2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "system/filesys.h"
60 #include "lib/param/loadparm.h"
61 #include "lib/param/param.h"
63 #include "lib/smbconf/smbconf.h"
64 #include "lib/smbconf/smbconf_init.h"
67 #include "../librpc/gen_ndr/svcctl.h"
69 #include "../libcli/smb/smb_signing.h"
70 #include "dbwrap/dbwrap.h"
71 #include "dbwrap/dbwrap_rbt.h"
72 #include "../lib/util/bitmap.h"
73 #include "librpc/gen_ndr/nbt.h"
74 #include "source4/lib/tls/tls.h"
75 #include "libcli/auth/ntlm_check.h"
76 #include "lib/crypto/gnutls_helpers.h"
78 #ifdef HAVE_SYS_SYSCTL_H
79 #include <sys/sysctl.h>
84 extern userdom_struct current_user_info;
86 /* the special value for the include parameter
87 * to be interpreted not as a file name but to
88 * trigger loading of the global smb.conf options
90 #ifndef INCLUDE_REGISTRY_NAME
91 #define INCLUDE_REGISTRY_NAME "registry"
94 static bool in_client = false; /* Not in the client by default */
95 static struct smbconf_csn conf_last_csn;
97 static int config_backend = CONFIG_BACKEND_FILE;
99 /* some helpful bits */
100 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
101 (ServicePtrs != NULL) && \
102 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
103 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
104 ServicePtrs[i]->valid)
106 #define USERSHARE_VALID 1
107 #define USERSHARE_PENDING_DELETE 2
109 static bool defaults_saved = false;
111 #include "lib/param/param_global.h"
113 static struct loadparm_global Globals;
115 /* This is a default service used to prime a services structure */
116 static const struct loadparm_service _sDefault =
121 .usershare_last_mod = {0, 0},
124 .invalid_users = NULL,
131 .root_preexec = NULL,
132 .root_postexec = NULL,
133 .cups_options = NULL,
134 .print_command = NULL,
136 .lprm_command = NULL,
137 .lppause_command = NULL,
138 .lpresume_command = NULL,
139 .queuepause_command = NULL,
140 .queueresume_command = NULL,
141 ._printername = NULL,
142 .printjob_username = NULL,
143 .dont_descend = NULL,
146 .magic_script = NULL,
147 .magic_output = NULL,
150 .veto_oplock_files = NULL,
160 .aio_write_behind = NULL,
161 .dfree_command = NULL,
162 .min_print_space = 0,
163 .max_print_jobs = 1000,
164 .max_reported_print_jobs = 0,
166 .force_create_mode = 0,
167 .directory_mask = 0755,
168 .force_directory_mode = 0,
169 .max_connections = 0,
170 .default_case = CASE_LOWER,
171 .printing = DEFAULT_PRINTING,
174 .dfree_cache_time = 0,
175 .preexec_close = false,
176 .root_preexec_close = false,
177 .case_sensitive = Auto,
178 .preserve_case = true,
179 .short_preserve_case = true,
180 .hide_dot_files = true,
181 .hide_special_files = false,
182 .hide_unreadable = false,
183 .hide_unwriteable_files = false,
185 .access_based_share_enum = false,
190 .administrative_share = false,
193 .print_notify_backchannel = false,
197 .store_dos_attributes = true,
198 .dmapi_support = false,
200 .strict_locking = Auto,
201 .posix_locking = true,
203 .kernel_oplocks = false,
204 .level2_oplocks = true,
205 .mangled_names = MANGLED_NAMES_ILLEGAL,
207 .follow_symlinks = true,
208 .sync_always = false,
209 .strict_allocate = false,
210 .strict_rename = false,
212 .mangling_char = '~',
214 .delete_readonly = false,
215 .fake_oplocks = false,
216 .delete_veto_files = false,
217 .dos_filemode = false,
218 .dos_filetimes = true,
219 .dos_filetime_resolution = false,
220 .fake_directory_create_times = false,
221 .blocking_locks = true,
222 .inherit_permissions = false,
223 .inherit_acls = false,
224 .inherit_owner = false,
226 .msdfs_shuffle_referrals = false,
227 .use_client_driver = false,
228 .default_devmode = true,
229 .force_printername = false,
230 .nt_acl_support = true,
231 .force_unknown_acl_user = false,
232 ._use_sendfile = false,
233 .map_acl_inherit = false,
236 .acl_check_permissions = true,
237 .acl_map_full_control = true,
238 .acl_group_control = false,
239 .acl_allow_execute_always = false,
242 .map_readonly = MAP_READONLY_NO,
243 .directory_name_cache_size = 100,
244 .server_smb_encrypt = SMB_SIGNING_DEFAULT,
245 .kernel_share_modes = true,
246 .durable_handles = true,
247 .check_parent_directory_delete_on_close = false,
249 .smbd_search_ask_sharemode = true,
250 .smbd_getinfo_ask_sharemode = true,
251 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
256 * This is a copy of the default service structure. Service options in the
257 * global section would otherwise overwrite the initial default values.
259 static struct loadparm_service sDefault;
261 /* local variables */
262 static struct loadparm_service **ServicePtrs = NULL;
263 static int iNumServices = 0;
264 static int iServiceIndex = 0;
265 static struct db_context *ServiceHash;
266 static bool bInGlobalSection = true;
267 static bool bGlobalOnly = false;
268 static struct file_lists *file_lists = NULL;
269 static unsigned int *flags_list = NULL;
271 static void set_allowed_client_auth(void);
273 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
274 static void free_param_opts(struct parmlist_entry **popts);
277 * Function to return the default value for the maximum number of open
278 * file descriptors permitted. This function tries to consult the
279 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
280 * the smaller of those.
282 static int max_open_files(void)
284 int sysctl_max = MAX_OPEN_FILES;
285 int rlimit_max = MAX_OPEN_FILES;
287 #ifdef HAVE_SYSCTLBYNAME
289 size_t size = sizeof(sysctl_max);
290 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
295 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
301 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
302 rlimit_max = rl.rlim_cur;
304 #if defined(RLIM_INFINITY)
305 if(rl.rlim_cur == RLIM_INFINITY)
306 rlimit_max = MAX_OPEN_FILES;
311 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
312 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
313 "minimum Windows limit (%d)\n",
315 MIN_OPEN_FILES_WINDOWS));
316 sysctl_max = MIN_OPEN_FILES_WINDOWS;
319 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
320 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
321 "minimum Windows limit (%d)\n",
323 MIN_OPEN_FILES_WINDOWS));
324 rlimit_max = MIN_OPEN_FILES_WINDOWS;
327 return MIN(sysctl_max, rlimit_max);
331 * Common part of freeing allocated data for one parameter.
333 static void free_one_parameter_common(void *parm_ptr,
334 struct parm_struct parm)
336 if ((parm.type == P_STRING) ||
337 (parm.type == P_USTRING))
339 lpcfg_string_free((char**)parm_ptr);
340 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
341 TALLOC_FREE(*((char***)parm_ptr));
346 * Free the allocated data for one parameter for a share
347 * given as a service struct.
349 static void free_one_parameter(struct loadparm_service *service,
350 struct parm_struct parm)
354 if (parm.p_class != P_LOCAL) {
358 parm_ptr = lp_parm_ptr(service, &parm);
360 free_one_parameter_common(parm_ptr, parm);
364 * Free the allocated parameter data of a share given
365 * as a service struct.
367 static void free_parameters(struct loadparm_service *service)
371 for (i=0; parm_table[i].label; i++) {
372 free_one_parameter(service, parm_table[i]);
377 * Free the allocated data for one parameter for a given share
378 * specified by an snum.
380 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
385 parm_ptr = lp_parm_ptr(NULL, &parm);
386 } else if (parm.p_class != P_LOCAL) {
389 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
392 free_one_parameter_common(parm_ptr, parm);
396 * Free the allocated parameter data for a share specified
399 static void free_parameters_by_snum(int snum)
403 for (i=0; parm_table[i].label; i++) {
404 free_one_parameter_by_snum(snum, parm_table[i]);
409 * Free the allocated global parameters.
411 static void free_global_parameters(void)
414 struct parm_struct *parm;
416 free_param_opts(&Globals.param_opt);
417 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
419 /* Reset references in the defaults because the context is going to be freed */
420 for (i=0; parm_table[i].label; i++) {
421 parm = &parm_table[i];
422 if ((parm->type == P_STRING) ||
423 (parm->type == P_USTRING)) {
424 if ((parm->def.svalue != NULL) &&
425 (*(parm->def.svalue) != '\0')) {
426 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
427 parm->def.svalue = NULL;
432 TALLOC_FREE(Globals.ctx);
435 struct lp_stored_option {
436 struct lp_stored_option *prev, *next;
441 static struct lp_stored_option *stored_options;
444 save options set by lp_set_cmdline() into a list. This list is
445 re-applied when we do a globals reset, so that cmdline set options
446 are sticky across reloads of smb.conf
448 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
450 struct lp_stored_option *entry, *entry_next;
451 for (entry = stored_options; entry != NULL; entry = entry_next) {
452 entry_next = entry->next;
453 if (strcmp(pszParmName, entry->label) == 0) {
454 DLIST_REMOVE(stored_options, entry);
460 entry = talloc(NULL, struct lp_stored_option);
465 entry->label = talloc_strdup(entry, pszParmName);
471 entry->value = talloc_strdup(entry, pszParmValue);
477 DLIST_ADD_END(stored_options, entry);
482 static bool apply_lp_set_cmdline(void)
484 struct lp_stored_option *entry = NULL;
485 for (entry = stored_options; entry != NULL; entry = entry->next) {
486 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
487 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
488 entry->label, entry->value));
495 /***************************************************************************
496 Initialise the global parameter structure.
497 ***************************************************************************/
499 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
501 static bool done_init = false;
505 /* If requested to initialize only once and we've already done it... */
506 if (!reinit_globals && done_init) {
507 /* ... then we have nothing more to do */
512 /* The logfile can be set before this is invoked. Free it if so. */
513 lpcfg_string_free(&Globals.logfile);
516 free_global_parameters();
519 /* This memset and the free_global_parameters() above will
520 * wipe out smb.conf options set with lp_set_cmdline(). The
521 * apply_lp_set_cmdline() call puts these values back in the
522 * table once the defaults are set */
523 ZERO_STRUCT(Globals);
525 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
527 /* Initialize the flags list if necessary */
528 if (flags_list == NULL) {
532 for (i = 0; parm_table[i].label; i++) {
533 if ((parm_table[i].type == P_STRING ||
534 parm_table[i].type == P_USTRING))
538 (char **)lp_parm_ptr(NULL, &parm_table[i]),
544 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
545 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
547 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
549 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
551 DEBUG(3, ("Initialising global parameters\n"));
553 /* Must manually force to upper case here, as this does not go via the handler */
554 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
557 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
558 get_dyn_SMB_PASSWD_FILE());
559 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
560 get_dyn_PRIVATE_DIR());
561 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
562 get_dyn_BINDDNS_DIR());
564 /* use the new 'hash2' method by default, with a prefix of 1 */
565 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
566 Globals.mangle_prefix = 1;
568 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
570 /* using UTF8 by default allows us to support all chars */
571 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
572 DEFAULT_UNIX_CHARSET);
574 /* Use codepage 850 as a default for the dos character set */
575 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
576 DEFAULT_DOS_CHARSET);
579 * Allow the default PASSWD_CHAT to be overridden in local.h.
