libds: moved enum security_types to a common header

[samba.git] / source4 / param / loadparm.c

diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 51d4beb0ae994b77302c1150dafb239c0b199eda..79706b4f09bf3d51561c91a0a0d61c60311d8eaa 100644 (file)
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -11,17 +11,17 @@
    Copyright (C) Jim McDonough (jmcd@us.ibm.com)  2003.
    Copyright (C) James Myers 2003 <myersjj@samba.org>
    Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -40,7 +40,7 @@
  * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
  * 4) If it's a global then initialise it in init_globals. If a local
  *    (ie. service) parameter then initialise it in the sDefault structure
- *  
+ *
  *
  * Notes:
  *   The configuration file is processed sequentially for speed. It is NOT
@@ -54,15 +54,20 @@
 
 #include "includes.h"
 #include "version.h"
-#include "dynconfig.h"
+#include "dynconfig/dynconfig.h"
 #include "system/time.h"
 #include "system/locale.h"
 #include "system/network.h" /* needed for TCP_NODELAY */
 #include "smb_server/smb_server.h"
 #include "libcli/raw/signing.h"
-#include "lib/util/dlinklist.h"
+#include "../lib/util/dlinklist.h"
+#include "../lib/util/parmlist.h"
 #include "param/param.h"
 #include "param/loadparm.h"
+#include "libcli/raw/libcliraw.h"
+#include "rpc_server/common/common.h"
+#include "lib/socket/socket.h"
+#include "auth/gensec/gensec.h"
 
 #define standard_sub_basic talloc_strdup
 
@@ -75,6 +80,7 @@ static bool defaults_saved = false;
 struct loadparm_global
 {
        enum server_role server_role;
+       enum sid_generator sid_generator;
 
        const char **smb_ports;
        char *ncalrpc_dir;
@@ -84,22 +90,22 @@ struct loadparm_global
        char *szLockDir;
        char *szModulesDir;
        char *szPidDir;
-       char *szSetupDir;
        char *szServerString;
        char *szAutoServices;
        char *szPasswdChat;
        char *szShareBackend;
        char *szSAM_URL;
+       char *szIDMAP_URL;
        char *szSECRETS_URL;
        char *szSPOOLSS_URL;
        char *szWINS_CONFIG_URL;
        char *szWINS_URL;
        char *szPrivateDir;
-       const char **jsInclude;
-       char *jsonrpcServicesDir;
        const char **szPasswordServers;
        char *szSocketOptions;
        char *szRealm;
+       char *szRealm_upper;
+       char *szRealm_lower;
        const char **szWINSservers;
        const char **szInterfaces;
        char *szSocketAddress;
@@ -114,11 +120,12 @@ struct loadparm_global
        const char **server_services;
        char *ntptr_providor;
        char *szWinbindSeparator;
+       char *szWinbinddPrivilegedSocketDirectory;
        char *szWinbinddSocketDirectory;
        char *szTemplateShell;
        char *szTemplateHomedir;
        int bWinbindSealedPipes;
-       char *swat_directory;
+       int bIdmapTrustedOnly;
        int tls_enabled;
        char *tls_keyfile;
        char *tls_certfile;
@@ -126,6 +133,7 @@ struct loadparm_global
        char *tls_crlfile;
        char *tls_dhpfile;
        char *logfile;
+       char *loglevel;
        char *panic_action;
        int max_mux;
        int debuglevel;
@@ -149,7 +157,7 @@ struct loadparm_global
        char *socket_options;
        int bWINSsupport;
        int bWINSdnsProxy;
-       char *szWINSHook; 
+       char *szWINSHook;
        int bLocalMaster;
        int bPreferredMaster;
        int bEncryptPasswords;
@@ -176,12 +184,17 @@ struct loadparm_global
        int bUnixExtensions;
        int bDisableNetbios;
        int bRpcBigEndian;
-       struct param_opt *param_opt;
+       char *szNTPSignDSocketDirectory;
+       const char **szRNDCCommand;
+       const char **szDNSUpdateCommand;
+       const char **szSPNUpdateCommand;
+       const char **szNSUpdateCommand;
+       struct parmlist_entry *param_opt;
 };
 
 
 /**
- * This structure describes a single service. 
+ * This structure describes a single service.
  */
 struct loadparm_service
 {
@@ -207,6 +220,7 @@ struct loadparm_service
        int bMap_hidden;
        int bMap_archive;
        int bStrictLocking;
+       int bOplocks;
        int iCreate_mask;
        int iCreate_force_mode;
        int iDir_mask;
@@ -215,54 +229,21 @@ struct loadparm_service
        int bMSDfsRoot;
        int bStrictSync;
        int bCIFileSystem;
-       struct param_opt *param_opt;
+       struct parmlist_entry *param_opt;
 
        char dummy[3];          /* for alignment */
 };
 
 
-/* This is a default service used to prime a services structure */
-struct loadparm_service sDefault = {
-       .szService = NULL,
-       .szPath = NULL,
-       .szCopy = NULL,
-       .szInclude = NULL,
-       .szPrintername = NULL,                  
-       .szHostsallow = NULL,                   
-       .szHostsdeny = NULL,                    
-       .comment = NULL,                        
-       .volume = NULL,                 
-       .fstype = NULL,                 
-       .ntvfs_handler = NULL,                   
-       .iMaxPrintJobs = 1000,                  
-       .iMaxConnections = 0,                   
-       .iCSCPolicy = 0,                        
-       .bAvailable = true,                     
-       .bBrowseable = true,                    
-       .bRead_only = true,                     
-       .bPrint_ok = false,                     
-       .bMap_system = false,                   
-       .bMap_hidden = false,                   
-       .bMap_archive = true,                   
-       .bStrictLocking = true,                 
-       .iCreate_mask = 0744,                   
-       .iCreate_force_mode = 0000,
-       .iDir_mask = 0755,                      
-       .iDir_force_mode = 0000,                        
-       .copymap = NULL,
-       .bMSDfsRoot = false,
-       .bStrictSync = false,
-       .bCIFileSystem = false,
-};
-
-struct loadparm_context *global_loadparm = NULL;
-
 #define NUMPARAMETERS (sizeof(parm_table) / sizeof(struct parm_struct))
 
+
 /* prototypes for the special type handlers */
-static bool handle_include(struct loadparm_context *lp_ctx, 
+static bool handle_include(struct loadparm_context *lp_ctx,
                           const char *pszParmValue, char **ptr);
-static bool handle_copy(struct loadparm_context *lp_ctx, 
+static bool handle_realm(struct loadparm_context *lp_ctx,
+                        const char *pszParmValue, char **ptr);
+static bool handle_copy(struct loadparm_context *lp_ctx,
                        const char *pszParmValue, char **ptr);
 static bool handle_debuglevel(struct loadparm_context *lp_ctx,
                              const char *pszParmValue, char **ptr);
@@ -283,6 +264,7 @@ static const struct enum_list enum_protocol[] = {
 static const struct enum_list enum_security[] = {
        {SEC_SHARE, "SHARE"},
        {SEC_USER, "USER"},
+       {SEC_ADS, "ADS"},
        {-1, NULL}
 };
 
@@ -307,9 +289,9 @@ static const struct enum_list enum_bool_auto[] = {
 };
 
 /* Client-side offline caching policy types */
-enum csc_policy { 
-       CSC_POLICY_MANUAL=0, 
-       CSC_POLICY_DOCUMENTS=1, 
+enum csc_policy {
+       CSC_POLICY_MANUAL=0,
+       CSC_POLICY_DOCUMENTS=1,
        CSC_POLICY_PROGRAMS=2,
        CSC_POLICY_DISABLE=3
 };
@@ -346,16 +328,24 @@ static const struct enum_list enum_smb_signing_vals[] = {
 static const struct enum_list enum_server_role[] = {
        {ROLE_STANDALONE, "standalone"},
        {ROLE_DOMAIN_MEMBER, "member server"},
+       {ROLE_DOMAIN_MEMBER, "member"},
        {ROLE_DOMAIN_CONTROLLER, "domain controller"},
+       {ROLE_DOMAIN_CONTROLLER, "dc"},
        {-1, NULL}
 };
 
+static const struct enum_list enum_sid_generator[] = {
+       {SID_GENERATOR_INTERNAL, "internal"},
+       {SID_GENERATOR_BACKEND, "backend"},
+       {-1, NULL}
+};
 
 #define GLOBAL_VAR(name) offsetof(struct loadparm_global, name)
 #define LOCAL_VAR(name) offsetof(struct loadparm_service, name)
 
 static struct parm_struct parm_table[] = {
        {"server role", P_ENUM, P_GLOBAL, GLOBAL_VAR(server_role), NULL, enum_server_role},
+       {"sid generator", P_ENUM, P_GLOBAL, GLOBAL_VAR(sid_generator), NULL, enum_sid_generator},
 
        {"dos charset", P_STRING, P_GLOBAL, GLOBAL_VAR(dos_charset), NULL, NULL},
        {"unix charset", P_STRING, P_GLOBAL, GLOBAL_VAR(unix_charset), NULL, NULL},
@@ -365,7 +355,7 @@ static struct parm_struct parm_table[] = {
        {"path", P_STRING, P_LOCAL, LOCAL_VAR(szPath), NULL, NULL},
        {"directory", P_STRING, P_LOCAL, LOCAL_VAR(szPath), NULL, NULL},
        {"workgroup", P_USTRING, P_GLOBAL, GLOBAL_VAR(szWorkgroup), NULL, NULL},
-       {"realm", P_STRING, P_GLOBAL, GLOBAL_VAR(szRealm), NULL, NULL},
+       {"realm", P_STRING, P_GLOBAL, GLOBAL_VAR(szRealm), handle_realm, NULL},
        {"netbios name", P_USTRING, P_GLOBAL, GLOBAL_VAR(szNetbiosName), NULL, NULL},
        {"netbios aliases", P_LIST, P_GLOBAL, GLOBAL_VAR(szNetbiosAliases), NULL, NULL},
        {"netbios scope", P_USTRING, P_GLOBAL, GLOBAL_VAR(szNetbiosScope), NULL, NULL},
@@ -383,6 +373,7 @@ static struct parm_struct parm_table[] = {
        {"obey pam restrictions", P_BOOL, P_GLOBAL, GLOBAL_VAR(bObeyPamRestrictions), NULL, NULL},
        {"password server", P_LIST, P_GLOBAL, GLOBAL_VAR(szPasswordServers), NULL, NULL},
        {"sam database", P_STRING, P_GLOBAL, GLOBAL_VAR(szSAM_URL), NULL, NULL},
+       {"idmap database", P_STRING, P_GLOBAL, GLOBAL_VAR(szIDMAP_URL), NULL, NULL},
        {"secrets database", P_STRING, P_GLOBAL, GLOBAL_VAR(szSECRETS_URL), NULL, NULL},
        {"spoolss database", P_STRING, P_GLOBAL, GLOBAL_VAR(szSPOOLSS_URL), NULL, NULL},
        {"wins config database", P_STRING, P_GLOBAL, GLOBAL_VAR(szWINS_CONFIG_URL), NULL, NULL},
@@ -396,21 +387,21 @@ static struct parm_struct parm_table[] = {
        {"client lanman auth", P_BOOL, P_GLOBAL, GLOBAL_VAR(bClientLanManAuth), NULL, NULL},
        {"client plaintext auth", P_BOOL, P_GLOBAL, GLOBAL_VAR(bClientPlaintextAuth), NULL, NULL},
        {"client use spnego principal", P_BOOL, P_GLOBAL, GLOBAL_VAR(client_use_spnego_principal), NULL, NULL},
-       
+
        {"read only", P_BOOL, P_LOCAL, LOCAL_VAR(bRead_only), NULL, NULL},
 
-       {"create mask", P_OCTAL, P_LOCAL, LOCAL_VAR(iCreate_mask), NULL, NULL}, 
+       {"create mask", P_OCTAL, P_LOCAL, LOCAL_VAR(iCreate_mask), NULL, NULL},
        {"force create mode", P_OCTAL, P_LOCAL, LOCAL_VAR(iCreate_force_mode), NULL, NULL}, 
-       {"directory mask", P_OCTAL, P_LOCAL, LOCAL_VAR(iDir_mask), NULL, NULL}, 
+       {"directory mask", P_OCTAL, P_LOCAL, LOCAL_VAR(iDir_mask), NULL, NULL},
        {"force directory mode", P_OCTAL, P_LOCAL, LOCAL_VAR(iDir_force_mode), NULL, NULL}, 
 
        {"hosts allow", P_LIST, P_LOCAL, LOCAL_VAR(szHostsallow), NULL, NULL},
        {"hosts deny", P_LIST, P_LOCAL, LOCAL_VAR(szHostsdeny), NULL, NULL},
 
-       {"log level", P_INTEGER, P_GLOBAL, GLOBAL_VAR(debuglevel), handle_debuglevel, NULL},
-       {"debuglevel", P_INTEGER, P_GLOBAL, GLOBAL_VAR(debuglevel), handle_debuglevel, NULL},
+       {"log level", P_STRING, P_GLOBAL, GLOBAL_VAR(loglevel), handle_debuglevel, NULL},
+       {"debuglevel", P_STRING, P_GLOBAL, GLOBAL_VAR(loglevel), handle_debuglevel, NULL},
        {"log file", P_STRING, P_GLOBAL, GLOBAL_VAR(logfile), handle_logfile, NULL},
-       
+
        {"smb ports", P_LIST, P_GLOBAL, GLOBAL_VAR(smb_ports), NULL, NULL},
        {"nbt port", P_INTEGER, P_GLOBAL, GLOBAL_VAR(nbt_port), NULL, NULL},
        {"dgram port", P_INTEGER, P_GLOBAL, GLOBAL_VAR(dgram_port), NULL, NULL},
@@ -424,7 +415,6 @@ static struct parm_struct parm_table[] = {
        {"tls cafile", P_STRING, P_GLOBAL, GLOBAL_VAR(tls_cafile), NULL, NULL},
        {"tls crlfile", P_STRING, P_GLOBAL, GLOBAL_VAR(tls_crlfile), NULL, NULL},
        {"tls dh params file", P_STRING, P_GLOBAL, GLOBAL_VAR(tls_dhpfile), NULL, NULL},
-       {"swat directory", P_STRING, P_GLOBAL, GLOBAL_VAR(swat_directory), NULL, NULL},
        {"large readwrite", P_BOOL, P_GLOBAL, GLOBAL_VAR(bLargeReadwrite), NULL, NULL},
        {"server max protocol", P_ENUM, P_GLOBAL, GLOBAL_VAR(srv_maxprotocol), NULL, enum_protocol},
        {"server min protocol", P_ENUM, P_GLOBAL, GLOBAL_VAR(srv_minprotocol), NULL, enum_protocol},
@@ -434,7 +424,7 @@ static struct parm_struct parm_table[] = {
        {"read raw", P_BOOL, P_GLOBAL, GLOBAL_VAR(bReadRaw), NULL, NULL},
        {"write raw", P_BOOL, P_GLOBAL, GLOBAL_VAR(bWriteRaw), NULL, NULL},
        {"disable netbios", P_BOOL, P_GLOBAL, GLOBAL_VAR(bDisableNetbios), NULL, NULL},
-       
+
        {"nt status support", P_BOOL, P_GLOBAL, GLOBAL_VAR(bNTStatusSupport), NULL, NULL},
 
        {"announce version", P_STRING, P_GLOBAL, GLOBAL_VAR(szAnnounceVersion), NULL, NULL},
@@ -456,13 +446,13 @@ static struct parm_struct parm_table[] = {
        {"paranoid server security", P_BOOL, P_GLOBAL, GLOBAL_VAR(paranoid_server_security), NULL, NULL},
        {"socket options", P_STRING, P_GLOBAL, GLOBAL_VAR(socket_options), NULL, NULL},
 
-       {"strict sync", P_BOOL, P_LOCAL, LOCAL_VAR(bStrictSync), NULL, NULL}, 
+       {"strict sync", P_BOOL, P_LOCAL, LOCAL_VAR(bStrictSync), NULL, NULL},
        {"case insensitive filesystem", P_BOOL, P_LOCAL, LOCAL_VAR(bCIFileSystem), NULL, NULL}, 
 
