summaryrefslogtreecommitdiff
path: root/lib/param/param_table.c
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2020-25717: Add FreeIPA domain controller roleAlexander Bokovoy2021-11-091-0/+1
| | | | | | | | | | | | | | | | | As we want to reduce use of 'classic domain controller' role but FreeIPA relies on it internally, add a separate role to mark FreeIPA domain controller role. It means that role won't result in ROLE_STANDALONE. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* docs-xml: remove support for "SMB3_10"Stefan Metzmacher2021-07-151-1/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* docs-xml: remove support for "SMB2_24"Stefan Metzmacher2021-07-151-1/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* docs-xml: remove support for "SMB2_22"Stefan Metzmacher2021-07-151-1/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib:param: Add 'client protection' config optionAndreas Schneider2021-04-281-0/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:param: Add 'client use kerberos' config parameterAndreas Schneider2021-04-281-0/+12
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* param: Create and use enum_smb_encryption_valsAndreas Schneider2020-08-191-0/+23
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Detect when command line max protocol < min protocolDavid Mulder2019-11-121-0/+11
| | | | | | | | | | | | | | | | Due to the increased default minimum protocol level to SMB2, some users notice that specifying smbclient -m NT1 fails with NT_STATUS_CONNECTION_DISCONNECTED, with no SMB traffic on the wire. Report when the max protocol is set less than the min protocol. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Tue Nov 12 17:52:28 UTC 2019 on sn-devel-184
* s3:mdssvc: add Elasticsearch backendRalph Boehme2019-10-091-0/+1
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
* s3:mdssvc: add noindex backendRalph Boehme2019-08-081-0/+1
| | | | | | | | | | | | | | Add a new default backend that, while allowing mdsvc RPC and search queries from clients, always returns no results. Shares using this backend will behave the same way as shares on a macOS SMB server where indexing is disabled. This change will later also allow us to compile the Spotlight RPC service by default which is a big step in the direction of adding tests to CI. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:mdssvc: new option "spotlight backend"Ralph Boehme2019-08-081-0/+5
| | | | | | | | Currently there's only the tracker backend, but subsequent commits will add other backends. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Add mdns name configuration optionKevin Anderson2017-12-081-0/+6
| | | | | | | | | | | | | | | Add the mdns name configuration variable to control the mdns hostname. The default is to use the NETBIOS name of the system to match previous versions which is typically the hostname in all capitals. A value of mdns can be provided to defer the hostname to the mdns library. With the recent patch to support time machine being merged this patch allows for a user to configure the server name that is advertised to be lower cased through Avahi advertisements. Signed-off-by: Kevin Anderson <andersonkw2@gmail.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: Add new "disabled" value to "ntlm auth" to disable NTLM totallyAndrew Bartlett2017-07-041-0/+1
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923 Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* auth: Allow NTLMv1 if MSV1_0_ALLOW_MSVCHAPV2 is given and re-factor 'ntlm ↵Andrew Bartlett2017-07-041-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | auth =' The ntlm auth parameter is expanded to more clearly describe the role of each option, and to allow the new mode that permits MSCHAPv2 (as declared by the client over the NETLOGON protocol) while still banning NTLMv1. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12252 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Based on a patch by Mantas Mikulėnas <mantas@utenos-kolegija.lt>: Commit 0b500d413c5b ("Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth") added the --allow-mschapv2 option, but didn't implement checking for it server-side. This implements such checking. Additionally, Samba now disables NTLMv1 authentication by default for security reasons. To avoid having to re-enable it globally, 'ntlm auth' becomes an enum and a new setting is added to allow only MSCHAPv2. Signed-off-by: Mantas Mikulėnas <mantas@utenos-kolegija.lt> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* param: Allow to specify kerberos method on the commandlineAndreas Schneider2017-03-141-0/+4
| | | | | | | | We support --option for our tools but you cannot set an option where the value of the option includes a space. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* s3/smbd: new "mangled names" setting "illegal"Ralph Boehme2017-01-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This does mangling for names with illegal NTFS characters, but not for names longer then 8.3: Name mangling with mangled named = yes ====================================== Mangled | Short | Name ---------------------------- | | foo | yes | 123456789 yes | | foo:bar Name mangling with mangled named = illegal ========================================== Mangled | Short | Name ---------------------------- | | foo | | 123456789 yes | | foo:bar Setting "mangled names = illegal" is the most sensible setting for modern clients that don't use the shortname anymore. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3/smbd: convert "mangled names" option to an enumRalph Boehme2017-01-091-0/+10