581 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
582 DEFAULT_PASSWD_CHAT);
584 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
586 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
587 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
589 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
591 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
593 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
595 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
598 * By default support explicit binding to broadcast
601 Globals.nmbd_bind_explicit_broadcast = true;
603 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
605 smb_panic("init_globals: ENOMEM");
607 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
610 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
611 "/bin/sleep 999999999");
614 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
615 DEFAULT_SOCKET_OPTIONS);
617 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
618 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
619 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
620 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
621 "\\\\%N\\%U\\profile");
623 Globals.name_resolve_order =
624 str_list_make_v3_const(Globals.ctx,
625 DEFAULT_NAME_RESOLVE_ORDER,
627 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
629 Globals.algorithmic_rid_base = BASE_RID;
631 Globals.load_printers = true;
632 Globals.printcap_cache_time = 750; /* 12.5 minutes */
634 Globals.config_backend = config_backend;
635 Globals._server_role = ROLE_AUTO;
637 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
638 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
639 Globals.max_xmit = 0x4104;
640 Globals.max_mux = 50; /* This is *needed* for profile support. */
641 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
642 Globals._disable_spoolss = false;
643 Globals.max_smbd_processes = 0;/* no limit specified */
644 Globals.username_level = 0;
645 Globals.deadtime = 10080;
646 Globals.getwd_cache = true;
647 Globals.large_readwrite = true;
648 Globals.max_log_size = 5000;
649 Globals.max_open_files = max_open_files();
650 Globals.server_max_protocol = PROTOCOL_SMB3_11;
651 Globals.server_min_protocol = PROTOCOL_SMB2_02;
652 Globals._client_max_protocol = PROTOCOL_DEFAULT;
653 Globals.client_min_protocol = PROTOCOL_SMB2_02;
654 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
655 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
656 Globals._security = SEC_AUTO;
657 Globals.encrypt_passwords = true;
658 Globals.client_schannel = true;
659 Globals.winbind_sealed_pipes = true;
660 Globals.require_strong_key = true;
661 Globals.server_schannel = true;
662 Globals.read_raw = true;
663 Globals.write_raw = true;
664 Globals.null_passwords = false;
665 Globals.old_password_allowed_period = 60;
666 Globals.obey_pam_restrictions = false;
668 Globals.syslog_only = false;
669 Globals.timestamp_logs = true;
670 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
671 Globals.debug_prefix_timestamp = false;
672 Globals.debug_hires_timestamp = true;
673 Globals.debug_pid = false;
674 Globals.debug_uid = false;
675 Globals.debug_class = false;
676 Globals.enable_core_files = true;
677 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
678 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
679 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
680 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
681 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
682 Globals.lm_interval = 60;
683 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
684 Globals.nis_homedir = false;
685 #ifdef WITH_NISPLUS_HOME
686 lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
687 "auto_home.org_dir");
689 lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
692 Globals.time_server = false;
693 Globals.bind_interfaces_only = false;
694 Globals.unix_password_sync = false;
695 Globals.pam_password_change = false;
696 Globals.passwd_chat_debug = false;
697 Globals.passwd_chat_timeout = 2; /* 2 second default. */
698 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
699 Globals.nt_status_support = true; /* Use NT status by default. */
700 Globals.smbd_profiling_level = 0;
701 Globals.stat_cache = true; /* use stat cache by default */
702 Globals.max_stat_cache_size = 512; /* 512k by default */
703 Globals.restrict_anonymous = 0;
704 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
705 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
706 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
707 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
708 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
709 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
710 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
712 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
714 Globals.map_to_guest = 0; /* By Default, "Never" */
715 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
716 Globals.enhanced_browsing = true;
717 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
718 Globals.use_mmap = true;
719 Globals.unicode = true;
720 Globals.unix_extensions = true;
721 Globals.reset_on_zero_vc = false;
722 Globals.log_writeable_files_on_exit = false;
723 Globals.create_krb5_conf = true;
724 Globals.include_system_krb5_conf = true;
725 Globals._winbind_max_domain_connections = 1;
727 /* hostname lookups can be very expensive and are broken on
728 a large number of sites (tridge) */
729 Globals.hostname_lookups = false;
731 Globals.change_notify = true,
732 Globals.kernel_change_notify = true,
734 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
735 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
738 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
739 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
741 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
742 Globals.ldap_ssl = LDAP_SSL_START_TLS;
743 Globals.ldap_deref = -1;
744 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
745 Globals.ldap_delete_dn = false;
746 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
747 Globals.ldap_follow_referral = Auto;
748 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
749 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
750 Globals.ldap_page_size = LDAP_PAGE_SIZE;
752 Globals.ldap_debug_level = 0;
753 Globals.ldap_debug_threshold = 10;
755 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
757 Globals.ldap_server_require_strong_auth =
758 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
760 /* This is what we tell the afs client. in reality we set the token
761 * to never expire, though, when this runs out the afs client will
762 * forget the token. Set to 0 to get NEVERDATE.*/
763 Globals.afs_token_lifetime = 604800;
764 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
766 /* these parameters are set to defaults that are more appropriate
767 for the increasing samba install base:
769 as a member of the workgroup, that will possibly become a
770 _local_ master browser (lm = true). this is opposed to a forced
771 local master browser startup (pm = true).
773 doesn't provide WINS server service by default (wsupp = false),
774 and doesn't provide domain master browser services by default, either.
778 Globals.show_add_printer_wizard = true;
779 Globals.os_level = 20;
780 Globals.local_master = true;
781 Globals._domain_master = Auto; /* depending on _domain_logons */
782 Globals._domain_logons = false;
783 Globals.browse_list = true;
784 Globals.we_are_a_wins_server = false;
785 Globals.wins_proxy = false;
787 TALLOC_FREE(Globals.init_logon_delayed_hosts);
788 Globals.init_logon_delay = 100; /* 100 ms default delay */
790 Globals.wins_dns_proxy = true;
792 Globals.allow_trusted_domains = true;
793 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
795 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
796 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
798 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
799 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
800 dyn_WINBINDD_SOCKET_DIR);
802 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
803 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
805 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
807 Globals.cluster_addresses = NULL;
808 Globals.clustering = false;
809 Globals.ctdb_timeout = 0;
810 Globals.ctdb_locktime_warn_threshold = 0;
812 Globals.winbind_cache_time = 300; /* 5 minutes */
813 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
814 Globals.winbind_request_timeout = 60; /* 60 seconds */
815 Globals.winbind_max_clients = 200;
816 Globals.winbind_enum_users = false;
817 Globals.winbind_enum_groups = false;
818 Globals.winbind_use_default_domain = false;
819 Globals.winbind_nested_groups = true;
820 Globals.winbind_expand_groups = 0;
821 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
822 Globals.winbind_refresh_tickets = false;
823 Globals.winbind_offline_logon = false;
824 Globals.winbind_scan_trusted_domains = true;
826 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
827 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
829 Globals.passdb_expand_explicit = false;
831 Globals.name_cache_timeout = 660; /* In seconds */
833 Globals.client_use_spnego = true;
835 Globals.client_signing = SMB_SIGNING_DEFAULT;
836 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
837 Globals.server_signing = SMB_SIGNING_DEFAULT;
839 Globals.defer_sharing_violations = true;
840 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
842 Globals.enable_privileges = true;
843 Globals.host_msdfs = true;
844 Globals.enable_asu_support = false;
846 /* User defined shares. */
847 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
849 smb_panic("init_globals: ENOMEM");
851 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
853 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
854 Globals.usershare_max_shares = 0;
855 /* By default disallow sharing of directories not owned by the sharer. */
856 Globals.usershare_owner_only = true;
857 /* By default disallow guest access to usershares. */
858 Globals.usershare_allow_guests = false;
860 Globals.keepalive = DEFAULT_KEEPALIVE;
862 /* By default no shares out of the registry */
863 Globals.registry_shares = false;
865 Globals.min_receivefile_size = 0;
867 Globals.multicast_dns_register = true;
869 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
870 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
871 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
872 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
873 Globals.smb2_leases = true;
875 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
876 get_dyn_NCALRPCDIR());
878 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
880 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
882 Globals.tls_enabled = true;
883 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
885 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
886 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
887 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
888 lpcfg_string_set(Globals.ctx,
889 &Globals.tls_priority,
890 "NORMAL:-VERS-SSL3.0");
892 lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
894 Globals._preferred_master = Auto;
896 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
897 Globals.dns_zone_scavenging = false;
899 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
900 get_dyn_NTP_SIGND_SOCKET_DIR());
902 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
904 smb_panic("init_globals: ENOMEM");
906 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
910 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
913 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
915 smb_panic("init_globals: ENOMEM");
917 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
920 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
922 smb_panic("init_globals: ENOMEM");
924 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
927 Globals.apply_group_policies = false;
929 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
931 smb_panic("init_globals: ENOMEM");
933 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
936 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
938 Globals.cldap_port = 389;
940 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
942 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
944 Globals.krb5_port = 88;
946 Globals.kpasswd_port = 464;
948 Globals.aio_max_threads = 100;
950 lpcfg_string_set(Globals.ctx,
951 &Globals.rpc_server_dynamic_port_range,
953 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
954 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
955 Globals.prefork_children = 4;
956 Globals.prefork_backoff_increment = 10;
957 Globals.prefork_maximum_backoff = 120;
959 Globals.ldap_max_anonymous_request_size = 256000;
960 Globals.ldap_max_authenticated_request_size = 16777216;
961 Globals.ldap_max_search_request_size = 256000;
963 /* Async DNS query timeout (in seconds). */
964 Globals.async_dns_timeout = 10;
966 /* Now put back the settings that were set with lp_set_cmdline() */
967 apply_lp_set_cmdline();
970 /* Convenience routine to setup an lp_context with additional s3 variables */
971 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
973 struct loadparm_context *lp_ctx;
975 lp_ctx = loadparm_init_s3(mem_ctx,
976 loadparm_s3_helpers());
977 if (lp_ctx == NULL) {
978 DEBUG(0, ("loadparm_init_s3 failed\n"));
982 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
983 if (lp_ctx->sDefault == NULL) {
984 DBG_ERR("talloc_zero failed\n");
989 *lp_ctx->sDefault = _sDefault;
990 lp_ctx->services = NULL; /* We do not want to access this directly */
991 lp_ctx->bInGlobalSection = bInGlobalSection;
992 lp_ctx->flags = flags_list;
997 /*******************************************************************
998 Convenience routine to grab string parameters into talloced memory
999 and run standard_sub_basic on them. The buffers can be written to by
1000 callers without affecting the source string.
1001 ********************************************************************/
1003 static char *loadparm_s3_global_substitution_fn(
1004 TALLOC_CTX *mem_ctx,
1005 const struct loadparm_substitution *lp_sub,
1011 /* The follow debug is useful for tracking down memory problems
1012 especially if you have an inner loop that is calling a lp_*()
1013 function that returns a string. Perhaps this debug should be
1014 present all the time? */
1017 DEBUG(10, ("lp_string(%s)\n", s));
1023 ret = talloc_sub_basic(mem_ctx,
1024 get_current_username(),
1025 current_user_info.domain,
1027 if (trim_char(ret, '\"', '\"')) {
1028 if (strchr(ret,'\"') != NULL) {
1030 ret = talloc_sub_basic(mem_ctx,
1031 get_current_username(),
1032 current_user_info.domain,
1039 static const struct loadparm_substitution s3_global_substitution = {
1040 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1043 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1045 return &s3_global_substitution;
1049 In this section all the functions that are used to access the
1050 parameters from the rest of the program are defined
1053 #define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
1054 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
1055 {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
1056 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1057 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1058 #define FN_GLOBAL_LIST(fn_name,ptr) \
1059 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1060 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1061 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1062 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1063 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1064 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1065 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1067 #define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
1068 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
1069 {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1070 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1071 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1072 #define FN_LOCAL_LIST(fn_name,val) \
1073 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1074 #define FN_LOCAL_BOOL(fn_name,val) \
1075 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1076 #define FN_LOCAL_INTEGER(fn_name,val) \
1077 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1079 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1080 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1081 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1082 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1083 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1084 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1086 int lp_winbind_max_domain_connections(void)
1088 if (lp_winbind_offline_logon() &&
1089 lp__winbind_max_domain_connections() > 1) {
1090 DEBUG(1, ("offline logons active, restricting max domain "
1091 "connections to 1\n"));
1094 return MAX(1, lp__winbind_max_domain_connections());
1097 /* These functions remain in source3/param for now */
1099 #include "lib/param/param_functions.c"
1101 FN_LOCAL_SUBSTITUTED_STRING(servicename, szService)
1102 FN_LOCAL_CONST_STRING(const_servicename, szService)
1104 /* These functions cannot be auto-generated */
1105 FN_LOCAL_BOOL(autoloaded, autoloaded)
1106 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1108 /* local prototypes */
1110 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1111 static const char *get_boolean(bool bool_value);
1112 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1114 static bool hash_a_service(const char *name, int number);
1115 static void free_service_byindex(int iService);
1116 static void show_parameter(int parmIndex);
1117 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1118 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1121 * This is a helper function for parametrical options support. It returns a
1122 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1123 * parametrical functions are quite simple
1125 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1128 if (snum >= iNumServices) return NULL;
1131 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1133 return get_parametric_helper(ServicePtrs[snum],
1134 type, option, Globals.param_opt);
1138 static void discard_whitespace(char *str)
1140 size_t len = strlen(str);
1144 if (isspace(str[i])) {
1145 memmove(&str[i], &str[i+1], len-i);
1154 * @brief Go through all global parametric parameters
1156 * @param regex_str A regular expression to scan param for
1157 * @param max_matches Max number of submatches the regexp expects
1158 * @param cb Function to call on match. Should return true
1159 * when it wants wi_scan_global_parametrics to stop
1161 * @param private_data Anonymous pointer passed to cb
1163 * @return 0: success, regcomp/regexec return value on error.