        {"max print jobs", P_INTEGER, P_LOCAL, LOCAL_VAR(iMaxPrintJobs), NULL, NULL},
        {"printable", P_BOOL, P_LOCAL, LOCAL_VAR(bPrint_ok), NULL, NULL},
        {"print ok", P_BOOL, P_LOCAL, LOCAL_VAR(bPrint_ok), NULL, NULL},
-       
+
        {"printer name", P_STRING, P_LOCAL, LOCAL_VAR(szPrintername), NULL, NULL},
        {"printer", P_STRING, P_LOCAL, LOCAL_VAR(szPrintername), NULL, NULL},
 
@@ -482,8 +472,9 @@ static struct parm_struct parm_table[] = {
        {"wins hook", P_STRING, P_GLOBAL, GLOBAL_VAR(szWINSHook), NULL, NULL}, 
 
        {"csc policy", P_ENUM, P_LOCAL, LOCAL_VAR(iCSCPolicy), NULL, enum_csc_policy},
-       
+
        {"strict locking", P_BOOL, P_LOCAL, LOCAL_VAR(bStrictLocking), NULL, NULL},
+       {"oplocks", P_BOOL, P_LOCAL, LOCAL_VAR(bOplocks), NULL, NULL},
 
        {"share backend", P_STRING, P_GLOBAL, GLOBAL_VAR(szShareBackend), NULL, NULL},
        {"preload", P_STRING, P_GLOBAL, GLOBAL_VAR(szAutoServices), NULL, NULL},
@@ -492,13 +483,11 @@ static struct parm_struct parm_table[] = {
        {"lock directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szLockDir), NULL, NULL},
        {"modules dir", P_STRING, P_GLOBAL, GLOBAL_VAR(szModulesDir), NULL, NULL},
        {"pid directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szPidDir), NULL, NULL}, 
-       {"js include", P_LIST, P_GLOBAL, GLOBAL_VAR(jsInclude), NULL, NULL},
-       {"setup directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szSetupDir), NULL, NULL},
-       
+
        {"socket address", P_STRING, P_GLOBAL, GLOBAL_VAR(szSocketAddress), NULL, NULL},
        {"copy", P_STRING, P_LOCAL, LOCAL_VAR(szCopy), handle_copy, NULL},
        {"include", P_STRING, P_LOCAL, LOCAL_VAR(szInclude), handle_include, NULL},
-       
+
        {"available", P_BOOL, P_LOCAL, LOCAL_VAR(bAvailable), NULL, NULL},
        {"volume", P_STRING, P_LOCAL, LOCAL_VAR(volume), NULL, NULL },
        {"fstype", P_STRING, P_LOCAL, LOCAL_VAR(fstype), NULL, NULL},
@@ -509,18 +498,29 @@ static struct parm_struct parm_table[] = {
        {"host msdfs", P_BOOL, P_GLOBAL, GLOBAL_VAR(bHostMSDfs), NULL, NULL},
        {"winbind separator", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbindSeparator), NULL, NULL },
        {"winbindd socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddSocketDirectory), NULL, NULL },
+       {"winbindd privileged socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddPrivilegedSocketDirectory), NULL, NULL },
        {"winbind sealed pipes", P_BOOL, P_GLOBAL, GLOBAL_VAR(bWinbindSealedPipes), NULL, NULL },
        {"template shell", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateShell), NULL, NULL },
        {"template homedir", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateHomedir), NULL, NULL },
+       {"idmap trusted only", P_BOOL, P_GLOBAL, GLOBAL_VAR(bIdmapTrustedOnly), NULL, NULL},
+
+       {"ntp signd socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szNTPSignDSocketDirectory), NULL, NULL },
+       {"rndc command", P_CMDLIST, P_GLOBAL, GLOBAL_VAR(szRNDCCommand), NULL, NULL },
+       {"dns update command", P_CMDLIST, P_GLOBAL, GLOBAL_VAR(szDNSUpdateCommand), NULL, NULL },
+       {"spn update command", P_CMDLIST, P_GLOBAL, GLOBAL_VAR(szSPNUpdateCommand), NULL, NULL },
+       {"nsupdate command", P_CMDLIST, P_GLOBAL, GLOBAL_VAR(szNSUpdateCommand), NULL, NULL },
 
        {NULL, P_BOOL, P_NONE, 0, NULL, NULL}
 };
 
+
 /* local variables */
 struct loadparm_context {
        const char *szConfigFile;
        struct loadparm_global *globals;
        struct loadparm_service **services;
+       struct loadparm_service *sDefault;
+       struct smb_iconv_handle *iconv_handle;
        int iNumServices;
        struct loadparm_service *currentService;
        bool bInGlobalSection;
@@ -531,22 +531,27 @@ struct loadparm_context {
                time_t modtime;
        } *file_lists;
        unsigned int flags[NUMPARAMETERS];
-       struct smb_iconv_convenience *iconv_convenience;
+       bool loaded;
+       bool refuse_free;
 };
 
 
+struct loadparm_service *lpcfg_default_service(struct loadparm_context *lp_ctx)
+{
+       return lp_ctx->sDefault;
+}
 
 /*
   return the parameter table
 */
-struct parm_struct *lp_parm_table(void)
+struct parm_struct *lpcfg_parm_table(void)
 {
        return parm_table;
 }
 
 /**
  * Convenience routine to grab string parameters into temporary memory
- * and run standard_sub_basic on them. 
+ * and run standard_sub_basic on them.
  *
  * The buffers can be written to by
  * callers without affecting the source string.
@@ -594,162 +599,175 @@ static const char *lp_string(const char *s)
 }
 
 /*
-   In this section all the functions that are used to access the 
-   parameters from the rest of the program are defined 
+   In this section all the functions that are used to access the
+   parameters from the rest of the program are defined
 */
 
+/*
+ * the creation of separate lpcfg_*() and lp_*() functions is to allow
+ * for code compatibility between existing Samba4 and Samba3 code.
+ */
+
+/* this global context supports the lp_*() function varients */
+static struct loadparm_context *global_loadparm_context;
+
+#define lpcfg_default_service global_loadparm_context->sDefault
+#define lpcfg_global_service(i) global_loadparm_context->services[i]
+
 #define FN_GLOBAL_STRING(fn_name,var_name) \
- const char *fn_name(struct loadparm_context *lp_ctx) {if (lp_ctx == NULL) return NULL; return lp_ctx->globals->var_name ? lp_string(lp_ctx->globals->var_name) : "";}
+ _PUBLIC_ const char *lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) {if (lp_ctx == NULL) return NULL; return lp_ctx->globals->var_name ? lp_string(lp_ctx->globals->var_name) : "";}
+
 #define FN_GLOBAL_CONST_STRING(fn_name,var_name) \
- const char *fn_name(struct loadparm_context *lp_ctx) {if (lp_ctx == NULL) return NULL; return lp_ctx->globals->var_name ? lp_ctx->globals->var_name : "";}
+ _PUBLIC_ const char *lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) {if (lp_ctx == NULL) return NULL; return lp_ctx->globals->var_name ? lp_ctx->globals->var_name : "";}
+
 #define FN_GLOBAL_LIST(fn_name,var_name) \
- const char **fn_name(struct loadparm_context *lp_ctx) {if (lp_ctx == NULL) return NULL; return lp_ctx->globals->var_name;}
+ _PUBLIC_ const char **lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) {if (lp_ctx == NULL) return NULL; return lp_ctx->globals->var_name;}
+
 #define FN_GLOBAL_BOOL(fn_name,var_name) \
- bool fn_name(struct loadparm_context *lp_ctx) {if (lp_ctx == NULL) return false; return lp_ctx->globals->var_name;}
-#if 0 /* unused */
-#define FN_GLOBAL_CHAR(fn_name,ptr) \
- char fn_name(void) {return(*(char *)(ptr));}
-#endif
+ _PUBLIC_ bool lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) {if (lp_ctx == NULL) return false; return lp_ctx->globals->var_name;}
+
 #define FN_GLOBAL_INTEGER(fn_name,var_name) \
- int fn_name(struct loadparm_context *lp_ctx) {return lp_ctx->globals->var_name;}
+ _PUBLIC_ int lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) {return lp_ctx->globals->var_name;}
 
