1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

2075 Commits

Author SHA1 Message Date
Andrew Bartlett
3cf1beed5d CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-10-10 14:49:39 +00:00
Rob van der Linde
6af1a71752 netcmd: auth: manpage documentation for conditional ace fields
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-29 02:18:34 +00:00
Andrew Bartlett
1223b89d81 docs-xml: Add new parameter "acl claims evaluation"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-09-26 23:45:35 +00:00
Volker Lendecke
b3cae8dcf1 conf: Remove "smb3 unix extensions" parameter
Always offer it, it's a client thing to ask for it or not.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 21 17:43:23 UTC 2023 on atb-devel-224
2023-09-21 17:43:23 +00:00
Joseph Sutton
fb071bc33d docs-xml: Add missing paragraph section
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Joseph Sutton
f6ff6f7cdf docs-xml: Fix spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Pavel Filipenský
3fbc514a2c docs:smbdotconf: Inform that changing 'winbind max domain connections' needs a restart
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Aug 30 13:37:37 UTC 2023 on atb-devel-224
2023-08-30 13:37:37 +00:00
Joseph Sutton
830efcfe6b docs-xml: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-14 04:57:34 +00:00
Andrew Bartlett
a1b1f8ffd2 doc-xml: Add entry for reload-certs for new LDAP certificate reload function
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-25 20:04:29 +00:00
Andrew Bartlett
9facc2e1d8 docs-xml: Fix invalid XML in smbcontrol manpage
This was picked by a mode in Emacs.

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-07-25 20:04:29 +00:00
Pavel Filipenský
ca5cc05b22 s3:script: Replace --merge by --merge-by-timestamp in samba-log-parser
For --merge-by-timestamp the traces do not need to contain the traceid
header field.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Jul 20 19:14:05 UTC 2023 on atb-devel-224
2023-07-20 19:14:05 +00:00
Pavel Filipenský
16386bfd4c docs-xml:manpages: Fix tabs in samba-log-parser.1.xml
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-20 18:16:37 +00:00
Rob van der Linde
bb6fecd9ac netcmd: sites: add sites and subnet list and view commands to manpage
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 19 04:29:15 UTC 2023 on atb-devel-224
2023-07-19 04:29:15 +00:00
Rob van der Linde
7f7d68573c netcmd: sites: add missing subnet commands to samba-tool manpage
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-19 03:31:30 +00:00
Martin Schwenke
230f8db40f docs-xml: Fix script idmap backend documentation
This was clearly copied from the tdb2 backend and incompletely edited.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jul 10 23:47:12 UTC 2023 on atb-devel-224
2023-07-10 23:47:12 +00:00
Martin Schwenke
3f76b98037 docs-xml: Tweak autorid idmap backend documentation
The name of the placeholder is misleading.  It certainly isn't per
domain, so we might as well indicate that it is per range.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-07-10 22:49:31 +00:00
Martin Schwenke
6989ec3873 docs-xml: Fix rid idmap backend documentation
The statement just above the example says the example demonstrates the
use of the base_rid parameter.  It doesn't, so fix this.

Also fix a typo.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-07-10 22:49:31 +00:00
Rob van der Linde
d7b0468568 netcmd: domain: man page updates for auth silo and policy cli
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Stefan Metzmacher
48cc2862c2 docs-xml/smbdotconf: also allow 2012[_R2] for 'ad dc functional level'
We may not jump to 2016 directly...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 19:08:37 +00:00
Volker Lendecke
8a864e3f52 docs: Remove seekdir/telldir reference
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-16 16:14:30 +00:00
Joseph Sutton
0743e11d46 samba-tool: Fix typo
Found by Rob van der Linde <rob@catalyst.net.nz>.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-14 22:57:35 +00:00
Björn Jacke
585e4cdd6c docs-xml: remove completely outdated Samba-Developers-Guide
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun 14 12:21:50 UTC 2023 on atb-devel-224
2023-06-14 12:21:50 +00:00
Volker Lendecke
c37d6be2db smbd: Remove unused dptr_SearchDir() and the dir cache
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-13 23:33:39 +00:00
Volker Lendecke
61c923063c conf: Fix wrong language in "dos charset" smb.conf.5 entry
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-13 23:33:39 +00:00
Pavel Filipenský
15fdf7b36f docs-xml:manpages: Add man page for samba-log-parser
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-07 14:12:33 +00:00
Jones Syue
9c24f853a8 smbd: remove comments about deprecated 'write cache size'
The option 'write cache size' was removed since samba-4.12 version:
https://wiki.samba.org/index.php/Samba_4.12_Features_added/changed
https://git.samba.org/?p=samba.git;a=commit;h=3fea05e0
https://git.samba.org/?p=samba.git;a=commit;h=728fabea

It is supposed to remove comments about deprecated 'write cache size',
in order to avoid confusion when reading source code and documents.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15383

Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun  2 09:48:17 UTC 2023 on atb-devel-224
2023-06-02 09:48:17 +00:00
Björn Baumbach
52cb127f16 docs: fix a typo in history file
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Thu Jun  1 12:46:04 UTC 2023 on atb-devel-224
2023-06-01 12:46:04 +00:00
Ralph Boehme
035f6d914d vfs_fruit: add fruit:convert_adouble parameter
https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 26 00:52:29 UTC 2023 on atb-devel-224
2023-05-26 00:52:29 +00:00
Andrew Bartlett
e5c3e076c8 param: Add new parameter "ad dc functional level"
This allows the new unsupported functional levels to be unlocked, but with an smb.conf
option that is easily seen.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-16 23:29:32 +00:00
Joseph Sutton
86f07cad94 docs-xml: Fix typos
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-05 02:54:31 +00:00
Andreas Schneider
3c96f7d80e docs-xml: Fix spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-11 09:06:35 +00:00
Andrew Bartlett
83fe7a0316 lib/util: Add "debug syslog format = always", which logs to stdout in syslog style
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-06 12:51:30 +00:00
Rob van der Linde
b74b9f4b06 CVE-2023-0922 set default ldap client sasl wrapping to seal
This avoids sending new or reset passwords in the clear
(integrity protected only) from samba-tool in particular.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr  5 03:08:51 UTC 2023 on atb-devel-224
2023-04-05 03:08:51 +00:00
Andreas Schneider
f531dd1982 docs-xml: Remove smbgetrc manpage
This has been removed, we have support for an authentication file.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
7f8a814c7a docs-xml: Update smbget manpage
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
1bb75c5471 docs-xml: Fix spelling in Samba-Developers-Guide
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
a9d4915cd6 docs-xml: Fix spelling in smb.conf manpage
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
0007102d2b docs-xml: Fix spelling in manpages
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Rob van der Linde
619caa1ba4 docs: update manpage for samba-tool
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 31 08:25:11 UTC 2023 on atb-devel-224
2023-03-31 08:25:11 +00:00
Volker Lendecke
3fdf8d15c0 idmap_ad: Add "deny ous" and "allow ous" options
With these options, certain OUs can be denied or a list of OUs can be
explicitly permitted for idmapping.

Use case: Administration of OUs in AD has been delegated to people not
100% trusted by the unix server team, this can prevent arbitrary unix
IDs to be assigned by these delegated admins.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-29 17:55:50 +00:00
Björn Baumbach
0ea2784906 docs: documentation for new net --dns-ttl option
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
John Mulligan
62ea6ae8c9 doc/vfs_ceph: document ceph:filesystem parameter
Document how the `ceph:filesystem` parameter allows one to select
the cephfs file system to use for the share.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Feb 24 05:37:57 UTC 2023 on atb-devel-224
2023-02-24 05:37:57 +00:00
John Mulligan
5e49d4b431 doc/vfs_ceph: update confusing default hint for ceph:user_id param
Previously, the manpage hinted that the `ceph:user_id` parameter derived
a default value from the process id. This implies that it referring
to the PID but this is not what libcephfs actually does. Rather, this
param is used to derive the `client.<id>` authorization name ceph uses.
This mistake probably originates in a comment in the libcephfs header.

When I first started using the vfs_ceph module this confused me as I
didn't know what to use to get access to my cluster. Eventually, after
reading both docs and code I found that it does not use the pid but
defaults to a value in the ceph client library (typically "admin").

Therefore, if you are using commands like `ceph fs authorize x
client.foo` or `ceph auth get client.bar` to authorize a client you
would supply smb.conf with `ceph:user_id = foo` or `ceph:user_id = bar`
respectively.  These entries then need corresponding entries in your
ceph keyring file.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2023-02-24 04:43:32 +00:00
Samuel Cabrero
02fba22b8c CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-09 14:23:36 +00:00
Ralph Boehme
52cdf1d93a wbinfo: Add --change-secret-at=dcname
Add WHATSNEW.txt entry and update wbinfo man page.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-21 19:10:35 +00:00
Stefan Metzmacher
d1999c152a CVE-2022-37966 samba-tool: add 'domain trust modify' command
For now it only allows the admin to modify
the msDS-SupportedEncryptionTypes values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
36d0a49515 CVE-2022-37966 param: Add support for new option "kdc supported enctypes"
This allows admins to disable enctypes completely if required.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
fa64f8fa8d CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default
In order to allow better upgrades we need the default value for smb.conf to the
same even if the effective default value of the software changes in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Andrew Bartlett
ee18bc29b8 CVE-2022-37966 param: Add support for new option "kdc force enable rc4 weak session keys"
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00
Joseph Sutton
d861d4eb28 CVE-2022-37966 param: Add support for new option "kdc default domain supportedenctypes"
This matches the Windows registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00