summaryrefslogtreecommitdiff
path: root/source3/param
AgeCommit message (Collapse)AuthorFilesLines
2002-04-13Patch for arbitary smb.conf paramaters (to make the life of plugin maintainersAndrew Bartlett1-4/+112
sane) from ab. Attached is his e-mail to the samba-technical list, as it describes it rather well: Andrew Bartlett Subject: [PATCH] Parametrical options support for Samba 3.0 Date: Fri, 12 Apr 2002 19:13:13 +0300 From: Alexander Bokovoy <a.bokovoy@sam-solutions.net> To: samba-technical@samba.org CC: tridge@samba.org Greetings! Attached patch makes possible arbitrary options to be specified in smb.conf and later queried from VFS modules (and other places) without problems. Below such options are called 'parametrical options'. Patch introduces new notation to smb.conf option's language, as discussed today with Tridgell on @samba-technical: TYPE: OPTION = VALUE Colon sign is important here, it is what distinguishes parametrical options from ones hardcoded in param/loadparm.c. TYPE is 'option domain', OPTION is option name itself. In order to access values of parametrical options, lp_parm_string() function was implemented: char *lp_parm_string(const char *servicename, const char *type, const char *option); This function accepts service name, type and option name, and returns value of option or NULL if this option is underfined. Service name can be NULL, resulting in search in 'global' section only. If option does not exist in specified service, 'global' section is scanned. This allows propagation of globally specified options to all services and later overloading of the option in some services. Caution: 'TYPE: OPTION' combination is case sensitive. So far, testparm is able to handle parametrical options, while SWAT can't. Thus, everyone familiar with SWAT internals is welcomed to add parametrical options support. (This used to be commit bfd7cd43556bed3131d0d18869abfd1cbc30bcd0)
2002-04-13Better handling of uid/gid -> RID and RID -> uid/gid code.Andrew Bartlett1-0/+5
All uids and gids must create valid RIDs, becouse other code expects this, and can't handle the failure case. (ACL code in particular) Allow admins to adjust the base of the RID algorithm, so avoid clashes with users brought in from NT (for example). Put all the algorithm code back in one place, so that this change is global. Better coping with NULL sid pointers - but it still breaks a lot of stuff. BONUS: manpage entry for new paramater :-) counter based rids for normal users in tdbsam is disabled for the timebeing, idra and I will work out some things here soon I hope. Andrew Bartlett (This used to be commit 5275c94cdf0c64f347d4282f47088d084b1a7ea5)
2002-04-12set the default hashing scheme in head to "hash2"Andrew Tridgell1-0/+3
it seems to be a much better scheme (This used to be commit c8e2250ab1eae3aebecd8669e63f95f8656ae361)
2002-04-11This split the mangling code up to allow for the possibility of multipleAndrew Tridgell1-0/+3
mangling implementation, selectable using "mangling method = " in smb.conf It also tidies the interface a little, although it is still nasty. (This used to be commit be23d87a178e7d0691e7d942adf89bb3d2d533c2)
2002-04-10Added Shirish's client side caching policy change.Jeremy Allison1-2/+17
Jeremy. (This used to be commit 16015c07eab2e57fa3771051e3e08fde21757cfa)
2002-04-02Fix continual scanning of smb.conf if an include file doesn't exist. FoundJeremy Allison1-7/+7
by Herb. Jeremy. (This used to be commit f4f2a62740625495fa2dae03751829a4528713cc)
2002-03-27Added sys_adminlog() system for info the appliance admins reallyJeremy Allison1-0/+5
need to know about. Different from the DEBUG system. Jeremy. (This used to be commit 74eac41c681f92a6da0ae2167f031e021862e0d8)
2002-03-23Minor fixes:Andrew Bartlett1-5/+4
- Fix warnings in loadparm.c - Remove the unused 'passdb modules path' paramater - Make pdb_ldap use $ termination rather than the workstation trust account flag becouse some 'machine' accounts appear as normal accounts at creation time. Also covers domains etc. Andrew Bartlett (This used to be commit 8c82a3daf777bcd4cd4388d30222e370fe800819)
2002-03-19Sync up vfs changes from 2.2.x.Jeremy Allison1-1/+2
Jeremy. (This used to be commit ad1e858d8e72adf924ff435eab8da3e60842e2e6)
2002-03-13include/smb_macros.h: Don't round up an allocation if the size is zero.Jeremy Allison1-0/+8
