;
 	FILE * fs;
 	int i, length;
+
+	i = access(file_name, R_OK);
+	if (i)
+		return i;
+
 	fs = fopen(file_name,"r");
 	if(fs == NULL)
 		return errno;
@@ -312,6 +317,12 @@
 	}
 
 	if(filename != NULL) {
+		rc = access(filename, R_OK);
+		if (rc) {
+			fprintf(stderr, "mount.cifs failed: access check of %s failed: %s\n",
+					filename, strerror(errno));
+			exit(2);
+		}
 		file_descript = open(filename, O_RDONLY);
 		if(file_descript < 0) {
 			printf("mount.cifs failed. %s attempting to open password file %s\n",
@@ -371,9 +382,6 @@
 		return 1;
 	data = *optionsp;
 
-	if(verboseflag)
-		printf("parsing options: %s\n", data);
-
 	/* BB fixme check for separator override BB */
 
 	if (getuid()) {
@@ -460,17 +468,26 @@
 		} else if (strncmp(data, "pass", 4) == 0) {
 			if (!value || !*value) {
 				if(got_password) {
-					printf("\npassword specified twice, ignoring second\n");
+					fprintf(stderr, "\npassword specified twice, ignoring second\n");
 				} else
 					got_password = 1;
-			} else if (strnlen(value, 17) < 17) {
-				if(got_password)
-					printf("\nmount.cifs warning - password specified twice\n");
-				got_password = 1;
+			} else if (strnlen(value, MOUNT_PASSWD_SIZE) < MOUNT_PASSWD_SIZE) {
+				if (got_password) {
+					fprintf(stderr, "\nmount.cifs warning - password specified twice\n");
+				} else {
+					mountpassword = strndup(value, MOUNT_PASSWD_SIZE);
+					if (!mountpassword) {
+						fprintf(stderr, "mount.cifs error: %s", strerror(ENOMEM));
+						SAFE_FREE(out);
+						return 1;
+					}
+					got_password = 1;
+				}
 			} else {
-				printf("password too long\n");
+				fprintf(stderr, "password too long\n");
 				return 1;
 			}
+			goto nocopy;
 		} else if (strncmp(data, "sec", 3) == 0) {
 			if (value) {
 				if (!strcmp(value, "none"))
@@ -1336,15 +1353,6 @@
 			strlcat(options,domain_name,options_size);
 		}
 	}
-	if(mountpassword) {
-		/* Commas have to be doubled, or else they will
-		look like the parameter separator */
-/*		if(sep is not set)*/
-		if(retry == 0)
-			check_for_comma(&mountpassword);
-		strlcat(options,",pass=",options_size);
-		strlcat(options,mountpassword,options_size);
-	}
 
 	strlcat(options,",ver=",options_size);
 	strlcat(options,MOUNT_CIFS_VERSION_MAJOR,options_size);
@@ -1357,12 +1365,26 @@
 		strlcat(options,",prefixpath=",options_size);
 		strlcat(options,prefixpath,options_size); /* no need to cat the / */
 	}
-	if(verboseflag)
-		printf("\nmount.cifs kernel mount options %s \n",options);
 
 	/* convert all '\\' to '/' in share portion so that /proc/mounts looks pretty */
 	replace_char(dev_name, '\\', '/', strlen(share_name));
 
+	if(verboseflag)
+		fprintf(stderr, "\nmount.cifs kernel mount options: %s", options);
+
+	if (mountpassword) {
+		/*
+		 * Commas have to be doubled, or else they will
+		 * look like the parameter separator
+		 */
+		if(retry == 0)
+			check_for_comma(&mountpassword);
+		strlcat(options,",pass=",options_size);
+		strlcat(options,mountpassword,options_size);
+		if (verboseflag)
+			fprintf(stderr, ",pass=********");
+	}
+
 	if(mount(dev_name, mountpoint, "cifs", flags, options)) {
 	/* remember to kill daemon on error */
 		switch (errno) {

Modified: branches/samba/lenny/source/configure
===================================================================
--- branches/samba/lenny/source/configure	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/configure	2010-02-13 22:40:02 UTC (rev 3293)
@@ -788,6 +788,7 @@
 LIBTALLOC_SHARED
 LIBTALLOC_STATIC
 LIBTALLOC_LIBS
+LIBTALLOC_TARGET
 INSTALL_LIBTALLOC
 UNINSTALL_LIBTALLOC
 LIBTALLOC_SOVER
@@ -796,6 +797,7 @@
 LIBTDB_SHARED
 LIBTDB_STATIC
 LIBTDB_LIBS
+LIBTDB_TARGET
 INSTALL_LIBTDB
 UNINSTALL_LIBTDB
 LIBTDB_SOVER
@@ -804,6 +806,7 @@
 LIBNETAPI_SHARED
 LIBNETAPI_STATIC
 LIBNETAPI_LIBS
+LIBNETAPI_TARGET
 INSTALL_LIBNETAPI
 UNINSTALL_LIBNETAPI
 LIBNETAPI_SOVER
@@ -812,6 +815,7 @@
 LIBSMBCLIENT_SHARED
 LIBSMBCLIENT_STATIC
 LIBSMBCLIENT_LIBS
+LIBSMBCLIENT_TARGET
 INSTALL_LIBSMBCLIENT
 UNINSTALL_LIBSMBCLIENT
 LIBSMBCLIENT_SOVER
@@ -820,6 +824,7 @@
 LIBSMBSHAREMODES_SHARED
 LIBSMBSHAREMODES_STATIC
 LIBSMBSHAREMODES_LIBS
+LIBSMBSHAREMODES_TARGET
 INSTALL_LIBSMBSHAREMODES
 UNINSTALL_LIBSMBSHAREMODES
 LIBSMBSHAREMODES_SOVER
@@ -828,6 +833,7 @@
 LIBADDNS_SHARED
 LIBADDNS_STATIC
 LIBADDNS_LIBS
+LIBADDNS_TARGET
 INSTALL_LIBADDNS
 UNINSTALL_LIBADDNS
 LIBADDNS_SOVER
@@ -2242,7 +2248,7 @@
 if test "${with_fhs+set}" = set; then
   withval=$with_fhs;  case "$withval" in
   yes)
-    lockdir="\${VARDIR}/lib/samba"
+    lockdir="\${VARDIR}/run/samba"
     piddir="\${VARDIR}/run"
     mandir="\${prefix}/share/man"
     logfilebase="\${VARDIR}/log/samba"
@@ -2250,9 +2256,9 @@
     test "${libdir}" || libdir="\${prefix}/lib/samba"
     configdir="\${sysconfdir}/samba"
     swatdir="\${DATADIR}/samba/swat"
-    codepagedir="\${LIBDIR}"
+    codepagedir="\${DATADIR}/samba"
     statedir="\${VARDIR}/lib/samba"
-    cachedir="\${VARDIR}/lib/samba"
+    cachedir="\${VARDIR}/cache/samba"
 
 cat >>confdefs.h <<\_ACEOF
 #define FHS_COMPATIBLE 1
@@ -13059,6 +13065,27 @@
       fi
     ;;
 
+# Systems with LFS support.
+#
+    gnu* | k*bsd*-gnu)
+	CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
+
+cat >>confdefs.h <<\_ACEOF
+#define _LARGEFILE64_SOURCE 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _FILE_OFFSET_BITS 64
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _GNU_SOURCE 1
+_ACEOF
+
+	;;
+
 # Tests for linux LFS support. Need kernel 2.4 and glibc2.2 or greater support.
 #
     *linux*)
@@ -40774,7 +40801,7 @@
 #
 #
 case "$host_os" in
-    *linux*)
+    linux*-gnu* | gnu* | k*bsd*-gnu)
        # glibc <= 2.3.2 has a broken getgrouplist
        if test "$cross_compiling" = yes; then
   { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
@@ -46010,11 +46037,14 @@
 
   # and these are for particular systems
   case "$host_os" in
-		*linux*)
+		linux*-gnu* | gnu* | k*bsd*-gnu)
+			case "$host_os" in linux*)
+
 cat >>confdefs.h <<\_ACEOF
 #define LINUX 1
 _ACEOF
-
+ ;;
+			esac
 			BLDSHARED="true"
 			if test "${ac_cv_gnu_ld_no_default_allow_shlib_undefined}" = "yes"; then
 				LDSHFLAGS="-shared -Wl,-Bsymbolic -Wl,--allow-shlib-undefined"
@@ -67170,7 +67200,8 @@
 LIBTALLOC_STATIC_TARGET=bin/libtalloc.a
 LIBTALLOC_SHARED=
 LIBTALLOC_STATIC=
-LIBTALLOC_LIBS=
+LIBTALLOC_LIBS=-ltalloc
+LIBTALLOC_TARGET=
 INSTALL_LIBTALLOC=
 UNINSTALL_LIBTALLOC=
 
@@ -67185,6 +67216,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libtalloc shared library" >&5
 echo $ECHO_N "checking whether to build the libtalloc shared library... $ECHO_C" >&6; }
 
@@ -67219,15 +67251,17 @@
 	UNINSTALL_LIBTALLOC=uninstalllibtalloc
 	if eval $BLDSHARED = true; then
 		LIBTALLOC_SHARED=$LIBTALLOC_SHARED_TARGET
+		LIBTALLOC_TARGET=$LIBTALLOC_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBTALLOC" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBTALLOC_LIBS=-ltalloc
+			LIBTALLOC_TARGET=$LIBTALLOC_STATIC_TARGET
+			LIBTALLOC_LIBS=$LIBTALLOC_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBTALLOC_TARGET=$LIBTALLOC_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -67254,7 +67288,8 @@
 LIBTDB_STATIC_TARGET=bin/libtdb.a
 LIBTDB_SHARED=
 LIBTDB_STATIC=
-LIBTDB_LIBS=
+LIBTDB_LIBS=-ltdb
+LIBTDB_TARGET=
 INSTALL_LIBTDB=
 UNINSTALL_LIBTDB=
 
@@ -67269,6 +67304,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libtdb shared library" >&5
 echo $ECHO_N "checking whether to build the libtdb shared library... $ECHO_C" >&6; }
 
@@ -67303,15 +67339,17 @@
 	UNINSTALL_LIBTDB=uninstalllibtdb
 	if eval $BLDSHARED = true; then
 		LIBTDB_SHARED=$LIBTDB_SHARED_TARGET
+		LIBTDB_TARGET=$LIBTDB_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBTDB" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBTDB_LIBS=-ltdb
+			LIBTDB_TARGET=$LIBTDB_STATIC_TARGET
+			LIBTDB_LIBS=$LIBTDB_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBTDB_TARGET=$LIBTDB_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -67338,7 +67376,8 @@
 LIBNETAPI_STATIC_TARGET=bin/libnetapi.a
 LIBNETAPI_SHARED=
 LIBNETAPI_STATIC=
-LIBNETAPI_LIBS=
+LIBNETAPI_LIBS=-lnetapi
+LIBNETAPI_TARGET=
 INSTALL_LIBNETAPI=
 UNINSTALL_LIBNETAPI=
 
@@ -67353,6 +67392,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libnetapi shared library" >&5
 echo $ECHO_N "checking whether to build the libnetapi shared library... $ECHO_C" >&6; }
 
@@ -67387,15 +67427,17 @@
 	UNINSTALL_LIBNETAPI=uninstalllibnetapi
 	if eval $BLDSHARED = true; then
 		LIBNETAPI_SHARED=$LIBNETAPI_SHARED_TARGET
+		LIBNETAPI_TARGET=$LIBNETAPI_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBNETAPI" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBNETAPI_LIBS=-lnetapi
+			LIBNETAPI_TARGET=$LIBNETAPI_STATIC_TARGET
+			LIBNETAPI_LIBS=$LIBNETAPI_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBNETAPI_TARGET=$LIBNETAPI_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -67422,7 +67464,8 @@
 LIBSMBCLIENT_STATIC_TARGET=bin/libsmbclient.a
 LIBSMBCLIENT_SHARED=
 LIBSMBCLIENT_STATIC=
-LIBSMBCLIENT_LIBS=
+LIBSMBCLIENT_LIBS=-lsmbclient
+LIBSMBCLIENT_TARGET=
 INSTALL_LIBSMBCLIENT=
 UNINSTALL_LIBSMBCLIENT=
 
@@ -67437,6 +67480,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libsmbclient shared library" >&5
 echo $ECHO_N "checking whether to build the libsmbclient shared library... $ECHO_C" >&6; }
 
@@ -67471,15 +67515,17 @@
 	UNINSTALL_LIBSMBCLIENT=uninstalllibsmbclient
 	if eval $BLDSHARED = true; then
 		LIBSMBCLIENT_SHARED=$LIBSMBCLIENT_SHARED_TARGET
+		LIBSMBCLIENT_TARGET=$LIBSMBCLIENT_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBSMBCLIENT" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBSMBCLIENT_LIBS=-lsmbclient
+			LIBSMBCLIENT_TARGET=$LIBSMBCLIENT_STATIC_TARGET
+			LIBSMBCLIENT_LIBS=$LIBSMBCLIENT_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBSMBCLIENT_TARGET=$LIBSMBCLIENT_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -67506,7 +67552,8 @@
 LIBSMBSHAREMODES_STATIC_TARGET=bin/libsmbsharemodes.a
 LIBSMBSHAREMODES_SHARED=
 LIBSMBSHAREMODES_STATIC=
-LIBSMBSHAREMODES_LIBS=
+LIBSMBSHAREMODES_LIBS=-lsmbsharemodes
+LIBSMBSHAREMODES_TARGET=
 INSTALL_LIBSMBSHAREMODES=
 UNINSTALL_LIBSMBSHAREMODES=
 
@@ -67521,6 +67568,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libsmbsharemodes shared library" >&5
 echo $ECHO_N "checking whether to build the libsmbsharemodes shared library... $ECHO_C" >&6; }
 
@@ -67555,15 +67603,17 @@
 	UNINSTALL_LIBSMBSHAREMODES=uninstalllibsmbsharemodes
 	if eval $BLDSHARED = true; then
 		LIBSMBSHAREMODES_SHARED=$LIBSMBSHAREMODES_SHARED_TARGET
+		LIBSMBSHAREMODES_TARGET=$LIBSMBSHAREMODES_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBSMBSHAREMODES" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBSMBSHAREMODES_LIBS=-lsmbsharemodes
+			LIBSMBSHAREMODES_TARGET=$LIBSMBSHAREMODES_STATIC_TARGET
+			LIBSMBSHAREMODES_LIBS=$LIBSMBSHAREMODES_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBSMBSHAREMODES_TARGET=$LIBSMBSHAREMODES_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -67590,7 +67640,8 @@
 LIBADDNS_STATIC_TARGET=bin/libaddns.a
 LIBADDNS_SHARED=
 LIBADDNS_STATIC=
-LIBADDNS_LIBS=
+LIBADDNS_LIBS=-laddns
+LIBADDNS_TARGET=
 INSTALL_LIBADDNS=
 UNINSTALL_LIBADDNS=
 
@@ -67605,6 +67656,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libaddns shared library" >&5
 echo $ECHO_N "checking whether to build the libaddns shared library... $ECHO_C" >&6; }
 
