2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
57 #include "system/filesys.h"
59 #include "lib/param/loadparm.h"
60 #include "lib/param/param.h"
62 #include "lib/smbconf/smbconf.h"
63 #include "lib/smbconf/smbconf_init.h"
66 #include "../librpc/gen_ndr/svcctl.h"
68 #include "../libcli/smb/smb_signing.h"
69 #include "dbwrap/dbwrap.h"
70 #include "dbwrap/dbwrap_rbt.h"
71 #include "../lib/util/bitmap.h"
72 #include "librpc/gen_ndr/nbt.h"
73 #include "source4/lib/tls/tls.h"
74 #include "libcli/auth/ntlm_check.h"
76 #ifdef HAVE_SYS_SYSCTL_H
77 #include <sys/sysctl.h>
82 extern userdom_struct current_user_info;
84 /* the special value for the include parameter
85 * to be interpreted not as a file name but to
86 * trigger loading of the global smb.conf options
88 #ifndef INCLUDE_REGISTRY_NAME
89 #define INCLUDE_REGISTRY_NAME "registry"
92 static bool in_client = false; /* Not in the client by default */
93 static struct smbconf_csn conf_last_csn;
95 static int config_backend = CONFIG_BACKEND_FILE;
97 /* some helpful bits */
98 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
99 (ServicePtrs != NULL) && \
100 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
101 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
102 ServicePtrs[i]->valid)
104 #define USERSHARE_VALID 1
105 #define USERSHARE_PENDING_DELETE 2
107 static bool defaults_saved = false;
109 #include "lib/param/param_global.h"
111 static struct loadparm_global Globals;
113 /* This is a default service used to prime a services structure */
114 static const struct loadparm_service _sDefault =
119 .usershare_last_mod = {0, 0},
122 .invalid_users = NULL,
129 .root_preexec = NULL,
130 .root_postexec = NULL,
131 .cups_options = NULL,
132 .print_command = NULL,
134 .lprm_command = NULL,
135 .lppause_command = NULL,
136 .lpresume_command = NULL,
137 .queuepause_command = NULL,
138 .queueresume_command = NULL,
139 ._printername = NULL,
140 .printjob_username = NULL,
141 .dont_descend = NULL,
144 .magic_script = NULL,
145 .magic_output = NULL,
148 .veto_oplock_files = NULL,
158 .aio_write_behind = NULL,
159 .dfree_command = NULL,
160 .min_print_space = 0,
161 .max_print_jobs = 1000,
162 .max_reported_print_jobs = 0,
163 .write_cache_size = 0,
165 .force_create_mode = 0,
166 .directory_mask = 0755,
167 .force_directory_mode = 0,
168 .max_connections = 0,
169 .default_case = CASE_LOWER,
170 .printing = DEFAULT_PRINTING,
173 .dfree_cache_time = 0,
174 .preexec_close = false,
175 .root_preexec_close = false,
176 .case_sensitive = Auto,
177 .preserve_case = true,
178 .short_preserve_case = true,
179 .hide_dot_files = true,
180 .hide_special_files = false,
181 .hide_unreadable = false,
182 .hide_unwriteable_files = false,
184 .access_based_share_enum = false,
189 .administrative_share = false,
192 .print_notify_backchannel = false,
196 .store_dos_attributes = true,
197 .dmapi_support = false,
199 .strict_locking = Auto,
200 .posix_locking = true,
202 .kernel_oplocks = false,
203 .level2_oplocks = true,
204 .mangled_names = MANGLED_NAMES_YES,
206 .follow_symlinks = true,
207 .sync_always = false,
208 .strict_allocate = false,
209 .strict_rename = false,
211 .mangling_char = '~',
213 .delete_readonly = false,
214 .fake_oplocks = false,
215 .delete_veto_files = false,
216 .dos_filemode = false,
217 .dos_filetimes = true,
218 .dos_filetime_resolution = false,
219 .fake_directory_create_times = false,
220 .blocking_locks = true,
221 .inherit_permissions = false,
222 .inherit_acls = false,
223 .inherit_owner = false,
225 .msdfs_shuffle_referrals = false,
226 .use_client_driver = false,
227 .default_devmode = true,
228 .force_printername = false,
229 .nt_acl_support = true,
230 .force_unknown_acl_user = false,
231 ._use_sendfile = false,
232 .map_acl_inherit = false,
235 .acl_check_permissions = true,
236 .acl_map_full_control = true,
237 .acl_group_control = false,
238 .acl_allow_execute_always = false,
239 .allocation_roundup_size = SMB_ROUNDUP_ALLOCATION_SIZE,
242 .map_readonly = MAP_READONLY_NO,
243 .directory_name_cache_size = 100,
244 .smb_encrypt = SMB_SIGNING_DEFAULT,
245 .kernel_share_modes = true,
246 .durable_handles = true,
247 .check_parent_directory_delete_on_close = false,
253 * This is a copy of the default service structure. Service options in the
254 * global section would otherwise overwrite the initial default values.
256 static struct loadparm_service sDefault;
258 /* local variables */
259 static struct loadparm_service **ServicePtrs = NULL;
260 static int iNumServices = 0;
261 static int iServiceIndex = 0;
262 static struct db_context *ServiceHash;
263 static bool bInGlobalSection = true;
264 static bool bGlobalOnly = false;
265 static struct file_lists *file_lists = NULL;
266 static unsigned int *flags_list = NULL;
268 static void set_allowed_client_auth(void);
270 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
271 static void free_param_opts(struct parmlist_entry **popts);
274 * Function to return the default value for the maximum number of open
275 * file descriptors permitted. This function tries to consult the
276 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
277 * the smaller of those.
279 static int max_open_files(void)
281 int sysctl_max = MAX_OPEN_FILES;
282 int rlimit_max = MAX_OPEN_FILES;
284 #ifdef HAVE_SYSCTLBYNAME
286 size_t size = sizeof(sysctl_max);
287 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
292 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
298 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
299 rlimit_max = rl.rlim_cur;
301 #if defined(RLIM_INFINITY)
302 if(rl.rlim_cur == RLIM_INFINITY)
303 rlimit_max = MAX_OPEN_FILES;
308 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
309 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
310 "minimum Windows limit (%d)\n",
312 MIN_OPEN_FILES_WINDOWS));
313 sysctl_max = MIN_OPEN_FILES_WINDOWS;
316 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
317 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
318 "minimum Windows limit (%d)\n",
320 MIN_OPEN_FILES_WINDOWS));
321 rlimit_max = MIN_OPEN_FILES_WINDOWS;
324 return MIN(sysctl_max, rlimit_max);
328 * Common part of freeing allocated data for one parameter.
330 static void free_one_parameter_common(void *parm_ptr,
331 struct parm_struct parm)
333 if ((parm.type == P_STRING) ||
334 (parm.type == P_USTRING))
336 lpcfg_string_free((char**)parm_ptr);
337 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
338 TALLOC_FREE(*((char***)parm_ptr));
343 * Free the allocated data for one parameter for a share
344 * given as a service struct.
346 static void free_one_parameter(struct loadparm_service *service,
347 struct parm_struct parm)
351 if (parm.p_class != P_LOCAL) {
355 parm_ptr = lp_parm_ptr(service, &parm);
357 free_one_parameter_common(parm_ptr, parm);
361 * Free the allocated parameter data of a share given
362 * as a service struct.
364 static void free_parameters(struct loadparm_service *service)
368 for (i=0; parm_table[i].label; i++) {
369 free_one_parameter(service, parm_table[i]);
374 * Free the allocated data for one parameter for a given share
375 * specified by an snum.
377 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
382 parm_ptr = lp_parm_ptr(NULL, &parm);
383 } else if (parm.p_class != P_LOCAL) {
386 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
389 free_one_parameter_common(parm_ptr, parm);
393 * Free the allocated parameter data for a share specified
396 static void free_parameters_by_snum(int snum)
400 for (i=0; parm_table[i].label; i++) {
401 free_one_parameter_by_snum(snum, parm_table[i]);
406 * Free the allocated global parameters.
408 static void free_global_parameters(void)
411 struct parm_struct *parm;
413 free_param_opts(&Globals.param_opt);
414 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
416 /* Reset references in the defaults because the context is going to be freed */
417 for (i=0; parm_table[i].label; i++) {
418 parm = &parm_table[i];
419 if ((parm->type == P_STRING) ||
420 (parm->type == P_USTRING)) {
421 if ((parm->def.svalue != NULL) &&
422 (*(parm->def.svalue) != '\0')) {
423 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
424 parm->def.svalue = NULL;
429 TALLOC_FREE(Globals.ctx);
432 struct lp_stored_option {
433 struct lp_stored_option *prev, *next;
438 static struct lp_stored_option *stored_options;
441 save options set by lp_set_cmdline() into a list. This list is
442 re-applied when we do a globals reset, so that cmdline set options
443 are sticky across reloads of smb.conf
445 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
447 struct lp_stored_option *entry, *entry_next;
448 for (entry = stored_options; entry != NULL; entry = entry_next) {
449 entry_next = entry->next;
450 if (strcmp(pszParmName, entry->label) == 0) {
451 DLIST_REMOVE(stored_options, entry);
457 entry = talloc(NULL, struct lp_stored_option);
462 entry->label = talloc_strdup(entry, pszParmName);
468 entry->value = talloc_strdup(entry, pszParmValue);
474 DLIST_ADD_END(stored_options, entry);
479 static bool apply_lp_set_cmdline(void)
481 struct lp_stored_option *entry = NULL;
482 for (entry = stored_options; entry != NULL; entry = entry->next) {
483 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
484 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
485 entry->label, entry->value));
492 /***************************************************************************
493 Initialise the global parameter structure.
494 ***************************************************************************/
496 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
498 static bool done_init = false;
502 /* If requested to initialize only once and we've already done it... */
503 if (!reinit_globals && done_init) {
504 /* ... then we have nothing more to do */
509 /* The logfile can be set before this is invoked. Free it if so. */
510 lpcfg_string_free(&Globals.logfile);
513 free_global_parameters();
516 /* This memset and the free_global_parameters() above will
517 * wipe out smb.conf options set with lp_set_cmdline(). The
518 * apply_lp_set_cmdline() call puts these values back in the
519 * table once the defaults are set */
520 ZERO_STRUCT(Globals);
522 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
524 /* Initialize the flags list if necessary */
525 if (flags_list == NULL) {
529 for (i = 0; parm_table[i].label; i++) {
530 if ((parm_table[i].type == P_STRING ||
531 parm_table[i].type == P_USTRING))
535 (char **)lp_parm_ptr(NULL, &parm_table[i]),
541 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
542 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
544 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
546 sDefault.ntvfs_handler = str_list_make_v3_const(NULL, "unixuid default", NULL);
548 DEBUG(3, ("Initialising global parameters\n"));
550 /* Must manually force to upper case here, as this does not go via the handler */
551 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
554 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
555 get_dyn_SMB_PASSWD_FILE());
556 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
557 get_dyn_PRIVATE_DIR());
558 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
559 get_dyn_BINDDNS_DIR());
561 /* use the new 'hash2' method by default, with a prefix of 1 */
562 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
563 Globals.mangle_prefix = 1;
565 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
567 /* using UTF8 by default allows us to support all chars */
568 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
569 DEFAULT_UNIX_CHARSET);
571 /* Use codepage 850 as a default for the dos character set */
572 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
573 DEFAULT_DOS_CHARSET);
576 * Allow the default PASSWD_CHAT to be overridden in local.h.
