summaryrefslogtreecommitdiff
path: root/source3/param
AgeCommit message (Collapse)AuthorFilesLines
2003-02-22Remove 'unixsam' from the default passdb backends.Andrew Bartlett1-2/+2
The intention is to remove the muliple passdb backends, but we need the 'guest' account to always be there. If the admin adds the guest account to (say) LDAP, there will only be one backend required for operation. This helps remove some nasty behaviours with adding accounts to the system for both the RPC 'create user' and the SAMSYNC code. Users 'added' with an 'add user/machine' script won't magicly appear, and machine accounts 'pre-added' to unix, but not the smbpasswd file will not cause mayhem. This commit also implements somthing tridge discussed with me, the concept of 'default' passdb operation pointers - so that each backend does not need it's own stub funcitons wrapping the default tdb privilages/group mapping code. This also removes an implicit 'sid->name' and 'name->sid' mapping from our own local SID space, to winbind usernames. When adding mapping for NIS/LDAP non-sam users in future, we need to be careful. Andrew Bartlett (This used to be commit 6f32fa234961a525760a05418a08ec48d22d7617)
2003-02-21rename 'winbind backend' to 'idmap backend'. Put paramter in security ↵Jim McDonough1-4/+4
section...does this make sense? (This used to be commit 822083f73e8ba4e096c53ff0f7578f47bc21b7b5)
2003-02-20From aliguori@us.ibm.com:Jim McDonough1-0/+6
This patch adds the architecture for an IDMAP backend system including a new smb.conf parameter "winbind backend". Right now, the only valid value is "tdb" but I'm currently working on an LDAP backend. (This used to be commit 35e4448dcb2deb0d5d34d9e974a49f2fb31f1356)
2003-02-09(only for HEAD at the moment).Andrew Bartlett1-1/+13
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 = yes') and only when 'client use spengo = no'. (A new option to allow the client and server ends to chose spnego seperatly). NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet. Also some parinoia checks in our input parsing. Andrew Bartlett (This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
2003-02-01We now have client-side SMB signing support!Andrew Bartlett1-4/+7
This checking allows us to connect to Microsoft servers the use SMB signing, within a few restrictions: - I've not get the NTLMSSP stuff going - it appears to work, but if you break the sig - say by writing a zero in it - it still passes... - We don't currently verfiy the server's reply - It works against one of my test servers, but not the other... However, it provides an excellent basis to work from. Enable it with 'client signing' in your smb.conf. Doc to come (tomorrow) and this is not for 3.0, till we get it complete. The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the standard session key, ie MD4(NT#). Thanks to jra for the early work on this. Andrew Bartlett (This used to be commit 1a2738937e3d80b378bd0ed33cd8d395fba2d3c3)
2003-01-13Patch from metze to to make testparm show values for 'workgroup', 'netbiosAndrew Bartlett1-7/+29
name' and 'netbios scope'. Probably has a similar effect on SWAT. Also adds '-V' to testparm. Andrew Bartlett (This used to be commit 71f4d8efd36351ddb2180103c160a6d737da62b1)
2003-01-02BIG patch...Andrew Bartlett2-65/+65
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-12-29Add msdfs proxy functionality to HEAD.Shirish Kalele1-0/+4
(This used to be commit 9df93b1ffc9ce98302540cc3d2cbd66787abc4fd)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-1/+1
named. Ensure we can query them. Jeremy. (This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
2002-12-12Added "kernel change notify" boolean to allow easier valgrind testing.Jeremy Allison1-0/+4
Jeremy. (This used to be commit ac856fbb96e5ed21992972805b27cc8c3f9377df)
2002-12-09finnally put in Alexander parametric pacthSimo Sorce1-75/+298
(This used to be commit e6ae8b4eac66637d398406545654bba960d9e6b8)
2002-11-25Make lp_winbind_separator a const string.Tim Potter1-1/+1
(This used to be commit be90650674ce5ebc292fc804e6168c5cc4ed25dd)
2002-11-22Add support for 'restrict anonymous=2' and make the doco give a slight hintAndrew Bartlett1-1/+3
as to what it now does in 3.0. Needs more work, but better than documenting the old functionality :-). As the security benifits of this are nullified by a setting of 'guest ok' on any share, we might want to put some documentation there too. Andrew Bartlett (This used to be commit ab812ada56b740ac986de8e1f4ca36641ec61c01)
2002-11-13add lp_modules()Jelmer Vernooij1-0/+3
(This used to be commit 344d8e521f951e7f59b8378fee80bb553670a3be)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-316/+220
