2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "system/filesys.h"
60 #include "lib/param/loadparm.h"
61 #include "lib/param/param.h"
63 #include "lib/smbconf/smbconf.h"
64 #include "lib/smbconf/smbconf_init.h"
66 #include "include/smb_ldap.h"
67 #include "../librpc/gen_ndr/svcctl.h"
69 #include "../libcli/smb/smb_signing.h"
70 #include "dbwrap/dbwrap.h"
71 #include "dbwrap/dbwrap_rbt.h"
72 #include "../lib/util/bitmap.h"
73 #include "librpc/gen_ndr/nbt.h"
74 #include "librpc/gen_ndr/dns.h"
75 #include "source4/lib/tls/tls.h"
76 #include "libcli/auth/ntlm_check.h"
77 #include "lib/crypto/gnutls_helpers.h"
78 #include "lib/util/string_wrappers.h"
79 #include "auth/credentials/credentials.h"
80 #include "source3/lib/substitute.h"
81 #include "source3/librpc/gen_ndr/ads.h"
82 #include "lib/util/time_basic.h"
83 #include "libds/common/flags.h"
85 #ifdef HAVE_SYS_SYSCTL_H
86 #include <sys/sysctl.h>
91 /* the special value for the include parameter
92 * to be interpreted not as a file name but to
93 * trigger loading of the global smb.conf options
95 #ifndef INCLUDE_REGISTRY_NAME
96 #define INCLUDE_REGISTRY_NAME "registry"
99 static bool in_client = false; /* Not in the client by default */
100 static struct smbconf_csn conf_last_csn;
102 static int config_backend = CONFIG_BACKEND_FILE;
104 /* some helpful bits */
105 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
106 (ServicePtrs != NULL) && \
107 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
108 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
109 ServicePtrs[i]->valid)
111 #define USERSHARE_VALID 1
112 #define USERSHARE_PENDING_DELETE 2
114 static bool defaults_saved = false;
116 #include "lib/param/param_global.h"
118 static struct loadparm_global Globals;
120 /* This is a default service used to prime a services structure */
121 static const struct loadparm_service _sDefault =
126 .usershare_last_mod = {0, 0},
129 .invalid_users = NULL,
136 .root_preexec = NULL,
137 .root_postexec = NULL,
138 .cups_options = NULL,
139 .print_command = NULL,
141 .lprm_command = NULL,
142 .lppause_command = NULL,
143 .lpresume_command = NULL,
144 .queuepause_command = NULL,
145 .queueresume_command = NULL,
146 ._printername = NULL,
147 .printjob_username = NULL,
148 .dont_descend = NULL,
151 .magic_script = NULL,
152 .magic_output = NULL,
155 .veto_oplock_files = NULL,
165 .aio_write_behind = NULL,
166 .dfree_command = NULL,
167 .min_print_space = 0,
168 .max_print_jobs = 1000,
169 .max_reported_print_jobs = 0,
171 .force_create_mode = 0,
172 .directory_mask = 0755,
173 .force_directory_mode = 0,
174 .max_connections = 0,
175 .default_case = CASE_LOWER,
176 .printing = DEFAULT_PRINTING,
179 .dfree_cache_time = 0,
180 .preexec_close = false,
181 .root_preexec_close = false,
182 .case_sensitive = Auto,
183 .preserve_case = true,
184 .short_preserve_case = true,
185 .hide_dot_files = true,
186 .hide_special_files = false,
187 .hide_unreadable = false,
188 .hide_unwriteable_files = false,
190 .access_based_share_enum = false,
195 .administrative_share = false,
198 .print_notify_backchannel = false,
202 .store_dos_attributes = true,
203 .smbd_max_xattr_size = 65536,
204 .dmapi_support = false,
206 .strict_locking = Auto,
207 .posix_locking = true,
209 .kernel_oplocks = false,
210 .level2_oplocks = true,
211 .mangled_names = MANGLED_NAMES_ILLEGAL,
213 .follow_symlinks = true,
214 .sync_always = false,
215 .strict_allocate = false,
216 .strict_rename = false,
218 .mangling_char = '~',
220 .delete_readonly = false,
221 .fake_oplocks = false,
222 .delete_veto_files = false,
223 .dos_filemode = false,
224 .dos_filetimes = true,
225 .dos_filetime_resolution = false,
226 .fake_directory_create_times = false,
227 .blocking_locks = true,
228 .inherit_permissions = false,
229 .inherit_acls = false,
230 .inherit_owner = false,
232 .msdfs_shuffle_referrals = false,
233 .use_client_driver = false,
234 .default_devmode = true,
235 .force_printername = false,
236 .nt_acl_support = true,
237 .force_unknown_acl_user = false,
238 ._use_sendfile = false,
239 .map_acl_inherit = false,
242 .acl_check_permissions = true,
243 .acl_map_full_control = true,
244 .acl_group_control = false,
245 .acl_allow_execute_always = false,
246 .acl_flag_inherited_canonicalization = true,
249 .map_readonly = MAP_READONLY_NO,
250 .server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
251 .kernel_share_modes = false,
252 .durable_handles = true,
253 .check_parent_directory_delete_on_close = false,
255 .smbd_search_ask_sharemode = true,
256 .smbd_getinfo_ask_sharemode = true,
257 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
258 .honor_change_notify_privilege = false,
259 .volume_serial_number = -1,
264 * This is a copy of the default service structure. Service options in the
265 * global section would otherwise overwrite the initial default values.
267 static struct loadparm_service sDefault;
269 /* local variables */
270 static struct loadparm_service **ServicePtrs = NULL;
271 static int iNumServices = 0;
272 static int iServiceIndex = 0;
273 static struct db_context *ServiceHash;
274 static bool bInGlobalSection = true;
275 static bool bGlobalOnly = false;
276 static struct file_lists *file_lists = NULL;
277 static unsigned int *flags_list = NULL;
279 static void set_allowed_client_auth(void);
281 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
282 static void free_param_opts(struct parmlist_entry **popts);
285 * Function to return the default value for the maximum number of open
286 * file descriptors permitted. This function tries to consult the
287 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
288 * the smaller of those.
290 static int max_open_files(void)
292 int sysctl_max = MAX_OPEN_FILES;
293 int rlimit_max = MAX_OPEN_FILES;
295 #ifdef HAVE_SYSCTLBYNAME
297 size_t size = sizeof(sysctl_max);
298 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
303 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
309 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
310 rlimit_max = rl.rlim_cur;
312 #if defined(RLIM_INFINITY)
313 if(rl.rlim_cur == RLIM_INFINITY)
314 rlimit_max = MAX_OPEN_FILES;
319 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
320 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
321 "minimum Windows limit (%d)\n",
323 MIN_OPEN_FILES_WINDOWS));
324 sysctl_max = MIN_OPEN_FILES_WINDOWS;
327 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
328 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
329 "minimum Windows limit (%d)\n",
331 MIN_OPEN_FILES_WINDOWS));
332 rlimit_max = MIN_OPEN_FILES_WINDOWS;
335 return MIN(sysctl_max, rlimit_max);
339 * Common part of freeing allocated data for one parameter.
341 static void free_one_parameter_common(void *parm_ptr,
342 struct parm_struct parm)
344 if ((parm.type == P_STRING) ||
345 (parm.type == P_USTRING))
347 lpcfg_string_free((char**)parm_ptr);
348 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
349 TALLOC_FREE(*((char***)parm_ptr));
354 * Free the allocated data for one parameter for a share
355 * given as a service struct.
357 static void free_one_parameter(struct loadparm_service *service,
358 struct parm_struct parm)
362 if (parm.p_class != P_LOCAL) {
366 parm_ptr = lp_parm_ptr(service, &parm);
368 free_one_parameter_common(parm_ptr, parm);
372 * Free the allocated parameter data of a share given
373 * as a service struct.
375 static void free_parameters(struct loadparm_service *service)
379 for (i=0; parm_table[i].label; i++) {
380 free_one_parameter(service, parm_table[i]);
385 * Free the allocated data for one parameter for a given share
386 * specified by an snum.
388 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
393 parm_ptr = lp_parm_ptr(NULL, &parm);
394 } else if (parm.p_class != P_LOCAL) {
397 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
400 free_one_parameter_common(parm_ptr, parm);
404 * Free the allocated parameter data for a share specified
407 static void free_parameters_by_snum(int snum)
411 for (i=0; parm_table[i].label; i++) {
412 free_one_parameter_by_snum(snum, parm_table[i]);
417 * Free the allocated global parameters.
419 static void free_global_parameters(void)
422 struct parm_struct *parm;
424 free_param_opts(&Globals.param_opt);
425 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
427 /* Reset references in the defaults because the context is going to be freed */
428 for (i=0; parm_table[i].label; i++) {
429 parm = &parm_table[i];
430 if ((parm->type == P_STRING) ||
431 (parm->type == P_USTRING)) {
432 if ((parm->def.svalue != NULL) &&
433 (*(parm->def.svalue) != '\0')) {
434 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
435 parm->def.svalue = NULL;
440 TALLOC_FREE(Globals.ctx);
443 struct lp_stored_option {
444 struct lp_stored_option *prev, *next;
449 static struct lp_stored_option *stored_options;
452 save options set by lp_set_cmdline() into a list. This list is
453 re-applied when we do a globals reset, so that cmdline set options
454 are sticky across reloads of smb.conf
456 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
458 struct lp_stored_option *entry, *entry_next;
459 for (entry = stored_options; entry != NULL; entry = entry_next) {
460 entry_next = entry->next;
461 if (strcmp(pszParmName, entry->label) == 0) {
462 DLIST_REMOVE(stored_options, entry);
468 entry = talloc(NULL, struct lp_stored_option);
473 entry->label = talloc_strdup(entry, pszParmName);
479 entry->value = talloc_strdup(entry, pszParmValue);
485 DLIST_ADD_END(stored_options, entry);
490 static bool apply_lp_set_cmdline(void)
492 struct lp_stored_option *entry = NULL;
493 for (entry = stored_options; entry != NULL; entry = entry->next) {
494 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
495 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
496 entry->label, entry->value));
503 /***************************************************************************
504 Initialise the global parameter structure.
505 ***************************************************************************/
507 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
509 static bool done_init = false;
513 /* If requested to initialize only once and we've already done it... */
514 if (!reinit_globals && done_init) {
515 /* ... then we have nothing more to do */
520 /* The logfile can be set before this is invoked. Free it if so. */
521 lpcfg_string_free(&Globals.logfile);
524 free_global_parameters();
527 /* This memset and the free_global_parameters() above will
528 * wipe out smb.conf options set with lp_set_cmdline(). The
529 * apply_lp_set_cmdline() call puts these values back in the
530 * table once the defaults are set */
531 ZERO_STRUCT(Globals);
533 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
535 /* Initialize the flags list if necessary */
536 if (flags_list == NULL) {
540 for (i = 0; parm_table[i].label; i++) {
541 if ((parm_table[i].type == P_STRING ||
542 parm_table[i].type == P_USTRING))
546 (char **)lp_parm_ptr(NULL, &parm_table[i]),
552 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
553 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
555 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
557 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
559 DEBUG(3, ("Initialising global parameters\n"));
561 /* Must manually force to upper case here, as this does not go via the handler */
562 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
565 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
566 get_dyn_SMB_PASSWD_FILE());
567 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
568 get_dyn_PRIVATE_DIR());
569 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
570 get_dyn_BINDDNS_DIR());
572 /* use the new 'hash2' method by default, with a prefix of 1 */
573 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
574 Globals.mangle_prefix = 1;
576 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
578 /* using UTF8 by default allows us to support all chars */
579 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
580 DEFAULT_UNIX_CHARSET);
582 /* Use codepage 850 as a default for the dos character set */
583 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
584 DEFAULT_DOS_CHARSET);
587 * Allow the default PASSWD_CHAT to be overridden in local.h.