578 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
579 DEFAULT_PASSWD_CHAT);
581 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
583 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
584 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
586 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
588 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
590 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
592 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
595 * By default support explicit binding to broadcast
598 Globals.nmbd_bind_explicit_broadcast = true;
600 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
602 smb_panic("init_globals: ENOMEM");
604 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
607 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
608 "/bin/sleep 999999999");
611 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
612 DEFAULT_SOCKET_OPTIONS);
614 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
615 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
616 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
617 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
618 "\\\\%N\\%U\\profile");
620 Globals.name_resolve_order =
621 str_list_make_v3_const(Globals.ctx,
622 DEFAULT_NAME_RESOLVE_ORDER,
624 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
626 Globals.algorithmic_rid_base = BASE_RID;
628 Globals.load_printers = true;
629 Globals.printcap_cache_time = 750; /* 12.5 minutes */
631 Globals.config_backend = config_backend;
632 Globals._server_role = ROLE_AUTO;
634 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
635 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
636 Globals.max_xmit = 0x4104;
637 Globals.max_mux = 50; /* This is *needed* for profile support. */
638 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
639 Globals._disable_spoolss = false;
640 Globals.max_smbd_processes = 0;/* no limit specified */
641 Globals.username_level = 0;
642 Globals.deadtime = 0;
643 Globals.getwd_cache = true;
644 Globals.large_readwrite = true;
645 Globals.max_log_size = 5000;
646 Globals.max_open_files = max_open_files();
647 Globals.server_max_protocol = PROTOCOL_SMB3_11;
648 Globals.server_min_protocol = PROTOCOL_LANMAN1;
649 Globals._client_max_protocol = PROTOCOL_DEFAULT;
650 Globals.client_min_protocol = PROTOCOL_CORE;
651 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
652 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
653 Globals._security = SEC_AUTO;
654 Globals.encrypt_passwords = true;
655 Globals.client_schannel = true;
656 Globals.winbind_sealed_pipes = true;
657 Globals.require_strong_key = true;
658 Globals.server_schannel = true;
659 Globals.read_raw = true;
660 Globals.write_raw = true;
661 Globals.null_passwords = false;
662 Globals.old_password_allowed_period = 60;
663 Globals.obey_pam_restrictions = false;
665 Globals.syslog_only = false;
666 Globals.timestamp_logs = true;
667 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
668 Globals.debug_prefix_timestamp = false;
669 Globals.debug_hires_timestamp = true;
670 Globals.debug_pid = false;
671 Globals.debug_uid = false;
672 Globals.debug_class = false;
673 Globals.enable_core_files = true;
674 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
675 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
676 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
677 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
678 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
679 Globals.lm_interval = 60;
680 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
681 Globals.nis_homedir = false;
682 #ifdef WITH_NISPLUS_HOME
683 lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
684 "auto_home.org_dir");
686 lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
689 Globals.time_server = false;
690 Globals.bind_interfaces_only = false;
691 Globals.unix_password_sync = false;
692 Globals.pam_password_change = false;
693 Globals.passwd_chat_debug = false;
694 Globals.passwd_chat_timeout = 2; /* 2 second default. */
695 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
696 Globals.nt_status_support = true; /* Use NT status by default. */
697 Globals.smbd_profiling_level = 0;
698 Globals.stat_cache = true; /* use stat cache by default */
699 Globals.max_stat_cache_size = 256; /* 256k by default */
700 Globals.restrict_anonymous = 0;
701 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
702 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
703 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
704 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
705 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
706 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
707 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
709 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
711 Globals.map_to_guest = 0; /* By Default, "Never" */
712 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
713 Globals.enhanced_browsing = true;
714 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
715 #ifdef MMAP_BLACKLIST
716 Globals.use_mmap = false;
718 Globals.use_mmap = true;
720 Globals.unicode = true;
721 Globals.unix_extensions = true;
722 Globals.reset_on_zero_vc = false;
723 Globals.log_writeable_files_on_exit = false;
724 Globals.create_krb5_conf = true;
725 Globals.include_system_krb5_conf = true;
726 Globals._winbind_max_domain_connections = 1;
728 /* hostname lookups can be very expensive and are broken on
729 a large number of sites (tridge) */
730 Globals.hostname_lookups = false;
732 Globals.change_notify = true,
733 Globals.kernel_change_notify = true,
735 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
736 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
738 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
739 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
740 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
742 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
743 Globals.ldap_ssl = LDAP_SSL_START_TLS;
744 Globals.ldap_ssl_ads = false;
745 Globals.ldap_deref = -1;
746 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
747 Globals.ldap_delete_dn = false;
748 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
749 Globals.ldap_follow_referral = Auto;
750 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
751 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
752 Globals.ldap_page_size = LDAP_PAGE_SIZE;
754 Globals.ldap_debug_level = 0;
755 Globals.ldap_debug_threshold = 10;
757 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
759 Globals.ldap_server_require_strong_auth =
760 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
762 /* This is what we tell the afs client. in reality we set the token
763 * to never expire, though, when this runs out the afs client will
764 * forget the token. Set to 0 to get NEVERDATE.*/
765 Globals.afs_token_lifetime = 604800;
766 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
768 /* these parameters are set to defaults that are more appropriate
769 for the increasing samba install base:
771 as a member of the workgroup, that will possibly become a
772 _local_ master browser (lm = true). this is opposed to a forced
773 local master browser startup (pm = true).
775 doesn't provide WINS server service by default (wsupp = false),
776 and doesn't provide domain master browser services by default, either.
780 Globals.show_add_printer_wizard = true;
781 Globals.os_level = 20;
782 Globals.local_master = true;
783 Globals._domain_master = Auto; /* depending on _domain_logons */
784 Globals._domain_logons = false;
785 Globals.browse_list = true;
786 Globals.we_are_a_wins_server = false;
787 Globals.wins_proxy = false;
789 TALLOC_FREE(Globals.init_logon_delayed_hosts);
790 Globals.init_logon_delay = 100; /* 100 ms default delay */
792 Globals.wins_dns_proxy = true;
794 Globals.allow_trusted_domains = true;
795 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
797 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
798 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
800 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
801 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
802 dyn_WINBINDD_SOCKET_DIR);
804 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
805 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
807 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
809 Globals.cluster_addresses = NULL;
810 Globals.clustering = false;
811 Globals.ctdb_timeout = 0;
812 Globals.ctdb_locktime_warn_threshold = 0;
814 Globals.winbind_cache_time = 300; /* 5 minutes */
815 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
816 Globals.winbind_request_timeout = 60; /* 60 seconds */
817 Globals.winbind_max_clients = 200;
818 Globals.winbind_enum_users = false;
819 Globals.winbind_enum_groups = false;
820 Globals.winbind_use_default_domain = false;
821 Globals.winbind_nested_groups = true;
822 Globals.winbind_expand_groups = 0;
823 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
824 Globals.winbind_refresh_tickets = false;
825 Globals.winbind_offline_logon = false;
826 Globals.winbind_scan_trusted_domains = true;
828 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
829 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
831 Globals.passdb_expand_explicit = false;
833 Globals.name_cache_timeout = 660; /* In seconds */
835 Globals.client_use_spnego = true;
837 Globals.client_signing = SMB_SIGNING_DEFAULT;
838 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
839 Globals.server_signing = SMB_SIGNING_DEFAULT;
841 Globals.defer_sharing_violations = true;
842 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
844 Globals.enable_privileges = true;
845 Globals.host_msdfs = true;
846 Globals.enable_asu_support = false;
848 /* User defined shares. */
849 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
851 smb_panic("init_globals: ENOMEM");
853 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
855 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
856 Globals.usershare_max_shares = 0;
857 /* By default disallow sharing of directories not owned by the sharer. */
858 Globals.usershare_owner_only = true;
859 /* By default disallow guest access to usershares. */
860 Globals.usershare_allow_guests = false;
862 Globals.keepalive = DEFAULT_KEEPALIVE;
864 /* By default no shares out of the registry */
865 Globals.registry_shares = false;
867 Globals.min_receivefile_size = 0;
869 Globals.multicast_dns_register = true;
871 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
872 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
873 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
874 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
875 Globals.smb2_leases = true;
877 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
878 get_dyn_NCALRPCDIR());
880 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
882 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
884 Globals.tls_enabled = true;
885 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
887 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
888 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
889 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
890 lpcfg_string_set(Globals.ctx, &Globals.tls_priority,
891 "NORMAL:-VERS-SSL3.0");
893 lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
895 Globals._preferred_master = Auto;
897 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
898 Globals.dns_zone_scavenging = false;
900 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
901 get_dyn_NTP_SIGND_SOCKET_DIR());
903 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
905 smb_panic("init_globals: ENOMEM");
907 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
911 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
914 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
916 smb_panic("init_globals: ENOMEM");
918 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
921 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
923 smb_panic("init_globals: ENOMEM");
925 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
928 Globals.apply_group_policies = false;
930 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
932 smb_panic("init_globals: ENOMEM");
934 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
937 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
939 Globals.rndc_command = str_list_make_v3_const(NULL, "/usr/sbin/rndc", NULL);
941 Globals.cldap_port = 389;
943 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
945 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
947 Globals.krb5_port = 88;
949 Globals.kpasswd_port = 464;
951 Globals.web_port = 901;
953 Globals.aio_max_threads = 100;
955 lpcfg_string_set(Globals.ctx,
956 &Globals.rpc_server_dynamic_port_range,
958 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
959 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
960 Globals.prefork_children = 1;
962 /* Now put back the settings that were set with lp_set_cmdline() */
963 apply_lp_set_cmdline();
966 /* Convenience routine to setup an lp_context with additional s3 variables */
967 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
969 struct loadparm_context *lp_ctx;
971 lp_ctx = loadparm_init_s3(mem_ctx,
972 loadparm_s3_helpers());
973 if (lp_ctx == NULL) {
974 DEBUG(0, ("loadparm_init_s3 failed\n"));
978 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
979 if (lp_ctx->sDefault == NULL) {
980 DBG_ERR("talloc_zero failed\n");
985 *lp_ctx->sDefault = _sDefault;
986 lp_ctx->services = NULL; /* We do not want to access this directly */
987 lp_ctx->bInGlobalSection = bInGlobalSection;
988 lp_ctx->flags = flags_list;
993 /*******************************************************************
994 Convenience routine to grab string parameters into talloced memory
995 and run standard_sub_basic on them. The buffers can be written to by
996 callers without affecting the source string.
