summaryrefslogtreecommitdiff
path: root/source3/param
AgeCommit message (Collapse)AuthorFilesLines
2010-12-15Change strict allocate to default to true. (cherry picked from commit ↵Jeremy Allison1-1/+1
820ea22a07b062b1717d35de8fa7051fc1067c3f)
2010-12-10Add a SMB2 crediting algorithm, by default the same as Windows. Defaults to ↵Jeremy Allison1-4/+21
128 credits. Jeremy.
2010-12-10s3-client Use NTLMv2 by default in the Samba clientAndrew Bartlett1-2/+2
This matches the improved security measures of Windows Vista. Andrew Bartlett
2010-12-10s3-smbd Don't send SPNEGO principal (rfc4178 hint) by defaultAndrew Bartlett1-0/+11
This patch, based on the suggestion by Goldberg, Neil R. <ngoldber@mitre.org> turns off the sending of the principal in the negprot by default, matching Windows 2008 behaviour. This slowly works us back from this hack, which from an RFC perspective was never the right thing to do in the first place, but we traditionally follow windows behaviour. It also discourages client implmentations from relying on it, as if they do they are more open to man-in-the-middle attacks. Andrew Bartlett
2010-12-10s3-libads Default to NOT using the server-supplied principal from SPNEGOAndrew Bartlett1-0/+11
This principal is not supplied by later versions of windows, and using it opens up some oportunities for man in the middle attacks. (Becuase it isn't the name being contacted that is verified with the KDC). This adds the option 'client use spnego principal' to the smb.conf (as used in Samba4) to control this behaivour. As in Samba4, this defaults to false. Against 2008 servers, this will not change behaviour. Against earlier servers, it may cause a downgrade to NTLMSSP more often, in environments where server names are not registered with the KDC as servicePrincipalName values. Andrew Bartlett
2010-11-27s3-param Fix lp_set_cmdline() to set the flag on alias values tooAndrew Bartlett1-1/+11
Otherwise, -d10 would be overridden by 'debug level = 1', because debug level is an alias of 'log level' which -d was setting. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Nov 27 01:02:40 CET 2010 on sn-devel-104
2010-11-10Fix bug 7781 - Samba transforms ShareName to lowercase (sharename) when ↵Jeremy Allison1-9/+3
adding new share via MMC Change the find_service() interface to not depend on fstring, and create a useable talloc-based interface. Jeremy.
2010-11-05s3: Allow disabling of mdns registrationsVolker Lendecke1-0/+12
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Nov 5 11:24:41 UTC 2010 on sn-devel-104
2010-11-02s3-param Fix up lp_set_cmdline() not to re-store cmdline options on each reloadAndrew Bartlett1-4/+9
The previous code was buggy in that it did not honour the 'store' argument to lp_set_cmdline_helper(), and would use the stored parameter after freeing it when handling overwritten values. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 2 05:19:17 UTC 2010 on sn-devel-104
2010-11-02s3-debug Remove 'AllowDebugChange' and use lp_set_cmdline() insteadAndrew Bartlett1-6/+1
By removing this global variable, the API between the two different debug systems is made more similar. Both s3 and s4 now have lp_set_cmdline() which ensures that the smb.conf cannot overwrite these the user-specified log level. Andrew Bartlett
2010-11-02s3-debug Impove setup_logging() to specify logging to stderrAndrew Bartlett1-2/+1
This change improves the setup_logging() API so that callers which wish to set up logging to stderr can simply ask for it, rather than directly modify the dbf global variable. Andrew Bartlett
2010-10-22Revert "Wrap security_token_has_privilege() with a check for ↵Jeremy Allison1-8/+0
lp_enable_privileges(). Needed" Not needed - privileges code prevents "enable privileges = no" from adding privileges anyway. This reverts commit a8b95686a7bde3f96f141b6938e24e101567ef54. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
2010-10-22Wrap security_token_has_privilege() with a check for lp_enable_privileges(). ↵Jeremy Allison1-0/+8
Needed to maintain compatibility with smb.conf manpage. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
2010-10-16Don't arbitrarily clean all parametric options in add_a_service(),Jeremy Allison1-3/+3
that is called from many places, not just smb.conf processing. Only clean parametric options when doing actual smb.conf reading (or registry equivalent). Michael Adams, Volker, Metze, please check. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Oct 16 06:46:19 UTC 2010 on sn-devel-104
2010-10-08s3: Remove talloc_autofree_context() from loadparm.cVolker Lendecke1-6/+5
None of these uses requires a special destructor
2010-09-23s3-build: fix the build of test_lp_load.Günther Deschner1-0/+1
Guenther
2010-09-20s3-build: only include smbldap.h where needed.Günther Deschner1-0/+1
Guenther
2010-09-15s3-misc: Introduce lp_ncalrpc_dir() in S3, like we have in S4.Simo Sorce1-0/+14
2010-09-14Allows changing the maximum number of simultaneous clients in winbindd ↵Pierre Carrier1-1/+12
through an smb.conf option. Signed-off-by: Jeremy Allison <jra@samba.org>
2010-09-02s3-param: added lp_set_cmdline() and --option= parameterAndrew Tridgell1-5/+151
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-28s3: Remove an unused macroVolker Lendecke1-2/+0
2010-08-26s3-build: use dbwrap.h only where needed.Günther Deschner1-0/+1
Guenther
2010-08-22s3:param Clarify parameter name on init_globals()Andrew Bartlett1-4/+4
This parameter is used with the registry backend to cause the globals table to be re-initialised. Andrew Bartlett Signed-off-by: Michael Adam <obnox@samba.org>
2010-08-20s3:loadparm: make lp_load_ex static. We have wrappers for external callers.Michael Adam1-7/+7
2010-08-18s3-build: only include smb_signing.h where needed.Günther Deschner1-0/+2
Guenther
2010-08-16s3-param: also remove lp_update_encrypted from loadparm.Günther Deschner1-1/+0
Andreas, please check. Guenther
2010-08-16s3-auth: Remove obsolete 'update encrypted' option.Andreas Schneider1-9/+0
2010-08-14s3:loadparm: add new boolean parameter "idmap read only"Michael Adam1-0/+12
This will be used to be able to put the default idmap config read only. This can make sense for instance with the tdb2 idmap backend and using the idmap script feature.