 #define FN_LOCAL_STRING(fn_name,val) \
- const char *fn_name(struct loadparm_service *service) {return(lp_string((const char *)((service != NULL && service->val != NULL) ? service->val : sDefault.val)));}
-#define FN_LOCAL_CONST_STRING(fn_name,val) \
- const char *fn_name(struct loadparm_service *service) {return (const char *)(service != NULL && service->val != NULL) ? service->val : sDefault.val;}
+ _PUBLIC_ const char *lpcfg_ ## fn_name(struct loadparm_service *service, struct loadparm_service *sDefault) {return(lp_string((const char *)((service != NULL && service->val != NULL) ? service->val : sDefault->val)));}
+
 #define FN_LOCAL_LIST(fn_name,val) \
- const char **fn_name(struct loadparm_service *service) {return(const char **)(service != NULL && service->val != NULL? service->val : sDefault.val);}
+ _PUBLIC_ const char **lpcfg_ ## fn_name(struct loadparm_service *service, struct loadparm_service *sDefault) {return(const char **)(service != NULL && service->val != NULL? service->val : sDefault->val);}
+
 #define FN_LOCAL_BOOL(fn_name,val) \
- bool fn_name(struct loadparm_service *service) {return((service != NULL)? service->val : sDefault.val);}
+ _PUBLIC_ bool lpcfg_ ## fn_name(struct loadparm_service *service, struct loadparm_service *sDefault) {return((service != NULL)? service->val : sDefault->val);}
+
 #define FN_LOCAL_INTEGER(fn_name,val) \
- int fn_name(struct loadparm_service *service) {return((service != NULL)? service->val : sDefault.val);}
-
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_server_role, server_role)
-_PUBLIC_ FN_GLOBAL_LIST(lp_smb_ports, smb_ports)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_nbt_port, nbt_port)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_dgram_port, dgram_port)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_cldap_port, cldap_port)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_krb5_port, krb5_port)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_kpasswd_port, kpasswd_port)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_web_port, web_port)
-_PUBLIC_ FN_GLOBAL_STRING(lp_swat_directory, swat_directory)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_tls_enabled, tls_enabled)
-_PUBLIC_ FN_GLOBAL_STRING(lp_tls_keyfile, tls_keyfile)
-_PUBLIC_ FN_GLOBAL_STRING(lp_tls_certfile, tls_certfile)
-_PUBLIC_ FN_GLOBAL_STRING(lp_tls_cafile, tls_cafile)
-_PUBLIC_ FN_GLOBAL_STRING(lp_tls_crlfile, tls_crlfile)
-_PUBLIC_ FN_GLOBAL_STRING(lp_tls_dhpfile, tls_dhpfile)
-_PUBLIC_ FN_GLOBAL_STRING(lp_share_backend, szShareBackend)
-_PUBLIC_ FN_GLOBAL_STRING(lp_sam_url, szSAM_URL)
-_PUBLIC_ FN_GLOBAL_STRING(lp_secrets_url, szSECRETS_URL)
-_PUBLIC_ FN_GLOBAL_STRING(lp_spoolss_url, szSPOOLSS_URL)
-_PUBLIC_ FN_GLOBAL_STRING(lp_wins_config_url, szWINS_CONFIG_URL)
-_PUBLIC_ FN_GLOBAL_STRING(lp_wins_url, szWINS_URL)
-_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbind_separator, szWinbindSeparator)
-_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbindd_socket_directory, szWinbinddSocketDirectory)
-_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_shell, szTemplateShell)
-_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_homedir, szTemplateHomedir)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, bWinbindSealedPipes)
-_PUBLIC_ FN_GLOBAL_STRING(lp_private_dir, szPrivateDir)
-_PUBLIC_ FN_GLOBAL_STRING(lp_serverstring, szServerString)
-_PUBLIC_ FN_GLOBAL_STRING(lp_lockdir, szLockDir)
-_PUBLIC_ FN_GLOBAL_STRING(lp_modulesdir, szModulesDir)
-_PUBLIC_ FN_GLOBAL_STRING(lp_setupdir, szSetupDir)
-_PUBLIC_ FN_GLOBAL_STRING(lp_ncalrpc_dir, ncalrpc_dir)
-_PUBLIC_ FN_GLOBAL_STRING(lp_dos_charset, dos_charset)
-_PUBLIC_ FN_GLOBAL_STRING(lp_unix_charset, unix_charset)
-_PUBLIC_ FN_GLOBAL_STRING(lp_display_charset, display_charset)
-_PUBLIC_ FN_GLOBAL_STRING(lp_piddir, szPidDir)
-_PUBLIC_ FN_GLOBAL_LIST(lp_dcerpc_endpoint_servers, dcerpc_ep_servers)
-_PUBLIC_ FN_GLOBAL_LIST(lp_server_services, server_services)
-_PUBLIC_ FN_GLOBAL_STRING(lp_ntptr_providor, ntptr_providor)
-_PUBLIC_ FN_GLOBAL_STRING(lp_auto_services, szAutoServices)
-_PUBLIC_ FN_GLOBAL_STRING(lp_passwd_chat, szPasswdChat)
-_PUBLIC_ FN_GLOBAL_LIST(lp_passwordserver, szPasswordServers)
-_PUBLIC_ FN_GLOBAL_LIST(lp_name_resolve_order, szNameResolveOrder)
-_PUBLIC_ FN_GLOBAL_STRING(lp_realm, szRealm)
-_PUBLIC_ FN_GLOBAL_STRING(lp_socket_options, socket_options)
-_PUBLIC_ FN_GLOBAL_STRING(lp_workgroup, szWorkgroup)
-_PUBLIC_ FN_GLOBAL_STRING(lp_netbios_name, szNetbiosName)
-_PUBLIC_ FN_GLOBAL_STRING(lp_netbios_scope, szNetbiosScope)
-_PUBLIC_ FN_GLOBAL_LIST(lp_wins_server_list, szWINSservers)
-_PUBLIC_ FN_GLOBAL_LIST(lp_interfaces, szInterfaces)
-_PUBLIC_ FN_GLOBAL_STRING(lp_socket_address, szSocketAddress)
-_PUBLIC_ FN_GLOBAL_LIST(lp_netbios_aliases, szNetbiosAliases)
-
-_PUBLIC_ FN_GLOBAL_BOOL(lp_disable_netbios, bDisableNetbios)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_wins_support, bWINSsupport)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_wins_dns_proxy, bWINSdnsProxy)
-_PUBLIC_ FN_GLOBAL_STRING(lp_wins_hook, szWINSHook)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_local_master, bLocalMaster)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_readraw, bReadRaw)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_large_readwrite, bLargeReadwrite)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_writeraw, bWriteRaw)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_null_passwords, bNullPasswords)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_obey_pam_restrictions, bObeyPamRestrictions)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_encrypted_passwords, bEncryptPasswords)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_time_server, bTimeServer)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_bind_interfaces_only, bBindInterfacesOnly)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_unicode, bUnicode)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_nt_status_support, bNTStatusSupport)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_lanman_auth, bLanmanAuth)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_ntlm_auth, bNTLMAuth)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_client_plaintext_auth, bClientPlaintextAuth)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_client_lanman_auth, bClientLanManAuth)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_client_ntlmv2_auth, bClientNTLMv2Auth)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_client_use_spnego_principal, client_use_spnego_principal)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_host_msdfs, bHostMSDfs)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_unix_extensions, bUnixExtensions)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_use_spnego, bUseSpnego)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_rpc_big_endian, bRpcBigEndian)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_max_wins_ttl, max_wins_ttl)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_min_wins_ttl, min_wins_ttl)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_maxmux, max_mux)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_max_xmit, max_xmit)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_passwordlevel, pwordlevel)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_srv_maxprotocol, srv_maxprotocol)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_srv_minprotocol, srv_minprotocol)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_cli_maxprotocol, cli_maxprotocol)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_cli_minprotocol, cli_minprotocol)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_security, security)
-_PUBLIC_ FN_GLOBAL_BOOL(lp_paranoid_server_security, paranoid_server_security)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_announce_as, announce_as)
-_PUBLIC_ FN_GLOBAL_LIST(lp_js_include, jsInclude)
-_PUBLIC_ FN_LOCAL_STRING(lp_servicename, szService)
-_PUBLIC_ FN_LOCAL_CONST_STRING(lp_const_servicename, szService)
-_PUBLIC_ FN_LOCAL_STRING(lp_pathname, szPath)
-static FN_LOCAL_STRING(_lp_printername, szPrintername)
-_PUBLIC_ FN_LOCAL_LIST(lp_hostsallow, szHostsallow)
-_PUBLIC_ FN_LOCAL_LIST(lp_hostsdeny, szHostsdeny)
-_PUBLIC_ FN_LOCAL_STRING(lp_comment, comment)
-_PUBLIC_ FN_LOCAL_STRING(lp_fstype, fstype)
-static FN_LOCAL_STRING(lp_volume, volume)
-_PUBLIC_ FN_LOCAL_LIST(lp_ntvfs_handler, ntvfs_handler)
-_PUBLIC_ FN_LOCAL_BOOL(lp_msdfs_root, bMSDfsRoot)
-_PUBLIC_ FN_LOCAL_BOOL(lp_browseable, bBrowseable)
-_PUBLIC_ FN_LOCAL_BOOL(lp_readonly, bRead_only)
-_PUBLIC_ FN_LOCAL_BOOL(lp_print_ok, bPrint_ok)
-_PUBLIC_ FN_LOCAL_BOOL(lp_map_hidden, bMap_hidden)
-_PUBLIC_ FN_LOCAL_BOOL(lp_map_archive, bMap_archive)
-_PUBLIC_ FN_LOCAL_BOOL(lp_strict_locking, bStrictLocking)
-_PUBLIC_ FN_LOCAL_BOOL(lp_strict_sync, bStrictSync)
-_PUBLIC_ FN_LOCAL_BOOL(lp_ci_filesystem, bCIFileSystem)
-_PUBLIC_ FN_LOCAL_BOOL(lp_map_system, bMap_system)
-_PUBLIC_ FN_LOCAL_INTEGER(lp_max_connections, iMaxConnections)
-_PUBLIC_ FN_LOCAL_INTEGER(lp_csc_policy, iCSCPolicy)
-_PUBLIC_ FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
-_PUBLIC_ FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
-_PUBLIC_ FN_LOCAL_INTEGER(lp_dir_mask, iDir_mask)
-_PUBLIC_ FN_LOCAL_INTEGER(lp_force_dir_mode, iDir_force_mode)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_server_signing, server_signing)
-_PUBLIC_ FN_GLOBAL_INTEGER(lp_client_signing, client_signing)
+ _PUBLIC_ int lpcfg_ ## fn_name(struct loadparm_service *service, struct loadparm_service *sDefault) {return((service != NULL)? service->val : sDefault->val);}
+
+FN_GLOBAL_INTEGER(server_role, server_role)
+FN_GLOBAL_INTEGER(sid_generator, sid_generator)
+FN_GLOBAL_LIST(smb_ports, smb_ports)
+FN_GLOBAL_INTEGER(nbt_port, nbt_port)
+FN_GLOBAL_INTEGER(dgram_port, dgram_port)
+FN_GLOBAL_INTEGER(cldap_port, cldap_port)
+FN_GLOBAL_INTEGER(krb5_port, krb5_port)
+FN_GLOBAL_INTEGER(kpasswd_port, kpasswd_port)
+FN_GLOBAL_INTEGER(web_port, web_port)
+FN_GLOBAL_BOOL(tls_enabled, tls_enabled)
+FN_GLOBAL_STRING(logfile, logfile)
+FN_GLOBAL_STRING(share_backend, szShareBackend)
+FN_GLOBAL_STRING(sam_url, szSAM_URL)
+FN_GLOBAL_STRING(idmap_url, szIDMAP_URL)
+FN_GLOBAL_STRING(secrets_url, szSECRETS_URL)
+FN_GLOBAL_STRING(spoolss_url, szSPOOLSS_URL)
+FN_GLOBAL_STRING(wins_config_url, szWINS_CONFIG_URL)
+FN_GLOBAL_STRING(wins_url, szWINS_URL)
+FN_GLOBAL_CONST_STRING(winbind_separator, szWinbindSeparator)
+FN_GLOBAL_CONST_STRING(winbindd_socket_directory, szWinbinddSocketDirectory)
+FN_GLOBAL_CONST_STRING(winbindd_privileged_socket_directory, szWinbinddPrivilegedSocketDirectory)
+FN_GLOBAL_CONST_STRING(template_shell, szTemplateShell)
+FN_GLOBAL_CONST_STRING(template_homedir, szTemplateHomedir)
+FN_GLOBAL_BOOL(winbind_sealed_pipes, bWinbindSealedPipes)
+FN_GLOBAL_BOOL(idmap_trusted_only, bIdmapTrustedOnly)
+FN_GLOBAL_STRING(private_dir, szPrivateDir)
+FN_GLOBAL_STRING(serverstring, szServerString)
+FN_GLOBAL_STRING(lockdir, szLockDir)
+FN_GLOBAL_STRING(modulesdir, szModulesDir)
+FN_GLOBAL_STRING(ncalrpc_dir, ncalrpc_dir)
+FN_GLOBAL_STRING(dos_charset, dos_charset)
+FN_GLOBAL_STRING(unix_charset, unix_charset)
+FN_GLOBAL_STRING(display_charset, display_charset)
+FN_GLOBAL_STRING(piddir, szPidDir)
+FN_GLOBAL_LIST(rndc_command, szRNDCCommand)
+FN_GLOBAL_LIST(dns_update_command, szDNSUpdateCommand)
+FN_GLOBAL_LIST(spn_update_command, szSPNUpdateCommand)
+FN_GLOBAL_LIST(nsupdate_command, szNSUpdateCommand)
+FN_GLOBAL_LIST(dcerpc_endpoint_servers, dcerpc_ep_servers)
+FN_GLOBAL_LIST(server_services, server_services)
+FN_GLOBAL_STRING(ntptr_providor, ntptr_providor)
+FN_GLOBAL_STRING(auto_services, szAutoServices)
+FN_GLOBAL_STRING(passwd_chat, szPasswdChat)
+FN_GLOBAL_LIST(passwordserver, szPasswordServers)
+FN_GLOBAL_LIST(name_resolve_order, szNameResolveOrder)
+FN_GLOBAL_STRING(realm, szRealm_upper)
+FN_GLOBAL_STRING(dnsdomain, szRealm_lower)
+FN_GLOBAL_STRING(socket_options, socket_options)
+FN_GLOBAL_STRING(workgroup, szWorkgroup)
+FN_GLOBAL_STRING(netbios_name, szNetbiosName)
+FN_GLOBAL_STRING(netbios_scope, szNetbiosScope)
+FN_GLOBAL_LIST(wins_server_list, szWINSservers)
+FN_GLOBAL_LIST(interfaces, szInterfaces)
+FN_GLOBAL_STRING(socket_address, szSocketAddress)
+FN_GLOBAL_LIST(netbios_aliases, szNetbiosAliases)
+FN_GLOBAL_BOOL(disable_netbios, bDisableNetbios)
+FN_GLOBAL_BOOL(wins_support, bWINSsupport)
+FN_GLOBAL_BOOL(wins_dns_proxy, bWINSdnsProxy)
+FN_GLOBAL_STRING(wins_hook, szWINSHook)
+FN_GLOBAL_BOOL(local_master, bLocalMaster)
+FN_GLOBAL_BOOL(readraw, bReadRaw)
+FN_GLOBAL_BOOL(large_readwrite, bLargeReadwrite)
+FN_GLOBAL_BOOL(writeraw, bWriteRaw)
+FN_GLOBAL_BOOL(null_passwords, bNullPasswords)
+FN_GLOBAL_BOOL(obey_pam_restrictions, bObeyPamRestrictions)
+FN_GLOBAL_BOOL(encrypted_passwords, bEncryptPasswords)
+FN_GLOBAL_BOOL(time_server, bTimeServer)
+FN_GLOBAL_BOOL(bind_interfaces_only, bBindInterfacesOnly)
+FN_GLOBAL_BOOL(unicode, bUnicode)
+FN_GLOBAL_BOOL(nt_status_support, bNTStatusSupport)
+FN_GLOBAL_BOOL(lanman_auth, bLanmanAuth)
+FN_GLOBAL_BOOL(ntlm_auth, bNTLMAuth)
+FN_GLOBAL_BOOL(client_plaintext_auth, bClientPlaintextAuth)
+FN_GLOBAL_BOOL(client_lanman_auth, bClientLanManAuth)
+FN_GLOBAL_BOOL(client_ntlmv2_auth, bClientNTLMv2Auth)
+FN_GLOBAL_BOOL(client_use_spnego_principal, client_use_spnego_principal)
+FN_GLOBAL_BOOL(host_msdfs, bHostMSDfs)
+FN_GLOBAL_BOOL(unix_extensions, bUnixExtensions)
+FN_GLOBAL_BOOL(use_spnego, bUseSpnego)
+FN_GLOBAL_BOOL(rpc_big_endian, bRpcBigEndian)
+FN_GLOBAL_INTEGER(max_wins_ttl, max_wins_ttl)
+FN_GLOBAL_INTEGER(min_wins_ttl, min_wins_ttl)
+FN_GLOBAL_INTEGER(maxmux, max_mux)
+FN_GLOBAL_INTEGER(max_xmit, max_xmit)
+FN_GLOBAL_INTEGER(passwordlevel, pwordlevel)
+FN_GLOBAL_INTEGER(srv_maxprotocol, srv_maxprotocol)
+FN_GLOBAL_INTEGER(srv_minprotocol, srv_minprotocol)
+FN_GLOBAL_INTEGER(cli_maxprotocol, cli_maxprotocol)
+FN_GLOBAL_INTEGER(cli_minprotocol, cli_minprotocol)
+FN_GLOBAL_INTEGER(security, security)
+FN_GLOBAL_BOOL(paranoid_server_security, paranoid_server_security)
+FN_GLOBAL_INTEGER(announce_as, announce_as)
+
+FN_LOCAL_STRING(pathname, szPath)
+FN_LOCAL_LIST(hostsallow, szHostsallow)
+FN_LOCAL_LIST(hostsdeny, szHostsdeny)
+FN_LOCAL_STRING(comment, comment)
+FN_LOCAL_STRING(fstype, fstype)
+FN_LOCAL_LIST(ntvfs_handler, ntvfs_handler)
+FN_LOCAL_BOOL(msdfs_root, bMSDfsRoot)
+FN_LOCAL_BOOL(browseable, bBrowseable)
+FN_LOCAL_BOOL(readonly, bRead_only)
+FN_LOCAL_BOOL(print_ok, bPrint_ok)
+FN_LOCAL_BOOL(map_hidden, bMap_hidden)
+FN_LOCAL_BOOL(map_archive, bMap_archive)
+FN_LOCAL_BOOL(strict_locking, bStrictLocking)
+FN_LOCAL_BOOL(oplocks, bOplocks)
+FN_LOCAL_BOOL(strict_sync, bStrictSync)
+FN_LOCAL_BOOL(ci_filesystem, bCIFileSystem)
+FN_LOCAL_BOOL(map_system, bMap_system)
+FN_LOCAL_INTEGER(max_connections, iMaxConnections)
+FN_LOCAL_INTEGER(csc_policy, iCSCPolicy)
+FN_LOCAL_INTEGER(create_mask, iCreate_mask)
+FN_LOCAL_INTEGER(force_create_mode, iCreate_force_mode)
+FN_LOCAL_INTEGER(dir_mask, iDir_mask)
+FN_LOCAL_INTEGER(force_dir_mode, iDir_force_mode)
+FN_GLOBAL_INTEGER(server_signing, server_signing)
+FN_GLOBAL_INTEGER(client_signing, client_signing)
+
+FN_GLOBAL_CONST_STRING(ntp_signd_socket_directory, szNTPSignDSocketDirectory)
 
 /* local prototypes */
 static int map_parameter(const char *pszParmName);
-static struct loadparm_service *getservicebyname(struct loadparm_context *lp_ctx, 
+static struct loadparm_service *getservicebyname(struct loadparm_context *lp_ctx,
                                        const char *pszServiceName);
 static void copy_service(struct loadparm_service *pserviceDest,
-                        struct loadparm_service *pserviceSource, 
+                        struct loadparm_service *pserviceSource,
                         int *pcopymapDest);
 static bool service_ok(struct loadparm_service *service);
 static bool do_section(const char *pszSectionName, void *);
@@ -758,24 +776,27 @@ static void init_copymap(struct loadparm_service *pservice);
 /* This is a helper function for parametrical options support. */
 /* It returns a pointer to parametrical option value if it exists or NULL otherwise */
 /* Actual parametrical functions are quite simple */
-const char *lp_get_parametric(struct loadparm_context *lp_ctx, 
-                             struct loadparm_service *service, 
+const char *lpcfg_get_parametric(struct loadparm_context *lp_ctx,
+                             struct loadparm_service *service,
                              const char *type, const char *option)
 {
-       char *vfskey;
-        struct param_opt *data;
+       char *vfskey_tmp = NULL;
+       char *vfskey = NULL;
+       struct parmlist_entry *data;
 
        if (lp_ctx == NULL)
                return NULL;
-       
+
        data = (service == NULL ? lp_ctx->globals->param_opt : service->param_opt);
-    
-       asprintf(&vfskey, "%s:%s", type, option);
-       strlower(vfskey);
+
+       vfskey_tmp = talloc_asprintf(NULL, "%s:%s", type, option);
+       if (vfskey_tmp == NULL) return NULL;
+       vfskey = strlower_talloc(NULL, vfskey_tmp);
+       talloc_free(vfskey_tmp);
 
        while (data) {
                if (strcmp(data->key, vfskey) == 0) {
-                       free(vfskey);
+                       talloc_free(vfskey);
                        return data->value;
                }
                data = data->next;
@@ -784,17 +805,17 @@ const char *lp_get_parametric(struct loadparm_context *lp_ctx,
        if (service != NULL) {
                /* Try to fetch the same option but from globals */
                /* but only if we are not already working with globals */
-               for (data = lp_ctx->globals->param_opt; data; 
+               for (data = lp_ctx->globals->param_opt; data;
                     data = data->next) {
                        if (strcmp(data->key, vfskey) == 0) {
-                               free(vfskey);
+                               talloc_free(vfskey);
                                return data->value;
                        }
                }
        }
 
-       free(vfskey);
-       
+       talloc_free(vfskey);
+
        return NULL;
 }
 
@@ -810,7 +831,7 @@ static int lp_int(const char *s)
                return -1;
        }
 
-       return strtol(s, NULL, 0); 
+       return strtol(s, NULL, 0);
 }
 
 /**
@@ -852,7 +873,7 @@ static bool lp_bool(const char *s)
                DEBUG(0,("lp_bool(%s): is called with NULL!\n",s));
                return false;
        }
-       
+
        if (!set_boolean(s, &ret)) {
                DEBUG(0,("lp_bool(%s): value is not boolean!\n",s));
                return false;
@@ -865,14 +886,14 @@ static bool lp_bool(const char *s)
 /**
  * Return parametric option from a given service. Type is a part of option before ':'
  * Parametric option has following syntax: 'Type: option = value'
- * Returned value is allocated in 'lp_talloc' context 
+ * Returned value is allocated in 'lp_talloc' context
  */
 
-const char *lp_parm_string(struct loadparm_context *lp_ctx, 
-                          struct loadparm_service *service, const char *type, 
-                          const char *option)
+const char *lpcfg_parm_string(struct loadparm_context *lp_ctx,
+                             struct loadparm_service *service, const char *type,
+                             const char *option)
 {
-       const char *value = lp_get_parametric(lp_ctx, service, type, option);
+       const char *value = lpcfg_get_parametric(lp_ctx, service, type, option);
 
        if (value)
                return lp_string(value);
@@ -886,16 +907,16 @@ const char *lp_parm_string(struct loadparm_context *lp_ctx,
  * Returned value is allocated in 'lp_talloc' context
  */
 
