2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "system/filesys.h"
60 #include "lib/param/loadparm.h"
61 #include "lib/param/param.h"
63 #include "lib/smbconf/smbconf.h"
64 #include "lib/smbconf/smbconf_init.h"
66 #include "include/smb_ldap.h"
67 #include "../librpc/gen_ndr/svcctl.h"
69 #include "../libcli/smb/smb_signing.h"
70 #include "dbwrap/dbwrap.h"
71 #include "dbwrap/dbwrap_rbt.h"
72 #include "../lib/util/bitmap.h"
73 #include "librpc/gen_ndr/nbt.h"
74 #include "source4/lib/tls/tls.h"
75 #include "libcli/auth/ntlm_check.h"
76 #include "lib/crypto/gnutls_helpers.h"
77 #include "lib/util/string_wrappers.h"
78 #include "auth/credentials/credentials.h"
79 #include "source3/lib/substitute.h"
81 #ifdef HAVE_SYS_SYSCTL_H
82 #include <sys/sysctl.h>
87 extern userdom_struct current_user_info;
89 /* the special value for the include parameter
90 * to be interpreted not as a file name but to
91 * trigger loading of the global smb.conf options
93 #ifndef INCLUDE_REGISTRY_NAME
94 #define INCLUDE_REGISTRY_NAME "registry"
97 static bool in_client = false; /* Not in the client by default */
98 static struct smbconf_csn conf_last_csn;
100 static int config_backend = CONFIG_BACKEND_FILE;
102 /* some helpful bits */
103 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
104 (ServicePtrs != NULL) && \
105 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
106 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
107 ServicePtrs[i]->valid)
109 #define USERSHARE_VALID 1
110 #define USERSHARE_PENDING_DELETE 2
112 static bool defaults_saved = false;
114 #include "lib/param/param_global.h"
116 static struct loadparm_global Globals;
118 /* This is a default service used to prime a services structure */
119 static const struct loadparm_service _sDefault =
124 .usershare_last_mod = {0, 0},
127 .invalid_users = NULL,
134 .root_preexec = NULL,
135 .root_postexec = NULL,
136 .cups_options = NULL,
137 .print_command = NULL,
139 .lprm_command = NULL,
140 .lppause_command = NULL,
141 .lpresume_command = NULL,
142 .queuepause_command = NULL,
143 .queueresume_command = NULL,
144 ._printername = NULL,
145 .printjob_username = NULL,
146 .dont_descend = NULL,
149 .magic_script = NULL,
150 .magic_output = NULL,
153 .veto_oplock_files = NULL,
163 .aio_write_behind = NULL,
164 .dfree_command = NULL,
165 .min_print_space = 0,
166 .max_print_jobs = 1000,
167 .max_reported_print_jobs = 0,
169 .force_create_mode = 0,
170 .directory_mask = 0755,
171 .force_directory_mode = 0,
172 .max_connections = 0,
173 .default_case = CASE_LOWER,
174 .printing = DEFAULT_PRINTING,
177 .dfree_cache_time = 0,
178 .preexec_close = false,
179 .root_preexec_close = false,
180 .case_sensitive = Auto,
181 .preserve_case = true,
182 .short_preserve_case = true,
183 .hide_dot_files = true,
184 .hide_special_files = false,
185 .hide_unreadable = false,
186 .hide_unwriteable_files = false,
188 .access_based_share_enum = false,
193 .administrative_share = false,
196 .print_notify_backchannel = false,
200 .store_dos_attributes = true,
201 .smbd_max_xattr_size = 65536,
202 .dmapi_support = false,
204 .strict_locking = Auto,
205 .posix_locking = true,
207 .kernel_oplocks = false,
208 .level2_oplocks = true,
209 .mangled_names = MANGLED_NAMES_ILLEGAL,
211 .follow_symlinks = true,
212 .sync_always = false,
213 .strict_allocate = false,
214 .strict_rename = false,
216 .mangling_char = '~',
218 .delete_readonly = false,
219 .fake_oplocks = false,
220 .delete_veto_files = false,
221 .dos_filemode = false,
222 .dos_filetimes = true,
223 .dos_filetime_resolution = false,
224 .fake_directory_create_times = false,
225 .blocking_locks = true,
226 .inherit_permissions = false,
227 .inherit_acls = false,
228 .inherit_owner = false,
230 .msdfs_shuffle_referrals = false,
231 .use_client_driver = false,
232 .default_devmode = true,
233 .force_printername = false,
234 .nt_acl_support = true,
235 .force_unknown_acl_user = false,
236 ._use_sendfile = false,
237 .map_acl_inherit = false,
240 .acl_check_permissions = true,
241 .acl_map_full_control = true,
242 .acl_group_control = false,
243 .acl_allow_execute_always = false,
244 .acl_flag_inherited_canonicalization = true,
247 .map_readonly = MAP_READONLY_NO,
248 .directory_name_cache_size = 100,
249 .server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
250 .kernel_share_modes = false,
251 .durable_handles = true,
252 .check_parent_directory_delete_on_close = false,
254 .smbd_search_ask_sharemode = true,
255 .smbd_getinfo_ask_sharemode = true,
256 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
257 .honor_change_notify_privilege = false,
262 * This is a copy of the default service structure. Service options in the
263 * global section would otherwise overwrite the initial default values.
265 static struct loadparm_service sDefault;
267 /* local variables */
268 static struct loadparm_service **ServicePtrs = NULL;
269 static int iNumServices = 0;
270 static int iServiceIndex = 0;
271 static struct db_context *ServiceHash;
272 static bool bInGlobalSection = true;
273 static bool bGlobalOnly = false;
274 static struct file_lists *file_lists = NULL;
275 static unsigned int *flags_list = NULL;
277 static void set_allowed_client_auth(void);
279 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
280 static void free_param_opts(struct parmlist_entry **popts);
283 * Function to return the default value for the maximum number of open
284 * file descriptors permitted. This function tries to consult the
285 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
286 * the smaller of those.
288 static int max_open_files(void)
290 int sysctl_max = MAX_OPEN_FILES;
291 int rlimit_max = MAX_OPEN_FILES;
293 #ifdef HAVE_SYSCTLBYNAME
295 size_t size = sizeof(sysctl_max);
296 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
301 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
307 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
308 rlimit_max = rl.rlim_cur;
310 #if defined(RLIM_INFINITY)
311 if(rl.rlim_cur == RLIM_INFINITY)
312 rlimit_max = MAX_OPEN_FILES;
317 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
318 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
319 "minimum Windows limit (%d)\n",
321 MIN_OPEN_FILES_WINDOWS));
322 sysctl_max = MIN_OPEN_FILES_WINDOWS;
325 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
326 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
327 "minimum Windows limit (%d)\n",
329 MIN_OPEN_FILES_WINDOWS));
330 rlimit_max = MIN_OPEN_FILES_WINDOWS;
333 return MIN(sysctl_max, rlimit_max);
337 * Common part of freeing allocated data for one parameter.
339 static void free_one_parameter_common(void *parm_ptr,
340 struct parm_struct parm)
342 if ((parm.type == P_STRING) ||
343 (parm.type == P_USTRING))
345 lpcfg_string_free((char**)parm_ptr);
346 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
347 TALLOC_FREE(*((char***)parm_ptr));
352 * Free the allocated data for one parameter for a share
353 * given as a service struct.
355 static void free_one_parameter(struct loadparm_service *service,
356 struct parm_struct parm)
360 if (parm.p_class != P_LOCAL) {
364 parm_ptr = lp_parm_ptr(service, &parm);
366 free_one_parameter_common(parm_ptr, parm);
370 * Free the allocated parameter data of a share given
371 * as a service struct.
373 static void free_parameters(struct loadparm_service *service)
377 for (i=0; parm_table[i].label; i++) {
378 free_one_parameter(service, parm_table[i]);
383 * Free the allocated data for one parameter for a given share
384 * specified by an snum.
386 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
391 parm_ptr = lp_parm_ptr(NULL, &parm);
392 } else if (parm.p_class != P_LOCAL) {
395 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
398 free_one_parameter_common(parm_ptr, parm);
402 * Free the allocated parameter data for a share specified
405 static void free_parameters_by_snum(int snum)
409 for (i=0; parm_table[i].label; i++) {
410 free_one_parameter_by_snum(snum, parm_table[i]);
415 * Free the allocated global parameters.
417 static void free_global_parameters(void)
420 struct parm_struct *parm;
422 free_param_opts(&Globals.param_opt);
423 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
425 /* Reset references in the defaults because the context is going to be freed */
426 for (i=0; parm_table[i].label; i++) {
427 parm = &parm_table[i];
428 if ((parm->type == P_STRING) ||
429 (parm->type == P_USTRING)) {
430 if ((parm->def.svalue != NULL) &&
431 (*(parm->def.svalue) != '\0')) {
432 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
433 parm->def.svalue = NULL;
438 TALLOC_FREE(Globals.ctx);
441 struct lp_stored_option {
442 struct lp_stored_option *prev, *next;
447 static struct lp_stored_option *stored_options;
450 save options set by lp_set_cmdline() into a list. This list is
451 re-applied when we do a globals reset, so that cmdline set options
452 are sticky across reloads of smb.conf
454 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
456 struct lp_stored_option *entry, *entry_next;
457 for (entry = stored_options; entry != NULL; entry = entry_next) {
458 entry_next = entry->next;
459 if (strcmp(pszParmName, entry->label) == 0) {
460 DLIST_REMOVE(stored_options, entry);
466 entry = talloc(NULL, struct lp_stored_option);
471 entry->label = talloc_strdup(entry, pszParmName);
477 entry->value = talloc_strdup(entry, pszParmValue);
483 DLIST_ADD_END(stored_options, entry);
488 static bool apply_lp_set_cmdline(void)
490 struct lp_stored_option *entry = NULL;
491 for (entry = stored_options; entry != NULL; entry = entry->next) {
492 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
493 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
494 entry->label, entry->value));
501 /***************************************************************************
502 Initialise the global parameter structure.
503 ***************************************************************************/
505 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
507 static bool done_init = false;
511 /* If requested to initialize only once and we've already done it... */
512 if (!reinit_globals && done_init) {
513 /* ... then we have nothing more to do */
518 /* The logfile can be set before this is invoked. Free it if so. */
519 lpcfg_string_free(&Globals.logfile);
522 free_global_parameters();
525 /* This memset and the free_global_parameters() above will
526 * wipe out smb.conf options set with lp_set_cmdline(). The
527 * apply_lp_set_cmdline() call puts these values back in the
528 * table once the defaults are set */
529 ZERO_STRUCT(Globals);
531 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
533 /* Initialize the flags list if necessary */
534 if (flags_list == NULL) {
538 for (i = 0; parm_table[i].label; i++) {
539 if ((parm_table[i].type == P_STRING ||
540 parm_table[i].type == P_USTRING))
544 (char **)lp_parm_ptr(NULL, &parm_table[i]),
550 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
551 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
553 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
555 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
557 DEBUG(3, ("Initialising global parameters\n"));
559 /* Must manually force to upper case here, as this does not go via the handler */
560 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
563 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
564 get_dyn_SMB_PASSWD_FILE());
565 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
566 get_dyn_PRIVATE_DIR());
567 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
568 get_dyn_BINDDNS_DIR());
570 /* use the new 'hash2' method by default, with a prefix of 1 */
571 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
572 Globals.mangle_prefix = 1;
574 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
576 /* using UTF8 by default allows us to support all chars */
577 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
578 DEFAULT_UNIX_CHARSET);
580 /* Use codepage 850 as a default for the dos character set */
581 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
582 DEFAULT_DOS_CHARSET);
585 * Allow the default PASSWD_CHAT to be overridden in local.h.
