summaryrefslogtreecommitdiff
path: root/source3/param
Commit message (Collapse)AuthorAgeFilesLines
* param: Disable LanMan authentication unless NTLMv1 is also enabledAndrew Bartlett2017-07-041-1/+17
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
* auth: Allow NTLMv1 if MSV1_0_ALLOW_MSVCHAPV2 is given and re-factor 'ntlm ↵Andrew Bartlett2017-07-041-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | auth =' The ntlm auth parameter is expanded to more clearly describe the role of each option, and to allow the new mode that permits MSCHAPv2 (as declared by the client over the NETLOGON protocol) while still banning NTLMv1. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12252 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Based on a patch by Mantas Mikulėnas <mantas@utenos-kolegija.lt>: Commit 0b500d413c5b ("Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth") added the --allow-mschapv2 option, but didn't implement checking for it server-side. This implements such checking. Additionally, Samba now disables NTLMv1 authentication by default for security reasons. To avoid having to re-enable it globally, 'ntlm auth' becomes an enum and a new setting is added to allow only MSCHAPv2. Signed-off-by: Mantas Mikulėnas <mantas@utenos-kolegija.lt> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* param: change the effective default for "client max protocol" to the latest ↵Stefan Metzmacher2017-06-271-1/+1
| | | | | | | | | supported protocol Currently it's SMB3_11. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:param: Allow to add usershare if uid_wrapper is loadedAndreas Schneider2017-06-271-2/+17
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* docs-xml: change the default for "map untrusted to domain" to "auto"Stefan Metzmacher2017-06-161-1/+1
| | | | | | | | | | | | | | This makes the behaviour much more robust, particularly with forest child domains over one-way forest trusts. Sadly we don't support this kind of setup with our current ADDC, so there's no way to have automated tests for this behaviour, but at least we know it doesn't break any existing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* param: Add 'mit kdc command' to change the default.Andreas Schneider2017-04-291-0/+4
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:param: Use new utility function to hide use of global_iconv_handleJeremy Allison2017-04-181-3/+8
| | | | | | | Add error return check. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* param: Check for valid values of 'name resolve order' optionNoel Power2017-04-131-1/+4
| | | | | | | | | | | This variable is populated by a list of values where each value should be a known option. This patch ensures that illegal values are detected. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12739 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3: smbd: Change "strict sync" paramter from "no" to "yes" for 4.7.0.Jeremy Allison2017-03-251-1/+1
| | | | | | | | Document change and modify in loadparm.c. Safer default for new installs and vendors. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* rpc_server: Allow to configure the port range for RPC servicesAndreas Schneider2017-01-271-0/+16
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12521 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* param: Remove winbindd privileged socket directory optionAndrew Bartlett2017-01-221-4/+0
| | | | | | | | | | | | This option is unused and has not been used since before Samba 4.3 when the source4/ winbindd code went away. The associated dynconfig parameters used for the default are also removed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10066 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3/smbd: convert "mangled names" option to an enumRalph Boehme2017-01-091-1/+1
| | | | | | | | | This is in preparation of adding an additional setting for this option. No change in behaviour by this commit, that comes in the next one. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:waf: Make PARAM and SMBREGISTRY a subsystem of smbconf onlyAndreas Schneider2016-12-041-4/+4
| | | | | | | | | | | | | | | | | | | | | | This is the only way to resolve cirular dependencies with these libraries. I've tried several ways but this is the only way to do it correctly. In future we should try to seperate them by passing down information or making a more lightweight loadparm mechanism. +---------+ +-------------+ | | | | | param <---------+ +--------+ smbregistry | | | | | | | +----+----+ | | +------^------+ | +---+----v--+ | | | | | +----------> smbconf +------------+ | | +-----------+ Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:param: Add an 'include system krb5 conf' optionAndreas Schneider2016-12-021-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12441 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* param: fix lp_parameter_value_is_valid() for parametric optionsRalph Wuerthner2016-11-301-0/+6
| | | | | | | | | Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Nov 30 04:00:54 CET 2016 on sn-devel-144
* param: validate value in lp_canonicalize_parameter_with_value()Michael Adam2016-11-231-4/+9
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* param: use early return in lp_canonicalize_parameter_with_value()Michael Adam2016-11-231-9/+10
| | | | | | | | This reduces the indentation and streamlines the flow. View with "git show -w" to see it's mostly indentation change. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* param: add lp_parameter_value_is_valid() functionRalph Wuerthner2016-11-231-0/+66
| | | | | | Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* loadparm: Fix a warning for increased alignmentVolker Lendecke2016-10-191-1/+1
| | | | | | | There's tons of those, but you have to start somewhere :-) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-param: Add comment to call lp_load_global() after popt processingAndreas Schneider2016-10-061-0/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* docs-xml:smbdotconf: default "ntlm auth" to "no"Stefan Metzmacher2016-07-221-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* smbd: Enable leases by defaultVolker Lendecke2016-07-221-1/+1
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: Correct the defaults for "dcerpc endpoint services"Andrew Bartlett2016-07-191-1/+1
| | | | | | | | | | | | We must not list any services that we skip building, as otherwise all RPC services fail to start. We now build without the source4 spoolss server in non-developer builds This fixes commit 0b4c741b9c03d147ee5f56d027bacda75c1b5282 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12025 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* smbd: remove "only user" and "username" parametersUri Simchoni2016-05-061-3/+0
| | | | | | | These have long been superseded by "valid users" Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"Stefan Metzmacher2016-04-121-1/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to ↵Stefan Metzmacher2016-04-121-0/+2
| | | | | | | | | | | "yes" We sadly need to allow this for now by default. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"Stefan Metzmacher2016-04-121-5/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()Stefan Metzmacher2016-04-121-9/+0
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2016-2115: docs-xml: add "client ipc signing" optionStefan Metzmacher2016-04-121-0/+14
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max ↵Stefan Metzmacher2016-04-121-0/+26
| | | | | | | | | protocol" options BUG: https://bugzilla.samba.org/show_bug.cgi?id=11796 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2016-2113: docs-xml: let "tls verify peer" default to ↵Stefan Metzmacher2016-04-121-1/+1
| | | | | | | | | "as_strict_as_possible" BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"Stefan Metzmacher2016-04-121-0/+2
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2112: docs-xml: change the default of "ldap server require strong ↵Stefan Metzmacher2016-04-121-1/+1
| | | | | | | | | auth" to "yes" BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* CVE-2016-2112: docs-xml: add "ldap server require strong auth" optionStefan Metzmacher2016-04-121-0/+3
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"Stefan Metzmacher2016-04-121-1/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"Stefan Metzmacher2016-04-121-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* loadparm: Remove an unneeded variableVolker Lendecke2016-02-191-2/+1
| | | | | | | | | | | | When reviewing the patch for bug 11740 I found that the definition of "num_to_alloc" was not part of the patch text, I had to look it up in context. Unnecessary I believe. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Feb 19 15:56:19 CET 2016 on sn-devel-144
* Real memeory leak(buildup) issue in loadparm.Hemanth Thummala2016-02-171-13/+27
| | | | | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11740 As part of reload services, unused service ptr structures are getting unloaded without actually freeingup the memory associated to them. Made changes to freeup those allocations on unload. On reload, reuse the slots in ServicePtr global array instead of extending the array with holes. Also we should mark shares like IPC$ as auto loaded as they never be exposed to users. Signed-off-by: Hemanth Thummala <hemanth.thummala@nutanix.com> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Feb 17 22:30:25 CET 2016 on sn-devel-144
* dlist: remove unneeded type argument from DLIST_ADD_END()Michael Adam2016-02-061-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* loadparm: Fix memory leak issue.Hemanth Thummala2016-02-041-1/+1
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11708 Signed-off-by: Hemanth Thummala <hemanth.thummala@nutanix.com> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Feb 4 12:39:14 CET 2016 on sn-devel-144
