#include "includes.h"
#include "version.h"
-#include "dynconfig.h"
+#include "dynconfig/dynconfig.h"
#include "system/time.h"
#include "system/locale.h"
#include "system/network.h" /* needed for TCP_NODELAY */
#include "smb_server/smb_server.h"
#include "libcli/raw/signing.h"
-#include "lib/util/dlinklist.h"
+#include "../lib/util/dlinklist.h"
#include "param/param.h"
#include "param/loadparm.h"
#include "libcli/raw/libcliraw.h"
+#include "rpc_server/common/common.h"
+#include "lib/socket/socket.h"
+#include "auth/gensec/gensec.h"
#define standard_sub_basic talloc_strdup
char *szWINS_CONFIG_URL;
char *szWINS_URL;
char *szPrivateDir;
- const char **jsInclude;
- char *jsonrpcServicesDir;
const char **szPasswordServers;
char *szSocketOptions;
char *szRealm;
const char **server_services;
char *ntptr_providor;
char *szWinbindSeparator;
+ char *szWinbinddPrivilegedSocketDirectory;
char *szWinbinddSocketDirectory;
char *szTemplateShell;
char *szTemplateHomedir;
int bUnixExtensions;
int bDisableNetbios;
int bRpcBigEndian;
+ char *szNTPSignDSocketDirectory;
struct param_opt *param_opt;
};
int bMap_hidden;
int bMap_archive;
int bStrictLocking;
+ int bOplocks;
int iCreate_mask;
int iCreate_force_mode;
int iDir_mask;
};
-struct loadparm_context *global_loadparm = NULL;
-
#define NUMPARAMETERS (sizeof(parm_table) / sizeof(struct parm_struct))
static const struct enum_list enum_server_role[] = {
{ROLE_STANDALONE, "standalone"},
{ROLE_DOMAIN_MEMBER, "member server"},
+ {ROLE_DOMAIN_MEMBER, "member"},
{ROLE_DOMAIN_CONTROLLER, "domain controller"},
+ {ROLE_DOMAIN_CONTROLLER, "dc"},
{-1, NULL}
};
{"csc policy", P_ENUM, P_LOCAL, LOCAL_VAR(iCSCPolicy), NULL, enum_csc_policy},
{"strict locking", P_BOOL, P_LOCAL, LOCAL_VAR(bStrictLocking), NULL, NULL},
+ {"oplocks", P_BOOL, P_LOCAL, LOCAL_VAR(bOplocks), NULL, NULL},
{"share backend", P_STRING, P_GLOBAL, GLOBAL_VAR(szShareBackend), NULL, NULL},
{"preload", P_STRING, P_GLOBAL, GLOBAL_VAR(szAutoServices), NULL, NULL},
{"lock directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szLockDir), NULL, NULL},
{"modules dir", P_STRING, P_GLOBAL, GLOBAL_VAR(szModulesDir), NULL, NULL},
{"pid directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szPidDir), NULL, NULL},
- {"js include", P_LIST, P_GLOBAL, GLOBAL_VAR(jsInclude), NULL, NULL},
{"setup directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szSetupDir), NULL, NULL},
{"socket address", P_STRING, P_GLOBAL, GLOBAL_VAR(szSocketAddress), NULL, NULL},
{"host msdfs", P_BOOL, P_GLOBAL, GLOBAL_VAR(bHostMSDfs), NULL, NULL},
{"winbind separator", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbindSeparator), NULL, NULL },
{"winbindd socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddSocketDirectory), NULL, NULL },
+ {"winbindd privileged socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddPrivilegedSocketDirectory), NULL, NULL },
{"winbind sealed pipes", P_BOOL, P_GLOBAL, GLOBAL_VAR(bWinbindSealedPipes), NULL, NULL },
{"template shell", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateShell), NULL, NULL },
{"template homedir", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateHomedir), NULL, NULL },
{"idmap trusted only", P_BOOL, P_GLOBAL, GLOBAL_VAR(bIdmapTrustedOnly), NULL, NULL},
+ {"ntp signd socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szNTPSignDSocketDirectory), NULL, NULL },
+
{NULL, P_BOOL, P_NONE, 0, NULL, NULL}
};
_PUBLIC_ FN_GLOBAL_INTEGER(lp_web_port, web_port)