997 ********************************************************************/
999 char *lp_string(TALLOC_CTX *ctx, const char *s)
1003 /* The follow debug is useful for tracking down memory problems
1004 especially if you have an inner loop that is calling a lp_*()
1005 function that returns a string. Perhaps this debug should be
1006 present all the time? */
1009 DEBUG(10, ("lp_string(%s)\n", s));
1015 ret = talloc_sub_basic(ctx,
1016 get_current_username(),
1017 current_user_info.domain,
1019 if (trim_char(ret, '\"', '\"')) {
1020 if (strchr(ret,'\"') != NULL) {
1022 ret = talloc_sub_basic(ctx,
1023 get_current_username(),
1024 current_user_info.domain,
1032 In this section all the functions that are used to access the
1033 parameters from the rest of the program are defined
1036 #define FN_GLOBAL_STRING(fn_name,ptr) \
1037 char *lp_ ## fn_name(TALLOC_CTX *ctx) {return(lp_string((ctx), *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : ""));}
1038 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1039 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1040 #define FN_GLOBAL_LIST(fn_name,ptr) \
1041 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1042 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1043 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1044 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1045 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1046 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1047 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1049 #define FN_LOCAL_STRING(fn_name,val) \
1050 char *lp_ ## fn_name(TALLOC_CTX *ctx,int i) {return(lp_string((ctx), (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));}
1051 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1052 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1053 #define FN_LOCAL_LIST(fn_name,val) \
1054 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1055 #define FN_LOCAL_BOOL(fn_name,val) \
1056 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1057 #define FN_LOCAL_INTEGER(fn_name,val) \
1058 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1060 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1061 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1062 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1063 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1064 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1065 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1067 int lp_winbind_max_domain_connections(void)
1069 if (lp_winbind_offline_logon() &&
1070 lp__winbind_max_domain_connections() > 1) {
1071 DEBUG(1, ("offline logons active, restricting max domain "
1072 "connections to 1\n"));
1075 return MAX(1, lp__winbind_max_domain_connections());
1078 /* These functions remain in source3/param for now */
1080 #include "lib/param/param_functions.c"
1082 FN_LOCAL_STRING(servicename, szService)
1083 FN_LOCAL_CONST_STRING(const_servicename, szService)
1085 /* These functions cannot be auto-generated */
1086 FN_LOCAL_BOOL(autoloaded, autoloaded)
1087 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1089 /* local prototypes */
1091 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1092 static const char *get_boolean(bool bool_value);
1093 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1095 static bool hash_a_service(const char *name, int number);
1096 static void free_service_byindex(int iService);
1097 static void show_parameter(int parmIndex);
1098 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1099 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1102 * This is a helper function for parametrical options support. It returns a
1103 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1104 * parametrical functions are quite simple
1106 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1109 if (snum >= iNumServices) return NULL;
1112 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1114 return get_parametric_helper(ServicePtrs[snum],
1115 type, option, Globals.param_opt);
1119 static void discard_whitespace(char *str)
1121 size_t len = strlen(str);
1125 if (isspace(str[i])) {
1126 memmove(&str[i], &str[i+1], len-i);
1135 * @brief Go through all global parametric parameters
1137 * @param regex_str A regular expression to scan param for
1138 * @param max_matches Max number of submatches the regexp expects
1139 * @param cb Function to call on match. Should return true
1140 * when it wants wi_scan_global_parametrics to stop
1142 * @param private_data Anonymous pointer passed to cb
1144 * @return 0: success, regcomp/regexec return value on error.
1145 * See "man regexec" for possible errors
1148 int lp_wi_scan_global_parametrics(
1149 const char *regex_str, size_t max_matches,
1150 bool (*cb)(const char *string, regmatch_t matches[],
1151 void *private_data),
1154 struct parmlist_entry *data;
1158 ret = regcomp(®ex, regex_str, REG_ICASE);
1163 for (data = Globals.param_opt; data != NULL; data = data->next) {
1164 size_t keylen = strlen(data->key);
1166 regmatch_t matches[max_matches];
1169 memcpy(key, data->key, sizeof(key));
1170 discard_whitespace(key);
1172 ret = regexec(®ex, key, max_matches, matches, 0);
1173 if (ret == REG_NOMATCH) {
1180 stop = cb(key, matches, private_data);
1193 #define MISSING_PARAMETER(name) \
1194 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1196 /*******************************************************************
1197 convenience routine to return enum parameters.
1198 ********************************************************************/
1199 static int lp_enum(const char *s,const struct enum_list *_enum)
1203 if (!s || !*s || !_enum) {
1204 MISSING_PARAMETER(lp_enum);
1208 for (i=0; _enum[i].name; i++) {
1209 if (strequal(_enum[i].name,s))
1210 return _enum[i].value;
1213 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1217 #undef MISSING_PARAMETER
1219 /* Return parametric option from a given service. Type is a part of option before ':' */
1220 /* Parametric option has following syntax: 'Type: option = value' */
1221 char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def)
1223 struct parmlist_entry *data = get_parametrics(snum, type, option);
1225 if (data == NULL||data->value==NULL) {
1227 return lp_string(ctx, def);
1233 return lp_string(ctx, data->value);
1236 /* Return parametric option from a given service. Type is a part of option before ':' */
1237 /* Parametric option has following syntax: 'Type: option = value' */
1238 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1240 struct parmlist_entry *data = get_parametrics(snum, type, option);
1242 if (data == NULL||data->value==NULL)
1249 /* Return parametric option from a given service. Type is a part of option before ':' */
1250 /* Parametric option has following syntax: 'Type: option = value' */
1252 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1254 struct parmlist_entry *data = get_parametrics(snum, type, option);
1256 if (data == NULL||data->value==NULL)
1257 return (const char **)def;
1259 if (data->list==NULL) {
1260 data->list = str_list_make_v3(NULL, data->value, NULL);
1263 return discard_const_p(const char *, data->list);
1266 /* Return parametric option from a given service. Type is a part of option before ':' */
1267 /* Parametric option has following syntax: 'Type: option = value' */
1269 int lp_parm_int(int snum, const char *type, const char *option, int def)
1271 struct parmlist_entry *data = get_parametrics(snum, type, option);
1273 if (data && data->value && *data->value)
1274 return lp_int(data->value);
1279 /* Return parametric option from a given service. Type is a part of option before ':' */
1280 /* Parametric option has following syntax: 'Type: option = value' */
1282 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1284 struct parmlist_entry *data = get_parametrics(snum, type, option);
1286 if (data && data->value && *data->value)
1287 return lp_ulong(data->value);
1292 /* Return parametric option from a given service. Type is a part of option before ':' */
1293 /* Parametric option has following syntax: 'Type: option = value' */
1295 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1296 const char *option, unsigned long long def)
1298 struct parmlist_entry *data = get_parametrics(snum, type, option);
1300 if (data && data->value && *data->value) {
1301 return lp_ulonglong(data->value);
1307 /* Return parametric option from a given service. Type is a part of option
1309 /* Parametric option has following syntax: 'Type: option = value' */
1311 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1313 struct parmlist_entry *data = get_parametrics(snum, type, option);
1315 if (data && data->value && *data->value)
1316 return lp_bool(data->value);
1321 /* Return parametric option from a given service. Type is a part of option before ':' */
1322 /* Parametric option has following syntax: 'Type: option = value' */
1324 int lp_parm_enum(int snum, const char *type, const char *option,
1325 const struct enum_list *_enum, int def)
1327 struct parmlist_entry *data = get_parametrics(snum, type, option);
1329 if (data && data->value && *data->value && _enum)
1330 return lp_enum(data->value, _enum);
1336 * free a param_opts structure.
1337 * param_opts handling should be moved to talloc;
1338 * then this whole functions reduces to a TALLOC_FREE().
1341 static void free_param_opts(struct parmlist_entry **popts)
1343 struct parmlist_entry *opt, *next_opt;
1345 if (*popts != NULL) {
1346 DEBUG(5, ("Freeing parametrics:\n"));
1349 while (opt != NULL) {
1350 lpcfg_string_free(&opt->key);
1351 lpcfg_string_free(&opt->value);
1352 TALLOC_FREE(opt->list);
1353 next_opt = opt->next;
1360 /***************************************************************************
1361 Free the dynamically allocated parts of a service struct.
1362 ***************************************************************************/
1364 static void free_service(struct loadparm_service *pservice)
1369 if (pservice->szService)
1370 DEBUG(5, ("free_service: Freeing service %s\n",
1371 pservice->szService));
1373 free_parameters(pservice);
1375 lpcfg_string_free(&pservice->szService);
1376 TALLOC_FREE(pservice->copymap);
1378 free_param_opts(&pservice->param_opt);
1380 ZERO_STRUCTP(pservice);
1384 /***************************************************************************
1385 remove a service indexed in the ServicePtrs array from the ServiceHash
1386 and free the dynamically allocated parts
1387 ***************************************************************************/
1389 static void free_service_byindex(int idx)
1391 if ( !LP_SNUM_OK(idx) )
1394 ServicePtrs[idx]->valid = false;
1396 /* we have to cleanup the hash record */
1398 if (ServicePtrs[idx]->szService) {
1399 char *canon_name = canonicalize_servicename(
1401 ServicePtrs[idx]->szService );
1403 dbwrap_delete_bystring(ServiceHash, canon_name );
1404 TALLOC_FREE(canon_name);
1407 free_service(ServicePtrs[idx]);
1408 TALLOC_FREE(ServicePtrs[idx]);
1411 /***************************************************************************
1412 Add a new service to the services array initialising it with the given
1414 ***************************************************************************/
1416 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1419 struct loadparm_service **tsp = NULL;
1421 /* it might already exist */
1423 i = getservicebyname(name, NULL);
1429 /* Re use empty slots if any before allocating new one.*/
1430 for (i=0; i < iNumServices; i++) {
1431 if (ServicePtrs[i] == NULL) {
1435 if (i == iNumServices) {
1436 /* if not, then create one */
1437 tsp = talloc_realloc(NULL, ServicePtrs,
1438 struct loadparm_service *,
1441 DEBUG(0, ("add_a_service: failed to enlarge "
1448 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1449 if (!ServicePtrs[i]) {
1450 DEBUG(0,("add_a_service: out of memory!\n"));
1454 ServicePtrs[i]->valid = true;
1456 copy_service(ServicePtrs[i], pservice, NULL);
1458 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1461 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1462 i, ServicePtrs[i]->szService));
1464 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1471 /***************************************************************************
1472 Convert a string to uppercase and remove whitespaces.
1473 ***************************************************************************/
1475 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1480 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1484 result = talloc_strdup(ctx, src);
1485 SMB_ASSERT(result != NULL);
1487 if (!strlower_m(result)) {
1488 TALLOC_FREE(result);
1494 /***************************************************************************
1495 Add a name/index pair for the services array to the hash table.
1496 ***************************************************************************/
1498 static bool hash_a_service(const char *name, int idx)
1502 if ( !ServiceHash ) {
1503 DEBUG(10,("hash_a_service: creating servicehash\n"));
1504 ServiceHash = db_open_rbt(NULL);
1505 if ( !ServiceHash ) {
1506 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1511 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1514 canon_name = canonicalize_servicename(talloc_tos(), name );
1516 dbwrap_store_bystring(ServiceHash, canon_name,
1517 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1520 TALLOC_FREE(canon_name);
1525 /***************************************************************************
1526 Add a new home service, with the specified home directory, defaults coming
1528 ***************************************************************************/
1530 bool lp_add_home(const char *pszHomename, int iDefaultService,
1531 const char *user, const char *pszHomedir)
1536 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1537 pszHomedir[0] == '\0') {
1541 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1546 global_path = lp_path(talloc_tos(), GLOBAL_SECTION_SNUM);
1547 if (!(*(ServicePtrs[iDefaultService]->path))
1548 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1549 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1552 TALLOC_FREE(global_path);
1554 if (!(*(ServicePtrs[i]->comment))) {
1555 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1556 if (comment == NULL) {
1559 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1561 TALLOC_FREE(comment);
1564 /* set the browseable flag from the global default */
1566 ServicePtrs[i]->browseable = sDefault.browseable;
1567 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1569 ServicePtrs[i]->autoloaded = true;
1571 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1572 user, ServicePtrs[i]->path ));
1577 /***************************************************************************
1578 Add a new service, based on an old one.
1579 ***************************************************************************/
1581 int lp_add_service(const char *pszService, int iDefaultService)
1583 if (iDefaultService < 0) {
1584 return add_a_service(&sDefault, pszService);
1587 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1590 /***************************************************************************
1591 Add the IPC service.
1592 ***************************************************************************/
1594 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1596 char *comment = NULL;
1597 int i = add_a_service(&sDefault, ipc_name);
1602 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1603 Globals.server_string);
1604 if (comment == NULL) {
1608 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1609 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1610 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1611 ServicePtrs[i]->max_connections = 0;
1612 ServicePtrs[i]->available = true;
1613 ServicePtrs[i]->read_only = true;
1614 ServicePtrs[i]->guest_only = false;
1615 ServicePtrs[i]->administrative_share = true;
1616 ServicePtrs[i]->guest_ok = guest_ok;
1617 ServicePtrs[i]->printable = false;
1618 ServicePtrs[i]->browseable = sDefault.browseable;
1619 ServicePtrs[i]->autoloaded = false;
1621 DEBUG(3, ("adding IPC service\n"));
1623 TALLOC_FREE(comment);
1627 /***************************************************************************
1628 Add a new printer service, with defaults coming from service iFrom.
1629 ***************************************************************************/
1631 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1633 const char *comment = "From Printcap";
1634 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1639 /* note that we do NOT default the availability flag to true - */
1640 /* we take it from the default service passed. This allows all */
1641 /* dynamic printers to be disabled by disabling the [printers] */
1642 /* entry (if/when the 'available' keyword is implemented!). */
1644 /* the printer name is set to the service name. */
1645 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1647 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1649 /* set the browseable flag from the gloabl default */
1650 ServicePtrs[i]->browseable = sDefault.browseable;
1652 /* Printers cannot be read_only. */
1653 ServicePtrs[i]->read_only = false;
1654 /* No oplocks on printer services. */
1655 ServicePtrs[i]->oplocks = false;
1656 /* Printer services must be printable. */
1657 ServicePtrs[i]->printable = true;
1659 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1665 /***************************************************************************
1666 Check whether the given parameter name is valid.
1667 Parametric options (names containing a colon) are considered valid.
1668 ***************************************************************************/
1670 bool lp_parameter_is_valid(const char *pszParmName)
1672 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1673 (strchr(pszParmName, ':') != NULL));
1676 /***************************************************************************
1677 Check whether the given name is the name of a global parameter.
1678 Returns true for strings belonging to parameters of class
1679 P_GLOBAL, false for all other strings, also for parametric options
1680 and strings not belonging to any option.
