2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
57 #include "system/filesys.h"
59 #include "lib/param/loadparm.h"
60 #include "lib/param/param.h"
62 #include "lib/smbconf/smbconf.h"
63 #include "lib/smbconf/smbconf_init.h"
66 #include "../librpc/gen_ndr/svcctl.h"
68 #include "../libcli/smb/smb_signing.h"
69 #include "dbwrap/dbwrap.h"
70 #include "dbwrap/dbwrap_rbt.h"
71 #include "../lib/util/bitmap.h"
72 #include "librpc/gen_ndr/nbt.h"
73 #include "source4/lib/tls/tls.h"
74 #include "libcli/auth/ntlm_check.h"
76 #ifdef HAVE_SYS_SYSCTL_H
77 #include <sys/sysctl.h>
82 extern userdom_struct current_user_info;
84 /* the special value for the include parameter
85 * to be interpreted not as a file name but to
86 * trigger loading of the global smb.conf options
88 #ifndef INCLUDE_REGISTRY_NAME
89 #define INCLUDE_REGISTRY_NAME "registry"
92 static bool in_client = false; /* Not in the client by default */
93 static struct smbconf_csn conf_last_csn;
95 static int config_backend = CONFIG_BACKEND_FILE;
97 /* some helpful bits */
98 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
99 (ServicePtrs != NULL) && \
100 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
101 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
102 ServicePtrs[i]->valid)
104 #define USERSHARE_VALID 1
105 #define USERSHARE_PENDING_DELETE 2
107 static bool defaults_saved = false;
109 #include "lib/param/param_global.h"
111 static struct loadparm_global Globals;
113 /* This is a default service used to prime a services structure */
114 static const struct loadparm_service _sDefault =
119 .usershare_last_mod = {0, 0},
122 .invalid_users = NULL,
129 .root_preexec = NULL,
130 .root_postexec = NULL,
131 .cups_options = NULL,
132 .print_command = NULL,
134 .lprm_command = NULL,
135 .lppause_command = NULL,
136 .lpresume_command = NULL,
137 .queuepause_command = NULL,
138 .queueresume_command = NULL,
139 ._printername = NULL,
140 .printjob_username = NULL,
141 .dont_descend = NULL,
144 .magic_script = NULL,
145 .magic_output = NULL,
148 .veto_oplock_files = NULL,
158 .aio_write_behind = NULL,
159 .dfree_command = NULL,
160 .min_print_space = 0,
161 .max_print_jobs = 1000,
162 .max_reported_print_jobs = 0,
163 .write_cache_size = 0,
165 .force_create_mode = 0,
166 .directory_mask = 0755,
167 .force_directory_mode = 0,
168 .max_connections = 0,
169 .default_case = CASE_LOWER,
170 .printing = DEFAULT_PRINTING,
173 .dfree_cache_time = 0,
174 .preexec_close = false,
175 .root_preexec_close = false,
176 .case_sensitive = Auto,
177 .preserve_case = true,
178 .short_preserve_case = true,
179 .hide_dot_files = true,
180 .hide_special_files = false,
181 .hide_unreadable = false,
182 .hide_unwriteable_files = false,
184 .access_based_share_enum = false,
189 .administrative_share = false,
192 .print_notify_backchannel = false,
196 .store_dos_attributes = false,
197 .dmapi_support = false,
199 .strict_locking = Auto,
200 .posix_locking = true,
202 .kernel_oplocks = false,
203 .level2_oplocks = true,
204 .mangled_names = MANGLED_NAMES_YES,
206 .follow_symlinks = true,
207 .sync_always = false,
208 .strict_allocate = false,
209 .strict_rename = false,
211 .mangling_char = '~',
213 .delete_readonly = false,
214 .fake_oplocks = false,
215 .delete_veto_files = false,
216 .dos_filemode = false,
217 .dos_filetimes = true,
218 .dos_filetime_resolution = false,
219 .fake_directory_create_times = false,
220 .blocking_locks = true,
221 .inherit_permissions = false,
222 .inherit_acls = false,
223 .inherit_owner = false,
225 .msdfs_shuffle_referrals = false,
226 .use_client_driver = false,
227 .default_devmode = true,
228 .force_printername = false,
229 .nt_acl_support = true,
230 .force_unknown_acl_user = false,
231 ._use_sendfile = false,
232 .map_acl_inherit = false,
235 .acl_check_permissions = true,
236 .acl_map_full_control = true,
237 .acl_group_control = false,
238 .acl_allow_execute_always = false,
239 .allocation_roundup_size = SMB_ROUNDUP_ALLOCATION_SIZE,
242 .map_readonly = MAP_READONLY_YES,
243 .directory_name_cache_size = 100,
244 .smb_encrypt = SMB_SIGNING_DEFAULT,
245 .kernel_share_modes = true,
246 .durable_handles = true,
252 * This is a copy of the default service structure. Service options in the
253 * global section would otherwise overwrite the initial default values.
255 static struct loadparm_service sDefault;
257 /* local variables */
258 static struct loadparm_service **ServicePtrs = NULL;
259 static int iNumServices = 0;
260 static int iServiceIndex = 0;
261 static struct db_context *ServiceHash;
262 static bool bInGlobalSection = true;
263 static bool bGlobalOnly = false;
264 static struct file_lists *file_lists = NULL;
265 static unsigned int *flags_list = NULL;
267 static void set_allowed_client_auth(void);
269 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
270 static void free_param_opts(struct parmlist_entry **popts);
273 * Function to return the default value for the maximum number of open
274 * file descriptors permitted. This function tries to consult the
275 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
276 * the smaller of those.
278 static int max_open_files(void)
280 int sysctl_max = MAX_OPEN_FILES;
281 int rlimit_max = MAX_OPEN_FILES;
283 #ifdef HAVE_SYSCTLBYNAME
285 size_t size = sizeof(sysctl_max);
286 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
291 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
297 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
298 rlimit_max = rl.rlim_cur;
300 #if defined(RLIM_INFINITY)
301 if(rl.rlim_cur == RLIM_INFINITY)
302 rlimit_max = MAX_OPEN_FILES;
307 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
308 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
309 "minimum Windows limit (%d)\n",
311 MIN_OPEN_FILES_WINDOWS));
312 sysctl_max = MIN_OPEN_FILES_WINDOWS;
315 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
316 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
317 "minimum Windows limit (%d)\n",
319 MIN_OPEN_FILES_WINDOWS));
320 rlimit_max = MIN_OPEN_FILES_WINDOWS;
323 return MIN(sysctl_max, rlimit_max);
327 * Common part of freeing allocated data for one parameter.
329 static void free_one_parameter_common(void *parm_ptr,
330 struct parm_struct parm)
332 if ((parm.type == P_STRING) ||
333 (parm.type == P_USTRING))
335 lpcfg_string_free((char**)parm_ptr);
336 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
337 TALLOC_FREE(*((char***)parm_ptr));
342 * Free the allocated data for one parameter for a share
343 * given as a service struct.
345 static void free_one_parameter(struct loadparm_service *service,
346 struct parm_struct parm)
350 if (parm.p_class != P_LOCAL) {
354 parm_ptr = lp_parm_ptr(service, &parm);
356 free_one_parameter_common(parm_ptr, parm);
360 * Free the allocated parameter data of a share given
361 * as a service struct.
363 static void free_parameters(struct loadparm_service *service)
367 for (i=0; parm_table[i].label; i++) {
368 free_one_parameter(service, parm_table[i]);
373 * Free the allocated data for one parameter for a given share
374 * specified by an snum.
376 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
381 parm_ptr = lp_parm_ptr(NULL, &parm);
382 } else if (parm.p_class != P_LOCAL) {
385 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
388 free_one_parameter_common(parm_ptr, parm);
392 * Free the allocated parameter data for a share specified
395 static void free_parameters_by_snum(int snum)
399 for (i=0; parm_table[i].label; i++) {
400 free_one_parameter_by_snum(snum, parm_table[i]);
405 * Free the allocated global parameters.
407 static void free_global_parameters(void)
410 struct parm_struct *parm;
412 free_param_opts(&Globals.param_opt);
413 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
415 /* Reset references in the defaults because the context is going to be freed */
416 for (i=0; parm_table[i].label; i++) {
417 parm = &parm_table[i];
418 if ((parm->type == P_STRING) ||
419 (parm->type == P_USTRING)) {
420 if ((parm->def.svalue != NULL) &&
421 (*(parm->def.svalue) != '\0')) {
422 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
423 parm->def.svalue = NULL;
428 TALLOC_FREE(Globals.ctx);
431 struct lp_stored_option {
432 struct lp_stored_option *prev, *next;
437 static struct lp_stored_option *stored_options;
440 save options set by lp_set_cmdline() into a list. This list is
441 re-applied when we do a globals reset, so that cmdline set options
442 are sticky across reloads of smb.conf
444 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
446 struct lp_stored_option *entry, *entry_next;
447 for (entry = stored_options; entry != NULL; entry = entry_next) {
448 entry_next = entry->next;
449 if (strcmp(pszParmName, entry->label) == 0) {
450 DLIST_REMOVE(stored_options, entry);
456 entry = talloc(NULL, struct lp_stored_option);
461 entry->label = talloc_strdup(entry, pszParmName);
467 entry->value = talloc_strdup(entry, pszParmValue);
473 DLIST_ADD_END(stored_options, entry);
478 static bool apply_lp_set_cmdline(void)
480 struct lp_stored_option *entry = NULL;
481 for (entry = stored_options; entry != NULL; entry = entry->next) {
482 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
483 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
484 entry->label, entry->value));
491 /***************************************************************************
492 Initialise the global parameter structure.
493 ***************************************************************************/
495 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
497 static bool done_init = false;
501 /* If requested to initialize only once and we've already done it... */
502 if (!reinit_globals && done_init) {
503 /* ... then we have nothing more to do */
508 /* The logfile can be set before this is invoked. Free it if so. */
509 lpcfg_string_free(&Globals.logfile);
512 free_global_parameters();
515 /* This memset and the free_global_parameters() above will
516 * wipe out smb.conf options set with lp_set_cmdline(). The
517 * apply_lp_set_cmdline() call puts these values back in the
518 * table once the defaults are set */
519 ZERO_STRUCT(Globals);
521 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
523 /* Initialize the flags list if necessary */
524 if (flags_list == NULL) {
528 for (i = 0; parm_table[i].label; i++) {
529 if ((parm_table[i].type == P_STRING ||
530 parm_table[i].type == P_USTRING))
534 (char **)lp_parm_ptr(NULL, &parm_table[i]),
540 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
541 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
543 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
545 sDefault.ntvfs_handler = str_list_make_v3_const(NULL, "unixuid default", NULL);
547 DEBUG(3, ("Initialising global parameters\n"));
549 /* Must manually force to upper case here, as this does not go via the handler */
550 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
553 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
554 get_dyn_SMB_PASSWD_FILE());
555 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
556 get_dyn_PRIVATE_DIR());
557 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
558 get_dyn_BINDDNS_DIR());
560 /* use the new 'hash2' method by default, with a prefix of 1 */
561 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
562 Globals.mangle_prefix = 1;
564 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
566 /* using UTF8 by default allows us to support all chars */
567 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
568 DEFAULT_UNIX_CHARSET);
570 /* Use codepage 850 as a default for the dos character set */
571 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
572 DEFAULT_DOS_CHARSET);
575 * Allow the default PASSWD_CHAT to be overridden in local.h.