2010-08-14s3:loadparm: remove parameter "idmap alloc backend"Michael Adam1-11/+0
2010-08-13s3-loadparm: Added some comments to lp_load_ex calls.Andreas Schneider1-9/+10
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-06s3-param: include svcctl headers in loadparm.Günther Deschner1-0/+1
Guenther
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+2
Guenther
2010-06-01s3:param Put 'server_role' functions in another file.Andrew Bartlett2-84/+111
Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-06-01s3:param Add helper function to get at Gobals.iDomainMasterAndrew Bartlett1-0/+12
This is needed for a future split out of the server_role code. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-05-31s3: Don't announce readraw and writeraw with the async echo responderVolker Lendecke1-2/+18
2010-05-21Make DFS work over SMB2.Jeremy Allison1-6/+0
Jeremy.
2010-05-21Set SMB2 max read/write/trans sizes to Win7 compatible - 1Mb.Jeremy Allison1-3/+3
Jeremy.
2010-05-18s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".Günther Deschner1-2/+2
Guenther
2010-05-18smbconf: only include smbconf headers where needed.Günther Deschner1-0/+3
Guenther
2010-05-04Fix bug #7263 - Unable to print using Samba 3.5.1 and cups-1.1.23-40.46 on ↵Luca Olivetti1-4/+5
SLES10. Fix cups encryption setting I had the same problem and it's due to the fact that samba doesn't respect the "cups encryption" setting since lp_cups_encrypt changes the value: if you set "cups encryption=no", the first call will change it to HTTP_ENCRYPT_NEVER, since that is 1 (i.e. true), the next call will change it to HTTP_ENCRYPT_ALWAYS and after that it'll remain set as HTTP_ENCRYPT_ALWAYS. This patch fixes this problem. Don't mix up the HTTP_ENCRYPT_XXX constants up with the enumeration constants (True, False, Auto) used in the loadparm code.
2010-04-13s3: Cache the username map in gencacheVolker Lendecke1-0/+11
This is for uses with a heavy-weight username map script
2010-04-06Parameterize "smb2 max read", "smb2 max write", "smb2 max trans".Jeremy Allison1-0/+37
Set to 64k by default. Jeremy.
2010-03-28s3: Use bitmap_talloc in loadparmVolker Lendecke1-5/+6
2010-03-26Fix bug #7240 - Net usershare is not case sensitive.Jeremy Allison1-51/+67
Updates usershare files in a backwards compatible way. I don't intend to back port this fix to 3.5.x as it depends on a version upgrade in the share_info.tdb share security database. Jeremy.
2010-03-22share_info.tdb could use non-canonicalized sharenames.Jeremy Allison1-6/+6
Fix this by moving canonicalization into lib/sharesec.c. Update the db version to 3. Ensures we always find share names with security descriptors attached. Jeremy.
2010-03-22s3: Add the "ctdb locktime warn threshold" parameterVolker Lendecke1-0/+12
This is mainly a debugging aid for post-mortem analysis in case a cluster file system is slow.
2010-03-22s3:param: add "async smb echo handler" optionStefan Metzmacher1-0/+11
This will enable an extra forked process that will reply to SMBecho requests, while the main process is blocked by another request. metze
2010-03-22s3: Add "log writeable files on exit" parameterVolker Lendecke1-0/+13
This boolean option controls whether at exit time the server dumps a list of files with debug level 0 that were still open for write. This is an administrative aid to find the files that were potentially corrupt if the network connection died.
2010-02-11Remove lp_safe_widelinks() -> convert to just lp_widelinks. Suggestion from ↵Jeremy Allison1-3/+18
Volker. Create widelinks_warning(int snum) to cover the message needed in make_connection. Jeremy.
2010-02-11Introduce lp_safe_widelinks()Simo Sorce1-0/+16
This way we avoid any chance that a configuration reload may turn back on wide links when unix extensions are enabled.