1164 * See "man regexec" for possible errors
1167 int lp_wi_scan_global_parametrics(
1168 const char *regex_str, size_t max_matches,
1169 bool (*cb)(const char *string, regmatch_t matches[],
1170 void *private_data),
1173 struct parmlist_entry *data;
1177 ret = regcomp(®ex, regex_str, REG_ICASE);
1182 for (data = Globals.param_opt; data != NULL; data = data->next) {
1183 size_t keylen = strlen(data->key);
1185 regmatch_t matches[max_matches];
1188 memcpy(key, data->key, sizeof(key));
1189 discard_whitespace(key);
1191 ret = regexec(®ex, key, max_matches, matches, 0);
1192 if (ret == REG_NOMATCH) {
1199 stop = cb(key, matches, private_data);
1212 #define MISSING_PARAMETER(name) \
1213 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1215 /*******************************************************************
1216 convenience routine to return enum parameters.
1217 ********************************************************************/
1218 static int lp_enum(const char *s,const struct enum_list *_enum)
1222 if (!s || !*s || !_enum) {
1223 MISSING_PARAMETER(lp_enum);
1227 for (i=0; _enum[i].name; i++) {
1228 if (strequal(_enum[i].name,s))
1229 return _enum[i].value;
1232 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1236 #undef MISSING_PARAMETER
1238 /* Return parametric option from a given service. Type is a part of option before ':' */
1239 /* Parametric option has following syntax: 'Type: option = value' */
1240 char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
1241 const struct loadparm_substitution *lp_sub,
1247 struct parmlist_entry *data = get_parametrics(snum, type, option);
1249 SMB_ASSERT(lp_sub != NULL);
1251 if (data == NULL||data->value==NULL) {
1253 return lpcfg_substituted_string(mem_ctx, lp_sub, def);
1259 return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
1262 /* Return parametric option from a given service. Type is a part of option before ':' */
1263 /* Parametric option has following syntax: 'Type: option = value' */
1264 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1266 struct parmlist_entry *data = get_parametrics(snum, type, option);
1268 if (data == NULL||data->value==NULL)
1275 /* Return parametric option from a given service. Type is a part of option before ':' */
1276 /* Parametric option has following syntax: 'Type: option = value' */
1278 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1280 struct parmlist_entry *data = get_parametrics(snum, type, option);
1282 if (data == NULL||data->value==NULL)
1283 return (const char **)def;
1285 if (data->list==NULL) {
1286 data->list = str_list_make_v3(NULL, data->value, NULL);
1289 return discard_const_p(const char *, data->list);
1292 /* Return parametric option from a given service. Type is a part of option before ':' */
1293 /* Parametric option has following syntax: 'Type: option = value' */
1295 int lp_parm_int(int snum, const char *type, const char *option, int def)
1297 struct parmlist_entry *data = get_parametrics(snum, type, option);
1299 if (data && data->value && *data->value)
1300 return lp_int(data->value);
1305 /* Return parametric option from a given service. Type is a part of option before ':' */
1306 /* Parametric option has following syntax: 'Type: option = value' */
1308 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1310 struct parmlist_entry *data = get_parametrics(snum, type, option);
1312 if (data && data->value && *data->value)
1313 return lp_ulong(data->value);
1318 /* Return parametric option from a given service. Type is a part of option before ':' */
1319 /* Parametric option has following syntax: 'Type: option = value' */
1321 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1322 const char *option, unsigned long long def)
1324 struct parmlist_entry *data = get_parametrics(snum, type, option);
1326 if (data && data->value && *data->value) {
1327 return lp_ulonglong(data->value);
1333 /* Return parametric option from a given service. Type is a part of option
1335 /* Parametric option has following syntax: 'Type: option = value' */
1337 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1339 struct parmlist_entry *data = get_parametrics(snum, type, option);
1341 if (data && data->value && *data->value)
1342 return lp_bool(data->value);
1347 /* Return parametric option from a given service. Type is a part of option before ':' */
1348 /* Parametric option has following syntax: 'Type: option = value' */
1350 int lp_parm_enum(int snum, const char *type, const char *option,
1351 const struct enum_list *_enum, int def)
1353 struct parmlist_entry *data = get_parametrics(snum, type, option);
1355 if (data && data->value && *data->value && _enum)
1356 return lp_enum(data->value, _enum);
1362 * free a param_opts structure.
1363 * param_opts handling should be moved to talloc;
1364 * then this whole functions reduces to a TALLOC_FREE().
1367 static void free_param_opts(struct parmlist_entry **popts)
1369 struct parmlist_entry *opt, *next_opt;
1371 if (*popts != NULL) {
1372 DEBUG(5, ("Freeing parametrics:\n"));
1375 while (opt != NULL) {
1376 lpcfg_string_free(&opt->key);
1377 lpcfg_string_free(&opt->value);
1378 TALLOC_FREE(opt->list);
1379 next_opt = opt->next;
1386 /***************************************************************************
1387 Free the dynamically allocated parts of a service struct.
1388 ***************************************************************************/
1390 static void free_service(struct loadparm_service *pservice)
1395 if (pservice->szService)
1396 DEBUG(5, ("free_service: Freeing service %s\n",
1397 pservice->szService));
1399 free_parameters(pservice);
1401 lpcfg_string_free(&pservice->szService);
1402 TALLOC_FREE(pservice->copymap);
1404 free_param_opts(&pservice->param_opt);
1406 ZERO_STRUCTP(pservice);
1410 /***************************************************************************
1411 remove a service indexed in the ServicePtrs array from the ServiceHash
1412 and free the dynamically allocated parts
1413 ***************************************************************************/
1415 static void free_service_byindex(int idx)
1417 if ( !LP_SNUM_OK(idx) )
1420 ServicePtrs[idx]->valid = false;
1422 /* we have to cleanup the hash record */
1424 if (ServicePtrs[idx]->szService) {
1425 char *canon_name = canonicalize_servicename(
1427 ServicePtrs[idx]->szService );
1429 dbwrap_delete_bystring(ServiceHash, canon_name );
1430 TALLOC_FREE(canon_name);
1433 free_service(ServicePtrs[idx]);
1434 TALLOC_FREE(ServicePtrs[idx]);
1437 /***************************************************************************
1438 Add a new service to the services array initialising it with the given
1440 ***************************************************************************/
1442 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1445 struct loadparm_service **tsp = NULL;
1447 /* it might already exist */
1449 i = getservicebyname(name, NULL);
1455 /* Re use empty slots if any before allocating new one.*/
1456 for (i=0; i < iNumServices; i++) {
1457 if (ServicePtrs[i] == NULL) {
1461 if (i == iNumServices) {
1462 /* if not, then create one */
1463 tsp = talloc_realloc(NULL, ServicePtrs,
1464 struct loadparm_service *,
1467 DEBUG(0, ("add_a_service: failed to enlarge "
1474 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1475 if (!ServicePtrs[i]) {
1476 DEBUG(0,("add_a_service: out of memory!\n"));
1480 ServicePtrs[i]->valid = true;
1482 copy_service(ServicePtrs[i], pservice, NULL);
1484 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1487 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1488 i, ServicePtrs[i]->szService));
1490 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1497 /***************************************************************************
1498 Convert a string to uppercase and remove whitespaces.
1499 ***************************************************************************/
1501 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1506 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1510 result = talloc_strdup(ctx, src);
1511 SMB_ASSERT(result != NULL);
1513 if (!strlower_m(result)) {
1514 TALLOC_FREE(result);
1520 /***************************************************************************
1521 Add a name/index pair for the services array to the hash table.
1522 ***************************************************************************/
1524 static bool hash_a_service(const char *name, int idx)
1528 if ( !ServiceHash ) {
1529 DEBUG(10,("hash_a_service: creating servicehash\n"));
1530 ServiceHash = db_open_rbt(NULL);
1531 if ( !ServiceHash ) {
1532 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1537 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1540 canon_name = canonicalize_servicename(talloc_tos(), name );
1542 dbwrap_store_bystring(ServiceHash, canon_name,
1543 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1546 TALLOC_FREE(canon_name);
1551 /***************************************************************************
1552 Add a new home service, with the specified home directory, defaults coming
1554 ***************************************************************************/
1556 bool lp_add_home(const char *pszHomename, int iDefaultService,
1557 const char *user, const char *pszHomedir)
1559 const struct loadparm_substitution *lp_sub =
1560 loadparm_s3_global_substitution();
1564 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1565 pszHomedir[0] == '\0') {
1569 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1574 global_path = lp_path(talloc_tos(), lp_sub, GLOBAL_SECTION_SNUM);
1575 if (!(*(ServicePtrs[iDefaultService]->path))
1576 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1577 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1580 TALLOC_FREE(global_path);
1582 if (!(*(ServicePtrs[i]->comment))) {
1583 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1584 if (comment == NULL) {
1587 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1589 TALLOC_FREE(comment);
1592 /* set the browseable flag from the global default */
1594 ServicePtrs[i]->browseable = sDefault.browseable;
1595 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1597 ServicePtrs[i]->autoloaded = true;
1599 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1600 user, ServicePtrs[i]->path ));
1605 /***************************************************************************
1606 Add a new service, based on an old one.
1607 ***************************************************************************/
1609 int lp_add_service(const char *pszService, int iDefaultService)
1611 if (iDefaultService < 0) {
1612 return add_a_service(&sDefault, pszService);
1615 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1618 /***************************************************************************
1619 Add the IPC service.
1620 ***************************************************************************/
1622 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1624 char *comment = NULL;
1625 int i = add_a_service(&sDefault, ipc_name);
1630 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1631 Globals.server_string);
1632 if (comment == NULL) {
1636 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1637 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1638 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1639 ServicePtrs[i]->max_connections = 0;
1640 ServicePtrs[i]->available = true;
1641 ServicePtrs[i]->read_only = true;
1642 ServicePtrs[i]->guest_only = false;
1643 ServicePtrs[i]->administrative_share = true;
1644 ServicePtrs[i]->guest_ok = guest_ok;
1645 ServicePtrs[i]->printable = false;
1646 ServicePtrs[i]->browseable = sDefault.browseable;
1647 ServicePtrs[i]->autoloaded = false;
1649 DEBUG(3, ("adding IPC service\n"));
1651 TALLOC_FREE(comment);
1655 /***************************************************************************
1656 Add a new printer service, with defaults coming from service iFrom.
1657 ***************************************************************************/
1659 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1661 const char *comment = "From Printcap";
1662 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1667 /* note that we do NOT default the availability flag to true - */
1668 /* we take it from the default service passed. This allows all */
1669 /* dynamic printers to be disabled by disabling the [printers] */
1670 /* entry (if/when the 'available' keyword is implemented!). */
1672 /* the printer name is set to the service name. */
1673 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1675 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1677 /* set the browseable flag from the gloabl default */
1678 ServicePtrs[i]->browseable = sDefault.browseable;
1680 /* Printers cannot be read_only. */
1681 ServicePtrs[i]->read_only = false;
1682 /* No oplocks on printer services. */
1683 ServicePtrs[i]->oplocks = false;
1684 /* Printer services must be printable. */
1685 ServicePtrs[i]->printable = true;
1687 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1693 /***************************************************************************
1694 Check whether the given parameter name is valid.
1695 Parametric options (names containing a colon) are considered valid.
1696 ***************************************************************************/
1698 bool lp_parameter_is_valid(const char *pszParmName)
1700 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1701 (strchr(pszParmName, ':') != NULL));
1704 /***************************************************************************
1705 Check whether the given name is the name of a global parameter.
1706 Returns true for strings belonging to parameters of class
1707 P_GLOBAL, false for all other strings, also for parametric options
1708 and strings not belonging to any option.