589 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
590 DEFAULT_PASSWD_CHAT);
592 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
594 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
595 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
597 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
599 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
601 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
603 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
606 * By default support explicit binding to broadcast
609 Globals.nmbd_bind_explicit_broadcast = true;
611 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
613 smb_panic("init_globals: ENOMEM");
615 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
618 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
619 "/bin/sleep 999999999");
622 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
623 DEFAULT_SOCKET_OPTIONS);
625 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
626 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
627 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
628 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
629 "\\\\%N\\%U\\profile");
631 Globals.name_resolve_order =
632 str_list_make_v3_const(Globals.ctx,
633 DEFAULT_NAME_RESOLVE_ORDER,
635 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
637 Globals.algorithmic_rid_base = BASE_RID;
639 Globals.load_printers = true;
640 Globals.printcap_cache_time = 750; /* 12.5 minutes */
642 Globals.config_backend = config_backend;
643 Globals._server_role = ROLE_AUTO;
645 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
646 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
647 Globals.max_xmit = 0x4104;
648 Globals.max_mux = 50; /* This is *needed* for profile support. */
649 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
650 Globals._disable_spoolss = false;
651 Globals.max_smbd_processes = 0;/* no limit specified */
652 Globals.username_level = 0;
653 Globals.deadtime = 10080;
654 Globals.getwd_cache = true;
655 Globals.large_readwrite = true;
656 Globals.max_log_size = 5000;
657 Globals.max_open_files = max_open_files();
658 Globals.server_max_protocol = PROTOCOL_SMB3_11;
659 Globals.server_min_protocol = PROTOCOL_SMB2_02;
660 Globals._client_max_protocol = PROTOCOL_DEFAULT;
661 Globals.client_min_protocol = PROTOCOL_SMB2_02;
662 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
663 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
664 Globals._security = SEC_AUTO;
665 Globals.encrypt_passwords = true;
666 Globals.client_schannel = true;
667 Globals.winbind_sealed_pipes = true;
668 Globals.require_strong_key = true;
669 Globals.reject_md5_servers = true;
670 Globals.server_schannel = true;
671 Globals.server_schannel_require_seal = true;
672 Globals.reject_md5_clients = true;
673 Globals.read_raw = true;
674 Globals.write_raw = true;
675 Globals.null_passwords = false;
676 Globals.old_password_allowed_period = 60;
677 Globals.obey_pam_restrictions = false;
679 Globals.syslog_only = false;
680 Globals.timestamp_logs = true;
681 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
682 Globals.debug_prefix_timestamp = false;
683 Globals.debug_hires_timestamp = true;
684 Globals.debug_syslog_format = false;
685 Globals.debug_pid = false;
686 Globals.debug_uid = false;
687 Globals.debug_class = false;
688 Globals.enable_core_files = true;
689 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
690 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
691 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
692 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
693 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
694 Globals.lm_interval = 60;
695 Globals.time_server = false;
696 Globals.bind_interfaces_only = false;
697 Globals.unix_password_sync = false;
698 Globals.pam_password_change = false;
699 Globals.passwd_chat_debug = false;
700 Globals.passwd_chat_timeout = 2; /* 2 second default. */
701 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
702 Globals.nt_status_support = true; /* Use NT status by default. */
703 Globals.smbd_profiling_level = 0;
704 Globals.stat_cache = true; /* use stat cache by default */
705 Globals.max_stat_cache_size = 512; /* 512k by default */
706 Globals.restrict_anonymous = 0;
707 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
708 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
709 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
710 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
711 Globals.nt_hash_store = NT_HASH_STORE_ALWAYS; /* Fill in NT hash when setting password */
712 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
713 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
714 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
716 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
718 Globals.map_to_guest = 0; /* By Default, "Never" */
719 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
720 Globals.enhanced_browsing = true;
721 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
722 Globals.use_mmap = true;
723 Globals.unicode = true;
724 Globals.smb1_unix_extensions = true;
725 Globals.reset_on_zero_vc = false;
726 Globals.log_writeable_files_on_exit = false;
727 Globals.create_krb5_conf = true;
728 Globals.include_system_krb5_conf = true;
729 Globals._winbind_max_domain_connections = 1;
731 /* hostname lookups can be very expensive and are broken on
732 a large number of sites (tridge) */
733 Globals.hostname_lookups = false;
735 Globals.change_notify = true,
736 Globals.kernel_change_notify = true,
738 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
739 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
740 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
741 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
742 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
743 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
745 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
746 Globals.ldap_ssl = LDAP_SSL_START_TLS;
747 Globals.ldap_deref = -1;
748 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
749 Globals.ldap_delete_dn = false;
750 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
751 Globals.ldap_follow_referral = Auto;
752 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
753 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
754 Globals.ldap_page_size = LDAP_PAGE_SIZE;
756 Globals.ldap_debug_level = 0;
757 Globals.ldap_debug_threshold = 10;
759 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SEAL;
761 Globals.ldap_server_require_strong_auth =
762 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
764 /* This is what we tell the afs client. in reality we set the token
765 * to never expire, though, when this runs out the afs client will
766 * forget the token. Set to 0 to get NEVERDATE.*/
767 Globals.afs_token_lifetime = 604800;
768 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
770 /* these parameters are set to defaults that are more appropriate
771 for the increasing samba install base:
773 as a member of the workgroup, that will possibly become a
774 _local_ master browser (lm = true). this is opposed to a forced
775 local master browser startup (pm = true).
777 doesn't provide WINS server service by default (wsupp = false),
778 and doesn't provide domain master browser services by default, either.
782 Globals.show_add_printer_wizard = true;
783 Globals.os_level = 20;
784 Globals.local_master = true;
785 Globals._domain_master = Auto; /* depending on _domain_logons */
786 Globals._domain_logons = false;
787 Globals.browse_list = true;
788 Globals.we_are_a_wins_server = false;
789 Globals.wins_proxy = false;
791 TALLOC_FREE(Globals.init_logon_delayed_hosts);
792 Globals.init_logon_delay = 100; /* 100 ms default delay */
794 Globals.wins_dns_proxy = true;
795 Globals.dns_port = DNS_SERVICE_PORT;
797 Globals.allow_trusted_domains = true;
798 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
800 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
801 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
803 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
804 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
805 dyn_WINBINDD_SOCKET_DIR);
807 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
808 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
810 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
812 Globals.cluster_addresses = NULL;
813 Globals.clustering = false;
814 Globals.ctdb_timeout = 0;
815 Globals.ctdb_locktime_warn_threshold = 0;
817 Globals.winbind_cache_time = 300; /* 5 minutes */
818 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
819 Globals.winbind_request_timeout = 60; /* 60 seconds */
820 Globals.winbind_max_clients = 200;
821 Globals.winbind_enum_users = false;
822 Globals.winbind_enum_groups = false;
823 Globals.winbind_use_default_domain = false;
824 Globals.winbind_nested_groups = true;
825 Globals.winbind_expand_groups = 0;
826 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
827 Globals.winbind_refresh_tickets = false;
828 Globals.winbind_offline_logon = false;
829 Globals.winbind_scan_trusted_domains = false;
831 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
832 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
834 Globals.passdb_expand_explicit = false;
836 Globals.name_cache_timeout = 660; /* In seconds */
838 Globals.client_use_spnego = true;
840 Globals.client_signing = SMB_SIGNING_DEFAULT;
841 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
842 Globals.server_signing = SMB_SIGNING_DEFAULT;
844 Globals.defer_sharing_violations = true;
845 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
847 Globals.enable_privileges = true;
848 Globals.host_msdfs = true;
849 Globals.enable_asu_support = false;
851 /* User defined shares. */
852 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
854 smb_panic("init_globals: ENOMEM");
856 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
858 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
859 Globals.usershare_max_shares = 0;
860 /* By default disallow sharing of directories not owned by the sharer. */
861 Globals.usershare_owner_only = true;
862 /* By default disallow guest access to usershares. */
863 Globals.usershare_allow_guests = false;
865 Globals.keepalive = DEFAULT_KEEPALIVE;
867 /* By default no shares out of the registry */
868 Globals.registry_shares = false;
870 Globals.min_receivefile_size = 0;
872 Globals.multicast_dns_register = true;
874 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
875 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
876 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
877 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
878 Globals.smb2_leases = true;
879 Globals.server_multi_channel_support = true;
881 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
882 get_dyn_NCALRPCDIR());
884 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
886 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
888 Globals.tls_enabled = true;
889 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
891 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
892 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
893 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
894 lpcfg_string_set(Globals.ctx,
895 &Globals.tls_priority,
896 "NORMAL:-VERS-SSL3.0");
898 Globals._preferred_master = Auto;
900 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
901 Globals.dns_zone_scavenging = false;
903 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
904 get_dyn_NTP_SIGND_SOCKET_DIR());
906 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
908 smb_panic("init_globals: ENOMEM");
910 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
914 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
917 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
919 smb_panic("init_globals: ENOMEM");
921 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
924 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
926 smb_panic("init_globals: ENOMEM");
928 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
931 Globals.apply_group_policies = false;
933 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
935 smb_panic("init_globals: ENOMEM");
937 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
940 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
942 Globals.cldap_port = 389;
944 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
946 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
948 Globals.krb5_port = 88;
950 Globals.kpasswd_port = 464;
952 Globals.kdc_enable_fast = true;
954 Globals.aio_max_threads = 100;
956 lpcfg_string_set(Globals.ctx,
957 &Globals.rpc_server_dynamic_port_range,
959 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
960 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
961 Globals.prefork_children = 4;
962 Globals.prefork_backoff_increment = 10;
963 Globals.prefork_maximum_backoff = 120;
965 Globals.ldap_max_anonymous_request_size = 256000;
966 Globals.ldap_max_authenticated_request_size = 16777216;
967 Globals.ldap_max_search_request_size = 256000;
969 /* Async DNS query timeout (in seconds). */
970 Globals.async_dns_timeout = 10;
972 Globals.client_smb_encrypt = SMB_ENCRYPTION_DEFAULT;
974 Globals._client_use_kerberos = CRED_USE_KERBEROS_DESIRED;
976 Globals.client_protection = CRED_CLIENT_PROTECTION_DEFAULT;
978 Globals.winbind_use_krb5_enterprise_principals = true;
980 Globals.client_smb3_signing_algorithms =
981 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
982 Globals.server_smb3_signing_algorithms =
983 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
985 Globals.client_smb3_encryption_algorithms =
986 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
987 Globals.server_smb3_encryption_algorithms =
988 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
990 Globals.min_domain_uid = 1000;
993 * By default allow smbd and winbindd to start samba-dcerpcd as
994 * a named-pipe helper.
996 Globals.rpc_start_on_demand_helpers = true;
998 Globals.ad_dc_functional_level = DS_DOMAIN_FUNCTION_2008_R2,
1000 /* Now put back the settings that were set with lp_set_cmdline() */
1001 apply_lp_set_cmdline();
1004 /* Convenience routine to setup an lp_context with additional s3 variables */
1005 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
1007 struct loadparm_context *lp_ctx;
1009 lp_ctx = loadparm_init_s3(mem_ctx,
1010 loadparm_s3_helpers());
1011 if (lp_ctx == NULL) {
1012 DEBUG(0, ("loadparm_init_s3 failed\n"));
1016 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
1017 if (lp_ctx->sDefault == NULL) {
1018 DBG_ERR("talloc_zero failed\n");
1019 TALLOC_FREE(lp_ctx);
1023 *lp_ctx->sDefault = _sDefault;
1024 lp_ctx->services = NULL; /* We do not want to access this directly */
1025 lp_ctx->bInGlobalSection = bInGlobalSection;
1026 lp_ctx->flags = flags_list;
1031 /*******************************************************************
1032 Convenience routine to grab string parameters into talloced memory
1033 and run standard_sub_basic on them. The buffers can be written to by
1034 callers without affecting the source string.
