diff options
author | Andrew Tridgell <tridge@samba.org> | 1997-10-02 03:14:32 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1997-10-02 03:14:32 +0000 |
commit | 85097a7c177977c3e0cb9b2ad41642dba5f917ac (patch) | |
tree | 04809ff5192c9bfa9c33f76d5a27b67c7790d024 /docs | |
parent | c9cf77a6bb245145dce3cd96ff4267fe226a1019 (diff) | |
download | samba-85097a7c177977c3e0cb9b2ad41642dba5f917ac.tar.gz samba-85097a7c177977c3e0cb9b2ad41642dba5f917ac.tar.bz2 samba-85097a7c177977c3e0cb9b2ad41642dba5f917ac.zip |
change the semantics of hosts allow/hosts deny so that a global
setting applies to all shares regardless of any settings on other
shares. This allows us to immediately drop a connection if it does not
come from a allowed host, without even parsing the first SMB
packet. The next time we get a nasty security hole we can offer people
the option of just setting their hosts allow line.
If we drop a connection in this way we generate a "Not listening for
calling name" response and then exit.
add a per share "oplocks" option in smb.conf. I think its important to
be able to disable oplocks on a per-share basis as there are occasions
then they are definately not wanted, for example when sharing data
between a windows box and a unix application. This also allows us to
tell people "try disabling oplocks" when diagnosing problems.
fix a bug in process_smb(). It was taking the length of the packet
from outbuf, not inbuf (this bug was introduced with the oplocks
code). Jeremy, I assume this wasn't deliberate?
(This used to be commit 44bc9f239aa0b3cdf6cf9ad8d3911e397eba7335)
Diffstat (limited to 'docs')
-rw-r--r-- | docs/manpages/smb.conf.5 | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index 869dbf9ffd..989a395c15 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -724,10 +724,11 @@ then the "load printers" option is easier. A synonym for this parameter is 'hosts allow'. This parameter is a comma delimited set of hosts which are permitted to access -a services. If specified in the [global] section, matching hosts will be -allowed access to any service that does not specifically exclude them from -access. Specific services my have their own list, which override those -specified in the [global] section. +a service. + +If specified in the [global] section then it will apply to all +services, regardless of whether the individual service has a different +setting. You can specify the hosts by name or IP number. For example, you could restrict access to only the hosts on a Class C subnet with something like |