_PUBLIC_ FN_GLOBAL_STRING(lp_swat_directory, swat_directory)
_PUBLIC_ FN_GLOBAL_BOOL(lp_tls_enabled, tls_enabled)
-_PUBLIC_ FN_GLOBAL_STRING(lp_tls_keyfile, tls_keyfile)
-_PUBLIC_ FN_GLOBAL_STRING(lp_tls_certfile, tls_certfile)
-_PUBLIC_ FN_GLOBAL_STRING(lp_tls_cafile, tls_cafile)
-_PUBLIC_ FN_GLOBAL_STRING(lp_tls_crlfile, tls_crlfile)
-_PUBLIC_ FN_GLOBAL_STRING(lp_tls_dhpfile, tls_dhpfile)
_PUBLIC_ FN_GLOBAL_STRING(lp_share_backend, szShareBackend)
_PUBLIC_ FN_GLOBAL_STRING(lp_sam_url, szSAM_URL)
_PUBLIC_ FN_GLOBAL_STRING(lp_idmap_url, szIDMAP_URL)
_PUBLIC_ FN_GLOBAL_STRING(lp_wins_url, szWINS_URL)
_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbind_separator, szWinbindSeparator)
_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbindd_socket_directory, szWinbinddSocketDirectory)
+_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbindd_privileged_socket_directory, szWinbinddPrivilegedSocketDirectory)
_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_shell, szTemplateShell)
_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_homedir, szTemplateHomedir)
_PUBLIC_ FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, bWinbindSealedPipes)
_PUBLIC_ FN_GLOBAL_INTEGER(lp_security, security)
_PUBLIC_ FN_GLOBAL_BOOL(lp_paranoid_server_security, paranoid_server_security)
_PUBLIC_ FN_GLOBAL_INTEGER(lp_announce_as, announce_as)
-_PUBLIC_ FN_GLOBAL_LIST(lp_js_include, jsInclude)
const char *lp_servicename(const struct loadparm_service *service)
{
return lp_string((const char *)service->szService);
_PUBLIC_ FN_LOCAL_BOOL(lp_map_hidden, bMap_hidden)
_PUBLIC_ FN_LOCAL_BOOL(lp_map_archive, bMap_archive)
_PUBLIC_ FN_LOCAL_BOOL(lp_strict_locking, bStrictLocking)
+_PUBLIC_ FN_LOCAL_BOOL(lp_oplocks, bOplocks)
_PUBLIC_ FN_LOCAL_BOOL(lp_strict_sync, bStrictSync)
_PUBLIC_ FN_LOCAL_BOOL(lp_ci_filesystem, bCIFileSystem)
_PUBLIC_ FN_LOCAL_BOOL(lp_map_system, bMap_system)
_PUBLIC_ FN_GLOBAL_INTEGER(lp_server_signing, server_signing)
_PUBLIC_ FN_GLOBAL_INTEGER(lp_client_signing, client_signing)
+_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_ntp_signd_socket_directory, szNTPSignDSocketDirectory)
+
/* local prototypes */
static int map_parameter(const char *pszParmName);
static struct loadparm_service *getservicebyname(struct loadparm_context *lp_ctx,
const char *value = lp_get_parametric(lp_ctx, service, type, option);
if (value != NULL)
- return str_list_make(mem_ctx, value, separator);
+ return (const char **)str_list_make(mem_ctx, value, separator);
return NULL;
}
strupper(*(char **)dest_ptr);
break;
case P_LIST:
- *(const char ***)dest_ptr = str_list_copy(pserviceDest,
+ *(const char ***)dest_ptr = (const char **)str_list_copy(pserviceDest,
*(const char ***)src_ptr);
break;
default:
/* If we already have the option set, override it unless
it was a command line option and the new one isn't */
if (strcmp(paramo->key, name) == 0) {
- if ((paramo->flags & FLAG_CMDLINE) &&
+ if ((paramo->priority & FLAG_CMDLINE) &&
!(flags & FLAG_CMDLINE)) {
return true;
}
talloc_free(paramo->value);
paramo->value = talloc_strdup(paramo, pszParmValue);
- paramo->flags = flags;
+ paramo->priority = flags;
free(name);
return true;
}
smb_panic("OOM");
paramo->key = talloc_strdup(paramo, name);
paramo->value = talloc_strdup(paramo, pszParmValue);
- paramo->flags = flags;
+ paramo->priority = flags;
if (service == NULL) {
DLIST_ADD(lp_ctx->globals->param_opt, paramo);
} else {
}
case P_LIST:
- *(const char ***)parm_ptr = str_list_make(mem_ctx,