1035 ********************************************************************/
1037 static char *loadparm_s3_global_substitution_fn(
1038 TALLOC_CTX *mem_ctx,
1039 const struct loadparm_substitution *lp_sub,
1045 /* The follow debug is useful for tracking down memory problems
1046 especially if you have an inner loop that is calling a lp_*()
1047 function that returns a string. Perhaps this debug should be
1048 present all the time? */
1051 DEBUG(10, ("lp_string(%s)\n", s));
1057 ret = talloc_sub_basic(mem_ctx,
1058 get_current_username(),
1059 get_current_user_info_domain(),
1061 if (trim_char(ret, '\"', '\"')) {
1062 if (strchr(ret,'\"') != NULL) {
1064 ret = talloc_sub_basic(mem_ctx,
1065 get_current_username(),
1066 get_current_user_info_domain(),
1073 static const struct loadparm_substitution s3_global_substitution = {
1074 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1077 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1079 return &s3_global_substitution;
1083 In this section all the functions that are used to access the
1084 parameters from the rest of the program are defined
1087 #define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
1088 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
1089 {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
1090 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1091 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1092 #define FN_GLOBAL_LIST(fn_name,ptr) \
1093 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1094 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1095 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1096 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1097 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1098 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1099 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1101 #define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
1102 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
1103 {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1104 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1105 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1106 #define FN_LOCAL_LIST(fn_name,val) \
1107 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1108 #define FN_LOCAL_BOOL(fn_name,val) \
1109 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1110 #define FN_LOCAL_INTEGER(fn_name,val) \
1111 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1113 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1114 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1115 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1116 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1117 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1118 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1120 int lp_winbind_max_domain_connections(void)
1122 if (lp_winbind_offline_logon() &&
1123 lp__winbind_max_domain_connections() > 1) {
1124 DEBUG(1, ("offline logons active, restricting max domain "
1125 "connections to 1\n"));
1128 return MAX(1, lp__winbind_max_domain_connections());
1131 /* These functions remain in source3/param for now */
1133 #include "lib/param/param_functions.c"
1135 FN_LOCAL_SUBSTITUTED_STRING(servicename, szService)
1136 FN_LOCAL_CONST_STRING(const_servicename, szService)
1138 /* These functions cannot be auto-generated */
1139 FN_LOCAL_BOOL(autoloaded, autoloaded)
1140 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1142 /* local prototypes */
1144 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1145 static const char *get_boolean(bool bool_value);
1146 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1148 static bool hash_a_service(const char *name, int number);
1149 static void free_service_byindex(int iService);
1150 static void show_parameter(int parmIndex);
1151 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1152 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1155 * This is a helper function for parametrical options support. It returns a
1156 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1157 * parametrical functions are quite simple
1159 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1162 if (snum >= iNumServices) return NULL;
1165 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1167 return get_parametric_helper(ServicePtrs[snum],
1168 type, option, Globals.param_opt);
1172 static void discard_whitespace(char *str)
1174 size_t len = strlen(str);
1178 if (isspace(str[i])) {
1179 memmove(&str[i], &str[i+1], len-i);
1188 * @brief Go through all global parametric parameters
1190 * @param regex_str A regular expression to scan param for
1191 * @param max_matches Max number of submatches the regexp expects
1192 * @param cb Function to call on match. Should return true
1193 * when it wants wi_scan_global_parametrics to stop
1195 * @param private_data Anonymous pointer passed to cb
1197 * @return 0: success, regcomp/regexec return value on error.
1198 * See "man regexec" for possible errors
1201 int lp_wi_scan_global_parametrics(
1202 const char *regex_str, size_t max_matches,
1203 bool (*cb)(const char *string, regmatch_t matches[],
1204 void *private_data),
1207 struct parmlist_entry *data;
1211 ret = regcomp(®ex, regex_str, REG_ICASE);
1216 for (data = Globals.param_opt; data != NULL; data = data->next) {
1217 size_t keylen = strlen(data->key);
1219 regmatch_t matches[max_matches];
1222 memcpy(key, data->key, sizeof(key));
1223 discard_whitespace(key);
1225 ret = regexec(®ex, key, max_matches, matches, 0);
1226 if (ret == REG_NOMATCH) {
1233 stop = cb(key, matches, private_data);
1246 #define MISSING_PARAMETER(name) \
1247 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1249 /*******************************************************************
1250 convenience routine to return enum parameters.
1251 ********************************************************************/
1252 static int lp_enum(const char *s,const struct enum_list *_enum)
1256 if (!s || !*s || !_enum) {
1257 MISSING_PARAMETER(lp_enum);
1261 for (i=0; _enum[i].name; i++) {
1262 if (strequal(_enum[i].name,s))
1263 return _enum[i].value;
1266 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1270 #undef MISSING_PARAMETER
1272 /* Return parametric option from a given service. Type is a part of option before ':' */
1273 /* Parametric option has following syntax: 'Type: option = value' */
1274 char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
1275 const struct loadparm_substitution *lp_sub,
1281 struct parmlist_entry *data = get_parametrics(snum, type, option);
1283 SMB_ASSERT(lp_sub != NULL);
1285 if (data == NULL||data->value==NULL) {
1287 return lpcfg_substituted_string(mem_ctx, lp_sub, def);
1293 return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
1296 /* Return parametric option from a given service. Type is a part of option before ':' */
1297 /* Parametric option has following syntax: 'Type: option = value' */
1298 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1300 struct parmlist_entry *data = get_parametrics(snum, type, option);
1302 if (data == NULL||data->value==NULL)
1309 /* Return parametric option from a given service. Type is a part of option before ':' */
1310 /* Parametric option has following syntax: 'Type: option = value' */
1312 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1314 struct parmlist_entry *data = get_parametrics(snum, type, option);
1316 if (data == NULL||data->value==NULL)
1317 return (const char **)def;
1319 if (data->list==NULL) {
1320 data->list = str_list_make_v3(NULL, data->value, NULL);
1323 return discard_const_p(const char *, data->list);
1326 /* Return parametric option from a given service. Type is a part of option before ':' */
1327 /* Parametric option has following syntax: 'Type: option = value' */
1329 int lp_parm_int(int snum, const char *type, const char *option, int def)
1331 struct parmlist_entry *data = get_parametrics(snum, type, option);
1333 if (data && data->value && *data->value)
1334 return lp_int(data->value);
1339 /* Return parametric option from a given service. Type is a part of option before ':' */
1340 /* Parametric option has following syntax: 'Type: option = value' */
1342 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1344 struct parmlist_entry *data = get_parametrics(snum, type, option);
1346 if (data && data->value && *data->value)
1347 return lp_ulong(data->value);
1352 /* Return parametric option from a given service. Type is a part of option before ':' */
1353 /* Parametric option has following syntax: 'Type: option = value' */
1355 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1356 const char *option, unsigned long long def)
1358 struct parmlist_entry *data = get_parametrics(snum, type, option);
1360 if (data && data->value && *data->value) {
1361 return lp_ulonglong(data->value);
1367 /* Return parametric option from a given service. Type is a part of option
1369 /* Parametric option has following syntax: 'Type: option = value' */
1371 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1373 struct parmlist_entry *data = get_parametrics(snum, type, option);
1375 if (data && data->value && *data->value)
1376 return lp_bool(data->value);
1381 /* Return parametric option from a given service. Type is a part of option before ':' */
1382 /* Parametric option has following syntax: 'Type: option = value' */
1384 int lp_parm_enum(int snum, const char *type, const char *option,
1385 const struct enum_list *_enum, int def)
1387 struct parmlist_entry *data = get_parametrics(snum, type, option);
1389 if (data && data->value && *data->value && _enum)
1390 return lp_enum(data->value, _enum);
1396 * free a param_opts structure.
1397 * param_opts handling should be moved to talloc;
1398 * then this whole functions reduces to a TALLOC_FREE().
1401 static void free_param_opts(struct parmlist_entry **popts)
1403 struct parmlist_entry *opt, *next_opt;
1405 if (*popts != NULL) {
1406 DEBUG(5, ("Freeing parametrics:\n"));
1409 while (opt != NULL) {
1410 lpcfg_string_free(&opt->key);
1411 lpcfg_string_free(&opt->value);
1412 TALLOC_FREE(opt->list);
1413 next_opt = opt->next;
1420 /***************************************************************************
1421 Free the dynamically allocated parts of a service struct.
1422 ***************************************************************************/
1424 static void free_service(struct loadparm_service *pservice)
1429 if (pservice->szService)
1430 DEBUG(5, ("free_service: Freeing service %s\n",
1431 pservice->szService));
1433 free_parameters(pservice);
1435 lpcfg_string_free(&pservice->szService);
1436 TALLOC_FREE(pservice->copymap);
1438 free_param_opts(&pservice->param_opt);
1440 ZERO_STRUCTP(pservice);
1444 /***************************************************************************
1445 remove a service indexed in the ServicePtrs array from the ServiceHash
1446 and free the dynamically allocated parts
1447 ***************************************************************************/
1449 static void free_service_byindex(int idx)
1451 if ( !LP_SNUM_OK(idx) )
1454 ServicePtrs[idx]->valid = false;
1456 /* we have to cleanup the hash record */
1458 if (ServicePtrs[idx]->szService) {
1459 char *canon_name = canonicalize_servicename(
1461 ServicePtrs[idx]->szService );
1463 dbwrap_delete_bystring(ServiceHash, canon_name );
1464 TALLOC_FREE(canon_name);
1467 free_service(ServicePtrs[idx]);
1468 TALLOC_FREE(ServicePtrs[idx]);
1471 /***************************************************************************
1472 Add a new service to the services array initialising it with the given
1474 ***************************************************************************/
1476 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1479 struct loadparm_service **tsp = NULL;
1481 /* it might already exist */
1483 i = getservicebyname(name, NULL);
1489 /* Re use empty slots if any before allocating new one.*/
1490 for (i=0; i < iNumServices; i++) {
1491 if (ServicePtrs[i] == NULL) {
1495 if (i == iNumServices) {
1496 /* if not, then create one */
1497 tsp = talloc_realloc(NULL, ServicePtrs,
1498 struct loadparm_service *,
1501 DEBUG(0, ("add_a_service: failed to enlarge "
1508 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1509 if (!ServicePtrs[i]) {
1510 DEBUG(0,("add_a_service: out of memory!\n"));
1514 ServicePtrs[i]->valid = true;
1516 copy_service(ServicePtrs[i], pservice, NULL);
1518 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1521 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1522 i, ServicePtrs[i]->szService));
1524 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1531 /***************************************************************************
1532 Convert a string to uppercase and remove whitespaces.
1533 ***************************************************************************/
1535 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1540 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1544 result = talloc_strdup(ctx, src);
1545 SMB_ASSERT(result != NULL);
1547 if (!strlower_m(result)) {
1548 TALLOC_FREE(result);
1554 /***************************************************************************
1555 Add a name/index pair for the services array to the hash table.
1556 ***************************************************************************/
1558 static bool hash_a_service(const char *name, int idx)
1562 if ( !ServiceHash ) {
1563 DEBUG(10,("hash_a_service: creating servicehash\n"));
1564 ServiceHash = db_open_rbt(NULL);
1565 if ( !ServiceHash ) {
1566 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1571 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1574 canon_name = canonicalize_servicename(talloc_tos(), name );
1576 dbwrap_store_bystring(ServiceHash, canon_name,
1577 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1580 TALLOC_FREE(canon_name);
1585 /***************************************************************************
1586 Add a new home service, with the specified home directory, defaults coming
1588 ***************************************************************************/
1590 bool lp_add_home(const char *pszHomename, int iDefaultService,
1591 const char *user, const char *pszHomedir)
1593 const struct loadparm_substitution *lp_sub =
1594 loadparm_s3_global_substitution();
1598 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1599 pszHomedir[0] == '\0') {
1603 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1608 global_path = lp_path(talloc_tos(), lp_sub, GLOBAL_SECTION_SNUM);
1609 if (!(*(ServicePtrs[iDefaultService]->path))
1610 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1611 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1614 TALLOC_FREE(global_path);
1616 if (!(*(ServicePtrs[i]->comment))) {
1617 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1618 if (comment == NULL) {
1621 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1623 TALLOC_FREE(comment);
1626 /* set the browseable flag from the global default */
1628 ServicePtrs[i]->browseable = sDefault.browseable;
1629 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1631 ServicePtrs[i]->autoloaded = true;
1633 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1634 user, ServicePtrs[i]->path ));
1639 /***************************************************************************
1640 Add a new service, based on an old one.
1641 ***************************************************************************/
1643 int lp_add_service(const char *pszService, int iDefaultService)
1645 if (iDefaultService < 0) {
1646 return add_a_service(&sDefault, pszService);
1649 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1652 /***************************************************************************
1653 Add the IPC service.
1654 ***************************************************************************/
1656 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1658 char *comment = NULL;
1659 int i = add_a_service(&sDefault, ipc_name);
1664 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1665 Globals.server_string);
1666 if (comment == NULL) {
1670 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1671 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1672 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1673 ServicePtrs[i]->max_connections = 0;
1674 ServicePtrs[i]->available = true;
1675 ServicePtrs[i]->read_only = true;
1676 ServicePtrs[i]->guest_only = false;
1677 ServicePtrs[i]->administrative_share = true;
1678 ServicePtrs[i]->guest_ok = guest_ok;
1679 ServicePtrs[i]->printable = false;
1680 ServicePtrs[i]->browseable = sDefault.browseable;
1681 ServicePtrs[i]->autoloaded = false;
1683 DEBUG(3, ("adding IPC service\n"));
1685 TALLOC_FREE(comment);
1689 /***************************************************************************
1690 Add a new printer service, with defaults coming from service iFrom.
1691 ***************************************************************************/
1693 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1695 const char *comment = "From Printcap";
1696 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1701 /* note that we do NOT default the availability flag to true - */
1702 /* we take it from the default service passed. This allows all */
1703 /* dynamic printers to be disabled by disabling the [printers] */
1704 /* entry (if/when the 'available' keyword is implemented!). */
1706 /* the printer name is set to the service name. */
1707 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1709 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1711 /* set the browseable flag from the gloabl default */
1712 ServicePtrs[i]->browseable = sDefault.browseable;
1714 /* Printers cannot be read_only. */
1715 ServicePtrs[i]->read_only = false;
1716 /* No oplocks on printer services. */
1717 ServicePtrs[i]->oplocks = false;
1718 /* Printer services must be printable. */
1719 ServicePtrs[i]->printable = true;
1721 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1727 /***************************************************************************
1728 Check whether the given parameter name is valid.
1729 Parametric options (names containing a colon) are considered valid.
1730 ***************************************************************************/
1732 bool lp_parameter_is_valid(const char *pszParmName)
1734 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1735 (strchr(pszParmName, ':') != NULL));
1738 /***************************************************************************
1739 Check whether the given name is the name of a global parameter.
1740 Returns true for strings belonging to parameters of class
1741 P_GLOBAL, false for all other strings, also for parametric options
1742 and strings not belonging to any option.