-const char **lp_parm_string_list(TALLOC_CTX *mem_ctx,
-                                struct loadparm_context *lp_ctx, 
-                                struct loadparm_service *service, 
-                                const char *type, 
-                                const char *option, const char *separator)
+const char **lpcfg_parm_string_list(TALLOC_CTX *mem_ctx,
+                                   struct loadparm_context *lp_ctx,
+                                   struct loadparm_service *service,
+                                   const char *type,
+                                   const char *option, const char *separator)
 {
-       const char *value = lp_get_parametric(lp_ctx, service, type, option);
-       
+       const char *value = lpcfg_get_parametric(lp_ctx, service, type, option);
+
        if (value != NULL)
-               return str_list_make(mem_ctx, value, separator);
+               return (const char **)str_list_make(mem_ctx, value, separator);
 
        return NULL;
 }
@@ -905,12 +926,12 @@ const char **lp_parm_string_list(TALLOC_CTX *mem_ctx,
  * Parametric option has following syntax: 'Type: option = value'
  */
 
-int lp_parm_int(struct loadparm_context *lp_ctx, 
-               struct loadparm_service *service, const char *type, 
-               const char *option, int default_v)
+int lpcfg_parm_int(struct loadparm_context *lp_ctx,
+                  struct loadparm_service *service, const char *type,
+                  const char *option, int default_v)
 {
-       const char *value = lp_get_parametric(lp_ctx, service, type, option);
-       
+       const char *value = lpcfg_get_parametric(lp_ctx, service, type, option);
+
        if (value)
                return lp_int(value);
 
@@ -923,15 +944,15 @@ int lp_parm_int(struct loadparm_context *lp_ctx,
  * Parametric option has following syntax: 'Type: option = value'.
  */
 
-int lp_parm_bytes(struct loadparm_context *lp_ctx, 
-                 struct loadparm_service *service, const char *type, 
+int lpcfg_parm_bytes(struct loadparm_context *lp_ctx,
+                 struct loadparm_service *service, const char *type,
                  const char *option, int default_v)
 {
        uint64_t bval;
 
-       const char *value = lp_get_parametric(lp_ctx, service, type, option);
+       const char *value = lpcfg_get_parametric(lp_ctx, service, type, option);
 
-       if (value && conv_str_size(value, &bval)) {
+       if (value && conv_str_size_error(value, &bval)) {
                if (bval <= INT_MAX) {
                        return (int)bval;
                }
@@ -941,16 +962,16 @@ int lp_parm_bytes(struct loadparm_context *lp_ctx,
 }
 
 /**
- * Return parametric option from a given service. 
+ * Return parametric option from a given service.
  * Type is a part of option before ':'
  * Parametric option has following syntax: 'Type: option = value'
  */
-unsigned long lp_parm_ulong(struct loadparm_context *lp_ctx, 
-                           struct loadparm_service *service, const char *type, 
+unsigned long lpcfg_parm_ulong(struct loadparm_context *lp_ctx,
+                           struct loadparm_service *service, const char *type,
                            const char *option, unsigned long default_v)
 {
-       const char *value = lp_get_parametric(lp_ctx, service, type, option);
-       
+       const char *value = lpcfg_get_parametric(lp_ctx, service, type, option);
+
        if (value)
                return lp_ulong(value);
 
@@ -958,12 +979,12 @@ unsigned long lp_parm_ulong(struct loadparm_context *lp_ctx,
 }
 
 
-double lp_parm_double(struct loadparm_context *lp_ctx, 
-                     struct loadparm_service *service, const char *type, 
+double lpcfg_parm_double(struct loadparm_context *lp_ctx,
+                     struct loadparm_service *service, const char *type,
                      const char *option, double default_v)
 {
-       const char *value = lp_get_parametric(lp_ctx, service, type, option);
-       
+       const char *value = lpcfg_get_parametric(lp_ctx, service, type, option);
+
        if (value != NULL)
                return lp_double(value);
 
@@ -975,12 +996,12 @@ double lp_parm_double(struct loadparm_context *lp_ctx,
  * Parametric option has following syntax: 'Type: option = value'
  */
 
-bool lp_parm_bool(struct loadparm_context *lp_ctx, 
-                 struct loadparm_service *service, const char *type, 
-                 const char *option, bool default_v)
+bool lpcfg_parm_bool(struct loadparm_context *lp_ctx,
+                    struct loadparm_service *service, const char *type,
+                    const char *option, bool default_v)
 {
-       const char *value = lp_get_parametric(lp_ctx, service, type, option);
-       
+       const char *value = lpcfg_get_parametric(lp_ctx, service, type, option);
+
        if (value != NULL)
                return lp_bool(value);
 
@@ -992,11 +1013,11 @@ bool lp_parm_bool(struct loadparm_context *lp_ctx,
  * Initialise a service to the defaults.
  */
 
-static struct loadparm_service *init_service(TALLOC_CTX *mem_ctx)
+static struct loadparm_service *init_service(TALLOC_CTX *mem_ctx, struct loadparm_service *sDefault)
 {
-       struct loadparm_service *pservice = 
+       struct loadparm_service *pservice =
                talloc_zero(mem_ctx, struct loadparm_service);
-       copy_service(pservice, &sDefault, NULL);
+       copy_service(pservice, sDefault, NULL);
        return pservice;
 }
 
@@ -1008,12 +1029,32 @@ static bool string_set(TALLOC_CTX *mem_ctx, char **dest, const char *src)
 {
        talloc_free(*dest);
 
-       if (src == NULL) 
+       if (src == NULL)
                src = "";
 
        *dest = talloc_strdup(mem_ctx, src);
        if ((*dest) == NULL) {
-               DEBUG(0,("Out of memory in string_init\n"));
+               DEBUG(0,("Out of memory in string_set\n"));
+               return false;
+       }
+
+       return true;
+}
+
+/**
+ * Set a string value, deallocating any existing space, and allocing the space
+ * for the string
+ */
+static bool string_set_upper(TALLOC_CTX *mem_ctx, char **dest, const char *src)
+{
+       talloc_free(*dest);
+
+       if (src == NULL)
+               src = "";
+
+       *dest = strupper_talloc(mem_ctx, src);
+       if ((*dest) == NULL) {
+               DEBUG(0,("Out of memory in string_set_upper\n"));
                return false;
        }
 
@@ -1023,24 +1064,28 @@ static bool string_set(TALLOC_CTX *mem_ctx, char **dest, const char *src)
 
 
 /**
- * Add a new service to the services array initialising it with the given 
- * service. 
+ * Add a new service to the services array initialising it with the given
+ * service.
  */
 
-struct loadparm_service *lp_add_service(struct loadparm_context *lp_ctx, 
-                                    const struct loadparm_service *pservice, 
-                                    const char *name)
+struct loadparm_service *lpcfg_add_service(struct loadparm_context *lp_ctx,
+                                          const struct loadparm_service *pservice,
+                                          const char *name)
 {
        int i;
        struct loadparm_service tservice;
        int num_to_alloc = lp_ctx->iNumServices + 1;
-       struct param_opt *data, *pdata;
+       struct parmlist_entry *data, *pdata;
+
+       if (pservice == NULL) {
+               pservice = lp_ctx->sDefault;
+       }
 
        tservice = *pservice;
 
        /* it might already exist */
        if (name) {
-               struct loadparm_service *service = getservicebyname(lp_ctx, 
+               struct loadparm_service *service = getservicebyname(lp_ctx,
                                                                    name);
                if (service != NULL) {
                        /* Clean all parametric options for service */
@@ -1064,11 +1109,11 @@ struct loadparm_service *lp_add_service(struct loadparm_context *lp_ctx,
        /* if not, then create one */
        if (i == lp_ctx->iNumServices) {
                struct loadparm_service **tsp;
-               
+
                tsp = talloc_realloc(lp_ctx, lp_ctx->services, struct loadparm_service *, num_to_alloc);
-                                          
+
                if (!tsp) {
-                       DEBUG(0,("lp_add_service: failed to enlarge services!\n"));
+                       DEBUG(0,("lpcfg_add_service: failed to enlarge services!\n"));
                        return NULL;
                } else {
                        lp_ctx->services = tsp;
@@ -1076,11 +1121,11 @@ struct loadparm_service *lp_add_service(struct loadparm_context *lp_ctx,
                }
 
                lp_ctx->iNumServices++;
-       } 
+       }
 
-       lp_ctx->services[i] = init_service(lp_ctx->services);
+       lp_ctx->services[i] = init_service(lp_ctx->services, lp_ctx->sDefault);
        if (lp_ctx->services[i] == NULL) {
-               DEBUG(0,("lp_add_service: out of memory!\n"));
+               DEBUG(0,("lpcfg_add_service: out of memory!\n"));
                return NULL;
        }
        copy_service(lp_ctx->services[i], &tservice, NULL);
@@ -1090,27 +1135,27 @@ struct loadparm_service *lp_add_service(struct loadparm_context *lp_ctx,
 }
 
 /**
- * Add a new home service, with the specified home directory, defaults coming 
+ * Add a new home service, with the specified home directory, defaults coming
  * from service ifrom.
  */
 
-bool lp_add_home(struct loadparm_context *lp_ctx, 
-                const char *pszHomename, 
+bool lpcfg_add_home(struct loadparm_context *lp_ctx,
+                const char *pszHomename,
                 struct loadparm_service *default_service,
                 const char *user, const char *pszHomedir)
 {
        struct loadparm_service *service;
 
-       service = lp_add_service(lp_ctx, default_service, pszHomename);
+       service = lpcfg_add_service(lp_ctx, default_service, pszHomename);
 
        if (service == NULL)
                return false;
 
        if (!(*(default_service->szPath))
-           || strequal(default_service->szPath, sDefault.szPath)) {
+           || strequal(default_service->szPath, lp_ctx->sDefault->szPath)) {
                service->szPath = talloc_strdup(service, pszHomedir);
        } else {
-               service->szPath = string_sub_talloc(service, lp_pathname(default_service),"%H", pszHomedir); 
+               service->szPath = string_sub_talloc(service, lpcfg_pathname(default_service, lp_ctx->sDefault), "%H", pszHomedir);
        }
 
        if (!(*(service->comment))) {
@@ -1119,41 +1164,8 @@ bool lp_add_home(struct loadparm_context *lp_ctx,
        service->bAvailable = default_service->bAvailable;
        service->bBrowseable = default_service->bBrowseable;
 
-       DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", 
+       DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n",
                  pszHomename, user, service->szPath));
-       
-       return true;
-}
-
-/**
- * Add the IPC service.
- */
-
-static bool lp_add_hidden(struct loadparm_context *lp_ctx, const char *name, 
-                         const char *fstype)
-{
-       struct loadparm_service *service = lp_add_service(lp_ctx, &sDefault, name);
-
-       if (service == NULL)
-               return false;
-
-       string_set(service, &service->szPath, tmpdir());
-
-       service->comment = talloc_asprintf(service, "%s Service (%s)", 
-                               fstype, lp_ctx->globals->szServerString);
-       string_set(service, &service->fstype, fstype);
-       service->iMaxConnections = -1;
-       service->bAvailable = true;
-       service->bRead_only = true;
-       service->bPrint_ok = false;
-       service->bBrowseable = false;
-
-       if (strcasecmp(fstype, "IPC") == 0) {
-               lp_do_service_parameter(lp_ctx, service, "ntvfs handler", 
-                                       "default");
-       }
-
-       DEBUG(3, ("adding hidden service %s\n", name));
 
        return true;
 }
@@ -1162,13 +1174,13 @@ static bool lp_add_hidden(struct loadparm_context *lp_ctx, const char *name,
  * Add a new printer service, with defaults coming from service iFrom.
  */
 
-bool lp_add_printer(struct loadparm_context *lp_ctx,
-                   const char *pszPrintername, 
-                   struct loadparm_service *default_service)
+bool lpcfg_add_printer(struct loadparm_context *lp_ctx,
+                      const char *pszPrintername,
+                      struct loadparm_service *default_service)
 {
        const char *comment = "From Printcap";
        struct loadparm_service *service;
-       service = lp_add_service(lp_ctx, default_service, pszPrintername);
+       service = lpcfg_add_service(lp_ctx, default_service, pszPrintername);
 
        if (service == NULL)
                return false;
@@ -1193,7 +1205,7 @@ bool lp_add_printer(struct loadparm_context *lp_ctx,
 }
 
 /**
- * Map a parameter's string representation to something we can use. 
+ * Map a parameter's string representation to something we can use.
  * Returns False if the parameter string is not recognised, else TRUE.
  */
 
@@ -1221,7 +1233,7 @@ static int map_parameter(const char *pszParmName)
 /**
   return the parameter structure for a parameter
 */
-struct parm_struct *lp_parm_struct(const char *name)
+struct parm_struct *lpcfg_parm_struct(const char *name)
 {
        int parmnum = map_parameter(name);
        if (parmnum == -1) return NULL;
@@ -1231,13 +1243,13 @@ struct parm_struct *lp_parm_struct(const char *name)
 /**
   return the parameter pointer for a parameter
 */
-void *lp_parm_ptr(struct loadparm_context *lp_ctx,
+void *lpcfg_parm_ptr(struct loadparm_context *lp_ctx,
                  struct loadparm_service *service, struct parm_struct *parm)
 {
        if (service == NULL) {
-               if (parm->class == P_LOCAL)
-                       return ((char *)&sDefault)+parm->offset;
-               else if (parm->class == P_GLOBAL)
+               if (parm->pclass == P_LOCAL)
+                       return ((char *)lp_ctx->sDefault)+parm->offset;
+               else if (parm->pclass == P_GLOBAL)
                        return ((char *)lp_ctx->globals)+parm->offset;
                else return NULL;
        } else {
@@ -1249,7 +1261,7 @@ void *lp_parm_ptr(struct loadparm_context *lp_ctx,
  * Find a service by name. Otherwise works like get_service.
  */
 
-static struct loadparm_service *getservicebyname(struct loadparm_context *lp_ctx, 
+static struct loadparm_service *getservicebyname(struct loadparm_context *lp_ctx,
                                        const char *pszServiceName)
 {
        int iService;
@@ -1268,17 +1280,17 @@ static struct loadparm_service *getservicebyname(struct loadparm_context *lp_ctx
  * If pcopymapDest is NULL then copy all fields
  */
 
-static void copy_service(struct loadparm_service *pserviceDest, 
-                        struct loadparm_service *pserviceSource, 
+static void copy_service(struct loadparm_service *pserviceDest,
+                        struct loadparm_service *pserviceSource,
                         int *pcopymapDest)
 {
        int i;
        bool bcopyall = (pcopymapDest == NULL);
-       struct param_opt *data, *pdata, *paramo;
+       struct parmlist_entry *data, *pdata, *paramo;
        bool not_added;
 
        for (i = 0; parm_table[i].label; i++)
-               if (parm_table[i].offset != -1 && parm_table[i].class == P_LOCAL &&
+               if (parm_table[i].offset != -1 && parm_table[i].pclass == P_LOCAL &&
                    (bcopyall || pcopymapDest[i])) {
                        void *src_ptr =
                                ((char *)pserviceSource) + parm_table[i].offset;
@@ -1297,19 +1309,18 @@ static void copy_service(struct loadparm_service *pserviceDest,
                                        break;
 
                                case P_STRING:
-                                       string_set(pserviceDest, 
+                                       string_set(pserviceDest,
                                                   (char **)dest_ptr,
                                                   *(char **)src_ptr);
                                        break;
 