587 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
588 DEFAULT_PASSWD_CHAT);
590 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
592 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
593 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
595 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
597 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
599 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
601 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
604 * By default support explicit binding to broadcast
607 Globals.nmbd_bind_explicit_broadcast = true;
609 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
611 smb_panic("init_globals: ENOMEM");
613 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
616 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
617 "/bin/sleep 999999999");
620 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
621 DEFAULT_SOCKET_OPTIONS);
623 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
624 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
625 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
626 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
627 "\\\\%N\\%U\\profile");
629 Globals.name_resolve_order =
630 str_list_make_v3_const(Globals.ctx,
631 DEFAULT_NAME_RESOLVE_ORDER,
633 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
635 Globals.algorithmic_rid_base = BASE_RID;
637 Globals.load_printers = true;
638 Globals.printcap_cache_time = 750; /* 12.5 minutes */
640 Globals.config_backend = config_backend;
641 Globals._server_role = ROLE_AUTO;
643 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
644 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
645 Globals.max_xmit = 0x4104;
646 Globals.max_mux = 50; /* This is *needed* for profile support. */
647 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
648 Globals._disable_spoolss = false;
649 Globals.max_smbd_processes = 0;/* no limit specified */
650 Globals.username_level = 0;
651 Globals.deadtime = 10080;
652 Globals.getwd_cache = true;
653 Globals.large_readwrite = true;
654 Globals.max_log_size = 5000;
655 Globals.max_open_files = max_open_files();
656 Globals.server_max_protocol = PROTOCOL_SMB3_11;
657 Globals.server_min_protocol = PROTOCOL_SMB2_02;
658 Globals._client_max_protocol = PROTOCOL_DEFAULT;
659 Globals.client_min_protocol = PROTOCOL_SMB2_02;
660 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
661 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
662 Globals._security = SEC_AUTO;
663 Globals.encrypt_passwords = true;
664 Globals.client_schannel = true;
665 Globals.winbind_sealed_pipes = true;
666 Globals.require_strong_key = true;
667 Globals.server_schannel = true;
668 Globals.read_raw = true;
669 Globals.write_raw = true;
670 Globals.null_passwords = false;
671 Globals.old_password_allowed_period = 60;
672 Globals.obey_pam_restrictions = false;
674 Globals.syslog_only = false;
675 Globals.timestamp_logs = true;
676 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
677 Globals.debug_prefix_timestamp = false;
678 Globals.debug_hires_timestamp = true;
679 Globals.debug_syslog_format = false;
680 Globals.debug_pid = false;
681 Globals.debug_uid = false;
682 Globals.debug_class = false;
683 Globals.enable_core_files = true;
684 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
685 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
686 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
687 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
688 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
689 Globals.lm_interval = 60;
690 Globals.time_server = false;
691 Globals.bind_interfaces_only = false;
692 Globals.unix_password_sync = false;
693 Globals.pam_password_change = false;
694 Globals.passwd_chat_debug = false;
695 Globals.passwd_chat_timeout = 2; /* 2 second default. */
696 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
697 Globals.nt_status_support = true; /* Use NT status by default. */
698 Globals.smbd_profiling_level = 0;
699 Globals.stat_cache = true; /* use stat cache by default */
700 Globals.max_stat_cache_size = 512; /* 512k by default */
701 Globals.restrict_anonymous = 0;
702 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
703 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
704 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
705 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
706 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
707 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
708 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
710 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
712 Globals.map_to_guest = 0; /* By Default, "Never" */
713 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
714 Globals.enhanced_browsing = true;
715 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
716 Globals.use_mmap = true;
717 Globals.unicode = true;
718 Globals.smb1_unix_extensions = true;
719 Globals.reset_on_zero_vc = false;
720 Globals.log_writeable_files_on_exit = false;
721 Globals.create_krb5_conf = true;
722 Globals.include_system_krb5_conf = true;
723 Globals._winbind_max_domain_connections = 1;
725 /* hostname lookups can be very expensive and are broken on
726 a large number of sites (tridge) */
727 Globals.hostname_lookups = false;
729 Globals.change_notify = true,
730 Globals.kernel_change_notify = true,
732 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
733 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
734 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
735 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
739 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
740 Globals.ldap_ssl = LDAP_SSL_START_TLS;
741 Globals.ldap_deref = -1;
742 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
743 Globals.ldap_delete_dn = false;
744 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
745 Globals.ldap_follow_referral = Auto;
746 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
747 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
748 Globals.ldap_page_size = LDAP_PAGE_SIZE;
750 Globals.ldap_debug_level = 0;
751 Globals.ldap_debug_threshold = 10;
753 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
755 Globals.ldap_server_require_strong_auth =
756 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
758 /* This is what we tell the afs client. in reality we set the token
759 * to never expire, though, when this runs out the afs client will
760 * forget the token. Set to 0 to get NEVERDATE.*/
761 Globals.afs_token_lifetime = 604800;
762 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
764 /* these parameters are set to defaults that are more appropriate
765 for the increasing samba install base:
767 as a member of the workgroup, that will possibly become a
768 _local_ master browser (lm = true). this is opposed to a forced
769 local master browser startup (pm = true).
771 doesn't provide WINS server service by default (wsupp = false),
772 and doesn't provide domain master browser services by default, either.
776 Globals.show_add_printer_wizard = true;
777 Globals.os_level = 20;
778 Globals.local_master = true;
779 Globals._domain_master = Auto; /* depending on _domain_logons */
780 Globals._domain_logons = false;
781 Globals.browse_list = true;
782 Globals.we_are_a_wins_server = false;
783 Globals.wins_proxy = false;
785 TALLOC_FREE(Globals.init_logon_delayed_hosts);
786 Globals.init_logon_delay = 100; /* 100 ms default delay */
788 Globals.wins_dns_proxy = true;
790 Globals.allow_trusted_domains = true;
791 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
793 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
794 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
796 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
797 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
798 dyn_WINBINDD_SOCKET_DIR);
800 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
801 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
803 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
805 Globals.cluster_addresses = NULL;
806 Globals.clustering = false;
807 Globals.ctdb_timeout = 0;
808 Globals.ctdb_locktime_warn_threshold = 0;
810 Globals.winbind_cache_time = 300; /* 5 minutes */
811 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
812 Globals.winbind_request_timeout = 60; /* 60 seconds */
813 Globals.winbind_max_clients = 200;
814 Globals.winbind_enum_users = false;
815 Globals.winbind_enum_groups = false;
816 Globals.winbind_use_default_domain = false;
817 Globals.winbind_nested_groups = true;
818 Globals.winbind_expand_groups = 0;
819 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
820 Globals.winbind_refresh_tickets = false;
821 Globals.winbind_offline_logon = false;
822 Globals.winbind_scan_trusted_domains = false;
824 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
825 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
827 Globals.passdb_expand_explicit = false;
829 Globals.name_cache_timeout = 660; /* In seconds */
831 Globals.client_use_spnego = true;
833 Globals.client_signing = SMB_SIGNING_DEFAULT;
834 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
835 Globals.server_signing = SMB_SIGNING_DEFAULT;
837 Globals.defer_sharing_violations = true;
838 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
840 Globals.enable_privileges = true;
841 Globals.host_msdfs = true;
842 Globals.enable_asu_support = false;
844 /* User defined shares. */
845 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
847 smb_panic("init_globals: ENOMEM");
849 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
851 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
852 Globals.usershare_max_shares = 0;
853 /* By default disallow sharing of directories not owned by the sharer. */
854 Globals.usershare_owner_only = true;
855 /* By default disallow guest access to usershares. */
856 Globals.usershare_allow_guests = false;
858 Globals.keepalive = DEFAULT_KEEPALIVE;
860 /* By default no shares out of the registry */
861 Globals.registry_shares = false;
863 Globals.min_receivefile_size = 0;
865 Globals.multicast_dns_register = true;
867 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
868 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
869 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
870 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
871 Globals.smb2_leases = true;
872 Globals.server_multi_channel_support = true;
874 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
875 get_dyn_NCALRPCDIR());
877 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
879 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
881 Globals.tls_enabled = true;
882 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
884 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
885 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
886 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
887 lpcfg_string_set(Globals.ctx,
888 &Globals.tls_priority,
889 "NORMAL:-VERS-SSL3.0");
891 Globals._preferred_master = Auto;
893 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
894 Globals.dns_zone_scavenging = false;
896 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
897 get_dyn_NTP_SIGND_SOCKET_DIR());
899 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
901 smb_panic("init_globals: ENOMEM");
903 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
907 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
910 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
912 smb_panic("init_globals: ENOMEM");
914 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
917 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
919 smb_panic("init_globals: ENOMEM");
921 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
924 Globals.apply_group_policies = false;
926 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
928 smb_panic("init_globals: ENOMEM");
930 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
933 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
935 Globals.cldap_port = 389;
937 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
939 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
941 Globals.krb5_port = 88;
943 Globals.kpasswd_port = 464;
945 Globals.kdc_enable_fast = true;
947 Globals.aio_max_threads = 100;
949 lpcfg_string_set(Globals.ctx,
950 &Globals.rpc_server_dynamic_port_range,
952 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
953 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
954 Globals.prefork_children = 4;
955 Globals.prefork_backoff_increment = 10;
956 Globals.prefork_maximum_backoff = 120;
958 Globals.ldap_max_anonymous_request_size = 256000;
959 Globals.ldap_max_authenticated_request_size = 16777216;
960 Globals.ldap_max_search_request_size = 256000;
962 /* Async DNS query timeout (in seconds). */
963 Globals.async_dns_timeout = 10;
965 Globals.client_smb_encrypt = SMB_ENCRYPTION_DEFAULT;
967 Globals._client_use_kerberos = CRED_USE_KERBEROS_DESIRED;
969 Globals.client_protection = CRED_CLIENT_PROTECTION_DEFAULT;
971 Globals.winbind_use_krb5_enterprise_principals = true;
973 Globals.client_smb3_signing_algorithms =
974 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
975 Globals.server_smb3_signing_algorithms =
976 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
978 Globals.client_smb3_encryption_algorithms =
979 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
980 Globals.server_smb3_encryption_algorithms =
981 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
983 Globals.min_domain_uid = 1000;
986 * By default allow smbd and winbindd to start samba-dcerpcd as
987 * a named-pipe helper.
989 Globals.rpc_start_on_demand_helpers = true;
991 /* Now put back the settings that were set with lp_set_cmdline() */
992 apply_lp_set_cmdline();
995 /* Convenience routine to setup an lp_context with additional s3 variables */
996 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
998 struct loadparm_context *lp_ctx;
1000 lp_ctx = loadparm_init_s3(mem_ctx,
1001 loadparm_s3_helpers());
1002 if (lp_ctx == NULL) {
1003 DEBUG(0, ("loadparm_init_s3 failed\n"));
1007 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
1008 if (lp_ctx->sDefault == NULL) {
1009 DBG_ERR("talloc_zero failed\n");
1010 TALLOC_FREE(lp_ctx);
1014 *lp_ctx->sDefault = _sDefault;
1015 lp_ctx->services = NULL; /* We do not want to access this directly */
1016 lp_ctx->bInGlobalSection = bInGlobalSection;
1017 lp_ctx->flags = flags_list;
1022 /*******************************************************************
1023 Convenience routine to grab string parameters into talloced memory
1024 and run standard_sub_basic on them. The buffers can be written to by
1025 callers without affecting the source string.