1743 ***************************************************************************/
1745 bool lp_parameter_is_global(const char *pszParmName)
1747 int num = lpcfg_map_parameter(pszParmName);
1750 return (parm_table[num].p_class == P_GLOBAL);
1756 /**************************************************************************
1757 Determine the canonical name for a parameter.
1758 Indicate when it is an inverse (boolean) synonym instead of a
1760 **************************************************************************/
1762 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1767 if (!lp_parameter_is_valid(parm_name)) {
1772 num = map_parameter_canonical(parm_name, inverse);
1774 /* parametric option */
1775 *canon_parm = parm_name;
1777 *canon_parm = parm_table[num].label;
1784 /**************************************************************************
1785 Determine the canonical name for a parameter.
1786 Turn the value given into the inverse boolean expression when
1787 the synonym is an invers boolean synonym.
1790 - parm_name is a valid parameter name and
1791 - val is a valid value for this parameter and
1792 - in case the parameter is an inverse boolean synonym, if the val
1793 string could successfully be converted to the reverse bool.
1794 Return false in all other cases.
1795 **************************************************************************/
1797 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1799 const char **canon_parm,
1800 const char **canon_val)
1806 if (!lp_parameter_is_valid(parm_name)) {
1812 num = map_parameter_canonical(parm_name, &inverse);
1814 /* parametric option */
1815 *canon_parm = parm_name;
1820 *canon_parm = parm_table[num].label;
1822 if (!lp_invert_boolean(val, canon_val)) {
1830 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1835 /***************************************************************************
1836 Map a parameter's string representation to the index of the canonical
1837 form of the parameter (it might be a synonym).
1838 Returns -1 if the parameter string is not recognised.
1839 ***************************************************************************/
1841 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1843 int parm_num, canon_num;
1844 bool loc_inverse = false;
1846 parm_num = lpcfg_map_parameter(pszParmName);
1847 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1848 /* invalid, parametric or no canidate for synonyms ... */
1852 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1853 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1854 parm_num = canon_num;
1860 if (inverse != NULL) {
1861 *inverse = loc_inverse;
1866 /***************************************************************************
1867 return true if parameter number parm1 is a synonym of parameter
1868 number parm2 (parm2 being the principal name).
1869 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1871 ***************************************************************************/
1873 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1875 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1876 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1877 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1878 !(parm_table[parm2].flags & FLAG_SYNONYM))
1880 if (inverse != NULL) {
1881 if ((parm_table[parm1].type == P_BOOLREV) &&
1882 (parm_table[parm2].type == P_BOOL))
1894 /***************************************************************************
1895 Show one parameter's name, type, [values,] and flags.
1896 (helper functions for show_parameter_list)
1897 ***************************************************************************/
1899 static void show_parameter(int parmIndex)
1901 size_t enumIndex, flagIndex;
1906 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1907 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1908 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1909 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1910 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1912 printf("%s=%s", parm_table[parmIndex].label,
1913 type[parm_table[parmIndex].type]);
1914 if (parm_table[parmIndex].type == P_ENUM) {
1917 parm_table[parmIndex].enum_list[enumIndex].name;
1921 enumIndex ? "|" : "",
1922 parm_table[parmIndex].enum_list[enumIndex].name);
1927 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1928 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1931 flag_names[flagIndex]);
1936 /* output synonyms */
1938 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1939 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1940 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1941 parm_table[parmIndex2].label);
1942 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1944 printf(" (synonyms: ");
1949 printf("%s%s", parm_table[parmIndex2].label,
1950 inverse ? "[i]" : "");
1961 * Check the value for a P_ENUM
1963 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1967 for (i = 0; parm->enum_list[i].name; i++) {
1968 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1975 /**************************************************************************
1976 Check whether the given value is valid for the given parameter name.
1977 **************************************************************************/
1979 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1981 bool ret = false, tmp_bool;
1982 int num = lpcfg_map_parameter(parm_name), tmp_int;
1983 uint64_t tmp_int64 = 0;
1984 struct parm_struct *parm;
1986 /* parametric options (parameter names containing a colon) cannot
1987 be checked and are therefore considered valid. */
1988 if (strchr(parm_name, ':') != NULL) {
1993 parm = &parm_table[num];
1994 switch (parm->type) {
1997 ret = set_boolean(val, &tmp_bool);
2001 ret = (sscanf(val, "%d", &tmp_int) == 1);
2005 ret = (sscanf(val, "%o", &tmp_int) == 1);
2009 ret = check_enum_parameter(parm, val);
2013 if (conv_str_size_error(val, &tmp_int64) &&
2014 tmp_int64 <= INT_MAX) {
2031 /***************************************************************************
2032 Show all parameter's name, type, [values,] and flags.
2033 ***************************************************************************/
2035 void show_parameter_list(void)
2037 int classIndex, parmIndex;
2038 const char *section_names[] = { "local", "global", NULL};
2040 for (classIndex=0; section_names[classIndex]; classIndex++) {
2041 printf("[%s]\n", section_names[classIndex]);
2042 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
2043 if (parm_table[parmIndex].p_class == classIndex) {
2044 show_parameter(parmIndex);
2050 /***************************************************************************
2051 Get the standard string representation of a boolean value ("yes" or "no")
2052 ***************************************************************************/
2054 static const char *get_boolean(bool bool_value)
2056 static const char *yes_str = "yes";
2057 static const char *no_str = "no";
2059 return (bool_value ? yes_str : no_str);
2062 /***************************************************************************
2063 Provide the string of the negated boolean value associated to the boolean
2064 given as a string. Returns false if the passed string does not correctly
2065 represent a boolean.
2066 ***************************************************************************/
2068 bool lp_invert_boolean(const char *str, const char **inverse_str)
2072 if (!set_boolean(str, &val)) {
2076 *inverse_str = get_boolean(!val);
2080 /***************************************************************************
2081 Provide the canonical string representation of a boolean value given
2082 as a string. Return true on success, false if the string given does
2083 not correctly represent a boolean.
2084 ***************************************************************************/
2086 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2090 if (!set_boolean(str, &val)) {
2094 *canon_str = get_boolean(val);
2098 /***************************************************************************
2099 Find a service by name. Otherwise works like get_service.
2100 ***************************************************************************/
2102 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2109 if (ServiceHash == NULL) {
2113 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2115 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2118 if (NT_STATUS_IS_OK(status) &&
2119 (data.dptr != NULL) &&
2120 (data.dsize == sizeof(iService)))
2122 memcpy(&iService, data.dptr, sizeof(iService));
2125 TALLOC_FREE(canon_name);
2127 if ((iService != -1) && (LP_SNUM_OK(iService))
2128 && (pserviceDest != NULL)) {
2129 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2135 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2136 struct loadparm_service *lp_service(const char *pszServiceName)
2138 int iService = getservicebyname(pszServiceName, NULL);
2139 if (iService == -1 || !LP_SNUM_OK(iService)) {
2142 return ServicePtrs[iService];
2145 struct loadparm_service *lp_servicebynum(int snum)
2147 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2150 return ServicePtrs[snum];
2153 struct loadparm_service *lp_default_loadparm_service(void)
2158 static struct smbconf_ctx *lp_smbconf_ctx(void)
2161 static struct smbconf_ctx *conf_ctx = NULL;
2163 if (conf_ctx == NULL) {
2164 err = smbconf_init(NULL, &conf_ctx, "registry:");
2165 if (!SBC_ERROR_IS_OK(err)) {
2166 DEBUG(1, ("error initializing registry configuration: "
2167 "%s\n", sbcErrorString(err)));
2175 static bool process_smbconf_service(struct smbconf_service *service)
2180 if (service == NULL) {
2184 ret = lp_do_section(service->name, NULL);
2188 for (count = 0; count < service->num_params; count++) {
2190 if (!bInGlobalSection && bGlobalOnly) {
2193 const char *pszParmName = service->param_names[count];
2194 const char *pszParmValue = service->param_values[count];
2196 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2198 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2199 pszParmName, pszParmValue);
2206 if (iServiceIndex >= 0) {
2207 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2213 * load a service from registry and activate it
2215 bool process_registry_service(const char *service_name)
2218 struct smbconf_service *service = NULL;
2219 TALLOC_CTX *mem_ctx = talloc_stackframe();
2220 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2223 if (conf_ctx == NULL) {
2227 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2229 if (!smbconf_share_exists(conf_ctx, service_name)) {
2231 * Registry does not contain data for this service (yet),
2232 * but make sure lp_load doesn't return false.
2238 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2239 if (!SBC_ERROR_IS_OK(err)) {
2243 ret = process_smbconf_service(service);
2249 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2252 TALLOC_FREE(mem_ctx);
2257 * process_registry_globals
2259 static bool process_registry_globals(void)
2263 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2265 if (!bInGlobalSection && bGlobalOnly) {
2268 const char *pszParmName = "registry shares";
2269 const char *pszParmValue = "yes";
2271 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2273 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2274 pszParmName, pszParmValue);
2281 return process_registry_service(GLOBAL_NAME);
2284 bool process_registry_shares(void)
2288 struct smbconf_service **service = NULL;
2289 uint32_t num_shares = 0;
2290 TALLOC_CTX *mem_ctx = talloc_stackframe();
2291 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2294 if (conf_ctx == NULL) {
2298 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2299 if (!SBC_ERROR_IS_OK(err)) {
2305 for (count = 0; count < num_shares; count++) {
2306 if (strequal(service[count]->name, GLOBAL_NAME)) {
2309 ret = process_smbconf_service(service[count]);
2316 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2319 TALLOC_FREE(mem_ctx);
2324 * reload those shares from registry that are already
2325 * activated in the services array.
2327 static bool reload_registry_shares(void)
2332 for (i = 0; i < iNumServices; i++) {
2337 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2341 ret = process_registry_service(ServicePtrs[i]->szService);
2352 #define MAX_INCLUDE_DEPTH 100
2354 static uint8_t include_depth;
2357 * Free the file lists
2359 static void free_file_list(void)
2361 struct file_lists *f;
2362 struct file_lists *next;
2375 * Utility function for outsiders to check if we're running on registry.
2377 bool lp_config_backend_is_registry(void)
2379 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2383 * Utility function to check if the config backend is FILE.
2385 bool lp_config_backend_is_file(void)
2387 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2390 /*******************************************************************
2391 Check if a config file has changed date.
2392 ********************************************************************/
2394 bool lp_file_list_changed(void)
2396 struct file_lists *f = file_lists;
2398 DEBUG(6, ("lp_file_list_changed()\n"));
2401 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2402 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2404 if (conf_ctx == NULL) {
2407 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2410 DEBUGADD(6, ("registry config changed\n"));
2414 struct timespec mod_time = {
2417 struct timeval_buf tbuf = {
2421 struct stat sb = {0};
2424 n2 = talloc_sub_basic(talloc_tos(),
2425 get_current_username(),
2426 get_current_user_info_domain(),
2431 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2433 timespec_string_buf(&f->modtime,
2439 mod_time = get_mtimespec(&sb);
2442 if (mod_time.tv_sec > 0 &&
2443 ((timespec_compare(&mod_time, &f->modtime) != 0) ||
2444 (f->subfname == NULL) ||
2445 (strcmp(n2, f->subfname) != 0)))
2447 f->modtime = mod_time;
2450 ("file %s modified: %s\n", n2,
2451 timespec_string_buf(&f->modtime,
2455 TALLOC_FREE(f->subfname);
2456 f->subfname = talloc_strdup(f, n2);
2457 if (f->subfname == NULL) {
2458 smb_panic("talloc_strdup failed");
2472 * Initialize iconv conversion descriptors.
