s3:smbd - support streams larger than 64 KiB

[samba.git] / source3 / param / loadparm.c

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index ce41477097a91c198b511bb7b39d2fd4a1677b6b..85e578eda9eb9cd2fa9229fcf3609cfaf50fb6e9 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -73,6 +73,9 @@
 #include "librpc/gen_ndr/nbt.h"
 #include "source4/lib/tls/tls.h"
 #include "libcli/auth/ntlm_check.h"
+#include "lib/crypto/gnutls_helpers.h"
+#include "lib/util/string_wrappers.h"
+#include "auth/credentials/credentials.h"
 
 #ifdef HAVE_SYS_SYSCTL_H
 #include <sys/sysctl.h>
@@ -194,6 +197,7 @@ static const struct loadparm_service _sDefault =
        .map_hidden = false,
        .map_archive = true,
        .store_dos_attributes = true,
+       .smbd_max_xattr_size = 65536,
        .dmapi_support = false,
        .locking = true,
        .strict_locking = Auto,
@@ -240,7 +244,7 @@ static const struct loadparm_service _sDefault =
        .aio_write_size = 1,
        .map_readonly = MAP_READONLY_NO,
        .directory_name_cache_size = 100,
-       .smb_encrypt = SMB_SIGNING_DEFAULT,
+       .server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
        .kernel_share_modes = true,
        .durable_handles = true,
        .check_parent_directory_delete_on_close = false,
@@ -248,6 +252,7 @@ static const struct loadparm_service _sDefault =
        .smbd_search_ask_sharemode = true,
        .smbd_getinfo_ask_sharemode = true,
        .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
+       .honor_change_notify_privilege = false,
        .dummy = ""
 };
 
@@ -679,15 +684,6 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
        Globals.machine_password_timeout = 60 * 60 * 24 * 7;    /* 7 days default. */
        Globals.lm_announce = Auto;     /* = Auto: send only if LM clients found */
        Globals.lm_interval = 60;
-#if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
-       Globals.nis_homedir = false;
-#ifdef WITH_NISPLUS_HOME
-       lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
-                        "auto_home.org_dir");
-#else
-       lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
-#endif
-#endif
        Globals.time_server = false;
        Globals.bind_interfaces_only = false;
        Globals.unix_password_sync = false;
@@ -739,7 +735,6 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 
        lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
        Globals.ldap_ssl = LDAP_SSL_START_TLS;
-       Globals.ldap_ssl_ads = false;
        Globals.ldap_deref = -1;
        Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
        Globals.ldap_delete_dn = false;
@@ -885,11 +880,10 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
        lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
        lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
        lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
-       lpcfg_string_set(Globals.ctx, &Globals.tls_priority,
+       lpcfg_string_set(Globals.ctx,
+                        &Globals.tls_priority,
                         "NORMAL:-VERS-SSL3.0");
 
-       lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
-
        Globals._preferred_master = Auto;
 
        Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
@@ -955,6 +949,19 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
        Globals.prefork_backoff_increment = 10;
        Globals.prefork_maximum_backoff = 120;
 
+       Globals.ldap_max_anonymous_request_size = 256000;
+       Globals.ldap_max_authenticated_request_size = 16777216;
+       Globals.ldap_max_search_request_size = 256000;
+
+       /* Async DNS query timeout (in seconds). */
+       Globals.async_dns_timeout = 10;
+
+       Globals.client_smb_encrypt = SMB_ENCRYPTION_DEFAULT;
+
+       Globals._client_use_kerberos = CRED_USE_KERBEROS_DESIRED;
+
+       Globals.client_protection = CRED_CLIENT_PROTECTION_DEFAULT;
+
        /* Now put back the settings that were set with lp_set_cmdline() */
        apply_lp_set_cmdline();
 }
@@ -3413,6 +3420,11 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
           open and fstat. Ensure this isn't a symlink link. */
 
        if (sys_lstat(fname, &lsbuf, false) != 0) {
+               if (errno == ENOENT) {
+                       /* Unknown share requested. Just ignore. */
+                       goto out;
+               }
+               /* Only log messages for meaningful problems. */
                DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
                        fname, strerror(errno) ));
                goto out;
@@ -3618,6 +3630,11 @@ int load_usershare_service(const char *servicename)
        int max_user_shares = Globals.usershare_max_shares;
        int snum_template = -1;
 
+       if (servicename[0] == '\0') {
+               /* Invalid service name. */
+               return -1;
+       }
+
        if (*usersharepath == 0 ||  max_user_shares == 0) {
                return -1;
        }
@@ -4697,6 +4714,16 @@ int lp_client_ipc_signing(void)
        return client_ipc_signing;
 }
 
+enum credentials_use_kerberos lp_client_use_kerberos(void)
+{
+       if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+               return CRED_USE_KERBEROS_REQUIRED;
+       }
+
+       return lp__client_use_kerberos();
+}
+
+
 int lp_rpc_low_port(void)
 {
        return Globals.rpc_low_port;
@@ -4736,3 +4763,25 @@ unsigned int * get_flags(void)
 
        return flags_list;
 }
+
+enum samba_weak_crypto lp_weak_crypto()
+{
+       if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
+               Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
+
+               if (samba_gnutls_weak_crypto_allowed()) {
+                       Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
+               }
+       }
+
+       return Globals.weak_crypto;
+}
+
+uint32_t lp_get_async_dns_timeout(void)
+{
+       /*
+        * Clamp minimum async dns timeout to 1 second
+        * as per the man page.
+        */
+       return MAX(Globals.async_dns_timeout, 1);
+}