1026 ********************************************************************/
1028 static char *loadparm_s3_global_substitution_fn(
1029 TALLOC_CTX *mem_ctx,
1030 const struct loadparm_substitution *lp_sub,
1036 /* The follow debug is useful for tracking down memory problems
1037 especially if you have an inner loop that is calling a lp_*()
1038 function that returns a string. Perhaps this debug should be
1039 present all the time? */
1042 DEBUG(10, ("lp_string(%s)\n", s));
1048 ret = talloc_sub_basic(mem_ctx,
1049 get_current_username(),
1050 current_user_info.domain,
1052 if (trim_char(ret, '\"', '\"')) {
1053 if (strchr(ret,'\"') != NULL) {
1055 ret = talloc_sub_basic(mem_ctx,
1056 get_current_username(),
1057 current_user_info.domain,
1064 static const struct loadparm_substitution s3_global_substitution = {
1065 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1068 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1070 return &s3_global_substitution;
1074 In this section all the functions that are used to access the
1075 parameters from the rest of the program are defined
1078 #define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
1079 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
1080 {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
1081 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1082 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1083 #define FN_GLOBAL_LIST(fn_name,ptr) \
1084 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1085 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1086 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1087 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1088 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1089 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1090 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1092 #define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
1093 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
1094 {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1095 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1096 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1097 #define FN_LOCAL_LIST(fn_name,val) \
1098 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1099 #define FN_LOCAL_BOOL(fn_name,val) \
1100 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1101 #define FN_LOCAL_INTEGER(fn_name,val) \
1102 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1104 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1105 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1106 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1107 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1108 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1109 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1111 int lp_winbind_max_domain_connections(void)
1113 if (lp_winbind_offline_logon() &&
1114 lp__winbind_max_domain_connections() > 1) {
1115 DEBUG(1, ("offline logons active, restricting max domain "
1116 "connections to 1\n"));
1119 return MAX(1, lp__winbind_max_domain_connections());
1122 /* These functions remain in source3/param for now */
1124 #include "lib/param/param_functions.c"
1126 FN_LOCAL_SUBSTITUTED_STRING(servicename, szService)
1127 FN_LOCAL_CONST_STRING(const_servicename, szService)
1129 /* These functions cannot be auto-generated */
1130 FN_LOCAL_BOOL(autoloaded, autoloaded)
1131 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1133 /* local prototypes */
1135 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1136 static const char *get_boolean(bool bool_value);
1137 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1139 static bool hash_a_service(const char *name, int number);
1140 static void free_service_byindex(int iService);
1141 static void show_parameter(int parmIndex);
1142 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1143 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1146 * This is a helper function for parametrical options support. It returns a
1147 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1148 * parametrical functions are quite simple
1150 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1153 if (snum >= iNumServices) return NULL;
1156 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1158 return get_parametric_helper(ServicePtrs[snum],
1159 type, option, Globals.param_opt);
1163 static void discard_whitespace(char *str)
1165 size_t len = strlen(str);
1169 if (isspace(str[i])) {
1170 memmove(&str[i], &str[i+1], len-i);
1179 * @brief Go through all global parametric parameters
1181 * @param regex_str A regular expression to scan param for
1182 * @param max_matches Max number of submatches the regexp expects
1183 * @param cb Function to call on match. Should return true
1184 * when it wants wi_scan_global_parametrics to stop
1186 * @param private_data Anonymous pointer passed to cb
1188 * @return 0: success, regcomp/regexec return value on error.
1189 * See "man regexec" for possible errors
1192 int lp_wi_scan_global_parametrics(
1193 const char *regex_str, size_t max_matches,
1194 bool (*cb)(const char *string, regmatch_t matches[],
1195 void *private_data),
1198 struct parmlist_entry *data;
1202 ret = regcomp(®ex, regex_str, REG_ICASE);
1207 for (data = Globals.param_opt; data != NULL; data = data->next) {
1208 size_t keylen = strlen(data->key);
1210 regmatch_t matches[max_matches];
1213 memcpy(key, data->key, sizeof(key));
1214 discard_whitespace(key);
1216 ret = regexec(®ex, key, max_matches, matches, 0);
1217 if (ret == REG_NOMATCH) {
1224 stop = cb(key, matches, private_data);
1237 #define MISSING_PARAMETER(name) \
1238 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1240 /*******************************************************************
1241 convenience routine to return enum parameters.
1242 ********************************************************************/
1243 static int lp_enum(const char *s,const struct enum_list *_enum)
1247 if (!s || !*s || !_enum) {
1248 MISSING_PARAMETER(lp_enum);
1252 for (i=0; _enum[i].name; i++) {
1253 if (strequal(_enum[i].name,s))
1254 return _enum[i].value;
1257 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1261 #undef MISSING_PARAMETER
1263 /* Return parametric option from a given service. Type is a part of option before ':' */
1264 /* Parametric option has following syntax: 'Type: option = value' */
1265 char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
1266 const struct loadparm_substitution *lp_sub,
1272 struct parmlist_entry *data = get_parametrics(snum, type, option);
1274 SMB_ASSERT(lp_sub != NULL);
1276 if (data == NULL||data->value==NULL) {
1278 return lpcfg_substituted_string(mem_ctx, lp_sub, def);
1284 return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
1287 /* Return parametric option from a given service. Type is a part of option before ':' */
1288 /* Parametric option has following syntax: 'Type: option = value' */
1289 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1291 struct parmlist_entry *data = get_parametrics(snum, type, option);
1293 if (data == NULL||data->value==NULL)
1300 /* Return parametric option from a given service. Type is a part of option before ':' */
1301 /* Parametric option has following syntax: 'Type: option = value' */
1303 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1305 struct parmlist_entry *data = get_parametrics(snum, type, option);
1307 if (data == NULL||data->value==NULL)
1308 return (const char **)def;
1310 if (data->list==NULL) {
1311 data->list = str_list_make_v3(NULL, data->value, NULL);
1314 return discard_const_p(const char *, data->list);
1317 /* Return parametric option from a given service. Type is a part of option before ':' */
1318 /* Parametric option has following syntax: 'Type: option = value' */
1320 int lp_parm_int(int snum, const char *type, const char *option, int def)
1322 struct parmlist_entry *data = get_parametrics(snum, type, option);
1324 if (data && data->value && *data->value)
1325 return lp_int(data->value);
1330 /* Return parametric option from a given service. Type is a part of option before ':' */
1331 /* Parametric option has following syntax: 'Type: option = value' */
1333 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1335 struct parmlist_entry *data = get_parametrics(snum, type, option);
1337 if (data && data->value && *data->value)
1338 return lp_ulong(data->value);
1343 /* Return parametric option from a given service. Type is a part of option before ':' */
1344 /* Parametric option has following syntax: 'Type: option = value' */
1346 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1347 const char *option, unsigned long long def)
1349 struct parmlist_entry *data = get_parametrics(snum, type, option);
1351 if (data && data->value && *data->value) {
1352 return lp_ulonglong(data->value);
1358 /* Return parametric option from a given service. Type is a part of option
1360 /* Parametric option has following syntax: 'Type: option = value' */
1362 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1364 struct parmlist_entry *data = get_parametrics(snum, type, option);
1366 if (data && data->value && *data->value)
1367 return lp_bool(data->value);
1372 /* Return parametric option from a given service. Type is a part of option before ':' */
1373 /* Parametric option has following syntax: 'Type: option = value' */
1375 int lp_parm_enum(int snum, const char *type, const char *option,
1376 const struct enum_list *_enum, int def)
1378 struct parmlist_entry *data = get_parametrics(snum, type, option);
1380 if (data && data->value && *data->value && _enum)
1381 return lp_enum(data->value, _enum);
1387 * free a param_opts structure.
1388 * param_opts handling should be moved to talloc;
1389 * then this whole functions reduces to a TALLOC_FREE().
1392 static void free_param_opts(struct parmlist_entry **popts)
1394 struct parmlist_entry *opt, *next_opt;
1396 if (*popts != NULL) {
1397 DEBUG(5, ("Freeing parametrics:\n"));
1400 while (opt != NULL) {
1401 lpcfg_string_free(&opt->key);
1402 lpcfg_string_free(&opt->value);
1403 TALLOC_FREE(opt->list);
1404 next_opt = opt->next;
1411 /***************************************************************************
1412 Free the dynamically allocated parts of a service struct.
1413 ***************************************************************************/
1415 static void free_service(struct loadparm_service *pservice)
1420 if (pservice->szService)
1421 DEBUG(5, ("free_service: Freeing service %s\n",
1422 pservice->szService));
1424 free_parameters(pservice);
1426 lpcfg_string_free(&pservice->szService);
1427 TALLOC_FREE(pservice->copymap);
1429 free_param_opts(&pservice->param_opt);
1431 ZERO_STRUCTP(pservice);
1435 /***************************************************************************
1436 remove a service indexed in the ServicePtrs array from the ServiceHash
1437 and free the dynamically allocated parts
1438 ***************************************************************************/
1440 static void free_service_byindex(int idx)
1442 if ( !LP_SNUM_OK(idx) )
1445 ServicePtrs[idx]->valid = false;
1447 /* we have to cleanup the hash record */
1449 if (ServicePtrs[idx]->szService) {
1450 char *canon_name = canonicalize_servicename(
1452 ServicePtrs[idx]->szService );
1454 dbwrap_delete_bystring(ServiceHash, canon_name );
1455 TALLOC_FREE(canon_name);
1458 free_service(ServicePtrs[idx]);
1459 TALLOC_FREE(ServicePtrs[idx]);
1462 /***************************************************************************
1463 Add a new service to the services array initialising it with the given
1465 ***************************************************************************/
1467 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1470 struct loadparm_service **tsp = NULL;
1472 /* it might already exist */
1474 i = getservicebyname(name, NULL);
1480 /* Re use empty slots if any before allocating new one.*/
1481 for (i=0; i < iNumServices; i++) {
1482 if (ServicePtrs[i] == NULL) {
1486 if (i == iNumServices) {
1487 /* if not, then create one */
1488 tsp = talloc_realloc(NULL, ServicePtrs,
1489 struct loadparm_service *,
1492 DEBUG(0, ("add_a_service: failed to enlarge "
1499 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1500 if (!ServicePtrs[i]) {
1501 DEBUG(0,("add_a_service: out of memory!\n"));
1505 ServicePtrs[i]->valid = true;
1507 copy_service(ServicePtrs[i], pservice, NULL);
1509 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1512 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1513 i, ServicePtrs[i]->szService));
1515 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1522 /***************************************************************************
1523 Convert a string to uppercase and remove whitespaces.
1524 ***************************************************************************/
1526 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1531 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1535 result = talloc_strdup(ctx, src);
1536 SMB_ASSERT(result != NULL);
1538 if (!strlower_m(result)) {
1539 TALLOC_FREE(result);
1545 /***************************************************************************
1546 Add a name/index pair for the services array to the hash table.
1547 ***************************************************************************/
1549 static bool hash_a_service(const char *name, int idx)
1553 if ( !ServiceHash ) {
1554 DEBUG(10,("hash_a_service: creating servicehash\n"));
1555 ServiceHash = db_open_rbt(NULL);
1556 if ( !ServiceHash ) {
1557 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1562 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1565 canon_name = canonicalize_servicename(talloc_tos(), name );
1567 dbwrap_store_bystring(ServiceHash, canon_name,
1568 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1571 TALLOC_FREE(canon_name);
1576 /***************************************************************************
1577 Add a new home service, with the specified home directory, defaults coming
1579 ***************************************************************************/
1581 bool lp_add_home(const char *pszHomename, int iDefaultService,
1582 const char *user, const char *pszHomedir)
1584 const struct loadparm_substitution *lp_sub =
1585 loadparm_s3_global_substitution();
1589 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1590 pszHomedir[0] == '\0') {
1594 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1599 global_path = lp_path(talloc_tos(), lp_sub, GLOBAL_SECTION_SNUM);
1600 if (!(*(ServicePtrs[iDefaultService]->path))
1601 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1602 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1605 TALLOC_FREE(global_path);
1607 if (!(*(ServicePtrs[i]->comment))) {
1608 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1609 if (comment == NULL) {
1612 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1614 TALLOC_FREE(comment);
1617 /* set the browseable flag from the global default */
1619 ServicePtrs[i]->browseable = sDefault.browseable;
1620 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1622 ServicePtrs[i]->autoloaded = true;
1624 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1625 user, ServicePtrs[i]->path ));
1630 /***************************************************************************
1631 Add a new service, based on an old one.
1632 ***************************************************************************/
1634 int lp_add_service(const char *pszService, int iDefaultService)
1636 if (iDefaultService < 0) {
1637 return add_a_service(&sDefault, pszService);
1640 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1643 /***************************************************************************
1644 Add the IPC service.
1645 ***************************************************************************/
1647 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1649 char *comment = NULL;
1650 int i = add_a_service(&sDefault, ipc_name);
1655 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1656 Globals.server_string);
1657 if (comment == NULL) {
1661 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1662 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1663 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1664 ServicePtrs[i]->max_connections = 0;
1665 ServicePtrs[i]->available = true;
1666 ServicePtrs[i]->read_only = true;
1667 ServicePtrs[i]->guest_only = false;
1668 ServicePtrs[i]->administrative_share = true;
1669 ServicePtrs[i]->guest_ok = guest_ok;
1670 ServicePtrs[i]->printable = false;
1671 ServicePtrs[i]->browseable = sDefault.browseable;
1672 ServicePtrs[i]->autoloaded = false;
1674 DEBUG(3, ("adding IPC service\n"));
1676 TALLOC_FREE(comment);
1680 /***************************************************************************
1681 Add a new printer service, with defaults coming from service iFrom.
1682 ***************************************************************************/
1684 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1686 const char *comment = "From Printcap";
1687 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1692 /* note that we do NOT default the availability flag to true - */
1693 /* we take it from the default service passed. This allows all */
1694 /* dynamic printers to be disabled by disabling the [printers] */
1695 /* entry (if/when the 'available' keyword is implemented!). */
1697 /* the printer name is set to the service name. */
1698 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1700 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1702 /* set the browseable flag from the gloabl default */
1703 ServicePtrs[i]->browseable = sDefault.browseable;
1705 /* Printers cannot be read_only. */
1706 ServicePtrs[i]->read_only = false;
1707 /* No oplocks on printer services. */
1708 ServicePtrs[i]->oplocks = false;
1709 /* Printer services must be printable. */
1710 ServicePtrs[i]->printable = true;
1712 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1718 /***************************************************************************
1719 Check whether the given parameter name is valid.
1720 Parametric options (names containing a colon) are considered valid.
1721 ***************************************************************************/
1723 bool lp_parameter_is_valid(const char *pszParmName)
1725 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1726 (strchr(pszParmName, ':') != NULL));
1729 /***************************************************************************
1730 Check whether the given name is the name of a global parameter.
1731 Returns true for strings belonging to parameters of class
1732 P_GLOBAL, false for all other strings, also for parametric options
1733 and strings not belonging to any option.