1681 ***************************************************************************/
1683 bool lp_parameter_is_global(const char *pszParmName)
1685 int num = lpcfg_map_parameter(pszParmName);
1688 return (parm_table[num].p_class == P_GLOBAL);
1694 /**************************************************************************
1695 Determine the canonical name for a parameter.
1696 Indicate when it is an inverse (boolean) synonym instead of a
1698 **************************************************************************/
1700 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1705 if (!lp_parameter_is_valid(parm_name)) {
1710 num = map_parameter_canonical(parm_name, inverse);
1712 /* parametric option */
1713 *canon_parm = parm_name;
1715 *canon_parm = parm_table[num].label;
1722 /**************************************************************************
1723 Determine the canonical name for a parameter.
1724 Turn the value given into the inverse boolean expression when
1725 the synonym is an invers boolean synonym.
1728 - parm_name is a valid parameter name and
1729 - val is a valid value for this parameter and
1730 - in case the parameter is an inverse boolean synonym, if the val
1731 string could successfully be converted to the reverse bool.
1732 Return false in all other cases.
1733 **************************************************************************/
1735 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1737 const char **canon_parm,
1738 const char **canon_val)
1744 if (!lp_parameter_is_valid(parm_name)) {
1750 num = map_parameter_canonical(parm_name, &inverse);
1752 /* parametric option */
1753 *canon_parm = parm_name;
1758 *canon_parm = parm_table[num].label;
1760 if (!lp_invert_boolean(val, canon_val)) {
1768 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1773 /***************************************************************************
1774 Map a parameter's string representation to the index of the canonical
1775 form of the parameter (it might be a synonym).
1776 Returns -1 if the parameter string is not recognised.
1777 ***************************************************************************/
1779 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1781 int parm_num, canon_num;
1782 bool loc_inverse = false;
1784 parm_num = lpcfg_map_parameter(pszParmName);
1785 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1786 /* invalid, parametric or no canidate for synonyms ... */
1790 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1791 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1792 parm_num = canon_num;
1798 if (inverse != NULL) {
1799 *inverse = loc_inverse;
1804 /***************************************************************************
1805 return true if parameter number parm1 is a synonym of parameter
1806 number parm2 (parm2 being the principal name).
1807 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1809 ***************************************************************************/
1811 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1813 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1814 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1815 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1816 !(parm_table[parm2].flags & FLAG_SYNONYM))
1818 if (inverse != NULL) {
1819 if ((parm_table[parm1].type == P_BOOLREV) &&
1820 (parm_table[parm2].type == P_BOOL))
1832 /***************************************************************************
1833 Show one parameter's name, type, [values,] and flags.
1834 (helper functions for show_parameter_list)
1835 ***************************************************************************/
1837 static void show_parameter(int parmIndex)
1839 size_t enumIndex, flagIndex;
1844 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1845 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1846 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1847 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1848 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1850 printf("%s=%s", parm_table[parmIndex].label,
1851 type[parm_table[parmIndex].type]);
1852 if (parm_table[parmIndex].type == P_ENUM) {
1855 parm_table[parmIndex].enum_list[enumIndex].name;
1859 enumIndex ? "|" : "",
1860 parm_table[parmIndex].enum_list[enumIndex].name);
1865 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1866 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1869 flag_names[flagIndex]);
1874 /* output synonyms */
1876 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1877 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1878 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1879 parm_table[parmIndex2].label);
1880 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1882 printf(" (synonyms: ");
1887 printf("%s%s", parm_table[parmIndex2].label,
1888 inverse ? "[i]" : "");
1899 * Check the value for a P_ENUM
1901 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1905 for (i = 0; parm->enum_list[i].name; i++) {
1906 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1913 /**************************************************************************
1914 Check whether the given value is valid for the given parameter name.
1915 **************************************************************************/
1917 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1919 bool ret = false, tmp_bool;
1920 int num = lpcfg_map_parameter(parm_name), tmp_int;
1921 uint64_t tmp_int64 = 0;
1922 struct parm_struct *parm;
1924 /* parametric options (parameter names containing a colon) cannot
1925 be checked and are therefore considered valid. */
1926 if (strchr(parm_name, ':') != NULL) {
1931 parm = &parm_table[num];
1932 switch (parm->type) {
1935 ret = set_boolean(val, &tmp_bool);
1939 ret = (sscanf(val, "%d", &tmp_int) == 1);
1943 ret = (sscanf(val, "%o", &tmp_int) == 1);
1947 ret = check_enum_parameter(parm, val);
1951 if (conv_str_size_error(val, &tmp_int64) &&
1952 tmp_int64 <= INT_MAX) {
1969 /***************************************************************************
1970 Show all parameter's name, type, [values,] and flags.
1971 ***************************************************************************/
1973 void show_parameter_list(void)
1975 int classIndex, parmIndex;
1976 const char *section_names[] = { "local", "global", NULL};
1978 for (classIndex=0; section_names[classIndex]; classIndex++) {
1979 printf("[%s]\n", section_names[classIndex]);
1980 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
1981 if (parm_table[parmIndex].p_class == classIndex) {
1982 show_parameter(parmIndex);
1988 /***************************************************************************
1989 Get the standard string representation of a boolean value ("yes" or "no")
1990 ***************************************************************************/
1992 static const char *get_boolean(bool bool_value)
1994 static const char *yes_str = "yes";
1995 static const char *no_str = "no";
1997 return (bool_value ? yes_str : no_str);
2000 /***************************************************************************
2001 Provide the string of the negated boolean value associated to the boolean
2002 given as a string. Returns false if the passed string does not correctly
2003 represent a boolean.
2004 ***************************************************************************/
2006 bool lp_invert_boolean(const char *str, const char **inverse_str)
2010 if (!set_boolean(str, &val)) {
2014 *inverse_str = get_boolean(!val);
2018 /***************************************************************************
2019 Provide the canonical string representation of a boolean value given
2020 as a string. Return true on success, false if the string given does
2021 not correctly represent a boolean.
2022 ***************************************************************************/
2024 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2028 if (!set_boolean(str, &val)) {
2032 *canon_str = get_boolean(val);
2036 /***************************************************************************
2037 Find a service by name. Otherwise works like get_service.
2038 ***************************************************************************/
2040 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2047 if (ServiceHash == NULL) {
2051 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2053 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2056 if (NT_STATUS_IS_OK(status) &&
2057 (data.dptr != NULL) &&
2058 (data.dsize == sizeof(iService)))
2060 memcpy(&iService, data.dptr, sizeof(iService));
2063 TALLOC_FREE(canon_name);
2065 if ((iService != -1) && (LP_SNUM_OK(iService))
2066 && (pserviceDest != NULL)) {
2067 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2073 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2074 struct loadparm_service *lp_service(const char *pszServiceName)
2076 int iService = getservicebyname(pszServiceName, NULL);
2077 if (iService == -1 || !LP_SNUM_OK(iService)) {
2080 return ServicePtrs[iService];
2083 struct loadparm_service *lp_servicebynum(int snum)
2085 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2088 return ServicePtrs[snum];
2091 struct loadparm_service *lp_default_loadparm_service()
2096 static struct smbconf_ctx *lp_smbconf_ctx(void)
2099 static struct smbconf_ctx *conf_ctx = NULL;
2101 if (conf_ctx == NULL) {
2102 err = smbconf_init(NULL, &conf_ctx, "registry:");
2103 if (!SBC_ERROR_IS_OK(err)) {
2104 DEBUG(1, ("error initializing registry configuration: "
2105 "%s\n", sbcErrorString(err)));
2113 static bool process_smbconf_service(struct smbconf_service *service)
2118 if (service == NULL) {
2122 ret = lp_do_section(service->name, NULL);
2126 for (count = 0; count < service->num_params; count++) {
2128 if (!bInGlobalSection && bGlobalOnly) {
2131 const char *pszParmName = service->param_names[count];
2132 const char *pszParmValue = service->param_values[count];
2134 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2136 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2137 pszParmName, pszParmValue);
2144 if (iServiceIndex >= 0) {
2145 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2151 * load a service from registry and activate it
2153 bool process_registry_service(const char *service_name)
2156 struct smbconf_service *service = NULL;
2157 TALLOC_CTX *mem_ctx = talloc_stackframe();
2158 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2161 if (conf_ctx == NULL) {
2165 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2167 if (!smbconf_share_exists(conf_ctx, service_name)) {
2169 * Registry does not contain data for this service (yet),
2170 * but make sure lp_load doesn't return false.
2176 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2177 if (!SBC_ERROR_IS_OK(err)) {
2181 ret = process_smbconf_service(service);
2187 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2190 TALLOC_FREE(mem_ctx);
2195 * process_registry_globals
2197 static bool process_registry_globals(void)
2201 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2203 if (!bInGlobalSection && bGlobalOnly) {
2206 const char *pszParmName = "registry shares";
2207 const char *pszParmValue = "yes";
2209 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2211 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2212 pszParmName, pszParmValue);
2219 return process_registry_service(GLOBAL_NAME);
2222 bool process_registry_shares(void)
2226 struct smbconf_service **service = NULL;
2227 uint32_t num_shares = 0;
2228 TALLOC_CTX *mem_ctx = talloc_stackframe();
2229 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2232 if (conf_ctx == NULL) {
2236 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2237 if (!SBC_ERROR_IS_OK(err)) {
2243 for (count = 0; count < num_shares; count++) {
2244 if (strequal(service[count]->name, GLOBAL_NAME)) {
2247 ret = process_smbconf_service(service[count]);
2254 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2257 TALLOC_FREE(mem_ctx);
2262 * reload those shares from registry that are already
2263 * activated in the services array.
2265 static bool reload_registry_shares(void)
2270 for (i = 0; i < iNumServices; i++) {
2275 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2279 ret = process_registry_service(ServicePtrs[i]->szService);
2290 #define MAX_INCLUDE_DEPTH 100
2292 static uint8_t include_depth;
2295 * Free the file lists
2297 static void free_file_list(void)
2299 struct file_lists *f;
2300 struct file_lists *next;
2313 * Utility function for outsiders to check if we're running on registry.
2315 bool lp_config_backend_is_registry(void)
2317 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2321 * Utility function to check if the config backend is FILE.
