1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

2117 Commits

Author SHA1 Message Date
Andrew Bartlett
a1b1f8ffd2 doc-xml: Add entry for reload-certs for new LDAP certificate reload function
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-25 20:04:29 +00:00
Andrew Bartlett
9facc2e1d8 docs-xml: Fix invalid XML in smbcontrol manpage
This was picked by a mode in Emacs.

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-07-25 20:04:29 +00:00
Pavel Filipenský
ca5cc05b22 s3:script: Replace --merge by --merge-by-timestamp in samba-log-parser
For --merge-by-timestamp the traces do not need to contain the traceid
header field.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Jul 20 19:14:05 UTC 2023 on atb-devel-224
2023-07-20 19:14:05 +00:00
Pavel Filipenský
16386bfd4c docs-xml:manpages: Fix tabs in samba-log-parser.1.xml
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-20 18:16:37 +00:00
Rob van der Linde
bb6fecd9ac netcmd: sites: add sites and subnet list and view commands to manpage
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 19 04:29:15 UTC 2023 on atb-devel-224
2023-07-19 04:29:15 +00:00
Rob van der Linde
7f7d68573c netcmd: sites: add missing subnet commands to samba-tool manpage
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-19 03:31:30 +00:00
Martin Schwenke
230f8db40f docs-xml: Fix script idmap backend documentation
This was clearly copied from the tdb2 backend and incompletely edited.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jul 10 23:47:12 UTC 2023 on atb-devel-224
2023-07-10 23:47:12 +00:00
Martin Schwenke
3f76b98037 docs-xml: Tweak autorid idmap backend documentation
The name of the placeholder is misleading.  It certainly isn't per
domain, so we might as well indicate that it is per range.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-07-10 22:49:31 +00:00
Martin Schwenke
6989ec3873 docs-xml: Fix rid idmap backend documentation
The statement just above the example says the example demonstrates the
use of the base_rid parameter.  It doesn't, so fix this.

Also fix a typo.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-07-10 22:49:31 +00:00
Rob van der Linde
d7b0468568 netcmd: domain: man page updates for auth silo and policy cli
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Stefan Metzmacher
48cc2862c2 docs-xml/smbdotconf: also allow 2012[_R2] for 'ad dc functional level'
We may not jump to 2016 directly...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 19:08:37 +00:00
Volker Lendecke
8a864e3f52 docs: Remove seekdir/telldir reference
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-16 16:14:30 +00:00
Joseph Sutton
0743e11d46 samba-tool: Fix typo
Found by Rob van der Linde <rob@catalyst.net.nz>.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-14 22:57:35 +00:00
Björn Jacke
585e4cdd6c docs-xml: remove completely outdated Samba-Developers-Guide
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun 14 12:21:50 UTC 2023 on atb-devel-224
2023-06-14 12:21:50 +00:00
Volker Lendecke
c37d6be2db smbd: Remove unused dptr_SearchDir() and the dir cache
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-13 23:33:39 +00:00
Volker Lendecke
61c923063c conf: Fix wrong language in "dos charset" smb.conf.5 entry
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-13 23:33:39 +00:00
Pavel Filipenský
15fdf7b36f docs-xml:manpages: Add man page for samba-log-parser
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-07 14:12:33 +00:00
Jones Syue
9c24f853a8 smbd: remove comments about deprecated 'write cache size'
The option 'write cache size' was removed since samba-4.12 version:
https://wiki.samba.org/index.php/Samba_4.12_Features_added/changed
https://git.samba.org/?p=samba.git;a=commit;h=3fea05e0
https://git.samba.org/?p=samba.git;a=commit;h=728fabea

It is supposed to remove comments about deprecated 'write cache size',
in order to avoid confusion when reading source code and documents.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15383

Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun  2 09:48:17 UTC 2023 on atb-devel-224
2023-06-02 09:48:17 +00:00
Björn Baumbach
52cb127f16 docs: fix a typo in history file
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Thu Jun  1 12:46:04 UTC 2023 on atb-devel-224
2023-06-01 12:46:04 +00:00
Ralph Boehme
035f6d914d vfs_fruit: add fruit:convert_adouble parameter
https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 26 00:52:29 UTC 2023 on atb-devel-224
2023-05-26 00:52:29 +00:00
Andrew Bartlett
e5c3e076c8 param: Add new parameter "ad dc functional level"
This allows the new unsupported functional levels to be unlocked, but with an smb.conf
option that is easily seen.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-16 23:29:32 +00:00
Joseph Sutton
86f07cad94 docs-xml: Fix typos
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-05 02:54:31 +00:00
Andreas Schneider
3c96f7d80e docs-xml: Fix spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-11 09:06:35 +00:00
Andrew Bartlett
83fe7a0316 lib/util: Add "debug syslog format = always", which logs to stdout in syslog style
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-06 12:51:30 +00:00
Rob van der Linde
b74b9f4b06 CVE-2023-0922 set default ldap client sasl wrapping to seal
This avoids sending new or reset passwords in the clear
(integrity protected only) from samba-tool in particular.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr  5 03:08:51 UTC 2023 on atb-devel-224
2023-04-05 03:08:51 +00:00
Andreas Schneider
f531dd1982 docs-xml: Remove smbgetrc manpage
This has been removed, we have support for an authentication file.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
7f8a814c7a docs-xml: Update smbget manpage
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
1bb75c5471 docs-xml: Fix spelling in Samba-Developers-Guide
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
a9d4915cd6 docs-xml: Fix spelling in smb.conf manpage
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
0007102d2b docs-xml: Fix spelling in manpages
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Rob van der Linde
619caa1ba4 docs: update manpage for samba-tool
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 31 08:25:11 UTC 2023 on atb-devel-224
2023-03-31 08:25:11 +00:00
Volker Lendecke
3fdf8d15c0 idmap_ad: Add "deny ous" and "allow ous" options
With these options, certain OUs can be denied or a list of OUs can be
explicitly permitted for idmapping.

Use case: Administration of OUs in AD has been delegated to people not
100% trusted by the unix server team, this can prevent arbitrary unix
IDs to be assigned by these delegated admins.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-29 17:55:50 +00:00
Björn Baumbach
0ea2784906 docs: documentation for new net --dns-ttl option
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
John Mulligan
62ea6ae8c9 doc/vfs_ceph: document ceph:filesystem parameter
Document how the `ceph:filesystem` parameter allows one to select
the cephfs file system to use for the share.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Feb 24 05:37:57 UTC 2023 on atb-devel-224
2023-02-24 05:37:57 +00:00
John Mulligan
5e49d4b431 doc/vfs_ceph: update confusing default hint for ceph:user_id param
Previously, the manpage hinted that the `ceph:user_id` parameter derived
a default value from the process id. This implies that it referring
to the PID but this is not what libcephfs actually does. Rather, this
param is used to derive the `client.<id>` authorization name ceph uses.
This mistake probably originates in a comment in the libcephfs header.

When I first started using the vfs_ceph module this confused me as I
didn't know what to use to get access to my cluster. Eventually, after
reading both docs and code I found that it does not use the pid but
defaults to a value in the ceph client library (typically "admin").

Therefore, if you are using commands like `ceph fs authorize x
client.foo` or `ceph auth get client.bar` to authorize a client you
would supply smb.conf with `ceph:user_id = foo` or `ceph:user_id = bar`
respectively.  These entries then need corresponding entries in your
ceph keyring file.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2023-02-24 04:43:32 +00:00
Samuel Cabrero
02fba22b8c CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-09 14:23:36 +00:00
Ralph Boehme
52cdf1d93a wbinfo: Add --change-secret-at=dcname
Add WHATSNEW.txt entry and update wbinfo man page.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-21 19:10:35 +00:00
Stefan Metzmacher
d1999c152a CVE-2022-37966 samba-tool: add 'domain trust modify' command
For now it only allows the admin to modify
the msDS-SupportedEncryptionTypes values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
36d0a49515 CVE-2022-37966 param: Add support for new option "kdc supported enctypes"
This allows admins to disable enctypes completely if required.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
fa64f8fa8d CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default
In order to allow better upgrades we need the default value for smb.conf to the
same even if the effective default value of the software changes in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Andrew Bartlett
ee18bc29b8 CVE-2022-37966 param: Add support for new option "kdc force enable rc4 weak session keys"
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00
Joseph Sutton
d861d4eb28 CVE-2022-37966 param: Add support for new option "kdc default domain supportedenctypes"
This matches the Windows registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
a4f6f51cbe CVE-2022-37966 docs-xml/smbdotconf: "kerberos encryption types = legacy" should not be used
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
7732a4b0bd CVE-2022-38023 docs-xml/smbdotconf: add "server schannel require seal[:COMPUTERACCOUNT]" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
2ad302b422 CVE-2022-38023 docs-xml/smbdotconf: document "server reject md5 schannel:COMPUTERACCOUNT"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
bd429d0259 CVE-2022-38023 docs-xml/smbdotconf: document "allow nt4 crypto:COMPUTERACCOUNT = no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
c8e53394b9 CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 clients' default to yes
AES is supported by Windows Server >= 2008R2, Windows (Client) >= 7 and Samba >= 4.0,
so there's no reason to allow md5 clients by default.
However some third party domain members may need it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
1c6c112990 CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yes
AES is supported by Windows >= 2008R2 and Samba >= 4.0 so there's no
reason to allow md5 servers by default.

