summaryrefslogtreecommitdiffstats
path: root/source/param
Commit message (Collapse)AuthorAgeFilesLines
* Fix for CVE-2009-2813.Karolin Seeger2009-10-011-1/+6
| | | | | | | | | | | | | | | | =========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. =========================================================== (cherry picked from commit c1a4a99f8cc5803682a94060efee1adf330c4f02)
* s3/loadparm.c: Change default value for "ldap ssl".Karolin Seeger2008-12-171-1/+1
| | | | | | | | | | | | | | | | | | | LDAP_SSL_ON is not defined at all. That's why the actual default value was "" for a long time. Set a more sensible default value without chnging the default behaviour. -----8<------------------snip--------------8<-------------- user@host:/data/git/samba/v3-0-test/source> git grep LDAP_SSL_ON | cat include/smb.h:enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS}; param/loadparm.c: Globals.ldap_ssl = LDAP_SSL_ON; ----->8------------------snap-------------->8-------------- It's the same in 3.2 and 3.3 series. Karolin (cherry picked from commit e6d883e003d4560c55259ae1cfdf7319602f76e3) (cherry picked from commit 5c686419096362176d80f3d05339b8836d0178a4)
* Fix bug #5729. Explicitly allow "-valid".Jeremy Allison2008-09-031-1/+1
| | | | Jeremy
* Patch from SATOH Fumiyasu <fumiyas@osstech.co.jp> for bug #5202. Re-activate ↵Jeremy Allison2008-07-031-1/+1
| | | | | | | "acl group control" parameter and make it only apply to owning group. Also added man page fix. Jeremy.
* Rename the 'hidden' variable to 'administrative share'.Andreas Schneider2008-02-291-5/+5
|
* Add variable to define if a share should be hidden.Andreas Schneider2008-02-261-0/+5
| | | | | | | | | | If you create a share on a Windows machine called foo$ then this share is of the type STYPE_DISKTREE. So it is possible to administrate this kind of share. Tested on Windows NT and 2003. In samba we assume that if a share with a $ at the end must be of the type STYPE_DISKTREE_HIDDEN. This is wrong, so we need a variable in the config to define if the share should be hidden or not.
* Add support for LDAP debug output in Samba log file.Michael Adam2008-02-071-0/+19
| | | | | | | | | | | | | | | | | Logging of the ldap libraries appears with a [LDAP] prefix inside the samba logs. This is controlled by two new parameters: * "ldap debug level" sets the debug level of the ldap libraries. It is the bit-field as understood by the openldap server. * "ldap debug threshold" is the samba debug level at which ldap logging appears inside the samba logs. This probably needs some configure tests since it makes use of the LBER_OPT_LOG_PRINT_FN option to redirect the debug output of the ldap libraries. Michael
* [GLUE] Rsync SAMBA_3_0 SVN r25598 in order to create the v3-0-test branch.samba-misc-tags/initial-v3-0-testGerald (Jerry) Carter2007-10-101-343/+22
|
* r23666: Rename lp_parameter_valid -> lp_parameter_is_valid.Michael Adam2007-10-101-1/+1
| | | | Michael
* r23657: Prevent setting of a global option in a share definitionMichael Adam2007-10-101-0/+18
| | | | | | in "net conf setparm". Michael
* r23656: Add initial checking of the validity of a paramterMichael Adam2007-10-101-0/+12
| | | | | | | given to "net conf setparm". Add a utility function lp_parameter_valid() for this to loadparm.c. Michael
* r23641: Put check for forbidden values in smbconf into a function.Michael Adam2007-10-101-4/+1
| | | | | | | (This will be used in a next step to prevent storing these values in reg_smbconf.c.) Michael
* r23592: Change a debuglevel to not clutter output when callingMichael Adam2007-10-101-1/+1
| | | | | | net as a non-root user, e.g. Michael
* r23579: Up to now, the "allparameters" argument to lp_next_parameter wasMichael Adam2007-10-101-0/+3
| | | | | | | | | | | | not effective for the global section (snum < 0). This checkin makes it effective for the global section, too. This does not produce changes in the results of the present calls of lp_next_parameter: Beside the new use in utils/net_conf.c (which is hereby fixed), the only calls of lp_next_parameter are in web/swat.c, where it is effectively always called with allparameters == 1. Michael
* r23575: Fix a segfault when lp_load is called before init_registry.Michael Adam2007-10-101-0/+2
| | | | Michael
* r23553: Also ignore "lock directory" in registry global options.Michael Adam2007-10-101-2/+5
| | | | Michael
* r23552: Use proper comparison function an fix logic.Michael Adam2007-10-101-1/+1
| | | | Michael
* r23548: Fix comments.Michael Adam2007-10-101-3/+3
| | | | Michael
* r23547: Ignore parameter "include" in regsitry globals.Michael Adam2007-10-101-0/+5
| | | | Michael
* r23513: Fix one more use of VALUE_PREFIX.Jeremy Allison2007-10-101-1/+1
| | | | Jeremy.