2323 bool lp_config_backend_is_file(void)
2325 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2328 /*******************************************************************
2329 Check if a config file has changed date.
2330 ********************************************************************/
2332 bool lp_file_list_changed(void)
2334 struct file_lists *f = file_lists;
2336 DEBUG(6, ("lp_file_list_changed()\n"));
2339 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2340 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2342 if (conf_ctx == NULL) {
2345 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2348 DEBUGADD(6, ("registry config changed\n"));
2355 n2 = talloc_sub_basic(talloc_tos(),
2356 get_current_username(),
2357 current_user_info.domain,
2362 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2363 f->name, n2, ctime(&f->modtime)));
2365 mod_time = file_modtime(n2);
2368 ((f->modtime != mod_time) ||
2369 (f->subfname == NULL) ||
2370 (strcmp(n2, f->subfname) != 0)))
2373 ("file %s modified: %s\n", n2,
2375 f->modtime = mod_time;
2376 TALLOC_FREE(f->subfname);
2377 f->subfname = talloc_strdup(f, n2);
2378 if (f->subfname == NULL) {
2379 smb_panic("talloc_strdup failed");
2393 * Initialize iconv conversion descriptors.
2395 * This is called the first time it is needed, and also called again
2396 * every time the configuration is reloaded, because the charset or
2397 * codepage might have changed.
2399 static void init_iconv(void)
2401 struct smb_iconv_handle *ret = NULL;
2403 ret = reinit_iconv_handle(NULL,
2407 smb_panic("reinit_iconv_handle failed");
2411 /***************************************************************************
2412 Handle the include operation.
2413 ***************************************************************************/
2414 static bool bAllowIncludeRegistry = true;
2416 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2417 const char *pszParmValue, char **ptr)
2421 if (include_depth >= MAX_INCLUDE_DEPTH) {
2422 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2427 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2428 if (!bAllowIncludeRegistry) {
2431 if (lp_ctx->bInGlobalSection) {
2434 ret = process_registry_globals();
2438 DEBUG(1, ("\"include = registry\" only effective "
2439 "in %s section\n", GLOBAL_NAME));
2444 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2445 current_user_info.domain,
2448 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2450 if (service == NULL) {
2451 lpcfg_string_set(Globals.ctx, ptr, fname);
2453 lpcfg_string_set(service, ptr, fname);
2456 if (file_exist(fname)) {
2459 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2465 DEBUG(2, ("Can't find include file %s\n", fname));
2470 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2472 char *config_option = NULL;
2473 const char *range = NULL;
2476 SMB_ASSERT(low != NULL);
2477 SMB_ASSERT(high != NULL);
2479 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2483 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2485 if (config_option == NULL) {
2486 DEBUG(0, ("out of memory\n"));
2490 range = lp_parm_const_string(-1, config_option, "range", NULL);
2491 if (range == NULL) {
2492 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2496 if (sscanf(range, "%u - %u", low, high) != 2) {
2497 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2498 range, domain_name));
2505 talloc_free(config_option);
2510 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2512 return lp_idmap_range("*", low, high);
2515 const char *lp_idmap_backend(const char *domain_name)
2517 char *config_option = NULL;
2518 const char *backend = NULL;
2520 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2524 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2526 if (config_option == NULL) {
2527 DEBUG(0, ("out of memory\n"));
2531 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2532 if (backend == NULL) {
2533 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2538 talloc_free(config_option);
2542 const char *lp_idmap_default_backend(void)
2544 return lp_idmap_backend("*");
2547 /***************************************************************************
2548 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2549 ***************************************************************************/
2551 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2553 const char *suffix_string;
2555 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2556 Globals.ldap_suffix );
2557 if ( !suffix_string ) {
2558 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2562 return suffix_string;
2565 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2567 if (Globals._ldap_machine_suffix[0])
2568 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2570 return lp_string(ctx, Globals.ldap_suffix);
2573 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2575 if (Globals._ldap_user_suffix[0])
2576 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2578 return lp_string(ctx, Globals.ldap_suffix);
2581 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2583 if (Globals._ldap_group_suffix[0])
2584 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2586 return lp_string(ctx, Globals.ldap_suffix);
2589 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2591 if (Globals._ldap_idmap_suffix[0])
2592 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2594 return lp_string(ctx, Globals.ldap_suffix);
2598 return the parameter pointer for a parameter
2600 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2602 if (service == NULL) {
2603 if (parm->p_class == P_LOCAL)
2604 return (void *)(((char *)&sDefault)+parm->offset);
2605 else if (parm->p_class == P_GLOBAL)
2606 return (void *)(((char *)&Globals)+parm->offset);
2609 return (void *)(((char *)service) + parm->offset);
2613 /***************************************************************************
2614 Process a parameter for a particular service number. If snum < 0
2615 then assume we are in the globals.
2616 ***************************************************************************/
2618 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2620 TALLOC_CTX *frame = talloc_stackframe();
2621 struct loadparm_context *lp_ctx;
2624 lp_ctx = setup_lp_context(frame);
2625 if (lp_ctx == NULL) {
2631 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2633 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2634 pszParmName, pszParmValue);
2642 /***************************************************************************
2643 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2644 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2645 ***************************************************************************/
2647 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2650 parmnum = lpcfg_map_parameter(pszParmName);
2652 flags_list[parmnum] &= ~FLAG_CMDLINE;
2653 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2656 flags_list[parmnum] |= FLAG_CMDLINE;
2658 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2659 * be grouped in the table, so we don't have to search the
2662 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2663 && parm_table[i].p_class == parm_table[parmnum].p_class;
2665 flags_list[i] |= FLAG_CMDLINE;
2667 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2668 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2669 flags_list[i] |= FLAG_CMDLINE;
2675 /* it might be parametric */
2676 if (strchr(pszParmName, ':') != NULL) {
2677 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2681 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2685 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2688 TALLOC_CTX *frame = talloc_stackframe();
2689 struct loadparm_context *lp_ctx;
2691 lp_ctx = setup_lp_context(frame);
2692 if (lp_ctx == NULL) {
2697 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2703 /***************************************************************************
2704 Process a parameter.
2705 ***************************************************************************/
2707 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2710 if (!bInGlobalSection && bGlobalOnly)
2713 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2715 if (bInGlobalSection) {
2716 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2718 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2719 pszParmName, pszParmValue);
2723 /***************************************************************************
2724 Initialize any local variables in the sDefault table, after parsing a
2726 ***************************************************************************/
2728 static void init_locals(void)
2731 * We run this check once the [globals] is parsed, to force
2732 * the VFS objects and other per-share settings we need for
2733 * the standard way a AD DC is operated. We may change these
2734 * as our code evolves, which is why we force these settings.
2736 * We can't do this at the end of lp_load_ex(), as by that
2737 * point the services have been loaded and they will already
2738 * have "" as their vfs objects.
2740 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2741 const char **vfs_objects = lp_vfs_objects(-1);
2742 if (!vfs_objects || !vfs_objects[0]) {
2743 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2744 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2745 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2746 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2748 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2752 lp_do_parameter(-1, "map hidden", "no");
2753 lp_do_parameter(-1, "map system", "no");
2754 lp_do_parameter(-1, "map readonly", "no");
2755 lp_do_parameter(-1, "map archive", "no");
2756 lp_do_parameter(-1, "store dos attributes", "yes");
2760 /***************************************************************************
2761 Process a new section (service). At this stage all sections are services.
2762 Later we'll have special sections that permit server parameters to be set.
2763 Returns true on success, false on failure.
2764 ***************************************************************************/
2766 bool lp_do_section(const char *pszSectionName, void *userdata)
2768 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2770 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2771 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2774 /* if we were in a global section then do the local inits */
2775 if (bInGlobalSection && !isglobal)
2778 /* if we've just struck a global section, note the fact. */
2779 bInGlobalSection = isglobal;
2780 if (lp_ctx != NULL) {
2781 lp_ctx->bInGlobalSection = isglobal;
2784 /* check for multiple global sections */
2785 if (bInGlobalSection) {
2786 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2790 if (!bInGlobalSection && bGlobalOnly)
2793 /* if we have a current service, tidy it up before moving on */
2796 if (iServiceIndex >= 0)
2797 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2799 /* if all is still well, move to the next record in the services array */
2801 /* We put this here to avoid an odd message order if messages are */
2802 /* issued by the post-processing of a previous section. */
2803 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2805 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2806 if (iServiceIndex < 0) {
2807 DEBUG(0, ("Failed to add a new service\n"));
2810 /* Clean all parametric options for service */
2811 /* They will be added during parsing again */
2812 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2818 /***************************************************************************
2819 Display the contents of a parameter of a single services record.
2820 ***************************************************************************/
2822 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2824 bool result = false;
2825 struct loadparm_context *lp_ctx;
2827 lp_ctx = setup_lp_context(talloc_tos());
2828 if (lp_ctx == NULL) {
2833 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2835 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2837 TALLOC_FREE(lp_ctx);
2842 /***************************************************************************
2843 Display the contents of a single copy structure.
2844 ***************************************************************************/
2845 static void dump_copy_map(bool *pcopymap)
2851 printf("\n\tNon-Copied parameters:\n");
2853 for (i = 0; parm_table[i].label; i++)
2854 if (parm_table[i].p_class == P_LOCAL &&
2855 parm_table[i].ptr && !pcopymap[i] &&
2856 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2858 printf("\t\t%s\n", parm_table[i].label);
2863 /***************************************************************************
2864 Return TRUE if the passed service number is within range.
2865 ***************************************************************************/
2867 bool lp_snum_ok(int iService)
2869 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2872 /***************************************************************************
2873 Auto-load some home services.
2874 ***************************************************************************/
2876 static void lp_add_auto_services(char *str)
2886 s = talloc_strdup(talloc_tos(), str);
2888 smb_panic("talloc_strdup failed");
2892 homes = lp_servicenumber(HOMES_NAME);
2894 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2895 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2898 if (lp_servicenumber(p) >= 0)
2901 home = get_user_home_dir(talloc_tos(), p);
2903 if (home && home[0] && homes >= 0)
2904 lp_add_home(p, homes, p, home);
2911 /***************************************************************************
2912 Auto-load one printer.
2913 ***************************************************************************/
2915 void lp_add_one_printer(const char *name, const char *comment,
2916 const char *location, void *pdata)
2918 int printers = lp_servicenumber(PRINTERS_NAME);
2921 if (lp_servicenumber(name) < 0) {
2922 lp_add_printer(name, printers);
2923 if ((i = lp_servicenumber(name)) >= 0) {
2924 lpcfg_string_set(ServicePtrs[i],
2925 &ServicePtrs[i]->comment, comment);
2926 ServicePtrs[i]->autoloaded = true;
2931 /***************************************************************************
2932 Have we loaded a services file yet?
2933 ***************************************************************************/
2935 bool lp_loaded(void)
2940 /***************************************************************************
2941 Unload unused services.
2942 ***************************************************************************/
2944 void lp_killunused(struct smbd_server_connection *sconn,
2945 bool (*snumused) (struct smbd_server_connection *, int))
2948 for (i = 0; i < iNumServices; i++) {
2952 /* don't kill autoloaded or usershare services */
2953 if ( ServicePtrs[i]->autoloaded ||
2954 ServicePtrs[i]->usershare == USERSHARE_VALID) {
2958 if (!snumused || !snumused(sconn, i)) {
2959 free_service_byindex(i);
2965 * Kill all except autoloaded and usershare services - convenience wrapper
2967 void lp_kill_all_services(void)
2969 lp_killunused(NULL, NULL);
2972 /***************************************************************************
2974 ***************************************************************************/
2976 void lp_killservice(int iServiceIn)
2978 if (VALID(iServiceIn)) {
2979 free_service_byindex(iServiceIn);
2983 /***************************************************************************
2984 Save the curent values of all global and sDefault parameters into the
2985 defaults union. This allows testparm to show only the
2986 changed (ie. non-default) parameters.
