The branch, master has been updated
via 18e08c70900 docs: Avoid duplicate information on USER and PASSWD,
reference the common section
via 9b50d2e52e6 docs: Document all the other ways to send a password to
smbclient et al
via a363742635c docs: Ensure to rebuild manpages if samba.entities or
samba.version changes
from 867c6ff9f3f docs-xml: use upper case for "{client,server} smb3
{signing,encryption} algorithms" values
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 18e08c709002506fe217ca6a7a098fcdc00f8c29
Author: Andrew Bartlett <abart...@samba.org>
Date: Tue Aug 10 09:20:45 2021 +1200
docs: Avoid duplicate information on USER and PASSWD, reference the common
section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Thu Sep 9 00:52:09 UTC 2021 on sn-devel-184
commit 9b50d2e52e6c85bc3ab991cd8a4b870aff397bda
Author: Andrew Bartlett <abart...@samba.org>
Date: Tue Aug 10 09:14:08 2021 +1200
docs: Document all the other ways to send a password to smbclient et al
This was previously hidden knowlege not easily available to
administrators and end users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit a363742635c54a6cb19363f4be9d2be2b731a5e6
Author: Andrew Bartlett <abart...@samba.org>
Date: Tue Aug 10 09:13:15 2021 +1200
docs: Ensure to rebuild manpages if samba.entities or samba.version changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/wafsamba.py | 6 ++++-
docs-xml/build/DTD/samba.entities | 52 ++++++++++++++++++++++++++++++---------
docs-xml/manpages/smbclient.1.xml | 14 +++--------
3 files changed, 50 insertions(+), 22 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index dee007bf84e..865975cb2d1 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -946,9 +946,13 @@ def SAMBAMANPAGES(bld, manpages, extra_source=None):
bld.env.SAMBA_CATALOGS = 'file:///etc/xml/catalog
file:///usr/local/share/xml/catalog file://' + bld.env.SAMBA_CATALOG
for m in manpages.split():
- source = m + '.xml'
+ source = [m + '.xml']
if extra_source is not None:
source = [source, extra_source]
+ # ${SRC[1]} and ${SRC[2]} are not referenced in the
+ # SAMBA_GENERATOR but trigger the dependency calculation so
+ # ensures that manpages are rebuilt when these change.
+ source += ['build/DTD/samba.entities', 'build/DTD/samba.build.version']
bld.SAMBA_GENERATOR(m,
source=source,
target=m,
diff --git a/docs-xml/build/DTD/samba.entities
b/docs-xml/build/DTD/samba.entities
index 80e051e7684..beff3cb1f6e 100644
--- a/docs-xml/build/DTD/samba.entities
+++ b/docs-xml/build/DTD/samba.entities
@@ -595,13 +595,16 @@
</para>
<para>
- If &pct;password is not specified, the user will be
+ If &pct;PASSWORD is not specified, the user will be
prompted. The client will first check the
- <envar>USER</envar> environment variable, then the
- <envar>LOGNAME</envar> variable and if either exists,
- the string is uppercased. If these environmental
+ <envar>USER</envar> environment variable
+ (which is also permitted to also contain the
+ password seperated by a &pct;), then the
+ <envar>LOGNAME</envar> variable (which is not
+ permitted to contain a password) and if either exists,
+ the value is used. If these environmental
variables are not found, the username
- <constant>GUEST</constant> is used.
+ found in a Kerberos Credentials cache may be used.
</para>
<para>
@@ -616,9 +619,15 @@
</para>
<para>
- Be cautious about including passwords in scripts. For
- security it is better to let the client ask for the
- password if needed.
+ Be cautious about including passwords in scripts
+ or passing user-supplied values onto the command line.
For
+ security it is better to let the Samba client tool ask
for the
+ password if needed, or obtain the password once with
<command>kinit</command>.
+ </para>
+ <para>
+ While Samba will attempt to scrub the password
+ from the process title (as seen in ps), this
+ is after startup and so is subject to a race.
</para>
</listitem>
</varlistentry>
@@ -659,10 +668,31 @@
Specify the password on the commandline.
</para>
+ <para> Be cautious about including passwords in
+ scripts or passing user-supplied values onto
+ the command line. For security it is better to
+ let the Samba client tool ask for the password
+ if needed, or obtain the password once with
+ <command>kinit</command>.
+ </para>
+
+ <para> If --password is not specified,
+ the tool will check the <envar>PASSWD</envar>
+ environment variable, followed by
<envar>PASSWD_FD</envar>
+ which is expected to contain an open
+ file descriptor (FD) number.
+ </para>
+ <para>
+ Finally it will check <envar>PASSWD_FILE</envar>
(containing
+ a file path to be opened). The file should only
+ contain the password. Make certain that the
+ permissions on the file restrict
+ access from unwanted users!
+ </para>
<para>
- Be cautious about including passwords in scripts. For
- security it is better to let the client ask for the
- password if needed.
+ While Samba will attempt to scrub the password
+ from the process title (as seen in ps), this
+ is after startup and so is subject to a race.
</para>
</listitem>
</varlistentry>
diff --git a/docs-xml/manpages/smbclient.1.xml
b/docs-xml/manpages/smbclient.1.xml
index 0de5b8a0e00..48ba59525d6 100644
--- a/docs-xml/manpages/smbclient.1.xml
+++ b/docs-xml/manpages/smbclient.1.xml
@@ -1193,16 +1193,10 @@
<refsect1>
<title>ENVIRONMENT VARIABLES</title>
- <para>The variable <envar>USER</envar> may contain the
- username of the person using the client. This information is
- used only if the protocol level is high enough to support
- session-level passwords.</para>
-
-
- <para>The variable <envar>PASSWD</envar> may contain
- the password of the person using the client. This information is
- used only if the protocol level is high enough to support
- session-level passwords. </para>
+ <para>See the <command>--user</command> and
+ <command>--password</command> options for details on ways to
+ specify a username and password via an environment variable.
+ </para>
</refsect1>
--
Samba Shared Repository