* r23510: Tidy calls to smb_panic by removing trailing newlines. Print theJames Peach2007-10-101-1/+1
| | | | failed expression in SMB_ASSERT.
* r23509: This activates the global options from the registry in loadparm.Michael Adam2007-10-101-0/+265
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The global options are stored as values in the subkey "global" of the SMBCONF registry key. The activation is accomplished in smb.conf though a new special semantic of the "include" parameter: "include = registry" triggers the processing of the registry global options exactly at the position of the include statement. Options read from the registry take the same precedence as parameters loaded from a file via include. Need to reload the registry globals is detected by watching the tdb sequence number. Registry shares are automatically activated when the registry globals are processed. So a "registry only" configuration can be realized by an smb.conf that looks as follows: ================================ [global] include = registry ================================ The global options and registry shares can be conveniently edited with the "net conf" utility. Caveat: A possible pitfall consists in using "include = registry" together with the "lock directory" directive in the registry. This problem will be addressed in the next time. Note on the code: Processing of the registry options is accomplished by a function process_registry_globals() in loadparm.c The current version is only an interim solution: It is handcoded instead of using the infrastructure of reg_api.c. The reason for this is that using reg_api still has too large linker dependencies, bloating virtually all targets by PASSDB_OBJ, SMBLDAP_OBJ, GROUPDB_OBJ and LDB stuff. A version of process_registry_globals that uses reg_api is included but commented out. The goal is to eventually refactor and restructure the registry code so that one can use the reg_api to access only the registry tdb and not link all the dynamic backends with all their linking implications.
* r23472: add missing default setting for 'winbind nss info' (merge from 3.0.26)Gerald Carter2007-10-101-0/+1
|
* r23471: Here's a rough patch for expanding domain group membershipGerald Carter2007-10-101-0/+4
| | | | | | | | | | | | in the winbindd_getgrnam() call. Couple of comments: * Adds "winbind expand groups" parameter which defines the max depth winbindd will expand group members. The default is the current behavior of one level of expansion. * The entire getrgnam() interface should be async. I haven't done that. * Refactors the domain users hack in fill_grent_mem() into its own function.
* r23410: Merge the core of the cluster code.Volker Lendecke2007-10-101-0/+9
| | | | | | | | | | | | | | | | I'm 100% certain I've forgotten to merge something, but the main code should be in. It's mainly in dbwrap_ctdb.c, ctdbd_conn.c and messages_ctdbd.c. There should be no changes to the non-cluster case, it does survive make test on my laptop. It survives some very basic tests with ctdbd enables, I did not do the full test suite for clusters yet. Phew... Volker
* r23368: Make "winbind:rpc only" a full blown parameter. Thanks to Karolin forVolker Lendecke2007-10-101-0/+3
| | | | the patch :-)
* r22648: Fix comment to match the code.James Peach2007-10-101-1/+1
|
* r22285: Allow arbitrary bases in int and ulong parsing.Jeremy Allison2007-10-101-2/+2
| | | | Jeremy.