1709 ***************************************************************************/
1711 bool lp_parameter_is_global(const char *pszParmName)
1713 int num = lpcfg_map_parameter(pszParmName);
1716 return (parm_table[num].p_class == P_GLOBAL);
1722 /**************************************************************************
1723 Determine the canonical name for a parameter.
1724 Indicate when it is an inverse (boolean) synonym instead of a
1726 **************************************************************************/
1728 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1733 if (!lp_parameter_is_valid(parm_name)) {
1738 num = map_parameter_canonical(parm_name, inverse);
1740 /* parametric option */
1741 *canon_parm = parm_name;
1743 *canon_parm = parm_table[num].label;
1750 /**************************************************************************
1751 Determine the canonical name for a parameter.
1752 Turn the value given into the inverse boolean expression when
1753 the synonym is an invers boolean synonym.
1756 - parm_name is a valid parameter name and
1757 - val is a valid value for this parameter and
1758 - in case the parameter is an inverse boolean synonym, if the val
1759 string could successfully be converted to the reverse bool.
1760 Return false in all other cases.
1761 **************************************************************************/
1763 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1765 const char **canon_parm,
1766 const char **canon_val)
1772 if (!lp_parameter_is_valid(parm_name)) {
1778 num = map_parameter_canonical(parm_name, &inverse);
1780 /* parametric option */
1781 *canon_parm = parm_name;
1786 *canon_parm = parm_table[num].label;
1788 if (!lp_invert_boolean(val, canon_val)) {
1796 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1801 /***************************************************************************
1802 Map a parameter's string representation to the index of the canonical
1803 form of the parameter (it might be a synonym).
1804 Returns -1 if the parameter string is not recognised.
1805 ***************************************************************************/
1807 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1809 int parm_num, canon_num;
1810 bool loc_inverse = false;
1812 parm_num = lpcfg_map_parameter(pszParmName);
1813 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1814 /* invalid, parametric or no canidate for synonyms ... */
1818 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1819 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1820 parm_num = canon_num;
1826 if (inverse != NULL) {
1827 *inverse = loc_inverse;
1832 /***************************************************************************
1833 return true if parameter number parm1 is a synonym of parameter
1834 number parm2 (parm2 being the principal name).
1835 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1837 ***************************************************************************/
1839 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1841 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1842 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1843 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1844 !(parm_table[parm2].flags & FLAG_SYNONYM))
1846 if (inverse != NULL) {
1847 if ((parm_table[parm1].type == P_BOOLREV) &&
1848 (parm_table[parm2].type == P_BOOL))
1860 /***************************************************************************
1861 Show one parameter's name, type, [values,] and flags.
1862 (helper functions for show_parameter_list)
1863 ***************************************************************************/
1865 static void show_parameter(int parmIndex)
1867 size_t enumIndex, flagIndex;
1872 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1873 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1874 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1875 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1876 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1878 printf("%s=%s", parm_table[parmIndex].label,
1879 type[parm_table[parmIndex].type]);
1880 if (parm_table[parmIndex].type == P_ENUM) {
1883 parm_table[parmIndex].enum_list[enumIndex].name;
1887 enumIndex ? "|" : "",
1888 parm_table[parmIndex].enum_list[enumIndex].name);
1893 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1894 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1897 flag_names[flagIndex]);
1902 /* output synonyms */
1904 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1905 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1906 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1907 parm_table[parmIndex2].label);
1908 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1910 printf(" (synonyms: ");
1915 printf("%s%s", parm_table[parmIndex2].label,
1916 inverse ? "[i]" : "");
1927 * Check the value for a P_ENUM
1929 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1933 for (i = 0; parm->enum_list[i].name; i++) {
1934 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1941 /**************************************************************************
1942 Check whether the given value is valid for the given parameter name.
1943 **************************************************************************/
1945 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1947 bool ret = false, tmp_bool;
1948 int num = lpcfg_map_parameter(parm_name), tmp_int;
1949 uint64_t tmp_int64 = 0;
1950 struct parm_struct *parm;
1952 /* parametric options (parameter names containing a colon) cannot
1953 be checked and are therefore considered valid. */
1954 if (strchr(parm_name, ':') != NULL) {
1959 parm = &parm_table[num];
1960 switch (parm->type) {
1963 ret = set_boolean(val, &tmp_bool);
1967 ret = (sscanf(val, "%d", &tmp_int) == 1);
1971 ret = (sscanf(val, "%o", &tmp_int) == 1);
1975 ret = check_enum_parameter(parm, val);
1979 if (conv_str_size_error(val, &tmp_int64) &&
1980 tmp_int64 <= INT_MAX) {
1997 /***************************************************************************
1998 Show all parameter's name, type, [values,] and flags.
1999 ***************************************************************************/
2001 void show_parameter_list(void)
2003 int classIndex, parmIndex;
2004 const char *section_names[] = { "local", "global", NULL};
2006 for (classIndex=0; section_names[classIndex]; classIndex++) {
2007 printf("[%s]\n", section_names[classIndex]);
2008 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
2009 if (parm_table[parmIndex].p_class == classIndex) {
2010 show_parameter(parmIndex);
2016 /***************************************************************************
2017 Get the standard string representation of a boolean value ("yes" or "no")
2018 ***************************************************************************/
2020 static const char *get_boolean(bool bool_value)
2022 static const char *yes_str = "yes";
2023 static const char *no_str = "no";
2025 return (bool_value ? yes_str : no_str);
2028 /***************************************************************************
2029 Provide the string of the negated boolean value associated to the boolean
2030 given as a string. Returns false if the passed string does not correctly
2031 represent a boolean.
2032 ***************************************************************************/
2034 bool lp_invert_boolean(const char *str, const char **inverse_str)
2038 if (!set_boolean(str, &val)) {
2042 *inverse_str = get_boolean(!val);
2046 /***************************************************************************
2047 Provide the canonical string representation of a boolean value given
2048 as a string. Return true on success, false if the string given does
2049 not correctly represent a boolean.
2050 ***************************************************************************/
2052 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2056 if (!set_boolean(str, &val)) {
2060 *canon_str = get_boolean(val);
2064 /***************************************************************************
2065 Find a service by name. Otherwise works like get_service.
2066 ***************************************************************************/
2068 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2075 if (ServiceHash == NULL) {
2079 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2081 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2084 if (NT_STATUS_IS_OK(status) &&
2085 (data.dptr != NULL) &&
2086 (data.dsize == sizeof(iService)))
2088 memcpy(&iService, data.dptr, sizeof(iService));
2091 TALLOC_FREE(canon_name);
2093 if ((iService != -1) && (LP_SNUM_OK(iService))
2094 && (pserviceDest != NULL)) {
2095 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2101 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2102 struct loadparm_service *lp_service(const char *pszServiceName)
2104 int iService = getservicebyname(pszServiceName, NULL);
2105 if (iService == -1 || !LP_SNUM_OK(iService)) {
2108 return ServicePtrs[iService];
2111 struct loadparm_service *lp_servicebynum(int snum)
2113 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2116 return ServicePtrs[snum];
2119 struct loadparm_service *lp_default_loadparm_service()
2124 static struct smbconf_ctx *lp_smbconf_ctx(void)
2127 static struct smbconf_ctx *conf_ctx = NULL;
2129 if (conf_ctx == NULL) {
2130 err = smbconf_init(NULL, &conf_ctx, "registry:");
2131 if (!SBC_ERROR_IS_OK(err)) {
2132 DEBUG(1, ("error initializing registry configuration: "
2133 "%s\n", sbcErrorString(err)));
2141 static bool process_smbconf_service(struct smbconf_service *service)
2146 if (service == NULL) {
2150 ret = lp_do_section(service->name, NULL);
2154 for (count = 0; count < service->num_params; count++) {
2156 if (!bInGlobalSection && bGlobalOnly) {
2159 const char *pszParmName = service->param_names[count];
2160 const char *pszParmValue = service->param_values[count];
2162 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2164 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2165 pszParmName, pszParmValue);
2172 if (iServiceIndex >= 0) {
2173 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2179 * load a service from registry and activate it
2181 bool process_registry_service(const char *service_name)
2184 struct smbconf_service *service = NULL;
2185 TALLOC_CTX *mem_ctx = talloc_stackframe();
2186 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2189 if (conf_ctx == NULL) {
2193 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2195 if (!smbconf_share_exists(conf_ctx, service_name)) {
2197 * Registry does not contain data for this service (yet),
2198 * but make sure lp_load doesn't return false.
2204 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2205 if (!SBC_ERROR_IS_OK(err)) {
2209 ret = process_smbconf_service(service);
2215 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2218 TALLOC_FREE(mem_ctx);
2223 * process_registry_globals
2225 static bool process_registry_globals(void)
2229 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2231 if (!bInGlobalSection && bGlobalOnly) {
2234 const char *pszParmName = "registry shares";
2235 const char *pszParmValue = "yes";
2237 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2239 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2240 pszParmName, pszParmValue);
2247 return process_registry_service(GLOBAL_NAME);
2250 bool process_registry_shares(void)
2254 struct smbconf_service **service = NULL;
2255 uint32_t num_shares = 0;
2256 TALLOC_CTX *mem_ctx = talloc_stackframe();
2257 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2260 if (conf_ctx == NULL) {
2264 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2265 if (!SBC_ERROR_IS_OK(err)) {
2271 for (count = 0; count < num_shares; count++) {
2272 if (strequal(service[count]->name, GLOBAL_NAME)) {
2275 ret = process_smbconf_service(service[count]);
2282 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2285 TALLOC_FREE(mem_ctx);
2290 * reload those shares from registry that are already
2291 * activated in the services array.
2293 static bool reload_registry_shares(void)
2298 for (i = 0; i < iNumServices; i++) {
2303 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2307 ret = process_registry_service(ServicePtrs[i]->szService);
2318 #define MAX_INCLUDE_DEPTH 100
2320 static uint8_t include_depth;
2323 * Free the file lists
2325 static void free_file_list(void)
2327 struct file_lists *f;
2328 struct file_lists *next;
2341 * Utility function for outsiders to check if we're running on registry.
2343 bool lp_config_backend_is_registry(void)
2345 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2349 * Utility function to check if the config backend is FILE.
2351 bool lp_config_backend_is_file(void)
2353 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2356 /*******************************************************************
2357 Check if a config file has changed date.
2358 ********************************************************************/
2360 bool lp_file_list_changed(void)
2362 struct file_lists *f = file_lists;
2364 DEBUG(6, ("lp_file_list_changed()\n"));
2367 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2368 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2370 if (conf_ctx == NULL) {
2373 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2376 DEBUGADD(6, ("registry config changed\n"));
2383 n2 = talloc_sub_basic(talloc_tos(),
2384 get_current_username(),
2385 current_user_info.domain,
2390 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2391 f->name, n2, ctime(&f->modtime)));
2393 mod_time = file_modtime(n2);
2396 ((f->modtime != mod_time) ||
2397 (f->subfname == NULL) ||
2398 (strcmp(n2, f->subfname) != 0)))
2401 ("file %s modified: %s\n", n2,
2403 f->modtime = mod_time;
2404 TALLOC_FREE(f->subfname);
2405 f->subfname = talloc_strdup(f, n2);
2406 if (f->subfname == NULL) {
2407 smb_panic("talloc_strdup failed");
2421 * Initialize iconv conversion descriptors.