2987 ***************************************************************************/
2989 static void lp_save_defaults(void)
2992 struct parmlist_entry * parm;
2993 for (i = 0; parm_table[i].label; i++) {
2994 if (!(flags_list[i] & FLAG_CMDLINE)) {
2995 flags_list[i] |= FLAG_DEFAULT;
2998 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
2999 && parm_table[i].p_class == parm_table[i - 1].p_class)
3001 switch (parm_table[i].type) {
3004 parm_table[i].def.lvalue = str_list_copy(
3005 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3011 &parm_table[i].def.svalue,
3012 *(char **)lp_parm_ptr(
3013 NULL, &parm_table[i]));
3014 if (parm_table[i].def.svalue == NULL) {
3015 smb_panic("lpcfg_string_set() failed");
3020 parm_table[i].def.bvalue =
3021 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3024 parm_table[i].def.cvalue =
3025 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3031 parm_table[i].def.ivalue =
3032 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3037 for (parm=Globals.param_opt; parm; parm=parm->next) {
3038 if (!(parm->priority & FLAG_CMDLINE)) {
3039 parm->priority |= FLAG_DEFAULT;
3043 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3044 if (!(parm->priority & FLAG_CMDLINE)) {
3045 parm->priority |= FLAG_DEFAULT;
3049 defaults_saved = true;
3052 /***********************************************************
3053 If we should send plaintext/LANMAN passwords in the clinet
3054 ************************************************************/
3056 static void set_allowed_client_auth(void)
3058 if (Globals.client_ntlmv2_auth) {
3059 Globals.client_lanman_auth = false;
3061 if (!Globals.client_lanman_auth) {
3062 Globals.client_plaintext_auth = false;
3066 /***************************************************************************
3068 The following code allows smbd to read a user defined share file.
3069 Yes, this is my intent. Yes, I'm comfortable with that...
3071 THE FOLLOWING IS SECURITY CRITICAL CODE.
3073 It washes your clothes, it cleans your house, it guards you while you sleep...
3074 Do not f%^k with it....
3075 ***************************************************************************/
3077 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3079 /***************************************************************************
3080 Check allowed stat state of a usershare file.
3081 Ensure we print out who is dicking with us so the admin can
3082 get their sorry ass fired.
3083 ***************************************************************************/
3085 static bool check_usershare_stat(const char *fname,
3086 const SMB_STRUCT_STAT *psbuf)
3088 if (!S_ISREG(psbuf->st_ex_mode)) {
3089 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3090 "not a regular file\n",
3091 fname, (unsigned int)psbuf->st_ex_uid ));
3095 /* Ensure this doesn't have the other write bit set. */
3096 if (psbuf->st_ex_mode & S_IWOTH) {
3097 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3098 "public write. Refusing to allow as a usershare file.\n",
3099 fname, (unsigned int)psbuf->st_ex_uid ));
3103 /* Should be 10k or less. */
3104 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3105 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3106 "too large (%u) to be a user share file.\n",
3107 fname, (unsigned int)psbuf->st_ex_uid,
3108 (unsigned int)psbuf->st_ex_size ));
3115 /***************************************************************************
3116 Parse the contents of a usershare file.
3117 ***************************************************************************/
3119 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3120 SMB_STRUCT_STAT *psbuf,
3121 const char *servicename,
3125 char **pp_sharepath,
3127 char **pp_cp_servicename,
3128 struct security_descriptor **ppsd,
3131 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3132 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3135 SMB_STRUCT_STAT sbuf;
3136 char *sharepath = NULL;
3137 char *comment = NULL;
3139 *pp_sharepath = NULL;
3142 *pallow_guest = false;
3145 return USERSHARE_MALFORMED_FILE;
3148 if (strcmp(lines[0], "#VERSION 1") == 0) {
3150 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3153 return USERSHARE_MALFORMED_FILE;
3156 return USERSHARE_BAD_VERSION;
3159 if (strncmp(lines[1], "path=", 5) != 0) {
3160 return USERSHARE_MALFORMED_PATH;
3163 sharepath = talloc_strdup(ctx, &lines[1][5]);
3165 return USERSHARE_POSIX_ERR;
3167 trim_string(sharepath, " ", " ");
3169 if (strncmp(lines[2], "comment=", 8) != 0) {
3170 return USERSHARE_MALFORMED_COMMENT_DEF;
3173 comment = talloc_strdup(ctx, &lines[2][8]);
3175 return USERSHARE_POSIX_ERR;
3177 trim_string(comment, " ", " ");
3178 trim_char(comment, '"', '"');
3180 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3181 return USERSHARE_MALFORMED_ACL_DEF;
3184 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3185 return USERSHARE_ACL_ERR;
3189 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3190 return USERSHARE_MALFORMED_ACL_DEF;
3192 if (lines[4][9] == 'y') {
3193 *pallow_guest = true;
3196 /* Backwards compatible extension to file version #2. */
3198 if (strncmp(lines[5], "sharename=", 10) != 0) {
3199 return USERSHARE_MALFORMED_SHARENAME_DEF;
3201 if (!strequal(&lines[5][10], servicename)) {
3202 return USERSHARE_BAD_SHARENAME;
3204 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3205 if (!*pp_cp_servicename) {
3206 return USERSHARE_POSIX_ERR;
3211 if (*pp_cp_servicename == NULL) {
3212 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3213 if (!*pp_cp_servicename) {
3214 return USERSHARE_POSIX_ERR;
3218 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3219 /* Path didn't change, no checks needed. */
3220 *pp_sharepath = sharepath;
3221 *pp_comment = comment;
3222 return USERSHARE_OK;
3225 /* The path *must* be absolute. */
3226 if (sharepath[0] != '/') {
3227 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3228 servicename, sharepath));
3229 return USERSHARE_PATH_NOT_ABSOLUTE;
3232 /* If there is a usershare prefix deny list ensure one of these paths
3233 doesn't match the start of the user given path. */
3234 if (prefixdenylist) {
3236 for ( i=0; prefixdenylist[i]; i++ ) {
3237 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3238 servicename, i, prefixdenylist[i], sharepath ));
3239 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3240 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3241 "usershare prefix deny list entries.\n",
3242 servicename, sharepath));
3243 return USERSHARE_PATH_IS_DENIED;
3248 /* If there is a usershare prefix allow list ensure one of these paths
3249 does match the start of the user given path. */
3251 if (prefixallowlist) {
3253 for ( i=0; prefixallowlist[i]; i++ ) {
3254 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3255 servicename, i, prefixallowlist[i], sharepath ));
3256 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3260 if (prefixallowlist[i] == NULL) {
3261 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3262 "usershare prefix allow list entries.\n",
3263 servicename, sharepath));
3264 return USERSHARE_PATH_NOT_ALLOWED;
3268 /* Ensure this is pointing to a directory. */
3269 dp = opendir(sharepath);
3272 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3273 servicename, sharepath));
3274 return USERSHARE_PATH_NOT_DIRECTORY;
3277 /* Ensure the owner of the usershare file has permission to share
3280 if (sys_stat(sharepath, &sbuf, false) == -1) {
3281 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3282 servicename, sharepath, strerror(errno) ));
3284 return USERSHARE_POSIX_ERR;
3289 if (!S_ISDIR(sbuf.st_ex_mode)) {
3290 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3291 servicename, sharepath ));
3292 return USERSHARE_PATH_NOT_DIRECTORY;
3295 /* Check if sharing is restricted to owner-only. */
3296 /* psbuf is the stat of the usershare definition file,
3297 sbuf is the stat of the target directory to be shared. */
3299 if (lp_usershare_owner_only()) {
3300 /* root can share anything. */
3301 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3302 return USERSHARE_PATH_NOT_ALLOWED;
3306 *pp_sharepath = sharepath;
3307 *pp_comment = comment;
3308 return USERSHARE_OK;
3311 /***************************************************************************
3312 Deal with a usershare file.
3315 -1 - Bad name, invalid contents.
3316 - service name already existed and not a usershare, problem
3317 with permissions to share directory etc.
3318 ***************************************************************************/
3320 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3322 SMB_STRUCT_STAT sbuf;
3323 SMB_STRUCT_STAT lsbuf;
3325 char *sharepath = NULL;
3326 char *comment = NULL;
3327 char *cp_service_name = NULL;
3328 char **lines = NULL;
3332 TALLOC_CTX *ctx = talloc_stackframe();
3333 struct security_descriptor *psd = NULL;
3334 bool guest_ok = false;
3335 char *canon_name = NULL;
3336 bool added_service = false;
3339 /* Ensure share name doesn't contain invalid characters. */
3340 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3341 DEBUG(0,("process_usershare_file: share name %s contains "
3342 "invalid characters (any of %s)\n",
3343 file_name, INVALID_SHARENAME_CHARS ));
3347 canon_name = canonicalize_servicename(ctx, file_name);
3352 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3357 /* Minimize the race condition by doing an lstat before we
3358 open and fstat. Ensure this isn't a symlink link. */
3360 if (sys_lstat(fname, &lsbuf, false) != 0) {
3361 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3362 fname, strerror(errno) ));
3366 /* This must be a regular file, not a symlink, directory or
3367 other strange filetype. */
3368 if (!check_usershare_stat(fname, &lsbuf)) {
3376 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3381 if (NT_STATUS_IS_OK(status) &&
3382 (data.dptr != NULL) &&
3383 (data.dsize == sizeof(iService))) {
3384 memcpy(&iService, data.dptr, sizeof(iService));
3388 if (iService != -1 &&
3389 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3390 &lsbuf.st_ex_mtime) == 0) {
3391 /* Nothing changed - Mark valid and return. */
3392 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3394 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3399 /* Try and open the file read only - no symlinks allowed. */
3401 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3403 fd = open(fname, O_RDONLY, 0);
3407 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3408 fname, strerror(errno) ));
3412 /* Now fstat to be *SURE* it's a regular file. */
3413 if (sys_fstat(fd, &sbuf, false) != 0) {
3415 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3416 fname, strerror(errno) ));
3420 /* Is it the same dev/inode as was lstated ? */
3421 if (!check_same_stat(&lsbuf, &sbuf)) {
3423 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3424 "Symlink spoofing going on ?\n", fname ));
3428 /* This must be a regular file, not a symlink, directory or
3429 other strange filetype. */
3430 if (!check_usershare_stat(fname, &sbuf)) {
3435 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3438 if (lines == NULL) {
3439 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3440 fname, (unsigned int)sbuf.st_ex_uid ));
3444 if (parse_usershare_file(ctx, &sbuf, file_name,
3445 iService, lines, numlines, &sharepath,
3446 &comment, &cp_service_name,
3447 &psd, &guest_ok) != USERSHARE_OK) {
3451 /* Everything ok - add the service possibly using a template. */
3453 const struct loadparm_service *sp = &sDefault;
3454 if (snum_template != -1) {
3455 sp = ServicePtrs[snum_template];
3458 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3459 DEBUG(0, ("process_usershare_file: Failed to add "
3460 "new service %s\n", cp_service_name));
3464 added_service = true;
3466 /* Read only is controlled by usershare ACL below. */
3467 ServicePtrs[iService]->read_only = false;
3470 /* Write the ACL of the new/modified share. */
3471 if (!set_share_security(canon_name, psd)) {
3472 DEBUG(0, ("process_usershare_file: Failed to set share "
3473 "security for user share %s\n",
3478 /* If from a template it may be marked invalid. */
3479 ServicePtrs[iService]->valid = true;
3481 /* Set the service as a valid usershare. */
3482 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3484 /* Set guest access. */
3485 if (lp_usershare_allow_guests()) {
3486 ServicePtrs[iService]->guest_ok = guest_ok;
3489 /* And note when it was loaded. */
3490 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3491 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3493 lpcfg_string_set(ServicePtrs[iService],
3494 &ServicePtrs[iService]->comment, comment);
3500 if (ret == -1 && iService != -1 && added_service) {
3501 lp_remove_service(iService);
3509 /***************************************************************************
3510 Checks if a usershare entry has been modified since last load.
3511 ***************************************************************************/
3513 static bool usershare_exists(int iService, struct timespec *last_mod)
3515 SMB_STRUCT_STAT lsbuf;
3516 const char *usersharepath = Globals.usershare_path;
3519 fname = talloc_asprintf(talloc_tos(),
3522 ServicePtrs[iService]->szService);
3523 if (fname == NULL) {
3527 if (sys_lstat(fname, &lsbuf, false) != 0) {
3532 if (!S_ISREG(lsbuf.st_ex_mode)) {
3538 *last_mod = lsbuf.st_ex_mtime;
3542 static bool usershare_directory_is_root(uid_t uid)
3548 if (uid_wrapper_enabled()) {
3555 /***************************************************************************
3556 Load a usershare service by name. Returns a valid servicenumber or -1.
3557 ***************************************************************************/
3559 int load_usershare_service(const char *servicename)
3561 SMB_STRUCT_STAT sbuf;
3562 const char *usersharepath = Globals.usershare_path;
3563 int max_user_shares = Globals.usershare_max_shares;
3564 int snum_template = -1;
3566 if (*usersharepath == 0 || max_user_shares == 0) {
3570 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3571 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3572 usersharepath, strerror(errno) ));
3576 if (!S_ISDIR(sbuf.st_ex_mode)) {
3577 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3583 * This directory must be owned by root, and have the 't' bit set.