1734 ***************************************************************************/
1736 bool lp_parameter_is_global(const char *pszParmName)
1738 int num = lpcfg_map_parameter(pszParmName);
1741 return (parm_table[num].p_class == P_GLOBAL);
1747 /**************************************************************************
1748 Determine the canonical name for a parameter.
1749 Indicate when it is an inverse (boolean) synonym instead of a
1751 **************************************************************************/
1753 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1758 if (!lp_parameter_is_valid(parm_name)) {
1763 num = map_parameter_canonical(parm_name, inverse);
1765 /* parametric option */
1766 *canon_parm = parm_name;
1768 *canon_parm = parm_table[num].label;
1775 /**************************************************************************
1776 Determine the canonical name for a parameter.
1777 Turn the value given into the inverse boolean expression when
1778 the synonym is an invers boolean synonym.
1781 - parm_name is a valid parameter name and
1782 - val is a valid value for this parameter and
1783 - in case the parameter is an inverse boolean synonym, if the val
1784 string could successfully be converted to the reverse bool.
1785 Return false in all other cases.
1786 **************************************************************************/
1788 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1790 const char **canon_parm,
1791 const char **canon_val)
1797 if (!lp_parameter_is_valid(parm_name)) {
1803 num = map_parameter_canonical(parm_name, &inverse);
1805 /* parametric option */
1806 *canon_parm = parm_name;
1811 *canon_parm = parm_table[num].label;
1813 if (!lp_invert_boolean(val, canon_val)) {
1821 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1826 /***************************************************************************
1827 Map a parameter's string representation to the index of the canonical
1828 form of the parameter (it might be a synonym).
1829 Returns -1 if the parameter string is not recognised.
1830 ***************************************************************************/
1832 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1834 int parm_num, canon_num;
1835 bool loc_inverse = false;
1837 parm_num = lpcfg_map_parameter(pszParmName);
1838 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1839 /* invalid, parametric or no canidate for synonyms ... */
1843 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1844 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1845 parm_num = canon_num;
1851 if (inverse != NULL) {
1852 *inverse = loc_inverse;
1857 /***************************************************************************
1858 return true if parameter number parm1 is a synonym of parameter
1859 number parm2 (parm2 being the principal name).
1860 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1862 ***************************************************************************/
1864 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1866 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1867 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1868 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1869 !(parm_table[parm2].flags & FLAG_SYNONYM))
1871 if (inverse != NULL) {
1872 if ((parm_table[parm1].type == P_BOOLREV) &&
1873 (parm_table[parm2].type == P_BOOL))
1885 /***************************************************************************
1886 Show one parameter's name, type, [values,] and flags.
1887 (helper functions for show_parameter_list)
1888 ***************************************************************************/
1890 static void show_parameter(int parmIndex)
1892 size_t enumIndex, flagIndex;
1897 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1898 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1899 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1900 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1901 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1903 printf("%s=%s", parm_table[parmIndex].label,
1904 type[parm_table[parmIndex].type]);
1905 if (parm_table[parmIndex].type == P_ENUM) {
1908 parm_table[parmIndex].enum_list[enumIndex].name;
1912 enumIndex ? "|" : "",
1913 parm_table[parmIndex].enum_list[enumIndex].name);
1918 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1919 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1922 flag_names[flagIndex]);
1927 /* output synonyms */
1929 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1930 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1931 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1932 parm_table[parmIndex2].label);
1933 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1935 printf(" (synonyms: ");
1940 printf("%s%s", parm_table[parmIndex2].label,
1941 inverse ? "[i]" : "");
1952 * Check the value for a P_ENUM
1954 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1958 for (i = 0; parm->enum_list[i].name; i++) {
1959 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1966 /**************************************************************************
1967 Check whether the given value is valid for the given parameter name.
1968 **************************************************************************/
1970 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1972 bool ret = false, tmp_bool;
1973 int num = lpcfg_map_parameter(parm_name), tmp_int;
1974 uint64_t tmp_int64 = 0;
1975 struct parm_struct *parm;
1977 /* parametric options (parameter names containing a colon) cannot
1978 be checked and are therefore considered valid. */
1979 if (strchr(parm_name, ':') != NULL) {
1984 parm = &parm_table[num];
1985 switch (parm->type) {
1988 ret = set_boolean(val, &tmp_bool);
1992 ret = (sscanf(val, "%d", &tmp_int) == 1);
1996 ret = (sscanf(val, "%o", &tmp_int) == 1);
2000 ret = check_enum_parameter(parm, val);
2004 if (conv_str_size_error(val, &tmp_int64) &&
2005 tmp_int64 <= INT_MAX) {
2022 /***************************************************************************
2023 Show all parameter's name, type, [values,] and flags.
2024 ***************************************************************************/
2026 void show_parameter_list(void)
2028 int classIndex, parmIndex;
2029 const char *section_names[] = { "local", "global", NULL};
2031 for (classIndex=0; section_names[classIndex]; classIndex++) {
2032 printf("[%s]\n", section_names[classIndex]);
2033 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
2034 if (parm_table[parmIndex].p_class == classIndex) {
2035 show_parameter(parmIndex);
2041 /***************************************************************************
2042 Get the standard string representation of a boolean value ("yes" or "no")
2043 ***************************************************************************/
2045 static const char *get_boolean(bool bool_value)
2047 static const char *yes_str = "yes";
2048 static const char *no_str = "no";
2050 return (bool_value ? yes_str : no_str);
2053 /***************************************************************************
2054 Provide the string of the negated boolean value associated to the boolean
2055 given as a string. Returns false if the passed string does not correctly
2056 represent a boolean.
2057 ***************************************************************************/
2059 bool lp_invert_boolean(const char *str, const char **inverse_str)
2063 if (!set_boolean(str, &val)) {
2067 *inverse_str = get_boolean(!val);
2071 /***************************************************************************
2072 Provide the canonical string representation of a boolean value given
2073 as a string. Return true on success, false if the string given does
2074 not correctly represent a boolean.
2075 ***************************************************************************/
2077 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2081 if (!set_boolean(str, &val)) {
2085 *canon_str = get_boolean(val);
2089 /***************************************************************************
2090 Find a service by name. Otherwise works like get_service.
2091 ***************************************************************************/
2093 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2100 if (ServiceHash == NULL) {
2104 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2106 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2109 if (NT_STATUS_IS_OK(status) &&
2110 (data.dptr != NULL) &&
2111 (data.dsize == sizeof(iService)))
2113 memcpy(&iService, data.dptr, sizeof(iService));
2116 TALLOC_FREE(canon_name);
2118 if ((iService != -1) && (LP_SNUM_OK(iService))
2119 && (pserviceDest != NULL)) {
2120 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2126 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2127 struct loadparm_service *lp_service(const char *pszServiceName)
2129 int iService = getservicebyname(pszServiceName, NULL);
2130 if (iService == -1 || !LP_SNUM_OK(iService)) {
2133 return ServicePtrs[iService];
2136 struct loadparm_service *lp_servicebynum(int snum)
2138 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2141 return ServicePtrs[snum];
2144 struct loadparm_service *lp_default_loadparm_service()
2149 static struct smbconf_ctx *lp_smbconf_ctx(void)
2152 static struct smbconf_ctx *conf_ctx = NULL;
2154 if (conf_ctx == NULL) {
2155 err = smbconf_init(NULL, &conf_ctx, "registry:");
2156 if (!SBC_ERROR_IS_OK(err)) {
2157 DEBUG(1, ("error initializing registry configuration: "
2158 "%s\n", sbcErrorString(err)));
2166 static bool process_smbconf_service(struct smbconf_service *service)
2171 if (service == NULL) {
2175 ret = lp_do_section(service->name, NULL);
2179 for (count = 0; count < service->num_params; count++) {
2181 if (!bInGlobalSection && bGlobalOnly) {
2184 const char *pszParmName = service->param_names[count];
2185 const char *pszParmValue = service->param_values[count];
2187 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2189 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2190 pszParmName, pszParmValue);
2197 if (iServiceIndex >= 0) {
2198 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2204 * load a service from registry and activate it
2206 bool process_registry_service(const char *service_name)
2209 struct smbconf_service *service = NULL;
2210 TALLOC_CTX *mem_ctx = talloc_stackframe();
2211 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2214 if (conf_ctx == NULL) {
2218 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2220 if (!smbconf_share_exists(conf_ctx, service_name)) {
2222 * Registry does not contain data for this service (yet),
2223 * but make sure lp_load doesn't return false.
2229 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2230 if (!SBC_ERROR_IS_OK(err)) {
2234 ret = process_smbconf_service(service);
2240 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2243 TALLOC_FREE(mem_ctx);
2248 * process_registry_globals
2250 static bool process_registry_globals(void)
2254 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2256 if (!bInGlobalSection && bGlobalOnly) {
2259 const char *pszParmName = "registry shares";
2260 const char *pszParmValue = "yes";
2262 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2264 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2265 pszParmName, pszParmValue);
2272 return process_registry_service(GLOBAL_NAME);
2275 bool process_registry_shares(void)
2279 struct smbconf_service **service = NULL;
2280 uint32_t num_shares = 0;
2281 TALLOC_CTX *mem_ctx = talloc_stackframe();
2282 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2285 if (conf_ctx == NULL) {
2289 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2290 if (!SBC_ERROR_IS_OK(err)) {
2296 for (count = 0; count < num_shares; count++) {
2297 if (strequal(service[count]->name, GLOBAL_NAME)) {
2300 ret = process_smbconf_service(service[count]);
2307 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2310 TALLOC_FREE(mem_ctx);
2315 * reload those shares from registry that are already
2316 * activated in the services array.
2318 static bool reload_registry_shares(void)
2323 for (i = 0; i < iNumServices; i++) {
2328 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2332 ret = process_registry_service(ServicePtrs[i]->szService);
2343 #define MAX_INCLUDE_DEPTH 100
2345 static uint8_t include_depth;
2348 * Free the file lists
2350 static void free_file_list(void)
2352 struct file_lists *f;
2353 struct file_lists *next;
2366 * Utility function for outsiders to check if we're running on registry.
2368 bool lp_config_backend_is_registry(void)
2370 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2374 * Utility function to check if the config backend is FILE.
2376 bool lp_config_backend_is_file(void)
2378 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2381 /*******************************************************************
2382 Check if a config file has changed date.
2383 ********************************************************************/
2385 bool lp_file_list_changed(void)
2387 struct file_lists *f = file_lists;
2389 DEBUG(6, ("lp_file_list_changed()\n"));
2392 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2393 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2395 if (conf_ctx == NULL) {
2398 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2401 DEBUGADD(6, ("registry config changed\n"));
2408 n2 = talloc_sub_basic(talloc_tos(),
2409 get_current_username(),
2410 current_user_info.domain,
2415 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2416 f->name, n2, ctime(&f->modtime)));
2418 mod_time = file_modtime(n2);
2421 ((f->modtime != mod_time) ||
2422 (f->subfname == NULL) ||
2423 (strcmp(n2, f->subfname) != 0)))
2426 ("file %s modified: %s\n", n2,
2428 f->modtime = mod_time;
2429 TALLOC_FREE(f->subfname);
2430 f->subfname = talloc_strdup(f, n2);
2431 if (f->subfname == NULL) {
2432 smb_panic("talloc_strdup failed");
2446 * Initialize iconv conversion descriptors.