+ *(const char ***)parm_ptr = (const char **)str_list_make(mem_ctx,
pszParmValue, NULL);
break;
struct param_opt *next;
for (data = lp_ctx->globals->param_opt; data; data=next) {
next = data->next;
- if (data->flags & FLAG_CMDLINE) continue;
+ if (data->priority & FLAG_CMDLINE) continue;
DLIST_REMOVE(lp_ctx->globals->param_opt, data);
talloc_free(data);
}
lp_ctx->sDefault->bRead_only = true;
lp_ctx->sDefault->bMap_archive = true;
lp_ctx->sDefault->bStrictLocking = true;
+ lp_ctx->sDefault->bOplocks = true;
lp_ctx->sDefault->iCreate_mask = 0744;
lp_ctx->sDefault->iCreate_force_mode = 0000;
lp_ctx->sDefault->iDir_mask = 0755;
SAFE_FREE(myname);
lp_do_global_parameter(lp_ctx, "name resolve order", "wins host bcast");
- lp_do_global_parameter(lp_ctx, "fstype", FSTYPE_STRING);
+ lp_do_global_parameter(lp_ctx, "fstype", "NTFS");
+
lp_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
lp_do_global_parameter(lp_ctx, "max connections", "-1");
- lp_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup unixinfo");
- lp_do_global_parameter(lp_ctx, "server services", "smb rpc nbt wrepl ldap cldap web kdc drepl winbind");
+ lp_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup unixinfo browser");
+ lp_do_global_parameter(lp_ctx, "server services", "smb rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd");
lp_do_global_parameter(lp_ctx, "ntptr providor", "simple_ldb");
lp_do_global_parameter(lp_ctx, "auth methods:domain controller", "anonymous sam_ignoredomain");
lp_do_global_parameter(lp_ctx, "auth methods:member server", "anonymous sam winbind");
lp_do_global_parameter(lp_ctx, "TimeServer", "False");
lp_do_global_parameter(lp_ctx, "BindInterfacesOnly", "False");
lp_do_global_parameter(lp_ctx, "Unicode", "True");
- lp_do_global_parameter(lp_ctx, "ClientLanManAuth", "True");
- lp_do_global_parameter(lp_ctx, "LanmanAuth", "True");
+ lp_do_global_parameter(lp_ctx, "ClientLanManAuth", "False");
+ lp_do_global_parameter(lp_ctx, "LanmanAuth", "False");
lp_do_global_parameter(lp_ctx, "NTLMAuth", "True");
lp_do_global_parameter(lp_ctx, "client use spnego principal", "False");
lp_do_global_parameter(lp_ctx, "winbind separator", "\\");
lp_do_global_parameter(lp_ctx, "winbind sealed pipes", "True");
lp_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR);
+ lp_do_global_parameter(lp_ctx, "winbindd privileged socket directory", dyn_WINBINDD_PRIVILEGED_SOCKET_DIR);
lp_do_global_parameter(lp_ctx, "template shell", "/bin/false");
lp_do_global_parameter(lp_ctx, "template homedir", "/home/%WORKGROUP%/%ACCOUNTNAME%");
lp_do_global_parameter(lp_ctx, "idmap trusted only", "False");
lp_do_global_parameter(lp_ctx, "tls keyfile", "tls/key.pem");
lp_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
lp_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
- lp_do_global_parameter_var(lp_ctx, "js include", "%s", dyn_JSDIR);
lp_do_global_parameter_var(lp_ctx, "setup directory", "%s",
dyn_SETUPDIR);
lp_do_global_parameter(lp_ctx, "prefork children:smb", "4");
+ lp_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR);
+
for (i = 0; parm_table[i].label; i++) {
if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
lp_ctx->flags[i] |= FLAG_DEFAULT;
bool lp_load_default(struct loadparm_context *lp_ctx)
{
- return lp_load(lp_ctx, dyn_CONFIGFILE);
+ const char *path;
+ if (getenv("SMB_CONF_PATH"))
+ path = getenv("SMB_CONF_PATH");
+ else
+ path = dyn_CONFIGFILE;
+
+ if (!file_exist(path)) {