"One of these locks is not like the others... One of these locks is not quite the same" :-). When is a zero timeout lock not zero ? When it's being processed by Windows 2000 of course.. This code change, ugly though it is - completely fixes the foxpro/access multi-user file system database problems that people have been having. I used a *wonderful* test program donated by "Gerald Drouillard" <gerald@drouillard.ca> which allowed me to completely reproduce this problem, and to finally determine the correct fix. This also explains why Windows 2000 is *so slow* when responding to the smbtorture lock tests. I *love* it when all these things come together and finally make sense :-). Jeremy. (This used to be commit 8aa9860ea2ea7f5aed4b6aa12794fffdfa81b0d0)
2002-03-11Implemented default ACL patch (set inherit acls = true on a per share basis).Jeremy Allison1-0/+4
Based on code donated by Olaf Fr±czyk <olaf@cbk.poznan.pl>. Further commit will change to sending via vfs interface. Jeremy. (This used to be commit d85133e2697eb22f1573c78447b57791ae63dd6b)
2002-03-03make default unix charset UTF8Andrew Tridgell1-0/+3
this means that we at least support all unicode chars by default (This used to be commit 54a3f374496316ccc6d0e4aa2267963193690a23)
2002-03-02compile fix from vanceSimo Sorce1-0/+2
(This used to be commit b6d62b8b2e0d72b0588fbe10b12c3877feb5ca71)
2002-03-02Move these inside the #ifdef to fix the compile on non-LDAPsam systems.Andrew Bartlett1-4/+5
(This used to be commit 75f72f0b6a698e462a0567674613319dde789084)
2002-03-02This is now unusedAndrew Bartlett1-1/+0
(This used to be commit 6c5052a1a9e47c2efe0d5e84bee05ae335d79e60)
2002-03-02This patch merges my private LDAP tree into HEAD.Andrew Bartlett1-7/+94
The main change here is to move ldap into the new pluggable passdb subsystem and to take the LDAP location as a 'location' paramter on the 'passdb backend' line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported, and by hand where it isn't. It also adds the ldap user suffix and ldap machine suffix smb.conf options, so that machines added to the LDAP dir don't get mixed in with people. Non-unix account support is also added. This means that machines don't need to be in /etc/passwd or in nss_ldap's scope. This code has stood up well under my production environment, so it relitivly well tested. I'm commiting this now becouse others have shown interest in using it, and there is no point 'hording' the code :-). Andrew Bartlett (This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
2002-02-27Added "nt status support" parameter. Fix offline synchronisation.Jeremy Allison1-0/+4
Jeremy. (This used to be commit 9243a9778e52999d5c62cba484640637b24994d8)
2002-02-25add required flags to "nt acl support" so it will show up in SWATHerb Lewis1-1/+1
(This used to be commit d1ccdb5d1cb3d624285b13e662153e1e74ba3d71)
2002-02-20enable large readwrite by defaultAndrew Tridgell1-1/+1
this should improve performance with w2k clients and seems to work fine (This used to be commit 67a3135e044b40467d0d06d271ed981768700b95)
2002-02-16Added comment in lp_string() about debugging memory problems.Tim Potter1-0/+9
(This used to be commit 98e97fac17b766a6da658daa1ec40ffaf6f5bb2e)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-25that's the wins replication daemon !Jean-François Micouleau1-0/+3
there are still some work to do on it but it's already functionnal. J.F. (This used to be commit 2506c98d19263bd5f367a488c2238dcdfec46ee9)
2002-01-25Initialise password server to "*" in init_globals()Tim Potter1-0/+1
(This used to be commit 97b243c488e8b976e40c6d873282a153f80c06e4)
2002-01-22merge from 2.2. ofGerald Carter1-0/+4
* PRINTER_ATTRIBUTE's * "default devmode" parameter (This used to be commit 90a7a1840b4823d4ebe047130a95dd15a824500b)
2002-01-20This is another *BIG* change...Andrew Bartlett1-1/+42
Samba now features a pluggable passdb interface, along the same lines as the one in use in the auth subsystem. In this case, only one backend may be active at a time by the 'normal' interface, and only one backend per passdb_context is permitted outside that. This pluggable interface is designed to allow any number of passdb backends to be compiled in, with the selection at runtime. The 'passdb backend' paramater has been created (and documented!) to support this. As such, configure has been modfied to allow (for example) --with-ldap and the old smbpasswd to be selected at the same time. This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua. These two backends accept 'non unix accounts', where the user does *not* exist in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to avoid