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-11-02Add a 'ldap trust ids' option that lets pdb_ldap check for posixAccountAndrew Bartlett1-0/+3
attributes rather than calling getpwnam() on the user. This should help fix some of metze's performance issues - particularly on enumerations. There is a consequential change to the operation of 'non unix account's in LDAP - they are no longer restricted to being 'within' the NUA range, but will always be added to that range. Finally, there is the doco for this and the previous LDAP SSL changes. (This used to be commit 18abaeffda300074a507561d8372d5bfddc8fe50)
2002-11-02Fixes for pdb_ldap:Andrew Bartlett1-0/+2
- Default is now for start-tls, on the ldap (not ldaps) port - We check for 'I am currently root' in the right place now, and don't accidentily use a cached connection. - We don't loop on failure to be root, or some other errors. - A bit cleaner error reporting for add/modify. - Both the OpenLDAP and manual URI parsing tested. Andrew Bartlett (This used to be commit cfa1e459d727764feddcfdd8c9c0404282e2d0e8)
2002-10-23First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison1-1/+20
This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit a81d700ae9c82d4b7ea631ab7862162a2ed3d512)
2002-10-21merge from samba_3_0Gerald Carter1-19/+0
removed the following parameters * postscript * printer driver * printer driver location * printer driver file also removed the get_a_printer_driver_9x_compatible() function (This used to be commit e7dd8cf903144393b1362719d75430a2ee7e5f27)
2002-10-21add a 'mangle prefix' option to allow people to tune the number ofAndrew Tridgell1-1/+5
characters used in the prefix for 8.3 names in the hash2 algorithm. The longer the prefix the more readable the 8.3 names will be, but the weaker the hash. this was added because of someone complaining that the new hashing algorithm was unreadable but the old one was broken :) (This used to be commit 3ca3cc838e5b957c7244b21947daddc4ee4c3099)
2002-10-15Change default of max_xmit to match W2K. Ensure NT negprot uses it.Jeremy Allison1-1/+3
Jeremy. (This used to be commit e5fbfbcc9dc995b23eb0b46c6f59b03cfe9c02b5)
2002-10-09removed stat() call in lp_add_home()Gerald Carter1-7/+0
(This used to be commit 07c7048aa4ef37f1b7af228ede391ab16503d9a1)
2002-10-05Turn on sendfile detection by default in HEAD and 3.0.Jeremy Allison1-8/+0
Jeremy. (This used to be commit 6a9d0c9bdd57c135c4565da829b2fa4f44874a6d)
2002-10-04Add a timeout to tdb_lock_bystring(). Ensure we never have more thanJeremy Allison1-1/+13
MAX_PRINT_JOBS in a queue. Jeremy. (This used to be commit bb58a08af459b4abae9d53ab98c15f40638ce52b)
2002-10-03make the default printed values for boolean the same for all parameters.Herb Lewis1-2/+2
(This used to be commit 074de699a20a1f8d8f45e576c50b94bb5aeb634e)
2002-09-27Vance picked up a pile of typos etc at the CIFS confernce, and finally got themAndrew Bartlett1-2/+2
off his laptop :-) Andrew Bartlett (This used to be commit df8f0338fae01e5edc176708c2b798c67c2e8c36)
2002-09-27When compiled --with-ldapsam, make ldapsam the default passdb backend.Andrew Bartlett1-1/+3
This is to allow painless upgrades from 2.2, and so people don't get a shock when they follow old docs. If ldap has been detected on the system, ldapsam is always available, just not the default. Andrew Bartlett (This used to be commit 0a6a0c88d0972fcea4aead7115929f96c0d23cbc)
2002-09-27Readd the 2.2 --with-ldapsam paramaters so as to allow a smooth upgrade path toAndrew Bartlett1-0/+18
a 3.0 based PDC. Change defaults to use SSL, so that this also matches. Andrew Bartlett (This used to be commit 36c2a3820faa1d90cd331881720be0e61ab93460)
2002-09-25Fix the circular dependency that was preventing 'domain master = auto' (theAndrew Bartlett1-1/+1
default) from working. Andrew Bartlett (This used to be commit 25950dbb3272949a235bed936c7d7b1d23f15fac)
2002-09-25This patch from "Stefan (metze) Metzmacher" <metze@metzemix.de> cleans upAndrew Bartlett1-4/+23
pdb_ldap and adds a 'ldap passwd sync' option. The idea with this option is to do allow an ldap backend to do all the fancy password hashing etc - and to tell smbd no to try and double-up. Using 'ldap passwd sync = only' will do this, but is not recommended unless such a backend is in place... Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd sync = yes' and having both PAM and pam_ldap correctly configured for 'magic root' behaviour, but only using ldap connection, and one set of credentials. This also gets us closer to allowing ldap to say 'password too short' etc, which might assist in maintaining a consistant password policy. Andrew Bartlett (This used to be commit f13e243f1a13d34ae057b40b01f561e8b95d4570)
2002-09-25Merge of "profile acls" code.Jeremy Allison1-0/+6