@@ -67641,15 +67693,17 @@
 	UNINSTALL_LIBADDNS=uninstalllibaddns
 	if eval $BLDSHARED = true; then
 		LIBADDNS_SHARED=$LIBADDNS_SHARED_TARGET
+		LIBADDNS_TARGET=$LIBADDNS_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBADDNS" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBADDNS_LIBS=-laddns
+			LIBADDNS_TARGET=$LIBADDNS_STATIC_TARGET
+			LIBADDNS_LIBS=$LIBADDNS_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBADDNS_TARGET=$LIBADDNS_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -69660,7 +69714,7 @@
 echo "${ECHO_T}yes" >&6; };
 
 	case "$host_os" in
-	*linux*)
+	linux*-gnu* | gnu* | k*bsd*-gnu)
 		{ echo "$as_me:$LINENO: checking for linux sendfile64 support" >&5
 echo $ECHO_N "checking for linux sendfile64 support... $ECHO_C" >&6; }
 if test "${samba_cv_HAVE_SENDFILE64+set}" = set; then
@@ -70868,11 +70922,11 @@
 WINBIND_NSS_PTHREAD=""
 
 case "$host_os" in
-	*linux*)
+	linux*-gnu* | gnu* | k*bsd*-gnu)
 		NSSSONAMEVERSIONSUFFIX=".2"
 		WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_linux.o"
 		;;
-	*freebsd[5-9]*)
+	freebsd5*|*freebsd[6-9]*)
 		# FreeBSD winbind client is implemented as a wrapper around
 		# the Linux version.
 		NSSSONAMEVERSIONSUFFIX=".1"
@@ -76739,6 +76793,7 @@
 LIBTALLOC_SHARED!$LIBTALLOC_SHARED$ac_delim
 LIBTALLOC_STATIC!$LIBTALLOC_STATIC$ac_delim
 LIBTALLOC_LIBS!$LIBTALLOC_LIBS$ac_delim
+LIBTALLOC_TARGET!$LIBTALLOC_TARGET$ac_delim
 INSTALL_LIBTALLOC!$INSTALL_LIBTALLOC$ac_delim
 UNINSTALL_LIBTALLOC!$UNINSTALL_LIBTALLOC$ac_delim
 LIBTALLOC_SOVER!$LIBTALLOC_SOVER$ac_delim
@@ -76747,6 +76802,7 @@
 LIBTDB_SHARED!$LIBTDB_SHARED$ac_delim
 LIBTDB_STATIC!$LIBTDB_STATIC$ac_delim
 LIBTDB_LIBS!$LIBTDB_LIBS$ac_delim
+LIBTDB_TARGET!$LIBTDB_TARGET$ac_delim
 INSTALL_LIBTDB!$INSTALL_LIBTDB$ac_delim
 UNINSTALL_LIBTDB!$UNINSTALL_LIBTDB$ac_delim
 LIBTDB_SOVER!$LIBTDB_SOVER$ac_delim
@@ -76755,12 +76811,10 @@
 LIBNETAPI_SHARED!$LIBNETAPI_SHARED$ac_delim
 LIBNETAPI_STATIC!$LIBNETAPI_STATIC$ac_delim
 LIBNETAPI_LIBS!$LIBNETAPI_LIBS$ac_delim
+LIBNETAPI_TARGET!$LIBNETAPI_TARGET$ac_delim
 INSTALL_LIBNETAPI!$INSTALL_LIBNETAPI$ac_delim
 UNINSTALL_LIBNETAPI!$UNINSTALL_LIBNETAPI$ac_delim
 LIBNETAPI_SOVER!$LIBNETAPI_SOVER$ac_delim
-LIBSMBCLIENT_SHARED_TARGET!$LIBSMBCLIENT_SHARED_TARGET$ac_delim
-LIBSMBCLIENT_STATIC_TARGET!$LIBSMBCLIENT_STATIC_TARGET$ac_delim
-LIBSMBCLIENT_SHARED!$LIBSMBCLIENT_SHARED$ac_delim
 _ACEOF
 
   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -76802,8 +76856,12 @@
 ac_delim='%!_!# '
 for ac_last_try in false false false false false :; do
   cat >conf$$subs.sed <<_ACEOF
+LIBSMBCLIENT_SHARED_TARGET!$LIBSMBCLIENT_SHARED_TARGET$ac_delim
+LIBSMBCLIENT_STATIC_TARGET!$LIBSMBCLIENT_STATIC_TARGET$ac_delim
+LIBSMBCLIENT_SHARED!$LIBSMBCLIENT_SHARED$ac_delim
 LIBSMBCLIENT_STATIC!$LIBSMBCLIENT_STATIC$ac_delim
 LIBSMBCLIENT_LIBS!$LIBSMBCLIENT_LIBS$ac_delim
+LIBSMBCLIENT_TARGET!$LIBSMBCLIENT_TARGET$ac_delim
 INSTALL_LIBSMBCLIENT!$INSTALL_LIBSMBCLIENT$ac_delim
 UNINSTALL_LIBSMBCLIENT!$UNINSTALL_LIBSMBCLIENT$ac_delim
 LIBSMBCLIENT_SOVER!$LIBSMBCLIENT_SOVER$ac_delim
@@ -76812,6 +76870,7 @@
 LIBSMBSHAREMODES_SHARED!$LIBSMBSHAREMODES_SHARED$ac_delim
 LIBSMBSHAREMODES_STATIC!$LIBSMBSHAREMODES_STATIC$ac_delim
 LIBSMBSHAREMODES_LIBS!$LIBSMBSHAREMODES_LIBS$ac_delim
+LIBSMBSHAREMODES_TARGET!$LIBSMBSHAREMODES_TARGET$ac_delim
 INSTALL_LIBSMBSHAREMODES!$INSTALL_LIBSMBSHAREMODES$ac_delim
 UNINSTALL_LIBSMBSHAREMODES!$UNINSTALL_LIBSMBSHAREMODES$ac_delim
 LIBSMBSHAREMODES_SOVER!$LIBSMBSHAREMODES_SOVER$ac_delim
@@ -76820,6 +76879,7 @@
 LIBADDNS_SHARED!$LIBADDNS_SHARED$ac_delim
 LIBADDNS_STATIC!$LIBADDNS_STATIC$ac_delim
 LIBADDNS_LIBS!$LIBADDNS_LIBS$ac_delim
+LIBADDNS_TARGET!$LIBADDNS_TARGET$ac_delim
 INSTALL_LIBADDNS!$INSTALL_LIBADDNS$ac_delim
 UNINSTALL_LIBADDNS!$UNINSTALL_LIBADDNS$ac_delim
 LIBADDNS_SOVER!$LIBADDNS_SOVER$ac_delim
@@ -76857,7 +76917,7 @@
 LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF
 
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 53; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 59; then
     break
   elif $ac_last_try; then
     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5

Modified: branches/samba/lenny/source/configure.in
===================================================================
--- branches/samba/lenny/source/configure.in	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/configure.in	2010-02-13 22:40:02 UTC (rev 3293)
@@ -548,6 +548,15 @@
       fi
     ;;
 
+# Systems with LFS support.
+#
+    gnu* | k*bsd*-gnu)
+	CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
+	AC_DEFINE(_LARGEFILE64_SOURCE, 1, [Whether to enable large file support])
+	AC_DEFINE(_FILE_OFFSET_BITS, 64, [File offset bits])
+	AC_DEFINE(_GNU_SOURCE, 1, [Whether to use GNU libc extensions])
+	;;
+
 # Tests for linux LFS support. Need kernel 2.4 and glibc2.2 or greater support.
 #
     *linux*)
@@ -1185,7 +1194,7 @@
 #
 #
 case "$host_os" in
-    *linux*)
+    linux*-gnu* | gnu* | k*bsd*-gnu)
        # glibc <= 2.3.2 has a broken getgrouplist
        AC_TRY_RUN([
 #include <unistd.h>
@@ -1619,7 +1628,10 @@
 
   # and these are for particular systems
   case "$host_os" in
-		*linux*)   AC_DEFINE(LINUX,1,[Whether the host os is linux])
+		linux*-gnu* | gnu* | k*bsd*-gnu)
+			case "$host_os" in linux*)
+				AC_DEFINE(LINUX,1,[Whether the host os is linux]) ;;
+			esac
 			BLDSHARED="true"
 			if test "${ac_cv_gnu_ld_no_default_allow_shlib_undefined}" = "yes"; then
 				LDSHFLAGS="-shared -Wl,-Bsymbolic -Wl,--allow-shlib-undefined"
@@ -5304,7 +5316,7 @@
 	AC_MSG_RESULT(yes);
 
 	case "$host_os" in
-	*linux*)
+	linux*-gnu* | gnu* | k*bsd*-gnu)
 		AC_CACHE_CHECK([for linux sendfile64 support],samba_cv_HAVE_SENDFILE64,[
 		AC_TRY_LINK([#include <sys/sendfile.h>],
 [\
@@ -5630,11 +5642,11 @@
 WINBIND_NSS_PTHREAD=""
 
 case "$host_os" in
-	*linux*)
+	linux*-gnu* | gnu* | k*bsd*-gnu)
 		NSSSONAMEVERSIONSUFFIX=".2"
 		WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_linux.o"
 		;;
-	*freebsd[[5-9]]*)
+	freebsd5*|*freebsd[[6-9]]*)
 		# FreeBSD winbind client is implemented as a wrapper around
 		# the Linux version.
 		NSSSONAMEVERSIONSUFFIX=".1"

Modified: branches/samba/lenny/source/include/config.h.in
===================================================================
--- branches/samba/lenny/source/include/config.h.in	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/include/config.h.in	2010-02-13 22:40:02 UTC (rev 3293)
@@ -66,6 +66,9 @@
 /* Whether to use fully FHS-compatible paths */
 #undef FHS_COMPATIBLE
 
+/* Whether to use fully FHS-compatible paths */
+#undef FHS_COMPATIBLE
+
 /* Whether the host os is FreeBSD */
 #undef FREEBSD
 

Modified: branches/samba/lenny/source/include/local.h
===================================================================
--- branches/samba/lenny/source/include/local.h	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/include/local.h	2010-02-13 22:40:02 UTC (rev 3293)
@@ -109,7 +109,7 @@
 /* the default pager to use for the client "more" command. Users can
    override this with the PAGER environment variable */
 #ifndef PAGER
-#define PAGER "more"
+#define PAGER "/usr/bin/pager"
 #endif
 
 /* the size of the uid cache used to reduce valid user checks */

Modified: branches/samba/lenny/source/include/smb.h
===================================================================
--- branches/samba/lenny/source/include/smb.h	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/include/smb.h	2010-02-13 22:40:02 UTC (rev 3293)
@@ -758,6 +758,7 @@
 	struct timeval request_time; /* When was this first issued? */
 	struct timeval end_time; /* When does this time out? */
 	bool encrypted;
+	bool processed;
 	DATA_BLOB buf;
 	DATA_BLOB private_data;
 };

Modified: branches/samba/lenny/source/lib/system.c
===================================================================
--- branches/samba/lenny/source/lib/system.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/lib/system.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -142,6 +142,20 @@
 }
 
 /*******************************************************************
+A writev wrapper that will deal with EINTR.
+********************************************************************/
+
+ssize_t sys_writev(int fd, const struct iovec *iov, int iovcnt)
+{
+	ssize_t ret;
+
+	do {
+		ret = writev(fd, iov, iovcnt);
+	} while (ret == -1 && errno == EINTR);
+	return ret;
+}
+
+/*******************************************************************
 A pread wrapper that will deal with EINTR and 64-bit file offsets.
 ********************************************************************/
 

Modified: branches/samba/lenny/source/lib/util.c
===================================================================
--- branches/samba/lenny/source/lib/util.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/lib/util.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -2621,6 +2621,15 @@
 	return xx_path(name, get_dyn_STATEDIR());
 }
 
+
+/*****************************************************************
+a useful function for returning a path in the Samba cache directory
+ *****************************************************************/
+char *cache_path(char *name)
+{
+	return xx_path(name, get_dyn_CACHEDIR());
+}
+
 /**
  * @brief Returns the platform specific shared library extension.
  *

Modified: branches/samba/lenny/source/lib/util_sock.c
===================================================================
--- branches/samba/lenny/source/lib/util_sock.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/lib/util_sock.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -1037,40 +1037,109 @@
 }
 
 /****************************************************************************
- Write data to a fd.
+ Write all data from an iov array
 ****************************************************************************/
 
-ssize_t write_data(int fd, const char *buffer, size_t N)
+ssize_t write_data_iov(int fd, const struct iovec *orig_iov, int iovcnt)
 {
-	size_t total=0;
-	ssize_t ret;
-	char addr[INET6_ADDRSTRLEN];
+	int i;
+	size_t to_send;
+	ssize_t thistime;
+	size_t sent;
+	struct iovec *iov_copy, *iov;
 
-	while (total < N) {
-		ret = sys_write(fd,buffer + total,N - total);
+	to_send = 0;
+	for (i=0; i<iovcnt; i++) {
+		to_send += orig_iov[i].iov_len;
+	}
 
-		if (ret == -1) {
-			if (fd == get_client_fd()) {
-				/* Try and give an error message saying
-				 * what client failed. */
-				DEBUG(0,("write_data: write failure in "
-					"writing to client %s. Error %s\n",
-					get_peer_addr(fd,addr,sizeof(addr)),
-					strerror(errno) ));
-			} else {
-				DEBUG(0,("write_data: write failure. "
-					"Error = %s\n", strerror(errno) ));
+	thistime = sys_writev(fd, orig_iov, iovcnt);
+	if ((thistime <= 0) || (thistime == to_send)) {
+		return thistime;
+	}
+	sent = thistime;
+
+	/*
+	 * We could not send everything in one call. Make a copy of iov that
+	 * we can mess with. We keep a copy of the array start in iov_copy for
+	 * the TALLOC_FREE, because we're going to modify iov later on,
+	 * discarding elements.
+	 */
+
+	iov_copy = (struct iovec *)TALLOC_MEMDUP(
+		talloc_tos(), orig_iov, sizeof(struct iovec) * iovcnt);
+
+	if (iov_copy == NULL) {
+		errno = ENOMEM;
+		return -1;
+	}
+	iov = iov_copy;
+
+	while (sent < to_send) {
+		/*
+		 * We have to discard "thistime" bytes from the beginning
+		 * iov array, "thistime" contains the number of bytes sent
+		 * via writev last.
+		 */
+		while (thistime > 0) {
+			if (thistime < iov[0].iov_len) {
+				char *new_base =
+					(char *)iov[0].iov_base + thistime;
+				iov[0].iov_base = new_base;
+				iov[0].iov_len -= thistime;
+				break;
 			}
-			return -1;
+			thistime -= iov[0].iov_len;
+			iov += 1;
+			iovcnt -= 1;
 		}
 
-		if (ret == 0) {
-			return total;
+		thistime = sys_writev(fd, iov, iovcnt);
+		if (thistime <= 0) {
+			break;
 		}
+		sent += thistime;
+	}
 