2423 * This is called the first time it is needed, and also called again
2424 * every time the configuration is reloaded, because the charset or
2425 * codepage might have changed.
2427 static void init_iconv(void)
2429 struct smb_iconv_handle *ret = NULL;
2431 ret = reinit_iconv_handle(NULL,
2435 smb_panic("reinit_iconv_handle failed");
2439 /***************************************************************************
2440 Handle the include operation.
2441 ***************************************************************************/
2442 static bool bAllowIncludeRegistry = true;
2444 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2445 const char *pszParmValue, char **ptr)
2449 if (include_depth >= MAX_INCLUDE_DEPTH) {
2450 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2455 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2456 if (!bAllowIncludeRegistry) {
2459 if (lp_ctx->bInGlobalSection) {
2462 ret = process_registry_globals();
2466 DEBUG(1, ("\"include = registry\" only effective "
2467 "in %s section\n", GLOBAL_NAME));
2472 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2473 current_user_info.domain,
2476 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2478 if (service == NULL) {
2479 lpcfg_string_set(Globals.ctx, ptr, fname);
2481 lpcfg_string_set(service, ptr, fname);
2484 if (file_exist(fname)) {
2487 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2493 DEBUG(2, ("Can't find include file %s\n", fname));
2498 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2500 char *config_option = NULL;
2501 const char *range = NULL;
2504 SMB_ASSERT(low != NULL);
2505 SMB_ASSERT(high != NULL);
2507 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2511 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2513 if (config_option == NULL) {
2514 DEBUG(0, ("out of memory\n"));
2518 range = lp_parm_const_string(-1, config_option, "range", NULL);
2519 if (range == NULL) {
2520 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2524 if (sscanf(range, "%u - %u", low, high) != 2) {
2525 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2526 range, domain_name));
2533 talloc_free(config_option);
2538 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2540 return lp_idmap_range("*", low, high);
2543 const char *lp_idmap_backend(const char *domain_name)
2545 char *config_option = NULL;
2546 const char *backend = NULL;
2548 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2552 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2554 if (config_option == NULL) {
2555 DEBUG(0, ("out of memory\n"));
2559 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2560 if (backend == NULL) {
2561 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2566 talloc_free(config_option);
2570 const char *lp_idmap_default_backend(void)
2572 return lp_idmap_backend("*");
2575 /***************************************************************************
2576 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2577 ***************************************************************************/
2579 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2581 const char *suffix_string;
2583 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2584 Globals.ldap_suffix );
2585 if ( !suffix_string ) {
2586 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2590 return suffix_string;
2593 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2595 if (Globals._ldap_machine_suffix[0])
2596 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2598 return talloc_strdup(ctx, Globals.ldap_suffix);
2601 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2603 if (Globals._ldap_user_suffix[0])
2604 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2606 return talloc_strdup(ctx, Globals.ldap_suffix);
2609 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2611 if (Globals._ldap_group_suffix[0])
2612 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2614 return talloc_strdup(ctx, Globals.ldap_suffix);
2617 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2619 if (Globals._ldap_idmap_suffix[0])
2620 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2622 return talloc_strdup(ctx, Globals.ldap_suffix);
2626 return the parameter pointer for a parameter
2628 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2630 if (service == NULL) {
2631 if (parm->p_class == P_LOCAL)
2632 return (void *)(((char *)&sDefault)+parm->offset);
2633 else if (parm->p_class == P_GLOBAL)
2634 return (void *)(((char *)&Globals)+parm->offset);
2637 return (void *)(((char *)service) + parm->offset);
2641 /***************************************************************************
2642 Process a parameter for a particular service number. If snum < 0
2643 then assume we are in the globals.
2644 ***************************************************************************/
2646 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2648 TALLOC_CTX *frame = talloc_stackframe();
2649 struct loadparm_context *lp_ctx;
2652 lp_ctx = setup_lp_context(frame);
2653 if (lp_ctx == NULL) {
2659 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2661 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2662 pszParmName, pszParmValue);
2670 /***************************************************************************
2671 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2672 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2673 ***************************************************************************/
2675 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2678 parmnum = lpcfg_map_parameter(pszParmName);
2680 flags_list[parmnum] &= ~FLAG_CMDLINE;
2681 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2684 flags_list[parmnum] |= FLAG_CMDLINE;
2686 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2687 * be grouped in the table, so we don't have to search the
2690 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2691 && parm_table[i].p_class == parm_table[parmnum].p_class;
2693 flags_list[i] |= FLAG_CMDLINE;
2695 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2696 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2697 flags_list[i] |= FLAG_CMDLINE;
2703 /* it might be parametric */
2704 if (strchr(pszParmName, ':') != NULL) {
2705 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2709 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2713 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2716 TALLOC_CTX *frame = talloc_stackframe();
2717 struct loadparm_context *lp_ctx;
2719 lp_ctx = setup_lp_context(frame);
2720 if (lp_ctx == NULL) {
2725 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2731 /***************************************************************************
2732 Process a parameter.
2733 ***************************************************************************/
2735 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2738 if (!bInGlobalSection && bGlobalOnly)
2741 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2743 if (bInGlobalSection) {
2744 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2746 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2747 pszParmName, pszParmValue);
2752 static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
2755 * check that @vfs_objects includes all vfs modules required by an AD DC.
2757 static bool check_ad_dc_required_mods(const char **vfs_objects)
2763 for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
2765 for (j = 0; vfs_objects[j] != NULL; j++) {
2766 if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
2772 DEBUG(0, ("vfs objects specified without required AD "
2773 "DC module: %s\n", ad_dc_req_vfs_mods[i]));
2778 DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
2783 /***************************************************************************
2784 Initialize any local variables in the sDefault table, after parsing a
2786 ***************************************************************************/
2788 static void init_locals(void)
2791 * We run this check once the [globals] is parsed, to force
2792 * the VFS objects and other per-share settings we need for
2793 * the standard way a AD DC is operated. We may change these
2794 * as our code evolves, which is why we force these settings.
2796 * We can't do this at the end of lp_load_ex(), as by that
2797 * point the services have been loaded and they will already
2798 * have "" as their vfs objects.
2800 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2801 const char **vfs_objects = lp_vfs_objects(-1);
2802 if (vfs_objects != NULL) {
2803 /* ignore return, only warn if modules are missing */
2804 check_ad_dc_required_mods(vfs_objects);
2806 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2807 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2808 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2809 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2811 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2815 lp_do_parameter(-1, "map hidden", "no");
2816 lp_do_parameter(-1, "map system", "no");
2817 lp_do_parameter(-1, "map readonly", "no");
2818 lp_do_parameter(-1, "map archive", "no");
2819 lp_do_parameter(-1, "store dos attributes", "yes");
2823 /***************************************************************************
2824 Process a new section (service). At this stage all sections are services.
2825 Later we'll have special sections that permit server parameters to be set.
2826 Returns true on success, false on failure.
2827 ***************************************************************************/
2829 bool lp_do_section(const char *pszSectionName, void *userdata)
2831 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2833 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2834 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2836 /* if we were in a global section then do the local inits */
2837 if (bInGlobalSection && !isglobal)
2840 /* if we've just struck a global section, note the fact. */
2841 bInGlobalSection = isglobal;
2842 if (lp_ctx != NULL) {
2843 lp_ctx->bInGlobalSection = isglobal;
2846 /* check for multiple global sections */
2847 if (bInGlobalSection) {
2848 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2852 if (!bInGlobalSection && bGlobalOnly)
2855 /* if we have a current service, tidy it up before moving on */
2858 if (iServiceIndex >= 0)
2859 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2861 /* if all is still well, move to the next record in the services array */
2863 /* We put this here to avoid an odd message order if messages are */
2864 /* issued by the post-processing of a previous section. */
2865 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2867 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2868 if (iServiceIndex < 0) {
2869 DEBUG(0, ("Failed to add a new service\n"));
2872 /* Clean all parametric options for service */
2873 /* They will be added during parsing again */
2874 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2880 /***************************************************************************
2881 Display the contents of a parameter of a single services record.
2882 ***************************************************************************/
2884 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2886 bool result = false;
2887 struct loadparm_context *lp_ctx;
2889 lp_ctx = setup_lp_context(talloc_tos());
2890 if (lp_ctx == NULL) {
2895 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2897 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2899 TALLOC_FREE(lp_ctx);
2904 /***************************************************************************
2905 Display the contents of a single copy structure.
2906 ***************************************************************************/
2907 static void dump_copy_map(bool *pcopymap)
2913 printf("\n\tNon-Copied parameters:\n");
2915 for (i = 0; parm_table[i].label; i++)
2916 if (parm_table[i].p_class == P_LOCAL &&
2917 parm_table[i].ptr && !pcopymap[i] &&
2918 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2920 printf("\t\t%s\n", parm_table[i].label);
2925 /***************************************************************************
2926 Return TRUE if the passed service number is within range.
2927 ***************************************************************************/
2929 bool lp_snum_ok(int iService)
2931 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2934 /***************************************************************************
2935 Auto-load some home services.
2936 ***************************************************************************/
2938 static void lp_add_auto_services(const char *str)
2948 s = talloc_strdup(talloc_tos(), str);
2950 smb_panic("talloc_strdup failed");
2954 homes = lp_servicenumber(HOMES_NAME);
2956 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2957 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2960 if (lp_servicenumber(p) >= 0)
2963 home = get_user_home_dir(talloc_tos(), p);
2965 if (home && home[0] && homes >= 0)
2966 lp_add_home(p, homes, p, home);
2973 /***************************************************************************
2974 Auto-load one printer.
2975 ***************************************************************************/
2977 void lp_add_one_printer(const char *name, const char *comment,
2978 const char *location, void *pdata)
2980 int printers = lp_servicenumber(PRINTERS_NAME);
2983 if (lp_servicenumber(name) < 0) {
2984 lp_add_printer(name, printers);
2985 if ((i = lp_servicenumber(name)) >= 0) {
2986 lpcfg_string_set(ServicePtrs[i],
2987 &ServicePtrs[i]->comment, comment);
2988 ServicePtrs[i]->autoloaded = true;
2993 /***************************************************************************
2994 Have we loaded a services file yet?
2995 ***************************************************************************/
2997 bool lp_loaded(void)
3002 /***************************************************************************
3003 Unload unused services.
3004 ***************************************************************************/
3006 void lp_killunused(struct smbd_server_connection *sconn,
3007 bool (*snumused) (struct smbd_server_connection *, int))
3010 for (i = 0; i < iNumServices; i++) {
3014 /* don't kill autoloaded or usershare services */
3015 if ( ServicePtrs[i]->autoloaded ||
3016 ServicePtrs[i]->usershare == USERSHARE_VALID) {
3020 if (!snumused || !snumused(sconn, i)) {
3021 free_service_byindex(i);
3027 * Kill all except autoloaded and usershare services - convenience wrapper
3029 void lp_kill_all_services(void)
3031 lp_killunused(NULL, NULL);
3034 /***************************************************************************
3036 ***************************************************************************/
3038 void lp_killservice(int iServiceIn)
3040 if (VALID(iServiceIn)) {
3041 free_service_byindex(iServiceIn);
3045 /***************************************************************************
3046 Save the curent values of all global and sDefault parameters into the
3047 defaults union. This allows testparm to show only the
3048 changed (ie. non-default) parameters.