577 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
578 DEFAULT_PASSWD_CHAT);
580 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
582 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
583 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
585 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
587 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
589 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
591 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
594 * By default support explicit binding to broadcast
597 Globals.nmbd_bind_explicit_broadcast = true;
599 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
601 smb_panic("init_globals: ENOMEM");
603 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
606 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
607 "/bin/sleep 999999999");
610 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
611 DEFAULT_SOCKET_OPTIONS);
613 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
614 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
615 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
616 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
617 "\\\\%N\\%U\\profile");
619 Globals.name_resolve_order =
620 str_list_make_v3_const(Globals.ctx,
621 DEFAULT_NAME_RESOLVE_ORDER,
623 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
625 Globals.algorithmic_rid_base = BASE_RID;
627 Globals.load_printers = true;
628 Globals.printcap_cache_time = 750; /* 12.5 minutes */
630 Globals.config_backend = config_backend;
631 Globals._server_role = ROLE_AUTO;
633 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
634 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
635 Globals.max_xmit = 0x4104;
636 Globals.max_mux = 50; /* This is *needed* for profile support. */
637 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
638 Globals._disable_spoolss = false;
639 Globals.max_smbd_processes = 0;/* no limit specified */
640 Globals.username_level = 0;
641 Globals.deadtime = 0;
642 Globals.getwd_cache = true;
643 Globals.large_readwrite = true;
644 Globals.max_log_size = 5000;
645 Globals.max_open_files = max_open_files();
646 Globals.server_max_protocol = PROTOCOL_SMB3_11;
647 Globals.server_min_protocol = PROTOCOL_LANMAN1;
648 Globals._client_max_protocol = PROTOCOL_DEFAULT;
649 Globals.client_min_protocol = PROTOCOL_CORE;
650 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
651 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
652 Globals._security = SEC_AUTO;
653 Globals.encrypt_passwords = true;
654 Globals.client_schannel = true;
655 Globals.winbind_sealed_pipes = true;
656 Globals.require_strong_key = true;
657 Globals.server_schannel = true;
658 Globals.read_raw = true;
659 Globals.write_raw = true;
660 Globals.null_passwords = false;
661 Globals.old_password_allowed_period = 60;
662 Globals.obey_pam_restrictions = false;
664 Globals.syslog_only = false;
665 Globals.timestamp_logs = true;
666 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
667 Globals.debug_prefix_timestamp = false;
668 Globals.debug_hires_timestamp = true;
669 Globals.debug_pid = false;
670 Globals.debug_uid = false;
671 Globals.debug_class = false;
672 Globals.enable_core_files = true;
673 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
674 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
675 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
676 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
677 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
678 Globals.lm_interval = 60;
679 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
680 Globals.nis_homedir = false;
681 #ifdef WITH_NISPLUS_HOME
682 lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
683 "auto_home.org_dir");
685 lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
688 Globals.time_server = false;
689 Globals.bind_interfaces_only = false;
690 Globals.unix_password_sync = false;
691 Globals.pam_password_change = false;
692 Globals.passwd_chat_debug = false;
693 Globals.passwd_chat_timeout = 2; /* 2 second default. */
694 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
695 Globals.nt_status_support = true; /* Use NT status by default. */
696 Globals.smbd_profiling_level = 0;
697 Globals.stat_cache = true; /* use stat cache by default */
698 Globals.max_stat_cache_size = 256; /* 256k by default */
699 Globals.restrict_anonymous = 0;
700 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
701 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
702 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
703 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
704 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
705 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
706 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
708 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
710 Globals.map_to_guest = 0; /* By Default, "Never" */
711 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
712 Globals.enhanced_browsing = true;
713 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
714 #ifdef MMAP_BLACKLIST
715 Globals.use_mmap = false;
717 Globals.use_mmap = true;
719 Globals.unicode = true;
720 Globals.unix_extensions = true;
721 Globals.reset_on_zero_vc = false;
722 Globals.log_writeable_files_on_exit = false;
723 Globals.create_krb5_conf = true;
724 Globals.include_system_krb5_conf = true;
725 Globals._winbind_max_domain_connections = 1;
727 /* hostname lookups can be very expensive and are broken on
728 a large number of sites (tridge) */
729 Globals.hostname_lookups = false;
731 Globals.change_notify = true,
732 Globals.kernel_change_notify = true,
734 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
735 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
738 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
739 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
741 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
742 Globals.ldap_ssl = LDAP_SSL_START_TLS;
743 Globals.ldap_ssl_ads = false;
744 Globals.ldap_deref = -1;
745 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
746 Globals.ldap_delete_dn = false;
747 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
748 Globals.ldap_follow_referral = Auto;
749 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
750 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
751 Globals.ldap_page_size = LDAP_PAGE_SIZE;
753 Globals.ldap_debug_level = 0;
754 Globals.ldap_debug_threshold = 10;
756 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
758 Globals.ldap_server_require_strong_auth =
759 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
761 /* This is what we tell the afs client. in reality we set the token
762 * to never expire, though, when this runs out the afs client will
763 * forget the token. Set to 0 to get NEVERDATE.*/
764 Globals.afs_token_lifetime = 604800;
765 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
767 /* these parameters are set to defaults that are more appropriate
768 for the increasing samba install base:
770 as a member of the workgroup, that will possibly become a
771 _local_ master browser (lm = true). this is opposed to a forced
772 local master browser startup (pm = true).
774 doesn't provide WINS server service by default (wsupp = false),
775 and doesn't provide domain master browser services by default, either.
779 Globals.show_add_printer_wizard = true;
780 Globals.os_level = 20;
781 Globals.local_master = true;
782 Globals._domain_master = Auto; /* depending on _domain_logons */
783 Globals._domain_logons = false;
784 Globals.browse_list = true;
785 Globals.we_are_a_wins_server = false;
786 Globals.wins_proxy = false;
788 TALLOC_FREE(Globals.init_logon_delayed_hosts);
789 Globals.init_logon_delay = 100; /* 100 ms default delay */
791 Globals.wins_dns_proxy = true;
793 Globals.allow_trusted_domains = true;
794 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
796 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
797 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
799 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
800 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
801 dyn_WINBINDD_SOCKET_DIR);
803 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
804 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
806 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
808 Globals.cluster_addresses = NULL;
809 Globals.clustering = false;
810 Globals.ctdb_timeout = 0;
811 Globals.ctdb_locktime_warn_threshold = 0;
813 Globals.winbind_cache_time = 300; /* 5 minutes */
814 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
815 Globals.winbind_request_timeout = 60; /* 60 seconds */
816 Globals.winbind_max_clients = 200;
817 Globals.winbind_enum_users = false;
818 Globals.winbind_enum_groups = false;
819 Globals.winbind_use_default_domain = false;
820 Globals.winbind_nested_groups = true;
821 Globals.winbind_expand_groups = 0;
822 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
823 Globals.winbind_refresh_tickets = false;
824 Globals.winbind_offline_logon = false;
825 Globals.winbind_scan_trusted_domains = true;
827 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
828 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
830 Globals.passdb_expand_explicit = false;
832 Globals.name_cache_timeout = 660; /* In seconds */
834 Globals.client_use_spnego = true;
836 Globals.client_signing = SMB_SIGNING_DEFAULT;
837 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
838 Globals.server_signing = SMB_SIGNING_DEFAULT;
840 Globals.defer_sharing_violations = true;
841 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
843 Globals.enable_privileges = true;
844 Globals.host_msdfs = true;
845 Globals.enable_asu_support = false;
847 /* User defined shares. */
848 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
850 smb_panic("init_globals: ENOMEM");
852 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
854 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
855 Globals.usershare_max_shares = 0;
856 /* By default disallow sharing of directories not owned by the sharer. */
857 Globals.usershare_owner_only = true;
858 /* By default disallow guest access to usershares. */
859 Globals.usershare_allow_guests = false;
861 Globals.keepalive = DEFAULT_KEEPALIVE;
863 /* By default no shares out of the registry */
864 Globals.registry_shares = false;
866 Globals.min_receivefile_size = 0;
868 Globals.multicast_dns_register = true;
870 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
871 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
872 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
873 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
874 Globals.smb2_leases = true;
876 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
877 get_dyn_NCALRPCDIR());
879 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
881 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
883 Globals.tls_enabled = true;
884 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
886 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
887 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
888 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
889 lpcfg_string_set(Globals.ctx, &Globals.tls_priority,
890 "NORMAL:-VERS-SSL3.0");
892 lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
894 Globals._preferred_master = Auto;
896 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
898 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
899 get_dyn_NTP_SIGND_SOCKET_DIR());
901 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
903 smb_panic("init_globals: ENOMEM");
905 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
909 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
912 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
914 smb_panic("init_globals: ENOMEM");
916 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
919 s = talloc_asprintf(talloc_tos(), "%s/samba_gpoupdate", get_dyn_SCRIPTSBINDIR());
921 smb_panic("init_globals: ENOMEM");
923 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
926 Globals.apply_group_policies = false;
928 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
930 smb_panic("init_globals: ENOMEM");
932 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
935 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
937 Globals.rndc_command = str_list_make_v3_const(NULL, "/usr/sbin/rndc", NULL);
939 Globals.cldap_port = 389;
941 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
943 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
945 Globals.krb5_port = 88;
947 Globals.kpasswd_port = 464;
949 Globals.web_port = 901;
951 Globals.aio_max_threads = 100;
953 lpcfg_string_set(Globals.ctx,
954 &Globals.rpc_server_dynamic_port_range,
956 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
957 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
958 Globals.prefork_children = 1;
960 /* Now put back the settings that were set with lp_set_cmdline() */
961 apply_lp_set_cmdline();
964 /* Convenience routine to setup an lp_context with additional s3 variables */
965 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
967 struct loadparm_context *lp_ctx;
969 lp_ctx = loadparm_init_s3(mem_ctx,
970 loadparm_s3_helpers());
971 if (lp_ctx == NULL) {
972 DEBUG(0, ("loadparm_init_s3 failed\n"));
976 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
977 if (lp_ctx->sDefault == NULL) {
978 DBG_ERR("talloc_zero failed\n");
983 *lp_ctx->sDefault = _sDefault;
984 lp_ctx->services = NULL; /* We do not want to access this directly */
985 lp_ctx->bInGlobalSection = bInGlobalSection;
986 lp_ctx->flags = flags_list;
991 /*******************************************************************
992 Convenience routine to grab string parameters into talloced memory
993 and run standard_sub_basic on them. The buffers can be written to by
994 callers without affecting the source string.