2448 * This is called the first time it is needed, and also called again
2449 * every time the configuration is reloaded, because the charset or
2450 * codepage might have changed.
2452 static void init_iconv(void)
2454 struct smb_iconv_handle *ret = NULL;
2456 ret = reinit_iconv_handle(NULL,
2460 smb_panic("reinit_iconv_handle failed");
2464 /***************************************************************************
2465 Handle the include operation.
2466 ***************************************************************************/
2467 static bool bAllowIncludeRegistry = true;
2469 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2470 const char *pszParmValue, char **ptr)
2474 if (include_depth >= MAX_INCLUDE_DEPTH) {
2475 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2480 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2481 if (!bAllowIncludeRegistry) {
2484 if (lp_ctx->bInGlobalSection) {
2487 ret = process_registry_globals();
2491 DEBUG(1, ("\"include = registry\" only effective "
2492 "in %s section\n", GLOBAL_NAME));
2497 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2498 current_user_info.domain,
2501 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2503 if (service == NULL) {
2504 lpcfg_string_set(Globals.ctx, ptr, fname);
2506 lpcfg_string_set(service, ptr, fname);
2509 if (file_exist(fname)) {
2512 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2518 DEBUG(2, ("Can't find include file %s\n", fname));
2523 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2525 char *config_option = NULL;
2526 const char *range = NULL;
2529 SMB_ASSERT(low != NULL);
2530 SMB_ASSERT(high != NULL);
2532 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2536 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2538 if (config_option == NULL) {
2539 DEBUG(0, ("out of memory\n"));
2543 range = lp_parm_const_string(-1, config_option, "range", NULL);
2544 if (range == NULL) {
2545 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2549 if (sscanf(range, "%u - %u", low, high) != 2) {
2550 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2551 range, domain_name));
2558 talloc_free(config_option);
2563 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2565 return lp_idmap_range("*", low, high);
2568 const char *lp_idmap_backend(const char *domain_name)
2570 char *config_option = NULL;
2571 const char *backend = NULL;
2573 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2577 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2579 if (config_option == NULL) {
2580 DEBUG(0, ("out of memory\n"));
2584 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2585 if (backend == NULL) {
2586 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2591 talloc_free(config_option);
2595 const char *lp_idmap_default_backend(void)
2597 return lp_idmap_backend("*");
2600 /***************************************************************************
2601 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2602 ***************************************************************************/
2604 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2606 const char *suffix_string;
2608 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2609 Globals.ldap_suffix );
2610 if ( !suffix_string ) {
2611 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2615 return suffix_string;
2618 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2620 if (Globals._ldap_machine_suffix[0])
2621 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2623 return talloc_strdup(ctx, Globals.ldap_suffix);
2626 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2628 if (Globals._ldap_user_suffix[0])
2629 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2631 return talloc_strdup(ctx, Globals.ldap_suffix);
2634 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2636 if (Globals._ldap_group_suffix[0])
2637 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2639 return talloc_strdup(ctx, Globals.ldap_suffix);
2642 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2644 if (Globals._ldap_idmap_suffix[0])
2645 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2647 return talloc_strdup(ctx, Globals.ldap_suffix);
2651 return the parameter pointer for a parameter
2653 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2655 if (service == NULL) {
2656 if (parm->p_class == P_LOCAL)
2657 return (void *)(((char *)&sDefault)+parm->offset);
2658 else if (parm->p_class == P_GLOBAL)
2659 return (void *)(((char *)&Globals)+parm->offset);
2662 return (void *)(((char *)service) + parm->offset);
2666 /***************************************************************************
2667 Process a parameter for a particular service number. If snum < 0
2668 then assume we are in the globals.
2669 ***************************************************************************/
2671 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2673 TALLOC_CTX *frame = talloc_stackframe();
2674 struct loadparm_context *lp_ctx;
2677 lp_ctx = setup_lp_context(frame);
2678 if (lp_ctx == NULL) {
2684 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2686 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2687 pszParmName, pszParmValue);
2695 /***************************************************************************
2696 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2697 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2698 ***************************************************************************/
2700 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2703 parmnum = lpcfg_map_parameter(pszParmName);
2705 flags_list[parmnum] &= ~FLAG_CMDLINE;
2706 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2709 flags_list[parmnum] |= FLAG_CMDLINE;
2711 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2712 * be grouped in the table, so we don't have to search the
2715 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2716 && parm_table[i].p_class == parm_table[parmnum].p_class;
2718 flags_list[i] |= FLAG_CMDLINE;
2720 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2721 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2722 flags_list[i] |= FLAG_CMDLINE;
2728 /* it might be parametric */
2729 if (strchr(pszParmName, ':') != NULL) {
2730 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2734 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2738 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2741 TALLOC_CTX *frame = talloc_stackframe();
2742 struct loadparm_context *lp_ctx;
2744 lp_ctx = setup_lp_context(frame);
2745 if (lp_ctx == NULL) {
2750 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2756 /***************************************************************************
2757 Process a parameter.
2758 ***************************************************************************/
2760 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2763 if (!bInGlobalSection && bGlobalOnly)
2766 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2768 if (bInGlobalSection) {
2769 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2771 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2772 pszParmName, pszParmValue);
2777 static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
2780 * check that @vfs_objects includes all vfs modules required by an AD DC.
2782 static bool check_ad_dc_required_mods(const char **vfs_objects)
2788 for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
2790 for (j = 0; vfs_objects[j] != NULL; j++) {
2791 if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
2797 DEBUG(0, ("vfs objects specified without required AD "
2798 "DC module: %s\n", ad_dc_req_vfs_mods[i]));
2803 DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
2808 /***************************************************************************
2809 Initialize any local variables in the sDefault table, after parsing a
2811 ***************************************************************************/
2813 static void init_locals(void)
2816 * We run this check once the [globals] is parsed, to force
2817 * the VFS objects and other per-share settings we need for
2818 * the standard way a AD DC is operated. We may change these
2819 * as our code evolves, which is why we force these settings.
2821 * We can't do this at the end of lp_load_ex(), as by that
2822 * point the services have been loaded and they will already
2823 * have "" as their vfs objects.
2825 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2826 const char **vfs_objects = lp_vfs_objects(-1);
2827 if (vfs_objects != NULL) {
2828 /* ignore return, only warn if modules are missing */
2829 check_ad_dc_required_mods(vfs_objects);
2831 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2832 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2833 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2834 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2836 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2840 lp_do_parameter(-1, "map hidden", "no");
2841 lp_do_parameter(-1, "map system", "no");
2842 lp_do_parameter(-1, "map readonly", "no");
2843 lp_do_parameter(-1, "map archive", "no");
2844 lp_do_parameter(-1, "store dos attributes", "yes");
2848 /***************************************************************************
2849 Process a new section (service). At this stage all sections are services.
2850 Later we'll have special sections that permit server parameters to be set.
2851 Returns true on success, false on failure.
2852 ***************************************************************************/
2854 bool lp_do_section(const char *pszSectionName, void *userdata)
2856 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2858 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2859 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2861 /* if we were in a global section then do the local inits */
2862 if (bInGlobalSection && !isglobal)
2865 /* if we've just struck a global section, note the fact. */
2866 bInGlobalSection = isglobal;
2867 if (lp_ctx != NULL) {
2868 lp_ctx->bInGlobalSection = isglobal;
2871 /* check for multiple global sections */
2872 if (bInGlobalSection) {
2873 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2877 if (!bInGlobalSection && bGlobalOnly)
2880 /* if we have a current service, tidy it up before moving on */
2883 if (iServiceIndex >= 0)
2884 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2886 /* if all is still well, move to the next record in the services array */
2888 /* We put this here to avoid an odd message order if messages are */
2889 /* issued by the post-processing of a previous section. */
2890 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2892 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2893 if (iServiceIndex < 0) {
2894 DEBUG(0, ("Failed to add a new service\n"));
2897 /* Clean all parametric options for service */
2898 /* They will be added during parsing again */
2899 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2905 /***************************************************************************
2906 Display the contents of a parameter of a single services record.
2907 ***************************************************************************/
2909 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2911 bool result = false;
2912 struct loadparm_context *lp_ctx;
2914 lp_ctx = setup_lp_context(talloc_tos());
2915 if (lp_ctx == NULL) {
2920 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2922 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2924 TALLOC_FREE(lp_ctx);
2929 /***************************************************************************
2930 Display the contents of a single copy structure.
2931 ***************************************************************************/
2932 static void dump_copy_map(bool *pcopymap)
2938 printf("\n\tNon-Copied parameters:\n");
2940 for (i = 0; parm_table[i].label; i++)
2941 if (parm_table[i].p_class == P_LOCAL &&
2942 parm_table[i].ptr && !pcopymap[i] &&
2943 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2945 printf("\t\t%s\n", parm_table[i].label);
2950 /***************************************************************************
2951 Return TRUE if the passed service number is within range.
2952 ***************************************************************************/
2954 bool lp_snum_ok(int iService)
2956 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2959 /***************************************************************************
2960 Auto-load some home services.
2961 ***************************************************************************/
2963 static void lp_add_auto_services(const char *str)
2973 s = talloc_strdup(talloc_tos(), str);
2975 smb_panic("talloc_strdup failed");
2979 homes = lp_servicenumber(HOMES_NAME);
2981 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2982 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2985 if (lp_servicenumber(p) >= 0)
2988 home = get_user_home_dir(talloc_tos(), p);
2990 if (home && home[0] && homes >= 0)
2991 lp_add_home(p, homes, p, home);
2998 /***************************************************************************
2999 Auto-load one printer.
3000 ***************************************************************************/
3002 void lp_add_one_printer(const char *name, const char *comment,
3003 const char *location, void *pdata)
3005 int printers = lp_servicenumber(PRINTERS_NAME);
3008 if (lp_servicenumber(name) < 0) {
3009 lp_add_printer(name, printers);
3010 if ((i = lp_servicenumber(name)) >= 0) {
3011 lpcfg_string_set(ServicePtrs[i],
3012 &ServicePtrs[i]->comment, comment);
3013 ServicePtrs[i]->autoloaded = true;
3018 /***************************************************************************
3019 Have we loaded a services file yet?
3020 ***************************************************************************/
3022 bool lp_loaded(void)
3027 /***************************************************************************
3028 Unload unused services.
3029 ***************************************************************************/
3031 void lp_killunused(struct smbd_server_connection *sconn,
3032 bool (*snumused) (struct smbd_server_connection *, int))
3035 for (i = 0; i < iNumServices; i++) {
3039 /* don't kill autoloaded or usershare services */
3040 if ( ServicePtrs[i]->autoloaded ||
3041 ServicePtrs[i]->usershare == USERSHARE_VALID) {
3045 if (!snumused || !snumused(sconn, i)) {
3046 free_service_byindex(i);
3052 * Kill all except autoloaded and usershare services - convenience wrapper
3054 void lp_kill_all_services(void)
3056 lp_killunused(NULL, NULL);
3059 /***************************************************************************
3061 ***************************************************************************/
3063 void lp_killservice(int iServiceIn)
3065 if (VALID(iServiceIn)) {
3066 free_service_byindex(iServiceIn);
3070 /***************************************************************************
3071 Save the curent values of all global and sDefault parameters into the
3072 defaults union. This allows testparm to show only the
3073 changed (ie. non-default) parameters.