3049 ***************************************************************************/
3051 static void lp_save_defaults(void)
3054 struct parmlist_entry * parm;
3055 for (i = 0; parm_table[i].label; i++) {
3056 if (!(flags_list[i] & FLAG_CMDLINE)) {
3057 flags_list[i] |= FLAG_DEFAULT;
3060 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3061 && parm_table[i].p_class == parm_table[i - 1].p_class)
3063 switch (parm_table[i].type) {
3066 parm_table[i].def.lvalue = str_list_copy(
3067 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3073 &parm_table[i].def.svalue,
3074 *(char **)lp_parm_ptr(
3075 NULL, &parm_table[i]));
3076 if (parm_table[i].def.svalue == NULL) {
3077 smb_panic("lpcfg_string_set() failed");
3082 parm_table[i].def.bvalue =
3083 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3086 parm_table[i].def.cvalue =
3087 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3093 parm_table[i].def.ivalue =
3094 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3099 for (parm=Globals.param_opt; parm; parm=parm->next) {
3100 if (!(parm->priority & FLAG_CMDLINE)) {
3101 parm->priority |= FLAG_DEFAULT;
3105 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3106 if (!(parm->priority & FLAG_CMDLINE)) {
3107 parm->priority |= FLAG_DEFAULT;
3111 defaults_saved = true;
3114 /***********************************************************
3115 If we should send plaintext/LANMAN passwords in the clinet
3116 ************************************************************/
3118 static void set_allowed_client_auth(void)
3120 if (Globals.client_ntlmv2_auth) {
3121 Globals.client_lanman_auth = false;
3123 if (!Globals.client_lanman_auth) {
3124 Globals.client_plaintext_auth = false;
3128 /***************************************************************************
3130 The following code allows smbd to read a user defined share file.
3131 Yes, this is my intent. Yes, I'm comfortable with that...
3133 THE FOLLOWING IS SECURITY CRITICAL CODE.
3135 It washes your clothes, it cleans your house, it guards you while you sleep...
3136 Do not f%^k with it....
3137 ***************************************************************************/
3139 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3141 /***************************************************************************
3142 Check allowed stat state of a usershare file.
3143 Ensure we print out who is dicking with us so the admin can
3144 get their sorry ass fired.
3145 ***************************************************************************/
3147 static bool check_usershare_stat(const char *fname,
3148 const SMB_STRUCT_STAT *psbuf)
3150 if (!S_ISREG(psbuf->st_ex_mode)) {
3151 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3152 "not a regular file\n",
3153 fname, (unsigned int)psbuf->st_ex_uid ));
3157 /* Ensure this doesn't have the other write bit set. */
3158 if (psbuf->st_ex_mode & S_IWOTH) {
3159 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3160 "public write. Refusing to allow as a usershare file.\n",
3161 fname, (unsigned int)psbuf->st_ex_uid ));
3165 /* Should be 10k or less. */
3166 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3167 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3168 "too large (%u) to be a user share file.\n",
3169 fname, (unsigned int)psbuf->st_ex_uid,
3170 (unsigned int)psbuf->st_ex_size ));
3177 /***************************************************************************
3178 Parse the contents of a usershare file.
3179 ***************************************************************************/
3181 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3182 SMB_STRUCT_STAT *psbuf,
3183 const char *servicename,
3187 char **pp_sharepath,
3189 char **pp_cp_servicename,
3190 struct security_descriptor **ppsd,
3193 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3194 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3197 SMB_STRUCT_STAT sbuf;
3198 char *sharepath = NULL;
3199 char *comment = NULL;
3201 *pp_sharepath = NULL;
3204 *pallow_guest = false;
3207 return USERSHARE_MALFORMED_FILE;
3210 if (strcmp(lines[0], "#VERSION 1") == 0) {
3212 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3215 return USERSHARE_MALFORMED_FILE;
3218 return USERSHARE_BAD_VERSION;
3221 if (strncmp(lines[1], "path=", 5) != 0) {
3222 return USERSHARE_MALFORMED_PATH;
3225 sharepath = talloc_strdup(ctx, &lines[1][5]);
3227 return USERSHARE_POSIX_ERR;
3229 trim_string(sharepath, " ", " ");
3231 if (strncmp(lines[2], "comment=", 8) != 0) {
3232 return USERSHARE_MALFORMED_COMMENT_DEF;
3235 comment = talloc_strdup(ctx, &lines[2][8]);
3237 return USERSHARE_POSIX_ERR;
3239 trim_string(comment, " ", " ");
3240 trim_char(comment, '"', '"');
3242 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3243 return USERSHARE_MALFORMED_ACL_DEF;
3246 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3247 return USERSHARE_ACL_ERR;
3251 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3252 return USERSHARE_MALFORMED_ACL_DEF;
3254 if (lines[4][9] == 'y') {
3255 *pallow_guest = true;
3258 /* Backwards compatible extension to file version #2. */
3260 if (strncmp(lines[5], "sharename=", 10) != 0) {
3261 return USERSHARE_MALFORMED_SHARENAME_DEF;
3263 if (!strequal(&lines[5][10], servicename)) {
3264 return USERSHARE_BAD_SHARENAME;
3266 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3267 if (!*pp_cp_servicename) {
3268 return USERSHARE_POSIX_ERR;
3273 if (*pp_cp_servicename == NULL) {
3274 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3275 if (!*pp_cp_servicename) {
3276 return USERSHARE_POSIX_ERR;
3280 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3281 /* Path didn't change, no checks needed. */
3282 *pp_sharepath = sharepath;
3283 *pp_comment = comment;
3284 return USERSHARE_OK;
3287 /* The path *must* be absolute. */
3288 if (sharepath[0] != '/') {
3289 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3290 servicename, sharepath));
3291 return USERSHARE_PATH_NOT_ABSOLUTE;
3294 /* If there is a usershare prefix deny list ensure one of these paths
3295 doesn't match the start of the user given path. */
3296 if (prefixdenylist) {
3298 for ( i=0; prefixdenylist[i]; i++ ) {
3299 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3300 servicename, i, prefixdenylist[i], sharepath ));
3301 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3302 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3303 "usershare prefix deny list entries.\n",
3304 servicename, sharepath));
3305 return USERSHARE_PATH_IS_DENIED;
3310 /* If there is a usershare prefix allow list ensure one of these paths
3311 does match the start of the user given path. */
3313 if (prefixallowlist) {
3315 for ( i=0; prefixallowlist[i]; i++ ) {
3316 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3317 servicename, i, prefixallowlist[i], sharepath ));
3318 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3322 if (prefixallowlist[i] == NULL) {
3323 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3324 "usershare prefix allow list entries.\n",
3325 servicename, sharepath));
3326 return USERSHARE_PATH_NOT_ALLOWED;
3330 /* Ensure this is pointing to a directory. */
3331 dp = opendir(sharepath);
3334 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3335 servicename, sharepath));
3336 return USERSHARE_PATH_NOT_DIRECTORY;
3339 /* Ensure the owner of the usershare file has permission to share
3342 if (sys_stat(sharepath, &sbuf, false) == -1) {
3343 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3344 servicename, sharepath, strerror(errno) ));
3346 return USERSHARE_POSIX_ERR;
3351 if (!S_ISDIR(sbuf.st_ex_mode)) {
3352 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3353 servicename, sharepath ));
3354 return USERSHARE_PATH_NOT_DIRECTORY;
3357 /* Check if sharing is restricted to owner-only. */
3358 /* psbuf is the stat of the usershare definition file,
3359 sbuf is the stat of the target directory to be shared. */
3361 if (lp_usershare_owner_only()) {
3362 /* root can share anything. */
3363 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3364 return USERSHARE_PATH_NOT_ALLOWED;
3368 *pp_sharepath = sharepath;
3369 *pp_comment = comment;
3370 return USERSHARE_OK;
3373 /***************************************************************************
3374 Deal with a usershare file.
3377 -1 - Bad name, invalid contents.
3378 - service name already existed and not a usershare, problem
3379 with permissions to share directory etc.
3380 ***************************************************************************/
3382 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3384 SMB_STRUCT_STAT sbuf;
3385 SMB_STRUCT_STAT lsbuf;
3387 char *sharepath = NULL;
3388 char *comment = NULL;
3389 char *cp_service_name = NULL;
3390 char **lines = NULL;
3394 TALLOC_CTX *ctx = talloc_stackframe();
3395 struct security_descriptor *psd = NULL;
3396 bool guest_ok = false;
3397 char *canon_name = NULL;
3398 bool added_service = false;
3402 /* Ensure share name doesn't contain invalid characters. */
3403 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3404 DEBUG(0,("process_usershare_file: share name %s contains "
3405 "invalid characters (any of %s)\n",
3406 file_name, INVALID_SHARENAME_CHARS ));
3410 canon_name = canonicalize_servicename(ctx, file_name);
3415 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3420 /* Minimize the race condition by doing an lstat before we
3421 open and fstat. Ensure this isn't a symlink link. */
3423 if (sys_lstat(fname, &lsbuf, false) != 0) {
3424 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3425 fname, strerror(errno) ));
3429 /* This must be a regular file, not a symlink, directory or
3430 other strange filetype. */
3431 if (!check_usershare_stat(fname, &lsbuf)) {
3438 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3443 if (NT_STATUS_IS_OK(status) &&
3444 (data.dptr != NULL) &&
3445 (data.dsize == sizeof(iService))) {
3446 memcpy(&iService, data.dptr, sizeof(iService));
3450 if (iService != -1 &&
3451 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3452 &lsbuf.st_ex_mtime) == 0) {
3453 /* Nothing changed - Mark valid and return. */
3454 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3456 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3461 /* Try and open the file read only - no symlinks allowed. */
3463 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3465 fd = open(fname, O_RDONLY, 0);
3469 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3470 fname, strerror(errno) ));
3474 /* Now fstat to be *SURE* it's a regular file. */
3475 if (sys_fstat(fd, &sbuf, false) != 0) {
3477 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3478 fname, strerror(errno) ));
3482 /* Is it the same dev/inode as was lstated ? */
3483 if (!check_same_stat(&lsbuf, &sbuf)) {
3485 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3486 "Symlink spoofing going on ?\n", fname ));
3490 /* This must be a regular file, not a symlink, directory or
3491 other strange filetype. */
3492 if (!check_usershare_stat(fname, &sbuf)) {
3497 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3500 if (lines == NULL) {
3501 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3502 fname, (unsigned int)sbuf.st_ex_uid ));
3506 if (parse_usershare_file(ctx, &sbuf, file_name,
3507 iService, lines, numlines, &sharepath,
3508 &comment, &cp_service_name,
3509 &psd, &guest_ok) != USERSHARE_OK) {
3513 /* Everything ok - add the service possibly using a template. */
3515 const struct loadparm_service *sp = &sDefault;
3516 if (snum_template != -1) {
3517 sp = ServicePtrs[snum_template];
3520 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3521 DEBUG(0, ("process_usershare_file: Failed to add "
3522 "new service %s\n", cp_service_name));
3526 added_service = true;
3528 /* Read only is controlled by usershare ACL below. */
3529 ServicePtrs[iService]->read_only = false;
3532 /* Write the ACL of the new/modified share. */
3533 status = set_share_security(canon_name, psd);
3534 if (!NT_STATUS_IS_OK(status)) {
3535 DEBUG(0, ("process_usershare_file: Failed to set share "
3536 "security for user share %s\n",
3541 /* If from a template it may be marked invalid. */
3542 ServicePtrs[iService]->valid = true;
3544 /* Set the service as a valid usershare. */
3545 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3547 /* Set guest access. */
3548 if (lp_usershare_allow_guests()) {
3549 ServicePtrs[iService]->guest_ok = guest_ok;
3552 /* And note when it was loaded. */
3553 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3554 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3556 lpcfg_string_set(ServicePtrs[iService],
3557 &ServicePtrs[iService]->comment, comment);
3563 if (ret == -1 && iService != -1 && added_service) {
3564 lp_remove_service(iService);
3572 /***************************************************************************
3573 Checks if a usershare entry has been modified since last load.
3574 ***************************************************************************/
3576 static bool usershare_exists(int iService, struct timespec *last_mod)
3578 SMB_STRUCT_STAT lsbuf;
3579 const char *usersharepath = Globals.usershare_path;
3582 fname = talloc_asprintf(talloc_tos(),
3585 ServicePtrs[iService]->szService);
3586 if (fname == NULL) {
3590 if (sys_lstat(fname, &lsbuf, false) != 0) {
3595 if (!S_ISREG(lsbuf.st_ex_mode)) {
3601 *last_mod = lsbuf.st_ex_mtime;
3605 static bool usershare_directory_is_root(uid_t uid)
3611 if (uid_wrapper_enabled()) {
3618 /***************************************************************************
3619 Load a usershare service by name. Returns a valid servicenumber or -1.
3620 ***************************************************************************/
3622 int load_usershare_service(const char *servicename)
3624 SMB_STRUCT_STAT sbuf;
3625 const char *usersharepath = Globals.usershare_path;
3626 int max_user_shares = Globals.usershare_max_shares;
3627 int snum_template = -1;
3629 if (*usersharepath == 0 || max_user_shares == 0) {
3633 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3634 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3635 usersharepath, strerror(errno) ));
3639 if (!S_ISDIR(sbuf.st_ex_mode)) {
3640 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3646 * This directory must be owned by root, and have the 't' bit set.