995 ********************************************************************/
997 char *lp_string(TALLOC_CTX *ctx, const char *s)
1001 /* The follow debug is useful for tracking down memory problems
1002 especially if you have an inner loop that is calling a lp_*()
1003 function that returns a string. Perhaps this debug should be
1004 present all the time? */
1007 DEBUG(10, ("lp_string(%s)\n", s));
1013 ret = talloc_sub_basic(ctx,
1014 get_current_username(),
1015 current_user_info.domain,
1017 if (trim_char(ret, '\"', '\"')) {
1018 if (strchr(ret,'\"') != NULL) {
1020 ret = talloc_sub_basic(ctx,
1021 get_current_username(),
1022 current_user_info.domain,
1030 In this section all the functions that are used to access the
1031 parameters from the rest of the program are defined
1034 #define FN_GLOBAL_STRING(fn_name,ptr) \
1035 char *lp_ ## fn_name(TALLOC_CTX *ctx) {return(lp_string((ctx), *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : ""));}
1036 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1037 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1038 #define FN_GLOBAL_LIST(fn_name,ptr) \
1039 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1040 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1041 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1042 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1043 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1044 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1045 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1047 #define FN_LOCAL_STRING(fn_name,val) \
1048 char *lp_ ## fn_name(TALLOC_CTX *ctx,int i) {return(lp_string((ctx), (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));}
1049 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1050 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1051 #define FN_LOCAL_LIST(fn_name,val) \
1052 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1053 #define FN_LOCAL_BOOL(fn_name,val) \
1054 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1055 #define FN_LOCAL_INTEGER(fn_name,val) \
1056 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1058 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1059 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1060 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1061 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1062 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1063 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1065 int lp_winbind_max_domain_connections(void)
1067 if (lp_winbind_offline_logon() &&
1068 lp__winbind_max_domain_connections() > 1) {
1069 DEBUG(1, ("offline logons active, restricting max domain "
1070 "connections to 1\n"));
1073 return MAX(1, lp__winbind_max_domain_connections());
1076 /* These functions remain in source3/param for now */
1078 #include "lib/param/param_functions.c"
1080 FN_LOCAL_STRING(servicename, szService)
1081 FN_LOCAL_CONST_STRING(const_servicename, szService)
1083 /* These functions cannot be auto-generated */
1084 FN_LOCAL_BOOL(autoloaded, autoloaded)
1085 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1087 /* local prototypes */
1089 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1090 static const char *get_boolean(bool bool_value);
1091 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1093 static bool hash_a_service(const char *name, int number);
1094 static void free_service_byindex(int iService);
1095 static void show_parameter(int parmIndex);
1096 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1097 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1100 * This is a helper function for parametrical options support. It returns a
1101 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1102 * parametrical functions are quite simple
1104 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1107 if (snum >= iNumServices) return NULL;
1110 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1112 return get_parametric_helper(ServicePtrs[snum],
1113 type, option, Globals.param_opt);
1117 static void discard_whitespace(char *str)
1119 size_t len = strlen(str);
1123 if (isspace(str[i])) {
1124 memmove(&str[i], &str[i+1], len-i);
1133 * @brief Go through all global parametric parameters
1135 * @param regex_str A regular expression to scan param for
1136 * @param max_matches Max number of submatches the regexp expects
1137 * @param cb Function to call on match. Should return true
1138 * when it wants wi_scan_global_parametrics to stop
1140 * @param private_data Anonymous pointer passed to cb
1142 * @return 0: success, regcomp/regexec return value on error.
1143 * See "man regexec" for possible errors
1146 int lp_wi_scan_global_parametrics(
1147 const char *regex_str, size_t max_matches,
1148 bool (*cb)(const char *string, regmatch_t matches[],
1149 void *private_data),
1152 struct parmlist_entry *data;
1156 ret = regcomp(®ex, regex_str, REG_ICASE);
1161 for (data = Globals.param_opt; data != NULL; data = data->next) {
1162 size_t keylen = strlen(data->key);
1164 regmatch_t matches[max_matches];
1167 memcpy(key, data->key, sizeof(key));
1168 discard_whitespace(key);
1170 ret = regexec(®ex, key, max_matches, matches, 0);
1171 if (ret == REG_NOMATCH) {
1178 stop = cb(key, matches, private_data);
1191 #define MISSING_PARAMETER(name) \
1192 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1194 /*******************************************************************
1195 convenience routine to return enum parameters.
1196 ********************************************************************/
1197 static int lp_enum(const char *s,const struct enum_list *_enum)
1201 if (!s || !*s || !_enum) {
1202 MISSING_PARAMETER(lp_enum);
1206 for (i=0; _enum[i].name; i++) {
1207 if (strequal(_enum[i].name,s))
1208 return _enum[i].value;
1211 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1215 #undef MISSING_PARAMETER
1217 /* Return parametric option from a given service. Type is a part of option before ':' */
1218 /* Parametric option has following syntax: 'Type: option = value' */
1219 char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def)
1221 struct parmlist_entry *data = get_parametrics(snum, type, option);
1223 if (data == NULL||data->value==NULL) {
1225 return lp_string(ctx, def);
1231 return lp_string(ctx, data->value);
1234 /* Return parametric option from a given service. Type is a part of option before ':' */
1235 /* Parametric option has following syntax: 'Type: option = value' */
1236 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1238 struct parmlist_entry *data = get_parametrics(snum, type, option);
1240 if (data == NULL||data->value==NULL)
1247 /* Return parametric option from a given service. Type is a part of option before ':' */
1248 /* Parametric option has following syntax: 'Type: option = value' */
1250 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1252 struct parmlist_entry *data = get_parametrics(snum, type, option);
1254 if (data == NULL||data->value==NULL)
1255 return (const char **)def;
1257 if (data->list==NULL) {
1258 data->list = str_list_make_v3(NULL, data->value, NULL);
1261 return discard_const_p(const char *, data->list);
1264 /* Return parametric option from a given service. Type is a part of option before ':' */
1265 /* Parametric option has following syntax: 'Type: option = value' */
1267 int lp_parm_int(int snum, const char *type, const char *option, int def)
1269 struct parmlist_entry *data = get_parametrics(snum, type, option);
1271 if (data && data->value && *data->value)
1272 return lp_int(data->value);
1277 /* Return parametric option from a given service. Type is a part of option before ':' */
1278 /* Parametric option has following syntax: 'Type: option = value' */
1280 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1282 struct parmlist_entry *data = get_parametrics(snum, type, option);
1284 if (data && data->value && *data->value)
1285 return lp_ulong(data->value);
1290 /* Return parametric option from a given service. Type is a part of option before ':' */
1291 /* Parametric option has following syntax: 'Type: option = value' */
1293 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1294 const char *option, unsigned long long def)
1296 struct parmlist_entry *data = get_parametrics(snum, type, option);
1298 if (data && data->value && *data->value) {
1299 return lp_ulonglong(data->value);
1305 /* Return parametric option from a given service. Type is a part of option
1307 /* Parametric option has following syntax: 'Type: option = value' */
1309 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1311 struct parmlist_entry *data = get_parametrics(snum, type, option);
1313 if (data && data->value && *data->value)
1314 return lp_bool(data->value);
1319 /* Return parametric option from a given service. Type is a part of option before ':' */
1320 /* Parametric option has following syntax: 'Type: option = value' */
1322 int lp_parm_enum(int snum, const char *type, const char *option,
1323 const struct enum_list *_enum, int def)
1325 struct parmlist_entry *data = get_parametrics(snum, type, option);
1327 if (data && data->value && *data->value && _enum)
1328 return lp_enum(data->value, _enum);
1334 * free a param_opts structure.
1335 * param_opts handling should be moved to talloc;
1336 * then this whole functions reduces to a TALLOC_FREE().
1339 static void free_param_opts(struct parmlist_entry **popts)
1341 struct parmlist_entry *opt, *next_opt;
1343 if (*popts != NULL) {
1344 DEBUG(5, ("Freeing parametrics:\n"));
1347 while (opt != NULL) {
1348 lpcfg_string_free(&opt->key);
1349 lpcfg_string_free(&opt->value);
1350 TALLOC_FREE(opt->list);
1351 next_opt = opt->next;
1358 /***************************************************************************
1359 Free the dynamically allocated parts of a service struct.
1360 ***************************************************************************/
1362 static void free_service(struct loadparm_service *pservice)
1367 if (pservice->szService)
1368 DEBUG(5, ("free_service: Freeing service %s\n",
1369 pservice->szService));
1371 free_parameters(pservice);
1373 lpcfg_string_free(&pservice->szService);
1374 TALLOC_FREE(pservice->copymap);
1376 free_param_opts(&pservice->param_opt);
1378 ZERO_STRUCTP(pservice);
1382 /***************************************************************************
1383 remove a service indexed in the ServicePtrs array from the ServiceHash
1384 and free the dynamically allocated parts
1385 ***************************************************************************/
1387 static void free_service_byindex(int idx)
1389 if ( !LP_SNUM_OK(idx) )
1392 ServicePtrs[idx]->valid = false;
1394 /* we have to cleanup the hash record */
1396 if (ServicePtrs[idx]->szService) {
1397 char *canon_name = canonicalize_servicename(
1399 ServicePtrs[idx]->szService );
1401 dbwrap_delete_bystring(ServiceHash, canon_name );
1402 TALLOC_FREE(canon_name);
1405 free_service(ServicePtrs[idx]);
1406 TALLOC_FREE(ServicePtrs[idx]);
1409 /***************************************************************************
1410 Add a new service to the services array initialising it with the given
1412 ***************************************************************************/
1414 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1417 struct loadparm_service **tsp = NULL;
1419 /* it might already exist */
1421 i = getservicebyname(name, NULL);
1427 /* Re use empty slots if any before allocating new one.*/
1428 for (i=0; i < iNumServices; i++) {
1429 if (ServicePtrs[i] == NULL) {
1433 if (i == iNumServices) {
1434 /* if not, then create one */
1435 tsp = talloc_realloc(NULL, ServicePtrs,
1436 struct loadparm_service *,
1439 DEBUG(0, ("add_a_service: failed to enlarge "
1446 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1447 if (!ServicePtrs[i]) {
1448 DEBUG(0,("add_a_service: out of memory!\n"));
1452 ServicePtrs[i]->valid = true;
1454 copy_service(ServicePtrs[i], pservice, NULL);
1456 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1459 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1460 i, ServicePtrs[i]->szService));
1462 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1469 /***************************************************************************
1470 Convert a string to uppercase and remove whitespaces.
1471 ***************************************************************************/
1473 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1478 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1482 result = talloc_strdup(ctx, src);
1483 SMB_ASSERT(result != NULL);
1485 if (!strlower_m(result)) {
1486 TALLOC_FREE(result);
1492 /***************************************************************************
1493 Add a name/index pair for the services array to the hash table.
1494 ***************************************************************************/
1496 static bool hash_a_service(const char *name, int idx)
1500 if ( !ServiceHash ) {
1501 DEBUG(10,("hash_a_service: creating servicehash\n"));
1502 ServiceHash = db_open_rbt(NULL);
1503 if ( !ServiceHash ) {
1504 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1509 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1512 canon_name = canonicalize_servicename(talloc_tos(), name );
1514 dbwrap_store_bystring(ServiceHash, canon_name,
1515 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1518 TALLOC_FREE(canon_name);
1523 /***************************************************************************
1524 Add a new home service, with the specified home directory, defaults coming
1526 ***************************************************************************/
1528 bool lp_add_home(const char *pszHomename, int iDefaultService,
1529 const char *user, const char *pszHomedir)
1533 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1534 pszHomedir[0] == '\0') {
1538 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1543 if (!(*(ServicePtrs[iDefaultService]->path))
1544 || strequal(ServicePtrs[iDefaultService]->path,
1545 lp_path(talloc_tos(), GLOBAL_SECTION_SNUM))) {
1546 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1550 if (!(*(ServicePtrs[i]->comment))) {
1551 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1552 if (comment == NULL) {
1555 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1557 TALLOC_FREE(comment);
1560 /* set the browseable flag from the global default */
1562 ServicePtrs[i]->browseable = sDefault.browseable;
1563 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1565 ServicePtrs[i]->autoloaded = true;
1567 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1568 user, ServicePtrs[i]->path ));
1573 /***************************************************************************
1574 Add a new service, based on an old one.
1575 ***************************************************************************/
1577 int lp_add_service(const char *pszService, int iDefaultService)
1579 if (iDefaultService < 0) {
1580 return add_a_service(&sDefault, pszService);
1583 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1586 /***************************************************************************
1587 Add the IPC service.
1588 ***************************************************************************/
1590 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1592 char *comment = NULL;
1593 int i = add_a_service(&sDefault, ipc_name);
1598 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1599 Globals.server_string);
1600 if (comment == NULL) {
1604 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1605 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1606 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1607 ServicePtrs[i]->max_connections = 0;
1608 ServicePtrs[i]->available = true;
1609 ServicePtrs[i]->read_only = true;
1610 ServicePtrs[i]->guest_only = false;
1611 ServicePtrs[i]->administrative_share = true;
1612 ServicePtrs[i]->guest_ok = guest_ok;
1613 ServicePtrs[i]->printable = false;
1614 ServicePtrs[i]->browseable = sDefault.browseable;
1615 ServicePtrs[i]->autoloaded = false;
1617 DEBUG(3, ("adding IPC service\n"));
1619 TALLOC_FREE(comment);
1623 /***************************************************************************
1624 Add a new printer service, with defaults coming from service iFrom.
1625 ***************************************************************************/
1627 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1629 const char *comment = "From Printcap";
1630 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1635 /* note that we do NOT default the availability flag to true - */
1636 /* we take it from the default service passed. This allows all */
1637 /* dynamic printers to be disabled by disabling the [printers] */
1638 /* entry (if/when the 'available' keyword is implemented!). */
1640 /* the printer name is set to the service name. */
1641 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1643 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1645 /* set the browseable flag from the gloabl default */
1646 ServicePtrs[i]->browseable = sDefault.browseable;
1648 /* Printers cannot be read_only. */
1649 ServicePtrs[i]->read_only = false;
1650 /* No oplocks on printer services. */
1651 ServicePtrs[i]->oplocks = false;
1652 /* Printer services must be printable. */
1653 ServicePtrs[i]->printable = true;
1655 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1661 /***************************************************************************
1662 Check whether the given parameter name is valid.
1663 Parametric options (names containing a colon) are considered valid.
1664 ***************************************************************************/
1666 bool lp_parameter_is_valid(const char *pszParmName)
1668 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1669 (strchr(pszParmName, ':') != NULL));
1672 /***************************************************************************
1673 Check whether the given name is the name of a global parameter.
1674 Returns true for strings belonging to parameters of class
1675 P_GLOBAL, false for all other strings, also for parametric options
1676 and strings not belonging to any option.