                                case P_USTRING:
-                                       string_set(pserviceDest, 
-                                                  (char **)dest_ptr,
-                                                  *(char **)src_ptr);
-                                       strupper(*(char **)dest_ptr);
+                                       string_set_upper(pserviceDest,
+                                                        (char **)dest_ptr,
+                                                        *(char **)src_ptr);
                                        break;
                                case P_LIST:
-                                       *(const char ***)dest_ptr = str_list_copy(pserviceDest, 
+                                       *(const char ***)dest_ptr = (const char **)str_list_copy(pserviceDest, 
                                                                                  *(const char ***)src_ptr);
                                        break;
                                default:
@@ -1324,7 +1335,7 @@ static void copy_service(struct loadparm_service *pserviceDest,
                               (void *)pserviceSource->copymap,
                               sizeof(int) * NUMPARAMETERS);
        }
-       
+
        data = pserviceSource->param_opt;
        while (data) {
                not_added = true;
@@ -1334,7 +1345,7 @@ static void copy_service(struct loadparm_service *pserviceDest,
                        /* If we already have same option, override it */
                        if (strcmp(pdata->key, data->key) == 0) {
                                talloc_free(pdata->value);
-                               pdata->value = talloc_reference(pdata, 
+                               pdata->value = talloc_reference(pdata,
                                                             data->value);
                                not_added = false;
                                break;
@@ -1342,7 +1353,7 @@ static void copy_service(struct loadparm_service *pserviceDest,
                        pdata = pdata->next;
                }
                if (not_added) {
-                       paramo = talloc(pserviceDest, struct param_opt);
+                       paramo = talloc_zero(pserviceDest, struct parmlist_entry);
                        if (paramo == NULL)
                                smb_panic("OOM");
                        paramo->key = talloc_reference(paramo, data->key);
@@ -1391,11 +1402,11 @@ static bool service_ok(struct loadparm_service *service)
 
 
 /*******************************************************************
- Keep a linked list of all config files so we know when one has changed 
+ Keep a linked list of all config files so we know when one has changed
  it's date and needs to be reloaded.
 ********************************************************************/
 
-static void add_to_file_list(struct loadparm_context *lp_ctx, 
+static void add_to_file_list(struct loadparm_context *lp_ctx,
                             const char *fname, const char *subfname)
 {
        struct file_lists *f = lp_ctx->file_lists;
@@ -1433,7 +1444,7 @@ static void add_to_file_list(struct loadparm_context *lp_ctx,
 /*******************************************************************
  Check if a config file has changed date.
 ********************************************************************/
-bool lp_file_list_changed(struct loadparm_context *lp_ctx)
+bool lpcfg_file_list_changed(struct loadparm_context *lp_ctx)
 {
        struct file_lists *f;
        DEBUG(6, ("lp_file_list_changed()\n"));
@@ -1461,11 +1472,29 @@ bool lp_file_list_changed(struct loadparm_context *lp_ctx)
        return false;
 }
 
+/***************************************************************************
+ Handle the "realm" parameter
+***************************************************************************/
+
+static bool handle_realm(struct loadparm_context *lp_ctx,
+                        const char *pszParmValue, char **ptr)
+{
+       string_set(lp_ctx, ptr, pszParmValue);
+
+       talloc_free(lp_ctx->globals->szRealm_upper);
+       talloc_free(lp_ctx->globals->szRealm_lower);
+
+       lp_ctx->globals->szRealm_upper = strupper_talloc(lp_ctx, pszParmValue);
+       lp_ctx->globals->szRealm_lower = strlower_talloc(lp_ctx, pszParmValue);
+
+       return true;
+}
+
 /***************************************************************************
  Handle the include operation.
 ***************************************************************************/
 
-static bool handle_include(struct loadparm_context *lp_ctx, 
+static bool handle_include(struct loadparm_context *lp_ctx,
                           const char *pszParmValue, char **ptr)
 {
        char *fname = standard_sub_basic(lp_ctx, pszParmValue);
@@ -1486,7 +1515,7 @@ static bool handle_include(struct loadparm_context *lp_ctx,
  Handle the interpretation of the copy parameter.
 ***************************************************************************/
 
-static bool handle_copy(struct loadparm_context *lp_ctx, 
+static bool handle_copy(struct loadparm_context *lp_ctx,
                        const char *pszParmValue, char **ptr)
 {
        bool bRetval;
@@ -1508,7 +1537,7 @@ static bool handle_copy(struct loadparm_context *lp_ctx,
                        bRetval = true;
                }
        } else {
-               DEBUG(0, ("Unable to copy service - source not found: %s\n", 
+               DEBUG(0, ("Unable to copy service - source not found: %s\n",
                          pszParmValue));
                bRetval = false;
        }
@@ -1516,18 +1545,19 @@ static bool handle_copy(struct loadparm_context *lp_ctx,
        return bRetval;
 }
 
-static bool handle_debuglevel(struct loadparm_context *lp_ctx, 
+static bool handle_debuglevel(struct loadparm_context *lp_ctx,
                        const char *pszParmValue, char **ptr)
 {
-       DEBUGLEVEL = atoi(pszParmValue);
 
-       return true;
+       string_set(lp_ctx, ptr, pszParmValue);
+       return debug_parse_levels(pszParmValue);
 }
 
-static bool handle_logfile(struct loadparm_context *lp_ctx, 
+static bool handle_logfile(struct loadparm_context *lp_ctx,
                        const char *pszParmValue, char **ptr)
 {
-       logfile = pszParmValue;
+       debug_set_logfile(pszParmValue);
+       string_set(lp_ctx, ptr, pszParmValue);
        return true;
 }
 
@@ -1553,12 +1583,12 @@ static void init_copymap(struct loadparm_service *pservice)
 /**
  * Process a parametric option
  */
-static bool lp_do_parameter_parametric(struct loadparm_context *lp_ctx, 
-                                      struct loadparm_service *service, 
-                                      const char *pszParmName, 
+static bool lp_do_parameter_parametric(struct loadparm_context *lp_ctx,
+                                      struct loadparm_service *service,
+                                      const char *pszParmName,
                                       const char *pszParmValue, int flags)
 {
-       struct param_opt *paramo, *data;
+       struct parmlist_entry *paramo, *data;
        char *name;
        TALLOC_CTX *mem_ctx;
 
@@ -1566,11 +1596,9 @@ static bool lp_do_parameter_parametric(struct loadparm_context *lp_ctx,
                pszParmName++;
        }
 
-       name = strdup(pszParmName);
+       name = strlower_talloc(lp_ctx, pszParmName);
        if (!name) return false;
 
-       strlower(name);
-
        if (service == NULL) {
                data = lp_ctx->globals->param_opt;
                mem_ctx = lp_ctx->globals;
@@ -1584,46 +1612,51 @@ static bool lp_do_parameter_parametric(struct loadparm_context *lp_ctx,
                /* If we already have the option set, override it unless
                   it was a command line option and the new one isn't */
                if (strcmp(paramo->key, name) == 0) {
-                       if ((paramo->flags & FLAG_CMDLINE) &&
+                       if ((paramo->priority & FLAG_CMDLINE) &&
                            !(flags & FLAG_CMDLINE)) {
+                               talloc_free(name);
                                return true;
                        }
 
                        talloc_free(paramo->value);
                        paramo->value = talloc_strdup(paramo, pszParmValue);
-                       paramo->flags = flags;
-                       free(name);
+                       paramo->priority = flags;
+                       talloc_free(name);
                        return true;
                }
        }
 
-       paramo = talloc(mem_ctx, struct param_opt);
+       paramo = talloc_zero(mem_ctx, struct parmlist_entry);
        if (!paramo)
                smb_panic("OOM");
        paramo->key = talloc_strdup(paramo, name);
        paramo->value = talloc_strdup(paramo, pszParmValue);
-       paramo->flags = flags;
+       paramo->priority = flags;
        if (service == NULL) {
                DLIST_ADD(lp_ctx->globals->param_opt, paramo);
        } else {
                DLIST_ADD(service->param_opt, paramo);
        }
 
-       free(name);
-       
+       talloc_free(name);
+
        return true;
 }
 
-static bool set_variable(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr, 
+static bool set_variable(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr,
                         const char *pszParmName, const char *pszParmValue,
-                        struct loadparm_context *lp_ctx)
+                        struct loadparm_context *lp_ctx, bool on_globals)
 {
        int i;
        /* if it is a special case then go ahead */
        if (parm_table[parmnum].special) {
-               parm_table[parmnum].special(lp_ctx, pszParmValue, 
-                                           (char **)parm_ptr);
-               return true;
+               bool ret;
+               ret = parm_table[parmnum].special(lp_ctx, pszParmValue,
+                                                 (char **)parm_ptr);
+               if (!ret) {
+                       return false;
+               }
+               goto mark_non_default;
        }
 
        /* now switch on the type of variable it is */
@@ -1650,7 +1683,7 @@ static bool set_variable(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr,
                case P_BYTES:
                {
                        uint64_t val;
-                       if (conv_str_size(pszParmValue, &val)) {
+                       if (conv_str_size_error(pszParmValue, &val)) {
                                if (val <= INT_MAX) {
                                        *(int *)parm_ptr = (int)val;
                                        break;
@@ -1662,18 +1695,46 @@ static bool set_variable(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr,
                        return false;
                }
 
-               case P_LIST:
-                       *(const char ***)parm_ptr = str_list_make(mem_ctx, 
+               case P_CMDLIST:
+                       *(const char ***)parm_ptr = (const char **)str_list_make(mem_ctx,
                                                                  pszParmValue, NULL);
                        break;
-
+               case P_LIST:
+               {
+                       char **new_list = str_list_make(mem_ctx,
+                                                       pszParmValue, NULL);
+                       for (i=0; new_list[i]; i++) {
+                               if (new_list[i][0] == '+' && new_list[i][1]) {
+                                       *(const char ***)parm_ptr = str_list_add(*(const char ***)parm_ptr,
+                                                                                &new_list[i][1]);
+                               } else if (new_list[i][0] == '-' && new_list[i][1]) {
+                                       if (!str_list_check(*(const char ***)parm_ptr,
+                                                           &new_list[i][1])) {
+                                               DEBUG(0, ("Unsupported value for: %s = %s, %s is not in the original list\n",
+                                                         pszParmName, pszParmValue, new_list[i]));
+                                               return false;
+
+                                       }
+                                       str_list_remove(*(const char ***)parm_ptr,
+                                                       &new_list[i][1]);
+                               } else {
+                                       if (i != 0) {
+                                               DEBUG(0, ("Unsupported list syntax for: %s = %s\n",
+                                                         pszParmName, pszParmValue));
+                                               return false;
+                                       }
+                                       *(const char ***)parm_ptr = (const char **) new_list;
+                                       break;
+                               }
+                       }
+                       break;
+               }
                case P_STRING:
                        string_set(mem_ctx, (char **)parm_ptr, pszParmValue);
                        break;
 
                case P_USTRING:
-                       string_set(mem_ctx, (char **)parm_ptr, pszParmValue);
-                       strupper(*(char **)parm_ptr);
+                       string_set_upper(mem_ctx, (char **)parm_ptr, pszParmValue);
                        break;
 
                case P_ENUM:
@@ -1695,7 +1756,8 @@ static bool set_variable(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr,
                        break;
        }
 
-       if (lp_ctx->flags[parmnum] & FLAG_DEFAULT) {
+mark_non_default:
+       if (on_globals && (lp_ctx->flags[parmnum] & FLAG_DEFAULT)) {
                lp_ctx->flags[parmnum] &= ~FLAG_DEFAULT;
                /* we have to also unset FLAG_DEFAULT on aliases */
                for (i=parmnum-1;i>=0 && parm_table[i].offset == parm_table[parmnum].offset;i--) {
@@ -1709,8 +1771,8 @@ static bool set_variable(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr,
 }
 
 
-bool lp_do_global_parameter(struct loadparm_context *lp_ctx, 
-                           const char *pszParmName, const char *pszParmValue)
+bool lpcfg_do_global_parameter(struct loadparm_context *lp_ctx,
+                              const char *pszParmName, const char *pszParmValue)
 {
        int parmnum = map_parameter(pszParmName);
        void *parm_ptr;
@@ -1729,15 +1791,15 @@ bool lp_do_global_parameter(struct loadparm_context *lp_ctx,
                return true;
        }
 
-       parm_ptr = lp_parm_ptr(lp_ctx, NULL, &parm_table[parmnum]);
+       parm_ptr = lpcfg_parm_ptr(lp_ctx, NULL, &parm_table[parmnum]);
 
-       return set_variable(lp_ctx, parmnum, parm_ptr, 
-                           pszParmName, pszParmValue, lp_ctx);
+       return set_variable(lp_ctx->globals, parmnum, parm_ptr,
+                           pszParmName, pszParmValue, lp_ctx, true);
 }
 
-bool lp_do_service_parameter(struct loadparm_context *lp_ctx, 
-                            struct loadparm_service *service, 
-                            const char *pszParmName, const char *pszParmValue)
+bool lpcfg_do_service_parameter(struct loadparm_context *lp_ctx,
+                               struct loadparm_service *service,
+                               const char *pszParmName, const char *pszParmValue)
 {
        void *parm_ptr;
        int i;
@@ -1757,7 +1819,7 @@ bool lp_do_service_parameter(struct loadparm_context *lp_ctx,
                return true;
        }
 
-       if (parm_table[parmnum].class == P_GLOBAL) {
+       if (parm_table[parmnum].pclass == P_GLOBAL) {
                DEBUG(0,
                      ("Global parameter %s found in service section!\n",
                       pszParmName));
@@ -1768,49 +1830,49 @@ bool lp_do_service_parameter(struct loadparm_context *lp_ctx,
        if (!service->copymap)
                init_copymap(service);
 
-       /* this handles the aliases - set the copymap for other 
+       /* this handles the aliases - set the copymap for other
         * entries with the same data pointer */
        for (i = 0; parm_table[i].label; i++)
-               if (parm_table[i].offset == parm_table[parmnum].offset && 
-                   parm_table[i].class == parm_table[parmnum].class)
+               if (parm_table[i].offset == parm_table[parmnum].offset &&
+                   parm_table[i].pclass == parm_table[parmnum].pclass)
                        service->copymap[i] = false;
 
-       return set_variable(service, parmnum, parm_ptr, pszParmName, 
-                           pszParmValue, lp_ctx);
+       return set_variable(service, parmnum, parm_ptr, pszParmName,
+                           pszParmValue, lp_ctx, false);
 }
 
 /**
  * Process a parameter.
  */
 
-static bool do_parameter(const char *pszParmName, const char *pszParmValue, 
+static bool do_parameter(const char *pszParmName, const char *pszParmValue,
                         void *userdata)
 {
        struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
 
-       if (lp_ctx->bInGlobalSection) 
-               return lp_do_global_parameter(lp_ctx, pszParmName, 
+       if (lp_ctx->bInGlobalSection)
+               return lpcfg_do_global_parameter(lp_ctx, pszParmName,
                                              pszParmValue);
-       else 
-               return lp_do_service_parameter(lp_ctx, lp_ctx->currentService,
-                                              pszParmName, pszParmValue);
+       else
+               return lpcfg_do_service_parameter(lp_ctx, lp_ctx->currentService,
+                                                 pszParmName, pszParmValue);
 }
 
 /*
   variable argument do parameter
 */
-bool lp_do_global_parameter_var(struct loadparm_context *lp_ctx, const char *pszParmName, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4);
-bool lp_do_global_parameter_var(struct loadparm_context *lp_ctx, 
-                               const char *pszParmName, const char *fmt, ...) 
+bool lpcfg_do_global_parameter_var(struct loadparm_context *lp_ctx, const char *pszParmName, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4);
+bool lpcfg_do_global_parameter_var(struct loadparm_context *lp_ctx,
+                               const char *pszParmName, const char *fmt, ...)
 {
        char *s;
        bool ret;
        va_list ap;
 
-       va_start(ap, fmt);      
+       va_start(ap, fmt);
        s = talloc_vasprintf(NULL, fmt, ap);
        va_end(ap);
-       ret = lp_do_global_parameter(lp_ctx, pszParmName, s);
+       ret = lpcfg_do_global_parameter(lp_ctx, pszParmName, s);
        talloc_free(s);
        return ret;
 }
@@ -1821,8 +1883,8 @@ bool lp_do_global_parameter_var(struct loadparm_context *lp_ctx,
   parsing code. It sets the parameter then marks the parameter as unable to be modified
   by smb.conf processing
 */
-bool lp_set_cmdline(struct loadparm_context *lp_ctx, const char *pszParmName, 
-                   const char *pszParmValue)
+bool lpcfg_set_cmdline(struct loadparm_context *lp_ctx, const char *pszParmName,
+                      const char *pszParmValue)
 {
        int parmnum = map_parameter(pszParmName);
        int i;
@@ -1832,7 +1894,7 @@ bool lp_set_cmdline(struct loadparm_context *lp_ctx, const char *pszParmName,
 
        if (parmnum < 0 && strchr(pszParmName, ':')) {
                /* set a parametric option */
-               return lp_do_parameter_parametric(lp_ctx, NULL, pszParmName, 
+               return lp_do_parameter_parametric(lp_ctx, NULL, pszParmName,
                                                  pszParmValue, FLAG_CMDLINE);
        }
 