* loadparm: introduce lp_parm_ulonglong() and lpcfg_parm_ulonglong()Uri Simchoni2016-01-261-0/+16
| | | | | Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3-parm: clean up defaults when removing global parametersAlexander Bokovoy2016-01-251-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11693 When globals are re-initialized, they are cleared and globals' talloc context is freed. However, parm_table still contains a reference to the global value in the defaults. This confuses lpcfg_string_free() after commit 795c543d858b2452f062a02846c2f908fe4cffe4 because it tries to free already freed pointer which is passed by lp_save_defaults(): .... case P_STRING: case P_USTRING: lpcfg_string_set(Globals.ctx, &parm_table[i].def.svalue, *(char **)lp_parm_ptr(NULL, &parm_table[i])); .... here &parm_table[i].def.svalue is passed to lpcfg_string_free() but it is a pointer to a value allocated with previous Globals.ctx which already was freed. This specifically affects registry backend of smb.conf in lp_load_ex() where init_globals() called explicitly to re-init globals after lp_save_defaults() if we have registry backend defined. Reviewed-by: Uri Simchoni <uri@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Mon Jan 25 23:58:42 CET 2016 on sn-devel-144
* smbd: do not disable "store dos attributes" on-the-flyUri Simchoni2015-12-251-11/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Smbd would disable "store dos attributes" on-the-fly if the attempt to set/get user.DOSATTRIB fails with ENOTSUP or ENOSYS. The rationale behind it was that the file system does not support extended attributes, so there's no need to fill up the log with failure messages. However, a "wide symlink" could point to a spot that doesn't support extended attributes. Even with the default banned wide links, we currenly allow stat'ing those files and follow the symlink, and this in turn would disable "store dos attributes" for the whole share. The user.DOSATTRIB attribute also stores file creation time, so that is also affected. Another case where this behavior would turn storage of DOS attributes off is that of the ".." entry at the root of the share, if the parent folder for the share's root path does not support extended attributes. On the other hand, the information on the file system and its support of extended attributes is readily available, so the fix for explosion of the log should be not to configure "store dos attributes" on such a share. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11649 Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Dec 25 13:20:58 CET 2015 on sn-devel-144
* s3:smbd: convert file_struct.posix_open to a bitmap with flagsRalph Boehme2015-12-011-1/+2
| | | | | | | | | | | | | This is in preperation of a more fine grained control of POSIX behaviour in the SMB and VFS layers. Inititally we use an uint8_t for the flags bitmap and add a define posix_flags as posix_open in order to avoid breaking the VFS ABI. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/param: add a fixed unified lpcfg_string_{free,set,set_upper}() ↵Stefan Metzmacher2015-11-301-119/+114
| | | | | | | | | | | | | | | | | | | | | | infrastructure This reduces the memory footprint of empty string options. smbd -d1 -i with 1400 shares in smb.conf under x64 valgrind massif before this patch has 7,703,392 bytes peak memory consumption and after this patch 3,321,200 bytes. This fixes a regression introduced by commit 2dd7c890792cf12049ec13b88aa4e9de23035f9d. BUG: Bug: https://bugzilla.samba.org/show_bug.cgi?id=11625 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Nov 30 17:41:28 CET 2015 on sn-devel-104
* s3: smbd: Change aio_pending_size static variable to a new "aio max threads" ↵Jeremy Allison2015-11-131-0/+2
| | | | | | | | | | | | | | | | | | | | | | smb.conf parameter. Removes accessor functions as now this parameter is set under user control in smb.conf. Default is 100. Note that this doesn't limit the number of outstanding aio requests, it just causes them to go onto the pthreadpool queue. Now we need to prioritize pthreadpool pipe replies ahead of incoming SMB2 requests, but that's a patch for another day. Based on ideas from Volker. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* loadparm3: Add lp_wi_scan_global_parametrics()Volker Lendecke2015-08-241-0/+73
| | | | | | | | | | | This routine takes a regex and goes through all parametric parameters in [global], matching the regex. It can easily be extended to also look at shares, but right now it will only be used to list all idmap config domain names. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
* param: rename szIdmapBackend -> idmap_backendMichael Adam2015-07-311-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szInclude -> includeMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename szCopy -> copyMichael Adam2015-07-311-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status