2474 * This is called the first time it is needed, and also called again
2475 * every time the configuration is reloaded, because the charset or
2476 * codepage might have changed.
2478 static void init_iconv(void)
2480 struct smb_iconv_handle *ret = NULL;
2482 ret = reinit_iconv_handle(NULL,
2486 smb_panic("reinit_iconv_handle failed");
2490 /***************************************************************************
2491 Handle the include operation.
2492 ***************************************************************************/
2493 static bool bAllowIncludeRegistry = true;
2495 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2496 const char *pszParmValue, char **ptr)
2500 if (include_depth >= MAX_INCLUDE_DEPTH) {
2501 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2506 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2507 if (!bAllowIncludeRegistry) {
2510 if (lp_ctx->bInGlobalSection) {
2513 ret = process_registry_globals();
2517 DEBUG(1, ("\"include = registry\" only effective "
2518 "in %s section\n", GLOBAL_NAME));
2523 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2524 get_current_user_info_domain(),
2527 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2529 if (service == NULL) {
2530 lpcfg_string_set(Globals.ctx, ptr, fname);
2532 lpcfg_string_set(service, ptr, fname);
2535 if (file_exist(fname)) {
2538 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2544 DEBUG(2, ("Can't find include file %s\n", fname));
2549 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2551 char *config_option = NULL;
2552 const char *range = NULL;
2555 SMB_ASSERT(low != NULL);
2556 SMB_ASSERT(high != NULL);
2558 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2562 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2564 if (config_option == NULL) {
2565 DEBUG(0, ("out of memory\n"));
2569 range = lp_parm_const_string(-1, config_option, "range", NULL);
2570 if (range == NULL) {
2571 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2575 if (sscanf(range, "%u - %u", low, high) != 2) {
2576 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2577 range, domain_name));
2584 talloc_free(config_option);
2589 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2591 return lp_idmap_range("*", low, high);
2594 const char *lp_idmap_backend(const char *domain_name)
2596 char *config_option = NULL;
2597 const char *backend = NULL;
2599 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2603 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2605 if (config_option == NULL) {
2606 DEBUG(0, ("out of memory\n"));
2610 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2611 if (backend == NULL) {
2612 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2617 talloc_free(config_option);
2621 const char *lp_idmap_default_backend(void)
2623 return lp_idmap_backend("*");
2626 /***************************************************************************
2627 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2628 ***************************************************************************/
2630 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2632 const char *suffix_string;
2634 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2635 Globals.ldap_suffix );
2636 if ( !suffix_string ) {
2637 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2641 return suffix_string;
2644 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2646 if (Globals._ldap_machine_suffix[0])
2647 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2649 return talloc_strdup(ctx, Globals.ldap_suffix);
2652 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2654 if (Globals._ldap_user_suffix[0])
2655 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2657 return talloc_strdup(ctx, Globals.ldap_suffix);
2660 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2662 if (Globals._ldap_group_suffix[0])
2663 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2665 return talloc_strdup(ctx, Globals.ldap_suffix);
2668 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2670 if (Globals._ldap_idmap_suffix[0])
2671 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2673 return talloc_strdup(ctx, Globals.ldap_suffix);
2677 return the parameter pointer for a parameter
2679 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2681 if (service == NULL) {
2682 if (parm->p_class == P_LOCAL)
2683 return (void *)(((char *)&sDefault)+parm->offset);
2684 else if (parm->p_class == P_GLOBAL)
2685 return (void *)(((char *)&Globals)+parm->offset);
2688 return (void *)(((char *)service) + parm->offset);
2692 /***************************************************************************
2693 Process a parameter for a particular service number. If snum < 0
2694 then assume we are in the globals.
2695 ***************************************************************************/
2697 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2699 TALLOC_CTX *frame = talloc_stackframe();
2700 struct loadparm_context *lp_ctx;
2703 lp_ctx = setup_lp_context(frame);
2704 if (lp_ctx == NULL) {
2710 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2712 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2713 pszParmName, pszParmValue);
2721 /***************************************************************************
2722 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2723 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2724 ***************************************************************************/
2726 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2729 parmnum = lpcfg_map_parameter(pszParmName);
2731 flags_list[parmnum] &= ~FLAG_CMDLINE;
2732 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2735 flags_list[parmnum] |= FLAG_CMDLINE;
2737 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2738 * be grouped in the table, so we don't have to search the
2741 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2742 && parm_table[i].p_class == parm_table[parmnum].p_class;
2744 flags_list[i] |= FLAG_CMDLINE;
2746 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2747 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2748 flags_list[i] |= FLAG_CMDLINE;
2754 /* it might be parametric */
2755 if (strchr(pszParmName, ':') != NULL) {
2756 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2760 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2764 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2767 TALLOC_CTX *frame = talloc_stackframe();
2768 struct loadparm_context *lp_ctx;
2770 lp_ctx = setup_lp_context(frame);
2771 if (lp_ctx == NULL) {
2776 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2782 /***************************************************************************
2783 Process a parameter.
2784 ***************************************************************************/
2786 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2789 if (!bInGlobalSection && bGlobalOnly)
2792 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2794 if (bInGlobalSection) {
2795 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2797 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2798 pszParmName, pszParmValue);
2803 static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
2806 * check that @vfs_objects includes all vfs modules required by an AD DC.
2808 static bool check_ad_dc_required_mods(const char **vfs_objects)
2814 for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
2816 for (j = 0; vfs_objects[j] != NULL; j++) {
2817 if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
2823 DEBUG(0, ("vfs objects specified without required AD "
2824 "DC module: %s\n", ad_dc_req_vfs_mods[i]));
2829 DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
2834 /***************************************************************************
2835 Initialize any local variables in the sDefault table, after parsing a
2837 ***************************************************************************/
2839 static void init_locals(void)
2842 * We run this check once the [globals] is parsed, to force
2843 * the VFS objects and other per-share settings we need for
2844 * the standard way a AD DC is operated. We may change these
2845 * as our code evolves, which is why we force these settings.
2847 * We can't do this at the end of lp_load_ex(), as by that
2848 * point the services have been loaded and they will already
2849 * have "" as their vfs objects.
2851 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2852 const char **vfs_objects = lp_vfs_objects(-1);
2853 if (vfs_objects != NULL) {
2854 /* ignore return, only warn if modules are missing */
2855 check_ad_dc_required_mods(vfs_objects);
2857 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2858 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2859 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2860 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2862 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2866 lp_do_parameter(-1, "map hidden", "no");
2867 lp_do_parameter(-1, "map system", "no");
2868 lp_do_parameter(-1, "map readonly", "no");
2869 lp_do_parameter(-1, "map archive", "no");
2870 lp_do_parameter(-1, "store dos attributes", "yes");
2874 /***************************************************************************
2875 Process a new section (service). At this stage all sections are services.
2876 Later we'll have special sections that permit server parameters to be set.
2877 Returns true on success, false on failure.
2878 ***************************************************************************/
2880 bool lp_do_section(const char *pszSectionName, void *userdata)
2882 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2884 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2885 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2887 /* if we were in a global section then do the local inits */
2888 if (bInGlobalSection && !isglobal)
2891 /* if we've just struck a global section, note the fact. */
2892 bInGlobalSection = isglobal;
2893 if (lp_ctx != NULL) {
2894 lp_ctx->bInGlobalSection = isglobal;
2897 /* check for multiple global sections */
2898 if (bInGlobalSection) {
2899 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2903 if (!bInGlobalSection && bGlobalOnly)
2906 /* if we have a current service, tidy it up before moving on */
2909 if ((iServiceIndex >= 0) && (ServicePtrs[iServiceIndex] != NULL))
2910 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2912 /* if all is still well, move to the next record in the services array */
2914 /* We put this here to avoid an odd message order if messages are */
2915 /* issued by the post-processing of a previous section. */
2916 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2918 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2919 if (iServiceIndex < 0) {
2920 DEBUG(0, ("Failed to add a new service\n"));
2923 /* Clean all parametric options for service */
2924 /* They will be added during parsing again */
2925 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2931 /***************************************************************************
2932 Display the contents of a parameter of a single services record.
2933 ***************************************************************************/
2935 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2937 bool result = false;
2938 struct loadparm_context *lp_ctx;
2940 lp_ctx = setup_lp_context(talloc_tos());
2941 if (lp_ctx == NULL) {
2946 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2948 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2950 TALLOC_FREE(lp_ctx);
2955 /***************************************************************************
2956 Display the contents of a single copy structure.
2957 ***************************************************************************/
2958 static void dump_copy_map(bool *pcopymap)
2964 printf("\n\tNon-Copied parameters:\n");
2966 for (i = 0; parm_table[i].label; i++)
2967 if (parm_table[i].p_class == P_LOCAL &&
2968 parm_table[i].ptr && !pcopymap[i] &&
2969 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2971 printf("\t\t%s\n", parm_table[i].label);
2976 /***************************************************************************
2977 Return TRUE if the passed service number is within range.
2978 ***************************************************************************/
2980 bool lp_snum_ok(int iService)
2982 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2985 /***************************************************************************
2986 Auto-load some home services.
2987 ***************************************************************************/
2989 static void lp_add_auto_services(const char *str)
2999 s = talloc_strdup(talloc_tos(), str);
3001 smb_panic("talloc_strdup failed");
3005 homes = lp_servicenumber(HOMES_NAME);
3007 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
3008 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
3011 if (lp_servicenumber(p) >= 0)
3014 home = get_user_home_dir(talloc_tos(), p);
3016 if (home && home[0] && homes >= 0)
3017 lp_add_home(p, homes, p, home);
3024 /***************************************************************************
3025 Auto-load one printer.
3026 ***************************************************************************/
3028 void lp_add_one_printer(const char *name, const char *comment,
3029 const char *location, void *pdata)
3031 int printers = lp_servicenumber(PRINTERS_NAME);
3034 if (lp_servicenumber(name) < 0) {
3035 lp_add_printer(name, printers);
3036 if ((i = lp_servicenumber(name)) >= 0) {
3037 lpcfg_string_set(ServicePtrs[i],
3038 &ServicePtrs[i]->comment, comment);
3039 ServicePtrs[i]->autoloaded = true;
3044 /***************************************************************************
3045 Have we loaded a services file yet?
3046 ***************************************************************************/
3048 bool lp_loaded(void)
3053 /***************************************************************************
3054 Unload unused services.
3055 ***************************************************************************/
3057 void lp_killunused(struct smbd_server_connection *sconn,
3058 bool (*snumused) (struct smbd_server_connection *, int))
3061 for (i = 0; i < iNumServices; i++) {
3065 /* don't kill autoloaded or usershare services */
3066 if ( ServicePtrs[i]->autoloaded ||
3067 ServicePtrs[i]->usershare == USERSHARE_VALID) {
3071 if (!snumused || !snumused(sconn, i)) {
3072 free_service_byindex(i);
3078 * Kill all except autoloaded and usershare services - convenience wrapper
3080 void lp_kill_all_services(void)
3082 lp_killunused(NULL, NULL);
3085 /***************************************************************************
3087 ***************************************************************************/
3089 void lp_killservice(int iServiceIn)
3091 if (VALID(iServiceIn)) {
3092 free_service_byindex(iServiceIn);
3096 /***************************************************************************
3097 Save the curent values of all global and sDefault parameters into the
3098 defaults union. This allows testparm to show only the
3099 changed (ie. non-default) parameters.