| | | | | | | | | This is in preparation of adding an additional setting for this option. No change in behaviour by this commit, that comes in the next one. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: add an option to inherit only the UNIX ownerUri Simchoni2016-08-101-0/+6
| | | | | | | | This can be used to emulate folder quotas, as explained in the modified manpage. Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-param: add kerberos encryption types parameterUri Simchoni2016-08-091-0/+9
| | | | | Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"Stefan Metzmacher2016-04-121-0/+15
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2112: docs-xml: add "ldap server require strong auth" optionStefan Metzmacher2016-04-121-0/+12
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* Avoid including libds/common/roles.h in public loadparm.h header.Jelmer Vernooij2016-01-131-0/+1
| | | | | | Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Stefan Metzmacher <metze@samba.org>
* param: use the generated parameter table.Michael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: move the actual table out into param_table_static.cMichael Adam2015-07-311-3733/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: don't list '-valid' and 'copy' as synonyms - they aren'tMichael Adam2015-07-311-2/+0
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: make 'timestamp logs' the default writing of 'debug timestamp'Michael Adam2015-07-311-0/+1
| | | | | | | This is how it used internally. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: add SYNONYM flag where missingMichael Adam2015-07-311-1/+9
| | | | | | | | | thereby remove DEPRECATED flags: synonyms currently only carry the syn flag. Other flags sit on the primary entry. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szIdmapGID -> idmap_gidMichael Adam2015-07-311-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szIdmapUID -> idmap_uidMichael Adam2015-07-311-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szIdmapBackend -> idmap_backendMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szInclude -> includeMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szCopy -> copyMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename bAvailable -> availableMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: make 'realm' use the standard 'realm' variable.Michael Adam2015-07-311-1/+1
| | | | | | | | This way, the generated lp_realm() function matches the param_table. realm_original is only treated in the special handler now. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename CupsEncrypt -> cups_encryptMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename winbindMaxDomainConnections -> _winbind_max_domain_connectionsMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename bWidelinks -> wide_linksMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: turn 'smb2 max credits' into generated optionMichael Adam2015-07-311-2/+2
| | | | | | | | | This is achieved by moving the special treatment from the lp_smb2_max_credits() function in the the special handler that is called only once upon lp_load(). Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szPrintcapName -> printcap_nameMichael Adam2015-07-311-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename iminreceivefile -> min_receivefile_sizeMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename iPreferredMaster -> _preferred_masterMichael Adam2015-07-311-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename variable of 'max print jobs' to default.Michael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szLdapMachineSuffix -> _ldap_machine_suffixMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szLdapIdmapSuffix -> _ldap_sz_idmap_suffixMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szLdapUserSuffix -> _ldap_user_suffixMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szLdapGroupSuffix -> _ldap_group_suffixMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/tls: Add new 'tls priority' optionAndrew Bartlett2015-07-201-0/+8
| | | | | | | | | | This adds a new option to the smb.conf to allow administrators to disable TLS protocols in GnuTLS without changing the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* param: Make "kernel change notify" globalVolker Lendecke2015-07-071-2/+2
| | | | | | | | With a central notifyd, we can't do this per share anymore. Notifyd will only look at absolute paths, not shares. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: Make "change notify" globalVolker Lendecke2015-07-071-2/+2
| | | | | | | | With a central notifyd, we can't do this per share anymore. Notifyd will only look at absolute paths, not shares. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-mdssvc: add new option 'spotlight'Ralph Boehme2015-07-071-0/+8
| | | | | | | | | Per share option: it reflects whether a share is indexed by Tracker or not. The global switch that controls whether Spotlight is enabled or not, are the mdsvc RPC switches. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
View Lorry Controller Status