Note the change in netlogon_creds_cli_context_global() is only cosmetic,
but avoids confusion while reading the code. Check with:

 git show -U35 libcli/auth/netlogon_creds_cli.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Ralph Boehme
830e865ba5 CVE-2022-38023 docs-xml: improve wording for several options: "yields precedence" -> "is over-riden"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:29 +00:00
Ralph Boehme
8ec62694a9 CVE-2022-38023 docs-xml: improve wording for several options: "takes precedence" -> "overrides"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:29 +00:00
Mikhail Novosyolov
5ea3a15be6 manpages: samba-dcerpcd: fix typo (add missing space)
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-12-05 08:37:34 +00:00
Volker Lendecke
d9c4f94e4f smbd: Add "server addresses" parameter
This is a per-share parameter to limit share visibility and
accessibility to specific server IP addresses.

This can be used to limit the visibility and accessibility of shares
on different subnets offered by the server.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-11-10 07:27:31 +00:00
vporpo
b3292b541e smbget: Adds a rate limiting option --limit-rate in KB/s
This patch implements a very simple rate limiter. It works by pausing the main
download loop whenever the bytes transferred are more than what we would get
with if it were transferred at the rate set by the user.
Please note that this may reduce the blocksize if the limit is too small.

Signed-off-by: Vasileios Porpodas <v.porpodas@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov  2 22:47:10 UTC 2022 on sn-devel-184
2022-11-02 22:47:10 +00:00
Daniel Kobras
69273c3a83 docs-xml: ea support option restricted to user ns
Update documentation to match current behavior.

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Oct 28 07:24:18 UTC 2022 on sn-devel-184
2022-10-28 07:24:18 +00:00
Christof Schmitt
da663b5d4f vfs_gpfs: Remove documentation for removed gpfs:refuse_dacl_protected option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15211

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>

Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Mon Oct 24 16:41:03 UTC 2022 on sn-devel-184
2022-10-24 16:41:03 +00:00
Joseph Sutton
37831c9e50 docs-xml: Fix outdated comment in documentation
This was written prior to the release of Windows Vista and later
versions.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 21 04:53:47 UTC 2022 on sn-devel-184
2022-10-21 04:53:47 +00:00
Joseph Sutton
a421208154 docs: Fix double-word in "prefork backoff increment"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14034

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Joseph Sutton
6b7fd9bb82 docs: Fix double-word in "inherit owner" manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14034

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Volker Lendecke
6dcf8d76cc vfs-docs: Fix the list of full_audit operations
I got this list with

modified   source3/modules/test_vfs_full_audit.c
@@ -34,6 +34,7 @@ static void test_full_audit_array(void **state)
 	for (i=0; i<SMB_VFS_OP_LAST; i++) {
 		assert_non_null(vfs_op_names[i].name);
 		assert_int_equal(vfs_op_names[i].type, i);
+		fprintf(stderr, "%s\n", vfs_op_names[i].name);
 	}
 }