3074 ***************************************************************************/
3076 static void lp_save_defaults(void)
3079 struct parmlist_entry * parm;
3080 for (i = 0; parm_table[i].label; i++) {
3081 if (!(flags_list[i] & FLAG_CMDLINE)) {
3082 flags_list[i] |= FLAG_DEFAULT;
3085 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3086 && parm_table[i].p_class == parm_table[i - 1].p_class)
3088 switch (parm_table[i].type) {
3091 parm_table[i].def.lvalue = str_list_copy(
3092 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3098 &parm_table[i].def.svalue,
3099 *(char **)lp_parm_ptr(
3100 NULL, &parm_table[i]));
3101 if (parm_table[i].def.svalue == NULL) {
3102 smb_panic("lpcfg_string_set() failed");
3107 parm_table[i].def.bvalue =
3108 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3111 parm_table[i].def.cvalue =
3112 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3118 parm_table[i].def.ivalue =
3119 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3124 for (parm=Globals.param_opt; parm; parm=parm->next) {
3125 if (!(parm->priority & FLAG_CMDLINE)) {
3126 parm->priority |= FLAG_DEFAULT;
3130 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3131 if (!(parm->priority & FLAG_CMDLINE)) {
3132 parm->priority |= FLAG_DEFAULT;
3136 defaults_saved = true;
3139 /***********************************************************
3140 If we should send plaintext/LANMAN passwords in the clinet
3141 ************************************************************/
3143 static void set_allowed_client_auth(void)
3145 if (Globals.client_ntlmv2_auth) {
3146 Globals.client_lanman_auth = false;
3148 if (!Globals.client_lanman_auth) {
3149 Globals.client_plaintext_auth = false;
3153 /***************************************************************************
3155 The following code allows smbd to read a user defined share file.
3156 Yes, this is my intent. Yes, I'm comfortable with that...
3158 THE FOLLOWING IS SECURITY CRITICAL CODE.
3160 It washes your clothes, it cleans your house, it guards you while you sleep...
3161 Do not f%^k with it....
3162 ***************************************************************************/
3164 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3166 /***************************************************************************
3167 Check allowed stat state of a usershare file.
3168 Ensure we print out who is dicking with us so the admin can
3169 get their sorry ass fired.
3170 ***************************************************************************/
3172 static bool check_usershare_stat(const char *fname,
3173 const SMB_STRUCT_STAT *psbuf)
3175 if (!S_ISREG(psbuf->st_ex_mode)) {
3176 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3177 "not a regular file\n",
3178 fname, (unsigned int)psbuf->st_ex_uid ));
3182 /* Ensure this doesn't have the other write bit set. */
3183 if (psbuf->st_ex_mode & S_IWOTH) {
3184 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3185 "public write. Refusing to allow as a usershare file.\n",
3186 fname, (unsigned int)psbuf->st_ex_uid ));
3190 /* Should be 10k or less. */
3191 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3192 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3193 "too large (%u) to be a user share file.\n",
3194 fname, (unsigned int)psbuf->st_ex_uid,
3195 (unsigned int)psbuf->st_ex_size ));
3202 /***************************************************************************
3203 Parse the contents of a usershare file.
3204 ***************************************************************************/
3206 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3207 SMB_STRUCT_STAT *psbuf,
3208 const char *servicename,
3212 char **pp_sharepath,
3214 char **pp_cp_servicename,
3215 struct security_descriptor **ppsd,
3218 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3219 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3222 SMB_STRUCT_STAT sbuf;
3223 char *sharepath = NULL;
3224 char *comment = NULL;
3226 *pp_sharepath = NULL;
3229 *pallow_guest = false;
3232 return USERSHARE_MALFORMED_FILE;
3235 if (strcmp(lines[0], "#VERSION 1") == 0) {
3237 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3240 return USERSHARE_MALFORMED_FILE;
3243 return USERSHARE_BAD_VERSION;
3246 if (strncmp(lines[1], "path=", 5) != 0) {
3247 return USERSHARE_MALFORMED_PATH;
3250 sharepath = talloc_strdup(ctx, &lines[1][5]);
3252 return USERSHARE_POSIX_ERR;
3254 trim_string(sharepath, " ", " ");
3256 if (strncmp(lines[2], "comment=", 8) != 0) {
3257 return USERSHARE_MALFORMED_COMMENT_DEF;
3260 comment = talloc_strdup(ctx, &lines[2][8]);
3262 return USERSHARE_POSIX_ERR;
3264 trim_string(comment, " ", " ");
3265 trim_char(comment, '"', '"');
3267 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3268 return USERSHARE_MALFORMED_ACL_DEF;
3271 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3272 return USERSHARE_ACL_ERR;
3276 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3277 return USERSHARE_MALFORMED_ACL_DEF;
3279 if (lines[4][9] == 'y') {
3280 *pallow_guest = true;
3283 /* Backwards compatible extension to file version #2. */
3285 if (strncmp(lines[5], "sharename=", 10) != 0) {
3286 return USERSHARE_MALFORMED_SHARENAME_DEF;
3288 if (!strequal(&lines[5][10], servicename)) {
3289 return USERSHARE_BAD_SHARENAME;
3291 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3292 if (!*pp_cp_servicename) {
3293 return USERSHARE_POSIX_ERR;
3298 if (*pp_cp_servicename == NULL) {
3299 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3300 if (!*pp_cp_servicename) {
3301 return USERSHARE_POSIX_ERR;
3305 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3306 /* Path didn't change, no checks needed. */
3307 *pp_sharepath = sharepath;
3308 *pp_comment = comment;
3309 return USERSHARE_OK;
3312 /* The path *must* be absolute. */
3313 if (sharepath[0] != '/') {
3314 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3315 servicename, sharepath));
3316 return USERSHARE_PATH_NOT_ABSOLUTE;
3319 /* If there is a usershare prefix deny list ensure one of these paths
3320 doesn't match the start of the user given path. */
3321 if (prefixdenylist) {
3323 for ( i=0; prefixdenylist[i]; i++ ) {
3324 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3325 servicename, i, prefixdenylist[i], sharepath ));
3326 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3327 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3328 "usershare prefix deny list entries.\n",
3329 servicename, sharepath));
3330 return USERSHARE_PATH_IS_DENIED;
3335 /* If there is a usershare prefix allow list ensure one of these paths
3336 does match the start of the user given path. */
3338 if (prefixallowlist) {
3340 for ( i=0; prefixallowlist[i]; i++ ) {
3341 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3342 servicename, i, prefixallowlist[i], sharepath ));
3343 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3347 if (prefixallowlist[i] == NULL) {
3348 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3349 "usershare prefix allow list entries.\n",
3350 servicename, sharepath));
3351 return USERSHARE_PATH_NOT_ALLOWED;
3355 /* Ensure this is pointing to a directory. */
3356 dp = opendir(sharepath);
3359 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3360 servicename, sharepath));
3361 return USERSHARE_PATH_NOT_DIRECTORY;
3364 /* Ensure the owner of the usershare file has permission to share
3367 if (sys_stat(sharepath, &sbuf, false) == -1) {
3368 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3369 servicename, sharepath, strerror(errno) ));
3371 return USERSHARE_POSIX_ERR;
3376 if (!S_ISDIR(sbuf.st_ex_mode)) {
3377 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3378 servicename, sharepath ));
3379 return USERSHARE_PATH_NOT_DIRECTORY;
3382 /* Check if sharing is restricted to owner-only. */
3383 /* psbuf is the stat of the usershare definition file,
3384 sbuf is the stat of the target directory to be shared. */
3386 if (lp_usershare_owner_only()) {
3387 /* root can share anything. */
3388 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3389 return USERSHARE_PATH_NOT_ALLOWED;
3393 *pp_sharepath = sharepath;
3394 *pp_comment = comment;
3395 return USERSHARE_OK;
3398 /***************************************************************************
3399 Deal with a usershare file.
3402 -1 - Bad name, invalid contents.
3403 - service name already existed and not a usershare, problem
3404 with permissions to share directory etc.
3405 ***************************************************************************/
3407 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3409 SMB_STRUCT_STAT sbuf;
3410 SMB_STRUCT_STAT lsbuf;
3412 char *sharepath = NULL;
3413 char *comment = NULL;
3414 char *cp_service_name = NULL;
3415 char **lines = NULL;
3419 TALLOC_CTX *ctx = talloc_stackframe();
3420 struct security_descriptor *psd = NULL;
3421 bool guest_ok = false;
3422 char *canon_name = NULL;
3423 bool added_service = false;
3427 /* Ensure share name doesn't contain invalid characters. */
3428 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3429 DEBUG(0,("process_usershare_file: share name %s contains "
3430 "invalid characters (any of %s)\n",
3431 file_name, INVALID_SHARENAME_CHARS ));
3435 canon_name = canonicalize_servicename(ctx, file_name);
3440 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3445 /* Minimize the race condition by doing an lstat before we
3446 open and fstat. Ensure this isn't a symlink link. */
3448 if (sys_lstat(fname, &lsbuf, false) != 0) {
3449 if (errno == ENOENT) {
3450 /* Unknown share requested. Just ignore. */
3453 /* Only log messages for meaningful problems. */
3454 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3455 fname, strerror(errno) ));
3459 /* This must be a regular file, not a symlink, directory or
3460 other strange filetype. */
3461 if (!check_usershare_stat(fname, &lsbuf)) {
3468 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3473 if (NT_STATUS_IS_OK(status) &&
3474 (data.dptr != NULL) &&
3475 (data.dsize == sizeof(iService))) {
3476 memcpy(&iService, data.dptr, sizeof(iService));
3480 if (iService != -1 &&
3481 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3482 &lsbuf.st_ex_mtime) == 0) {
3483 /* Nothing changed - Mark valid and return. */
3484 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3486 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3491 /* Try and open the file read only - no symlinks allowed. */
3493 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3495 fd = open(fname, O_RDONLY, 0);
3499 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3500 fname, strerror(errno) ));
3504 /* Now fstat to be *SURE* it's a regular file. */
3505 if (sys_fstat(fd, &sbuf, false) != 0) {
3507 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3508 fname, strerror(errno) ));
3512 /* Is it the same dev/inode as was lstated ? */
3513 if (!check_same_stat(&lsbuf, &sbuf)) {
3515 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3516 "Symlink spoofing going on ?\n", fname ));
3520 /* This must be a regular file, not a symlink, directory or
3521 other strange filetype. */
3522 if (!check_usershare_stat(fname, &sbuf)) {
3527 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3530 if (lines == NULL) {
3531 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3532 fname, (unsigned int)sbuf.st_ex_uid ));
3536 if (parse_usershare_file(ctx, &sbuf, file_name,
3537 iService, lines, numlines, &sharepath,
3538 &comment, &cp_service_name,
3539 &psd, &guest_ok) != USERSHARE_OK) {
3543 /* Everything ok - add the service possibly using a template. */
3545 const struct loadparm_service *sp = &sDefault;
3546 if (snum_template != -1) {
3547 sp = ServicePtrs[snum_template];
3550 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3551 DEBUG(0, ("process_usershare_file: Failed to add "
3552 "new service %s\n", cp_service_name));
3556 added_service = true;
3558 /* Read only is controlled by usershare ACL below. */
3559 ServicePtrs[iService]->read_only = false;
3562 /* Write the ACL of the new/modified share. */
3563 status = set_share_security(canon_name, psd);
3564 if (!NT_STATUS_IS_OK(status)) {
3565 DEBUG(0, ("process_usershare_file: Failed to set share "
3566 "security for user share %s\n",
3571 /* If from a template it may be marked invalid. */
3572 ServicePtrs[iService]->valid = true;
3574 /* Set the service as a valid usershare. */
3575 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3577 /* Set guest access. */
3578 if (lp_usershare_allow_guests()) {
3579 ServicePtrs[iService]->guest_ok = guest_ok;
3582 /* And note when it was loaded. */
3583 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3584 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3586 lpcfg_string_set(ServicePtrs[iService],
3587 &ServicePtrs[iService]->comment, comment);
3593 if (ret == -1 && iService != -1 && added_service) {
3594 lp_remove_service(iService);
3602 /***************************************************************************
3603 Checks if a usershare entry has been modified since last load.
3604 ***************************************************************************/
3606 static bool usershare_exists(int iService, struct timespec *last_mod)
3608 SMB_STRUCT_STAT lsbuf;
3609 const char *usersharepath = Globals.usershare_path;
3612 fname = talloc_asprintf(talloc_tos(),
3615 ServicePtrs[iService]->szService);
3616 if (fname == NULL) {
3620 if (sys_lstat(fname, &lsbuf, false) != 0) {
3625 if (!S_ISREG(lsbuf.st_ex_mode)) {
3631 *last_mod = lsbuf.st_ex_mtime;
3635 static bool usershare_directory_is_root(uid_t uid)
3641 if (uid_wrapper_enabled()) {
3648 /***************************************************************************
3649 Load a usershare service by name. Returns a valid servicenumber or -1.
3650 ***************************************************************************/
3652 int load_usershare_service(const char *servicename)
3654 SMB_STRUCT_STAT sbuf;
3655 const char *usersharepath = Globals.usershare_path;
3656 int max_user_shares = Globals.usershare_max_shares;
3657 int snum_template = -1;
3659 if (servicename[0] == '\0') {
3660 /* Invalid service name. */
3664 if (*usersharepath == 0 || max_user_shares == 0) {
3668 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3669 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3670 usersharepath, strerror(errno) ));
3674 if (!S_ISDIR(sbuf.st_ex_mode)) {
3675 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3681 * This directory must be owned by root, and have the 't' bit set.