1677 ***************************************************************************/
1679 bool lp_parameter_is_global(const char *pszParmName)
1681 int num = lpcfg_map_parameter(pszParmName);
1684 return (parm_table[num].p_class == P_GLOBAL);
1690 /**************************************************************************
1691 Determine the canonical name for a parameter.
1692 Indicate when it is an inverse (boolean) synonym instead of a
1694 **************************************************************************/
1696 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1701 if (!lp_parameter_is_valid(parm_name)) {
1706 num = map_parameter_canonical(parm_name, inverse);
1708 /* parametric option */
1709 *canon_parm = parm_name;
1711 *canon_parm = parm_table[num].label;
1718 /**************************************************************************
1719 Determine the canonical name for a parameter.
1720 Turn the value given into the inverse boolean expression when
1721 the synonym is an invers boolean synonym.
1724 - parm_name is a valid parameter name and
1725 - val is a valid value for this parameter and
1726 - in case the parameter is an inverse boolean synonym, if the val
1727 string could successfully be converted to the reverse bool.
1728 Return false in all other cases.
1729 **************************************************************************/
1731 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1733 const char **canon_parm,
1734 const char **canon_val)
1740 if (!lp_parameter_is_valid(parm_name)) {
1746 num = map_parameter_canonical(parm_name, &inverse);
1748 /* parametric option */
1749 *canon_parm = parm_name;
1754 *canon_parm = parm_table[num].label;
1756 if (!lp_invert_boolean(val, canon_val)) {
1764 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1769 /***************************************************************************
1770 Map a parameter's string representation to the index of the canonical
1771 form of the parameter (it might be a synonym).
1772 Returns -1 if the parameter string is not recognised.
1773 ***************************************************************************/
1775 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1777 int parm_num, canon_num;
1778 bool loc_inverse = false;
1780 parm_num = lpcfg_map_parameter(pszParmName);
1781 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1782 /* invalid, parametric or no canidate for synonyms ... */
1786 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1787 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1788 parm_num = canon_num;
1794 if (inverse != NULL) {
1795 *inverse = loc_inverse;
1800 /***************************************************************************
1801 return true if parameter number parm1 is a synonym of parameter
1802 number parm2 (parm2 being the principal name).
1803 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1805 ***************************************************************************/
1807 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1809 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1810 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1811 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1812 !(parm_table[parm2].flags & FLAG_SYNONYM))
1814 if (inverse != NULL) {
1815 if ((parm_table[parm1].type == P_BOOLREV) &&
1816 (parm_table[parm2].type == P_BOOL))
1828 /***************************************************************************
1829 Show one parameter's name, type, [values,] and flags.
1830 (helper functions for show_parameter_list)
1831 ***************************************************************************/
1833 static void show_parameter(int parmIndex)
1835 int enumIndex, flagIndex;
1840 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1841 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1842 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1843 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1844 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1846 printf("%s=%s", parm_table[parmIndex].label,
1847 type[parm_table[parmIndex].type]);
1848 if (parm_table[parmIndex].type == P_ENUM) {
1851 parm_table[parmIndex].enum_list[enumIndex].name;
1855 enumIndex ? "|" : "",
1856 parm_table[parmIndex].enum_list[enumIndex].name);
1861 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1862 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1865 flag_names[flagIndex]);
1870 /* output synonyms */
1872 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1873 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1874 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1875 parm_table[parmIndex2].label);
1876 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1878 printf(" (synonyms: ");
1883 printf("%s%s", parm_table[parmIndex2].label,
1884 inverse ? "[i]" : "");
1895 * Check the value for a P_ENUM
1897 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1901 for (i = 0; parm->enum_list[i].name; i++) {
1902 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1909 /**************************************************************************
1910 Check whether the given value is valid for the given parameter name.
1911 **************************************************************************/
1913 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1915 bool ret = false, tmp_bool;
1916 int num = lpcfg_map_parameter(parm_name), tmp_int;
1917 uint64_t tmp_int64 = 0;
1918 struct parm_struct *parm;
1920 /* parametric options (parameter names containing a colon) cannot
1921 be checked and are therefore considered valid. */
1922 if (strchr(parm_name, ':') != NULL) {
1927 parm = &parm_table[num];
1928 switch (parm->type) {
1931 ret = set_boolean(val, &tmp_bool);
1935 ret = (sscanf(val, "%d", &tmp_int) == 1);
1939 ret = (sscanf(val, "%o", &tmp_int) == 1);
1943 ret = check_enum_parameter(parm, val);
1947 if (conv_str_size_error(val, &tmp_int64) &&
1948 tmp_int64 <= INT_MAX) {
1965 /***************************************************************************
1966 Show all parameter's name, type, [values,] and flags.
1967 ***************************************************************************/
1969 void show_parameter_list(void)
1971 int classIndex, parmIndex;
1972 const char *section_names[] = { "local", "global", NULL};
1974 for (classIndex=0; section_names[classIndex]; classIndex++) {
1975 printf("[%s]\n", section_names[classIndex]);
1976 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
1977 if (parm_table[parmIndex].p_class == classIndex) {
1978 show_parameter(parmIndex);
1984 /***************************************************************************
1985 Get the standard string representation of a boolean value ("yes" or "no")
1986 ***************************************************************************/
1988 static const char *get_boolean(bool bool_value)
1990 static const char *yes_str = "yes";
1991 static const char *no_str = "no";
1993 return (bool_value ? yes_str : no_str);
1996 /***************************************************************************
1997 Provide the string of the negated boolean value associated to the boolean
1998 given as a string. Returns false if the passed string does not correctly
1999 represent a boolean.
2000 ***************************************************************************/
2002 bool lp_invert_boolean(const char *str, const char **inverse_str)
2006 if (!set_boolean(str, &val)) {
2010 *inverse_str = get_boolean(!val);
2014 /***************************************************************************
2015 Provide the canonical string representation of a boolean value given
2016 as a string. Return true on success, false if the string given does
2017 not correctly represent a boolean.
2018 ***************************************************************************/
2020 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2024 if (!set_boolean(str, &val)) {
2028 *canon_str = get_boolean(val);
2032 /***************************************************************************
2033 Find a service by name. Otherwise works like get_service.
2034 ***************************************************************************/
2036 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2043 if (ServiceHash == NULL) {
2047 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2049 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2052 if (NT_STATUS_IS_OK(status) &&
2053 (data.dptr != NULL) &&
2054 (data.dsize == sizeof(iService)))
2056 memcpy(&iService, data.dptr, sizeof(iService));
2059 TALLOC_FREE(canon_name);
2061 if ((iService != -1) && (LP_SNUM_OK(iService))
2062 && (pserviceDest != NULL)) {
2063 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2069 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2070 struct loadparm_service *lp_service(const char *pszServiceName)
2072 int iService = getservicebyname(pszServiceName, NULL);
2073 if (iService == -1 || !LP_SNUM_OK(iService)) {
2076 return ServicePtrs[iService];
2079 struct loadparm_service *lp_servicebynum(int snum)
2081 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2084 return ServicePtrs[snum];
2087 struct loadparm_service *lp_default_loadparm_service()
2092 static struct smbconf_ctx *lp_smbconf_ctx(void)
2095 static struct smbconf_ctx *conf_ctx = NULL;
2097 if (conf_ctx == NULL) {
2098 err = smbconf_init(NULL, &conf_ctx, "registry:");
2099 if (!SBC_ERROR_IS_OK(err)) {
2100 DEBUG(1, ("error initializing registry configuration: "
2101 "%s\n", sbcErrorString(err)));
2109 static bool process_smbconf_service(struct smbconf_service *service)
2114 if (service == NULL) {
2118 ret = lp_do_section(service->name, NULL);
2122 for (count = 0; count < service->num_params; count++) {
2124 if (!bInGlobalSection && bGlobalOnly) {
2127 const char *pszParmName = service->param_names[count];
2128 const char *pszParmValue = service->param_values[count];
2130 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2132 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2133 pszParmName, pszParmValue);
2140 if (iServiceIndex >= 0) {
2141 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2147 * load a service from registry and activate it
2149 bool process_registry_service(const char *service_name)
2152 struct smbconf_service *service = NULL;
2153 TALLOC_CTX *mem_ctx = talloc_stackframe();
2154 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2157 if (conf_ctx == NULL) {
2161 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2163 if (!smbconf_share_exists(conf_ctx, service_name)) {
2165 * Registry does not contain data for this service (yet),
2166 * but make sure lp_load doesn't return false.
2172 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2173 if (!SBC_ERROR_IS_OK(err)) {
2177 ret = process_smbconf_service(service);
2183 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2186 TALLOC_FREE(mem_ctx);
2191 * process_registry_globals
2193 static bool process_registry_globals(void)
2197 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2199 if (!bInGlobalSection && bGlobalOnly) {
2202 const char *pszParmName = "registry shares";
2203 const char *pszParmValue = "yes";
2205 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2207 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2208 pszParmName, pszParmValue);
2215 return process_registry_service(GLOBAL_NAME);
2218 bool process_registry_shares(void)
2222 struct smbconf_service **service = NULL;
2223 uint32_t num_shares = 0;
2224 TALLOC_CTX *mem_ctx = talloc_stackframe();
2225 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2228 if (conf_ctx == NULL) {
2232 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2233 if (!SBC_ERROR_IS_OK(err)) {
2239 for (count = 0; count < num_shares; count++) {
2240 if (strequal(service[count]->name, GLOBAL_NAME)) {
2243 ret = process_smbconf_service(service[count]);
2250 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2253 TALLOC_FREE(mem_ctx);
2258 * reload those shares from registry that are already
2259 * activated in the services array.
2261 static bool reload_registry_shares(void)
2266 for (i = 0; i < iNumServices; i++) {
2271 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2275 ret = process_registry_service(ServicePtrs[i]->szService);
2286 #define MAX_INCLUDE_DEPTH 100
2288 static uint8_t include_depth;
2291 * Free the file lists
2293 static void free_file_list(void)
2295 struct file_lists *f;
2296 struct file_lists *next;
2309 * Utility function for outsiders to check if we're running on registry.
2311 bool lp_config_backend_is_registry(void)
2313 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2317 * Utility function to check if the config backend is FILE.