which *should* be part of a script to fix

docs-xml/manpages/vfs_full_audit.8.xml

every time after a VFS change. I can't focus on the scripting right
now, so just fix it manually.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 14 17:58:56 UTC 2022 on sn-devel-184
2022-10-14 17:58:56 +00:00
Björn Jacke
0bf8d13676 docs-xml: some fixes to acl parameter documentation
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct  6 23:04:51 UTC 2022 on sn-devel-184
2022-10-06 23:04:51 +00:00
Joseph Sutton
b346a36911 docs-xml: Remove nested calls to translate()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:33 +00:00
Joseph Sutton
2344af9740 docs-xml: Remove reference to invalid 'user' parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
ffdf0177b5 docs-xml: 'security = auto' is now the default parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
534bc646d7 docs-xml: Fix references to 'encrypt passwords' parameter
It should be 'encrypt passwords', not 'encrypted passwords'.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
2a26dd3aab docs-xml: Fix reference to 'wide links' parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
112e43fcb3 docs-xml: Fix reference to 'read only' parameter
It should be 'read only', not 'read-only'.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
728fabea68 docs-xml: Remove references to obsolete 'write cache size' parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
e9f4528d72 docs-xml: Fix reference to obsolete 'lock spin count' parameter
We should not create a dangling link.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
de23fd66e4 docs-xml: Fix section links
These are not valid smbconfoptions, so we end up with dangling links.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Nikola Radovanovic
6a5d03e2f7 samba-tool: Use authentication file to pass credentials
In order not to pass credentials in clear-text directly over command line, this is a patch to store username/password/domain in a file and use it during domain join for example.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15031

Signed-off-by: Nikola Radovanovic <radovanovic.extern@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-10-04 02:48:37 +00:00
Christian Merten
42b88992bd samba-tool dsacl: Add get and delete subcommand to samba-tool dsacl man section
Added get and delete subcommands to the man section of samba-tool dsacl.

Signed-off-by: Christian Merten <christian@merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-27 16:46:35 +00:00
Douglas Bagnall
dad0c9a52e docs/man/samba-tool explain --color
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-19 06:10:36 +00:00
Björn Jacke
534b88dea2 docs-xml: some fixes and updates for ea and acl docs in smb.conf
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 02:30:36 +00:00
Michael Tokarev
3ce1d2fde5 Fix spelling mistakes.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 12 02:29:32 UTC 2022 on sn-devel-184
2022-09-12 02:29:32 +00:00
Volker Lendecke
0f75963cf4 param: Add "smb3 unix extensions"
Only available in DEVELOPER builds. Adding now to get some testing
step by step done.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-09-02 13:31:38 +00:00
Christian Ambach
123f1c07c4 s3:utils remove documentation of -l as alias for --long
This was removed in 94fc9ca4c5, so remove it from
the usage output and manpage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15145

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 17 07:14:21 UTC 2022 on sn-devel-184
2022-08-17 07:14:21 +00:00
Jule Anger
ddbf1b29ee manpages: add smbstatus option --json with sample output
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15147

Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Tue Aug 16 15:04:54 UTC 2022 on sn-devel-184
2022-08-16 15:04:54 +00:00
Andreas Schneider
fd4368797e s3:rpcclient: Implement cmd chpasswd4
Manually tested against Windows Server 2022.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
c557259dd9 docs-xml: Remove trailing whitespaces in rpcclient.1.xml
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Stefan Metzmacher
4f5faa806e docs-xml:manpages: update vfs_fileid.8.xml for the recent changes
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul  5 16:01:10 UTC 2022 on sn-devel-184
2022-07-05 16:01:10 +00:00
Ralph Boehme
f2b6258b68 vfs_acl_xattr: add acl_xattr:security_acl_name option
Pair-Programmed-With: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
2022-06-27 15:50:29 +00:00
Andrew Bartlett
d2a473a7b7 dsdb: Allow password history and password changes without an NT hash
We now allow this to be via the ENCTYPE_AES256_CTS_HMAC_SHA1_96 hash instead
which allows us to decouple Samba from the unsalted NT hash for
organisations that are willing to take this step (for user accounts).

(History checking is limited to the last three passwords only, as
ntPwdHistory is limited to NT hash values, and the PrimaryKerberosCtr4
package only stores three sets of keys.)

