| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
No longer needed
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Has no effect yet.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
It is enabled by default, and does nothing as of yet.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
This does nothing yet.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
This option over-rides the PA-PAC-REQUEST received from the client. When
enabled (the default) a PAC will always be included in the response.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
... only happens with invalid smb.conf settings....
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
This was a project attempting to integrate
Himmelblau into Samba, but it has been
abandoned.
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Tue Nov 4 09:09:40 UTC 2025 on atb-devel-224
|
|
When preforming certificate based kerberos authentication (PKINIT) with
"strong certificate binding enforcement = compatibility"", for WEAK mappings
the certificate issue date must be after the date the user record was created.
This parameter relaxes that constraint by allowing the certificate to have been
issued up to the specified number of minutes before the user record was created.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
This parameter controls the enforcement of Windows Certificate bindings as
outlined in "KB5014754: Certificate-based authentication changes on Windows
domain controllers",
when preforming certificate based kerberos authentication (PKINIT)
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
This was pretty much a stub anyway
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Sep 11 15:16:17 UTC 2025 on atb-devel-224
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
transport'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
In the next commits 'smb ports' will become just
a synonym for 'server smb transport'...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
This will replace the use of 'smb ports' for source4 clients.
In future it will be used for all smb client connections
and it will allow to add other transports as 'quic' or 'smbdirect.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 7 20:06:31 UTC 2025 on atb-devel-224
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
Lots of samba libraries has incomplete dependencies listed
in wscript files. This usually is not a problem since the
link line includes dependencies of their dependencies of
their dependencies, and somewhere down that line all immediate
dependencies which are missing are actually present. But
sometimes this becomes a problem when a library does not
declare direct dependency on at least one private library
which it actually uses: in case no private library is
listed as direct dependency, private library directory is
not put into RUNPATH of the resulting binary, so the binary
can not find its own dependencies.
Fix a few such places, including some libraries which are
a part of public abi (libsmbldap, libndr).
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
|
|
Allow "net ads join" in environments where UDP/389 is blocked. Code
will follow.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This was not used consistently across all of our code base, and I
don't see a reason why this should ever not be port 389.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
By default enabled on non-clustered Samba, disabled on clustered Samba, the
reason being the expected additional load caused by forcing strict rename to be
enabled.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
|
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Same fix as in commit 09d7690
'samba-tool domain provision -d10' fails if the included file does not
exist:
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Can't find include file /etc/samba/usershares.conf
pm_process() returned No
ERROR: Unable to load default file
File "/usr/lib64/python3.12/site-packages/samba/netcmd/domain/provision.py", line 183, in run
lp = sambaopts.get_loadparm()
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.12/site-packages/samba/getopt.py", line 282, in get_loadparm
self._lp.load_default()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 21 00:04:19 UTC 2024 on atb-devel-224
|
|
"Error: NEGATIVE_RETURNS (CWE-394):
samba-4.20.0rc2/lib/param/loadparm.c:1275: negative_return_fn: Function ""lpcfg_map_parameter(""printing"")"" returns a negative number.
samba-4.20.0rc2/lib/param/loadparm.c:1275: assign: Assigning: ""parm_num"" = ""lpcfg_map_parameter(""printing"")"".
samba-4.20.0rc2/lib/param/loadparm.c:1278: negative_returns: Using variable ""parm_num"" as an index to array ""parm_table"".
1276| }
1277|
1278|-> if (!lp_set_enum_parm(&parm_table[parm_num], pszParmValue, (int*)ptr)) {
1279| return false;
1280| }"
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
In order to use SASL authentitation within a TLS connection
we now provide "client ldap sasl wrapping = starttls" or
"client ldap sasl wrapping = ldaps".
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
ldap server require strong auth = allow_sasl_over_tls
is now an alias for 'allow_sasl_without_tls_channel_bindings'
and should be avoided and changed to 'yes' or
'allow_sasl_without_tls_channel_bindings'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
The traceid debug header field is a useful feature, let's make it
default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15631
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 18:47:41 UTC 2024 on atb-devel-224
|
|
We also prodive a samba_copyright_string() helper similar to
samba_version_string().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 15 10:44:42 UTC 2023 on atb-devel-224
|
|
Typically once the smb.conf starts to be loaded,
loadparm_s3_init_globals() will be called and a memory context for
strings on the static Globals will be created. But we might call
lpcfg_set_cmdline() before we load the smb.conf file, so we (via a
helper pointer) call loadparm_s3_init_globals() to get that
initialisation done earlier, ensuring that all allocations on Globals is
done on a memory context that we can later TALLOC_FREE() before exit().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Just came across this, avoid mallocs.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
We may not jump to 2016 directly...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
size’
This parameter was removed in commit
c37d6be2db8ee30d632275e7b1c156a8b5d791a7.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This allows the new unsupported functional levels to be unlocked, but with an smb.conf
option that is easily seen.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Missed two more places originally when introduced ROLE_IPA_DC.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Apr 25 07:46:36 UTC 2023 on atb-devel-224
|
|
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
style
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This avoids sending new or reset passwords in the clear
(integrity protected only) from samba-tool in particular.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 5 03:08:51 UTC 2023 on atb-devel-224
|
|
Removes need for external stat() code when checking for timechange.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 27 08:30:35 UTC 2023 on atb-devel-224
|
|
It is possible that in our test environment one of the config 'include' files
change more than once per second. To avoid missing a file update we use a
higher time resolution than seconds.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
