summaryrefslogtreecommitdiff
path: root/source3/param/loadparm.c
AgeCommit message (Collapse)AuthorFilesLines
2009-10-01Fix for CVE-2009-2813.Jeremy Allison1-1/+6
=========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
2009-09-15s3: BSD needs sys/sysctl.h included to build properlyBjörn Jacke1-0/+4
FreeBSD (and other BSDs, too) need sys/sysctl.h inclueded to use sysctlbyname(). Thanks to Timur Bakeyev for that.
2009-08-26Add a parameter to disable the automatic creation of krb5.conf filesVolker Lendecke1-0/+12
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-)
2009-08-12Add "store create time" parameter (docs to follow)Jeremy Allison1-0/+12
that stores the create time in the user.DosTimestamps EA. Jeremy.
2009-07-14Attempt to fix the buildVolker Lendecke1-22/+0
2009-07-14Revert this commit :Jeremy Allison1-0/+11
s3: Make smbd aware of permission change of usershare. Since usershare are relatively volatile and non-previledge users must disconnect from smbd and reconnect to it to make share permission in effect. For now. This is a feature request and I think we need to design it a little differently so as not to touch core change_to_user() code. Jeremy.
2009-07-15S3: Small fix to get rid of annoying log message.Bo Yang1-0/+3
Signed-off-by: Bo Yang <boyang@samba.org>
2009-07-15s3: Make smbd aware of permission change of usershare. Since usershare are ↵Bo Yang1-0/+11
relatively volatile and non-previledge users must disconnect from smbd and reconnect to it to make share permission in effect.
2009-05-29Consolidate create/delete account paths in pdbeditSimo Sorce1-0/+5
Use common paths like for smbpasswd, so that all utilities behave the same way. As for smbpasswd this changes the behavior of pdbedit to create/delete unix users is the add/delete user scripts are provided, or ldapsam:editposix is configured. Signed-off-by: Günther Deschner <gd@samba.org>
2009-05-27s3: make passdb backend defaults to tdbsamBjörn Jacke1-1/+1
2009-05-26Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STATVolker Lendecke1-31/+33
This patch introduces struct stat_ex { dev_t st_ex_dev; ino_t st_ex_ino; mode_t st_ex_mode; nlink_t st_ex_nlink; uid_t st_ex_uid; gid_t st_ex_gid; dev_t st_ex_rdev; off_t st_ex_size; struct timespec st_ex_atime; struct timespec st_ex_mtime; struct timespec st_ex_ctime; struct timespec st_ex_btime; /* birthtime */ blksize_t st_ex_blksize; blkcnt_t st_ex_blocks; }; typedef struct stat_ex SMB_STRUCT_STAT; It is really large because due to the friendly libc headers playing macro tricks with fields like st_ino, so I renamed them to st_ex_xxx. Why this change? To support birthtime, we already have quite a few #ifdef's at places where it does not really belong. With a stat struct that we control, we can consolidate the nanosecond timestamps and the birthtime deep in the VFS stat calls. At this moment it is triggered by a request to support the birthtime field for GPFS. GPFS does not extend the system level struct stat, but instead has a separate call that gets us the additional information beyond posix. Without being able to do that within the VFS stat calls, that support would have to be scattered around the main smbd code. It will very likely break all the onefs modules, but I think the changes will be reasonably easy to do.
2009-05-20s3:param: add PROTOCOL_SMB2Stefan Metzmacher1-0/+1
metze
2009-05-15s3:swat: hide "config backend" from swatMichael Adam1-1/+1
Michael
2009-05-15s3:param: prevent includes from being dumped in dump_*() functions.Michael Adam1-3/+6
This fixes bug #4271: testparm should not print includes. Michael
2009-05-14Add some constVolker Lendecke1-1/+2
2009-05-12s3:loadparm: free the file_list at the start of loadparmMichael Adam1-0/+2
This should reduce the waste of memory when using "config file" or "config backend". It also reduces the risk of triggering reloads due to some old unused files being checked. Michael
2009-05-12s3:loadparm: refactor freeing of file_list out into free_file_lists()Michael Adam1-13/+21
Michael
2009-05-05s3 Reorder loadparm to keep aliases togetherSteven Danneman1-6/+6
This keeps the "browseable" and "browsable" aliases together.