3100 ***************************************************************************/
3102 static void lp_save_defaults(void)
3105 struct parmlist_entry * parm;
3106 for (i = 0; parm_table[i].label; i++) {
3107 if (!(flags_list[i] & FLAG_CMDLINE)) {
3108 flags_list[i] |= FLAG_DEFAULT;
3111 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3112 && parm_table[i].p_class == parm_table[i - 1].p_class)
3114 switch (parm_table[i].type) {
3117 parm_table[i].def.lvalue = str_list_copy(
3118 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3124 &parm_table[i].def.svalue,
3125 *(char **)lp_parm_ptr(
3126 NULL, &parm_table[i]));
3127 if (parm_table[i].def.svalue == NULL) {
3128 smb_panic("lpcfg_string_set() failed");
3133 parm_table[i].def.bvalue =
3134 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3137 parm_table[i].def.cvalue =
3138 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3144 parm_table[i].def.ivalue =
3145 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3150 for (parm=Globals.param_opt; parm; parm=parm->next) {
3151 if (!(parm->priority & FLAG_CMDLINE)) {
3152 parm->priority |= FLAG_DEFAULT;
3156 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3157 if (!(parm->priority & FLAG_CMDLINE)) {
3158 parm->priority |= FLAG_DEFAULT;
3162 defaults_saved = true;
3165 /***********************************************************
3166 If we should send plaintext/LANMAN passwords in the clinet
3167 ************************************************************/
3169 static void set_allowed_client_auth(void)
3171 if (Globals.client_ntlmv2_auth) {
3172 Globals.client_lanman_auth = false;
3174 if (!Globals.client_lanman_auth) {
3175 Globals.client_plaintext_auth = false;
3179 /***************************************************************************
3181 The following code allows smbd to read a user defined share file.
3182 Yes, this is my intent. Yes, I'm comfortable with that...
3184 THE FOLLOWING IS SECURITY CRITICAL CODE.
3186 It washes your clothes, it cleans your house, it guards you while you sleep...
3187 Do not f%^k with it....
3188 ***************************************************************************/
3190 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3192 /***************************************************************************
3193 Check allowed stat state of a usershare file.
3194 Ensure we print out who is dicking with us so the admin can
3195 get their sorry ass fired.
3196 ***************************************************************************/
3198 static bool check_usershare_stat(const char *fname,
3199 const SMB_STRUCT_STAT *psbuf)
3201 if (!S_ISREG(psbuf->st_ex_mode)) {
3202 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3203 "not a regular file\n",
3204 fname, (unsigned int)psbuf->st_ex_uid ));
3208 /* Ensure this doesn't have the other write bit set. */
3209 if (psbuf->st_ex_mode & S_IWOTH) {
3210 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3211 "public write. Refusing to allow as a usershare file.\n",
3212 fname, (unsigned int)psbuf->st_ex_uid ));
3216 /* Should be 10k or less. */
3217 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3218 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3219 "too large (%u) to be a user share file.\n",
3220 fname, (unsigned int)psbuf->st_ex_uid,
3221 (unsigned int)psbuf->st_ex_size ));
3228 /***************************************************************************
3229 Parse the contents of a usershare file.
3230 ***************************************************************************/
3232 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3233 SMB_STRUCT_STAT *psbuf,
3234 const char *servicename,
3238 char **pp_sharepath,
3240 char **pp_cp_servicename,
3241 struct security_descriptor **ppsd,
3244 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3245 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3248 SMB_STRUCT_STAT sbuf;
3249 char *sharepath = NULL;
3250 char *comment = NULL;
3252 *pp_sharepath = NULL;
3255 *pallow_guest = false;
3258 return USERSHARE_MALFORMED_FILE;
3261 if (strcmp(lines[0], "#VERSION 1") == 0) {
3263 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3266 return USERSHARE_MALFORMED_FILE;
3269 return USERSHARE_BAD_VERSION;
3272 if (strncmp(lines[1], "path=", 5) != 0) {
3273 return USERSHARE_MALFORMED_PATH;
3276 sharepath = talloc_strdup(ctx, &lines[1][5]);
3278 return USERSHARE_POSIX_ERR;
3280 trim_string(sharepath, " ", " ");
3282 if (strncmp(lines[2], "comment=", 8) != 0) {
3283 return USERSHARE_MALFORMED_COMMENT_DEF;
3286 comment = talloc_strdup(ctx, &lines[2][8]);
3288 return USERSHARE_POSIX_ERR;
3290 trim_string(comment, " ", " ");
3291 trim_char(comment, '"', '"');
3293 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3294 return USERSHARE_MALFORMED_ACL_DEF;
3297 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3298 return USERSHARE_ACL_ERR;
3302 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3303 return USERSHARE_MALFORMED_ACL_DEF;
3305 if (lines[4][9] == 'y') {
3306 *pallow_guest = true;
3309 /* Backwards compatible extension to file version #2. */
3311 if (strncmp(lines[5], "sharename=", 10) != 0) {
3312 return USERSHARE_MALFORMED_SHARENAME_DEF;
3314 if (!strequal(&lines[5][10], servicename)) {
3315 return USERSHARE_BAD_SHARENAME;
3317 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3318 if (!*pp_cp_servicename) {
3319 return USERSHARE_POSIX_ERR;
3324 if (*pp_cp_servicename == NULL) {
3325 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3326 if (!*pp_cp_servicename) {
3327 return USERSHARE_POSIX_ERR;
3331 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3332 /* Path didn't change, no checks needed. */
3333 *pp_sharepath = sharepath;
3334 *pp_comment = comment;
3335 return USERSHARE_OK;
3338 /* The path *must* be absolute. */
3339 if (sharepath[0] != '/') {
3340 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3341 servicename, sharepath));
3342 return USERSHARE_PATH_NOT_ABSOLUTE;
3345 /* If there is a usershare prefix deny list ensure one of these paths
3346 doesn't match the start of the user given path. */
3347 if (prefixdenylist) {
3349 for ( i=0; prefixdenylist[i]; i++ ) {
3350 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3351 servicename, i, prefixdenylist[i], sharepath ));
3352 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3353 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3354 "usershare prefix deny list entries.\n",
3355 servicename, sharepath));
3356 return USERSHARE_PATH_IS_DENIED;
3361 /* If there is a usershare prefix allow list ensure one of these paths
3362 does match the start of the user given path. */
3364 if (prefixallowlist) {
3366 for ( i=0; prefixallowlist[i]; i++ ) {
3367 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3368 servicename, i, prefixallowlist[i], sharepath ));
3369 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3373 if (prefixallowlist[i] == NULL) {
3374 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3375 "usershare prefix allow list entries.\n",
3376 servicename, sharepath));
3377 return USERSHARE_PATH_NOT_ALLOWED;
3381 /* Ensure this is pointing to a directory. */
3382 dp = opendir(sharepath);
3385 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3386 servicename, sharepath));
3387 return USERSHARE_PATH_NOT_DIRECTORY;
3390 /* Ensure the owner of the usershare file has permission to share
3393 if (sys_stat(sharepath, &sbuf, false) == -1) {
3394 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3395 servicename, sharepath, strerror(errno) ));
3397 return USERSHARE_POSIX_ERR;
3402 if (!S_ISDIR(sbuf.st_ex_mode)) {
3403 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3404 servicename, sharepath ));
3405 return USERSHARE_PATH_NOT_DIRECTORY;
3408 /* Check if sharing is restricted to owner-only. */
3409 /* psbuf is the stat of the usershare definition file,
3410 sbuf is the stat of the target directory to be shared. */
3412 if (lp_usershare_owner_only()) {
3413 /* root can share anything. */
3414 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3415 return USERSHARE_PATH_NOT_ALLOWED;
3419 *pp_sharepath = sharepath;
3420 *pp_comment = comment;
3421 return USERSHARE_OK;
3424 /***************************************************************************
3425 Deal with a usershare file.
3428 -1 - Bad name, invalid contents.
3429 - service name already existed and not a usershare, problem
3430 with permissions to share directory etc.
3431 ***************************************************************************/
3433 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3435 SMB_STRUCT_STAT sbuf;
3436 SMB_STRUCT_STAT lsbuf;
3438 char *sharepath = NULL;
3439 char *comment = NULL;
3440 char *cp_service_name = NULL;
3441 char **lines = NULL;
3445 TALLOC_CTX *ctx = talloc_stackframe();
3446 struct security_descriptor *psd = NULL;
3447 bool guest_ok = false;
3448 char *canon_name = NULL;
3449 bool added_service = false;
3453 /* Ensure share name doesn't contain invalid characters. */
3454 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3455 DEBUG(0,("process_usershare_file: share name %s contains "
3456 "invalid characters (any of %s)\n",
3457 file_name, INVALID_SHARENAME_CHARS ));
3461 canon_name = canonicalize_servicename(ctx, file_name);
3466 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3471 /* Minimize the race condition by doing an lstat before we
3472 open and fstat. Ensure this isn't a symlink link. */
3474 if (sys_lstat(fname, &lsbuf, false) != 0) {
3475 if (errno == ENOENT) {
3476 /* Unknown share requested. Just ignore. */
3479 /* Only log messages for meaningful problems. */
3480 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3481 fname, strerror(errno) ));
3485 /* This must be a regular file, not a symlink, directory or
3486 other strange filetype. */
3487 if (!check_usershare_stat(fname, &lsbuf)) {
3494 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3499 if (NT_STATUS_IS_OK(status) &&
3500 (data.dptr != NULL) &&
3501 (data.dsize == sizeof(iService))) {
3502 memcpy(&iService, data.dptr, sizeof(iService));
3506 if (iService != -1 &&
3507 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3508 &lsbuf.st_ex_mtime) == 0) {
3509 /* Nothing changed - Mark valid and return. */
3510 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3512 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3517 /* Try and open the file read only - no symlinks allowed. */
3519 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3521 fd = open(fname, O_RDONLY, 0);
3525 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3526 fname, strerror(errno) ));
3530 /* Now fstat to be *SURE* it's a regular file. */
3531 if (sys_fstat(fd, &sbuf, false) != 0) {
3533 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3534 fname, strerror(errno) ));
3538 /* Is it the same dev/inode as was lstated ? */
3539 if (!check_same_stat(&lsbuf, &sbuf)) {
3541 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3542 "Symlink spoofing going on ?\n", fname ));
3546 /* This must be a regular file, not a symlink, directory or
3547 other strange filetype. */
3548 if (!check_usershare_stat(fname, &sbuf)) {
3553 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3556 if (lines == NULL) {
3557 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3558 fname, (unsigned int)sbuf.st_ex_uid ));
3562 if (parse_usershare_file(ctx, &sbuf, file_name,
3563 iService, lines, numlines, &sharepath,
3564 &comment, &cp_service_name,
3565 &psd, &guest_ok) != USERSHARE_OK) {
3569 /* Everything ok - add the service possibly using a template. */
3571 const struct loadparm_service *sp = &sDefault;
3572 if (snum_template != -1) {
3573 sp = ServicePtrs[snum_template];
3576 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3577 DEBUG(0, ("process_usershare_file: Failed to add "
3578 "new service %s\n", cp_service_name));
3582 added_service = true;
3584 /* Read only is controlled by usershare ACL below. */
3585 ServicePtrs[iService]->read_only = false;
3588 /* Write the ACL of the new/modified share. */
3589 status = set_share_security(canon_name, psd);
3590 if (!NT_STATUS_IS_OK(status)) {
3591 DEBUG(0, ("process_usershare_file: Failed to set share "
3592 "security for user share %s\n",
3597 /* If from a template it may be marked invalid. */
3598 ServicePtrs[iService]->valid = true;
3600 /* Set the service as a valid usershare. */
3601 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3603 /* Set guest access. */
3604 if (lp_usershare_allow_guests()) {
3605 ServicePtrs[iService]->guest_ok = guest_ok;
3608 /* And note when it was loaded. */
3609 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3610 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3612 lpcfg_string_set(ServicePtrs[iService],
3613 &ServicePtrs[iService]->comment, comment);
3619 if (ret == -1 && iService != -1 && added_service) {
3620 lp_remove_service(iService);
3628 /***************************************************************************
3629 Checks if a usershare entry has been modified since last load.
3630 ***************************************************************************/
3632 static bool usershare_exists(int iService, struct timespec *last_mod)
3634 SMB_STRUCT_STAT lsbuf;
3635 const char *usersharepath = Globals.usershare_path;
3638 fname = talloc_asprintf(talloc_tos(),
3641 ServicePtrs[iService]->szService);
3642 if (fname == NULL) {
3646 if (sys_lstat(fname, &lsbuf, false) != 0) {
3651 if (!S_ISREG(lsbuf.st_ex_mode)) {
3657 *last_mod = lsbuf.st_ex_mtime;
3661 static bool usershare_directory_is_root(uid_t uid)
3667 if (uid_wrapper_enabled()) {
3674 /***************************************************************************
3675 Load a usershare service by name. Returns a valid servicenumber or -1.
3676 ***************************************************************************/
3678 int load_usershare_service(const char *servicename)
3680 SMB_STRUCT_STAT sbuf;
3681 const char *usersharepath = Globals.usershare_path;
3682 int max_user_shares = Globals.usershare_max_shares;
3683 int snum_template = -1;
3685 if (servicename[0] == '\0') {
3686 /* Invalid service name. */
3690 if (*usersharepath == 0 || max_user_shares == 0) {
3694 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3695 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3696 usersharepath, strerror(errno) ));
3700 if (!S_ISDIR(sbuf.st_ex_mode)) {
3701 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3707 * This directory must be owned by root, and have the 't' bit set.