-		total += ret;
+	TALLOC_FREE(iov_copy);
+	return sent;
+}
+
+/****************************************************************************
+ Write data to a fd.
+****************************************************************************/
+
+/****************************************************************************
+ Write data to a fd.
+****************************************************************************/
+
+ssize_t write_data(int fd, const char *buffer, size_t N)
+{
+	ssize_t ret;
+	struct iovec iov;
+
+	iov.iov_base = CONST_DISCARD(char *, buffer);
+	iov.iov_len = N;
+
+	ret = write_data_iov(fd, &iov, 1);
+	if (ret >= 0) {
+		return ret;
 	}
-	return (ssize_t)total;
+
+	if (fd == get_client_fd()) {
+		char addr[INET6_ADDRSTRLEN];
+		/*
+		 * Try and give an error message saying what client failed.
+		 */
+		DEBUG(0, ("write_data: write failure in writing to client %s. "
+			  "Error %s\n", get_peer_addr(fd,addr,sizeof(addr)),
+			  strerror(errno)));
+	} else {
+		DEBUG(0,("write_data: write failure. Error = %s\n",
+			 strerror(errno) ));
+	}
+
+	return -1;
 }
 
 /****************************************************************************

Modified: branches/samba/lenny/source/libads/ldap.c
===================================================================
--- branches/samba/lenny/source/libads/ldap.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/libads/ldap.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -118,6 +118,10 @@
 	if (gotalarm != 0)
 		return LDAP_TIMELIMIT_EXCEEDED;
 
+	if (*res == NULL) {
+		return LDAP_TIMELIMIT_EXCEEDED;
+	}
+
 	return result;
 }
 

Modified: branches/samba/lenny/source/libgpo/gpo_fetch.c
===================================================================
--- branches/samba/lenny/source/libgpo/gpo_fetch.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/libgpo/gpo_fetch.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -59,7 +59,7 @@
 
 	if ((path = talloc_asprintf(mem_ctx,
 					"%s/%s",
-					lock_path(GPO_CACHE_DIR),
+					cache_path(GPO_CACHE_DIR),
 					file_sys_path)) == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -82,7 +82,7 @@
 static NTSTATUS gpo_prepare_local_store(TALLOC_CTX *mem_ctx,
 					const char *unix_path)
 {
-	const char *top_dir = lock_path(GPO_CACHE_DIR);
+	const char *top_dir = cache_path(GPO_CACHE_DIR);
 	char *current_dir;
 	char *tok;
 

Modified: branches/samba/lenny/source/librpc/gen_ndr/ndr_samr.c
===================================================================
--- branches/samba/lenny/source/librpc/gen_ndr/ndr_samr.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/librpc/gen_ndr/ndr_samr.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -4430,14 +4430,14 @@
 
 static enum ndr_err_code ndr_push_samr_ConnectVersion(struct ndr_push *ndr, int ndr_flags, enum samr_ConnectVersion r)
 {
-	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
 	return NDR_ERR_SUCCESS;
 }
 
 static enum ndr_err_code ndr_pull_samr_ConnectVersion(struct ndr_pull *ndr, int ndr_flags, enum samr_ConnectVersion *r)
 {
-	uint16_t v;
-	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
 	*r = v;
 	return NDR_ERR_SUCCESS;
 }

Modified: branches/samba/lenny/source/librpc/idl/samr.idl
===================================================================
--- branches/samba/lenny/source/librpc/idl/samr.idl	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/librpc/idl/samr.idl	2010-02-13 22:40:02 UTC (rev 3293)
@@ -1246,7 +1246,7 @@
 	/************************/
 	/* Function    0x3e     */
 
-	typedef enum {
+	typedef [v1_enum] enum {
 		SAMR_CONNECT_PRE_W2K	= 1,
 		SAMR_CONNECT_W2K	= 2,
 		SAMR_CONNECT_AFTER_W2K	= 3

Modified: branches/samba/lenny/source/libsmb/clidfs.c
===================================================================
--- branches/samba/lenny/source/libsmb/clidfs.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/libsmb/clidfs.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -306,10 +306,11 @@
 	}
 
 	if (p) {
-		char *name = clean_name(NULL, p->mount);
+		char *name = clean_name(NULL, mnt);
 		if (!name) {
 			return;
 		}
+		TALLOC_FREE(p->mount);
 		p->mount = talloc_strdup(p, name);
 		TALLOC_FREE(name);
 	}

Modified: branches/samba/lenny/source/libsmb/clientgen.c
===================================================================
--- branches/samba/lenny/source/libsmb/clientgen.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/libsmb/clientgen.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -315,7 +315,7 @@
 	/* First length to send is the offset to the data. */
 	size_t len = SVAL(cli->outbuf,smb_vwv11) + 4;
 	size_t nwritten=0;
-	ssize_t ret;
+	struct iovec iov[2];
 
 	/* fd == -1 causes segfaults -- Tom (tom at ninja.nl) */
 	if (cli->fd == -1) {
@@ -327,33 +327,19 @@
 		return false;
 	}
 
-	while (nwritten < len) {
-		ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten);
-		if (ret <= 0) {
-			close(cli->fd);
-			cli->fd = -1;
-			cli->smb_rw_error = SMB_WRITE_ERROR;
-			DEBUG(0,("Error writing %d bytes to client. %d (%s)\n",
-				(int)len,(int)ret, strerror(errno) ));
-			return false;
-		}
-		nwritten += ret;
-	}
+	iov[0].iov_base = cli->outbuf;
+	iov[0].iov_len = len;
+	iov[1].iov_base = CONST_DISCARD(char *, p);
+	iov[1].iov_len = extradata;
 
-	/* Now write the extra data. */
-	nwritten=0;
-	while (nwritten < extradata) {
-		ret = write_socket(cli->fd,p+nwritten,extradata - nwritten);
-		if (ret <= 0) {
-			close(cli->fd);
-			cli->fd = -1;
-			cli->smb_rw_error = SMB_WRITE_ERROR;
-			DEBUG(0,("Error writing %d extradata "
-				"bytes to client. %d (%s)\n",
-				(int)extradata,(int)ret, strerror(errno) ));
-			return false;
-		}
-		nwritten += ret;
+	nwritten = write_data_iov(cli->fd, iov, 2);
+	if (nwritten < (len + extradata)) {
+		close(cli->fd);
+		cli->fd = -1;
+		cli->smb_rw_error = SMB_WRITE_ERROR;
+		DEBUG(0,("Error writing %d bytes to client. (%s)\n",
+			 (int)(len+extradata), strerror(errno)));
+		return false;
 	}
 
 	/* Increment the mid so we can tell between responses. */

Modified: branches/samba/lenny/source/libsmb/clilist.c
===================================================================
--- branches/samba/lenny/source/libsmb/clilist.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/libsmb/clilist.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -79,16 +79,17 @@
 			p += 27;
 			p += clistr_align_in(cli, p, 0);
 
-			/* We can safely use +1 here (which is required by OS/2)
-			 * instead of +2 as the STR_TERMINATE flag below is
+			/* We can safely use len here (which is required by OS/2)
+			 * and the NAS-BASIC server instead of +2 or +1 as the
+			 * STR_TERMINATE flag below is
 			 * actually used as the length calculation.
-			 * The len+2 is merely an upper bound.
+			 * The len is merely an upper bound.
 			 * Due to the explicit 2 byte null termination
 			 * in cli_receive_trans/cli_receive_nt_trans
 			 * we know this is safe. JRA + kukks
 			 */
 
-			if (p + len + 1 > pdata_end) {
+			if (p + len > pdata_end) {
 				return pdata_end - base;
 			}
 

Modified: branches/samba/lenny/source/libsmb/samlogon_cache.c
===================================================================
--- branches/samba/lenny/source/libsmb/samlogon_cache.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/libsmb/samlogon_cache.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -34,7 +34,7 @@
 bool netsamlogon_cache_init(void)
 {
 	if (!netsamlogon_tdb) {
-		netsamlogon_tdb = tdb_open_log(lock_path(NETSAMLOGON_TDB), 0,
+		netsamlogon_tdb = tdb_open_log(cache_path(NETSAMLOGON_TDB), 0,
 					       TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
 	}
 

Modified: branches/samba/lenny/source/m4/aclocal.m4
===================================================================
--- branches/samba/lenny/source/m4/aclocal.m4	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/m4/aclocal.m4	2010-02-13 22:40:02 UTC (rev 3293)
@@ -68,7 +68,8 @@
 LIBUC[_STATIC_TARGET]=bin/LIBNAME.a
 LIBUC[_SHARED]=
 LIBUC[_STATIC]=
-LIBUC[_LIBS]=
+LIBUC[_LIBS]=LIBLIBS
+LIBUC[_TARGET]=
 [INSTALL_]LIBUC=
 [UNINSTALL_]LIBUC=
 
@@ -79,6 +80,7 @@
 AC_SUBST(LIBUC[_SHARED])
 AC_SUBST(LIBUC[_STATIC])
 AC_SUBST(LIBUC[_LIBS])
+AC_SUBST(LIBUC[_TARGET])
 AC_SUBST([INSTALL_]LIBUC)
 AC_SUBST([UNINSTALL_]LIBUC)
 AC_SUBST(LIBUC[_SOVER])
@@ -137,14 +139,16 @@
 	[UNINSTALL_]LIBUC=[uninstall]LIBNAME
 	if eval $BLDSHARED = true; then
 		LIBUC[_SHARED]=$LIBUC[_SHARED_TARGET]
+		LIBUC[_TARGET]=$LIBUC[_SHARED_TARGET]
 		AC_MSG_RESULT(yes)
 		if test x"$USESHARED" != x"true" -o x"$[LINK_]LIBUC" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBUC[_LIBS]=LIBLIBS
+			LIBUC[_TARGET]=$LIBUC[_STATIC_TARGET]
+			LIBUC[_LIBS]=$LIBUC[_STATIC_TARGET]
 		fi
 	else
 		enable_static=yes
+		LIBUC[_TARGET]=$LIBUC[_STATIC_TARGET]
 		AC_MSG_RESULT(no shared library support -- will supply static library)
 	fi
 else

Modified: branches/samba/lenny/source/m4/check_path.m4
===================================================================
--- branches/samba/lenny/source/m4/check_path.m4	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/m4/check_path.m4	2010-02-13 22:40:02 UTC (rev 3293)
@@ -33,7 +33,7 @@
 [AS_HELP_STRING([--with-fhs],[Use FHS-compliant paths (default=no)])],
 [ case "$withval" in
   yes)
-    lockdir="\${VARDIR}/lib/samba"
+    lockdir="\${VARDIR}/run/samba"
     piddir="\${VARDIR}/run"
     mandir="\${prefix}/share/man"
     logfilebase="\${VARDIR}/log/samba"
@@ -41,9 +41,9 @@
     test "${libdir}" || libdir="\${prefix}/lib/samba"
     configdir="\${sysconfdir}/samba"
     swatdir="\${DATADIR}/samba/swat"
-    codepagedir="\${LIBDIR}"
+    codepagedir="\${DATADIR}/samba"
     statedir="\${VARDIR}/lib/samba"
-    cachedir="\${VARDIR}/lib/samba"
+    cachedir="\${VARDIR}/cache/samba"
     AC_DEFINE(FHS_COMPATIBLE, 1, [Whether to use fully FHS-compatible paths])
     ;;
   esac])

Modified: branches/samba/lenny/source/modules/vfs_full_audit.c
===================================================================
--- branches/samba/lenny/source/modules/vfs_full_audit.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/modules/vfs_full_audit.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -701,6 +701,7 @@
 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
 {
 	char *prefix = NULL;
+	char *result;
 
 	prefix = talloc_strdup(ctx,
 			lp_parm_const_string(SNUM(conn), "full_audit",
@@ -708,12 +709,14 @@
 	if (!prefix) {
 		return NULL;
 	}
-	return talloc_sub_advanced(ctx,
+	result = talloc_sub_advanced(ctx,
 			lp_servicename(SNUM(conn)), conn->user,
 			conn->connectpath, conn->gid,
 			get_current_username(),
 			current_user_info.domain,
 			prefix);
+	TALLOC_FREE(prefix);
+	return result;
 }
 
 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)

Modified: branches/samba/lenny/source/modules/vfs_xattr_tdb.c
===================================================================
--- branches/samba/lenny/source/modules/vfs_xattr_tdb.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/modules/vfs_xattr_tdb.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -576,7 +576,7 @@
 	const char *dbname;
 
 	dbname = lp_parm_const_string(snum, "xattr_tdb", "file",
-				      lock_path("xattr.tdb"));
+				      state_path("xattr.tdb"));
 
 	if (dbname == NULL) {
 		errno = ENOSYS;

Modified: branches/samba/lenny/source/nmbd/nmbd_serverlistdb.c
===================================================================
--- branches/samba/lenny/source/nmbd/nmbd_serverlistdb.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/nmbd/nmbd_serverlistdb.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -326,7 +326,7 @@
 
 	updatecount++;
 
-	fname = talloc_strdup(ctx, lp_lockdir());
+	fname = talloc_strdup(ctx, get_dyn_CACHEDIR());
 	if (!fname) {
 		return;
 	}

Modified: branches/samba/lenny/source/nsswitch/wins.c
===================================================================
--- branches/samba/lenny/source/nsswitch/wins.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/nsswitch/wins.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -25,6 +25,14 @@
 #include <ns_daemon.h>
 #endif
 
+#if HAVE_PTHREAD_H
+#include <pthread.h>
+#endif
+
+#if HAVE_PTHREAD
+static pthread_mutex_t wins_nss_mutex = PTHREAD_MUTEX_INITIALIZER;
+#endif
+
 #ifndef INADDRSZ
 #define INADDRSZ 4
 #endif
@@ -321,11 +329,16 @@
 _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he,
 			  char *buffer, size_t buflen, int *h_errnop)
 {
+	NSS_STATUS nss_status = NSS_STATUS_SUCCESS;
 	struct in_addr *ip_list;
 	int i, count;
 	fstring name;
 	size_t namelen;
 		
+#if HAVE_PTHREAD
+	pthread_mutex_lock(&wins_nss_mutex);
+#endif
+
 	memset(he, '\0', sizeof(*he));
 	fstrcpy(name, hostname);
 
@@ -333,8 +346,10 @@
 
 	ip_list = lookup_byname_backend(name, &count);
 
-	if (!ip_list)
-		return NSS_STATUS_NOTFOUND;
+	if (!ip_list) {
+		nss_status = NSS_STATUS_NOTFOUND;
+		goto out;
+	}
 
 	/* Copy h_name */
 
@@ -342,7 +357,8 @@
 
 	if ((he->h_name = get_static(&buffer, &buflen, namelen)) == NULL) {
 		free(ip_list);
-		return NSS_STATUS_TRYAGAIN;
+		nss_status = NSS_STATUS_TRYAGAIN;
+		goto out;
 	}
 
 	memcpy(he->h_name, name, namelen);
@@ -354,20 +370,23 @@
 
 	if (get_static(&buffer, &buflen, i) == NULL) {
 		free(ip_list);
-		return NSS_STATUS_TRYAGAIN;
+		nss_status = NSS_STATUS_TRYAGAIN;
+		goto out;
 	}
 
 	if ((he->h_addr_list = (char **)get_static(
 		     &buffer, &buflen, (count + 1) * sizeof(char *))) == NULL) {
 		free(ip_list);
-		return NSS_STATUS_TRYAGAIN;
+		nss_status = NSS_STATUS_TRYAGAIN;
+		goto out;
 	}
 
 	for (i = 0; i < count; i++) {
 		if ((he->h_addr_list[i] = get_static(&buffer, &buflen,
 						     INADDRSZ)) == NULL) {
 			free(ip_list);
-			return NSS_STATUS_TRYAGAIN;
+			nss_status = NSS_STATUS_TRYAGAIN;
+			goto out;
 		}
 		memcpy(he->h_addr_list[i], &ip_list[i], INADDRSZ);
 	}
@@ -386,16 +405,27 @@
 	if ((i = (unsigned long)(buffer) % sizeof(char*)) != 0)
 		i = sizeof(char*) - i;
 