Jeremy. (This used to be commit cfd1bf250b417f3ba3ad21ff681ab282311bb7eb)
2002-09-21Sorry for the new parameter, but I think to really reflect what's comingVolker Lendecke1-0/+3
in via deltas, we need a way to set a user's primary group. Volker (This used to be commit 9f7a16acf1b1f3b100b85339aad8268254512e68)
2002-09-18Added "use sendfile" per share option.Jeremy Allison1-1/+12
Jeremy. (This used to be commit 28466ff42c3328e49d46f7cddfc4bb2fe462d871)
2002-09-16Update to add DEVELOPER option to more parameters.John Terpstra1-182/+182
(This used to be commit bd9dbf5c79bf2bfecdf008fe93eba87ea9993a3c)
2002-09-16Applied new display mode FLAGS for SWAT.John Terpstra1-170/+178
(This used to be commit 8a1c136494de47bae74627b07edea6f72eab37cf)
2002-08-29small fixesJelmer Vernooij1-0/+3
make lp_sam_backend() a list (This used to be commit 06eb3138ab14ff450bbc44f5fa539867ce67a7dd)
2002-08-26Reverted and tidied up the "special" files patch. Adds "hide special files"Jeremy Allison1-0/+4
option (set to false by default). Made checking for hide unreadable/writable more efficient (less stat calls, less allocating printf calls). Jeremy. (This used to be commit 15ff5a48f94fdc6ed61fb10f063c4fbf8bb5bb2d)
2002-08-22Put back in BDC support in set_server_role(). Tidied up debugs.Tim Potter1-8/+22
(This used to be commit 08d7d6ffa65568209e953a2834d263cf3537064e)
2002-08-21Fix debug level initialization for net.cVolker Lendecke1-0/+1
Volker (This used to be commit 5af5326f1311a49d3c8316e1dcc27037b831065a)
2002-08-20fix typoJelmer Vernooij1-1/+1
(This used to be commit 71e2b41c77cc3128c6cb6e68b7ddbe2213274805)
2002-08-19fix typo auth/auth_server.cJelmer Vernooij1-4/+0
remove unused 'max packet' and 'packet size' options (This used to be commit 6a787a695db65688916464a9b0e2a9024b131eee)
2002-08-19remove 'admin log' parameter (discussed with Jeremy)Jelmer Vernooij1-7/+0
remove 'alternate permissions' parameter (deprecated and not used since 2.0) (discussed with tridge) (This used to be commit 6e34651591d1de3293b239195078778ba1d0e565)
2002-08-17Rework the 'guest account get's RID 501' code again...Andrew Bartlett1-1/+1
This moves it right into the passdb subsystem, where we can do this in just one (or 2) places. Due to the fact that this code can be in a tight loop, I've had to make 'guest account' a 'const' paramater, where % macros cannot be used. In any case, if the 'guest account' varies, we are in for some nasty cases in the other code, so it's useful anyway. Andrew Bartlett (This used to be commit 8718e5e7b2651edad15f52a4262dc745df7ad70f)
2002-08-16Merge of netbios namecache code from APPLIANCE_HEAD.Tim Potter1-0/+6
Tridge suggested a generic caching mechanism for Samba to avoid the proliferation of little cache files hanging around limpet like in the locks directory. Someone should probably implement this at some stage. (This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
2002-08-12Allow ADS PDC to existJim McDonough1-2/+2
(This used to be commit e6ceb3482340e06d8a0a0963c6df6cf54090e5c3)
2002-08-03fix log level, set a default, and also copy the value set in smb.conf into ↵Simo Sorce1-2/+5
parm_struct.ptr this one also fixes log level not shown in swat fix swat help system (This used to be commit 7532e828966f3baaa418b528a5b7fe450c488401)
2002-07-31Only allow 'security=ads' when we HAVE_ADS.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit f77335b6f86c736e72b66eab6a2aee046ddbee41)
2002-07-31added 'disable netbios = yes/no' option, default is noAndrew Tridgell1-0/+3
When this option is disabled we should not do *any* netbios operations. You should also not start nmbd at all. I have put initial checks in at the major points we do netbios operations in smbd but there are bound to be more needed. Right now I've disabled all netbios name queries, all WINS lookups and node status queries in smbd and winbindd. I've been testing this option and the most noticable thing is how much more responsive things are! wthout those damn netbios timeouts things certainly are much slicker. (This used to be commit 12e7953bf2497eeb7c0bc6585d9fe58b3aabc240)
2002-07-31added support for smbd listening on port 445 and 139. It now listensAndrew Tridgell1-0/+4
on both by default, and you can specify a list of ports to listen on either with "smb ports = " in smb.conf or using the -p option to smbd. this is needed for proper netbiosless operation. (This used to be commit 5dee0a7b5e0fcb298a9d36661c80e60d8b9bcc3a)
2002-07-30OK!Simo Sorce1-0/+4
Finally the cascaded VFS patch is in. Testing is very welcome, specially with layered multiple vfs modules. A big thank to Alexander Bokovoy for his work and patience :) Simo. (This used to be commit 56283601afe1836dafe0580532f014e29593c463)