@@ -1844,7 +1906,7 @@ bool lp_set_cmdline(struct loadparm_context *lp_ctx, const char *pszParmName,
        /* reset the CMDLINE flag in case this has been called before */
        lp_ctx->flags[parmnum] &= ~FLAG_CMDLINE;
 
-       if (!lp_do_global_parameter(lp_ctx, pszParmName, pszParmValue)) {
+       if (!lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue)) {
                return false;
        }
 
@@ -1864,7 +1926,7 @@ bool lp_set_cmdline(struct loadparm_context *lp_ctx, const char *pszParmName,
 /*
   set a option from the commandline in 'a=b' format. Use to support --option
 */
-bool lp_set_option(struct loadparm_context *lp_ctx, const char *option)
+bool lpcfg_set_option(struct loadparm_context *lp_ctx, const char *option)
 {
        char *p, *s;
        bool ret;
@@ -1882,7 +1944,7 @@ bool lp_set_option(struct loadparm_context *lp_ctx, const char *option)
 
        *p = 0;
 
-       ret = lp_set_cmdline(lp_ctx, s, p+1);
+       ret = lpcfg_set_cmdline(lp_ctx, s, p+1);
        free(s);
        return ret;
 }
@@ -1897,6 +1959,7 @@ bool lp_set_option(struct loadparm_context *lp_ctx, const char *option)
 static void print_parameter(struct parm_struct *p, void *ptr, FILE * f)
 {
        int i;
+       const char *list_sep = ", "; /* For the seperation of lists values that we print below */
        switch (p->type)
        {
                case P_ENUM:
@@ -1922,13 +1985,20 @@ static void print_parameter(struct parm_struct *p, void *ptr, FILE * f)
                        fprintf(f, "0%o", *(int *)ptr);
                        break;
 
+               case P_CMDLIST:
+                       list_sep = " ";
+                       /* fall through */
                case P_LIST:
                        if ((char ***)ptr && *(char ***)ptr) {
                                char **list = *(char ***)ptr;
-                               
-                               for (; *list; list++)
-                                       fprintf(f, "%s%s", *list,
-                                               ((*(list+1))?", ":""));
+
+                               for (; *list; list++) {
+                                       if (*(list+1) == NULL) {
+                                               /* last item, print no extra seperator after */
+                                               list_sep = "";
+                                       }
+                                       fprintf(f, "%s%s", *list, list_sep);
+                               }
                        }
                        break;
 
@@ -1957,8 +2027,9 @@ static bool equal_parameter(parm_type type, void *ptr1, void *ptr2)
                case P_ENUM:
                        return (*((int *)ptr1) == *((int *)ptr2));
 
+               case P_CMDLIST:
                case P_LIST:
-                       return str_list_equal((const char **)(*(char ***)ptr1), 
+                       return str_list_equal((const char **)(*(char ***)ptr1),
                                              (const char **)(*(char ***)ptr2));
 
                case P_STRING:
@@ -1976,11 +2047,11 @@ static bool equal_parameter(parm_type type, void *ptr1, void *ptr2)
 }
 
 /**
- * Process a new section (service). 
+ * Process a new section (service).
  *
  * At this stage all sections are services.
  * Later we'll have special sections that permit server parameters to be set.
- * Returns True on success, False on failure. 
+ * Returns True on success, False on failure.
  */
 
 static bool do_section(const char *pszSectionName, void *userdata)
@@ -1996,7 +2067,7 @@ static bool do_section(const char *pszSectionName, void *userdata)
 
        /* check for multiple global sections */
        if (lp_ctx->bInGlobalSection) {
-               DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
+               DEBUG(4, ("Processing section \"[%s]\"\n", pszSectionName));
                return true;
        }
 
@@ -2010,10 +2081,10 @@ static bool do_section(const char *pszSectionName, void *userdata)
        if (bRetval) {
                /* We put this here to avoid an odd message order if messages are */
                /* issued by the post-processing of a previous section. */
-               DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
+               DEBUG(4, ("Processing section \"[%s]\"\n", pszSectionName));
 
-               if ((lp_ctx->currentService = lp_add_service(lp_ctx, &sDefault, 
-                                                            pszSectionName))
+               if ((lp_ctx->currentService = lpcfg_add_service(lp_ctx, lp_ctx->sDefault,
+                                                                  pszSectionName))
                    == NULL) {
                        DEBUG(0, ("Failed to add a new service\n"));
                        return false;
@@ -2025,15 +2096,16 @@ static bool do_section(const char *pszSectionName, void *userdata)
 
 
 /**
- * Determine if a partcular base parameter is currentl set to the default value.
+ * Determine if a particular base parameter is currently set to the default value.
  */
 
-static bool is_default(int i)
+static bool is_default(struct loadparm_service *sDefault, int i)
 {
-       void *def_ptr = ((char *)&sDefault) + parm_table[i].offset;
+       void *def_ptr = ((char *)sDefault) + parm_table[i].offset;
        if (!defaults_saved)
                return false;
        switch (parm_table[i].type) {
+               case P_CMDLIST:
                case P_LIST:
                        return str_list_equal((const char **)parm_table[i].def.lvalue, 
                                              (const char **)def_ptr);
@@ -2058,27 +2130,30 @@ static bool is_default(int i)
  *Display the contents of the global structure.
  */
 
-static void dump_globals(struct loadparm_context *lp_ctx, FILE *f, 
+static void dump_globals(struct loadparm_context *lp_ctx, FILE *f,
                         bool show_defaults)
 {
        int i;
-       struct param_opt *data;
-       
+       struct parmlist_entry *data;
+
        fprintf(f, "# Global parameters\n[global]\n");
 
        for (i = 0; parm_table[i].label; i++)
-               if (parm_table[i].class == P_GLOBAL &&
+               if (parm_table[i].pclass == P_GLOBAL &&
                    parm_table[i].offset != -1 &&
                    (i == 0 || (parm_table[i].offset != parm_table[i - 1].offset))) {
-                       if (!show_defaults && (lp_ctx->flags[i] & FLAG_DEFAULT)) 
+                       if (!show_defaults && (lp_ctx->flags[i] & FLAG_DEFAULT))
                                continue;
                        fprintf(f, "\t%s = ", parm_table[i].label);
-                       print_parameter(&parm_table[i], lp_parm_ptr(lp_ctx, NULL, &parm_table[i]), f);
+                       print_parameter(&parm_table[i], lpcfg_parm_ptr(lp_ctx, NULL, &parm_table[i]), f);
                        fprintf(f, "\n");
        }
        if (lp_ctx->globals->param_opt != NULL) {
-               for (data = lp_ctx->globals->param_opt; data; 
+               for (data = lp_ctx->globals->param_opt; data;
                     data = data->next) {
+                       if (!show_defaults && (data->priority & FLAG_DEFAULT)) {
+                               continue;
+                       }
                        fprintf(f, "\t%s = %s\n", data->key, data->value);
                }
         }
@@ -2089,27 +2164,35 @@ static void dump_globals(struct loadparm_context *lp_ctx, FILE *f,
  * Display the contents of a single services record.
  */
 
-static void dump_a_service(struct loadparm_service * pService, FILE * f)
+static void dump_a_service(struct loadparm_service * pService, struct loadparm_service *sDefault, FILE * f,
+                          unsigned int *flags)
 {
        int i;
-       struct param_opt *data;
-       
-       if (pService != &sDefault)
+       struct parmlist_entry *data;
+
+       if (pService != sDefault)
                fprintf(f, "\n[%s]\n", pService->szService);
 
-       for (i = 0; parm_table[i].label; i++)
-               if (parm_table[i].class == P_LOCAL &&
+       for (i = 0; parm_table[i].label; i++) {
+               if (parm_table[i].pclass == P_LOCAL &&
                    parm_table[i].offset != -1 &&
                    (*parm_table[i].label != '-') &&
-                   (i == 0 || (parm_table[i].offset != parm_table[i - 1].offset))) {
-                       if (pService == &sDefault) {
-                               if (defaults_saved && is_default(i))
+                   (i == 0 || (parm_table[i].offset != parm_table[i - 1].offset)))
+               {
+                       if (pService == sDefault) {
+                               if (flags && (flags[i] & FLAG_DEFAULT)) {
                                        continue;
+                               }
+                               if (defaults_saved) {
+                                       if (is_default(sDefault, i)) {
+                                               continue;
+                                       }
+                               }
                        } else {
                                if (equal_parameter(parm_table[i].type,
                                                    ((char *)pService) +
                                                    parm_table[i].offset,
-                                                   ((char *)&sDefault) +
+                                                   ((char *)sDefault) +
                                                    parm_table[i].offset))
                                        continue;
                        }
@@ -2118,6 +2201,7 @@ static void dump_a_service(struct loadparm_service * pService, FILE * f)
                        print_parameter(&parm_table[i],
                                        ((char *)pService) + parm_table[i].offset, f);
                        fprintf(f, "\n");
+               }
        }
        if (pService->param_opt != NULL) {
                for (data = pService->param_opt; data; data = data->next) {
@@ -2126,32 +2210,34 @@ static void dump_a_service(struct loadparm_service * pService, FILE * f)
         }
 }
 
-bool lp_dump_a_parameter(struct loadparm_context *lp_ctx, 
-                        struct loadparm_service *service, 
-                        const char *parm_name, FILE * f)
+bool lpcfg_dump_a_parameter(struct loadparm_context *lp_ctx,
+                           struct loadparm_service *service,
+                           const char *parm_name, FILE * f)
 {
        struct parm_struct *parm;
        void *ptr;
-       
-       parm = lp_parm_struct(parm_name);
+
+       parm = lpcfg_parm_struct(parm_name);
        if (!parm) {
                return false;
        }
 
-       ptr = lp_parm_ptr(lp_ctx, service,parm);
-       
+       ptr = lpcfg_parm_ptr(lp_ctx, service,parm);
+
        print_parameter(parm, ptr, f);
        fprintf(f, "\n");
        return true;
 }
 
 /**
- * Return info about the next service  in a service. snum==-1 gives the globals.
+ * Return info about the next parameter in a service.
+ * snum==-1 gives the globals.
  * Return NULL when out of parameters.
  */
 
-struct parm_struct *lp_next_parameter(struct loadparm_context *lp_ctx, int snum, int *i, 
-                                     int allparameters)
+
+struct parm_struct *lpcfg_next_parameter(struct loadparm_context *lp_ctx, int snum, int *i,
+                                        int allparameters)
 {
        if (snum == -1) {
                /* do the globals */
@@ -2171,7 +2257,7 @@ struct parm_struct *lp_next_parameter(struct loadparm_context *lp_ctx, int snum,
                struct loadparm_service *pService = lp_ctx->services[snum];
 
                for (; parm_table[*i].label; (*i)++) {
-                       if (parm_table[*i].class == P_LOCAL &&
+                       if (parm_table[*i].pclass == P_LOCAL &&
                            parm_table[*i].offset != -1 &&
                            (*parm_table[*i].label != '-') &&
                            ((*i) == 0 ||
@@ -2182,7 +2268,7 @@ struct parm_struct *lp_next_parameter(struct loadparm_context *lp_ctx, int snum,
                                    !equal_parameter(parm_table[*i].type,
                                                     ((char *)pService) +
                                                     parm_table[*i].offset,
-                                                    ((char *)&sDefault) +
+                                                    ((char *)lp_ctx->sDefault) +
                                                     parm_table[*i].offset))
                                {
                                        return &parm_table[(*i)++];
@@ -2198,8 +2284,8 @@ struct parm_struct *lp_next_parameter(struct loadparm_context *lp_ctx, int snum,
 /**
  * Auto-load some home services.
  */
-static void lp_add_auto_services(struct loadparm_context *lp_ctx, 
-                                const char *str)
+static void lpcfg_add_auto_services(struct loadparm_context *lp_ctx,
+                                   const char *str)
 {
        return;
 }
@@ -2209,8 +2295,8 @@ static void lp_add_auto_services(struct loadparm_context *lp_ctx,
  * Unload unused services.
  */
 
-void lp_killunused(struct loadparm_context *lp_ctx, 
-                  struct smbsrv_connection *smb, 
+void lpcfg_killunused(struct loadparm_context *lp_ctx,
+                  struct smbsrv_connection *smb,
                   bool (*snumused) (struct smbsrv_connection *, int))
 {
        int i;
@@ -2226,15 +2312,22 @@ void lp_killunused(struct loadparm_context *lp_ctx,
 }
 
 
-static int lp_destructor(struct loadparm_context *lp_ctx)
+static int lpcfg_destructor(struct loadparm_context *lp_ctx)
 {
-       struct param_opt *data;
+       struct parmlist_entry *data;
+
+       if (lp_ctx->refuse_free) {
+               /* someone is trying to free the
+                  global_loadparm_context.
+                  We can't allow that. */
+               return -1;
+       }
 
        if (lp_ctx->globals->param_opt != NULL) {
-               struct param_opt *next;
+               struct parmlist_entry *next;
                for (data = lp_ctx->globals->param_opt; data; data=next) {
                        next = data->next;
-                       if (data->flags & FLAG_CMDLINE) continue;
+                       if (data->priority & FLAG_CMDLINE) continue;
                        DLIST_REMOVE(lp_ctx->globals->param_opt, data);
                        talloc_free(data);
                }
@@ -2245,20 +2338,37 @@ static int lp_destructor(struct loadparm_context *lp_ctx)
 
 /**
  * Initialise the global parameter structure.
+ *
+ * Note that most callers should use loadparm_init_global() instead
  */
 struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 {
        int i;
        char *myname;
        struct loadparm_context *lp_ctx;
+       struct parmlist_entry *parm;
+       char *logfile;
 
        lp_ctx = talloc_zero(mem_ctx, struct loadparm_context);
        if (lp_ctx == NULL)
                return NULL;
 
-       talloc_set_destructor(lp_ctx, lp_destructor);
+       talloc_set_destructor(lp_ctx, lpcfg_destructor);
        lp_ctx->bInGlobalSection = true;
        lp_ctx->globals = talloc_zero(lp_ctx, struct loadparm_global);
+       lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
+
+       lp_ctx->sDefault->iMaxPrintJobs = 1000;
+       lp_ctx->sDefault->bAvailable = true;
+       lp_ctx->sDefault->bBrowseable = true;
+       lp_ctx->sDefault->bRead_only = true;
+       lp_ctx->sDefault->bMap_archive = true;
+       lp_ctx->sDefault->bStrictLocking = true;
+       lp_ctx->sDefault->bOplocks = true;
+       lp_ctx->sDefault->iCreate_mask = 0744;
+       lp_ctx->sDefault->iCreate_force_mode = 0000;
+       lp_ctx->sDefault->iDir_mask = 0755;
+       lp_ctx->sDefault->iDir_force_mode = 0000;
 
        DEBUG(3, ("Initialising global parameters\n"));
 
@@ -2268,8 +2378,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
                    parm_table[i].offset != -1 &&
                    !(lp_ctx->flags[i] & FLAG_CMDLINE)) {
                        char **r;
-                       if (parm_table[i].class == P_LOCAL) {
-                               r = (char **)(((char *)&sDefault) + parm_table[i].offset);
+                       if (parm_table[i].pclass == P_LOCAL) {
+                               r = (char **)(((char *)lp_ctx->sDefault) + parm_table[i].offset);
                        } else {
                                r = (char **)(((char *)lp_ctx->globals) + parm_table[i].offset);
                        }
@@ -2277,135 +2387,153 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
                }
        }
 