+ /* We allow the default smb.conf file to not exist,
+ * basically the equivalent of an empty file. */
+ return true;
+ }
+
+ return lp_load(lp_ctx, path);
}
/**
reload_charcnv(lp_ctx);
+ /* FIXME: ntstatus_check_dos_mapping = lp_nt_status_support(lp_ctx); */
+
+ /* FIXME: This is a bit of a hack, but we can't use a global, since
+ * not everything that uses lp also uses the socket library */
+ if (lp_parm_bool(lp_ctx, NULL, "socket", "testnonblock", false)) {
+ setenv("SOCKET_TESTNONBLOCK", "1", 1);
+ } else {
+ unsetenv("SOCKET_TESTNONBLOCK");
+ }
+
/* FIXME: Check locale in environment for this: */
if (strcmp(lp_display_charset(lp_ctx), lp_unix_charset(lp_ctx)) != 0)
d_set_iconv(smb_iconv_open(lp_display_charset(lp_ctx), lp_unix_charset(lp_ctx)));
_PUBLIC_ void reload_charcnv(struct loadparm_context *lp_ctx)
{
talloc_free(lp_ctx->iconv_convenience);
- lp_ctx->iconv_convenience = smb_iconv_convenience_init_lp(lp_ctx, lp_ctx);
+ global_iconv_convenience = lp_ctx->iconv_convenience = smb_iconv_convenience_init_lp(lp_ctx, lp_ctx);
}
void lp_smbcli_options(struct loadparm_context *lp_ctx,
options->ntstatus_support = lp_nt_status_support(lp_ctx);
options->max_protocol = lp_cli_maxprotocol(lp_ctx);
options->unicode = lp_unicode(lp_ctx);
- options->use_oplocks = false;
- options->use_level2_oplocks = false;
+ options->use_oplocks = true;
+ options->use_level2_oplocks = true;
+}
+
+void lp_smbcli_session_options(struct loadparm_context *lp_ctx,
+ struct smbcli_session_options *options)
+{
+ options->lanman_auth = lp_client_lanman_auth(lp_ctx);
+ options->ntlmv2_auth = lp_client_ntlmv2_auth(lp_ctx);
+ options->plaintext_auth = lp_client_plaintext_auth(lp_ctx);
+}
+
+_PUBLIC_ char *lp_tls_keyfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+ return private_path(mem_ctx, lp_ctx, lp_ctx->globals->tls_keyfile);
+}
+
+_PUBLIC_ char *lp_tls_certfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+ return private_path(mem_ctx, lp_ctx, lp_ctx->globals->tls_certfile);
+}
+
+_PUBLIC_ char *lp_tls_cafile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+ return private_path(mem_ctx, lp_ctx, lp_ctx->globals->tls_cafile);
+}
+
+_PUBLIC_ char *lp_tls_crlfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+ return private_path(mem_ctx, lp_ctx, lp_ctx->globals->tls_crlfile);
+}
+
+_PUBLIC_ char *lp_tls_dhpfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+ return private_path(mem_ctx, lp_ctx, lp_ctx->globals->tls_dhpfile);
+}
+
+_PUBLIC_ struct dcerpc_server_info *lp_dcerpc_server_info(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+ struct dcerpc_server_info *ret = talloc_zero(mem_ctx, struct dcerpc_server_info);
+
+ ret->domain_name = talloc_reference(mem_ctx, lp_workgroup(lp_ctx));
+ ret->version_major = lp_parm_int(lp_ctx, NULL, "server_info", "version_major", 5);
+ ret->version_minor = lp_parm_int(lp_ctx, NULL, "server_info", "version_minor", 2);
+ ret->version_build = lp_parm_int(lp_ctx, NULL, "server_info", "version_build", 3790);
+
+ return ret;
+}
+
+struct gensec_settings *lp_gensec_settings(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+ struct gensec_settings *settings = talloc(mem_ctx, struct gensec_settings);
+ if (settings == NULL)
+ return NULL;
+ SMB_ASSERT(lp_ctx != NULL);
+ settings->lp_ctx = talloc_reference(settings, lp_ctx);
+ settings->iconv_convenience = lp_iconv_convenience(lp_ctx);
+ settings->target_hostname = lp_parm_string(lp_ctx, NULL, "gensec", "target_hostname");
+ return settings;
}