Age | Commit message (Collapse) | Author | Files | Lines |
|
This makes us scale better with many simultaneous winbind requests,
some of which might be slow.
This implementation breaks offline logons, as the cached credentials are
maintained in a child (this needs fixing). So, if the offline logons are
active, only allow one DC connection.
Probably the offline logon and the scalable file server cases are
separate enough so that this patch is useful even with the restriction.
|
|
When the HAVE_GETRLIMIT and RLIMIT_NOFILE macros are defined the block
isn't closed.
Autobuild-User: Andreas Schneider <asn@samba.org>
Autobuild-Date: Wed Jan 19 23:10:50 CET 2011 on sn-devel-104
|
|
820ea22a07b062b1717d35de8fa7051fc1067c3f)
|
|
128 credits.
Jeremy.
|
|
This matches the improved security measures of Windows Vista.
Andrew Bartlett
|
|
This patch, based on the suggestion by Goldberg, Neil R. <ngoldber@mitre.org>
turns off the sending of the principal in the negprot by default, matching
Windows 2008 behaviour.
This slowly works us back from this hack, which from an RFC
perspective was never the right thing to do in the first place, but we
traditionally follow windows behaviour. It also discourages client
implmentations from relying on it, as if they do they are more open to
man-in-the-middle attacks.
Andrew Bartlett
|
|
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
|
|
Otherwise, -d10 would be overridden by 'debug level = 1', because
debug level is an alias of 'log level' which -d was setting.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Nov 27 01:02:40 CET 2010 on sn-devel-104
|
|
adding new share via MMC
Change the find_service() interface to not depend on fstring, and
create a useable talloc-based interface.
Jeremy.
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov 5 11:24:41 UTC 2010 on sn-devel-104
|
|
The previous code was buggy in that it did not honour the 'store'
argument to lp_set_cmdline_helper(), and would use the stored
parameter after freeing it when handling overwritten values.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 2 05:19:17 UTC 2010 on sn-devel-104
|
|
By removing this global variable, the API between the two different
debug systems is made more similar. Both s3 and s4 now have
lp_set_cmdline() which ensures that the smb.conf cannot overwrite
these the user-specified log level.
Andrew Bartlett
|
|
This change improves the setup_logging() API so that callers which
wish to set up logging to stderr can simply ask for it, rather than
directly modify the dbf global variable.
Andrew Bartlett
|
|
lp_enable_privileges(). Needed"
Not needed - privileges code prevents "enable privileges = no" from adding privileges
anyway.
This reverts commit a8b95686a7bde3f96f141b6938e24e101567ef54.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
|
|
Needed
to maintain compatibility with smb.conf manpage.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
|
|
that is called from many places, not just smb.conf processing. Only
clean parametric options when doing actual smb.conf reading (or
registry equivalent).
Michael Adams, Volker, Metze, please check.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 16 06:46:19 UTC 2010 on sn-devel-104
|
|
None of these uses requires a special destructor
|
|
Guenther
|
|
Guenther
|
|
|
|
through an smb.conf option.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Guenther
|
|
This parameter is used with the registry backend to
cause the globals table to be re-initialised.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
Guenther
|
|
Andreas, please check.
Guenther
|
|
|
|
This will be used to be able to put the default idmap config
read only. This can make sense for instance with the tdb2
idmap backend and using the idmap script feature.
|
|
|
|
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Guenther
|
|
Guenther
|
|
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This is needed for a future split out of the server_role code.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
Jeremy.
|
|
Jeremy.
|
|
Guenther
|
|
Guenther
|
|
SLES10.
Fix cups encryption setting
I had the same problem and it's due to the fact that samba doesn't respect the
"cups encryption" setting since lp_cups_encrypt changes the value: if you set
"cups encryption=no", the first call will change it to HTTP_ENCRYPT_NEVER,
since that is 1 (i.e. true), the next call will change it to
HTTP_ENCRYPT_ALWAYS and after that it'll remain set as HTTP_ENCRYPT_ALWAYS.
This patch fixes this problem.
Don't mix up the HTTP_ENCRYPT_XXX constants up with the
enumeration constants (True, False, Auto) used in the
loadparm code.
|
|
This is for uses with a heavy-weight username map script
|
|
Set to 64k by default.
Jeremy.
|
|
|
|
Updates usershare files in a backwards compatible way.
I don't intend to back port this fix to 3.5.x as it
depends on a version upgrade in the share_info.tdb share security database.
Jeremy.
|
|
Fix this by moving canonicalization into lib/sharesec.c. Update the
db version to 3. Ensures we always find share names with security
descriptors attached.
Jeremy.
|
|
This is mainly a debugging aid for post-mortem analysis in case a cluster file
system is slow.
|
|
This will enable an extra forked process that will reply
to SMBecho requests, while the main process is blocked by another
request.
metze
|
|
This boolean option controls whether at exit time the server dumps a list of
files with debug level 0 that were still open for write. This is an
administrative aid to find the files that were potentially corrupt if the
network connection died.
|