conflicts in the algroitmic mapping of RIDs, they use the values specified in the 'non unix account range' paramter - in the same way as the winbind ranges are specifed. While I was at it, I cleaned up some of the code in pdb_tdb (code copied directly from smbpasswd and not really considered properly). Most of this was to do with % macro expansion on stored data. It isn't easy to get the macros into the tdb, and the first password change will 'expand' them. tdbsam needs to use a similar system to pdb_ldap in this regard. This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I don't have the test facilities for these. I plan to incoroprate at least pdb_ldap into this scheme after consultation with Jerry. Each (converted) passdb module now no longer has any 'static' variables, and only exports 1 init function outside its .c file. The non-unix-account support in this patch has been proven! It is now possible to join a win2k machine to a Samba PDC without an account in /etc/passwd! Other changes: Minor interface adjustments: pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*. pdb_update_sam_account() no longer takes the 'override' argument that was being ignored so often (every other passdb backend). Extra checks have been added in some places. Minor code changes: smbpasswd no longer attempts to initialise the passdb at startup, this is now done on first use. pdbedit has lost some of its 'machine account' logic, as this behaviour is now controlled by the passdb subsystem directly. The samr subsystem no longer calls 'local password change', but does the pdb interactions directly. This allow the ACB_ flags specifed to be transferred direct to the backend, without interference. Doco: I've updated the doco to reflect some of the changes, and removed some paramters no longer applicable to HEAD. (This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-18This is the 'winbind default domain' patch from Alexander BokovoyAndrew Bartlett1-0/+4
<a.bokovoy@sam-solutions.net>. The idea is the domain\username is rather harsh for unix systems - people don't expect to have to FTP, SSH and (in particular) e-mail with a username like that. This 'corrects' that - but is not without its own problems. As you can see from the changes to files like username.c and wb_client.c (smbd's winbind client code) a lot of assumptions are made in a lot of places about lp_winbind_seperator determining a users's status as a domain or local user. The main change I will shortly be making is to investigate and kill off winbind_initgroups() - as far as I know it was a workaround for an old bug in winbind itself (and a bug in RH 5.2) and should no longer be relevent. I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters to determine a user/groups's 'local' status, rather than the presence of the seperator. As such, this functionality is recommended for servers providing unix services, but is currently less than optimal for windows clients. (TODO: remove all references to lp_winbind_seperator() and lp_winbind_use_default_domain() from smbd) Andrew Bartlett (This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
2002-01-16Separate out get_user_home_dir() from get_user_home_service_dir().Jeremy Allison1-37/+29
Jeremy. (This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054)
2002-01-16Roll back PSTRING_SANCTIFY patch; just leave non-controversial typeMartin Pool1-1/+1
and constness changes. (This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424)
2002-01-15Add constness to parametersMartin Pool1-2/+2
(This used to be commit a61abaec063d00afe13ce0baa356245fb6e21bc0)
2002-01-09For hysterical raisins you must use string_set() to set the value of aTim Potter1-1/+1
string in the loadparam Globals struct. Using pstrcpy was causing every NULL string was being set to the name of the winbindd log file. (-: (This used to be commit 24bae9f05523a7c85bf1988d349149ebeb5067f0)
2002-01-08Added get_called_name() function, which replaces global_myname in printingJeremy Allison1-0/+10
code (one less global, hurrah !) - to allow NetBIOS aliasing to be used with point and print. Jeremy. (This used to be commit 10d72f0b01e5950c667f3f73dff1b4da5b675ea3)
2002-01-03Put a name on lp_talloc poolMartin Pool1-1/+1
(This used to be commit 472121749460a73f684bdbd02b828e89fad101af)
2002-01-02sync up ldap defaults with 2.2Gerald Carter1-2/+3
(This used to be commit 59174310d419aa835031c7a318d85fe25ba28227)
2001-12-30Add a pile of doxygen style comments to various parts of Samba. Many of theseAndrew Bartlett1-1/+1