2319 bool lp_config_backend_is_file(void)
2321 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2324 /*******************************************************************
2325 Check if a config file has changed date.
2326 ********************************************************************/
2328 bool lp_file_list_changed(void)
2330 struct file_lists *f = file_lists;
2332 DEBUG(6, ("lp_file_list_changed()\n"));
2335 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2336 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2338 if (conf_ctx == NULL) {
2341 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2344 DEBUGADD(6, ("registry config changed\n"));
2351 n2 = talloc_sub_basic(talloc_tos(),
2352 get_current_username(),
2353 current_user_info.domain,
2358 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2359 f->name, n2, ctime(&f->modtime)));
2361 mod_time = file_modtime(n2);
2364 ((f->modtime != mod_time) ||
2365 (f->subfname == NULL) ||
2366 (strcmp(n2, f->subfname) != 0)))
2369 ("file %s modified: %s\n", n2,
2371 f->modtime = mod_time;
2372 TALLOC_FREE(f->subfname);
2373 f->subfname = talloc_strdup(f, n2);
2374 if (f->subfname == NULL) {
2375 smb_panic("talloc_strdup failed");
2389 * Initialize iconv conversion descriptors.
2391 * This is called the first time it is needed, and also called again
2392 * every time the configuration is reloaded, because the charset or
2393 * codepage might have changed.
2395 static void init_iconv(void)
2397 struct smb_iconv_handle *ret = NULL;
2399 ret = reinit_iconv_handle(NULL,
2403 smb_panic("reinit_iconv_handle failed");
2407 /***************************************************************************
2408 Handle the include operation.
2409 ***************************************************************************/
2410 static bool bAllowIncludeRegistry = true;
2412 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2413 const char *pszParmValue, char **ptr)
2417 if (include_depth >= MAX_INCLUDE_DEPTH) {
2418 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2423 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2424 if (!bAllowIncludeRegistry) {
2427 if (lp_ctx->bInGlobalSection) {
2430 ret = process_registry_globals();
2434 DEBUG(1, ("\"include = registry\" only effective "
2435 "in %s section\n", GLOBAL_NAME));
2440 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2441 current_user_info.domain,
2444 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2446 if (service == NULL) {
2447 lpcfg_string_set(Globals.ctx, ptr, fname);
2449 lpcfg_string_set(service, ptr, fname);
2452 if (file_exist(fname)) {
2455 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2461 DEBUG(2, ("Can't find include file %s\n", fname));
2466 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2468 char *config_option = NULL;
2469 const char *range = NULL;
2472 SMB_ASSERT(low != NULL);
2473 SMB_ASSERT(high != NULL);
2475 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2479 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2481 if (config_option == NULL) {
2482 DEBUG(0, ("out of memory\n"));
2486 range = lp_parm_const_string(-1, config_option, "range", NULL);
2487 if (range == NULL) {
2488 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2492 if (sscanf(range, "%u - %u", low, high) != 2) {
2493 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2494 range, domain_name));
2501 talloc_free(config_option);
2506 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2508 return lp_idmap_range("*", low, high);
2511 const char *lp_idmap_backend(const char *domain_name)
2513 char *config_option = NULL;
2514 const char *backend = NULL;
2516 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2520 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2522 if (config_option == NULL) {
2523 DEBUG(0, ("out of memory\n"));
2527 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2528 if (backend == NULL) {
2529 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2534 talloc_free(config_option);
2538 const char *lp_idmap_default_backend(void)
2540 return lp_idmap_backend("*");
2543 /***************************************************************************
2544 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2545 ***************************************************************************/
2547 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2549 const char *suffix_string;
2551 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2552 Globals.ldap_suffix );
2553 if ( !suffix_string ) {
2554 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2558 return suffix_string;
2561 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2563 if (Globals._ldap_machine_suffix[0])
2564 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2566 return lp_string(ctx, Globals.ldap_suffix);
2569 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2571 if (Globals._ldap_user_suffix[0])
2572 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2574 return lp_string(ctx, Globals.ldap_suffix);
2577 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2579 if (Globals._ldap_group_suffix[0])
2580 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2582 return lp_string(ctx, Globals.ldap_suffix);
2585 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2587 if (Globals._ldap_idmap_suffix[0])
2588 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2590 return lp_string(ctx, Globals.ldap_suffix);
2594 return the parameter pointer for a parameter
2596 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2598 if (service == NULL) {
2599 if (parm->p_class == P_LOCAL)
2600 return (void *)(((char *)&sDefault)+parm->offset);
2601 else if (parm->p_class == P_GLOBAL)
2602 return (void *)(((char *)&Globals)+parm->offset);
2605 return (void *)(((char *)service) + parm->offset);
2609 /***************************************************************************
2610 Process a parameter for a particular service number. If snum < 0
2611 then assume we are in the globals.
2612 ***************************************************************************/
2614 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2616 TALLOC_CTX *frame = talloc_stackframe();
2617 struct loadparm_context *lp_ctx;
2620 lp_ctx = setup_lp_context(frame);
2621 if (lp_ctx == NULL) {
2627 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2629 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2630 pszParmName, pszParmValue);
2638 /***************************************************************************
2639 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2640 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2641 ***************************************************************************/
2643 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2646 parmnum = lpcfg_map_parameter(pszParmName);
2648 flags_list[parmnum] &= ~FLAG_CMDLINE;
2649 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2652 flags_list[parmnum] |= FLAG_CMDLINE;
2654 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2655 * be grouped in the table, so we don't have to search the
2658 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2659 && parm_table[i].p_class == parm_table[parmnum].p_class;
2661 flags_list[i] |= FLAG_CMDLINE;
2663 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2664 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2665 flags_list[i] |= FLAG_CMDLINE;
2671 /* it might be parametric */
2672 if (strchr(pszParmName, ':') != NULL) {
2673 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2677 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2681 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2684 TALLOC_CTX *frame = talloc_stackframe();
2685 struct loadparm_context *lp_ctx;
2687 lp_ctx = setup_lp_context(frame);
2688 if (lp_ctx == NULL) {
2693 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2699 /***************************************************************************
2700 Process a parameter.
2701 ***************************************************************************/
2703 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2706 if (!bInGlobalSection && bGlobalOnly)
2709 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2711 if (bInGlobalSection) {
2712 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2714 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2715 pszParmName, pszParmValue);
2719 /***************************************************************************
2720 Initialize any local variables in the sDefault table, after parsing a
2722 ***************************************************************************/
2724 static void init_locals(void)
2727 * We run this check once the [globals] is parsed, to force
2728 * the VFS objects and other per-share settings we need for
2729 * the standard way a AD DC is operated. We may change these
2730 * as our code evolves, which is why we force these settings.
2732 * We can't do this at the end of lp_load_ex(), as by that
2733 * point the services have been loaded and they will already
2734 * have "" as their vfs objects.
2736 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2737 const char **vfs_objects = lp_vfs_objects(-1);
2738 if (!vfs_objects || !vfs_objects[0]) {
2739 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2740 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2741 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2742 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2744 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2748 lp_do_parameter(-1, "map hidden", "no");
2749 lp_do_parameter(-1, "map system", "no");
2750 lp_do_parameter(-1, "map readonly", "no");
2751 lp_do_parameter(-1, "map archive", "no");
2752 lp_do_parameter(-1, "store dos attributes", "yes");
2756 /***************************************************************************
2757 Process a new section (service). At this stage all sections are services.
2758 Later we'll have special sections that permit server parameters to be set.
2759 Returns true on success, false on failure.
2760 ***************************************************************************/
2762 bool lp_do_section(const char *pszSectionName, void *userdata)
2764 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2766 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2767 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2770 /* if we were in a global section then do the local inits */
2771 if (bInGlobalSection && !isglobal)
2774 /* if we've just struck a global section, note the fact. */
2775 bInGlobalSection = isglobal;
2776 if (lp_ctx != NULL) {
2777 lp_ctx->bInGlobalSection = isglobal;
2780 /* check for multiple global sections */
2781 if (bInGlobalSection) {
2782 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2786 if (!bInGlobalSection && bGlobalOnly)
2789 /* if we have a current service, tidy it up before moving on */
2792 if (iServiceIndex >= 0)
2793 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2795 /* if all is still well, move to the next record in the services array */
2797 /* We put this here to avoid an odd message order if messages are */
2798 /* issued by the post-processing of a previous section. */
2799 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2801 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2802 if (iServiceIndex < 0) {
2803 DEBUG(0, ("Failed to add a new service\n"));
2806 /* Clean all parametric options for service */
2807 /* They will be added during parsing again */
2808 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2814 /***************************************************************************
2815 Display the contents of a parameter of a single services record.
2816 ***************************************************************************/
2818 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2820 bool result = false;
2821 struct loadparm_context *lp_ctx;
2823 lp_ctx = setup_lp_context(talloc_tos());
2824 if (lp_ctx == NULL) {
2829 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2831 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2833 TALLOC_FREE(lp_ctx);
2838 /***************************************************************************
2839 Display the contents of a single copy structure.
2840 ***************************************************************************/
2841 static void dump_copy_map(bool *pcopymap)
2847 printf("\n\tNon-Copied parameters:\n");
2849 for (i = 0; parm_table[i].label; i++)
2850 if (parm_table[i].p_class == P_LOCAL &&
2851 parm_table[i].ptr && !pcopymap[i] &&
2852 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2854 printf("\t\t%s\n", parm_table[i].label);
2859 /***************************************************************************
2860 Return TRUE if the passed service number is within range.
2861 ***************************************************************************/
2863 bool lp_snum_ok(int iService)
2865 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2868 /***************************************************************************
2869 Auto-load some home services.
2870 ***************************************************************************/
2872 static void lp_add_auto_services(char *str)
2882 s = talloc_strdup(talloc_tos(), str);
2884 smb_panic("talloc_strdup failed");
2888 homes = lp_servicenumber(HOMES_NAME);
2890 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2891 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2894 if (lp_servicenumber(p) >= 0)
2897 home = get_user_home_dir(talloc_tos(), p);
2899 if (home && home[0] && homes >= 0)
2900 lp_add_home(p, homes, p, home);
2907 /***************************************************************************
2908 Auto-load one printer.
2909 ***************************************************************************/
2911 void lp_add_one_printer(const char *name, const char *comment,
2912 const char *location, void *pdata)
2914 int printers = lp_servicenumber(PRINTERS_NAME);
2917 if (lp_servicenumber(name) < 0) {
2918 lp_add_printer(name, printers);
2919 if ((i = lp_servicenumber(name)) >= 0) {
2920 lpcfg_string_set(ServicePtrs[i],
2921 &ServicePtrs[i]->comment, comment);
2922 ServicePtrs[i]->autoloaded = true;
2927 /***************************************************************************
2928 Have we loaded a services file yet?
2929 ***************************************************************************/
2931 bool lp_loaded(void)
2936 /***************************************************************************
2937 Unload unused services.
2938 ***************************************************************************/
2940 void lp_killunused(struct smbd_server_connection *sconn,
2941 bool (*snumused) (struct smbd_server_connection *, int))
2944 for (i = 0; i < iNumServices; i++) {
2948 /* don't kill autoloaded or usershare services */
2949 if ( ServicePtrs[i]->autoloaded ||
2950 ServicePtrs[i]->usershare == USERSHARE_VALID) {
2954 if (!snumused || !snumused(sconn, i)) {
2955 free_service_byindex(i);
2961 * Kill all except autoloaded and usershare services - convenience wrapper
2963 void lp_kill_all_services(void)
2965 lp_killunused(NULL, NULL);
2968 /***************************************************************************
2970 ***************************************************************************/
2972 void lp_killservice(int iServiceIn)
2974 if (VALID(iServiceIn)) {
2975 free_service_byindex(iServiceIn);
2979 /***************************************************************************
2980 Save the curent values of all global and sDefault parameters into the
2981 defaults union. This allows testparm to show only the
2982 changed (ie. non-default) parameters.