3682 * It also must not be writable by "other".
3686 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3687 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3689 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3690 (sbuf.st_ex_mode & S_IWOTH)) {
3692 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3693 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3698 /* Ensure the template share exists if it's set. */
3699 if (Globals.usershare_template_share[0]) {
3700 /* We can't use lp_servicenumber here as we are recommending that
3701 template shares have -valid=false set. */
3702 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3703 if (ServicePtrs[snum_template]->szService &&
3704 strequal(ServicePtrs[snum_template]->szService,
3705 Globals.usershare_template_share)) {
3710 if (snum_template == -1) {
3711 DEBUG(0,("load_usershare_service: usershare template share %s "
3712 "does not exist.\n",
3713 Globals.usershare_template_share ));
3718 return process_usershare_file(usersharepath, servicename, snum_template);
3721 /***************************************************************************
3722 Load all user defined shares from the user share directory.
3723 We only do this if we're enumerating the share list.
3724 This is the function that can delete usershares that have
3726 ***************************************************************************/
3728 int load_usershare_shares(struct smbd_server_connection *sconn,
3729 bool (*snumused) (struct smbd_server_connection *, int))
3732 SMB_STRUCT_STAT sbuf;
3734 int num_usershares = 0;
3735 int max_user_shares = Globals.usershare_max_shares;
3736 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3737 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3738 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3740 int snum_template = -1;
3741 const char *usersharepath = Globals.usershare_path;
3742 int ret = lp_numservices();
3743 TALLOC_CTX *tmp_ctx;
3745 if (max_user_shares == 0 || *usersharepath == '\0') {
3746 return lp_numservices();
3749 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3750 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3751 usersharepath, strerror(errno) ));
3756 * This directory must be owned by root, and have the 't' bit set.
3757 * It also must not be writable by "other".
3761 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3763 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3765 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3766 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3771 /* Ensure the template share exists if it's set. */
3772 if (Globals.usershare_template_share[0]) {
3773 /* We can't use lp_servicenumber here as we are recommending that
3774 template shares have -valid=false set. */
3775 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3776 if (ServicePtrs[snum_template]->szService &&
3777 strequal(ServicePtrs[snum_template]->szService,
3778 Globals.usershare_template_share)) {
3783 if (snum_template == -1) {
3784 DEBUG(0,("load_usershare_shares: usershare template share %s "
3785 "does not exist.\n",
3786 Globals.usershare_template_share ));
3791 /* Mark all existing usershares as pending delete. */
3792 for (iService = iNumServices - 1; iService >= 0; iService--) {
3793 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3794 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3798 dp = opendir(usersharepath);
3800 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3801 usersharepath, strerror(errno) ));
3805 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3807 num_dir_entries++ ) {
3809 const char *n = de->d_name;
3811 /* Ignore . and .. */
3813 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3819 /* Temporary file used when creating a share. */
3820 num_tmp_dir_entries++;
3823 /* Allow 20% tmp entries. */
3824 if (num_tmp_dir_entries > allowed_tmp_entries) {
3825 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3826 "in directory %s\n",
3827 num_tmp_dir_entries, usersharepath));
3831 r = process_usershare_file(usersharepath, n, snum_template);
3833 /* Update the services count. */
3835 if (num_usershares >= max_user_shares) {
3836 DEBUG(0,("load_usershare_shares: max user shares reached "
3837 "on file %s in directory %s\n",
3838 n, usersharepath ));
3841 } else if (r == -1) {
3842 num_bad_dir_entries++;
3845 /* Allow 20% bad entries. */
3846 if (num_bad_dir_entries > allowed_bad_entries) {
3847 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3848 "in directory %s\n",
3849 num_bad_dir_entries, usersharepath));
3853 /* Allow 20% bad entries. */
3854 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3855 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3856 "in directory %s\n",
3857 num_dir_entries, usersharepath));
3864 /* Sweep through and delete any non-refreshed usershares that are
3865 not currently in use. */
3866 tmp_ctx = talloc_stackframe();
3867 for (iService = iNumServices - 1; iService >= 0; iService--) {
3868 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3869 const struct loadparm_substitution *lp_sub =
3870 loadparm_s3_global_substitution();
3873 if (snumused && snumused(sconn, iService)) {
3877 servname = lp_servicename(tmp_ctx, lp_sub, iService);
3879 /* Remove from the share ACL db. */
3880 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3882 delete_share_security(servname);
3883 free_service_byindex(iService);
3886 talloc_free(tmp_ctx);
3888 return lp_numservices();
3891 /********************************************************
3892 Destroy global resources allocated in this file
3893 ********************************************************/
3895 void gfree_loadparm(void)
3901 /* Free resources allocated to services */
3903 for ( i = 0; i < iNumServices; i++ ) {
3905 free_service_byindex(i);
3909 TALLOC_FREE( ServicePtrs );
3912 /* Now release all resources allocated to global
3913 parameters and the default service */
3915 free_global_parameters();
3919 /***************************************************************************
3920 Allow client apps to specify that they are a client
3921 ***************************************************************************/
3922 static void lp_set_in_client(bool b)
3928 /***************************************************************************
3929 Determine if we're running in a client app
3930 ***************************************************************************/
3931 static bool lp_is_in_client(void)
3936 static void lp_enforce_ad_dc_settings(void)
3938 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3939 lp_do_parameter(GLOBAL_SECTION_SNUM,
3940 "winbindd:use external pipes", "true");
3941 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3942 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3943 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3944 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3945 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3946 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3947 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3948 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3949 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3952 /***************************************************************************
3953 Load the services array from the services file. Return true on success,
3955 ***************************************************************************/
3957 static bool lp_load_ex(const char *pszFname,
3961 bool reinit_globals,
3962 bool allow_include_registry,
3963 bool load_all_shares)
3967 TALLOC_CTX *frame = talloc_stackframe();
3968 struct loadparm_context *lp_ctx;
3969 int max_protocol, min_protocol;
3971 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3973 bInGlobalSection = true;
3974 bGlobalOnly = global_only;
3975 bAllowIncludeRegistry = allow_include_registry;
3976 sDefault = _sDefault;
3978 lp_ctx = setup_lp_context(talloc_tos());
3980 init_globals(lp_ctx, reinit_globals);
3984 if (save_defaults) {
3989 if (!reinit_globals) {
3990 free_param_opts(&Globals.param_opt);
3991 apply_lp_set_cmdline();
3994 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3996 /* We get sections first, so have to start 'behind' to make up */
3999 if (lp_config_backend_is_file()) {
4000 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
4001 current_user_info.domain,
4004 smb_panic("lp_load_ex: out of memory");
4007 add_to_file_list(NULL, &file_lists, pszFname, n2);
4009 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
4012 /* finish up the last section */
4013 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
4015 if (iServiceIndex >= 0) {
4016 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
4020 if (lp_config_backend_is_registry()) {
4022 /* config backend changed to registry in config file */
4024 * We need to use this extra global variable here to
4025 * survive restart: init_globals uses this as a default
4026 * for config_backend. Otherwise, init_globals would
4027 * send us into an endless loop here.
4030 config_backend = CONFIG_BACKEND_REGISTRY;
4032 DEBUG(1, ("lp_load_ex: changing to config backend "
4034 init_globals(lp_ctx, true);
4036 TALLOC_FREE(lp_ctx);
4038 lp_kill_all_services();
4039 ok = lp_load_ex(pszFname, global_only, save_defaults,
4040 add_ipc, reinit_globals,
4041 allow_include_registry,
4046 } else if (lp_config_backend_is_registry()) {
4047 bRetval = process_registry_globals();
4049 DEBUG(0, ("Illegal config backend given: %d\n",
4050 lp_config_backend()));
4054 if (bRetval && lp_registry_shares()) {
4055 if (load_all_shares) {
4056 bRetval = process_registry_shares();
4058 bRetval = reload_registry_shares();
4063 const struct loadparm_substitution *lp_sub =
4064 loadparm_s3_global_substitution();
4065 char *serv = lp_auto_services(talloc_tos(), lp_sub);
4066 lp_add_auto_services(serv);
4071 /* When 'restrict anonymous = 2' guest connections to ipc$
4073 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
4074 if ( lp_enable_asu_support() ) {
4075 lp_add_ipc("ADMIN$", false);
4079 set_allowed_client_auth();
4081 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
4082 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
4083 lp_password_server()));
4088 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4089 /* if we_are_a_wins_server is true and we are in the client */
4090 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4091 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4096 fault_configure(smb_panic_s3);
4099 * We run this check once the whole smb.conf is parsed, to
4100 * force some settings for the standard way a AD DC is
4101 * operated. We may change these as our code evolves, which
4102 * is why we force these settings.
4104 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4105 lp_enforce_ad_dc_settings();
4108 bAllowIncludeRegistry = true;
4110 /* Check if command line max protocol < min protocol, if so
4111 * report a warning to the user.
4113 max_protocol = lp_client_max_protocol();
4114 min_protocol = lp_client_min_protocol();
4115 if (max_protocol < min_protocol) {
4116 const char *max_protocolp, *min_protocolp;
4117 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4118 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4119 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4120 max_protocolp, min_protocolp);
4127 static bool lp_load(const char *pszFname,
4131 bool reinit_globals)
4133 return lp_load_ex(pszFname,
4138 true, /* allow_include_registry */
4139 false); /* load_all_shares*/
4142 bool lp_load_initial_only(const char *pszFname)
4144 return lp_load_ex(pszFname,
4145 true, /* global only */
4146 true, /* save_defaults */
4147 false, /* add_ipc */
4148 true, /* reinit_globals */
4149 false, /* allow_include_registry */
4150 false); /* load_all_shares*/
4154 * most common lp_load wrapper, loading only the globals
4156 * If this is used in a daemon or client utility it should be called
4157 * after processing popt.
4159 bool lp_load_global(const char *file_name)
4161 return lp_load(file_name,
4162 true, /* global_only */
4163 false, /* save_defaults */
4164 false, /* add_ipc */
4165 true); /* reinit_globals */
4169 * The typical lp_load wrapper with shares, loads global and
4170 * shares, including IPC, but does not force immediate
4171 * loading of all shares from registry.
4173 bool lp_load_with_shares(const char *file_name)
4175 return lp_load(file_name,
4176 false, /* global_only */
4177 false, /* save_defaults */
4179 true); /* reinit_globals */
4183 * lp_load wrapper, especially for clients
4185 bool lp_load_client(const char *file_name)
4187 lp_set_in_client(true);
4189 return lp_load_global(file_name);
4193 * lp_load wrapper, loading only globals, but intended
4194 * for subsequent calls, not reinitializing the globals
4197 bool lp_load_global_no_reinit(const char *file_name)
4199 return lp_load(file_name,
4200 true, /* global_only */
4201 false, /* save_defaults */
4202 false, /* add_ipc */
4203 false); /* reinit_globals */
4207 * lp_load wrapper, loading globals and shares,
4208 * intended for subsequent calls, i.e. not reinitializing
4209 * the globals to default values.
4211 bool lp_load_no_reinit(const char *file_name)
4213 return lp_load(file_name,
4214 false, /* global_only */
4215 false, /* save_defaults */
4216 false, /* add_ipc */
4217 false); /* reinit_globals */
4222 * lp_load wrapper, especially for clients, no reinitialization
4224 bool lp_load_client_no_reinit(const char *file_name)
4226 lp_set_in_client(true);
4228 return lp_load_global_no_reinit(file_name);
4231 bool lp_load_with_registry_shares(const char *pszFname)
4233 return lp_load_ex(pszFname,
4234 false, /* global_only */
4235 true, /* save_defaults */
4236 false, /* add_ipc */
4237 true, /* reinit_globals */
4238 true, /* allow_include_registry */
4239 true); /* load_all_shares*/
4242 /***************************************************************************
4243 Return the max number of services.
4244 ***************************************************************************/
4246 int lp_numservices(void)
4248 return (iNumServices);
4251 /***************************************************************************
4252 Display the contents of the services array in human-readable form.
4253 ***************************************************************************/
4255 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4258 struct loadparm_context *lp_ctx;
4261 defaults_saved = false;
4263 lp_ctx = setup_lp_context(talloc_tos());
4264 if (lp_ctx == NULL) {
4268 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4270 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4272 for (iService = 0; iService < maxtoprint; iService++) {
4274 lp_dump_one(f, show_defaults, iService);
4276 TALLOC_FREE(lp_ctx);
4279 /***************************************************************************
4280 Display the contents of one service in human-readable form.
4281 ***************************************************************************/
4283 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4286 if (ServicePtrs[snum]->szService[0] == '\0')
4288 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4289 flags_list, show_defaults);
4293 /***************************************************************************
4294 Return the number of the service with the given name, or -1 if it doesn't
4295 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4296 getservicebyname()! This works ONLY if all services have been loaded, and
4297 does not copy the found service.