-       lp_do_global_parameter(lp_ctx, "share backend", "classic");
-       
-       lp_do_global_parameter(lp_ctx, "server role", "standalone");
+       logfile = talloc_asprintf(lp_ctx, "%s/log.samba", dyn_LOGFILEBASE);
+       lpcfg_do_global_parameter(lp_ctx, "log file", logfile);
+       talloc_free(logfile);
+
+       lpcfg_do_global_parameter(lp_ctx, "log level", "0");
+
+       lpcfg_do_global_parameter(lp_ctx, "share backend", "classic");
+
+       lpcfg_do_global_parameter(lp_ctx, "share backend", "classic");
+
+       lpcfg_do_global_parameter(lp_ctx, "server role", "standalone");
 
        /* options that can be set on the command line must be initialised via
-          the slower lp_do_global_parameter() to ensure that FLAG_CMDLINE is obeyed */
+          the slower lpcfg_do_global_parameter() to ensure that FLAG_CMDLINE is obeyed */
 #ifdef TCP_NODELAY
-       lp_do_global_parameter(lp_ctx, "socket options", "TCP_NODELAY");
+       lpcfg_do_global_parameter(lp_ctx, "socket options", "TCP_NODELAY");
 #endif
-       lp_do_global_parameter(lp_ctx, "workgroup", DEFAULT_WORKGROUP);
-       myname = get_myname();
-       lp_do_global_parameter(lp_ctx, "netbios name", myname);
-       SAFE_FREE(myname);
-       lp_do_global_parameter(lp_ctx, "name resolve order", "wins host bcast");
-
-       lp_do_global_parameter(lp_ctx, "fstype", FSTYPE_STRING);
-       lp_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
-       lp_do_global_parameter(lp_ctx, "max connections", "-1");
-
-       lp_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup unixinfo");
-       lp_do_global_parameter(lp_ctx, "server services", "smb rpc nbt wrepl ldap cldap web kdc drepl winbind");
-       lp_do_global_parameter(lp_ctx, "ntptr providor", "simple_ldb");
-       lp_do_global_parameter(lp_ctx, "auth methods:domain controller", "anonymous sam_ignoredomain");
-       lp_do_global_parameter(lp_ctx, "auth methods:member server", "anonymous sam winbind");
-       lp_do_global_parameter(lp_ctx, "auth methods:standalone", "anonymous sam_ignoredomain");
-       lp_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
-       lp_do_global_parameter(lp_ctx, "sam database", "sam.ldb");
-       lp_do_global_parameter(lp_ctx, "secrets database", "secrets.ldb");
-       lp_do_global_parameter(lp_ctx, "spoolss database", "spoolss.ldb");
-       lp_do_global_parameter(lp_ctx, "wins config database", "wins_config.ldb");
-       lp_do_global_parameter(lp_ctx, "wins database", "wins.ldb");
-       lp_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
+       lpcfg_do_global_parameter(lp_ctx, "workgroup", DEFAULT_WORKGROUP);
+       myname = get_myname(lp_ctx);
+       lpcfg_do_global_parameter(lp_ctx, "netbios name", myname);
+       talloc_free(myname);
+       lpcfg_do_global_parameter(lp_ctx, "name resolve order", "wins host bcast");
+
+       lpcfg_do_global_parameter(lp_ctx, "fstype", "NTFS");
+
+       lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
+       lpcfg_do_global_parameter(lp_ctx, "max connections", "-1");
+
+       lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup unixinfo browser eventlog6 backupkey");
+       lpcfg_do_global_parameter(lp_ctx, "server services", "smb rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate web");
+       lpcfg_do_global_parameter(lp_ctx, "ntptr providor", "simple_ldb");
+       /* the winbind method for domain controllers is for both RODC
+          auth forwarding and for trusted domains */
+       lpcfg_do_global_parameter(lp_ctx, "auth methods:domain controller", "anonymous sam_ignoredomain winbind");
+       lpcfg_do_global_parameter(lp_ctx, "auth methods:member server", "anonymous sam winbind");
+       lpcfg_do_global_parameter(lp_ctx, "auth methods:standalone", "anonymous sam_ignoredomain");
+       lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
+       lpcfg_do_global_parameter(lp_ctx, "sam database", "sam.ldb");
+       lpcfg_do_global_parameter(lp_ctx, "idmap database", "idmap.ldb");
+       lpcfg_do_global_parameter(lp_ctx, "secrets database", "secrets.ldb");
+       lpcfg_do_global_parameter(lp_ctx, "spoolss database", "spoolss.ldb");
+       lpcfg_do_global_parameter(lp_ctx, "wins config database", "wins_config.ldb");
+       lpcfg_do_global_parameter(lp_ctx, "wins database", "wins.ldb");
+       lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
 
        /* This hive should be dynamically generated by Samba using
           data from the sam, but for the moment leave it in a tdb to
           keep regedt32 from popping up an annoying dialog. */
-       lp_do_global_parameter(lp_ctx, "registry:HKEY_USERS", "hku.ldb");
-       
+       lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_USERS", "hku.ldb");
+
        /* using UTF8 by default allows us to support all chars */
-       lp_do_global_parameter(lp_ctx, "unix charset", "UTF8");
+       lpcfg_do_global_parameter(lp_ctx, "unix charset", "UTF8");
 
        /* Use codepage 850 as a default for the dos character set */
-       lp_do_global_parameter(lp_ctx, "dos charset", "CP850");
+       lpcfg_do_global_parameter(lp_ctx, "dos charset", "CP850");
 
        /*
         * Allow the default PASSWD_CHAT to be overridden in local.h.
         */
-       lp_do_global_parameter(lp_ctx, "passwd chat", DEFAULT_PASSWD_CHAT);
+       lpcfg_do_global_parameter(lp_ctx, "passwd chat", DEFAULT_PASSWD_CHAT);
 
-       lp_do_global_parameter(lp_ctx, "pid directory", dyn_PIDDIR);
-       lp_do_global_parameter(lp_ctx, "lock dir", dyn_LOCKDIR);
-       lp_do_global_parameter(lp_ctx, "modules dir", dyn_MODULESDIR);
-       lp_do_global_parameter(lp_ctx, "ncalrpc dir", dyn_NCALRPCDIR);
+       lpcfg_do_global_parameter(lp_ctx, "pid directory", dyn_PIDDIR);
+       lpcfg_do_global_parameter(lp_ctx, "lock dir", dyn_LOCKDIR);
+       lpcfg_do_global_parameter(lp_ctx, "modules dir", dyn_MODULESDIR);
+       lpcfg_do_global_parameter(lp_ctx, "ncalrpc dir", dyn_NCALRPCDIR);
 
-       lp_do_global_parameter(lp_ctx, "socket address", "0.0.0.0");
-       lp_do_global_parameter_var(lp_ctx, "server string", 
+       lpcfg_do_global_parameter(lp_ctx, "socket address", "0.0.0.0");
+       lpcfg_do_global_parameter_var(lp_ctx, "server string",
                                   "Samba %s", SAMBA_VERSION_STRING);
 
-       lp_do_global_parameter_var(lp_ctx, "announce version", "%d.%d", 
+       lpcfg_do_global_parameter_var(lp_ctx, "announce version", "%d.%d",
                         DEFAULT_MAJOR_VERSION,
                         DEFAULT_MINOR_VERSION);
 
-       lp_do_global_parameter(lp_ctx, "password server", "*");
-
-       lp_do_global_parameter(lp_ctx, "max mux", "50");
-       lp_do_global_parameter(lp_ctx, "max xmit", "12288");
-       lp_do_global_parameter(lp_ctx, "password level", "0");
-       lp_do_global_parameter(lp_ctx, "LargeReadwrite", "True");
-       lp_do_global_parameter(lp_ctx, "server min protocol", "CORE");
-       lp_do_global_parameter(lp_ctx, "server max protocol", "NT1");
-       lp_do_global_parameter(lp_ctx, "client min protocol", "CORE");
-       lp_do_global_parameter(lp_ctx, "client max protocol", "NT1");
-       lp_do_global_parameter(lp_ctx, "security", "USER");
-       lp_do_global_parameter(lp_ctx, "paranoid server security", "True");
-       lp_do_global_parameter(lp_ctx, "EncryptPasswords", "True");
-       lp_do_global_parameter(lp_ctx, "ReadRaw", "True");
-       lp_do_global_parameter(lp_ctx, "WriteRaw", "True");
-       lp_do_global_parameter(lp_ctx, "NullPasswords", "False");
-       lp_do_global_parameter(lp_ctx, "ObeyPamRestrictions", "False");
-       lp_do_global_parameter(lp_ctx, "announce as", "NT SERVER");
-
-       lp_do_global_parameter(lp_ctx, "TimeServer", "False");
-       lp_do_global_parameter(lp_ctx, "BindInterfacesOnly", "False");
-       lp_do_global_parameter(lp_ctx, "Unicode", "True");
-       lp_do_global_parameter(lp_ctx, "ClientLanManAuth", "True");
-       lp_do_global_parameter(lp_ctx, "LanmanAuth", "True");
-       lp_do_global_parameter(lp_ctx, "NTLMAuth", "True");
-       lp_do_global_parameter(lp_ctx, "client use spnego principal", "False");
-       
-       lp_do_global_parameter(lp_ctx, "UnixExtensions", "False");
-
-       lp_do_global_parameter(lp_ctx, "PreferredMaster", "Auto");
-       lp_do_global_parameter(lp_ctx, "LocalMaster", "True");
-
-       lp_do_global_parameter(lp_ctx, "wins support", "False");
-       lp_do_global_parameter(lp_ctx, "dns proxy", "True");
-
-       lp_do_global_parameter(lp_ctx, "winbind separator", "\\");
-       lp_do_global_parameter(lp_ctx, "winbind sealed pipes", "True");
-       lp_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR);
-       lp_do_global_parameter(lp_ctx, "template shell", "/bin/false");
-       lp_do_global_parameter(lp_ctx, "template homedir", "/home/%WORKGROUP%/%ACCOUNTNAME%");
-
-       lp_do_global_parameter(lp_ctx, "client signing", "Yes");
-       lp_do_global_parameter(lp_ctx, "server signing", "auto");
-
-       lp_do_global_parameter(lp_ctx, "use spnego", "True");
-
-       lp_do_global_parameter(lp_ctx, "smb ports", "445 139");
-       lp_do_global_parameter(lp_ctx, "nbt port", "137");
-       lp_do_global_parameter(lp_ctx, "dgram port", "138");
-       lp_do_global_parameter(lp_ctx, "cldap port", "389");
-       lp_do_global_parameter(lp_ctx, "krb5 port", "88");
-       lp_do_global_parameter(lp_ctx, "kpasswd port", "464");
-       lp_do_global_parameter(lp_ctx, "web port", "901");
-       lp_do_global_parameter(lp_ctx, "swat directory", dyn_SWATDIR);
-
-       lp_do_global_parameter(lp_ctx, "nt status support", "True");
-
-       lp_do_global_parameter(lp_ctx, "max wins ttl", "518400"); /* 6 days */
-       lp_do_global_parameter(lp_ctx, "min wins ttl", "10");
-
-       lp_do_global_parameter(lp_ctx, "tls enabled", "True");
-       lp_do_global_parameter(lp_ctx, "tls keyfile", "tls/key.pem");
-       lp_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
-       lp_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
-       lp_do_global_parameter_var(lp_ctx, "js include", "%s", dyn_JSDIR);
-       lp_do_global_parameter_var(lp_ctx, "setup directory", "%s", 
-                                  dyn_SETUPDIR);
+       lpcfg_do_global_parameter(lp_ctx, "password server", "*");
+
+       lpcfg_do_global_parameter(lp_ctx, "max mux", "50");
+       lpcfg_do_global_parameter(lp_ctx, "max xmit", "12288");
+       lpcfg_do_global_parameter(lp_ctx, "password level", "0");
+       lpcfg_do_global_parameter(lp_ctx, "LargeReadwrite", "True");
+       lpcfg_do_global_parameter(lp_ctx, "server min protocol", "CORE");
+       lpcfg_do_global_parameter(lp_ctx, "server max protocol", "NT1");
+       lpcfg_do_global_parameter(lp_ctx, "client min protocol", "CORE");
+       lpcfg_do_global_parameter(lp_ctx, "client max protocol", "NT1");
+       lpcfg_do_global_parameter(lp_ctx, "security", "USER");
+       lpcfg_do_global_parameter(lp_ctx, "paranoid server security", "True");
+       lpcfg_do_global_parameter(lp_ctx, "EncryptPasswords", "True");
+       lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True");
+       lpcfg_do_global_parameter(lp_ctx, "WriteRaw", "True");
+       lpcfg_do_global_parameter(lp_ctx, "NullPasswords", "False");
+       lpcfg_do_global_parameter(lp_ctx, "ObeyPamRestrictions", "False");
+       lpcfg_do_global_parameter(lp_ctx, "announce as", "NT SERVER");
+
+       lpcfg_do_global_parameter(lp_ctx, "TimeServer", "False");
+       lpcfg_do_global_parameter(lp_ctx, "BindInterfacesOnly", "False");
+       lpcfg_do_global_parameter(lp_ctx, "Unicode", "True");
+       lpcfg_do_global_parameter(lp_ctx, "ClientLanManAuth", "False");
+       lpcfg_do_global_parameter(lp_ctx, "ClientNTLMv2Auth", "True");
+       lpcfg_do_global_parameter(lp_ctx, "LanmanAuth", "False");
+       lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "True");
+       lpcfg_do_global_parameter(lp_ctx, "client use spnego principal", "False");
+
+       lpcfg_do_global_parameter(lp_ctx, "UnixExtensions", "False");
+
+       lpcfg_do_global_parameter(lp_ctx, "PreferredMaster", "Auto");
+       lpcfg_do_global_parameter(lp_ctx, "LocalMaster", "True");
+
+       lpcfg_do_global_parameter(lp_ctx, "wins support", "False");
+       lpcfg_do_global_parameter(lp_ctx, "dns proxy", "True");
+
+       lpcfg_do_global_parameter(lp_ctx, "winbind separator", "\\");
+       lpcfg_do_global_parameter(lp_ctx, "winbind sealed pipes", "True");
+       lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR);
+       lpcfg_do_global_parameter(lp_ctx, "winbindd privileged socket directory", dyn_WINBINDD_PRIVILEGED_SOCKET_DIR);
+       lpcfg_do_global_parameter(lp_ctx, "template shell", "/bin/false");
+       lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%WORKGROUP%/%ACCOUNTNAME%");
+       lpcfg_do_global_parameter(lp_ctx, "idmap trusted only", "False");
+
+       lpcfg_do_global_parameter(lp_ctx, "client signing", "Yes");
+       lpcfg_do_global_parameter(lp_ctx, "server signing", "auto");
+
+       lpcfg_do_global_parameter(lp_ctx, "use spnego", "True");
+
+       lpcfg_do_global_parameter(lp_ctx, "smb ports", "445 139");
+       lpcfg_do_global_parameter(lp_ctx, "nbt port", "137");
+       lpcfg_do_global_parameter(lp_ctx, "dgram port", "138");
+       lpcfg_do_global_parameter(lp_ctx, "cldap port", "389");
+       lpcfg_do_global_parameter(lp_ctx, "krb5 port", "88");
+       lpcfg_do_global_parameter(lp_ctx, "kpasswd port", "464");
+       lpcfg_do_global_parameter(lp_ctx, "web port", "901");
+
+       lpcfg_do_global_parameter(lp_ctx, "nt status support", "True");
+
+       lpcfg_do_global_parameter(lp_ctx, "max wins ttl", "518400"); /* 6 days */
+       lpcfg_do_global_parameter(lp_ctx, "min wins ttl", "10");
+
+       lpcfg_do_global_parameter(lp_ctx, "tls enabled", "True");
+       lpcfg_do_global_parameter(lp_ctx, "tls keyfile", "tls/key.pem");
+       lpcfg_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
+       lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
+       lpcfg_do_global_parameter(lp_ctx, "prefork children:smb", "4");
+
+       lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR);
+       lpcfg_do_global_parameter(lp_ctx, "rndc command", "/usr/sbin/rndc");
+       lpcfg_do_global_parameter_var(lp_ctx, "dns update command", "%s/samba_dnsupdate", dyn_SCRIPTSBINDIR);
+       lpcfg_do_global_parameter_var(lp_ctx, "spn update command", "%s/samba_spnupdate", dyn_SCRIPTSBINDIR);
+       lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g");
 
        for (i = 0; parm_table[i].label; i++) {
                if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
@@ -2413,20 +2541,109 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
                }
        }
 