2983 ***************************************************************************/
2985 static void lp_save_defaults(void)
2988 struct parmlist_entry * parm;
2989 for (i = 0; parm_table[i].label; i++) {
2990 if (!(flags_list[i] & FLAG_CMDLINE)) {
2991 flags_list[i] |= FLAG_DEFAULT;
2994 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
2995 && parm_table[i].p_class == parm_table[i - 1].p_class)
2997 switch (parm_table[i].type) {
3000 parm_table[i].def.lvalue = str_list_copy(
3001 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3007 &parm_table[i].def.svalue,
3008 *(char **)lp_parm_ptr(
3009 NULL, &parm_table[i]));
3010 if (parm_table[i].def.svalue == NULL) {
3011 smb_panic("lpcfg_string_set() failed");
3016 parm_table[i].def.bvalue =
3017 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3020 parm_table[i].def.cvalue =
3021 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3027 parm_table[i].def.ivalue =
3028 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3033 for (parm=Globals.param_opt; parm; parm=parm->next) {
3034 if (!(parm->priority & FLAG_CMDLINE)) {
3035 parm->priority |= FLAG_DEFAULT;
3039 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3040 if (!(parm->priority & FLAG_CMDLINE)) {
3041 parm->priority |= FLAG_DEFAULT;
3045 defaults_saved = true;
3048 /***********************************************************
3049 If we should send plaintext/LANMAN passwords in the clinet
3050 ************************************************************/
3052 static void set_allowed_client_auth(void)
3054 if (Globals.client_ntlmv2_auth) {
3055 Globals.client_lanman_auth = false;
3057 if (!Globals.client_lanman_auth) {
3058 Globals.client_plaintext_auth = false;
3062 /***************************************************************************
3064 The following code allows smbd to read a user defined share file.
3065 Yes, this is my intent. Yes, I'm comfortable with that...
3067 THE FOLLOWING IS SECURITY CRITICAL CODE.
3069 It washes your clothes, it cleans your house, it guards you while you sleep...
3070 Do not f%^k with it....
3071 ***************************************************************************/
3073 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3075 /***************************************************************************
3076 Check allowed stat state of a usershare file.
3077 Ensure we print out who is dicking with us so the admin can
3078 get their sorry ass fired.
3079 ***************************************************************************/
3081 static bool check_usershare_stat(const char *fname,
3082 const SMB_STRUCT_STAT *psbuf)
3084 if (!S_ISREG(psbuf->st_ex_mode)) {
3085 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3086 "not a regular file\n",
3087 fname, (unsigned int)psbuf->st_ex_uid ));
3091 /* Ensure this doesn't have the other write bit set. */
3092 if (psbuf->st_ex_mode & S_IWOTH) {
3093 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3094 "public write. Refusing to allow as a usershare file.\n",
3095 fname, (unsigned int)psbuf->st_ex_uid ));
3099 /* Should be 10k or less. */
3100 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3101 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3102 "too large (%u) to be a user share file.\n",
3103 fname, (unsigned int)psbuf->st_ex_uid,
3104 (unsigned int)psbuf->st_ex_size ));
3111 /***************************************************************************
3112 Parse the contents of a usershare file.
3113 ***************************************************************************/
3115 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3116 SMB_STRUCT_STAT *psbuf,
3117 const char *servicename,
3121 char **pp_sharepath,
3123 char **pp_cp_servicename,
3124 struct security_descriptor **ppsd,
3127 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3128 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3131 SMB_STRUCT_STAT sbuf;
3132 char *sharepath = NULL;
3133 char *comment = NULL;
3135 *pp_sharepath = NULL;
3138 *pallow_guest = false;
3141 return USERSHARE_MALFORMED_FILE;
3144 if (strcmp(lines[0], "#VERSION 1") == 0) {
3146 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3149 return USERSHARE_MALFORMED_FILE;
3152 return USERSHARE_BAD_VERSION;
3155 if (strncmp(lines[1], "path=", 5) != 0) {
3156 return USERSHARE_MALFORMED_PATH;
3159 sharepath = talloc_strdup(ctx, &lines[1][5]);
3161 return USERSHARE_POSIX_ERR;
3163 trim_string(sharepath, " ", " ");
3165 if (strncmp(lines[2], "comment=", 8) != 0) {
3166 return USERSHARE_MALFORMED_COMMENT_DEF;
3169 comment = talloc_strdup(ctx, &lines[2][8]);
3171 return USERSHARE_POSIX_ERR;
3173 trim_string(comment, " ", " ");
3174 trim_char(comment, '"', '"');
3176 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3177 return USERSHARE_MALFORMED_ACL_DEF;
3180 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3181 return USERSHARE_ACL_ERR;
3185 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3186 return USERSHARE_MALFORMED_ACL_DEF;
3188 if (lines[4][9] == 'y') {
3189 *pallow_guest = true;
3192 /* Backwards compatible extension to file version #2. */
3194 if (strncmp(lines[5], "sharename=", 10) != 0) {
3195 return USERSHARE_MALFORMED_SHARENAME_DEF;
3197 if (!strequal(&lines[5][10], servicename)) {
3198 return USERSHARE_BAD_SHARENAME;
3200 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3201 if (!*pp_cp_servicename) {
3202 return USERSHARE_POSIX_ERR;
3207 if (*pp_cp_servicename == NULL) {
3208 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3209 if (!*pp_cp_servicename) {
3210 return USERSHARE_POSIX_ERR;
3214 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3215 /* Path didn't change, no checks needed. */
3216 *pp_sharepath = sharepath;
3217 *pp_comment = comment;
3218 return USERSHARE_OK;
3221 /* The path *must* be absolute. */
3222 if (sharepath[0] != '/') {
3223 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3224 servicename, sharepath));
3225 return USERSHARE_PATH_NOT_ABSOLUTE;
3228 /* If there is a usershare prefix deny list ensure one of these paths
3229 doesn't match the start of the user given path. */
3230 if (prefixdenylist) {
3232 for ( i=0; prefixdenylist[i]; i++ ) {
3233 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3234 servicename, i, prefixdenylist[i], sharepath ));
3235 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3236 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3237 "usershare prefix deny list entries.\n",
3238 servicename, sharepath));
3239 return USERSHARE_PATH_IS_DENIED;
3244 /* If there is a usershare prefix allow list ensure one of these paths
3245 does match the start of the user given path. */
3247 if (prefixallowlist) {
3249 for ( i=0; prefixallowlist[i]; i++ ) {
3250 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3251 servicename, i, prefixallowlist[i], sharepath ));
3252 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3256 if (prefixallowlist[i] == NULL) {
3257 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3258 "usershare prefix allow list entries.\n",
3259 servicename, sharepath));
3260 return USERSHARE_PATH_NOT_ALLOWED;
3264 /* Ensure this is pointing to a directory. */
3265 dp = opendir(sharepath);
3268 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3269 servicename, sharepath));
3270 return USERSHARE_PATH_NOT_DIRECTORY;
3273 /* Ensure the owner of the usershare file has permission to share
3276 if (sys_stat(sharepath, &sbuf, false) == -1) {
3277 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3278 servicename, sharepath, strerror(errno) ));
3280 return USERSHARE_POSIX_ERR;
3285 if (!S_ISDIR(sbuf.st_ex_mode)) {
3286 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3287 servicename, sharepath ));
3288 return USERSHARE_PATH_NOT_DIRECTORY;
3291 /* Check if sharing is restricted to owner-only. */
3292 /* psbuf is the stat of the usershare definition file,
3293 sbuf is the stat of the target directory to be shared. */
3295 if (lp_usershare_owner_only()) {
3296 /* root can share anything. */
3297 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3298 return USERSHARE_PATH_NOT_ALLOWED;
3302 *pp_sharepath = sharepath;
3303 *pp_comment = comment;
3304 return USERSHARE_OK;
3307 /***************************************************************************
3308 Deal with a usershare file.
3311 -1 - Bad name, invalid contents.
3312 - service name already existed and not a usershare, problem
3313 with permissions to share directory etc.
3314 ***************************************************************************/
3316 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3318 SMB_STRUCT_STAT sbuf;
3319 SMB_STRUCT_STAT lsbuf;
3321 char *sharepath = NULL;
3322 char *comment = NULL;
3323 char *cp_service_name = NULL;
3324 char **lines = NULL;
3328 TALLOC_CTX *ctx = talloc_stackframe();
3329 struct security_descriptor *psd = NULL;
3330 bool guest_ok = false;
3331 char *canon_name = NULL;
3332 bool added_service = false;
3335 /* Ensure share name doesn't contain invalid characters. */
3336 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3337 DEBUG(0,("process_usershare_file: share name %s contains "
3338 "invalid characters (any of %s)\n",
3339 file_name, INVALID_SHARENAME_CHARS ));
3343 canon_name = canonicalize_servicename(ctx, file_name);
3348 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3353 /* Minimize the race condition by doing an lstat before we
3354 open and fstat. Ensure this isn't a symlink link. */
3356 if (sys_lstat(fname, &lsbuf, false) != 0) {
3357 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3358 fname, strerror(errno) ));
3362 /* This must be a regular file, not a symlink, directory or
3363 other strange filetype. */
3364 if (!check_usershare_stat(fname, &lsbuf)) {
3372 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3377 if (NT_STATUS_IS_OK(status) &&
3378 (data.dptr != NULL) &&
3379 (data.dsize == sizeof(iService))) {
3380 memcpy(&iService, data.dptr, sizeof(iService));
3384 if (iService != -1 &&
3385 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3386 &lsbuf.st_ex_mtime) == 0) {
3387 /* Nothing changed - Mark valid and return. */
3388 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3390 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3395 /* Try and open the file read only - no symlinks allowed. */
3397 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3399 fd = open(fname, O_RDONLY, 0);
3403 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3404 fname, strerror(errno) ));
3408 /* Now fstat to be *SURE* it's a regular file. */
3409 if (sys_fstat(fd, &sbuf, false) != 0) {
3411 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3412 fname, strerror(errno) ));
3416 /* Is it the same dev/inode as was lstated ? */
3417 if (!check_same_stat(&lsbuf, &sbuf)) {
3419 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3420 "Symlink spoofing going on ?\n", fname ));
3424 /* This must be a regular file, not a symlink, directory or
3425 other strange filetype. */
3426 if (!check_usershare_stat(fname, &sbuf)) {
3431 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3434 if (lines == NULL) {
3435 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3436 fname, (unsigned int)sbuf.st_ex_uid ));
3440 if (parse_usershare_file(ctx, &sbuf, file_name,
3441 iService, lines, numlines, &sharepath,
3442 &comment, &cp_service_name,
3443 &psd, &guest_ok) != USERSHARE_OK) {
3447 /* Everything ok - add the service possibly using a template. */
3449 const struct loadparm_service *sp = &sDefault;
3450 if (snum_template != -1) {
3451 sp = ServicePtrs[snum_template];
3454 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3455 DEBUG(0, ("process_usershare_file: Failed to add "
3456 "new service %s\n", cp_service_name));
3460 added_service = true;
3462 /* Read only is controlled by usershare ACL below. */
3463 ServicePtrs[iService]->read_only = false;
3466 /* Write the ACL of the new/modified share. */
3467 if (!set_share_security(canon_name, psd)) {
3468 DEBUG(0, ("process_usershare_file: Failed to set share "
3469 "security for user share %s\n",
3474 /* If from a template it may be marked invalid. */
3475 ServicePtrs[iService]->valid = true;
3477 /* Set the service as a valid usershare. */
3478 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3480 /* Set guest access. */
3481 if (lp_usershare_allow_guests()) {
3482 ServicePtrs[iService]->guest_ok = guest_ok;
3485 /* And note when it was loaded. */
3486 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3487 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3489 lpcfg_string_set(ServicePtrs[iService],
3490 &ServicePtrs[iService]->comment, comment);
3496 if (ret == -1 && iService != -1 && added_service) {
3497 lp_remove_service(iService);
3505 /***************************************************************************
3506 Checks if a usershare entry has been modified since last load.
3507 ***************************************************************************/
3509 static bool usershare_exists(int iService, struct timespec *last_mod)
3511 SMB_STRUCT_STAT lsbuf;
3512 const char *usersharepath = Globals.usershare_path;
3515 fname = talloc_asprintf(talloc_tos(),
3518 ServicePtrs[iService]->szService);
3519 if (fname == NULL) {
3523 if (sys_lstat(fname, &lsbuf, false) != 0) {
3528 if (!S_ISREG(lsbuf.st_ex_mode)) {
3534 *last_mod = lsbuf.st_ex_mtime;
3538 static bool usershare_directory_is_root(uid_t uid)
3544 if (uid_wrapper_enabled()) {
3551 /***************************************************************************
3552 Load a usershare service by name. Returns a valid servicenumber or -1.
3553 ***************************************************************************/
3555 int load_usershare_service(const char *servicename)
3557 SMB_STRUCT_STAT sbuf;
3558 const char *usersharepath = Globals.usershare_path;
3559 int max_user_shares = Globals.usershare_max_shares;
3560 int snum_template = -1;
3562 if (*usersharepath == 0 || max_user_shares == 0) {
3566 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3567 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3568 usersharepath, strerror(errno) ));
3572 if (!S_ISDIR(sbuf.st_ex_mode)) {
3573 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3579 * This directory must be owned by root, and have the 't' bit set.