3584 * It also must not be writable by "other".
3588 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3589 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3591 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3592 (sbuf.st_ex_mode & S_IWOTH)) {
3594 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3595 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3600 /* Ensure the template share exists if it's set. */
3601 if (Globals.usershare_template_share[0]) {
3602 /* We can't use lp_servicenumber here as we are recommending that
3603 template shares have -valid=false set. */
3604 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3605 if (ServicePtrs[snum_template]->szService &&
3606 strequal(ServicePtrs[snum_template]->szService,
3607 Globals.usershare_template_share)) {
3612 if (snum_template == -1) {
3613 DEBUG(0,("load_usershare_service: usershare template share %s "
3614 "does not exist.\n",
3615 Globals.usershare_template_share ));
3620 return process_usershare_file(usersharepath, servicename, snum_template);
3623 /***************************************************************************
3624 Load all user defined shares from the user share directory.
3625 We only do this if we're enumerating the share list.
3626 This is the function that can delete usershares that have
3628 ***************************************************************************/
3630 int load_usershare_shares(struct smbd_server_connection *sconn,
3631 bool (*snumused) (struct smbd_server_connection *, int))
3634 SMB_STRUCT_STAT sbuf;
3636 int num_usershares = 0;
3637 int max_user_shares = Globals.usershare_max_shares;
3638 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3639 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3640 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3642 int snum_template = -1;
3643 const char *usersharepath = Globals.usershare_path;
3644 int ret = lp_numservices();
3645 TALLOC_CTX *tmp_ctx;
3647 if (max_user_shares == 0 || *usersharepath == '\0') {
3648 return lp_numservices();
3651 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3652 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3653 usersharepath, strerror(errno) ));
3658 * This directory must be owned by root, and have the 't' bit set.
3659 * It also must not be writable by "other".
3663 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3665 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3667 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3668 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3673 /* Ensure the template share exists if it's set. */
3674 if (Globals.usershare_template_share[0]) {
3675 /* We can't use lp_servicenumber here as we are recommending that
3676 template shares have -valid=false set. */
3677 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3678 if (ServicePtrs[snum_template]->szService &&
3679 strequal(ServicePtrs[snum_template]->szService,
3680 Globals.usershare_template_share)) {
3685 if (snum_template == -1) {
3686 DEBUG(0,("load_usershare_shares: usershare template share %s "
3687 "does not exist.\n",
3688 Globals.usershare_template_share ));
3693 /* Mark all existing usershares as pending delete. */
3694 for (iService = iNumServices - 1; iService >= 0; iService--) {
3695 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3696 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3700 dp = opendir(usersharepath);
3702 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3703 usersharepath, strerror(errno) ));
3707 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3709 num_dir_entries++ ) {
3711 const char *n = de->d_name;
3713 /* Ignore . and .. */
3715 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3721 /* Temporary file used when creating a share. */
3722 num_tmp_dir_entries++;
3725 /* Allow 20% tmp entries. */
3726 if (num_tmp_dir_entries > allowed_tmp_entries) {
3727 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3728 "in directory %s\n",
3729 num_tmp_dir_entries, usersharepath));
3733 r = process_usershare_file(usersharepath, n, snum_template);
3735 /* Update the services count. */
3737 if (num_usershares >= max_user_shares) {
3738 DEBUG(0,("load_usershare_shares: max user shares reached "
3739 "on file %s in directory %s\n",
3740 n, usersharepath ));
3743 } else if (r == -1) {
3744 num_bad_dir_entries++;
3747 /* Allow 20% bad entries. */
3748 if (num_bad_dir_entries > allowed_bad_entries) {
3749 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3750 "in directory %s\n",
3751 num_bad_dir_entries, usersharepath));
3755 /* Allow 20% bad entries. */
3756 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3757 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3758 "in directory %s\n",
3759 num_dir_entries, usersharepath));
3766 /* Sweep through and delete any non-refreshed usershares that are
3767 not currently in use. */
3768 tmp_ctx = talloc_stackframe();
3769 for (iService = iNumServices - 1; iService >= 0; iService--) {
3770 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3773 if (snumused && snumused(sconn, iService)) {
3777 servname = lp_servicename(tmp_ctx, iService);
3779 /* Remove from the share ACL db. */
3780 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3782 delete_share_security(servname);
3783 free_service_byindex(iService);
3786 talloc_free(tmp_ctx);
3788 return lp_numservices();
3791 /********************************************************
3792 Destroy global resources allocated in this file
3793 ********************************************************/
3795 void gfree_loadparm(void)
3801 /* Free resources allocated to services */
3803 for ( i = 0; i < iNumServices; i++ ) {
3805 free_service_byindex(i);
3809 TALLOC_FREE( ServicePtrs );
3812 /* Now release all resources allocated to global
3813 parameters and the default service */
3815 free_global_parameters();
3819 /***************************************************************************
3820 Allow client apps to specify that they are a client
3821 ***************************************************************************/
3822 static void lp_set_in_client(bool b)
3828 /***************************************************************************
3829 Determine if we're running in a client app
3830 ***************************************************************************/
3831 static bool lp_is_in_client(void)
3836 static void lp_enforce_ad_dc_settings(void)
3838 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3839 lp_do_parameter(GLOBAL_SECTION_SNUM,
3840 "winbindd:use external pipes", "true");
3841 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3842 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3843 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3844 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3845 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3846 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3847 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3848 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3849 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3852 /***************************************************************************
3853 Load the services array from the services file. Return true on success,
3855 ***************************************************************************/
3857 static bool lp_load_ex(const char *pszFname,
3861 bool reinit_globals,
3862 bool allow_include_registry,
3863 bool load_all_shares)
3867 TALLOC_CTX *frame = talloc_stackframe();
3868 struct loadparm_context *lp_ctx;
3872 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3874 bInGlobalSection = true;
3875 bGlobalOnly = global_only;
3876 bAllowIncludeRegistry = allow_include_registry;
3877 sDefault = _sDefault;
3879 lp_ctx = setup_lp_context(talloc_tos());
3881 init_globals(lp_ctx, reinit_globals);
3885 if (save_defaults) {
3890 if (!reinit_globals) {
3891 free_param_opts(&Globals.param_opt);
3892 apply_lp_set_cmdline();
3895 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3897 /* We get sections first, so have to start 'behind' to make up */
3900 if (lp_config_backend_is_file()) {
3901 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3902 current_user_info.domain,
3905 smb_panic("lp_load_ex: out of memory");
3908 add_to_file_list(NULL, &file_lists, pszFname, n2);
3910 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3913 /* finish up the last section */
3914 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3916 if (iServiceIndex >= 0) {
3917 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3921 if (lp_config_backend_is_registry()) {
3923 /* config backend changed to registry in config file */
3925 * We need to use this extra global variable here to
3926 * survive restart: init_globals uses this as a default
3927 * for config_backend. Otherwise, init_globals would
3928 * send us into an endless loop here.
3931 config_backend = CONFIG_BACKEND_REGISTRY;
3933 DEBUG(1, ("lp_load_ex: changing to config backend "
3935 init_globals(lp_ctx, true);
3937 TALLOC_FREE(lp_ctx);
3939 lp_kill_all_services();
3940 ok = lp_load_ex(pszFname, global_only, save_defaults,
3941 add_ipc, reinit_globals,
3942 allow_include_registry,
3947 } else if (lp_config_backend_is_registry()) {
3948 bRetval = process_registry_globals();
3950 DEBUG(0, ("Illegal config backend given: %d\n",
3951 lp_config_backend()));
3955 if (bRetval && lp_registry_shares()) {
3956 if (load_all_shares) {
3957 bRetval = process_registry_shares();
3959 bRetval = reload_registry_shares();
3964 char *serv = lp_auto_services(talloc_tos());
3965 lp_add_auto_services(serv);
3970 /* When 'restrict anonymous = 2' guest connections to ipc$
3972 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
3973 if ( lp_enable_asu_support() ) {
3974 lp_add_ipc("ADMIN$", false);
3978 set_allowed_client_auth();
3980 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
3981 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
3982 lp_password_server()));
3987 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
3988 /* if we_are_a_wins_server is true and we are in the client */
3989 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
3990 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
3995 fault_configure(smb_panic_s3);
3998 * We run this check once the whole smb.conf is parsed, to
3999 * force some settings for the standard way a AD DC is
4000 * operated. We may change these as our code evolves, which
4001 * is why we force these settings.
4003 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4004 lp_enforce_ad_dc_settings();
4007 bAllowIncludeRegistry = true;
4013 static bool lp_load(const char *pszFname,
4017 bool reinit_globals)
4019 return lp_load_ex(pszFname,
4024 true, /* allow_include_registry */
4025 false); /* load_all_shares*/
4028 bool lp_load_initial_only(const char *pszFname)
4030 return lp_load_ex(pszFname,
4031 true, /* global only */
4032 true, /* save_defaults */
4033 false, /* add_ipc */
4034 true, /* reinit_globals */
4035 false, /* allow_include_registry */
4036 false); /* load_all_shares*/
4040 * most common lp_load wrapper, loading only the globals
4042 * If this is used in a daemon or client utility it should be called
4043 * after processing popt.
4045 bool lp_load_global(const char *file_name)
4047 return lp_load(file_name,
4048 true, /* global_only */
4049 false, /* save_defaults */
4050 false, /* add_ipc */
4051 true); /* reinit_globals */
4055 * The typical lp_load wrapper with shares, loads global and
4056 * shares, including IPC, but does not force immediate
4057 * loading of all shares from registry.
4059 bool lp_load_with_shares(const char *file_name)
4061 return lp_load(file_name,
4062 false, /* global_only */
4063 false, /* save_defaults */
4065 true); /* reinit_globals */
4069 * lp_load wrapper, especially for clients
4071 bool lp_load_client(const char *file_name)
4073 lp_set_in_client(true);
4075 return lp_load_global(file_name);
4079 * lp_load wrapper, loading only globals, but intended
4080 * for subsequent calls, not reinitializing the globals
4083 bool lp_load_global_no_reinit(const char *file_name)
4085 return lp_load(file_name,
4086 true, /* global_only */
4087 false, /* save_defaults */
4088 false, /* add_ipc */
4089 false); /* reinit_globals */
4093 * lp_load wrapper, loading globals and shares,
4094 * intended for subsequent calls, i.e. not reinitializing
4095 * the globals to default values.