3647 * It also must not be writable by "other".
3651 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3652 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3654 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3655 (sbuf.st_ex_mode & S_IWOTH)) {
3657 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3658 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3663 /* Ensure the template share exists if it's set. */
3664 if (Globals.usershare_template_share[0]) {
3665 /* We can't use lp_servicenumber here as we are recommending that
3666 template shares have -valid=false set. */
3667 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3668 if (ServicePtrs[snum_template]->szService &&
3669 strequal(ServicePtrs[snum_template]->szService,
3670 Globals.usershare_template_share)) {
3675 if (snum_template == -1) {
3676 DEBUG(0,("load_usershare_service: usershare template share %s "
3677 "does not exist.\n",
3678 Globals.usershare_template_share ));
3683 return process_usershare_file(usersharepath, servicename, snum_template);
3686 /***************************************************************************
3687 Load all user defined shares from the user share directory.
3688 We only do this if we're enumerating the share list.
3689 This is the function that can delete usershares that have
3691 ***************************************************************************/
3693 int load_usershare_shares(struct smbd_server_connection *sconn,
3694 bool (*snumused) (struct smbd_server_connection *, int))
3697 SMB_STRUCT_STAT sbuf;
3699 int num_usershares = 0;
3700 int max_user_shares = Globals.usershare_max_shares;
3701 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3702 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3703 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3705 int snum_template = -1;
3706 const char *usersharepath = Globals.usershare_path;
3707 int ret = lp_numservices();
3708 TALLOC_CTX *tmp_ctx;
3710 if (max_user_shares == 0 || *usersharepath == '\0') {
3711 return lp_numservices();
3714 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3715 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3716 usersharepath, strerror(errno) ));
3721 * This directory must be owned by root, and have the 't' bit set.
3722 * It also must not be writable by "other".
3726 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3728 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3730 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3731 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3736 /* Ensure the template share exists if it's set. */
3737 if (Globals.usershare_template_share[0]) {
3738 /* We can't use lp_servicenumber here as we are recommending that
3739 template shares have -valid=false set. */
3740 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3741 if (ServicePtrs[snum_template]->szService &&
3742 strequal(ServicePtrs[snum_template]->szService,
3743 Globals.usershare_template_share)) {
3748 if (snum_template == -1) {
3749 DEBUG(0,("load_usershare_shares: usershare template share %s "
3750 "does not exist.\n",
3751 Globals.usershare_template_share ));
3756 /* Mark all existing usershares as pending delete. */
3757 for (iService = iNumServices - 1; iService >= 0; iService--) {
3758 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3759 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3763 dp = opendir(usersharepath);
3765 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3766 usersharepath, strerror(errno) ));
3770 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3772 num_dir_entries++ ) {
3774 const char *n = de->d_name;
3776 /* Ignore . and .. */
3778 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3784 /* Temporary file used when creating a share. */
3785 num_tmp_dir_entries++;
3788 /* Allow 20% tmp entries. */
3789 if (num_tmp_dir_entries > allowed_tmp_entries) {
3790 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3791 "in directory %s\n",
3792 num_tmp_dir_entries, usersharepath));
3796 r = process_usershare_file(usersharepath, n, snum_template);
3798 /* Update the services count. */
3800 if (num_usershares >= max_user_shares) {
3801 DEBUG(0,("load_usershare_shares: max user shares reached "
3802 "on file %s in directory %s\n",
3803 n, usersharepath ));
3806 } else if (r == -1) {
3807 num_bad_dir_entries++;
3810 /* Allow 20% bad entries. */
3811 if (num_bad_dir_entries > allowed_bad_entries) {
3812 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3813 "in directory %s\n",
3814 num_bad_dir_entries, usersharepath));
3818 /* Allow 20% bad entries. */
3819 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3820 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3821 "in directory %s\n",
3822 num_dir_entries, usersharepath));
3829 /* Sweep through and delete any non-refreshed usershares that are
3830 not currently in use. */
3831 tmp_ctx = talloc_stackframe();
3832 for (iService = iNumServices - 1; iService >= 0; iService--) {
3833 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3834 const struct loadparm_substitution *lp_sub =
3835 loadparm_s3_global_substitution();
3838 if (snumused && snumused(sconn, iService)) {
3842 servname = lp_servicename(tmp_ctx, lp_sub, iService);
3844 /* Remove from the share ACL db. */
3845 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3847 delete_share_security(servname);
3848 free_service_byindex(iService);
3851 talloc_free(tmp_ctx);
3853 return lp_numservices();
3856 /********************************************************
3857 Destroy global resources allocated in this file
3858 ********************************************************/
3860 void gfree_loadparm(void)
3866 /* Free resources allocated to services */
3868 for ( i = 0; i < iNumServices; i++ ) {
3870 free_service_byindex(i);
3874 TALLOC_FREE( ServicePtrs );
3877 /* Now release all resources allocated to global
3878 parameters and the default service */
3880 free_global_parameters();
3884 /***************************************************************************
3885 Allow client apps to specify that they are a client
3886 ***************************************************************************/
3887 static void lp_set_in_client(bool b)
3893 /***************************************************************************
3894 Determine if we're running in a client app
3895 ***************************************************************************/
3896 static bool lp_is_in_client(void)
3901 static void lp_enforce_ad_dc_settings(void)
3903 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3904 lp_do_parameter(GLOBAL_SECTION_SNUM,
3905 "winbindd:use external pipes", "true");
3906 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3907 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3908 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3909 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3910 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3911 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3912 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3913 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3914 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3917 /***************************************************************************
3918 Load the services array from the services file. Return true on success,
3920 ***************************************************************************/
3922 static bool lp_load_ex(const char *pszFname,
3926 bool reinit_globals,
3927 bool allow_include_registry,
3928 bool load_all_shares)
3932 TALLOC_CTX *frame = talloc_stackframe();
3933 struct loadparm_context *lp_ctx;
3934 int max_protocol, min_protocol;
3936 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3938 bInGlobalSection = true;
3939 bGlobalOnly = global_only;
3940 bAllowIncludeRegistry = allow_include_registry;
3941 sDefault = _sDefault;
3943 lp_ctx = setup_lp_context(talloc_tos());
3945 init_globals(lp_ctx, reinit_globals);
3949 if (save_defaults) {
3954 if (!reinit_globals) {
3955 free_param_opts(&Globals.param_opt);
3956 apply_lp_set_cmdline();
3959 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3961 /* We get sections first, so have to start 'behind' to make up */
3964 if (lp_config_backend_is_file()) {
3965 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3966 current_user_info.domain,
3969 smb_panic("lp_load_ex: out of memory");
3972 add_to_file_list(NULL, &file_lists, pszFname, n2);
3974 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3977 /* finish up the last section */
3978 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3980 if (iServiceIndex >= 0) {
3981 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3985 if (lp_config_backend_is_registry()) {
3987 /* config backend changed to registry in config file */
3989 * We need to use this extra global variable here to
3990 * survive restart: init_globals uses this as a default
3991 * for config_backend. Otherwise, init_globals would
3992 * send us into an endless loop here.
3995 config_backend = CONFIG_BACKEND_REGISTRY;
3997 DEBUG(1, ("lp_load_ex: changing to config backend "
3999 init_globals(lp_ctx, true);
4001 TALLOC_FREE(lp_ctx);
4003 lp_kill_all_services();
4004 ok = lp_load_ex(pszFname, global_only, save_defaults,
4005 add_ipc, reinit_globals,
4006 allow_include_registry,
4011 } else if (lp_config_backend_is_registry()) {
4012 bRetval = process_registry_globals();
4014 DEBUG(0, ("Illegal config backend given: %d\n",
4015 lp_config_backend()));
4019 if (bRetval && lp_registry_shares()) {
4020 if (load_all_shares) {
4021 bRetval = process_registry_shares();
4023 bRetval = reload_registry_shares();
4028 const struct loadparm_substitution *lp_sub =
4029 loadparm_s3_global_substitution();
4030 char *serv = lp_auto_services(talloc_tos(), lp_sub);
4031 lp_add_auto_services(serv);
4036 /* When 'restrict anonymous = 2' guest connections to ipc$
4038 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
4039 if ( lp_enable_asu_support() ) {
4040 lp_add_ipc("ADMIN$", false);
4044 set_allowed_client_auth();
4046 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
4047 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
4048 lp_password_server()));
4053 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4054 /* if we_are_a_wins_server is true and we are in the client */
4055 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4056 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4061 fault_configure(smb_panic_s3);
4064 * We run this check once the whole smb.conf is parsed, to
4065 * force some settings for the standard way a AD DC is
4066 * operated. We may change these as our code evolves, which
4067 * is why we force these settings.
4069 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4070 lp_enforce_ad_dc_settings();
4073 bAllowIncludeRegistry = true;
4075 /* Check if command line max protocol < min protocol, if so
4076 * report a warning to the user.
4078 max_protocol = lp_client_max_protocol();
4079 min_protocol = lp_client_min_protocol();
4080 if (max_protocol < min_protocol) {
4081 const char *max_protocolp, *min_protocolp;
4082 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4083 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4084 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4085 max_protocolp, min_protocolp);
4092 static bool lp_load(const char *pszFname,
4096 bool reinit_globals)
4098 return lp_load_ex(pszFname,
4103 true, /* allow_include_registry */
4104 false); /* load_all_shares*/
4107 bool lp_load_initial_only(const char *pszFname)
4109 return lp_load_ex(pszFname,
4110 true, /* global only */
4111 true, /* save_defaults */
4112 false, /* add_ipc */
4113 true, /* reinit_globals */
4114 false, /* allow_include_registry */
4115 false); /* load_all_shares*/
4119 * most common lp_load wrapper, loading only the globals
4121 * If this is used in a daemon or client utility it should be called
4122 * after processing popt.
4124 bool lp_load_global(const char *file_name)
4126 return lp_load(file_name,
4127 true, /* global_only */
4128 false, /* save_defaults */
4129 false, /* add_ipc */
4130 true); /* reinit_globals */
4134 * The typical lp_load wrapper with shares, loads global and
4135 * shares, including IPC, but does not force immediate
4136 * loading of all shares from registry.
4138 bool lp_load_with_shares(const char *file_name)
4140 return lp_load(file_name,
4141 false, /* global_only */
4142 false, /* save_defaults */
4144 true); /* reinit_globals */
4148 * lp_load wrapper, especially for clients
4150 bool lp_load_client(const char *file_name)
4152 lp_set_in_client(true);
4154 return lp_load_global(file_name);
4158 * lp_load wrapper, loading only globals, but intended
4159 * for subsequent calls, not reinitializing the globals
4162 bool lp_load_global_no_reinit(const char *file_name)
4164 return lp_load(file_name,
4165 true, /* global_only */
4166 false, /* save_defaults */
4167 false, /* add_ipc */
4168 false); /* reinit_globals */
4172 * lp_load wrapper, loading globals and shares,
4173 * intended for subsequent calls, i.e. not reinitializing
4174 * the globals to default values.