3580 * It also must not be writable by "other".
3584 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3585 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3587 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3588 (sbuf.st_ex_mode & S_IWOTH)) {
3590 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3591 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3596 /* Ensure the template share exists if it's set. */
3597 if (Globals.usershare_template_share[0]) {
3598 /* We can't use lp_servicenumber here as we are recommending that
3599 template shares have -valid=false set. */
3600 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3601 if (ServicePtrs[snum_template]->szService &&
3602 strequal(ServicePtrs[snum_template]->szService,
3603 Globals.usershare_template_share)) {
3608 if (snum_template == -1) {
3609 DEBUG(0,("load_usershare_service: usershare template share %s "
3610 "does not exist.\n",
3611 Globals.usershare_template_share ));
3616 return process_usershare_file(usersharepath, servicename, snum_template);
3619 /***************************************************************************
3620 Load all user defined shares from the user share directory.
3621 We only do this if we're enumerating the share list.
3622 This is the function that can delete usershares that have
3624 ***************************************************************************/
3626 int load_usershare_shares(struct smbd_server_connection *sconn,
3627 bool (*snumused) (struct smbd_server_connection *, int))
3630 SMB_STRUCT_STAT sbuf;
3632 int num_usershares = 0;
3633 int max_user_shares = Globals.usershare_max_shares;
3634 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3635 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3636 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3638 int snum_template = -1;
3639 const char *usersharepath = Globals.usershare_path;
3640 int ret = lp_numservices();
3641 TALLOC_CTX *tmp_ctx;
3643 if (max_user_shares == 0 || *usersharepath == '\0') {
3644 return lp_numservices();
3647 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3648 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3649 usersharepath, strerror(errno) ));
3654 * This directory must be owned by root, and have the 't' bit set.
3655 * It also must not be writable by "other".
3659 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3661 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3663 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3664 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3669 /* Ensure the template share exists if it's set. */
3670 if (Globals.usershare_template_share[0]) {
3671 /* We can't use lp_servicenumber here as we are recommending that
3672 template shares have -valid=false set. */
3673 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3674 if (ServicePtrs[snum_template]->szService &&
3675 strequal(ServicePtrs[snum_template]->szService,
3676 Globals.usershare_template_share)) {
3681 if (snum_template == -1) {
3682 DEBUG(0,("load_usershare_shares: usershare template share %s "
3683 "does not exist.\n",
3684 Globals.usershare_template_share ));
3689 /* Mark all existing usershares as pending delete. */
3690 for (iService = iNumServices - 1; iService >= 0; iService--) {
3691 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3692 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3696 dp = opendir(usersharepath);
3698 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3699 usersharepath, strerror(errno) ));
3703 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3705 num_dir_entries++ ) {
3707 const char *n = de->d_name;
3709 /* Ignore . and .. */
3711 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3717 /* Temporary file used when creating a share. */
3718 num_tmp_dir_entries++;
3721 /* Allow 20% tmp entries. */
3722 if (num_tmp_dir_entries > allowed_tmp_entries) {
3723 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3724 "in directory %s\n",
3725 num_tmp_dir_entries, usersharepath));
3729 r = process_usershare_file(usersharepath, n, snum_template);
3731 /* Update the services count. */
3733 if (num_usershares >= max_user_shares) {
3734 DEBUG(0,("load_usershare_shares: max user shares reached "
3735 "on file %s in directory %s\n",
3736 n, usersharepath ));
3739 } else if (r == -1) {
3740 num_bad_dir_entries++;
3743 /* Allow 20% bad entries. */
3744 if (num_bad_dir_entries > allowed_bad_entries) {
3745 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3746 "in directory %s\n",
3747 num_bad_dir_entries, usersharepath));
3751 /* Allow 20% bad entries. */
3752 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3753 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3754 "in directory %s\n",
3755 num_dir_entries, usersharepath));
3762 /* Sweep through and delete any non-refreshed usershares that are
3763 not currently in use. */
3764 tmp_ctx = talloc_stackframe();
3765 for (iService = iNumServices - 1; iService >= 0; iService--) {
3766 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3769 if (snumused && snumused(sconn, iService)) {
3773 servname = lp_servicename(tmp_ctx, iService);
3775 /* Remove from the share ACL db. */
3776 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3778 delete_share_security(servname);
3779 free_service_byindex(iService);
3782 talloc_free(tmp_ctx);
3784 return lp_numservices();
3787 /********************************************************
3788 Destroy global resources allocated in this file
3789 ********************************************************/
3791 void gfree_loadparm(void)
3797 /* Free resources allocated to services */
3799 for ( i = 0; i < iNumServices; i++ ) {
3801 free_service_byindex(i);
3805 TALLOC_FREE( ServicePtrs );
3808 /* Now release all resources allocated to global
3809 parameters and the default service */
3811 free_global_parameters();
3815 /***************************************************************************
3816 Allow client apps to specify that they are a client
3817 ***************************************************************************/
3818 static void lp_set_in_client(bool b)
3824 /***************************************************************************
3825 Determine if we're running in a client app
3826 ***************************************************************************/
3827 static bool lp_is_in_client(void)
3832 static void lp_enforce_ad_dc_settings(void)
3834 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3835 lp_do_parameter(GLOBAL_SECTION_SNUM,
3836 "winbindd:use external pipes", "true");
3837 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3838 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3839 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3840 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3841 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3842 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3843 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3844 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3845 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3848 /***************************************************************************
3849 Load the services array from the services file. Return true on success,
3851 ***************************************************************************/
3853 static bool lp_load_ex(const char *pszFname,
3857 bool reinit_globals,
3858 bool allow_include_registry,
3859 bool load_all_shares)
3863 TALLOC_CTX *frame = talloc_stackframe();
3864 struct loadparm_context *lp_ctx;
3868 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3870 bInGlobalSection = true;
3871 bGlobalOnly = global_only;
3872 bAllowIncludeRegistry = allow_include_registry;
3873 sDefault = _sDefault;
3875 lp_ctx = setup_lp_context(talloc_tos());
3877 init_globals(lp_ctx, reinit_globals);
3881 if (save_defaults) {
3886 if (!reinit_globals) {
3887 free_param_opts(&Globals.param_opt);
3888 apply_lp_set_cmdline();
3891 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3893 /* We get sections first, so have to start 'behind' to make up */
3896 if (lp_config_backend_is_file()) {
3897 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3898 current_user_info.domain,
3901 smb_panic("lp_load_ex: out of memory");
3904 add_to_file_list(NULL, &file_lists, pszFname, n2);
3906 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3909 /* finish up the last section */
3910 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3912 if (iServiceIndex >= 0) {
3913 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3917 if (lp_config_backend_is_registry()) {
3919 /* config backend changed to registry in config file */
3921 * We need to use this extra global variable here to
3922 * survive restart: init_globals uses this as a default
3923 * for config_backend. Otherwise, init_globals would
3924 * send us into an endless loop here.
3927 config_backend = CONFIG_BACKEND_REGISTRY;
3929 DEBUG(1, ("lp_load_ex: changing to config backend "
3931 init_globals(lp_ctx, true);
3933 TALLOC_FREE(lp_ctx);
3935 lp_kill_all_services();
3936 ok = lp_load_ex(pszFname, global_only, save_defaults,
3937 add_ipc, reinit_globals,
3938 allow_include_registry,
3943 } else if (lp_config_backend_is_registry()) {
3944 bRetval = process_registry_globals();
3946 DEBUG(0, ("Illegal config backend given: %d\n",
3947 lp_config_backend()));
3951 if (bRetval && lp_registry_shares()) {
3952 if (load_all_shares) {
3953 bRetval = process_registry_shares();
3955 bRetval = reload_registry_shares();
3960 char *serv = lp_auto_services(talloc_tos());
3961 lp_add_auto_services(serv);
3966 /* When 'restrict anonymous = 2' guest connections to ipc$
3968 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
3969 if ( lp_enable_asu_support() ) {
3970 lp_add_ipc("ADMIN$", false);
3974 set_allowed_client_auth();
3976 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
3977 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
3978 lp_password_server()));
3983 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
3984 /* if we_are_a_wins_server is true and we are in the client */
3985 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
3986 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
3991 fault_configure(smb_panic_s3);
3994 * We run this check once the whole smb.conf is parsed, to
3995 * force some settings for the standard way a AD DC is
3996 * operated. We may change these as our code evolves, which
3997 * is why we force these settings.
3999 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4000 lp_enforce_ad_dc_settings();
4003 bAllowIncludeRegistry = true;
4009 static bool lp_load(const char *pszFname,
4013 bool reinit_globals)
4015 return lp_load_ex(pszFname,
4020 true, /* allow_include_registry */
4021 false); /* load_all_shares*/
4024 bool lp_load_initial_only(const char *pszFname)
4026 return lp_load_ex(pszFname,
4027 true, /* global only */
4028 true, /* save_defaults */
4029 false, /* add_ipc */
4030 true, /* reinit_globals */
4031 false, /* allow_include_registry */
4032 false); /* load_all_shares*/
4036 * most common lp_load wrapper, loading only the globals
4038 * If this is used in a daemon or client utility it should be called
4039 * after processing popt.
4041 bool lp_load_global(const char *file_name)
4043 return lp_load(file_name,
4044 true, /* global_only */
4045 false, /* save_defaults */
4046 false, /* add_ipc */
4047 true); /* reinit_globals */
4051 * The typical lp_load wrapper with shares, loads global and
4052 * shares, including IPC, but does not force immediate
4053 * loading of all shares from registry.
4055 bool lp_load_with_shares(const char *file_name)
4057 return lp_load(file_name,
4058 false, /* global_only */
4059 false, /* save_defaults */
4061 true); /* reinit_globals */
4065 * lp_load wrapper, especially for clients
4067 bool lp_load_client(const char *file_name)
4069 lp_set_in_client(true);
4071 return lp_load_global(file_name);
4075 * lp_load wrapper, loading only globals, but intended
4076 * for subsequent calls, not reinitializing the globals
4079 bool lp_load_global_no_reinit(const char *file_name)
4081 return lp_load(file_name,
4082 true, /* global_only */
4083 false, /* save_defaults */
4084 false, /* add_ipc */
4085 false); /* reinit_globals */
4089 * lp_load wrapper, loading globals and shares,
4090 * intended for subsequent calls, i.e. not reinitializing
4091 * the globals to default values.