-	if (get_static(&buffer, &buflen, i) == NULL)
-		return NSS_STATUS_TRYAGAIN;
+	if (get_static(&buffer, &buflen, i) == NULL) {
+		nss_status = NSS_STATUS_TRYAGAIN;
+		goto out;
+	}
 
 	if ((he->h_aliases = (char **)get_static(
-		     &buffer, &buflen, sizeof(char *))) == NULL)
-		return NSS_STATUS_TRYAGAIN;
+		     &buffer, &buflen, sizeof(char *))) == NULL) {
+		nss_status = NSS_STATUS_TRYAGAIN;
+		goto out;
+	}
 
 	he->h_aliases[0] = NULL;
 
-	return NSS_STATUS_SUCCESS;
+	nss_status = NSS_STATUS_SUCCESS;
+
+  out:
+
+#if HAVE_PTHREAD
+	pthread_mutex_unlock(&wins_nss_mutex);
+#endif
+	return nss_status;
 }
 
 
@@ -403,12 +433,15 @@
 _nss_wins_gethostbyname2_r(const char *name, int af, struct hostent *he,
 			   char *buffer, size_t buflen, int *h_errnop)
 {
+	NSS_STATUS nss_status;
+
 	if(af!=AF_INET) {
 		*h_errnop = NO_DATA;
-		return NSS_STATUS_UNAVAIL;
+		nss_status = NSS_STATUS_UNAVAIL;
+	} else {
+		nss_status = _nss_wins_gethostbyname_r(
+				name, he, buffer, buflen, h_errnop);
 	}
-
-	return _nss_wins_gethostbyname_r(
-		name, he, buffer, buflen, h_errnop);
+	return nss_status;
 }
 #endif

Modified: branches/samba/lenny/source/pam_smbpass/README
===================================================================
--- branches/samba/lenny/source/pam_smbpass/README	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/pam_smbpass/README	2010-02-13 22:40:02 UTC (rev 3293)
@@ -37,7 +37,7 @@
 	smbconf=<file>	-	specify an alternate path to the smb.conf
 				file.
 
-See the samples/ directory for example PAM configurations using this
+See the examples/ directory for example PAM configurations using this
 module.
 
 Thanks go to the following people:

Modified: branches/samba/lenny/source/pam_smbpass/pam_smb_acct.c
===================================================================
--- branches/samba/lenny/source/pam_smbpass/pam_smb_acct.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/pam_smbpass/pam_smb_acct.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -58,26 +58,25 @@
 
 	/* Samba initialization. */
 	load_case_tables();
-	setup_logging( "pam_smbpass", False );
         lp_set_in_client(True);
 
-	ctrl = set_ctrl( flags, argc, argv );
+	ctrl = set_ctrl(pamh, flags, argc, argv );
 
 	/* get the username */
 
 	retval = pam_get_user( pamh, &name, "Username: " );
 	if (retval != PAM_SUCCESS) {
 		if (on( SMB_DEBUG, ctrl )) {
-			_log_err( LOG_DEBUG, "acct: could not identify user" );
+			_log_err(pamh, LOG_DEBUG, "acct: could not identify user" );
 		}
 		return retval;
 	}
 	if (on( SMB_DEBUG, ctrl )) {
-		_log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
+		_log_err(pamh, LOG_DEBUG, "acct: username [%s] obtained", name );
 	}
 
 	if (geteuid() != 0) {
-		_log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
+		_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
 		return PAM_AUTHINFO_UNAVAIL;
 	}
 
@@ -85,7 +84,7 @@
 		from a SIGPIPE it's not expecting */
 	oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
 	if (!initialize_password_db(True, NULL)) {
-		_log_err( LOG_ALERT, "Cannot access samba password database" );
+	  _log_err(pamh, LOG_ALERT, "Cannot access samba password database" );
 		CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
 		return PAM_AUTHINFO_UNAVAIL;
 	}
@@ -99,7 +98,7 @@
 	}
 
 	if (!pdb_getsampwnam(sampass, name )) {
-		_log_err( LOG_DEBUG, "acct: could not identify user" );
+		_log_err(pamh, LOG_DEBUG, "acct: could not identify user");
         	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
         	return PAM_USER_UNKNOWN;
 	}
@@ -112,8 +111,8 @@
 
 	if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
 		if (on( SMB_DEBUG, ctrl )) {
-			_log_err( LOG_DEBUG
-				, "acct: account %s is administratively disabled", name );
+			_log_err(pamh, LOG_DEBUG,
+				 "acct: account %s is administratively disabled", name);
 		}
 		make_remark( pamh, ctrl, PAM_ERROR_MSG
 			, "Your account has been disabled; "

Modified: branches/samba/lenny/source/pam_smbpass/pam_smb_auth.c
===================================================================
--- branches/samba/lenny/source/pam_smbpass/pam_smb_auth.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/pam_smbpass/pam_smb_auth.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -81,10 +81,9 @@
 
 	/* Samba initialization. */
 	load_case_tables();
-	setup_logging("pam_smbpass",False);
         lp_set_in_client(True);
 
-	ctrl = set_ctrl(flags, argc, argv);
+	ctrl = set_ctrl(pamh, flags, argc, argv);
 
 	/* Get a few bytes so we can pass our return value to
 		pam_sm_setcred(). */
@@ -99,29 +98,29 @@
 	retval = pam_get_user( pamh, &name, "Username: " );
 	if ( retval != PAM_SUCCESS ) {
 		if (on( SMB_DEBUG, ctrl )) {
-			_log_err(LOG_DEBUG, "auth: could not identify user");
+			_log_err(pamh, LOG_DEBUG, "auth: could not identify user");
 		}
 		AUTH_RETURN;
 	}
 	if (on( SMB_DEBUG, ctrl )) {
-		_log_err( LOG_DEBUG, "username [%s] obtained", name );
+		_log_err(pamh, LOG_DEBUG, "username [%s] obtained", name );
 	}
 
 	if (geteuid() != 0) {
-		_log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
+		_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
 		retval = PAM_AUTHINFO_UNAVAIL;
 		AUTH_RETURN;
 	}
 
 	if (!initialize_password_db(True, NULL)) {
-		_log_err( LOG_ALERT, "Cannot access samba password database" );
+		_log_err(pamh, LOG_ALERT, "Cannot access samba password database" );
 		retval = PAM_AUTHINFO_UNAVAIL;
 		AUTH_RETURN;
 	}
 
 	sampass = samu_new( NULL );
     	if (!sampass) {
-		_log_err( LOG_ALERT, "Cannot talloc a samu struct" );
+		_log_err(pamh, LOG_ALERT, "Cannot talloc a samu struct" );
 		retval = nt_status_to_pam(NT_STATUS_NO_MEMORY);
 		AUTH_RETURN;
 	}
@@ -135,7 +134,7 @@
 	}
 
 	if (!found) {
-		_log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
+		_log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", name);
 		retval = PAM_USER_UNKNOWN;
 		TALLOC_FREE(sampass);
 		sampass = NULL;
@@ -154,7 +153,7 @@
 
 	retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
 	if (retval != PAM_SUCCESS ) {
-		_log_err(LOG_CRIT, "auth: no password provided for [%s]", name);
+		_log_err(pamh,LOG_CRIT, "auth: no password provided for [%s]", name);
 		TALLOC_FREE(sampass);
 		AUTH_RETURN;
 	}
@@ -202,7 +201,7 @@
 	retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
 
 	if (retval != PAM_SUCCESS) {
-		_log_err( LOG_ALERT
+		_log_err(pamh, LOG_ALERT
 			, "pam_get_item returned error to pam_sm_authenticate" );
 		return PAM_AUTHTOK_RECOVER_ERR;
 	} else if (pass == NULL) {

Modified: branches/samba/lenny/source/pam_smbpass/pam_smb_passwd.c
===================================================================
--- branches/samba/lenny/source/pam_smbpass/pam_smb_passwd.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/pam_smbpass/pam_smb_passwd.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -106,10 +106,9 @@
 
     /* Samba initialization. */
     load_case_tables();
-    setup_logging( "pam_smbpass", False );
     lp_set_in_client(True);
 
-    ctrl = set_ctrl(flags, argc, argv);
+    ctrl = set_ctrl(pamh, flags, argc, argv);
 
     /*
      * First get the name of a user.  No need to do anything if we can't
@@ -119,16 +118,16 @@
     retval = pam_get_user( pamh, &user, "Username: " );
     if (retval != PAM_SUCCESS) {
         if (on( SMB_DEBUG, ctrl )) {
-            _log_err( LOG_DEBUG, "password: could not identify user" );
+            _log_err(pamh, LOG_DEBUG, "password: could not identify user");
         }
         return retval;
     }
     if (on( SMB_DEBUG, ctrl )) {
-        _log_err( LOG_DEBUG, "username [%s] obtained", user );
+        _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user);
     }
 
     if (geteuid() != 0) {
-	_log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
+	_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
 	return PAM_AUTHINFO_UNAVAIL;
     }
 
@@ -137,7 +136,7 @@
     oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
 
     if (!initialize_password_db(False, NULL)) {
-        _log_err( LOG_ALERT, "Cannot access samba password database" );
+      _log_err(pamh, LOG_ALERT, "Cannot access samba password database" );
         CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
         return PAM_AUTHINFO_UNAVAIL;
     }
@@ -149,12 +148,12 @@
     }
 
     if (!pdb_getsampwnam(sampass,user)) {
-        _log_err( LOG_ALERT, "Failed to find entry for user %s.", user );
+        _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", user);
         CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
         return PAM_USER_UNKNOWN;
     }
     if (on( SMB_DEBUG, ctrl )) {
-        _log_err( LOG_DEBUG, "Located account for %s", user );
+        _log_err(pamh, LOG_DEBUG, "Located account for %s", user);
     }
 
     if (flags & PAM_PRELIM_CHECK) {
@@ -180,7 +179,7 @@
 #define greeting "Changing password for "
             Announce = SMB_MALLOC_ARRAY(char, sizeof(greeting)+strlen(user));
             if (Announce == NULL) {
-                _log_err(LOG_CRIT, "password: out of memory");
+                _log_err(pamh, LOG_CRIT, "password: out of memory");
                 TALLOC_FREE(sampass);
                 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
                 return PAM_BUF_ERR;
@@ -195,8 +194,8 @@
             SAFE_FREE( Announce );
 
             if (retval != PAM_SUCCESS) {
-                _log_err( LOG_NOTICE
-                          , "password - (old) token not obtained" );
+                _log_err(pamh, LOG_NOTICE,
+                         "password - (old) token not obtained");
                 TALLOC_FREE(sampass);
                 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
                 return retval;
@@ -241,7 +240,7 @@
         }
 
         if (retval != PAM_SUCCESS) {
-            _log_err( LOG_NOTICE, "password: user not authenticated" );
+            _log_err(pamh, LOG_NOTICE, "password: user not authenticated");
             TALLOC_FREE(sampass);
             CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
             return retval;
@@ -266,8 +265,8 @@
 
         if (retval != PAM_SUCCESS) {
             if (on( SMB_DEBUG, ctrl )) {
-                _log_err( LOG_ALERT
-                          , "password: new password not obtained" );
+                _log_err(pamh, LOG_ALERT,
+                         "password: new password not obtained");
             }
             pass_old = NULL;                               /* tidy up */
             TALLOC_FREE(sampass);
@@ -288,7 +287,7 @@
         retval = _pam_smb_approve_pass(pamh, ctrl, pass_old, pass_new);
 
         if (retval != PAM_SUCCESS) {
-            _log_err(LOG_NOTICE, "new password not acceptable");
+            _log_err(pamh, LOG_NOTICE, "new password not acceptable");
             pass_new = pass_old = NULL;               /* tidy up */
             TALLOC_FREE(sampass);
             CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
@@ -308,16 +307,17 @@
 	    
             /* password updated */
 		if (!sid_to_uid(pdb_get_user_sid(sampass), &uid)) {
-			_log_err( LOG_NOTICE, "Unable to get uid for user %s",
+			_log_err(pamh, LOG_NOTICE,
+			         "Unable to get uid for user %s",
 				pdb_get_username(sampass));
-			_log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)",
+			_log_err(pamh, LOG_NOTICE, "password for (%s) changed by (%s/%d)",
 				user, uidtoname(getuid()), getuid());
 		} else {
-			_log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
+			_log_err(pamh, LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
 				user, uid, uidtoname(getuid()), getuid());
 		}
 	} else {
-		_log_err( LOG_ERR, "password change failed for user %s", user);
+		_log_err(pamh, LOG_ERR, "password change failed for user %s", user);
 	}
 
         pass_old = pass_new = NULL;
@@ -328,7 +328,7 @@
 
     } else {            /* something has broken with the library */
 
-        _log_err( LOG_ALERT, "password received unknown request" );
+        _log_err(pamh, LOG_ALERT, "password received unknown request");
         retval = PAM_ABORT;
 
     }

Modified: branches/samba/lenny/source/pam_smbpass/support.c
===================================================================
--- branches/samba/lenny/source/pam_smbpass/support.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/pam_smbpass/support.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -14,6 +14,7 @@
  * this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
+#include "config.h"
 #include "includes.h"
 #include "general.h"
 
@@ -62,17 +63,42 @@
 char *_pam_delete(register char *);
 
 /* syslogging function for errors and other information */
-
-void _log_err( int err, const char *format, ... )
+#ifdef HAVE_PAM_VSYSLOG
+void _log_err( pam_handle_t *pamh, int err, const char *format, ... )
 {
-    va_list args;
+	va_list args;
+  
+	va_start(args, format);
+	pam_vsyslog(pamh, err, format, args);
+	va_end(args);
+}
+#else
+void _log_err( pam_handle_t *pamh, int err, const char *format, ... )
+{
+	va_list args;
+	const char tag[] = "(pam_smbpass) ";
+	char *mod_format;
 
-    va_start( args, format );
-    openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
-    vsyslog( err, format, args );
-    va_end( args );
-    closelog();
+	mod_format = SMB_MALLOC_ARRAY(char, sizeof(tag) + strlen(format));
+	/* try really, really hard to log something, since this may have
+	   been a message about a malloc() failure... */
+	if (mod_format == NULL) {
+		va_start(args, format);
+		vsyslog(err | LOG_AUTH, format, args);
+		va_end(args);
+		return;
+  	}
+  
+	strncpy(mod_format, tag, strlen(tag)+1);
+	strncat(mod_format, format, strlen(format));
+
+	va_start(args, format);
+	vsyslog(err | LOG_AUTH, mod_format, args);
+	va_end(args);
+
+	free(mod_format);
 }
+#endif
 
 /* this is a front-end for module-application conversations */
 
@@ -90,11 +116,11 @@
 							,response, conv->appdata_ptr);
 
 		if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
-			_log_err(LOG_DEBUG, "conversation failure [%s]"
+			_log_err(pamh, LOG_DEBUG, "conversation failure [%s]"
 					 ,pam_strerror(pamh, retval));
 		}
 	} else {
-		_log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
+		_log_err(pamh, LOG_ERR, "couldn't obtain coversation function [%s]"
 				 ,pam_strerror(pamh, retval));
 	}
 