4298 ***************************************************************************/
4300 int lp_servicenumber(const char *pszServiceName)
4303 fstring serviceName;
4305 if (!pszServiceName) {
4306 return GLOBAL_SECTION_SNUM;
4309 for (iService = iNumServices - 1; iService >= 0; iService--) {
4310 if (VALID(iService) && ServicePtrs[iService]->szService) {
4312 * The substitution here is used to support %U in
4315 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4316 standard_sub_basic(get_current_username(),
4317 current_user_info.domain,
4318 serviceName,sizeof(serviceName));
4319 if (strequal(serviceName, pszServiceName)) {
4325 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4326 struct timespec last_mod;
4328 if (!usershare_exists(iService, &last_mod)) {
4329 /* Remove the share security tdb entry for it. */
4330 delete_share_security(lp_const_servicename(iService));
4331 /* Remove it from the array. */
4332 free_service_byindex(iService);
4333 /* Doesn't exist anymore. */
4334 return GLOBAL_SECTION_SNUM;
4337 /* Has it been modified ? If so delete and reload. */
4338 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4340 /* Remove it from the array. */
4341 free_service_byindex(iService);
4342 /* and now reload it. */
4343 iService = load_usershare_service(pszServiceName);
4348 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4349 return GLOBAL_SECTION_SNUM;
4355 /*******************************************************************
4356 A useful volume label function.
4357 ********************************************************************/
4359 const char *volume_label(TALLOC_CTX *ctx, int snum)
4361 const struct loadparm_substitution *lp_sub =
4362 loadparm_s3_global_substitution();
4364 const char *label = lp_volume(ctx, lp_sub, snum);
4368 label = lp_servicename(ctx, lp_sub, snum);
4372 * Volume label can be a max of 32 bytes. Make sure to truncate
4373 * it at a codepoint boundary if it's longer than 32 and contains
4374 * multibyte characters. Windows insists on a volume label being
4375 * a valid mb sequence, and errors out if not.
4377 if (strlen(label) > 32) {
4379 * A MB char can be a max of 5 bytes, thus
4380 * we should have a valid mb character at a
4381 * minimum position of (32-5) = 27.
4385 * Check if a codepoint starting from next byte
4386 * is valid. If yes, then the current byte is the
4387 * end of a MB or ascii sequence and the label can
4388 * be safely truncated here. If not, keep going
4389 * backwards till a valid codepoint is found.
4392 const char *s = &label[end];
4393 codepoint_t c = next_codepoint(s, &len);
4394 if (c != INVALID_CODEPOINT) {
4401 /* This returns a max of 33 byte guarenteed null terminated string. */
4402 ret = talloc_strndup(ctx, label, end);
4409 /*******************************************************************
4410 Get the default server type we will announce as via nmbd.
4411 ********************************************************************/
4413 int lp_default_server_announce(void)
4415 int default_server_announce = 0;
4416 default_server_announce |= SV_TYPE_WORKSTATION;
4417 default_server_announce |= SV_TYPE_SERVER;
4418 default_server_announce |= SV_TYPE_SERVER_UNIX;
4420 /* note that the flag should be set only if we have a
4421 printer service but nmbd doesn't actually load the
4422 services so we can't tell --jerry */
4424 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4426 default_server_announce |= SV_TYPE_SERVER_NT;
4427 default_server_announce |= SV_TYPE_NT;
4429 switch (lp_server_role()) {
4430 case ROLE_DOMAIN_MEMBER:
4431 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4433 case ROLE_DOMAIN_PDC:
4435 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4437 case ROLE_DOMAIN_BDC:
4438 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4440 case ROLE_STANDALONE:
4444 if (lp_time_server())
4445 default_server_announce |= SV_TYPE_TIME_SOURCE;
4447 if (lp_host_msdfs())
4448 default_server_announce |= SV_TYPE_DFS_SERVER;
4450 return default_server_announce;
4453 /***********************************************************
4454 If we are PDC then prefer us as DMB
4455 ************************************************************/
4457 bool lp_domain_master(void)
4459 if (Globals._domain_master == Auto)
4460 return (lp_server_role() == ROLE_DOMAIN_PDC ||
4461 lp_server_role() == ROLE_IPA_DC);
4463 return (bool)Globals._domain_master;
4466 /***********************************************************
4467 If we are PDC then prefer us as DMB
4468 ************************************************************/
4470 static bool lp_domain_master_true_or_auto(void)
4472 if (Globals._domain_master) /* auto or yes */
4478 /***********************************************************
4479 If we are DMB then prefer us as LMB
4480 ************************************************************/
4482 bool lp_preferred_master(void)
4484 int preferred_master = lp__preferred_master();
4486 if (preferred_master == Auto)
4487 return (lp_local_master() && lp_domain_master());
4489 return (bool)preferred_master;
4492 /*******************************************************************
4494 ********************************************************************/
4496 void lp_remove_service(int snum)
4498 ServicePtrs[snum]->valid = false;
4501 const char *lp_printername(TALLOC_CTX *ctx,
4502 const struct loadparm_substitution *lp_sub,
4505 const char *ret = lp__printername(ctx, lp_sub, snum);
4507 if (ret == NULL || *ret == '\0') {
4508 ret = lp_const_servicename(snum);
4515 /***********************************************************
4516 Allow daemons such as winbindd to fix their logfile name.
4517 ************************************************************/
4519 void lp_set_logfile(const char *name)
4521 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4522 debug_set_logfile(name);
4525 /*******************************************************************
4526 Return the max print jobs per queue.
4527 ********************************************************************/
4529 int lp_maxprintjobs(int snum)
4531 int maxjobs = lp_max_print_jobs(snum);
4533 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4534 maxjobs = PRINT_MAX_JOBID - 1;
4539 const char *lp_printcapname(void)
4541 const char *printcap_name = lp_printcap_name();
4543 if ((printcap_name != NULL) &&
4544 (printcap_name[0] != '\0'))
4545 return printcap_name;
4547 if (sDefault.printing == PRINT_CUPS) {
4551 if (sDefault.printing == PRINT_BSD)
4552 return "/etc/printcap";
4554 return PRINTCAP_NAME;
4557 static uint32_t spoolss_state;
4559 bool lp_disable_spoolss( void )
4561 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4562 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4564 return spoolss_state == SVCCTL_STOPPED ? true : false;
4567 void lp_set_spoolss_state( uint32_t state )
4569 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4571 spoolss_state = state;
4574 uint32_t lp_get_spoolss_state( void )
4576 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4579 /*******************************************************************
4580 Turn off sendfile if we find the underlying OS doesn't support it.
4581 ********************************************************************/
4583 void set_use_sendfile(int snum, bool val)
4585 if (LP_SNUM_OK(snum))
4586 ServicePtrs[snum]->_use_sendfile = val;
4588 sDefault._use_sendfile = val;
4591 void lp_set_mangling_method(const char *new_method)
4593 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4596 /*******************************************************************
4597 Global state for POSIX pathname processing.
4598 ********************************************************************/
4600 static bool posix_pathnames;
4602 bool lp_posix_pathnames(void)
4604 return posix_pathnames;
4607 /*******************************************************************
4608 Change everything needed to ensure POSIX pathname processing (currently
4610 ********************************************************************/
4612 void lp_set_posix_pathnames(void)
4614 posix_pathnames = true;
4617 /*******************************************************************
4618 Global state for POSIX lock processing - CIFS unix extensions.
4619 ********************************************************************/
4621 bool posix_default_lock_was_set;
4622 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4624 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4626 if (posix_default_lock_was_set) {
4627 return posix_cifsx_locktype;
4629 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4630 POSIX_LOCK : WINDOWS_LOCK;
4634 /*******************************************************************
4635 ********************************************************************/
4637 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4639 posix_default_lock_was_set = true;
4640 posix_cifsx_locktype = val;
4643 int lp_min_receive_file_size(void)
4645 int min_receivefile_size = lp_min_receivefile_size();
4647 if (min_receivefile_size < 0) {
4650 return min_receivefile_size;
4653 /*******************************************************************
4654 Safe wide links checks.
4655 This helper function always verify the validity of wide links,
4656 even after a configuration file reload.
4657 ********************************************************************/
4659 void widelinks_warning(int snum)
4661 if (lp_allow_insecure_wide_links()) {
4665 if (lp_wide_links(snum)) {
4666 if (lp_smb1_unix_extensions()) {
4667 DBG_ERR("Share '%s' has wide links and SMB1 unix "
4668 "extensions enabled. "
4669 "These parameters are incompatible. "
4670 "Wide links will be disabled for this share.\n",
4671 lp_const_servicename(snum));
4672 } else if (lp_smb2_unix_extensions()) {
4673 DBG_ERR("Share '%s' has wide links and SMB2 unix "
4674 "extensions enabled. "
4675 "These parameters are incompatible. "
4676 "Wide links will be disabled for this share.\n",
4677 lp_const_servicename(snum));
4682 bool lp_widelinks(int snum)
4684 /* wide links is always incompatible with unix extensions */
4685 if (lp_smb1_unix_extensions() || lp_smb2_unix_extensions()) {
4687 * Unless we have "allow insecure widelinks"
4690 if (!lp_allow_insecure_wide_links()) {
4695 return lp_wide_links(snum);
4698 int lp_server_role(void)
4700 return lp_find_server_role(lp__server_role(),
4702 lp__domain_logons(),
4703 lp_domain_master_true_or_auto());
4706 int lp_security(void)
4708 return lp_find_security(lp__server_role(),
4712 int lp_client_max_protocol(void)
4714 int client_max_protocol = lp__client_max_protocol();
4715 if (client_max_protocol == PROTOCOL_DEFAULT) {
4716 return PROTOCOL_LATEST;
4718 return client_max_protocol;
4721 int lp_client_ipc_min_protocol(void)
4723 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4724 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4725 client_ipc_min_protocol = lp_client_min_protocol();
4727 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4728 return PROTOCOL_NT1;
4730 return client_ipc_min_protocol;
4733 int lp_client_ipc_max_protocol(void)
4735 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4736 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4737 return PROTOCOL_LATEST;
4739 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4740 return PROTOCOL_NT1;
4742 return client_ipc_max_protocol;
4745 int lp_client_ipc_signing(void)
4747 int client_ipc_signing = lp__client_ipc_signing();
4748 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4749 return SMB_SIGNING_REQUIRED;
4751 return client_ipc_signing;
4754 enum credentials_use_kerberos lp_client_use_kerberos(void)
4756 if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
4757 return CRED_USE_KERBEROS_REQUIRED;
4760 return lp__client_use_kerberos();
4764 int lp_rpc_low_port(void)
4766 return Globals.rpc_low_port;
4769 int lp_rpc_high_port(void)
4771 return Globals.rpc_high_port;
4775 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4777 * This also ensures it is disabled if NTLM is totally disabled
4779 bool lp_lanman_auth(void)
4781 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4783 if (ntlm_auth_level == NTLM_AUTH_ON) {
4784 return lp__lanman_auth();
4790 struct loadparm_global * get_globals(void)
4795 unsigned int * get_flags(void)
4797 if (flags_list == NULL) {
4798 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
4804 enum samba_weak_crypto lp_weak_crypto()
4806 if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
4807 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
4809 if (samba_gnutls_weak_crypto_allowed()) {
4810 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
4814 return Globals.weak_crypto;
4817 uint32_t lp_get_async_dns_timeout(void)
4820 * Clamp minimum async dns timeout to 1 second
4821 * as per the man page.
4823 return MAX(Globals.async_dns_timeout, 1);
4826 /* SMB2 POSIX extensions. For now, *always* disabled. */
4827 bool lp_smb2_unix_extensions(void)
git.samba.org / samba.git / blob