4097 bool lp_load_no_reinit(const char *file_name)
4099 return lp_load(file_name,
4100 false, /* global_only */
4101 false, /* save_defaults */
4102 false, /* add_ipc */
4103 false); /* reinit_globals */
4108 * lp_load wrapper, especially for clients, no reinitialization
4110 bool lp_load_client_no_reinit(const char *file_name)
4112 lp_set_in_client(true);
4114 return lp_load_global_no_reinit(file_name);
4117 bool lp_load_with_registry_shares(const char *pszFname)
4119 return lp_load_ex(pszFname,
4120 false, /* global_only */
4121 true, /* save_defaults */
4122 false, /* add_ipc */
4123 false, /* reinit_globals */
4124 true, /* allow_include_registry */
4125 true); /* load_all_shares*/
4128 /***************************************************************************
4129 Return the max number of services.
4130 ***************************************************************************/
4132 int lp_numservices(void)
4134 return (iNumServices);
4137 /***************************************************************************
4138 Display the contents of the services array in human-readable form.
4139 ***************************************************************************/
4141 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4144 struct loadparm_context *lp_ctx;
4147 defaults_saved = false;
4149 lp_ctx = setup_lp_context(talloc_tos());
4150 if (lp_ctx == NULL) {
4154 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4156 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4158 for (iService = 0; iService < maxtoprint; iService++) {
4160 lp_dump_one(f, show_defaults, iService);
4162 TALLOC_FREE(lp_ctx);
4165 /***************************************************************************
4166 Display the contents of one service in human-readable form.
4167 ***************************************************************************/
4169 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4172 if (ServicePtrs[snum]->szService[0] == '\0')
4174 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4175 flags_list, show_defaults);
4179 /***************************************************************************
4180 Return the number of the service with the given name, or -1 if it doesn't
4181 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4182 getservicebyname()! This works ONLY if all services have been loaded, and
4183 does not copy the found service.
4184 ***************************************************************************/
4186 int lp_servicenumber(const char *pszServiceName)
4189 fstring serviceName;
4191 if (!pszServiceName) {
4192 return GLOBAL_SECTION_SNUM;
4195 for (iService = iNumServices - 1; iService >= 0; iService--) {
4196 if (VALID(iService) && ServicePtrs[iService]->szService) {
4198 * The substitution here is used to support %U in
4201 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4202 standard_sub_basic(get_current_username(),
4203 current_user_info.domain,
4204 serviceName,sizeof(serviceName));
4205 if (strequal(serviceName, pszServiceName)) {
4211 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4212 struct timespec last_mod;
4214 if (!usershare_exists(iService, &last_mod)) {
4215 /* Remove the share security tdb entry for it. */
4216 delete_share_security(lp_const_servicename(iService));
4217 /* Remove it from the array. */
4218 free_service_byindex(iService);
4219 /* Doesn't exist anymore. */
4220 return GLOBAL_SECTION_SNUM;
4223 /* Has it been modified ? If so delete and reload. */
4224 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4226 /* Remove it from the array. */
4227 free_service_byindex(iService);
4228 /* and now reload it. */
4229 iService = load_usershare_service(pszServiceName);
4234 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4235 return GLOBAL_SECTION_SNUM;
4241 /*******************************************************************
4242 A useful volume label function.
4243 ********************************************************************/
4245 const char *volume_label(TALLOC_CTX *ctx, int snum)
4248 const char *label = lp_volume(ctx, snum);
4250 label = lp_servicename(ctx, snum);
4253 /* This returns a 33 byte guarenteed null terminated string. */
4254 ret = talloc_strndup(ctx, label, 32);
4261 /*******************************************************************
4262 Get the default server type we will announce as via nmbd.
4263 ********************************************************************/
4265 int lp_default_server_announce(void)
4267 int default_server_announce = 0;
4268 default_server_announce |= SV_TYPE_WORKSTATION;
4269 default_server_announce |= SV_TYPE_SERVER;
4270 default_server_announce |= SV_TYPE_SERVER_UNIX;
4272 /* note that the flag should be set only if we have a
4273 printer service but nmbd doesn't actually load the
4274 services so we can't tell --jerry */
4276 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4278 default_server_announce |= SV_TYPE_SERVER_NT;
4279 default_server_announce |= SV_TYPE_NT;
4281 switch (lp_server_role()) {
4282 case ROLE_DOMAIN_MEMBER:
4283 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4285 case ROLE_DOMAIN_PDC:
4286 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4288 case ROLE_DOMAIN_BDC:
4289 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4291 case ROLE_STANDALONE:
4295 if (lp_time_server())
4296 default_server_announce |= SV_TYPE_TIME_SOURCE;
4298 if (lp_host_msdfs())
4299 default_server_announce |= SV_TYPE_DFS_SERVER;
4301 return default_server_announce;
4304 /***********************************************************
4305 If we are PDC then prefer us as DMB
4306 ************************************************************/
4308 bool lp_domain_master(void)
4310 if (Globals._domain_master == Auto)
4311 return (lp_server_role() == ROLE_DOMAIN_PDC);
4313 return (bool)Globals._domain_master;
4316 /***********************************************************
4317 If we are PDC then prefer us as DMB
4318 ************************************************************/
4320 static bool lp_domain_master_true_or_auto(void)
4322 if (Globals._domain_master) /* auto or yes */
4328 /***********************************************************
4329 If we are DMB then prefer us as LMB
4330 ************************************************************/
4332 bool lp_preferred_master(void)
4334 int preferred_master = lp__preferred_master();
4336 if (preferred_master == Auto)
4337 return (lp_local_master() && lp_domain_master());
4339 return (bool)preferred_master;
4342 /*******************************************************************
4344 ********************************************************************/
4346 void lp_remove_service(int snum)
4348 ServicePtrs[snum]->valid = false;
4351 const char *lp_printername(TALLOC_CTX *ctx, int snum)
4353 const char *ret = lp__printername(ctx, snum);
4354 if (ret == NULL || *ret == '\0') {
4355 ret = lp_const_servicename(snum);
4362 /***********************************************************
4363 Allow daemons such as winbindd to fix their logfile name.
4364 ************************************************************/
4366 void lp_set_logfile(const char *name)
4368 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4369 debug_set_logfile(name);
4372 /*******************************************************************
4373 Return the max print jobs per queue.
4374 ********************************************************************/
4376 int lp_maxprintjobs(int snum)
4378 int maxjobs = lp_max_print_jobs(snum);
4380 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4381 maxjobs = PRINT_MAX_JOBID - 1;
4386 const char *lp_printcapname(void)
4388 const char *printcap_name = lp_printcap_name();
4390 if ((printcap_name != NULL) &&
4391 (printcap_name[0] != '\0'))
4392 return printcap_name;
4394 if (sDefault.printing == PRINT_CUPS) {
4398 if (sDefault.printing == PRINT_BSD)
4399 return "/etc/printcap";
4401 return PRINTCAP_NAME;
4404 static uint32_t spoolss_state;
4406 bool lp_disable_spoolss( void )
4408 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4409 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4411 return spoolss_state == SVCCTL_STOPPED ? true : false;
4414 void lp_set_spoolss_state( uint32_t state )
4416 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4418 spoolss_state = state;
4421 uint32_t lp_get_spoolss_state( void )
4423 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4426 /*******************************************************************
4427 Ensure we don't use sendfile if server smb signing is active.
4428 ********************************************************************/
4430 bool lp_use_sendfile(int snum, struct smb_signing_state *signing_state)
4432 bool sign_active = false;
4434 /* Using sendfile blows the brains out of any DOS or Win9x TCP stack... JRA. */
4435 if (get_Protocol() < PROTOCOL_NT1) {
4438 if (signing_state) {
4439 sign_active = smb_signing_is_active(signing_state);
4441 return (lp__use_sendfile(snum) &&
4442 (get_remote_arch() != RA_WIN95) &&
4446 /*******************************************************************
4447 Turn off sendfile if we find the underlying OS doesn't support it.
4448 ********************************************************************/
4450 void set_use_sendfile(int snum, bool val)
4452 if (LP_SNUM_OK(snum))
4453 ServicePtrs[snum]->_use_sendfile = val;
4455 sDefault._use_sendfile = val;
4458 void lp_set_mangling_method(const char *new_method)
4460 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4463 /*******************************************************************
4464 Global state for POSIX pathname processing.
4465 ********************************************************************/
4467 static bool posix_pathnames;
4469 bool lp_posix_pathnames(void)
4471 return posix_pathnames;
4474 /*******************************************************************
4475 Change everything needed to ensure POSIX pathname processing (currently
4477 ********************************************************************/
4479 void lp_set_posix_pathnames(void)
4481 posix_pathnames = true;
4484 /*******************************************************************
4485 Global state for POSIX lock processing - CIFS unix extensions.
4486 ********************************************************************/
4488 bool posix_default_lock_was_set;
4489 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4491 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4493 if (posix_default_lock_was_set) {
4494 return posix_cifsx_locktype;
4496 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4497 POSIX_LOCK : WINDOWS_LOCK;
4501 /*******************************************************************
4502 ********************************************************************/
4504 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4506 posix_default_lock_was_set = true;
4507 posix_cifsx_locktype = val;
4510 int lp_min_receive_file_size(void)
4512 int min_receivefile_size = lp_min_receivefile_size();
4514 if (min_receivefile_size < 0) {
4517 return min_receivefile_size;
4520 /*******************************************************************
4521 Safe wide links checks.
4522 This helper function always verify the validity of wide links,
4523 even after a configuration file reload.
4524 ********************************************************************/
4526 void widelinks_warning(int snum)
4528 if (lp_allow_insecure_wide_links()) {
4532 if (lp_unix_extensions() && lp_wide_links(snum)) {
4533 DBG_ERR("Share '%s' has wide links and unix extensions enabled. "
4534 "These parameters are incompatible. "
4535 "Wide links will be disabled for this share.\n",
4536 lp_const_servicename(snum));
4540 bool lp_widelinks(int snum)
4542 /* wide links is always incompatible with unix extensions */
4543 if (lp_unix_extensions()) {
4545 * Unless we have "allow insecure widelinks"
4548 if (!lp_allow_insecure_wide_links()) {
4553 return lp_wide_links(snum);
4556 int lp_server_role(void)
4558 return lp_find_server_role(lp__server_role(),
4560 lp__domain_logons(),
4561 lp_domain_master_true_or_auto());
4564 int lp_security(void)
4566 return lp_find_security(lp__server_role(),
4570 int lp_client_max_protocol(void)
4572 int client_max_protocol = lp__client_max_protocol();
4573 if (client_max_protocol == PROTOCOL_DEFAULT) {
4574 return PROTOCOL_LATEST;
4576 return client_max_protocol;
4579 int lp_client_ipc_min_protocol(void)
4581 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4582 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4583 client_ipc_min_protocol = lp_client_min_protocol();
4585 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4586 return PROTOCOL_NT1;
4588 return client_ipc_min_protocol;
4591 int lp_client_ipc_max_protocol(void)
4593 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4594 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4595 return PROTOCOL_LATEST;
4597 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4598 return PROTOCOL_NT1;
4600 return client_ipc_max_protocol;
4603 int lp_client_ipc_signing(void)
4605 int client_ipc_signing = lp__client_ipc_signing();
4606 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4607 return SMB_SIGNING_REQUIRED;
4609 return client_ipc_signing;
4612 int lp_rpc_low_port(void)
4614 return Globals.rpc_low_port;
4617 int lp_rpc_high_port(void)
4619 return Globals.rpc_high_port;
4623 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4625 * This also ensures it is disabled if NTLM is totally disabled
4627 bool lp_lanman_auth(void)
4629 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4631 if (ntlm_auth_level == NTLM_AUTH_ON) {
4632 return lp__lanman_auth();
4638 struct loadparm_global * get_globals(void)
4643 unsigned int * get_flags(void)
4645 if (flags_list == NULL) {
4646 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());