probably will never actually be genearted, but I like the style in any case. Also fix a segfault in 'net rpc' when the login failed and a small memory leak on failure in the auth_info.c code. Andrew Bartlett (This used to be commit 2efae7cc522651c22fb120835bc800645559b63e)
2001-12-20Removed global debugf. Replaced with lp_set_logfile(name).Jeremy Allison1-0/+9
Fixed winbindd to finally stop leaving log. file droppings :-). Jeremy. (This used to be commit 0bea6cf79a44f79fa3a4f2c8381e898e79c66509)
2001-12-20fixed more warnings on irixAndrew Tridgell1-3/+3
(This used to be commit 2ffefba86997c9d6bc2a9b6dac1e576f4b64c777)
2001-12-20fixed sscanf() of gid_t valuesAndrew Tridgell1-4/+4
(This used to be commit 102af994de6bbfbe94f13c1880fc31c6414c9f8e)
2001-12-13update the ldap support code. it compiles.Jean-François Micouleau1-21/+37
Ignacio you can update your howto ;-) samsync: a small patch to try chaning challenges. J.F. (This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
2001-12-07added a "use spnego" optionAndrew Tridgell1-0/+6
you need to set "use spnego = no" for w2k to be able to join a samba domain. Otherwise the w2k box will assume we can do kerberos as a KDC (This used to be commit b5cb57a367a6d9a82e082e2838e83e0997eb4930)
2001-12-06again an intrusive patch:Jean-François Micouleau1-15/+9
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the definition of standard_sub_basic() to cope with that. - removed the smb.conf: 'domain admin group' and 'domain guest group' parameters ! We're not playing anymore with the user's group RIDs ! - in get_domain_user_groups(), if the user's gid is a group, put it first in the group RID list. I just have to write an HOWTO now ;-) J.F. (This used to be commit fef52c4b96c987115fb1818c00c2352c67790e50)
2001-12-01removed the #ifdef USING_GROUPNAME_MAP/#endif blocksJean-François Micouleau1-10/+0
that GROUPNAME_MAP has never been used. I'll delete the smbd/groupname.c file too J.F. (This used to be commit 2285e98f205752ec801d11b4bb9afa33e768fd93)
2001-11-26A number of things to clean up the auth subsytem a bit...Andrew Bartlett1-1/+27
We now default encrypt passwords = yes We now check plaintext passwords (however aquired) with the 'sam' backend rather than unix, if encrypt passwords = yes. (this kills off the 'local' backed. The sam backend may be renamed in its place) The new 'samstrict' wrapper backend checks that the user's domain is one of our netbios aliases - this ensures that we don't get fallback crazies with security = domain. Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks that the user was not local before contacting the DC. The default ordering has changed, we now check the local stuff first - but becouse of the changes above, we will really only ever contact one auth source. Andrew Bartlett (This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)
2001-11-26updated server_role for ADSAndrew Tridgell1-0/+1
(This used to be commit 48df0d2b5dee3c010c88587352554220f8b92b0f)
2001-11-26Another merge from appliance-head: in [ug]id_to_sid don't call theTim Potter1-10/+60
winbind function if the id is obviously going to be local. Cleanup of winbind [ug]id parameter handling. (This used to be commit 4ab9ca31a02b3388aa89a00e0390ea9e4c76283a)
2001-11-25added 'security=ADS'Andrew Tridgell1-0/+1
(This used to be commit 5a735a88e472a48cd4329832998dc31c1e230ecb)
2001-11-24added "net join" commandAndrew Tridgell1-0/+3
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-9/+4
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-19Move all other paths into dynconfigMartin Pool1-3/+3
(This used to be commit d51ef6bfa3d194b58c3ee7706a7d475ef042676d)
2001-11-19LIBDIR and LOCKDIR are dynamically configured too.Martin Pool1-1/+1
(This used to be commit 868999ad3c82ad72f11d5b3208b0e42b1ed95096)
2001-11-09This change updates lp_guestaccount() to be a *global* paramater, rather thanAndrew Bartlett1-5/+5
per-share. I beleive that almost all the things that this could have done on a per-share basis can be done with other tools, like 'force user'. Almost all the user's of this paramater used it as a global anyway... While this is one step at a time, I hope it will allow me to considerably simplfy the make_connection() code, particularly for the user-level security case. This already removes an absolute truckload of extra attempted password lookups on the guest account. Andrew Bartlett (This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)