3708 * It also must not be writable by "other".
3712 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3713 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3715 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3716 (sbuf.st_ex_mode & S_IWOTH)) {
3718 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3719 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3724 /* Ensure the template share exists if it's set. */
3725 if (Globals.usershare_template_share[0]) {
3726 /* We can't use lp_servicenumber here as we are recommending that
3727 template shares have -valid=false set. */
3728 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3729 if (ServicePtrs[snum_template]->szService &&
3730 strequal(ServicePtrs[snum_template]->szService,
3731 Globals.usershare_template_share)) {
3736 if (snum_template == -1) {
3737 DEBUG(0,("load_usershare_service: usershare template share %s "
3738 "does not exist.\n",
3739 Globals.usershare_template_share ));
3744 return process_usershare_file(usersharepath, servicename, snum_template);
3747 /***************************************************************************
3748 Load all user defined shares from the user share directory.
3749 We only do this if we're enumerating the share list.
3750 This is the function that can delete usershares that have
3752 ***************************************************************************/
3754 int load_usershare_shares(struct smbd_server_connection *sconn,
3755 bool (*snumused) (struct smbd_server_connection *, int))
3758 SMB_STRUCT_STAT sbuf;
3760 int num_usershares = 0;
3761 int max_user_shares = Globals.usershare_max_shares;
3762 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3763 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3764 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3766 int snum_template = -1;
3767 const char *usersharepath = Globals.usershare_path;
3768 int ret = lp_numservices();
3769 TALLOC_CTX *tmp_ctx;
3771 if (max_user_shares == 0 || *usersharepath == '\0') {
3772 return lp_numservices();
3775 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3776 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3777 usersharepath, strerror(errno) ));
3782 * This directory must be owned by root, and have the 't' bit set.
3783 * It also must not be writable by "other".
3787 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3789 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3791 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3792 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3797 /* Ensure the template share exists if it's set. */
3798 if (Globals.usershare_template_share[0]) {
3799 /* We can't use lp_servicenumber here as we are recommending that
3800 template shares have -valid=false set. */
3801 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3802 if (ServicePtrs[snum_template]->szService &&
3803 strequal(ServicePtrs[snum_template]->szService,
3804 Globals.usershare_template_share)) {
3809 if (snum_template == -1) {
3810 DEBUG(0,("load_usershare_shares: usershare template share %s "
3811 "does not exist.\n",
3812 Globals.usershare_template_share ));
3817 /* Mark all existing usershares as pending delete. */
3818 for (iService = iNumServices - 1; iService >= 0; iService--) {
3819 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3820 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3824 dp = opendir(usersharepath);
3826 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3827 usersharepath, strerror(errno) ));
3831 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3833 num_dir_entries++ ) {
3835 const char *n = de->d_name;
3837 /* Ignore . and .. */
3839 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3845 /* Temporary file used when creating a share. */
3846 num_tmp_dir_entries++;
3849 /* Allow 20% tmp entries. */
3850 if (num_tmp_dir_entries > allowed_tmp_entries) {
3851 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3852 "in directory %s\n",
3853 num_tmp_dir_entries, usersharepath));
3857 r = process_usershare_file(usersharepath, n, snum_template);
3859 /* Update the services count. */
3861 if (num_usershares >= max_user_shares) {
3862 DEBUG(0,("load_usershare_shares: max user shares reached "
3863 "on file %s in directory %s\n",
3864 n, usersharepath ));
3867 } else if (r == -1) {
3868 num_bad_dir_entries++;
3871 /* Allow 20% bad entries. */
3872 if (num_bad_dir_entries > allowed_bad_entries) {
3873 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3874 "in directory %s\n",
3875 num_bad_dir_entries, usersharepath));
3879 /* Allow 20% bad entries. */
3880 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3881 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3882 "in directory %s\n",
3883 num_dir_entries, usersharepath));
3890 /* Sweep through and delete any non-refreshed usershares that are
3891 not currently in use. */
3892 tmp_ctx = talloc_stackframe();
3893 for (iService = iNumServices - 1; iService >= 0; iService--) {
3894 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3895 const struct loadparm_substitution *lp_sub =
3896 loadparm_s3_global_substitution();
3899 if (snumused && snumused(sconn, iService)) {
3903 servname = lp_servicename(tmp_ctx, lp_sub, iService);
3905 /* Remove from the share ACL db. */
3906 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3908 delete_share_security(servname);
3909 free_service_byindex(iService);
3912 talloc_free(tmp_ctx);
3914 return lp_numservices();
3917 /********************************************************
3918 Destroy global resources allocated in this file
3919 ********************************************************/
3921 void gfree_loadparm(void)
3927 /* Free resources allocated to services */
3929 for ( i = 0; i < iNumServices; i++ ) {
3931 free_service_byindex(i);
3935 TALLOC_FREE( ServicePtrs );
3938 /* Now release all resources allocated to global
3939 parameters and the default service */
3941 free_global_parameters();
3945 /***************************************************************************
3946 Allow client apps to specify that they are a client
3947 ***************************************************************************/
3948 static void lp_set_in_client(bool b)
3954 /***************************************************************************
3955 Determine if we're running in a client app
3956 ***************************************************************************/
3957 static bool lp_is_in_client(void)
3962 static void lp_enforce_ad_dc_settings(void)
3964 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3965 lp_do_parameter(GLOBAL_SECTION_SNUM,
3966 "winbindd:use external pipes", "true");
3967 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3968 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3969 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3970 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3971 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3972 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3973 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3974 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3975 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3978 /***************************************************************************
3979 Load the services array from the services file. Return true on success,
3981 ***************************************************************************/
3983 static bool lp_load_ex(const char *pszFname,
3987 bool reinit_globals,
3988 bool allow_include_registry,
3989 bool load_all_shares)
3993 TALLOC_CTX *frame = talloc_stackframe();
3994 struct loadparm_context *lp_ctx;
3995 int max_protocol, min_protocol;
3997 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3999 bInGlobalSection = true;
4000 bGlobalOnly = global_only;
4001 bAllowIncludeRegistry = allow_include_registry;
4002 sDefault = _sDefault;
4004 lp_ctx = setup_lp_context(talloc_tos());
4006 init_globals(lp_ctx, reinit_globals);
4010 if (save_defaults) {
4015 if (!reinit_globals) {
4016 free_param_opts(&Globals.param_opt);
4017 apply_lp_set_cmdline();
4020 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
4022 /* We get sections first, so have to start 'behind' to make up */
4025 if (lp_config_backend_is_file()) {
4026 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
4027 get_current_user_info_domain(),
4030 smb_panic("lp_load_ex: out of memory");
4033 add_to_file_list(NULL, &file_lists, pszFname, n2);
4035 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
4038 /* finish up the last section */
4039 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
4041 if (iServiceIndex >= 0) {
4042 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
4046 if (lp_config_backend_is_registry()) {
4048 /* config backend changed to registry in config file */
4050 * We need to use this extra global variable here to
4051 * survive restart: init_globals uses this as a default
4052 * for config_backend. Otherwise, init_globals would
4053 * send us into an endless loop here.
4056 config_backend = CONFIG_BACKEND_REGISTRY;
4058 DEBUG(1, ("lp_load_ex: changing to config backend "
4060 init_globals(lp_ctx, true);
4062 TALLOC_FREE(lp_ctx);
4064 lp_kill_all_services();
4065 ok = lp_load_ex(pszFname, global_only, save_defaults,
4066 add_ipc, reinit_globals,
4067 allow_include_registry,
4072 } else if (lp_config_backend_is_registry()) {
4073 bRetval = process_registry_globals();
4075 DEBUG(0, ("Illegal config backend given: %d\n",
4076 lp_config_backend()));
4080 if (bRetval && lp_registry_shares()) {
4081 if (load_all_shares) {
4082 bRetval = process_registry_shares();
4084 bRetval = reload_registry_shares();
4089 const struct loadparm_substitution *lp_sub =
4090 loadparm_s3_global_substitution();
4091 char *serv = lp_auto_services(talloc_tos(), lp_sub);
4092 lp_add_auto_services(serv);
4097 /* When 'restrict anonymous = 2' guest connections to ipc$
4099 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
4100 if ( lp_enable_asu_support() ) {
4101 lp_add_ipc("ADMIN$", false);
4105 set_allowed_client_auth();
4107 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
4108 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
4109 lp_password_server()));
4114 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4115 /* if we_are_a_wins_server is true and we are in the client */
4116 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4117 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4122 fault_configure(smb_panic_s3);
4125 * We run this check once the whole smb.conf is parsed, to
4126 * force some settings for the standard way a AD DC is
4127 * operated. We may change these as our code evolves, which
4128 * is why we force these settings.
4130 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4131 lp_enforce_ad_dc_settings();
4134 bAllowIncludeRegistry = true;
4136 /* Check if command line max protocol < min protocol, if so
4137 * report a warning to the user.
4139 max_protocol = lp_client_max_protocol();
4140 min_protocol = lp_client_min_protocol();
4141 if (max_protocol < min_protocol) {
4142 const char *max_protocolp, *min_protocolp;
4143 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4144 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4145 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4146 max_protocolp, min_protocolp);
4153 static bool lp_load(const char *pszFname,
4157 bool reinit_globals)
4159 return lp_load_ex(pszFname,
4164 true, /* allow_include_registry */
4165 false); /* load_all_shares*/
4168 bool lp_load_initial_only(const char *pszFname)
4170 return lp_load_ex(pszFname,
4171 true, /* global only */
4172 true, /* save_defaults */
4173 false, /* add_ipc */
4174 true, /* reinit_globals */
4175 false, /* allow_include_registry */
4176 false); /* load_all_shares*/
4180 * most common lp_load wrapper, loading only the globals
4182 * If this is used in a daemon or client utility it should be called
4183 * after processing popt.
4185 bool lp_load_global(const char *file_name)
4187 return lp_load(file_name,
4188 true, /* global_only */
4189 false, /* save_defaults */
4190 false, /* add_ipc */
4191 true); /* reinit_globals */
4195 * The typical lp_load wrapper with shares, loads global and
4196 * shares, including IPC, but does not force immediate
4197 * loading of all shares from registry.
4199 bool lp_load_with_shares(const char *file_name)
4201 return lp_load(file_name,
4202 false, /* global_only */
4203 false, /* save_defaults */
4205 true); /* reinit_globals */
4209 * lp_load wrapper, especially for clients
4211 bool lp_load_client(const char *file_name)
4213 lp_set_in_client(true);
4215 return lp_load_global(file_name);
4219 * lp_load wrapper, loading only globals, but intended
4220 * for subsequent calls, not reinitializing the globals
4223 bool lp_load_global_no_reinit(const char *file_name)
4225 return lp_load(file_name,
4226 true, /* global_only */
4227 false, /* save_defaults */
4228 false, /* add_ipc */
4229 false); /* reinit_globals */
4233 * lp_load wrapper, loading globals and shares,
4234 * intended for subsequent calls, i.e. not reinitializing
4235 * the globals to default values.
4237 bool lp_load_no_reinit(const char *file_name)
4239 return lp_load(file_name,
4240 false, /* global_only */
4241 false, /* save_defaults */
4242 false, /* add_ipc */
4243 false); /* reinit_globals */
4248 * lp_load wrapper, especially for clients, no reinitialization
4250 bool lp_load_client_no_reinit(const char *file_name)
4252 lp_set_in_client(true);
4254 return lp_load_global_no_reinit(file_name);
4257 bool lp_load_with_registry_shares(const char *pszFname)
4259 return lp_load_ex(pszFname,
4260 false, /* global_only */
4261 true, /* save_defaults */
4262 false, /* add_ipc */
4263 true, /* reinit_globals */
4264 true, /* allow_include_registry */
4265 true); /* load_all_shares*/
4268 /***************************************************************************
4269 Return the max number of services.
4270 ***************************************************************************/
4272 int lp_numservices(void)
4274 return (iNumServices);
4277 /***************************************************************************
4278 Display the contents of the services array in human-readable form.
4279 ***************************************************************************/
4281 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4284 struct loadparm_context *lp_ctx;
4287 defaults_saved = false;
4289 lp_ctx = setup_lp_context(talloc_tos());
4290 if (lp_ctx == NULL) {
4294 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4296 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4298 for (iService = 0; iService < maxtoprint; iService++) {
4300 lp_dump_one(f, show_defaults, iService);
4302 TALLOC_FREE(lp_ctx);
4305 /***************************************************************************
4306 Display the contents of one service in human-readable form.
4307 ***************************************************************************/
4309 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4312 if (ServicePtrs[snum]->szService[0] == '\0')
4314 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4315 flags_list, show_defaults);
4319 /***************************************************************************
4320 Return the number of the service with the given name, or -1 if it doesn't
4321 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4322 getservicebyname()! This works ONLY if all services have been loaded, and
4323 does not copy the found service.
