1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

1353 Commits

Author SHA1 Message Date
Karolin Seeger
ecec8bb8d5 docs: Bump version up to 4.7.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-01-12 15:35:12 +01:00
Ralph Boehme
18591edafa s3/smbd: new "mangled names" setting "illegal"
This does mangling for names with illegal NTFS characters, but not for
names longer then 8.3:

Name mangling with mangled named = yes
======================================

Mangled | Short | Name
----------------------------
        |       | foo
        | yes   | 123456789
yes     |       | foo:bar

Name mangling with mangled named = illegal
==========================================

Mangled | Short | Name
----------------------------
        |       | foo
        |       | 123456789
yes     |       | foo:bar

Setting "mangled names = illegal" is the most sensible setting for
modern clients that don't use the shortname anymore.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-09 19:31:20 +01:00
Volker Lendecke
cff1924130 idmap_ad: Restore querying SFU nss info
With the last commit the getpwsid call did not look at the winbind
nss info parameter anymore. This restores it for the idmap ad backend
with slightly different semantics and configuration: We now have the
unix_primary_group and unix_nss_info domain-specific parameters for
idmap config. This enables overriding the Windows primary group with
the unix one.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-02 18:04:14 +01:00
Anoop C S
1a59014402 docs-xml: Remove duplicate listing of configfile option in man pages
stdarg.configfile option is hierarchically included within
common.samba.client entity. So explicit inclusion of this
term will generate man pages with configfile option listed
twice.

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Dec 21 13:13:16 CET 2016 on sn-devel-144
2016-12-21 13:13:15 +01:00
Andrew Bartlett
6dc14b0a5d s4-rpc_server: Allow listener for RPC servers to use multiple processes
To do this we must get the ncacn_ip_tcp listener to split out (for example)
netlogon onto a distinct port, so we change the registration code to split up each
ncacn_ip_tcp registration to create a new interface for indicated services.

The new option "rpc server port" allows control of the default port and
"rpc server port:netlogon" (also valid for any other pipe from the IDL name)
allows us to both work around limitations in socket_wrapper against
double-binding and allows specification of the port by the administrator.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-12-20 01:11:23 +01:00
Andreas Schneider
494482c654 docs: Update doc to use absolute path for 'dedicated keytab file'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-16 01:55:13 +01:00
Andrew Bartlett
31d625bcd2 s4-rpc_server: Add back support for lsa over \\pipe\\netlogon optionally
The idea here is that perhaps some real client relies on this (and not just Samba torture
commands), so we need a way to support it for the 4.6 release.

If no such client emerges, it can be deprecated and removed in the normal way.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-12-15 08:21:12 +01:00
Alexander Bokovoy
d43d0a116f smb.conf: add identity mapping section
Add a generic identity mapping section that points out to the other
resources in Samba documentation about idmap modules and their
configuration.

This should help users to discover corresponding documentation easily.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrea Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 13 00:14:04 CET 2016 on sn-devel-144
2016-12-13 00:14:04 +01:00
Björn Jacke
8a89b9bbcb docs-xml: change http://samba.org to https://www.samba.org
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
2016-12-09 13:10:26 +01:00
Ralph Boehme
20b7e08c07 manpages/vfs_fruit: add warning to fruit:resoure=stream
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12412

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-02 23:46:15 +01:00
Ralph Boehme
7d4b4a4299 vfs_fruit: fix fruit:resource option spelling
Fix all occurences of bad spelling of "resource" as "res*s*ource" (two
s).

One of the places where this was wrong was when parsing parametric
options in the VFS connect() function in the module. As a result any
setting of

  fruit:resource=something

in smb.conf was silently ignored and the default ("file") was active.

In Samba 4.6 we accept both the wrong and the correct spelling, in Samba
4.7 the bad spelling will be removed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12412

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-02 23:46:15 +01:00
Alexander Bokovoy
5c79a0fc90 logon script: clarify usage for different Samba roles
'logon script' is only used when Samba runs as a logon server in the
classical domain controller role. And even there 'ldapsam' passdb
backend will override it.