4176 bool lp_load_no_reinit(const char *file_name)
4178 return lp_load(file_name,
4179 false, /* global_only */
4180 false, /* save_defaults */
4181 false, /* add_ipc */
4182 false); /* reinit_globals */
4187 * lp_load wrapper, especially for clients, no reinitialization
4189 bool lp_load_client_no_reinit(const char *file_name)
4191 lp_set_in_client(true);
4193 return lp_load_global_no_reinit(file_name);
4196 bool lp_load_with_registry_shares(const char *pszFname)
4198 return lp_load_ex(pszFname,
4199 false, /* global_only */
4200 true, /* save_defaults */
4201 false, /* add_ipc */
4202 true, /* reinit_globals */
4203 true, /* allow_include_registry */
4204 true); /* load_all_shares*/
4207 /***************************************************************************
4208 Return the max number of services.
4209 ***************************************************************************/
4211 int lp_numservices(void)
4213 return (iNumServices);
4216 /***************************************************************************
4217 Display the contents of the services array in human-readable form.
4218 ***************************************************************************/
4220 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4223 struct loadparm_context *lp_ctx;
4226 defaults_saved = false;
4228 lp_ctx = setup_lp_context(talloc_tos());
4229 if (lp_ctx == NULL) {
4233 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4235 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4237 for (iService = 0; iService < maxtoprint; iService++) {
4239 lp_dump_one(f, show_defaults, iService);
4241 TALLOC_FREE(lp_ctx);
4244 /***************************************************************************
4245 Display the contents of one service in human-readable form.
4246 ***************************************************************************/
4248 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4251 if (ServicePtrs[snum]->szService[0] == '\0')
4253 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4254 flags_list, show_defaults);
4258 /***************************************************************************
4259 Return the number of the service with the given name, or -1 if it doesn't
4260 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4261 getservicebyname()! This works ONLY if all services have been loaded, and
4262 does not copy the found service.
4263 ***************************************************************************/
4265 int lp_servicenumber(const char *pszServiceName)
4268 fstring serviceName;
4270 if (!pszServiceName) {
4271 return GLOBAL_SECTION_SNUM;
4274 for (iService = iNumServices - 1; iService >= 0; iService--) {
4275 if (VALID(iService) && ServicePtrs[iService]->szService) {
4277 * The substitution here is used to support %U in
4280 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4281 standard_sub_basic(get_current_username(),
4282 current_user_info.domain,
4283 serviceName,sizeof(serviceName));
4284 if (strequal(serviceName, pszServiceName)) {
4290 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4291 struct timespec last_mod;
4293 if (!usershare_exists(iService, &last_mod)) {
4294 /* Remove the share security tdb entry for it. */
4295 delete_share_security(lp_const_servicename(iService));
4296 /* Remove it from the array. */
4297 free_service_byindex(iService);
4298 /* Doesn't exist anymore. */
4299 return GLOBAL_SECTION_SNUM;
4302 /* Has it been modified ? If so delete and reload. */
4303 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4305 /* Remove it from the array. */
4306 free_service_byindex(iService);
4307 /* and now reload it. */
4308 iService = load_usershare_service(pszServiceName);
4313 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4314 return GLOBAL_SECTION_SNUM;
4320 /*******************************************************************
4321 A useful volume label function.
4322 ********************************************************************/
4324 const char *volume_label(TALLOC_CTX *ctx, int snum)
4326 const struct loadparm_substitution *lp_sub =
4327 loadparm_s3_global_substitution();
4329 const char *label = lp_volume(ctx, lp_sub, snum);
4333 label = lp_servicename(ctx, lp_sub, snum);
4337 * Volume label can be a max of 32 bytes. Make sure to truncate
4338 * it at a codepoint boundary if it's longer than 32 and contains
4339 * multibyte characters. Windows insists on a volume label being
4340 * a valid mb sequence, and errors out if not.
4342 if (strlen(label) > 32) {
4344 * A MB char can be a max of 5 bytes, thus
4345 * we should have a valid mb character at a
4346 * minimum position of (32-5) = 27.
4350 * Check if a codepoint starting from next byte
4351 * is valid. If yes, then the current byte is the
4352 * end of a MB or ascii sequence and the label can
4353 * be safely truncated here. If not, keep going
4354 * backwards till a valid codepoint is found.
4357 const char *s = &label[end];
4358 codepoint_t c = next_codepoint(s, &len);
4359 if (c != INVALID_CODEPOINT) {
4366 /* This returns a max of 33 byte guarenteed null terminated string. */
4367 ret = talloc_strndup(ctx, label, end);
4374 /*******************************************************************
4375 Get the default server type we will announce as via nmbd.
4376 ********************************************************************/
4378 int lp_default_server_announce(void)
4380 int default_server_announce = 0;
4381 default_server_announce |= SV_TYPE_WORKSTATION;
4382 default_server_announce |= SV_TYPE_SERVER;
4383 default_server_announce |= SV_TYPE_SERVER_UNIX;
4385 /* note that the flag should be set only if we have a
4386 printer service but nmbd doesn't actually load the
4387 services so we can't tell --jerry */
4389 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4391 default_server_announce |= SV_TYPE_SERVER_NT;
4392 default_server_announce |= SV_TYPE_NT;
4394 switch (lp_server_role()) {
4395 case ROLE_DOMAIN_MEMBER:
4396 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4398 case ROLE_DOMAIN_PDC:
4399 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4401 case ROLE_DOMAIN_BDC:
4402 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4404 case ROLE_STANDALONE:
4408 if (lp_time_server())
4409 default_server_announce |= SV_TYPE_TIME_SOURCE;
4411 if (lp_host_msdfs())
4412 default_server_announce |= SV_TYPE_DFS_SERVER;
4414 return default_server_announce;
4417 /***********************************************************
4418 If we are PDC then prefer us as DMB
4419 ************************************************************/
4421 bool lp_domain_master(void)
4423 if (Globals._domain_master == Auto)
4424 return (lp_server_role() == ROLE_DOMAIN_PDC);
4426 return (bool)Globals._domain_master;
4429 /***********************************************************
4430 If we are PDC then prefer us as DMB
4431 ************************************************************/
4433 static bool lp_domain_master_true_or_auto(void)
4435 if (Globals._domain_master) /* auto or yes */
4441 /***********************************************************
4442 If we are DMB then prefer us as LMB
4443 ************************************************************/
4445 bool lp_preferred_master(void)
4447 int preferred_master = lp__preferred_master();
4449 if (preferred_master == Auto)
4450 return (lp_local_master() && lp_domain_master());
4452 return (bool)preferred_master;
4455 /*******************************************************************
4457 ********************************************************************/
4459 void lp_remove_service(int snum)
4461 ServicePtrs[snum]->valid = false;
4464 const char *lp_printername(TALLOC_CTX *ctx,
4465 const struct loadparm_substitution *lp_sub,
4468 const char *ret = lp__printername(ctx, lp_sub, snum);
4470 if (ret == NULL || *ret == '\0') {
4471 ret = lp_const_servicename(snum);
4478 /***********************************************************
4479 Allow daemons such as winbindd to fix their logfile name.
4480 ************************************************************/
4482 void lp_set_logfile(const char *name)
4484 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4485 debug_set_logfile(name);
4488 /*******************************************************************
4489 Return the max print jobs per queue.
4490 ********************************************************************/
4492 int lp_maxprintjobs(int snum)
4494 int maxjobs = lp_max_print_jobs(snum);
4496 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4497 maxjobs = PRINT_MAX_JOBID - 1;
4502 const char *lp_printcapname(void)
4504 const char *printcap_name = lp_printcap_name();
4506 if ((printcap_name != NULL) &&
4507 (printcap_name[0] != '\0'))
4508 return printcap_name;
4510 if (sDefault.printing == PRINT_CUPS) {
4514 if (sDefault.printing == PRINT_BSD)
4515 return "/etc/printcap";
4517 return PRINTCAP_NAME;
4520 static uint32_t spoolss_state;
4522 bool lp_disable_spoolss( void )
4524 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4525 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4527 return spoolss_state == SVCCTL_STOPPED ? true : false;
4530 void lp_set_spoolss_state( uint32_t state )
4532 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4534 spoolss_state = state;
4537 uint32_t lp_get_spoolss_state( void )
4539 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4542 /*******************************************************************
4543 Turn off sendfile if we find the underlying OS doesn't support it.
4544 ********************************************************************/
4546 void set_use_sendfile(int snum, bool val)
4548 if (LP_SNUM_OK(snum))
4549 ServicePtrs[snum]->_use_sendfile = val;
4551 sDefault._use_sendfile = val;
4554 void lp_set_mangling_method(const char *new_method)
4556 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4559 /*******************************************************************
4560 Global state for POSIX pathname processing.
4561 ********************************************************************/
4563 static bool posix_pathnames;
4565 bool lp_posix_pathnames(void)
4567 return posix_pathnames;
4570 /*******************************************************************
4571 Change everything needed to ensure POSIX pathname processing (currently
4573 ********************************************************************/
4575 void lp_set_posix_pathnames(void)
4577 posix_pathnames = true;
4580 /*******************************************************************
4581 Global state for POSIX lock processing - CIFS unix extensions.
4582 ********************************************************************/
4584 bool posix_default_lock_was_set;
4585 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4587 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4589 if (posix_default_lock_was_set) {
4590 return posix_cifsx_locktype;
4592 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4593 POSIX_LOCK : WINDOWS_LOCK;
4597 /*******************************************************************
4598 ********************************************************************/
4600 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4602 posix_default_lock_was_set = true;
4603 posix_cifsx_locktype = val;
4606 int lp_min_receive_file_size(void)
4608 int min_receivefile_size = lp_min_receivefile_size();
4610 if (min_receivefile_size < 0) {
4613 return min_receivefile_size;
4616 /*******************************************************************
4617 Safe wide links checks.
4618 This helper function always verify the validity of wide links,
4619 even after a configuration file reload.
4620 ********************************************************************/
4622 void widelinks_warning(int snum)
4624 if (lp_allow_insecure_wide_links()) {
4628 if (lp_unix_extensions() && lp_wide_links(snum)) {
4629 DBG_ERR("Share '%s' has wide links and unix extensions enabled. "
4630 "These parameters are incompatible. "
4631 "Wide links will be disabled for this share.\n",
4632 lp_const_servicename(snum));
4636 bool lp_widelinks(int snum)
4638 /* wide links is always incompatible with unix extensions */
4639 if (lp_unix_extensions()) {
4641 * Unless we have "allow insecure widelinks"
4644 if (!lp_allow_insecure_wide_links()) {
4649 return lp_wide_links(snum);
4652 int lp_server_role(void)
4654 return lp_find_server_role(lp__server_role(),
4656 lp__domain_logons(),
4657 lp_domain_master_true_or_auto());
4660 int lp_security(void)
4662 return lp_find_security(lp__server_role(),
4666 int lp_client_max_protocol(void)
4668 int client_max_protocol = lp__client_max_protocol();
4669 if (client_max_protocol == PROTOCOL_DEFAULT) {
4670 return PROTOCOL_LATEST;
4672 return client_max_protocol;
4675 int lp_client_ipc_min_protocol(void)
4677 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4678 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4679 client_ipc_min_protocol = lp_client_min_protocol();
4681 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4682 return PROTOCOL_NT1;
4684 return client_ipc_min_protocol;
4687 int lp_client_ipc_max_protocol(void)
4689 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4690 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4691 return PROTOCOL_LATEST;
4693 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4694 return PROTOCOL_NT1;
4696 return client_ipc_max_protocol;
4699 int lp_client_ipc_signing(void)
4701 int client_ipc_signing = lp__client_ipc_signing();
4702 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4703 return SMB_SIGNING_REQUIRED;
4705 return client_ipc_signing;
4708 int lp_rpc_low_port(void)
4710 return Globals.rpc_low_port;
4713 int lp_rpc_high_port(void)
4715 return Globals.rpc_high_port;
4719 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4721 * This also ensures it is disabled if NTLM is totally disabled
4723 bool lp_lanman_auth(void)
4725 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4727 if (ntlm_auth_level == NTLM_AUTH_ON) {
4728 return lp__lanman_auth();
4734 struct loadparm_global * get_globals(void)
4739 unsigned int * get_flags(void)
4741 if (flags_list == NULL) {
4742 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
4748 enum samba_weak_crypto lp_weak_crypto()
4750 if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
4751 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
4753 if (samba_gnutls_weak_crypto_allowed()) {
4754 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
4758 return Globals.weak_crypto;
4761 uint32_t lp_get_async_dns_timeout(void)
4763 uint32_t val = Globals.async_dns_timeout;
4765 * Clamp minimum async dns timeout to 1 second
4766 * as per the man page.