4324 ***************************************************************************/
4326 int lp_servicenumber(const char *pszServiceName)
4329 fstring serviceName;
4331 if (!pszServiceName) {
4332 return GLOBAL_SECTION_SNUM;
4335 for (iService = iNumServices - 1; iService >= 0; iService--) {
4336 if (VALID(iService) && ServicePtrs[iService]->szService) {
4338 * The substitution here is used to support %U in
4341 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4342 standard_sub_basic(get_current_username(),
4343 get_current_user_info_domain(),
4344 serviceName,sizeof(serviceName));
4345 if (strequal(serviceName, pszServiceName)) {
4351 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4352 struct timespec last_mod;
4354 if (!usershare_exists(iService, &last_mod)) {
4355 /* Remove the share security tdb entry for it. */
4356 delete_share_security(lp_const_servicename(iService));
4357 /* Remove it from the array. */
4358 free_service_byindex(iService);
4359 /* Doesn't exist anymore. */
4360 return GLOBAL_SECTION_SNUM;
4363 /* Has it been modified ? If so delete and reload. */
4364 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4366 /* Remove it from the array. */
4367 free_service_byindex(iService);
4368 /* and now reload it. */
4369 iService = load_usershare_service(pszServiceName);
4374 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4375 return GLOBAL_SECTION_SNUM;
4381 /*******************************************************************
4382 A useful volume label function.
4383 ********************************************************************/
4385 const char *volume_label(TALLOC_CTX *ctx, int snum)
4387 const struct loadparm_substitution *lp_sub =
4388 loadparm_s3_global_substitution();
4390 const char *label = lp_volume(ctx, lp_sub, snum);
4394 label = lp_servicename(ctx, lp_sub, snum);
4398 * Volume label can be a max of 32 bytes. Make sure to truncate
4399 * it at a codepoint boundary if it's longer than 32 and contains
4400 * multibyte characters. Windows insists on a volume label being
4401 * a valid mb sequence, and errors out if not.
4403 if (strlen(label) > 32) {
4405 * A MB char can be a max of 5 bytes, thus
4406 * we should have a valid mb character at a
4407 * minimum position of (32-5) = 27.
4411 * Check if a codepoint starting from next byte
4412 * is valid. If yes, then the current byte is the
4413 * end of a MB or ascii sequence and the label can
4414 * be safely truncated here. If not, keep going
4415 * backwards till a valid codepoint is found.
4418 const char *s = &label[end];
4419 codepoint_t c = next_codepoint(s, &len);
4420 if (c != INVALID_CODEPOINT) {
4427 /* This returns a max of 33 byte guarenteed null terminated string. */
4428 ret = talloc_strndup(ctx, label, end);
4435 /*******************************************************************
4436 Get the default server type we will announce as via nmbd.
4437 ********************************************************************/
4439 int lp_default_server_announce(void)
4441 int default_server_announce = 0;
4442 default_server_announce |= SV_TYPE_WORKSTATION;
4443 default_server_announce |= SV_TYPE_SERVER;
4444 default_server_announce |= SV_TYPE_SERVER_UNIX;
4446 /* note that the flag should be set only if we have a
4447 printer service but nmbd doesn't actually load the
4448 services so we can't tell --jerry */
4450 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4452 default_server_announce |= SV_TYPE_SERVER_NT;
4453 default_server_announce |= SV_TYPE_NT;
4455 switch (lp_server_role()) {
4456 case ROLE_DOMAIN_MEMBER:
4457 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4459 case ROLE_DOMAIN_PDC:
4461 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4463 case ROLE_DOMAIN_BDC:
4464 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4466 case ROLE_STANDALONE:
4470 if (lp_time_server())
4471 default_server_announce |= SV_TYPE_TIME_SOURCE;
4473 if (lp_host_msdfs())
4474 default_server_announce |= SV_TYPE_DFS_SERVER;
4476 return default_server_announce;
4479 /***********************************************************
4480 If we are PDC then prefer us as DMB
4481 ************************************************************/
4483 bool lp_domain_master(void)
4485 if (Globals._domain_master == Auto)
4486 return (lp_server_role() == ROLE_DOMAIN_PDC ||
4487 lp_server_role() == ROLE_IPA_DC);
4489 return (bool)Globals._domain_master;
4492 /***********************************************************
4493 If we are PDC then prefer us as DMB
4494 ************************************************************/
4496 static bool lp_domain_master_true_or_auto(void)
4498 if (Globals._domain_master) /* auto or yes */
4504 /***********************************************************
4505 If we are DMB then prefer us as LMB
4506 ************************************************************/
4508 bool lp_preferred_master(void)
4510 int preferred_master = lp__preferred_master();
4512 if (preferred_master == Auto)
4513 return (lp_local_master() && lp_domain_master());
4515 return (bool)preferred_master;
4518 /*******************************************************************
4520 ********************************************************************/
4522 void lp_remove_service(int snum)
4524 ServicePtrs[snum]->valid = false;
4527 const char *lp_printername(TALLOC_CTX *ctx,
4528 const struct loadparm_substitution *lp_sub,
4531 const char *ret = lp__printername(ctx, lp_sub, snum);
4533 if (ret == NULL || *ret == '\0') {
4534 ret = lp_const_servicename(snum);
4541 /***********************************************************
4542 Allow daemons such as winbindd to fix their logfile name.
4543 ************************************************************/
4545 void lp_set_logfile(const char *name)
4547 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4548 debug_set_logfile(name);
4551 /*******************************************************************
4552 Return the max print jobs per queue.
4553 ********************************************************************/
4555 int lp_maxprintjobs(int snum)
4557 int maxjobs = lp_max_print_jobs(snum);
4559 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4560 maxjobs = PRINT_MAX_JOBID - 1;
4565 const char *lp_printcapname(void)
4567 const char *printcap_name = lp_printcap_name();
4569 if ((printcap_name != NULL) &&
4570 (printcap_name[0] != '\0'))
4571 return printcap_name;
4573 if (sDefault.printing == PRINT_CUPS) {
4577 if (sDefault.printing == PRINT_BSD)
4578 return "/etc/printcap";
4580 return PRINTCAP_NAME;
4583 static uint32_t spoolss_state;
4585 bool lp_disable_spoolss( void )
4587 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4588 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4590 return spoolss_state == SVCCTL_STOPPED ? true : false;
4593 void lp_set_spoolss_state( uint32_t state )
4595 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4597 spoolss_state = state;
4600 uint32_t lp_get_spoolss_state( void )
4602 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4605 /*******************************************************************
4606 Turn off sendfile if we find the underlying OS doesn't support it.
4607 ********************************************************************/
4609 void set_use_sendfile(int snum, bool val)
4611 if (LP_SNUM_OK(snum))
4612 ServicePtrs[snum]->_use_sendfile = val;
4614 sDefault._use_sendfile = val;
4617 void lp_set_mangling_method(const char *new_method)
4619 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4622 /*******************************************************************
4623 Global state for POSIX pathname processing.
4624 ********************************************************************/
4626 static bool posix_pathnames;
4628 bool lp_posix_pathnames(void)
4630 return posix_pathnames;
4633 /*******************************************************************
4634 Change everything needed to ensure POSIX pathname processing (currently
4636 ********************************************************************/
4638 void lp_set_posix_pathnames(void)
4640 posix_pathnames = true;
4643 /*******************************************************************
4644 Global state for POSIX lock processing - CIFS unix extensions.
4645 ********************************************************************/
4647 bool posix_default_lock_was_set;
4648 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4650 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4652 if (posix_default_lock_was_set) {
4653 return posix_cifsx_locktype;
4655 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4656 POSIX_LOCK : WINDOWS_LOCK;
4660 /*******************************************************************
4661 ********************************************************************/
4663 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4665 posix_default_lock_was_set = true;
4666 posix_cifsx_locktype = val;
4669 int lp_min_receive_file_size(void)
4671 int min_receivefile_size = lp_min_receivefile_size();
4673 if (min_receivefile_size < 0) {
4676 return min_receivefile_size;
4679 /*******************************************************************
4680 Safe wide links checks.
4681 This helper function always verify the validity of wide links,
4682 even after a configuration file reload.
4683 ********************************************************************/
4685 void widelinks_warning(int snum)
4687 if (lp_allow_insecure_wide_links()) {
4691 if (lp_wide_links(snum)) {
4692 if (lp_smb1_unix_extensions()) {
4693 DBG_ERR("Share '%s' has wide links and SMB1 unix "
4694 "extensions enabled. "
4695 "These parameters are incompatible. "
4696 "Wide links will be disabled for this share.\n",
4697 lp_const_servicename(snum));
4698 } else if (lp_smb3_unix_extensions()) {
4699 DBG_ERR("Share '%s' has wide links and SMB3 unix "
4700 "extensions enabled. "
4701 "These parameters are incompatible. "
4702 "Wide links will be disabled for this share.\n",
4703 lp_const_servicename(snum));
4708 bool lp_widelinks(int snum)
4710 /* wide links is always incompatible with unix extensions */
4711 if (lp_smb1_unix_extensions() || lp_smb3_unix_extensions()) {
4713 * Unless we have "allow insecure widelinks"
4716 if (!lp_allow_insecure_wide_links()) {
4721 return lp_wide_links(snum);
4724 int lp_server_role(void)
4726 return lp_find_server_role(lp__server_role(),
4728 lp__domain_logons(),
4729 lp_domain_master_true_or_auto());
4732 int lp_security(void)
4734 return lp_find_security(lp__server_role(),
4738 int lp_client_max_protocol(void)
4740 int client_max_protocol = lp__client_max_protocol();
4741 if (client_max_protocol == PROTOCOL_DEFAULT) {
4742 return PROTOCOL_LATEST;
4744 return client_max_protocol;
4747 int lp_client_ipc_min_protocol(void)
4749 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4750 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4751 client_ipc_min_protocol = lp_client_min_protocol();
4753 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4754 return PROTOCOL_NT1;
4756 return client_ipc_min_protocol;
4759 int lp_client_ipc_max_protocol(void)
4761 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4762 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4763 return PROTOCOL_LATEST;
4765 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4766 return PROTOCOL_NT1;
4768 return client_ipc_max_protocol;
4771 int lp_client_ipc_signing(void)
4773 int client_ipc_signing = lp__client_ipc_signing();
4774 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4775 return SMB_SIGNING_REQUIRED;
4777 return client_ipc_signing;
4780 enum credentials_use_kerberos lp_client_use_kerberos(void)
4782 if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
4783 return CRED_USE_KERBEROS_REQUIRED;
4786 return lp__client_use_kerberos();
4790 int lp_rpc_low_port(void)
4792 return Globals.rpc_low_port;
4795 int lp_rpc_high_port(void)
4797 return Globals.rpc_high_port;
4801 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4803 * This also ensures it is disabled if NTLM is totally disabled
4805 bool lp_lanman_auth(void)
4807 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4809 if (ntlm_auth_level == NTLM_AUTH_ON) {
4810 return lp__lanman_auth();
4816 struct loadparm_global * get_globals(void)
4821 unsigned int * get_flags(void)
4823 if (flags_list == NULL) {
4824 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
4830 enum samba_weak_crypto lp_weak_crypto(void)
4832 if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
4833 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
4835 if (samba_gnutls_weak_crypto_allowed()) {
4836 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
4840 return Globals.weak_crypto;
4843 uint32_t lp_get_async_dns_timeout(void)
4846 * Clamp minimum async dns timeout to 1 second
4847 * as per the man page.
4849 return MAX(Globals.async_dns_timeout, 1);
4852 bool lp_smb3_unix_extensions(void)
4855 * FIXME: If this gets always enabled, check source3/selftest/tests.py
4856 * and source3/wscript for HAVE_SMB3_UNIX_EXTENSIONS.
4858 #if defined(DEVELOPER)
4859 return lp__smb3_unix_extensions();