For Samba AD setup 'logon script' is not used at all.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-02 23:46:15 +01:00
Andreas Schneider
f464f69b33 s3:param: Add an 'include system krb5 conf' option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12441

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-12-02 09:36:07 +01:00
Günther Deschner
a59e547853 docs: fix funny typo in smb.conf manpage wrt Samba's FSRVP server.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov 24 16:30:13 CET 2016 on sn-devel-144
2016-11-24 16:30:13 +01:00
Volker Lendecke
8f4e426f33 wbinfo: Use ntlmv2 by default for wbinfo -a
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-11-15 01:14:21 +01:00
Raghavendra Talur
857745655b support volfile fetch from multiple glusterd nodes
glusterfs:volfile_server option can be used in smb.conf to define where
to fetch the volfile from. Currently it supports only a single IP or a
hostname. The default is 'localhost'.

glfs_set_volfile_server() has been enhanced in gfapi to support
multiple invocations. A list is maintained in libgfapi which gets
appended on every invocation. When glfs_init is performed, libgfapi
would first try to fetch the volfile from glusterd on that node.
However, on failure to fetch the volfile, it would proceed to contact
glusterd on every node in the list until it gets the volfile or
exhausts the list. This enhacement was done in Gluster commit [2].
This commit is available in 3.6, 3.7, 3.8 versions of Gluster.

As we cannot have multiple lines having the same key of
glusterfs:volfile_server in a share definition in smb.conf, we propose
a scheme like this:

where value of glusterfs:volfile_server could be list of white space seperated
elements where each element could be unix+/path/to/socket/file or
[tcp+]IP|hostname|\[IPv6\][:port].

Note the restriction on naming a IPv6 host, it follows the same
restriction that is based on IPv6 naming in URL as per RFC 2732[1].

[1] http://www.ietf.org/rfc/rfc2732.txt
[2] 0c1d78f5c52c69268ec3a1d8d5fcb1a1bf15f243

Signed-off-by: Raghavendra Talur <rtalur@redhat.com>

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Oct 14 17:09:24 CEST 2016 on sn-devel-144
2016-10-14 17:09:24 +02:00
Uri Simchoni
1dacc09b25 smbcquotas: add -m option
Add the "standard" -m command line option that controls max
client protocol.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:23 +02:00
Rowland Penny
8f0cc7eaae remove duplicate lines from 'man smb.conf'
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Sep 21 17:18:46 CEST 2016 on sn-devel-144
2016-09-21 17:18:46 +02:00
Ralph Boehme
1b9787b319 docs/vfs_fruit: explain when to use vfs_catia
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 21 03:54:59 CEST 2016 on sn-devel-144
2016-09-21 03:54:59 +02:00
Ralph Boehme
b72287514c vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
When "ignore system acls" is set to "yes, we need to ensure filesystem
permission always grant access so that when doing our own access checks
we don't run into situations where we grant access but the filesystem
doesn't.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 31 18:41:20 CEST 2016 on sn-devel-144
2016-08-31 18:41:20 +02:00
Ralph Boehme
cbe8f0d63b docs: document vfs_acl_xattr|tdb enforced settings
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-31 14:57:09 +02:00
Andrew Bartlett
45373b988d docs: Explain that "reset on zero vc" is an SMB1 feature
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-08-31 07:09:26 +02:00
Ralph Boehme
26a9867ae1 vfs_acl_xattr|tdb: add option to control default ACL style
Existing behaviour is "posix" style. Next commit will (re)add the
"windows" style. This commit doesn't change behaviour in any way.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-30 21:12:26 +02:00
Volker Lendecke
ba297a6115 docs: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 24 21:55:29 CEST 2016 on sn-devel-144
2016-08-24 21:55:29 +02:00
Christof Schmitt
5dd79dc128 docs: Clarify description for cache, lock and state directory settings
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-08-19 09:36:19 +02:00
Anoop C S
8c61e14796 Fix a typo in smb.conf man page
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 10 20:11:54 CEST 2016 on sn-devel-144
2016-08-10 20:11:54 +02:00
Uri Simchoni
1dfd8df23d smbd: add an option to inherit only the UNIX owner
This can be used to emulate folder quotas, as explained in the
modified manpage.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-10 08:18:17 +02:00
Uri Simchoni
513fa31c85 s3-param: add kerberos encryption types parameter
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-09 04:39:07 +02:00
Karolin Seeger
8a44659c33 docs: Bump version up to 4.6.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2016-08-05 22:20:05 +02:00
Marc Muehlfeld
976be8fe39 man: Wrong option for parameter ldap ssl in smb.conf man page
- "ldap ssl" does not accept the value "yes"
- Replaced "start_tls" with "start tls".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12023