@@ -121,7 +147,7 @@
 
 /* set the control flags for the SMB module. */
 
-int set_ctrl( int flags, int argc, const char **argv )
+int set_ctrl( pam_handle_t *pamh, int flags, int argc, const char **argv )
 {
     int i = 0;
     const char *service_file = NULL;
@@ -163,7 +189,7 @@
     /* Read some options from the Samba config. Can be overridden by
        the PAM config. */
     if(lp_load(service_file,True,False,False,True) == False) {
-	_log_err( LOG_ERR, "Error loading service file %s", service_file );
+	_log_err(pamh, LOG_ERR, "Error loading service file %s", service_file);
     }
 
     secrets_init();
@@ -186,7 +212,7 @@
         }
 
         if (j >= SMB_CTRLS_) {
-            _log_err( LOG_ERR, "unrecognized option [%s]", *argv );
+            _log_err(pamh, LOG_ERR, "unrecognized option [%s]", *argv);
         } else {
             ctrl &= smb_args[j].mask;	/* for turning things off */
             ctrl |= smb_args[j].flag;	/* for turning things on  */
@@ -225,7 +251,7 @@
  * evidence of old token around for later stack analysis.
  *
  */
-char * smbpXstrDup( const char *x )
+char * smbpXstrDup( pam_handle_t *pamh, const char *x )
 {
     register char *newstr = NULL;
 
@@ -235,7 +261,7 @@
         for (i = 0; x[i]; ++i); /* length of string */
         if ((newstr = SMB_MALLOC_ARRAY(char, ++i)) == NULL) {
             i = 0;
-            _log_err( LOG_CRIT, "out of memory in smbpXstrDup" );
+            _log_err(pamh, LOG_CRIT, "out of memory in smbpXstrDup");
         } else {
             while (i-- > 0) {
                 newstr[i] = x[i];
@@ -277,7 +303,7 @@
             /* log the number of authentication failures */
             if (failure->count != 0) {
                 pam_get_item( pamh, PAM_SERVICE, (const void **) &service );
-                _log_err( LOG_NOTICE
+                _log_err(pamh, LOG_NOTICE
                           , "%d authentication %s "
                             "from %s for service %s as %s(%d)"
                           , failure->count
@@ -286,7 +312,7 @@
                           , service == NULL ? "**unknown**" : service 
                           , failure->user, failure->id );
                 if (failure->count > SMB_MAX_RETRIES) {
-                    _log_err( LOG_ALERT
+                    _log_err(pamh, LOG_ALERT
                               , "service(%s) ignoring max retries; %d > %d"
                               , service == NULL ? "**unknown**" : service
                               , failure->count
@@ -322,8 +348,7 @@
 
     if (!pdb_get_nt_passwd(sampass))
     {
-        _log_err( LOG_DEBUG, "user %s has null SMB password"
-                  , name );
+        _log_err(pamh, LOG_DEBUG, "user %s has null SMB password", name);
 
         if (off( SMB__NONULL, ctrl )
             && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
@@ -333,7 +358,7 @@
             const char *service;
 
             pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
-            _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
+            _log_err(pamh, LOG_NOTICE, "failed auth request by %s for service %s as %s",
                       uidtoname(getuid()), service ? service : "**unknown**", name);
             return PAM_AUTH_ERR;
         }
@@ -341,7 +366,7 @@
 
     data_name = SMB_MALLOC_ARRAY(char, sizeof(FAIL_PREFIX) + strlen( name ));
     if (data_name == NULL) {
-        _log_err( LOG_CRIT, "no memory for data-name" );
+        _log_err(pamh, LOG_CRIT, "no memory for data-name" );
         return PAM_AUTH_ERR;
     }
     strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) );
@@ -388,31 +413,31 @@
                         retval = PAM_MAXTRIES;
                     }
                 } else {
-                    _log_err(LOG_NOTICE,
+                    _log_err(pamh, LOG_NOTICE,
                       "failed auth request by %s for service %s as %s",
                       uidtoname(getuid()),
                       service ? service : "**unknown**", name);
                     newauth->count = 1;
                 }
 		if (!sid_to_uid(pdb_get_user_sid(sampass), &(newauth->id))) {
-                    _log_err(LOG_NOTICE,
+                    _log_err(pamh, LOG_NOTICE,
                       "failed auth request by %s for service %s as %s",
                       uidtoname(getuid()),
                       service ? service : "**unknown**", name);
 		}		
-                newauth->user = smbpXstrDup( name );
-                newauth->agent = smbpXstrDup( uidtoname( getuid() ) );
+                newauth->user = smbpXstrDup( pamh, name );
+                newauth->agent = smbpXstrDup( pamh, uidtoname( getuid() ) );
                 pam_set_data( pamh, data_name, newauth, _cleanup_failures );
 
             } else {
-                _log_err( LOG_CRIT, "no memory for failure recorder" );
-                _log_err(LOG_NOTICE,
+                _log_err(pamh, LOG_CRIT, "no memory for failure recorder" );
+                _log_err(pamh, LOG_NOTICE,
                       "failed auth request by %s for service %s as %s(%d)",
                       uidtoname(getuid()),
                       service ? service : "**unknown**", name);
             }
         }
-        _log_err(LOG_NOTICE,
+        _log_err(pamh, LOG_NOTICE,
                   "failed auth request by %s for service %s as %s(%d)",
                   uidtoname(getuid()),
                   service ? service : "**unknown**", name);
@@ -488,8 +513,8 @@
         retval = pam_get_item( pamh, authtok_flag, (const void **) &item );
         if (retval != PAM_SUCCESS) {
             /* very strange. */
-            _log_err( LOG_ALERT
-                      , "pam_get_item returned error to smb_read_password" );
+            _log_err(pamh, LOG_ALERT,
+                     "pam_get_item returned error to smb_read_password");
             return retval;
         } else if (item != NULL) {	/* we have a password! */
             *pass = item;
@@ -541,7 +566,7 @@
 
         if (retval == PAM_SUCCESS) {	/* a good conversation */
 
-            token = smbpXstrDup(resp[j++].resp);
+            token = smbpXstrDup(pamh, resp[j++].resp);
             if (token != NULL) {
                 if (expect == 2) {
                     /* verify that password entered correctly */
@@ -553,7 +578,8 @@
                     }
                 }
             } else {
-                _log_err(LOG_NOTICE, "could not recover authentication token");
+                _log_err(pamh, LOG_NOTICE,
+		         "could not recover authentication token");
             }
         }
 
@@ -566,7 +592,7 @@
 
     if (retval != PAM_SUCCESS) {
         if (on( SMB_DEBUG, ctrl ))
-            _log_err( LOG_DEBUG, "unable to obtain a password" );
+            _log_err(pamh, LOG_DEBUG, "unable to obtain a password");
         return retval;
     }
     /* 'token' is the entered password */
@@ -581,7 +607,7 @@
             || (retval = pam_get_item( pamh, authtok_flag
                             ,(const void **)&item )) != PAM_SUCCESS)
         {
-            _log_err( LOG_CRIT, "error manipulating password" );
+            _log_err(pamh, LOG_CRIT, "error manipulating password");
             return retval;
         }
     } else {
@@ -595,8 +621,8 @@
             || (retval = pam_get_data( pamh, data_name, (const void **)&item ))
                              != PAM_SUCCESS)
         {
-            _log_err( LOG_CRIT, "error manipulating password data [%s]"
-                      , pam_strerror( pamh, retval ));
+            _log_err(pamh, LOG_CRIT, "error manipulating password data [%s]",
+                     pam_strerror( pamh, retval ));
             _pam_delete( token );
             item = NULL;
             return retval;
@@ -620,8 +646,8 @@
     if (pass_new == NULL || (pass_old && !strcmp( pass_old, pass_new )))
     {
 	if (on(SMB_DEBUG, ctrl)) {
-	    _log_err( LOG_DEBUG,
-	              "passwd: bad authentication token (null or unchanged)" );
+	    _log_err(pamh, LOG_DEBUG,
+	             "passwd: bad authentication token (null or unchanged)");
 	}
 	make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
 				"No password supplied" : "Password unchanged" );

Modified: branches/samba/lenny/source/pam_smbpass/support.h
===================================================================
--- branches/samba/lenny/source/pam_smbpass/support.h	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/pam_smbpass/support.h	2010-02-13 22:40:02 UTC (rev 3293)
@@ -1,8 +1,8 @@
 /* syslogging function for errors and other information */
-extern void _log_err(int, const char *, ...);
+extern void _log_err(pam_handle_t *, int, const char *, ...);
 
 /* set the control flags for the UNIX module. */
-extern int set_ctrl(int, int, const char **);
+extern int set_ctrl(pam_handle_t *, int, int, const char **);
 
 /* generic function for freeing pam data segments */
 extern void _cleanup(pam_handle_t *, void *, int);
@@ -12,7 +12,7 @@
  * evidence of old token around for later stack analysis.
  */
 
-extern char *smbpXstrDup(const char *);
+extern char *smbpXstrDup(pam_handle_t *,const char *);
 
 /* ************************************************************** *
  * Useful non-trivial functions                                   *

Modified: branches/samba/lenny/source/param/loadparm.c
===================================================================
--- branches/samba/lenny/source/param/loadparm.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/param/loadparm.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -120,6 +120,9 @@
 	char *szAddPrinterCommand;
 	char *szDeletePrinterCommand;
 	char *szOs2DriverMap;
+#ifdef FHS_COMPATIBLE
+	char *szLockDirStub;
+#endif
 	char *szLockDir;
 	char *szPidDir;
 	char *szRootdir;
@@ -3676,10 +3679,30 @@
 		.enum_list	= NULL,
 		.flags		= FLAG_ADVANCED,
 	},
+#ifdef FHS_COMPATIBLE
 	{
 		.label		= "lock directory",
 		.type		= P_STRING,
 		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.szLockDirStub,
+		.special	= NULL,
+		.enum_list	= NULL,
+		.flags		= 0,
+	},
+	{
+		.label		= "lock dir",
+		.type		= P_STRING,
+		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.szLockDirStub,
+		.special	= NULL,
+		.enum_list	= NULL,
+		.flags		= 0,
+	},
+#else
+	{
+		.label		= "lock directory",
+		.type		= P_STRING,
+		.p_class	= P_GLOBAL,
 		.ptr		= &Globals.szLockDir,
 		.special	= NULL,
 		.enum_list	= NULL,
@@ -3694,6 +3717,7 @@
 		.enum_list	= NULL,
 		.flags		= FLAG_HIDE,
 	},
+#endif
 	{
 		.label		= "pid directory",
 		.type		= P_STRING,
@@ -4854,7 +4878,7 @@
 	string_set(&Globals.szUsersharePath, s);
 	SAFE_FREE(s);
 	string_set(&Globals.szUsershareTemplateShare, "");
-	Globals.iUsershareMaxShares = 0;
+	Globals.iUsershareMaxShares = 100;
 	/* By default disallow sharing of directories not owned by the sharer. */
 	Globals.bUsershareOwnerOnly = True;
 	/* By default disallow guest access to usershares. */
@@ -5828,6 +5852,11 @@
 {
 	int i;
 
+	if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
+			pszHomedir[0] == '\0') {
+		return false;
+	}
+
 	i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
 
 	if (i < 0)
@@ -7778,7 +7807,7 @@
 
 		home = get_user_home_dir(talloc_tos(), p);
 
-		if (home && homes >= 0)
+		if (home && home[0] && homes >= 0)
 			lp_add_home(p, homes, p, home);
 
 		TALLOC_FREE(home);

Modified: branches/samba/lenny/source/passdb/login_cache.c
===================================================================
--- branches/samba/lenny/source/passdb/login_cache.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/passdb/login_cache.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -35,7 +35,7 @@
 	/* skip file open if it's already opened */
 	if (cache) return True;
 
-	asprintf(&cache_fname, "%s/%s", lp_lockdir(), LOGIN_CACHE_FILE);
+	asprintf(&cache_fname, "%s/%s", get_dyn_CACHEDIR(), LOGIN_CACHE_FILE);
 	if (cache_fname)
 		DEBUG(5, ("Opening cache file at %s\n", cache_fname));
 	else {

Modified: branches/samba/lenny/source/passdb/pdb_interface.c
===================================================================
--- branches/samba/lenny/source/passdb/pdb_interface.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/passdb/pdb_interface.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -1150,7 +1150,9 @@
 
 static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, bool success)
 {
-	return NT_STATUS_NOT_IMPLEMENTED;
+	/* Only the pdb_nds backend implements this, by
+	 * default just return ok. */
+	return NT_STATUS_OK;
 }
 
 static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)

Modified: branches/samba/lenny/source/passdb/pdb_ldap.c
===================================================================
--- branches/samba/lenny/source/passdb/pdb_ldap.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/passdb/pdb_ldap.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -2010,7 +2010,7 @@
 					newname_lower,
 					true,
 					true);
-	if (rename_script) {
+	if (!rename_script) {
 		return NT_STATUS_NO_MEMORY;
 	}
 	rename_script = realloc_string_sub2(rename_script,

Modified: branches/samba/lenny/source/passdb/pdb_tdb.c
===================================================================
--- branches/samba/lenny/source/passdb/pdb_tdb.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/passdb/pdb_tdb.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -1612,7 +1612,7 @@
 	/* save the path for later */
 
 	if (!location) {
-		if (asprintf(&tdbfile, "%s/%s", lp_private_dir(),
+		if (asprintf(&tdbfile, "%s/%s", get_dyn_STATEDIR(),
 			     PASSDB_FILE_NAME) < 0) {
 			return NT_STATUS_NO_MEMORY;
 		}

Modified: branches/samba/lenny/source/passdb/secrets.c
===================================================================
--- branches/samba/lenny/source/passdb/secrets.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/passdb/secrets.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -59,7 +59,7 @@
 		return True;
 
 	fname = talloc_asprintf(talloc_tos(), "%s/secrets.tdb",
-				lp_private_dir());
+				get_dyn_STATEDIR());
 	if (fname == NULL) {
 		return false;
 	}
@@ -1112,7 +1112,7 @@
 	TDB_DATA vers;
 	uint32 ver;
 	TDB_CONTEXT *tdb_sc = NULL;
-	char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", lp_private_dir());
+	char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", get_dyn_STATEDIR());
 
 	if (!fname) {
 		return NULL;

Modified: branches/samba/lenny/source/po/de.msg
===================================================================
--- branches/samba/lenny/source/po/de.msg	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/po/de.msg	2010-02-13 22:40:02 UTC (rev 3293)
@@ -1,5 +1,6 @@
 # German messages for international release of SWAT.
 # Copyright (C) 2001 Andreas Moroder
+# Copyright (C) 2007 Helge Kreutzmann, <debian at helgefjell.de>
 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
@@ -16,577 +17,600 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: i18n_swat\n"
-"POT-Creation-Date: 2003-10-06 05:30+0900\n"
-"PO-Revision-Date: 2000-02-08 14:45+0100\n"
-"Last-Translator: Andreas Moroder\n"
-"Language-Team: (Samba Team) <samba-technical at samba.org>\n"
+"Project-Id-Version: swat\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2007-06-04 18:15+0200\n"
+"PO-Revision-Date: 2007-06-10 11:52+0200\n"
+"Last-Translator: Helge Kreutzmann <debian at helgefjell.de>\n"
+"Language-Team: German <debian-l10n-german at lists.debian.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: ../web/swat.c:117
+#: ../web/swat.c:139
 #, c-format
 msgid "ERROR: Can't open %s"
-msgstr "ERROR: Kann %s nicht öffnen"
+msgstr "FEHLER: Kann %s nicht öffnen"
 