2009-05-06s3:loadparm: handle registry config source in file_list - fixes bug #6320Michael Adam1-34/+44
Michael
2009-05-05s3:loadparm: use the returnvalue of service_ok() in process_smbconf_service().Michael Adam1-1/+1
Michael
2009-04-29s3:smbd/service: switch load_registry_service/shares to use loadparm routinesMichael Adam1-1/+1
instead of reading the registry directly with tdb and activating the configure options by hand. This eliminates the need for repeating checks done in loadparm. For instance it disables registry shares without path in the server as is the case with text based shares. Michael
2009-04-29s3:loadparm: refactor process_registry_service out or process_registry_globalsMichael Adam1-11/+25
Michael
2009-04-28s3:loadparm: prevent infinite include nesting.Michael Adam1-2/+19
This introduces a hard coded MAX_INCLUDE_DEPTH of 100. When this is exceeded, handle_include (and hence lp_load) fails. One could of course implement a more intelligent loop detection in the include-tree, but this would require some restructuring of the internal loadparm housekeeping. Maybe as a second improvement step. Michael
2009-04-28s3:mark registry shares without path unavailable just as with text configMichael Adam1-0/+3
This prevents users from getting access to "/" in misconfigured setups. Michael
2009-04-13s3-loadparm: Fix resume command typo for "printing = vlp".Günther Deschner1-1/+1
Guenther
2009-04-07s3/loadparm: Fiy typos.Karolin Seeger1-2/+2
Karolin
2009-03-30s3/cups: add encryption supportBjörn Jacke1-0/+34
2009-03-23s3: Remove redundant commentTim Prouty1-4/+0
2009-03-23s3:smbd: use new simplified snb_signing code in the serverStefan Metzmacher1-3/+8
We keep the seqnum/mid mapping in the smb_request structure. This also moves one global variable into the smbd_server_connection struct. metze
2009-03-04Attempt to fix the build on IRIXVolker Lendecke1-1/+3
2009-02-22s3: Wrap usage of rlimit in configure checksSteven Danneman1-20/+19
2009-02-21Revert "s3 auth: Add parameter that forces every user through an NSS lookup"Tim Prouty1-11/+0
After the discussion on samba-technical, it was decided that the best answer for now was to revert this change. The right way to do this is to rewrite the token api to use opaque tokens with pluggable modules. This reverts commit 8e19a288052bca5efdb0277a40c1e0fdd099cc2b.
2009-02-21Fix an uninitialized variableVolker Lendecke1-1/+1
2009-02-20S3: Detect max_open_files from systemtodd stecher1-1/+37
- Attempt to use syscalls to determine max-open-files value. - Add in periodic logging when max file limit reached
2009-02-16s3 auth: Add parameter that forces every user through an NSS lookupZach Loafman1-0/+11
When set to yes, "force username map" forces every user, even AD users, through an NSS lookup. This allows the token to be overridden with information from NSS in certain broken environments.
2009-02-14Rename lp_smb_perfcount_module() to lp_perfcount_module() to match the ↵Volker Lendecke1-1/+1
parameter name
2009-02-12s3: Added new parameter "map untrusted to domain"Steven Danneman1-0/+13
When enabled this reverts smbd to the legacy domain remapping behavior when a user provides an untrusted domain This partially reverts d8c54fdd
2009-02-09S3: New module interface for SMB message statistics gatheringtodd stecher1-0/+11
This changelist allows for the addition of custom performance monitoring modules through smb.conf. Entrypoints in the main message processing code have been added to capture the command, subop, ioctl, identity and message size statistics.
2009-02-05s3/libads: Change "ldap ssl:ads" parameter to "ldap ssl ads".Karolin Seeger1-0/+12
Karolin
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-5/+28
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-01-15s3: make better use of ccache by not including version.h in every C-file.Michael Adam1-1/+1
version.h changes rather frequently. Since it is included via includes.h, this means each C file will be a cache miss. This applies to the following situations: * When building a new package with a new Samba version * building in a git branch after calling mkversion.sh after a new commit (i.e. virtually always) This patch improves the situation in the following way: * remove inlude "version.h" from includes.h * Use samba_version_string() instead of SAMBA_VERSION_STRING in files that use no other macro from version.h instead of SAMBA_VERSION_STRING. * explicitly include "version.h" in those files that use more macros from "version.h" than just SAMBA_VERSION_STRING. Michael
2009-01-12Deprecate the "share modes" parameter to address bug #6024, swat disagrees ↵Jeremy Allison1-1/+1
with smbstatus as to share mode with share modes = No set in samba. Jeremy.
2009-01-12Make STATEDIR and CACHEDIR configurable through ./configure and loadparm.cSteven Danneman1-3/+46
If they are not explicitely set in either place both will default to LOCKDIR. Signed-off-by: Michael Adam <obnox@samba.org>
2009-01-04Fix a typo found by the IBM CheckerVolker Lendecke1-1/+1
2008-12-23Fix use of "time offset" parameter, and add test to make sure I don't break ↵Jelmer Vernooij1-2/+0
it again :-)
2008-12-21s3:loadparm/docs: Set default for "ldap ssl" to "start tls".root1-1/+1
This has been discussed on samba-technical before. 3.3 and newer only! Karolin
2008-12-21s3: loadparm: Clean-up list of parameters.Karolin Seeger1-8/+1
We don't need to list several combinations of lowercase and uppercase here. Karolin
2008-12-17s3/loadparm.c: Change default value for "ldap ssl".Karolin Seeger1-1/+1
LDAP_SSL_ON is not defined at all. That's why the actual default value was "" for a long time. Set a more sensible default value without chnging the default behaviour. -----8<------------------snip--------------8<-------------- user@host:/data/git/samba/v3-0-test/source> git grep LDAP_SSL_ON | cat include/smb.h:enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS}; param/loadparm.c: Globals.ldap_ssl = LDAP_SSL_ON; ----->8------------------snap-------------->8-------------- It's the same in 3.2 and 3.3 series. Karolin
2008-12-15s3:loadparm: fix copy service error (canonicalize_servicename: NULL source name)Michael Adam1-1/+1
this was introduced by commit 3358a139d2dc77eb4c842d41722b1acc24bd2cb2. Michael
2008-12-15s3:loadparm: add service-struct based variants of the free-parameter routinesMichael Adam1-7/+46
and use the abstracted free_one_parameter_common() in old free_one_parameter_by_snum() as well as in new free_one_parameter() Michael