+       for (parm=lp_ctx->globals->param_opt; parm; parm=parm->next) {
+               if (!(parm->priority & FLAG_CMDLINE)) {
+                       parm->priority |= FLAG_DEFAULT;
+               }
+       }
+
        return lp_ctx;
 }
 
-const char *lp_configfile(struct loadparm_context *lp_ctx)
+/**
+ * Initialise the global parameter structure.
+ */
+struct loadparm_context *loadparm_init_global(bool load_default)
+{
+       if (global_loadparm_context == NULL) {
+               global_loadparm_context = loadparm_init(NULL);
+       }
+       if (global_loadparm_context == NULL) {
+               return NULL;
+       }
+       if (load_default && !global_loadparm_context->loaded) {
+               lpcfg_load_default(global_loadparm_context);
+       }
+       global_loadparm_context->refuse_free = true;
+       return global_loadparm_context;
+}
+
+const char *lpcfg_configfile(struct loadparm_context *lp_ctx)
 {
        return lp_ctx->szConfigFile;
 }
 
+const char *lp_default_path(void)
+{
+    if (getenv("SMB_CONF_PATH"))
+        return getenv("SMB_CONF_PATH");
+    else
+        return dyn_CONFIGFILE;
+}
+
+/**
+ * Update the internal state of a loadparm context after settings 
+ * have changed.
+ */
+static bool lpcfg_update(struct loadparm_context *lp_ctx)
+{
+       struct debug_settings settings;
+       lpcfg_add_auto_services(lp_ctx, lpcfg_auto_services(lp_ctx));
+
+       if (!lp_ctx->globals->szWINSservers && lp_ctx->globals->bWINSsupport) {
+               lpcfg_do_global_parameter(lp_ctx, "wins server", "127.0.0.1");
+       }
+
+       panic_action = lp_ctx->globals->panic_action;
+
+       reload_charcnv(lp_ctx);
+
+       ZERO_STRUCT(settings);
+       /* Add any more debug-related smb.conf parameters created in
+        * future here */
+       settings.timestamp_logs = true;
+       debug_set_settings(&settings);
+
+       /* FIXME: ntstatus_check_dos_mapping = lpcfg_nt_status_support(lp_ctx); */
+
+       /* FIXME: This is a bit of a hack, but we can't use a global, since 
+        * not everything that uses lp also uses the socket library */
+       if (lpcfg_parm_bool(lp_ctx, NULL, "socket", "testnonblock", false)) {
+               setenv("SOCKET_TESTNONBLOCK", "1", 1);
+       } else {
+               unsetenv("SOCKET_TESTNONBLOCK");
+       }
+
+       /* FIXME: Check locale in environment for this: */
+       if (strcmp(lpcfg_display_charset(lp_ctx), lpcfg_unix_charset(lp_ctx)) != 0)
+               d_set_iconv(smb_iconv_open(lpcfg_display_charset(lp_ctx), lpcfg_unix_charset(lp_ctx)));
+       else
+               d_set_iconv((smb_iconv_t)-1);
+
+       return true;
+}
+
+bool lpcfg_load_default(struct loadparm_context *lp_ctx)
+{
+    const char *path;
+
+    path = lp_default_path();
+
+    if (!file_exist(path)) {
+           /* We allow the default smb.conf file to not exist, 
+            * basically the equivalent of an empty file. */
+           return lpcfg_update(lp_ctx);
+    }
+
+    return lpcfg_load(lp_ctx, path);
+}
+
 /**
- * Load the services array from the services file. 
+ * Load the services array from the services file.
  *
  * Return True on success, False on failure.
  */
-bool lp_load(struct loadparm_context *lp_ctx, const char *filename)
+bool lpcfg_load(struct loadparm_context *lp_ctx, const char *filename)
 {
        char *n2;
        bool bRetval;
@@ -2434,11 +2651,11 @@ bool lp_load(struct loadparm_context *lp_ctx, const char *filename)
        filename = talloc_strdup(lp_ctx, filename);
 
        lp_ctx->szConfigFile = filename;
-       
+
        lp_ctx->bInGlobalSection = true;
        n2 = standard_sub_basic(lp_ctx, lp_ctx->szConfigFile);
-       DEBUG(2, ("lp_load: refreshing parameters from %s\n", n2));
-       
+       DEBUG(2, ("lpcfg_load: refreshing parameters from %s\n", n2));
+
        add_to_file_list(lp_ctx, lp_ctx->szConfigFile, n2);
 
        /* We get sections first, so have to start 'behind' to make up */
@@ -2451,24 +2668,22 @@ bool lp_load(struct loadparm_context *lp_ctx, const char *filename)
                if (lp_ctx->currentService != NULL)
                        bRetval = service_ok(lp_ctx->currentService);
 
-       lp_add_auto_services(lp_ctx, lp_auto_services(lp_ctx));
-
-       lp_add_hidden(lp_ctx, "IPC$", "IPC");
-       lp_add_hidden(lp_ctx, "ADMIN$", "DISK");
-
-       if (!lp_ctx->globals->szWINSservers && lp_ctx->globals->bWINSsupport) {
-               lp_do_global_parameter(lp_ctx, "wins server", "127.0.0.1");
-       }
-
-       panic_action = lp_ctx->globals->panic_action;
+       bRetval = bRetval && lpcfg_update(lp_ctx);
 
+       /* we do this unconditionally, so that it happens even
+          for a missing smb.conf */
        reload_charcnv(lp_ctx);
 
-       /* FIXME: Check locale in environment for this: */
-       if (strcmp(lp_display_charset(lp_ctx), lp_unix_charset(lp_ctx)) != 0)
-               d_set_iconv(smb_iconv_open(lp_display_charset(lp_ctx), lp_unix_charset(lp_ctx)));
-       else
-               d_set_iconv((smb_iconv_t)-1);
+       if (bRetval == true) {
+               /* set this up so that any child python tasks will
+                  find the right smb.conf */
+               setenv("SMB_CONF_PATH", filename, 1);
+
+               /* set the context used by the lp_*() function
+                  varients */
+               global_loadparm_context = lp_ctx;
+               lp_ctx->loaded = true;
+       }
 
        return bRetval;
 }
@@ -2477,7 +2692,7 @@ bool lp_load(struct loadparm_context *lp_ctx, const char *filename)
  * Return the max number of services.
  */
 
-int lp_numservices(struct loadparm_context *lp_ctx)
+int lpcfg_numservices(struct loadparm_context *lp_ctx)
 {
        return lp_ctx->iNumServices;
 }
@@ -2486,48 +2701,47 @@ int lp_numservices(struct loadparm_context *lp_ctx)
  * Display the contents of the services array in human-readable form.
  */
 
-void lp_dump(struct loadparm_context *lp_ctx, FILE *f, bool show_defaults, 
+void lpcfg_dump(struct loadparm_context *lp_ctx, FILE *f, bool show_defaults,
             int maxtoprint)
 {
        int iService;
 
-       if (show_defaults)
-               defaults_saved = false;
+       defaults_saved = !show_defaults;
 
        dump_globals(lp_ctx, f, show_defaults);
 
-       dump_a_service(&sDefault, f);
+       dump_a_service(lp_ctx->sDefault, lp_ctx->sDefault, f, lp_ctx->flags);
 
        for (iService = 0; iService < maxtoprint; iService++)
-               lp_dump_one(f, show_defaults, lp_ctx->services[iService]);
+               lpcfg_dump_one(f, show_defaults, lp_ctx->services[iService], lp_ctx->sDefault);
 }
 
 /**
  * Display the contents of one service in human-readable form.
  */
-void lp_dump_one(FILE *f, bool show_defaults, struct loadparm_service *service)
+void lpcfg_dump_one(FILE *f, bool show_defaults, struct loadparm_service *service, struct loadparm_service *sDefault)
 {
        if (service != NULL) {
                if (service->szService[0] == '\0')
                        return;
-               dump_a_service(service, f);
+               dump_a_service(service, sDefault, f, NULL);
        }
 }
 
-struct loadparm_service *lp_servicebynum(struct loadparm_context *lp_ctx,
+struct loadparm_service *lpcfg_servicebynum(struct loadparm_context *lp_ctx,
                                         int snum)
 {
        return lp_ctx->services[snum];
 }
 
-struct loadparm_service *lp_service(struct loadparm_context *lp_ctx, 
+struct loadparm_service *lpcfg_service(struct loadparm_context *lp_ctx,
                                    const char *service_name)
 {
        int iService;
         char *serviceName;
 
        for (iService = lp_ctx->iNumServices - 1; iService >= 0; iService--) {
-               if (lp_ctx->services[iService] && 
+               if (lp_ctx->services[iService] &&
                    lp_ctx->services[iService]->szService) {
                        /*
                         * The substitution here is used to support %U is
@@ -2536,36 +2750,46 @@ struct loadparm_service *lp_service(struct loadparm_context *lp_ctx,
                        serviceName = standard_sub_basic(
                                        lp_ctx->services[iService],
                                        lp_ctx->services[iService]->szService);
-                       if (strequal(serviceName, service_name))
+                       if (strequal(serviceName, service_name)) {
+                               talloc_free(serviceName);
                                return lp_ctx->services[iService];
+                       }
+                       talloc_free(serviceName);
                }
        }
 
-       DEBUG(7,("lp_servicenumber: couldn't find %s\n", service_name));
+       DEBUG(7,("lpcfg_servicenumber: couldn't find %s\n", service_name));
        return NULL;
 }
 
+const char *lpcfg_servicename(const struct loadparm_service *service)
+{
+       return lp_string((const char *)service->szService);
+}
 
 /**
- * A useful volume label function. 
+ * A useful volume label function.
  */
-const char *volume_label(struct loadparm_service *service)
+const char *lpcfg_volume_label(struct loadparm_service *service, struct loadparm_service *sDefault)
 {
-       const char *ret = lp_volume(service);
+       const char *ret;
+       ret = lp_string((const char *)((service != NULL && service->volume != NULL) ?
+                                      service->volume : sDefault->volume));
        if (!*ret)
-               return lp_servicename(service);
+               return lpcfg_servicename(service);
        return ret;
 }
 
-
 /**
  * If we are PDC then prefer us as DMB
  */
-const char *lp_printername(struct loadparm_service *service)
+const char *lpcfg_printername(struct loadparm_service *service, struct loadparm_service *sDefault)
 {
-       const char *ret = _lp_printername(service);
+       const char *ret;
+       ret = lp_string((const char *)((service != NULL && service->szPrintername != NULL) ?
+                                      service->szPrintername : sDefault->szPrintername));
        if (ret == NULL || (ret != NULL && *ret == '\0'))
-               ret = lp_const_servicename(service);
+               ret = lpcfg_servicename(service);
 
        return ret;
 }
@@ -2574,29 +2798,101 @@ const char *lp_printername(struct loadparm_service *service)
 /**
  * Return the max print jobs per queue.
  */
-int lp_maxprintjobs(struct loadparm_service *service)
+int lpcfg_maxprintjobs(struct loadparm_service *service, struct loadparm_service *sDefault)
 {
-       int maxjobs = (service != NULL) ? service->iMaxPrintJobs : sDefault.iMaxPrintJobs;
+       int maxjobs = (service != NULL) ? service->iMaxPrintJobs : sDefault->iMaxPrintJobs;
        if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
                maxjobs = PRINT_MAX_JOBID - 1;
 
        return maxjobs;
 }
 
-struct smb_iconv_convenience *lp_iconv_convenience(struct loadparm_context *lp_ctx)
+struct smb_iconv_handle *lpcfg_iconv_handle(struct loadparm_context *lp_ctx)
 {
        if (lp_ctx == NULL) {
-               static struct smb_iconv_convenience *fallback_ic = NULL;
-               if (fallback_ic == NULL)
-                       fallback_ic = smb_iconv_convenience_init(talloc_autofree_context(), 
-                                                 "CP850", "UTF8", true);
-               return fallback_ic;
+               return get_iconv_handle();
        }
-       return lp_ctx->iconv_convenience;
+       return lp_ctx->iconv_handle;
 }
 
 _PUBLIC_ void reload_charcnv(struct loadparm_context *lp_ctx)
 {
-       talloc_free(lp_ctx->iconv_convenience);
-       lp_ctx->iconv_convenience = smb_iconv_convenience_init_lp(lp_ctx, lp_ctx);
+       struct smb_iconv_handle *old_ic = lp_ctx->iconv_handle;
+       if (old_ic == NULL) {
+               old_ic = global_iconv_handle;
+       }
+       lp_ctx->iconv_handle = smb_iconv_handle_reinit_lp(lp_ctx, lp_ctx, old_ic);
+       global_iconv_handle = lp_ctx->iconv_handle;
+}
+
+void lpcfg_smbcli_options(struct loadparm_context *lp_ctx,
+                        struct smbcli_options *options)
+{
+       options->max_xmit = lpcfg_max_xmit(lp_ctx);
+       options->max_mux = lpcfg_maxmux(lp_ctx);
+       options->use_spnego = lpcfg_nt_status_support(lp_ctx) && lpcfg_use_spnego(lp_ctx);
+       options->signing = lpcfg_client_signing(lp_ctx);
+       options->request_timeout = SMB_REQUEST_TIMEOUT;
+       options->ntstatus_support = lpcfg_nt_status_support(lp_ctx);
+       options->max_protocol = lpcfg_cli_maxprotocol(lp_ctx);
+       options->unicode = lpcfg_unicode(lp_ctx);
+       options->use_oplocks = true;
+       options->use_level2_oplocks = true;
 }
+
+void lpcfg_smbcli_session_options(struct loadparm_context *lp_ctx,
+                                struct smbcli_session_options *options)
+{
+       options->lanman_auth = lpcfg_client_lanman_auth(lp_ctx);
+       options->ntlmv2_auth = lpcfg_client_ntlmv2_auth(lp_ctx);
+       options->plaintext_auth = lpcfg_client_plaintext_auth(lp_ctx);
+}
+
+_PUBLIC_ char *lpcfg_tls_keyfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+       return lpcfg_private_path(mem_ctx, lp_ctx, lp_ctx->globals->tls_keyfile);
+}
+
+_PUBLIC_ char *lpcfg_tls_certfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+       return lpcfg_private_path(mem_ctx, lp_ctx, lp_ctx->globals->tls_certfile);
+}
+
+_PUBLIC_ char *lpcfg_tls_cafile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+       return lpcfg_private_path(mem_ctx, lp_ctx, lp_ctx->globals->tls_cafile);
+}
+
+_PUBLIC_ char *lpcfg_tls_crlfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+       return lpcfg_private_path(mem_ctx, lp_ctx, lp_ctx->globals->tls_crlfile);
+}
+
+_PUBLIC_ char *lpcfg_tls_dhpfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+       return lpcfg_private_path(mem_ctx, lp_ctx, lp_ctx->globals->tls_dhpfile);
+}
+
+_PUBLIC_ struct dcerpc_server_info *lpcfg_dcerpc_server_info(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+       struct dcerpc_server_info *ret = talloc_zero(mem_ctx, struct dcerpc_server_info);
+
+       ret->domain_name = talloc_reference(mem_ctx, lpcfg_workgroup(lp_ctx));
+       ret->version_major = lpcfg_parm_int(lp_ctx, NULL, "server_info", "version_major", 5);
+       ret->version_minor = lpcfg_parm_int(lp_ctx, NULL, "server_info", "version_minor", 2);
+       ret->version_build = lpcfg_parm_int(lp_ctx, NULL, "server_info", "version_build", 3790);
+
+       return ret;
+}
+
+struct gensec_settings *lpcfg_gensec_settings(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+       struct gensec_settings *settings = talloc(mem_ctx, struct gensec_settings);
+       if (settings == NULL)
+               return NULL;
+       SMB_ASSERT(lp_ctx != NULL);
+       settings->lp_ctx = talloc_reference(settings, lp_ctx);
+       settings->target_hostname = lpcfg_parm_string(lp_ctx, NULL, "gensec", "target_hostname");
+       return settings;
+}
+