-#: ../web/swat.c:200
+#: ../web/swat.c:223
 msgid "Help"
 msgstr "Hilfe"
 
-#: ../web/swat.c:206 ../web/swat.c:220 ../web/swat.c:235 ../web/swat.c:243 ../web/swat.c:252 ../web/swat.c:261 ../web/swat.c:267 ../web/swat.c:273 ../web/swat.c:286
+#: ../web/swat.c:229 ../web/swat.c:254 ../web/swat.c:275 ../web/swat.c:285
+#: ../web/swat.c:294 ../web/swat.c:303 ../web/swat.c:309 ../web/swat.c:315
+#: ../web/swat.c:328
 msgid "Set Default"
-msgstr "Standardwert"
+msgstr "Standardwert setzen"
 
-#: ../web/swat.c:408
+#: ../web/swat.c:450
 #, c-format
 msgid "failed to open %s for writing"
-msgstr "konnte %s nicht schreiben"
+msgstr "konnte %s nicht zum Schreiben öffnen"
 
-#: ../web/swat.c:431
+#: ../web/swat.c:473
 #, c-format
 msgid "Can't reload %s"
-msgstr ""
+msgstr "Kann %s nicht erneut laden"
 
-#: ../web/swat.c:501
+#: ../web/swat.c:543
 #, c-format
 msgid "Logged in as <b>%s</b>"
 msgstr "Verbunden als <b>%s</b>"
 
-#: ../web/swat.c:505
+#: ../web/swat.c:547
 msgid "Home"
 msgstr "Home"
 
-#: ../web/swat.c:507
+#: ../web/swat.c:549
 msgid "Globals"
 msgstr "Globals"
 
-#: ../web/swat.c:508
+#: ../web/swat.c:550
 msgid "Shares"
 msgstr "Freigaben"
 
-#: ../web/swat.c:509
+#: ../web/swat.c:551
 msgid "Printers"
 msgstr "Drucker"
 
-#: ../web/swat.c:510
+#: ../web/swat.c:552
 msgid "Wizard"
 msgstr "Assistent"
 
-#: ../web/swat.c:513
+#: ../web/swat.c:556
 msgid "Status"
 msgstr "Status"
 
-#: ../web/swat.c:514
+#: ../web/swat.c:557
 msgid "View Config"
 msgstr "Zeige Konfiguration"
 
-#: ../web/swat.c:516
+#: ../web/swat.c:559
 msgid "Password Management"
 msgstr "Passwortverwaltung"
 
-#: ../web/swat.c:526
+#: ../web/swat.c:569
 msgid "Current View Is"
-msgstr "Aktuelle Konfiguration"
+msgstr "Aktuelle Ansicht lautet"
 
-#: ../web/swat.c:527 ../web/swat.c:530
+#: ../web/swat.c:570 ../web/swat.c:573
 msgid "Basic"
 msgstr "Einfache Ansicht"
 
-#: ../web/swat.c:528 ../web/swat.c:531
+#: ../web/swat.c:571 ../web/swat.c:574
 msgid "Advanced"
 msgstr "Erweiterte Ansicht"
 
-#: ../web/swat.c:529
+#: ../web/swat.c:572
 msgid "Change View To"
-msgstr "Ansicht anpassen"
+msgstr "Ansicht ändern in"
 
-#: ../web/swat.c:554
+#: ../web/swat.c:601
 msgid "Current Config"
 msgstr "Aktuelle Konfiguration"
 
-#: ../web/swat.c:558
+#: ../web/swat.c:605
 msgid "Normal View"
 msgstr "Normale Ansicht"
 
-#: ../web/swat.c:560
+#: ../web/swat.c:607
 msgid "Full View"
 msgstr "Komplette Ansicht"
 
 #. Here we first set and commit all the parameters that were selected
 #. in the previous screen.
-#: ../web/swat.c:579
+#: ../web/swat.c:626
 msgid "Wizard Parameter Edit Page"
-msgstr ""
+msgstr "Bearbeitungsseite der Assistenten-Parameter"
 
-#: ../web/swat.c:608
+#: ../web/swat.c:655
 msgid "Note: smb.conf file has been read and rewritten"
 msgstr "Hinweis: smb.conf wurde gelesen und überschrieben"
 
 #. Here we go ...
-#: ../web/swat.c:716
+#: ../web/swat.c:763
 msgid "Samba Configuration Wizard"
-msgstr "Samba Konfigurations-Assistent"
+msgstr "Samba-Konfigurationsassistent"
 
-#: ../web/swat.c:720
-msgid "The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."
-msgstr "Der Button \"Passe smb.conf an\" wird alle Kommentare und Standardwerte aus der smb.conf löschen."
+#: ../web/swat.c:767
+msgid ""
+"The \"Rewrite smb.conf file\" button will clear the smb.conf file of all "
+"default values and of comments."
+msgstr ""
+"Der Knopf »Schreibe smb.conf neu« wird alle Kommentare und Standardwerte "
+"aus der smb.conf löschen."
 
-#: ../web/swat.c:721
+#: ../web/swat.c:768
 msgid "The same will happen if you press the commit button."
-msgstr "Das gleiche passiert bei \"übernehmen\"."
+msgstr "Das gleiche passiert beim Knopf »übernehmen«."
 
-#: ../web/swat.c:724
+#: ../web/swat.c:771
 msgid "Rewrite smb.conf file"
 msgstr "Schreibe smb.conf neu"
 
-#: ../web/swat.c:725
+#: ../web/swat.c:772
 msgid "Commit"
-msgstr "übernehmen"
+msgstr "Übernehmen"
 
-#: ../web/swat.c:726
+#: ../web/swat.c:773
 msgid "Edit Parameter Values"
-msgstr "Bearbeite Parameter"
+msgstr "Bearbeite Parameterwerte"
 
-#: ../web/swat.c:732
+#: ../web/swat.c:779
 msgid "Server Type"
 msgstr "Server-Typ"
 
-#: ../web/swat.c:733
+#: ../web/swat.c:780
 msgid "Stand Alone"
 msgstr "Einzelserver"
 
-#: ../web/swat.c:734
+#: ../web/swat.c:781
 msgid "Domain Member"
-msgstr "Domänen-Mitglied"
+msgstr "Domänenmitglied"
 
-#: ../web/swat.c:735
+#: ../web/swat.c:782
 msgid "Domain Controller"
-msgstr "Domänen-Controller"
+msgstr "Domänencontroller"
 
-#: ../web/swat.c:738
+#: ../web/swat.c:785
 msgid "Unusual Type in smb.conf - Please Select New Mode"
 msgstr ""
+"Ungewöhnlicher Typ in der smb.conf - Bitte wählen Sie einen neuen Modus"
 
-#: ../web/swat.c:740
+#: ../web/swat.c:787
 msgid "Configure WINS As"
-msgstr "Konfiguriere WINS"
+msgstr "Konfiguriere WINS als"
 
-#: ../web/swat.c:741
+#: ../web/swat.c:788
 msgid "Not Used"
-msgstr "nicht benutzt"
+msgstr "Nicht benutzt"
 
-#: ../web/swat.c:742
+#: ../web/swat.c:789
 msgid "Server for client use"
-msgstr "WINS-Server"
+msgstr "Server für Client-Verwendung"
 
-#: ../web/swat.c:743
+#: ../web/swat.c:790
 msgid "Client of another WINS server"
-msgstr "WINS-Client an anderem Server"
+msgstr "Client eines anderen WINS-Servers"
 
-#: ../web/swat.c:745
+#: ../web/swat.c:792
 msgid "Remote WINS Server"
-msgstr "Zuständiger WINS-Server:"
+msgstr "Entfernter WINS-Server:"
 
-#: ../web/swat.c:756
+#: ../web/swat.c:803
 msgid "Error: WINS Server Mode and WINS Support both set in smb.conf"
-msgstr "Fehler: WINS-Server und WINS-Client zugleich in smb.conf gesetzt"
+msgstr ""
+"Fehler: Sowohl WINS-Server-Modus als auch WINS-Unterstützung in smb.conf "
+"aktiviert"
 
-#: ../web/swat.c:757
+#: ../web/swat.c:804
 msgid "Please Select desired WINS mode above."
-msgstr "Bitte wählen Sie den WINS-Modus."
+msgstr "Bitte wählen Sie den gewünschten WINS-Modus oben aus."
 
-#: ../web/swat.c:759
+#: ../web/swat.c:806
 msgid "Expose Home Directories"
 msgstr "Home-Verzeichnisse freigeben"
 
-#: ../web/swat.c:774
-msgid "The above configuration options will set multiple parameters and will generally assist with rapid Samba deployment."
-msgstr "Diese Konfigurationsoptionen bearbeiten mehrere Parameter und dienen als Hilfe zur schnellen Samba-Einrichtung."
+#: ../web/swat.c:821
+msgid ""
+"The above configuration options will set multiple parameters and will "
+"generally assist with rapid Samba deployment."
+msgstr ""
+"Die obigen Konfigurationsoptionen bearbeiten mehrere Parameter und dienen als "
+"Hilfe zur schnellen Samba-Einrichtung."
 
-#: ../web/swat.c:787
+#: ../web/swat.c:834
 msgid "Global Parameters"
 msgstr "Globale Parameter"
 
-#: ../web/swat.c:815 ../web/swat.c:916 ../web/swat.c:1265
+#: ../web/swat.c:862 ../web/swat.c:966 ../web/swat.c:1318
 msgid "Commit Changes"
 msgstr "Änderungen speichern"
 
-#: ../web/swat.c:819 ../web/swat.c:919 ../web/swat.c:1267
+#: ../web/swat.c:866 ../web/swat.c:969 ../web/swat.c:1320
 msgid "Reset Values"
 msgstr "Werte zurücksetzen"
 
-#: ../web/swat.c:844
+#: ../web/swat.c:891
 msgid "Share Parameters"
 msgstr "Parameter der Freigabe"
 
-#: ../web/swat.c:887
+#: ../web/swat.c:934
 msgid "Choose Share"
 msgstr "Wähle Freigabe"
 
-#: ../web/swat.c:901
+#: ../web/swat.c:951
 msgid "Delete Share"
 msgstr "Lösche Freigabe"
 
-#: ../web/swat.c:908
+#: ../web/swat.c:958
 msgid "Create Share"
 msgstr "Erstelle Freigabe"
 
-#: ../web/swat.c:944
+#: ../web/swat.c:994
 msgid "password change in demo mode rejected"
-msgstr "Änderung des Passworts im Demo modus nicht aktiv"
+msgstr "Änderung des Passworts im Demo-Modus nicht möglich"
 
-#: ../web/swat.c:957
+#: ../web/swat.c:1007
 msgid "Can't setup password database vectors."
-msgstr ""
+msgstr "Kann Passwort-Datenbankvektoren nicht einrichten"
 
-#: ../web/swat.c:983
+#: ../web/swat.c:1033
 msgid " Must specify \"User Name\" "
-msgstr " \"Benutzername\" muss angegeben werden "
+msgstr " »Benutzername« muss angegeben werden "
 
-#: ../web/swat.c:999
+#: ../web/swat.c:1049
 msgid " Must specify \"Old Password\" "
-msgstr " \"Altes Passwort\" muss angegeben werden "
+msgstr " »Altes Passwort« muss angegeben werden "
 
-#: ../web/swat.c:1005
+#: ../web/swat.c:1055
 msgid " Must specify \"Remote Machine\" "
-msgstr " \"Remote-Server\" muss angegeben werden "
+msgstr " »Entfernter Server« muss angegeben werden "
 
-#: ../web/swat.c:1012
+#: ../web/swat.c:1062
 msgid " Must specify \"New, and Re-typed Passwords\" "
-msgstr " \"Neues/wiederholtes Passwort\" müssen angegeben werden "
+msgstr " »Neues/wiederholtes Passwort« muss angegeben werden "
 
-#: ../web/swat.c:1018
+#: ../web/swat.c:1068
 msgid " Re-typed password didn't match new password "
 msgstr " Das wiederholte Passwort stimmt nicht mit dem neuen Passwort überein"
 
-#: ../web/swat.c:1048
+#: ../web/swat.c:1101
 #, c-format
 msgid " The passwd for '%s' has been changed."
 msgstr " Das Passwort für '%s' wurde geändert."
 
-#: ../web/swat.c:1051
+#: ../web/swat.c:1104
 #, c-format
 msgid " The passwd for '%s' has NOT been changed."
 msgstr " Das Passwort für '%s' wurde NICHT geändert."
 
-#: ../web/swat.c:1076
+#: ../web/swat.c:1129
 msgid "Server Password Management"
-msgstr "Verwaltung des Server Passwortes"
+msgstr "Verwaltung des Server-Passwortes"
 
 #.
 #. * Create all the dialog boxes for data collection
 #.
-#: ../web/swat.c:1085 ../web/swat.c:1132
+#: ../web/swat.c:1138 ../web/swat.c:1185
 msgid "User Name"
 msgstr "Benutzername"
 
-#: ../web/swat.c:1088 ../web/swat.c:1134
+#: ../web/swat.c:1141 ../web/swat.c:1187
 msgid "Old Password"
 msgstr "Altes Passwort"
 
-#: ../web/swat.c:1091 ../web/swat.c:1136
+#: ../web/swat.c:1144 ../web/swat.c:1189
 msgid "New Password"
 msgstr "Neues Passwort"
 
-#: ../web/swat.c:1093 ../web/swat.c:1138
+#: ../web/swat.c:1146 ../web/swat.c:1191
 msgid "Re-type New Password"
 msgstr "Wiederhole neues Passwort"
 
-#: ../web/swat.c:1101 ../web/swat.c:1149
+#: ../web/swat.c:1154 ../web/swat.c:1202
 msgid "Change Password"
 msgstr "Ändere Passwort"
 
-#: ../web/swat.c:1104
+#: ../web/swat.c:1157
 msgid "Add New User"
-msgstr "Füge Benutzer hinzu"
+msgstr "Füge neuen Benutzer hinzu"
 
-#: ../web/swat.c:1106
+#: ../web/swat.c:1159
 msgid "Delete User"
 msgstr "Lösche Benutzer"
 
-#: ../web/swat.c:1108
+#: ../web/swat.c:1161
 msgid "Disable User"
 msgstr "Deaktiviere Benutzer"
 
-#: ../web/swat.c:1110
+#: ../web/swat.c:1163
 msgid "Enable User"
 msgstr "Aktiviere Benutzer"
 
-#: ../web/swat.c:1123
+#: ../web/swat.c:1176
 msgid "Client/Server Password Management"
-msgstr "Client/Server Passwort Verwaltung"
+msgstr "Client/Server Passwort-Verwaltung"
 
-#: ../web/swat.c:1140
+#: ../web/swat.c:1193
 msgid "Remote Machine"
-msgstr "Remote-Server"
+msgstr "Entfernte Maschine"
 
-#: ../web/swat.c:1179
+#: ../web/swat.c:1232
 msgid "Printer Parameters"
-msgstr "Drucker Parameter"
+msgstr "Drucker-Parameter"
 
-#: ../web/swat.c:1181
+#: ../web/swat.c:1234
 msgid "Important Note:"
 msgstr "Wichtiger Hinweis:"
 
-#: ../web/swat.c:1182
+#: ../web/swat.c:1235
+#, c-format
 msgid "Printer names marked with [*] in the Choose Printer drop-down box "
-msgstr "Mit [*] gekennzeichnete Drucker in der Druckerauswahlliste"
+msgstr "Mit [*] gekennzeichnete Drucker in der »Wähle Drucker«-Auswahlliste "
 
-#: ../web/swat.c:1183
+#: ../web/swat.c:1236
+#, c-format
 msgid "are autoloaded printers from "
-msgstr "wurden automatisch geladen von :"
+msgstr "sind automatisch geladene Drucker aus "
 
-#: ../web/swat.c:1184
+#: ../web/swat.c:1237
 msgid "Printcap Name"
-msgstr "Printcap Name"
+msgstr "Printcap-Name"
 
-#: ../web/swat.c:1185
+#: ../web/swat.c:1238
 msgid "Attempting to delete these printers from SWAT will have no effect."
-msgstr "Der Versuch diese Drucker von SWAT aus zu löschen wird keine Auswirkung haben."
+msgstr ""
+"Der Versuch, diese Drucker von SWAT aus zu löschen, wird keine Auswirkung "
+"haben."
 