Since we don't store a salt per-key, but only a single salt, the check
will fail for a previous password if the account was renamed prior to a
newer password being set.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-06-26 22:10:29 +00:00
Björn Jacke
1004058958 docs-xml: add missing generic nfs4 parameters in nfs4_xattr man page
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Wed Jun 22 18:57:53 UTC 2022 on sn-devel-184
2022-06-22 18:57:52 +00:00
Björn Jacke
1c2b9625f2 docs_xml: use the nfs4 parameter include file in zfsacl man page
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2022-06-22 18:05:32 +00:00
Björn Jacke
f0d92e8d7f docs_xml: use the nfs4 parameter include file in gpfs man page
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2022-06-22 18:05:32 +00:00
Björn Jacke
7011573e13 docs-xml: add nfs4.xml.include documenting the generic NFS4 ACL parameters
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2022-06-22 18:05:32 +00:00
Andrew Bartlett
6f96bb40e7 docs: Show current system path for smb.conf in &smb.conf entity
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-06-22 15:50:33 +00:00
Andrew Bartlett
45094bd891 docs-xml: Use &pathconfig.WINBINDD_SOCKET_DIR; to avoid reference to old /tmp/.winbindd
We can now write docs that follow how the software on this system was
built, which is much less confusing for users.  Also /tmp/.winbindd
has not been used for a long time.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15101

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-06-22 15:50:33 +00:00
Andrew Bartlett
f3de9f6c2e build: Allow &pathconfig XML entities to be used in all manpages, not just smb.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15101

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-06-22 15:50:33 +00:00
Jeremy Allison
69bb8853f6 s3: VFS: full_audit. Ensure the module doesn't load if an operation name is miss-spelled or otherwise unknown.
Document this new behavior. Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15098

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-17 01:28:29 +00:00
Michael Tokarev
17c733d946 spelling: connnect encrytion exisit expection explicit invalide missmatch paramater paramter partion privilige relase reponse seperate unkown verson authencication progagated
Tree-wide spellcheck for some common misspellings.

source3/utils/status.c has misspelled local variable (unkown_dialect).

"missmatch" is a known historical misspelling, only the incorrect
misspellings are fixed.

source3/locale/net/de.po has the spelling error (unkown) in two msgids -
it probably should be updated with current source.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-10 18:12:33 +00:00
Samuel Cabrero
f74e284a9d Revert "docs-xml: Update documentation for removal of NIS support"
This partly reverts commit a72bc3e15d.

Revert only the chunks related to netgroups and skip NIS related ones.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-09 21:45:28 +00:00
Christian Ambach
5f1f3b0f06 docs-xml: add new parameter volume serial number
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14765
RN: add new smb.conf parameter "volume serial number" to allow overriding
the generated default value

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-06 16:46:35 +00:00
Pavel Filipenský
7c2d7930a3 docs-xml: document "winbind debug traceid" in smb.conf
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-10 17:31:31 +00:00
Andrew Bartlett
e93d73b618 docs: Explain the impact of "ntlm auth = disabled" on simple bind forwarding
An RODC will forward an LDAP Simple bind, just like any other authentication,
when the password is not present locally.

If the full DC does not support NTLMv2 authentication this forwarded password
will be rejected.  A future Samba version should prefer Kerberos or send the
plaintext, but we can not change the MS Windows behaviour, so we document this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-05-02 23:15:37 +00:00
Ralph Boehme
24f4bea5b8 vfs_fruit: change default for "fruit:zero_file_id" option to yes
After discussion with folks at Apple it should be safe these days to rely on the
Mac to generate its own File-Ids and let Samba return 0 File-Ids.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-31 23:01:37 +00:00
Andrew Bartlett
d7a91a855c s4-auth: Remove last traces of LanMan authentiation support in the AD DC.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 29 03:32:57 UTC 2022 on sn-devel-184
2022-03-29 03:32:57 +00:00
Thomas Debesse
206909d52b s4: dns: Add customizable dns port option
Signed-off-by: Thomas Debesse <dev@illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 25 20:25:28 UTC 2022 on sn-devel-184
2022-03-25 20:25:28 +00:00
Stefan Metzmacher
12b623088c docs-xml: add 'kdc enable fast' option
This will be useful to test against a KDC without FAST support
and find/prevent regressions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-03-11 17:10:29 +00:00
Andreas Schneider
1b8b6ac801 docs-xml: Reformat shell scripts
shfmt -f docs-xml | xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-02-22 15:23:35 +00:00