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-08-04 18:26:07 +02:00
Rajesh Joseph
57518cf0d2 shadow_copy2: update man pages for the newly introduced options
shadow:snapprefix and shadow:delimiter are the two newly added options
in shadow copy. Update man pages explaining the two options.

Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-07-28 10:06:13 +02:00
Stefan Metzmacher
b66ff2f47b docs-xml/smbdotconf: reference "unix password sync" with "password hash gpg key ids"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Stefan Metzmacher
f28d0038c8 docs-xml/smbdotconf: add "password hash gpg key ids" option
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Stefan Metzmacher
eb33f7334f docs-xml/smbdotconf: reference "unix password sync" with "samba-tool user syncpasswords"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Stefan Metzmacher
d5541ef627 docs-xml:samba-tool.8: document "user syncpasswords" command
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Stefan Metzmacher
c8fb61cadc docs-xml:samba-tool.8: document "user getpassword" command
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:26 +02:00
Stefan Metzmacher
cd8dfed1a6 docs-xml:smbdotconf: default "ntlm auth" to "no"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 16:03:26 +02:00
Volker Lendecke
dd10c820aa smbd: Enable leases by default
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-22 10:32:22 +02:00
Andrew Bartlett
748384992b param: Correct the defaults for "dcerpc endpoint services"
We must not list any services that we skip building, as otherwise all RPC services fail to start.

We now build without the source4 spoolss server in non-developer builds

This fixes commit 0b4c741b9c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12025
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-19 13:41:11 +02:00
Garming Sam
878fa6ef7d check-password-script: Allow AD to execute these scripts
In contrast to source3, this is run as root and without substitution.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-05 00:00:14 +02:00
Jeremy Allison
bc3fcb23fa s3: docs: Add documentation for posix_whoami command in smbclient.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 26 02:43:55 CEST 2016 on sn-devel-144
2016-05-26 02:43:55 +02:00
Stefan Metzmacher
f4b5e9d44d Revert "s3:rpcclient add -m option"
This reverts commit a55ac51f5f.

This will be implemented in a more common way using the
"client ipc max protocol" option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-21 01:28:28 +02:00
Christian Ambach
a55ac51f5f s3:rpcclient add -m option
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 12 17:36:09 CEST 2016 on sn-devel-144
2016-05-12 17:36:09 +02:00
Garming Sam
d4b3cb0dd2 manpages: Markup led to missing space
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-06 05:03:16 +02:00
Uri Simchoni
b51add1f3b smbd: remove "only user" and "username" parameters
These have long been superseded by "valid users"

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-06 01:32:24 +02:00
Ralph Boehme
625dcef765 vfs_fruit: add an option that allows disabling POSIX rename behaviour
https://bugzilla.samba.org/show_bug.cgi?id=11721

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  5 00:04:50 CEST 2016 on sn-devel-144
2016-05-05 00:04:50 +02:00
Garming Sam
5caebde11d dns: modify dns forwarder param to be multi-valued
This allows a secondary DNS forwarder for a trivial failover. Requests
which fail/timeout at the primary DNS forwarder will be restarted
entirely with the next forwarder in the list.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-03 08:10:09 +02:00
Stefan Metzmacher
f762be4343 CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:28 +02:00
Stefan Metzmacher
06b038c017 CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
We sadly need to allow this for now by default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:27 +02:00
Stefan Metzmacher
c52097ae17 CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:27 +02:00