-#: ../web/swat.c:1231
+#: ../web/swat.c:1284
 msgid "Choose Printer"
 msgstr "Wähle Drucker"
 
-#: ../web/swat.c:1250
+#: ../web/swat.c:1303
 msgid "Delete Printer"
 msgstr "Lösche Drucker"
 
-#: ../web/swat.c:1257
+#: ../web/swat.c:1310
 msgid "Create Printer"
-msgstr "Ersteller Drucker"
+msgstr "Erstelle Drucker"
 
-#: ../web/statuspage.c:123
-msgid "RDONLY     "
-msgstr ""
+#: ../web/statuspage.c:139
+msgid "RDWR       "
+msgstr "LESE/SCHREIBE "
 
-#: ../web/statuspage.c:124
+#: ../web/statuspage.c:141
 msgid "WRONLY     "
-msgstr ""
+msgstr "NUR SCHREIBE  "
 
-#: ../web/statuspage.c:125
-msgid "RDWR       "
-msgstr ""
+#: ../web/statuspage.c:143
+msgid "RDONLY     "
+msgstr "NUR LESE      "
 
-#: ../web/statuspage.c:309
+#: ../web/statuspage.c:330
 msgid "Server Status"
 msgstr "Server-Status"
 
-#: ../web/statuspage.c:314
+#: ../web/statuspage.c:335
 msgid "Auto Refresh"
 msgstr "Automatische Aktualisierung"
 
-#: ../web/statuspage.c:315 ../web/statuspage.c:320
+#: ../web/statuspage.c:336 ../web/statuspage.c:341
 msgid "Refresh Interval: "
 msgstr "Aktualisierungsintervall: "
 
-#: ../web/statuspage.c:319
+#: ../web/statuspage.c:340
 msgid "Stop Refreshing"
 msgstr "Stoppe Aktualisierung"
 
-#: ../web/statuspage.c:334
+#: ../web/statuspage.c:355
 msgid "version:"
 msgstr "Version:"
 
-#: ../web/statuspage.c:337
+#: ../web/statuspage.c:358
 msgid "smbd:"
-msgstr ""
+msgstr "smbd:"
 
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: ../web/statuspage.c:358 ../web/statuspage.c:371 ../web/statuspage.c:385
 msgid "running"
 msgstr "aktiv"
 
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: ../web/statuspage.c:358 ../web/statuspage.c:371 ../web/statuspage.c:385
 msgid "not running"
 msgstr "inaktiv"
 
-#: ../web/statuspage.c:341
+#: ../web/statuspage.c:362
 msgid "Stop smbd"
 msgstr "Stoppe smbd"
 
-#: ../web/statuspage.c:343
+#: ../web/statuspage.c:364
 msgid "Start smbd"
 msgstr "Starte smbd"
 
-#: ../web/statuspage.c:345
+#: ../web/statuspage.c:366
 msgid "Restart smbd"
-msgstr "Neustart smbd"
+msgstr "Starte smbd neu"
 
-#: ../web/statuspage.c:350
+#: ../web/statuspage.c:371
 msgid "nmbd:"
-msgstr ""
+msgstr "nmbd:"
 
-#: ../web/statuspage.c:354
+#: ../web/statuspage.c:375
 msgid "Stop nmbd"
 msgstr "Stoppe nmbd"
 
-#: ../web/statuspage.c:356
+#: ../web/statuspage.c:377
 msgid "Start nmbd"
 msgstr "Starte nmbd"
 
-#: ../web/statuspage.c:358
+#: ../web/statuspage.c:379
 msgid "Restart nmbd"
-msgstr "Neustart nmbd"
+msgstr "Starte nmbd neu"
 
-#: ../web/statuspage.c:364
+#: ../web/statuspage.c:385
 msgid "winbindd:"
-msgstr ""
+msgstr "winbindd:"
 
-#: ../web/statuspage.c:368
+#: ../web/statuspage.c:389
 msgid "Stop winbindd"
 msgstr "Stoppe winbindd"
 
-#: ../web/statuspage.c:370
+#: ../web/statuspage.c:391
 msgid "Start winbindd"
 msgstr "Starte winbindd"
 
-#: ../web/statuspage.c:372
+#: ../web/statuspage.c:393
 msgid "Restart winbindd"
-msgstr "Neustart winbindd"
+msgstr "Starte winbindd neu"
 
 #. stop, restart all
-#: ../web/statuspage.c:381
+#: ../web/statuspage.c:402
 msgid "Stop All"
 msgstr "Alle Stoppen"
 
-#: ../web/statuspage.c:382
+#: ../web/statuspage.c:403
 msgid "Restart All"
 msgstr "Alle neu starten"
 
 #. start all
-#: ../web/statuspage.c:386
+#: ../web/statuspage.c:407
 msgid "Start All"
-msgstr "Alle Starten"
+msgstr "Alle starten"
 
-#: ../web/statuspage.c:393
+#: ../web/statuspage.c:414
 msgid "Active Connections"
 msgstr "Aktive Verbindungen"
 
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: ../web/statuspage.c:416 ../web/statuspage.c:429 ../web/statuspage.c:437
 msgid "PID"
-msgstr ""
+msgstr "PID"
 
-#: ../web/statuspage.c:395 ../web/statuspage.c:408
+#: ../web/statuspage.c:416 ../web/statuspage.c:429
 msgid "Client"
-msgstr ""
+msgstr "Client"
 
-#: ../web/statuspage.c:395
+#: ../web/statuspage.c:416
 msgid "IP address"
 msgstr "IP-Adresse"
 
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: ../web/statuspage.c:416 ../web/statuspage.c:429 ../web/statuspage.c:437
 msgid "Date"
 msgstr "Datum"
 
-#: ../web/statuspage.c:397
+#: ../web/statuspage.c:418
 msgid "Kill"
-msgstr "Killen"
+msgstr "Töten"
 
-#: ../web/statuspage.c:405
+#: ../web/statuspage.c:426
 msgid "Active Shares"
 msgstr "Aktive Freigaben"
 
-#: ../web/statuspage.c:408
+#: ../web/statuspage.c:429
 msgid "Share"
 msgstr "Freigabe"
 
-#: ../web/statuspage.c:408
+#: ../web/statuspage.c:429
 msgid "User"
 msgstr "Benutzer"
 
-#: ../web/statuspage.c:408
+#: ../web/statuspage.c:429
 msgid "Group"
 msgstr "Gruppe"
 
-#: ../web/statuspage.c:414
+#: ../web/statuspage.c:435
 msgid "Open Files"
 msgstr "Offene Dateien"
 
-#: ../web/statuspage.c:416
+#: ../web/statuspage.c:437
 msgid "Sharing"
-msgstr ""
+msgstr "Freigeben"
 
-#: ../web/statuspage.c:416
+#: ../web/statuspage.c:437
 msgid "R/W"
-msgstr ""
+msgstr "Lese/Schreibe"
 
-#: ../web/statuspage.c:416
+#: ../web/statuspage.c:437
 msgid "Oplock"
-msgstr ""
+msgstr "Opportunistische Sperre (Lock)"
 
-#: ../web/statuspage.c:416
+#: ../web/statuspage.c:437
 msgid "File"
 msgstr "Datei"
 
-#: ../web/statuspage.c:425
+#: ../web/statuspage.c:446
 msgid "Show Client in col 1"
-msgstr ""
+msgstr "Zeige Client in Spalte 1"
 
-#: ../web/statuspage.c:426
+#: ../web/statuspage.c:447
 msgid "Show PID in col 1"
-msgstr ""
+msgstr "Zeige PID in Spalte 1"
 
-#: ../param/loadparm.c:755
+#: ../param/loadparm.c:836
 msgid "Base Options"
 msgstr "Basisoptionen"
 
-#: ../param/loadparm.c:775
+#: ../param/loadparm.c:855
 msgid "Security Options"
 msgstr "Sicherheitsoptionen"
 
-#: ../param/loadparm.c:859
+#: ../param/loadparm.c:945
 msgid "Logging Options"
-msgstr "Log Optionen"
+msgstr "Protokollier-Optionen"
 
-#: ../param/loadparm.c:874
+#: ../param/loadparm.c:962
 msgid "Protocol Options"
-msgstr "Protokoll Optionen"
+msgstr "Protokoll-Optionen"
 
-#: ../param/loadparm.c:911
+#: ../param/loadparm.c:1008
 msgid "Tuning Options"
 msgstr "Optimierungsoptionen"
 
-#: ../param/loadparm.c:940
+#: ../param/loadparm.c:1037
 msgid "Printing Options"
 msgstr "Druckoptionen"
 
-#: ../param/loadparm.c:970
+#: ../param/loadparm.c:1075
 msgid "Filename Handling"
-msgstr "Verwaltung Dateinamen"
+msgstr "Dateinamen-Verwaltung"
 
-#: ../param/loadparm.c:996
+#: ../param/loadparm.c:1105
 msgid "Domain Options"
-msgstr "Domänen Optionen"
+msgstr "Domänen-Optionen"
 
-#: ../param/loadparm.c:1000
+#: ../param/loadparm.c:1109
 msgid "Logon Options"
-msgstr "Login optionen"
+msgstr "Anmelde-Optionen"
 
-#: ../param/loadparm.c:1019
+#: ../param/loadparm.c:1130
 msgid "Browse Options"
-msgstr "Browsing Optionen"
+msgstr "Browsing-Optionen"
 
-#: ../param/loadparm.c:1033
+#: ../param/loadparm.c:1144
 msgid "WINS Options"
-msgstr "WINS Optionen"
+msgstr "WINS-Optionen"
 
-#: ../param/loadparm.c:1043
+#: ../param/loadparm.c:1153
 msgid "Locking Options"
-msgstr "Locking Optionen"
+msgstr "Locking-(Sperr-)Optionen"
 
-#: ../param/loadparm.c:1061
+#: ../param/loadparm.c:1170
 msgid "Ldap Options"
-msgstr "LDAP Optionen"
+msgstr "LDAP-Optionen"
 
-#: ../param/loadparm.c:1078
+#: ../param/loadparm.c:1186
 msgid "Miscellaneous Options"
-msgstr "Verschiedene Optionen"
+msgstr "Sonstige Optionen"
 
-#: ../param/loadparm.c:1138
+#: ../param/loadparm.c:1191
+#| msgid "Logon Options"
+msgid "EventLog Options"
+msgstr "EventLog-Optionen"
+
+#: ../param/loadparm.c:1258
 msgid "VFS module options"
-msgstr "VFS Optionen"
+msgstr "VFS-Modul-Optionen"
 
-#: ../param/loadparm.c:1148
+#: ../param/loadparm.c:1268
 msgid "Winbind options"
-msgstr "Winbind Optionen"
+msgstr "Winbind-Optionen"

Modified: branches/samba/lenny/source/printing/nt_printing.c
===================================================================
--- branches/samba/lenny/source/printing/nt_printing.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/printing/nt_printing.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -2552,7 +2552,7 @@
 
 	if (geteuid() == 0) {
 		if (asprintf(&printdb_path, "%s%s.tdb",
-				lock_path("printing/"),
+				cache_path("printing/"),
 				sharename) < 0) {
 			return (uint32)-1;
 		}

Modified: branches/samba/lenny/source/printing/printing.c
===================================================================
--- branches/samba/lenny/source/printing/printing.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/printing/printing.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -183,8 +183,8 @@
 	int services = lp_numservices();
 	int snum;
 
-	unlink(lock_path("printing.tdb"));
-	mkdir(lock_path("printing"),0755);
+	unlink(cache_path("printing.tdb"));
+	mkdir(cache_path("printing"),0755);
 
 	/* handle a Samba upgrade */
 

Modified: branches/samba/lenny/source/printing/printing_db.c
===================================================================
--- branches/samba/lenny/source/printing/printing_db.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/printing/printing_db.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -91,7 +91,7 @@
 	}
 
 	if (asprintf(&printdb_path, "%s%s.tdb",
-				lock_path("printing/"),
+				cache_path("printing/"),
 				printername) < 0) {
 		DLIST_REMOVE(print_db_head, p);
 		SAFE_FREE(p);

Modified: branches/samba/lenny/source/script/installswat.sh
===================================================================
--- branches/samba/lenny/source/script/installswat.sh	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/script/installswat.sh	2010-02-13 22:40:02 UTC (rev 3293)
@@ -198,7 +198,11 @@
 
 # Install/ remove Using Samba book (but only if it is there)
 
-if [ "x$BOOKDIR" != "x" -a -f $SRCDIR../docs/htmldocs/using_samba/toc.html ]; then
+# Under Debian we don't actually install the book. The book is part of
+# the samba-doc package, so we just provide a symlink that points to
+# where the book is actually installed. The symlink is created in
+# debian/rules.
+if /bin/false; then
 
     # Create directories
 

Modified: branches/samba/lenny/source/script/smbtar
===================================================================
--- branches/samba/lenny/source/script/smbtar	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/script/smbtar	2010-02-13 22:40:02 UTC (rev 3293)
@@ -151,7 +151,7 @@
 if [ -z "$verbose" ]; then
       echo "server    is $server"
 #     echo "share     is $service"
-      echo "share     is $service\\$cdcmd"
+      printf "share     is %s\\%s\n" "$service" "$cdcmd"
       echo "tar args  is $tarargs"
 #     echo "password  is $password"  # passwords should never be sent to screen
       echo "tape      is $tapefile"

Modified: branches/samba/lenny/source/smbd/lanman.c
===================================================================
--- branches/samba/lenny/source/smbd/lanman.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/smbd/lanman.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -1157,9 +1157,9 @@
 	bool local_list_only;
 	int i;
 
-	lines = file_lines_load(lock_path(SERVER_LIST), NULL, 0);
+	lines = file_lines_load(cache_path(SERVER_LIST), NULL, 0);
 	if (!lines) {
-		DEBUG(4,("Can't open %s - %s\n",lock_path(SERVER_LIST),strerror(errno)));
+		DEBUG(4,("Can't open %s - %s\n",cache_path(SERVER_LIST),strerror(errno)));
 		return 0;
 	}
 