* r22266: Fix bug #4512 - we were returning a volume label greater thanJeremy Allison2007-10-101-6/+13
| | | | | 32 unicode chars. Windows XP doesn't like that :-). Jeremy
* r21959: Merge a comment fix from Michael Adam -- more to come :-)Volker Lendecke2007-10-101-1/+2
|
* r21905: RenameGerald Carter2007-10-101-8/+8
| | | | | idmap expire time -> idmap cache time idmap negative time -> idmap negative cache time
* r21892: Mini-Patch from MichaelVolker Lendecke2007-10-101-2/+0
|
* r21884: * Blacklist BUILTIN and MACHINE domains from theGerald Carter2007-10-101-5/+5
| | | | | | | | | | | | | | | | | | idmap domains as these should only be handled by the winbindd_passdb.c backend * Allow the alloc init to fail for backwards compatible configurations like idmap backend = ad idmap uid = 1000-100000 .... * Remove the deprecated flags from idmap backend, et. al. These are mutually exclusive with the new configuration options (idmap domains). Logging annoying messages about deprecated parameters is confusing. So we'll try this apprpach for now.
* r21869: Move sending keepalives out of the main processing loop into idle event.Volker Lendecke2007-10-101-2/+5
| | | | | | On the way, make lp_keepalive() a proper parameter. Volker
* r21866: Remove unused "lock spin count" parameterVolker Lendecke2007-10-101-4/+0
|
* r21825: add debug prefix timestamp to allow "short timestamps" to beHerb Lewis2007-10-101-0/+4
| | | | added to debug messages
* r21547: Fix from Michael Adam <ma@sernet.de>: Refuse registry shares without ↵Volker Lendecke2007-10-101-3/+2
| | | | | | | | path. Thanks, Volker
* r21517: Fix build warnings.Günther Deschner2007-10-101-2/+1
| | | | Guenther
* r21509: Merge lp_passdb_backend() from rev 21506 to 3_0_25.Lars Müller2007-10-101-2/+2
| | | | | Slightly change the DEBUG 0 message as suggested by Volker on samba-technical.
* r21506: Allow old pre 3.0.22 multi passdb backend configurations to work withLars Müller2007-10-101-1/+43
| | | | | | | post 3.0.23. This implementation considers spaces in ldapsam configs. Such configs are trunkated after the closing quote.
* r21449: Talked to Jerry on irc, he does not see what might break with this: ↵Volker Lendecke2007-10-101-1/+1
| | | | | | | | Change back the 'msdfs root = yes' default to 'no'. Volker
* r21446: Karolins "printjob username"Volker Lendecke2007-10-101-0/+5
|
* r21279: Get rid of 'aio write behind', this is broken.Volker Lendecke2007-10-101-4/+0
| | | | | | It should probably better be integrated with our write cache. Volker
* r21191: Add in the POSIX open/mkdir/unlink calls.Jeremy Allison2007-10-101-3/+9
| | | | | | | | Move more error code returns to NTSTATUS. Client test code to follow... See if this passes the build-farm before I add it into 3.0.25. Jeremy.
* r21111: Reorganize the change notify params a bit. We now have the per-shareVolker Lendecke2007-10-101-12/+8
| | | | | | | | | | | | | | parameters change notify = [yes]/no # do we do it at all kernel change notify = [yes]/no # enable/disable inotify Those who want FAM need to say change notify = yes vfs objects = notify_fam Volker
* r21070: * Add the new boolean 'winbind normalize names' option as discussedGerald Carter2007-10-101-0/+4
| | | | | on the samba-technical ml. The replacement character is hardcoded as a '_' for now.
* r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter2007-10-101-1/+0
| | | | | | | | | | | This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving.
* r20261: merge 20260 from samba_3_0_24Herb Lewis2007-10-101-0/+1
| | | | clean up a bunch of no previous prototype warnings
* r20214: Fix a type-punned warning. Simo, Jerry, please checkVolker Lendecke2007-10-101-1/+1
|
* r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce2007-10-101-7/+22
| | | | Simo.