4093 bool lp_load_no_reinit(const char *file_name)
4095 return lp_load(file_name,
4096 false, /* global_only */
4097 false, /* save_defaults */
4098 false, /* add_ipc */
4099 false); /* reinit_globals */
4104 * lp_load wrapper, especially for clients, no reinitialization
4106 bool lp_load_client_no_reinit(const char *file_name)
4108 lp_set_in_client(true);
4110 return lp_load_global_no_reinit(file_name);
4113 bool lp_load_with_registry_shares(const char *pszFname)
4115 return lp_load_ex(pszFname,
4116 false, /* global_only */
4117 true, /* save_defaults */
4118 false, /* add_ipc */
4119 false, /* reinit_globals */
4120 true, /* allow_include_registry */
4121 true); /* load_all_shares*/
4124 /***************************************************************************
4125 Return the max number of services.
4126 ***************************************************************************/
4128 int lp_numservices(void)
4130 return (iNumServices);
4133 /***************************************************************************
4134 Display the contents of the services array in human-readable form.
4135 ***************************************************************************/
4137 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4140 struct loadparm_context *lp_ctx;
4143 defaults_saved = false;
4145 lp_ctx = setup_lp_context(talloc_tos());
4146 if (lp_ctx == NULL) {
4150 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4152 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4154 for (iService = 0; iService < maxtoprint; iService++) {
4156 lp_dump_one(f, show_defaults, iService);
4160 /***************************************************************************
4161 Display the contents of one service in human-readable form.
4162 ***************************************************************************/
4164 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4167 if (ServicePtrs[snum]->szService[0] == '\0')
4169 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4170 flags_list, show_defaults);
4174 /***************************************************************************
4175 Return the number of the service with the given name, or -1 if it doesn't
4176 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4177 getservicebyname()! This works ONLY if all services have been loaded, and
4178 does not copy the found service.
4179 ***************************************************************************/
4181 int lp_servicenumber(const char *pszServiceName)
4184 fstring serviceName;
4186 if (!pszServiceName) {
4187 return GLOBAL_SECTION_SNUM;
4190 for (iService = iNumServices - 1; iService >= 0; iService--) {
4191 if (VALID(iService) && ServicePtrs[iService]->szService) {
4193 * The substitution here is used to support %U in
4196 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4197 standard_sub_basic(get_current_username(),
4198 current_user_info.domain,
4199 serviceName,sizeof(serviceName));
4200 if (strequal(serviceName, pszServiceName)) {
4206 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4207 struct timespec last_mod;
4209 if (!usershare_exists(iService, &last_mod)) {
4210 /* Remove the share security tdb entry for it. */
4211 delete_share_security(lp_servicename(talloc_tos(), iService));
4212 /* Remove it from the array. */
4213 free_service_byindex(iService);
4214 /* Doesn't exist anymore. */
4215 return GLOBAL_SECTION_SNUM;
4218 /* Has it been modified ? If so delete and reload. */
4219 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4221 /* Remove it from the array. */
4222 free_service_byindex(iService);
4223 /* and now reload it. */
4224 iService = load_usershare_service(pszServiceName);
4229 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4230 return GLOBAL_SECTION_SNUM;
4236 /*******************************************************************
4237 A useful volume label function.
4238 ********************************************************************/
4240 const char *volume_label(TALLOC_CTX *ctx, int snum)
4243 const char *label = lp_volume(ctx, snum);
4245 label = lp_servicename(ctx, snum);
4248 /* This returns a 33 byte guarenteed null terminated string. */
4249 ret = talloc_strndup(ctx, label, 32);
4256 /*******************************************************************
4257 Get the default server type we will announce as via nmbd.
4258 ********************************************************************/
4260 int lp_default_server_announce(void)
4262 int default_server_announce = 0;
4263 default_server_announce |= SV_TYPE_WORKSTATION;
4264 default_server_announce |= SV_TYPE_SERVER;
4265 default_server_announce |= SV_TYPE_SERVER_UNIX;
4267 /* note that the flag should be set only if we have a
4268 printer service but nmbd doesn't actually load the
4269 services so we can't tell --jerry */
4271 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4273 default_server_announce |= SV_TYPE_SERVER_NT;
4274 default_server_announce |= SV_TYPE_NT;
4276 switch (lp_server_role()) {
4277 case ROLE_DOMAIN_MEMBER:
4278 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4280 case ROLE_DOMAIN_PDC:
4281 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4283 case ROLE_DOMAIN_BDC:
4284 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4286 case ROLE_STANDALONE:
4290 if (lp_time_server())
4291 default_server_announce |= SV_TYPE_TIME_SOURCE;
4293 if (lp_host_msdfs())
4294 default_server_announce |= SV_TYPE_DFS_SERVER;
4296 return default_server_announce;
4299 /***********************************************************
4300 If we are PDC then prefer us as DMB
4301 ************************************************************/
4303 bool lp_domain_master(void)
4305 if (Globals._domain_master == Auto)
4306 return (lp_server_role() == ROLE_DOMAIN_PDC);
4308 return (bool)Globals._domain_master;
4311 /***********************************************************
4312 If we are PDC then prefer us as DMB
4313 ************************************************************/
4315 static bool lp_domain_master_true_or_auto(void)
4317 if (Globals._domain_master) /* auto or yes */
4323 /***********************************************************
4324 If we are DMB then prefer us as LMB
4325 ************************************************************/
4327 bool lp_preferred_master(void)
4329 int preferred_master = lp__preferred_master();
4331 if (preferred_master == Auto)
4332 return (lp_local_master() && lp_domain_master());
4334 return (bool)preferred_master;
4337 /*******************************************************************
4339 ********************************************************************/
4341 void lp_remove_service(int snum)
4343 ServicePtrs[snum]->valid = false;
4346 const char *lp_printername(TALLOC_CTX *ctx, int snum)
4348 const char *ret = lp__printername(ctx, snum);
4349 if (ret == NULL || *ret == '\0') {
4350 ret = lp_const_servicename(snum);
4357 /***********************************************************
4358 Allow daemons such as winbindd to fix their logfile name.
4359 ************************************************************/
4361 void lp_set_logfile(const char *name)
4363 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4364 debug_set_logfile(name);
4367 /*******************************************************************
4368 Return the max print jobs per queue.
4369 ********************************************************************/
4371 int lp_maxprintjobs(int snum)
4373 int maxjobs = lp_max_print_jobs(snum);
4375 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4376 maxjobs = PRINT_MAX_JOBID - 1;
4381 const char *lp_printcapname(void)
4383 const char *printcap_name = lp_printcap_name();
4385 if ((printcap_name != NULL) &&
4386 (printcap_name[0] != '\0'))
4387 return printcap_name;
4389 if (sDefault.printing == PRINT_CUPS) {
4393 if (sDefault.printing == PRINT_BSD)
4394 return "/etc/printcap";
4396 return PRINTCAP_NAME;
4399 static uint32_t spoolss_state;
4401 bool lp_disable_spoolss( void )
4403 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4404 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4406 return spoolss_state == SVCCTL_STOPPED ? true : false;
4409 void lp_set_spoolss_state( uint32_t state )
4411 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4413 spoolss_state = state;
4416 uint32_t lp_get_spoolss_state( void )
4418 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4421 /*******************************************************************
4422 Ensure we don't use sendfile if server smb signing is active.
4423 ********************************************************************/
4425 bool lp_use_sendfile(int snum, struct smb_signing_state *signing_state)
4427 bool sign_active = false;
4429 /* Using sendfile blows the brains out of any DOS or Win9x TCP stack... JRA. */
4430 if (get_Protocol() < PROTOCOL_NT1) {
4433 if (signing_state) {
4434 sign_active = smb_signing_is_active(signing_state);
4436 return (lp__use_sendfile(snum) &&
4437 (get_remote_arch() != RA_WIN95) &&
4441 /*******************************************************************
4442 Turn off sendfile if we find the underlying OS doesn't support it.
4443 ********************************************************************/
4445 void set_use_sendfile(int snum, bool val)
4447 if (LP_SNUM_OK(snum))
4448 ServicePtrs[snum]->_use_sendfile = val;
4450 sDefault._use_sendfile = val;
4453 void lp_set_mangling_method(const char *new_method)
4455 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4458 /*******************************************************************
4459 Global state for POSIX pathname processing.
4460 ********************************************************************/
4462 static bool posix_pathnames;
4464 bool lp_posix_pathnames(void)
4466 return posix_pathnames;
4469 /*******************************************************************
4470 Change everything needed to ensure POSIX pathname processing (currently
4472 ********************************************************************/
4474 void lp_set_posix_pathnames(void)
4476 posix_pathnames = true;
4479 /*******************************************************************
4480 Global state for POSIX lock processing - CIFS unix extensions.
4481 ********************************************************************/
4483 bool posix_default_lock_was_set;
4484 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4486 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4488 if (posix_default_lock_was_set) {
4489 return posix_cifsx_locktype;
4491 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4492 POSIX_LOCK : WINDOWS_LOCK;
4496 /*******************************************************************
4497 ********************************************************************/
4499 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4501 posix_default_lock_was_set = true;
4502 posix_cifsx_locktype = val;
4505 int lp_min_receive_file_size(void)
4507 int min_receivefile_size = lp_min_receivefile_size();
4509 if (min_receivefile_size < 0) {
4512 return min_receivefile_size;
4515 /*******************************************************************
4516 Safe wide links checks.
4517 This helper function always verify the validity of wide links,
4518 even after a configuration file reload.
4519 ********************************************************************/
4521 void widelinks_warning(int snum)
4523 if (lp_allow_insecure_wide_links()) {
4527 if (lp_unix_extensions() && lp_wide_links(snum)) {
4528 DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
4529 "These parameters are incompatible. "
4530 "Wide links will be disabled for this share.\n",
4531 lp_servicename(talloc_tos(), snum) ));
4535 bool lp_widelinks(int snum)
4537 /* wide links is always incompatible with unix extensions */
4538 if (lp_unix_extensions()) {
4540 * Unless we have "allow insecure widelinks"
4543 if (!lp_allow_insecure_wide_links()) {
4548 return lp_wide_links(snum);
4551 int lp_server_role(void)
4553 return lp_find_server_role(lp__server_role(),
4555 lp__domain_logons(),
4556 lp_domain_master_true_or_auto());
4559 int lp_security(void)
4561 return lp_find_security(lp__server_role(),
4565 int lp_client_max_protocol(void)
4567 int client_max_protocol = lp__client_max_protocol();
4568 if (client_max_protocol == PROTOCOL_DEFAULT) {
4569 return PROTOCOL_LATEST;
4571 return client_max_protocol;
4574 int lp_client_ipc_min_protocol(void)
4576 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4577 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4578 client_ipc_min_protocol = lp_client_min_protocol();
4580 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4581 return PROTOCOL_NT1;
4583 return client_ipc_min_protocol;
4586 int lp_client_ipc_max_protocol(void)
4588 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4589 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4590 return PROTOCOL_LATEST;
4592 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4593 return PROTOCOL_NT1;
4595 return client_ipc_max_protocol;
4598 int lp_client_ipc_signing(void)
4600 int client_ipc_signing = lp__client_ipc_signing();
4601 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4602 return SMB_SIGNING_REQUIRED;
4604 return client_ipc_signing;
4607 int lp_rpc_low_port(void)
4609 return Globals.rpc_low_port;
4612 int lp_rpc_high_port(void)
4614 return Globals.rpc_high_port;
4618 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4620 * This also ensures it is disabled if NTLM is totally disabled
4622 bool lp_lanman_auth(void)
4624 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4626 if (ntlm_auth_level == NTLM_AUTH_ON) {
4627 return lp__lanman_auth();
4633 struct loadparm_global * get_globals(void)
4638 unsigned int * get_flags(void)
4640 if (flags_list == NULL) {
4641 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());