Modified: branches/samba/lenny/source/smbd/mangle_hash.c
===================================================================
--- branches/samba/lenny/source/smbd/mangle_hash.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/smbd/mangle_hash.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -433,6 +433,13 @@
 		if( !s1[i] && !s2[i] ) {
 			/* Truncate at the '.' */
 			*s1 = '\0';
+			/*
+			 * DANGER WILL ROBINSON - this
+			 * is changing a const string via
+			 * an aliased pointer ! Remember to
+			 * put it back once we've used it.
+			 * JRA
+			 */
 			*s2 = '\0';
 		}
 	}
@@ -444,6 +451,8 @@
 	} else {
 		DEBUG(5,("cache_mangled_name: Stored entry %s -> %s\n", mangled_name_key, raw_name));
 	}
+	/* Restore the change we made to the const string. */
+	*s2 = '.';
 }
 
 /* ************************************************************************** **
@@ -612,7 +621,10 @@
 	}
 	status = is_valid_name(name_ucs2, False, False);
 	SAFE_FREE(name_ucs2);
-	return NT_STATUS_IS_OK(status);
+	/* We return true if we *must* mangle, so if it's
+	 * a valid name (status == OK) then we must return
+	 * false. Bug #6939. */
+	return !NT_STATUS_IS_OK(status);
 }
 
 /*****************************************************************************

Modified: branches/samba/lenny/source/smbd/open.c
===================================================================
--- branches/samba/lenny/source/smbd/open.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/smbd/open.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -2126,6 +2126,14 @@
 		return NT_STATUS_NOT_A_DIRECTORY;
 	}
 
+	/* We need to support SeSecurityPrivilege for this. */
+	if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+		DEBUG(10, ("open_directory: open on %s "
+			"failed - SEC_RIGHT_SYSTEM_SECURITY denied.\n",
+			fname));
+		return NT_STATUS_PRIVILEGE_NOT_HELD;
+	}
+
 	switch( create_disposition ) {
 		case FILE_OPEN:
 
@@ -2677,6 +2685,20 @@
 		status = NT_STATUS_PRIVILEGE_NOT_HELD;
 		goto fail;
 	}
+#else
+	/* We need to support SeSecurityPrivilege for this. */
+	if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+		status = NT_STATUS_PRIVILEGE_NOT_HELD;
+		goto fail;
+	}
+	/* Don't allow a SACL set from an NTtrans create until we
+	 * support SeSecurityPrivilege. */
+	if (!VALID_STAT(sbuf) &&
+			lp_nt_acl_support(SNUM(conn)) &&
+			sd && (sd->sacl != NULL)) {
+		status = NT_STATUS_PRIVILEGE_NOT_HELD;
+		goto fail;
+	}
 #endif
 
 	if ((conn->fs_capabilities & FILE_NAMED_STREAMS)

Modified: branches/samba/lenny/source/smbd/posix_acls.c
===================================================================
--- branches/samba/lenny/source/smbd/posix_acls.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/smbd/posix_acls.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -2368,24 +2368,22 @@
 ****************************************************************************/
 
 static bool acl_group_override(connection_struct *conn,
-				gid_t prim_gid,
+				SMB_STRUCT_STAT *psbuf,
 				const char *fname)
 {
-	SMB_STRUCT_STAT sbuf;
-
 	if ((errno != EPERM) && (errno != EACCES)) {
 		return false;
 	}
 
 	/* file primary group == user primary or supplementary group */
 	if (lp_acl_group_control(SNUM(conn)) &&
-			current_user_in_group(prim_gid)) {
+			current_user_in_group(psbuf->st_gid)) {
 		return true;
 	}
 
 	/* user has writeable permission */
 	if (lp_dos_filemode(SNUM(conn)) &&
-			can_write_to_file(conn, fname, &sbuf)) {
+			can_write_to_file(conn, fname, psbuf)) {
 		return true;
 	}
 
@@ -2396,7 +2394,7 @@
  Attempt to apply an ACL to a file or directory.
 ****************************************************************************/
 
-static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool default_ace, gid_t prim_gid, bool *pacl_set_support)
+static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool default_ace, SMB_STRUCT_STAT *psbuf, bool *pacl_set_support)
 {
 	connection_struct *conn = fsp->conn;
 	bool ret = False;
@@ -2575,7 +2573,7 @@
 				*pacl_set_support = False;
 			}
 
-			if (acl_group_override(conn, prim_gid, fsp->fsp_name)) {
+			if (acl_group_override(conn, psbuf, fsp->fsp_name)) {
 				int sret;
 
 				DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
@@ -2606,7 +2604,7 @@
 				*pacl_set_support = False;
 			}
 
-			if (acl_group_override(conn, prim_gid, fsp->fsp_name)) {
+			if (acl_group_override(conn, psbuf, fsp->fsp_name)) {
 				int sret;
 
 				DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
@@ -3565,7 +3563,7 @@
 			 */
 
 			if (acl_perms && file_ace_list) {
-				ret = set_canon_ace_list(fsp, file_ace_list, False, sbuf.st_gid, &acl_set_support);
+				ret = set_canon_ace_list(fsp, file_ace_list, False, &sbuf, &acl_set_support);
 				if (acl_set_support && ret == False) {
 					DEBUG(3,("set_nt_acl: failed to set file acl on file %s (%s).\n", fsp->fsp_name, strerror(errno) ));
 					free_canon_ace_list(file_ace_list);
@@ -3576,7 +3574,7 @@
 
 			if (acl_perms && acl_set_support && fsp->is_directory) {
 				if (dir_ace_list) {
-					if (!set_canon_ace_list(fsp, dir_ace_list, True, sbuf.st_gid, &acl_set_support)) {
+					if (!set_canon_ace_list(fsp, dir_ace_list, True, &sbuf, &acl_set_support)) {
 						DEBUG(3,("set_nt_acl: failed to set default acl on directory %s (%s).\n", fsp->fsp_name, strerror(errno) ));
 						free_canon_ace_list(file_ace_list);
 						free_canon_ace_list(dir_ace_list); 
@@ -3591,7 +3589,7 @@
 					if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name) == -1) {
 						int sret = -1;
 
-						if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) {
+						if (acl_group_override(conn, &sbuf, fsp->fsp_name)) {
 							DEBUG(5,("set_nt_acl: acl group control on and "
 								"current user in file %s primary group. Override delete_def_acl\n",
 								fsp->fsp_name ));
@@ -3638,7 +3636,7 @@
 
 					if(SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms) == -1) {
 						int sret = -1;
-						if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) {
+						if (acl_group_override(conn, &sbuf, fsp->fsp_name)) {
 							DEBUG(5,("set_nt_acl: acl group control on and "
 								"current user in file %s primary group. Override chmod\n",
 								fsp->fsp_name ));

Modified: branches/samba/lenny/source/smbd/process.c
===================================================================
--- branches/samba/lenny/source/smbd/process.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/smbd/process.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -434,6 +434,7 @@
 	msg->request_time = request_time;
 	msg->end_time = end_time;
 	msg->encrypted = req->encrypted;
+	msg->processed = false;
 
 	if (private_data) {
 		msg->private_data = data_blob_talloc(msg, private_data,
@@ -489,6 +490,14 @@
 		DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++,
 			(unsigned int)msg_mid ));
 		if (mid == msg_mid) {
+			if (pml->processed) {
+				/* A processed message should not be
+				 * rescheduled. */
+				DEBUG(0,("schedule_deferred_open_smb_message: LOGIC ERROR "
+							"message mid %u was already processed\n",
+							(unsigned int)msg_mid ));
+				continue;
+			}
 			DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
 				mid ));
 			pml->end_time.tv_sec = 0;
@@ -503,7 +512,7 @@
 }
 
 /****************************************************************************
- Return true if this mid is on the deferred queue.
+ Return true if this mid is on the deferred queue and was not yet processed.
 ****************************************************************************/
 
 bool open_was_deferred(uint16 mid)
@@ -511,7 +520,7 @@
 	struct pending_message_list *pml;
 
 	for (pml = deferred_open_queue; pml; pml = pml->next) {
-		if (SVAL(pml->buf.data,smb_mid) == mid) {
+		if (SVAL(pml->buf.data,smb_mid) == mid && !pml->processed) {
 			return True;
 		}
 	}
@@ -778,6 +787,10 @@
 			/* We leave this message on the queue so the open code can
 			   know this is a retry. */
 			DEBUG(5,("receive_message_or_smb: returning deferred open smb message.\n"));
+
+			/* Mark the message as processed so this is not
+			 * re-processed in error. */
+			msg->processed = true;
 			return NT_STATUS_OK;
 		}
 	}
@@ -1469,6 +1482,7 @@
 
 static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
 {
+	struct pending_message_list *pml = NULL;
 	uint8 type = CVAL(inbuf,smb_com);
 	connection_struct *conn;
 	struct smb_request *req;
@@ -1484,6 +1498,13 @@
 
 	conn = switch_message(type, req, size);
 
+	/* If this was a deferred message and it's still there and
+	 * was processed, remove it. */
+	pml = get_open_deferred_message(req->mid);
+	if (pml && pml->processed) {
+		remove_deferred_open_smb_message(req->mid);
+	}
+
 	if (req->unread_bytes) {
 		/* writeX failed. drain socket. */
 		if (drain_socket(smbd_server_fd(), req->unread_bytes) !=

Modified: branches/samba/lenny/source/smbd/server.c
===================================================================
--- branches/samba/lenny/source/smbd/server.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/smbd/server.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -797,6 +797,10 @@
 	int pnum = lp_servicenumber(PRINTERS_NAME);
 	const char *pname;
 
+	if (!lp_load_printers()
+	    && (lp_auto_services() == NULL || !strcmp(lp_auto_services(),"")))
+		return;
+
 	pcap_cache_reload();
 
 	/* remove stale printers */

Modified: branches/samba/lenny/source/smbd/service.c
===================================================================
--- branches/samba/lenny/source/smbd/service.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/smbd/service.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -55,6 +55,10 @@
 	const char *s = connectpath;
         bool start_of_name_component = true;
 
+	if (connectpath == NULL || connectpath[0] == '\0') {
+		return false;
+	}
+
 	destname = SMB_STRDUP(connectpath);
 	if (!destname) {
 		return false;
@@ -235,6 +239,10 @@
 		return -1;
 	}
 
+	if ((servicename == NULL) || (*servicename == '\0')) {
+		return -1;
+	}
+
 	if (strequal(servicename, GLOBAL_NAME)) {
 		return -2;
 	}
@@ -323,7 +331,7 @@
 {
 	int iHomeService;
 
-	if (!service || !homedir)
+	if (!service || !homedir || homedir[0] == '\0')
 		return -1;
 
 	if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) {

Modified: branches/samba/lenny/source/utils/smbcontrol.c
===================================================================
--- branches/samba/lenny/source/utils/smbcontrol.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/utils/smbcontrol.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -875,10 +875,10 @@
 	/* Remove the entry in the winbindd_cache tdb to tell a later
 	   starting winbindd that we're online. */
 
-	tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 0, TDB_DEFAULT, O_RDWR, 0600);
+	tdb = tdb_open_log(cache_path("winbindd_cache.tdb"), 0, TDB_DEFAULT, O_RDWR, 0600);
 	if (!tdb) {
 		fprintf(stderr, "Cannot open the tdb %s for writing.\n",
-			lock_path("winbindd_cache.tdb"));
+			cache_path("winbindd_cache.tdb"));
 		return False;
 	}
 
@@ -912,13 +912,13 @@
 	   starting winbindd that we're offline. We may actually create
 	   it here... */
 
-	tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
+	tdb = tdb_open_log(cache_path("winbindd_cache.tdb"),
 				WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
 				TDB_DEFAULT /* TDB_CLEAR_IF_FIRST */, O_RDWR|O_CREAT, 0600);
 
 	if (!tdb) {
 		fprintf(stderr, "Cannot open the tdb %s for writing.\n",
-			lock_path("winbindd_cache.tdb"));
+			cache_path("winbindd_cache.tdb"));
 		return False;
 	}
 

Modified: branches/samba/lenny/source/winbindd/idmap_cache.c
===================================================================
--- branches/samba/lenny/source/winbindd/idmap_cache.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/winbindd/idmap_cache.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -54,7 +54,7 @@
 		return NULL;
 	}
 
-	cache_fname = lock_path("idmap_cache.tdb");
+	cache_fname = cache_path("idmap_cache.tdb");
 
 	DEBUG(10, ("Opening cache file at %s\n", cache_fname));
 

Modified: branches/samba/lenny/source/winbindd/idmap_tdb2.c
===================================================================
--- branches/samba/lenny/source/winbindd/idmap_tdb2.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/winbindd/idmap_tdb2.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -68,7 +68,7 @@
 		return NT_STATUS_OK;
 	}
 
-	db_path = lock_path("idmap2_cache.tdb");
+	db_path = cache_path("idmap2_cache.tdb");
 
 	/* Open idmap repository */
 	if (!(idmap_tdb2_tmp = tdb_open_log(db_path, 0, TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0644))) {

Modified: branches/samba/lenny/source/winbindd/winbindd_cache.c
===================================================================
--- branches/samba/lenny/source/winbindd/winbindd_cache.c	2010-02-13 13:52:19 UTC (rev 3292)
+++ branches/samba/lenny/source/winbindd/winbindd_cache.c	2010-02-13 22:40:02 UTC (rev 3293)
@@ -2333,7 +2333,7 @@
 		return true;
 
 	/* when working offline we must not clear the cache on restart */
-	wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
+	wcache->tdb = tdb_open_log(cache_path("winbindd_cache.tdb"),
 				WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, 
 				lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), 
 				O_RDWR|O_CREAT, 0600);
@@ -2376,9 +2376,9 @@
 		tdb_close(wcache->tdb);
 		wcache->tdb = NULL;
 
-		if (unlink(lock_path("winbindd_cache.tdb")) == -1) {
+		if (unlink(cache_path("winbindd_cache.tdb")) == -1) {
 			DEBUG(0,("initialize_winbindd_cache: unlink %s failed %s ",
-				lock_path("winbindd_cache.tdb"),
+				cache_path("winbindd_cache.tdb"),
 				strerror(errno) ));
 			return false;
 		}
@@ -2660,7 +2660,7 @@
 		return;
 
 	/* when working offline we must not clear the cache on restart */
-	wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
+	wcache->tdb = tdb_open_log(cache_path("winbindd_cache.tdb"),
 				WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, 
 				lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), 
 				O_RDWR|O_CREAT, 0600);
@@ -3445,7 +3445,7 @@
 int winbindd_validate_cache(void)
 {
 	int ret = -1;
-	const char *tdb_path = lock_path("winbindd_cache.tdb");
+	const char *tdb_path = cache_path("winbindd_cache.tdb");
 	TDB_CONTEXT *tdb = NULL;
 
 	DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
@@ -3487,7 +3487,7 @@
 int winbindd_validate_cache_nobackup(void)
 {
 	int ret = -1;
-	const char *tdb_path = lock_path("winbindd_cache.tdb");
+	const char *tdb_path = cache_path("winbindd_cache.tdb");
 
 	DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
 	smb_panic_fn = validate_panic;




More information about the Pkg-samba-maint mailing list