char *szLogFile;
char *szConfigFile;
char *szSMBPasswdFile;
+ char *szSAM_URL;
char *szPrivateDir;
char **szPassdbBackend;
char **szPreloadModules;
char *szWinbindUID;
char *szWinbindGID;
char *szNonUnixAccountRange;
- int AlgorithmicRidBase;
char *szTemplateHomedir;
char *szTemplateShell;
char *szWinbindSeparator;
BOOL bLanmanAuth;
BOOL bNTLMAuth;
BOOL bUseSpnego;
+ BOOL server_signing;
BOOL bClientLanManAuth;
BOOL bClientNTLMv2Auth;
BOOL bHostMSDfs;
{-1, NULL}
};
+/* SMB signing types. */
+static const struct enum_list enum_smb_signing_vals[] = {
+ {SMB_SIGNING_OFF, "No"},
+ {SMB_SIGNING_OFF, "False"},
+ {SMB_SIGNING_OFF, "0"},
+ {SMB_SIGNING_OFF, "Off"},
+ {SMB_SIGNING_OFF, "disabled"},
+ {SMB_SIGNING_SUPPORTED, "Yes"},
+ {SMB_SIGNING_SUPPORTED, "True"},
+ {SMB_SIGNING_SUPPORTED, "1"},
+ {SMB_SIGNING_SUPPORTED, "On"},
+ {SMB_SIGNING_SUPPORTED, "enabled"},
+ {SMB_SIGNING_SUPPORTED, "auto"},
+ {SMB_SIGNING_REQUIRED, "required"},
+ {SMB_SIGNING_REQUIRED, "mandatory"},
+ {SMB_SIGNING_REQUIRED, "force"},
+ {SMB_SIGNING_REQUIRED, "forced"},
+ {SMB_SIGNING_REQUIRED, "enforced"},
+ {-1, NULL}
+};
+
/*
Do you want session setups at user level security with a invalid
password to be rejected or allowed in as guest? WinNT rejects them
{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"sam database", P_STRING, P_GLOBAL, &Globals.szSAM_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"non unix account range", P_STRING, P_GLOBAL, &Globals.szNonUnixAccountRange, handle_non_unix_account_range, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.AlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE | FLAG_DEVELOPER},
{"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"unix extensions", P_BOOL, P_GLOBAL, &Globals.bUnixExtensions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_DEVELOPER},
+ {"server signing", P_ENUM, P_GLOBAL, &Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED},
{"rpc big endian", P_BOOL, P_GLOBAL, &Globals.bRpcBigEndian, NULL, NULL, FLAG_DEVELOPER},
{"Tuning Options", P_SEP, P_SEPARATOR},
string_set(&sDefault.fstype, FSTYPE_STRING);
string_set(&sDefault.ntvfs_handler, "default");
- Globals.dcerpc_ep_servers = str_list_make("epmapper rpcecho", NULL);
+ Globals.dcerpc_ep_servers = str_list_make("epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc", NULL);
+
+ Globals.AuthMethods = str_list_make("guest sam_ignoredomain", NULL);
string_set(&Globals.szSMBPasswdFile, dyn_SMB_PASSWD_FILE);
string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR);
-
- /* use the new 'hash2' method by default, with a prefix of 1 */
+ asprintf(&Globals.szSAM_URL, "tdb://%s/sam.ldb", dyn_PRIVATE_DIR);
string_set(&Globals.szGuestaccount, GUEST_ACCOUNT);
string_set(&Globals.szPasswordServer, "*");
- Globals.AlgorithmicRidBase = BASE_RID;
-
Globals.bLoadPrinters = True;
Globals.mangled_stack = 50;
Globals.max_mux = 50; /* This is *needed* for profile support. */
Globals.bUseSpnego = True;
+ Globals.server_signing = False;
+
string_set(&Globals.smb_ports, SMB_PORTS);
}
FN_GLOBAL_STRING(lp_logfile, &Globals.szLogFile)
FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile)
FN_GLOBAL_STRING(lp_smb_passwd_file, &Globals.szSMBPasswdFile)
+FN_GLOBAL_STRING(lp_sam_url, &Globals.szSAM_URL)
FN_GLOBAL_STRING(lp_private_dir, &Globals.szPrivateDir)
FN_GLOBAL_STRING(lp_serverstring, &Globals.szServerString)
FN_GLOBAL_STRING(lp_printcapname, &Globals.szPrintcapname)
FN_LOCAL_INTEGER(lp_csc_policy, iCSCPolicy)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)
-FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
+FN_GLOBAL_INTEGER(lp_server_signing, &Globals.server_signing)
/* local prototypes */
static uid_t winbind_uid_low, winbind_uid_high;
static gid_t winbind_gid_low, winbind_gid_high;
-static uint32 non_unix_account_low, non_unix_account_high;
+static uint32_t non_unix_account_low, non_unix_account_high;
BOOL lp_winbind_uid(uid_t *low, uid_t *high)
{
return True;
}
-BOOL lp_non_unix_account_range(uint32 *low, uint32 *high)
+BOOL lp_non_unix_account_range(uint32_t *low, uint32_t *high)
{
if (non_unix_account_low == 0 || non_unix_account_high == 0)
return False;
static BOOL handle_winbind_uid(const char *pszParmValue, char **ptr)
{
- uint32 low, high;
+ uint32_t low, high;
if (sscanf(pszParmValue, "%u-%u", &low, &high) != 2 || high < low)
return False;
static BOOL handle_winbind_gid(const char *pszParmValue, char **ptr)
{
- uint32 low, high;
+ uint32_t low, high;
if (sscanf(pszParmValue, "%u-%u", &low, &high) != 2 || high < low)
return False;
static BOOL handle_non_unix_account_range(const char *pszParmValue, char **ptr)
{
- uint32 low, high;
+ uint32_t low, high;
if (sscanf(pszParmValue, "%u-%u", &low, &high) != 2 || high < low)
return False;
static void lp_add_auto_services(char *str)
{
- char *s;
- char *p;
- int homes;
-
- if (!str)
- return;
-
- s = strdup(str);
- if (!s)
- return;
-
- homes = lp_servicenumber(HOMES_NAME);
-
- for (p = strtok(s, LIST_SEP); p; p = strtok(NULL, LIST_SEP)) {
- char *home = get_user_home_dir(p);
-
- if (lp_servicenumber(p) >= 0)
- continue;
-
- if (home && homes >= 0)
- lp_add_home(p, homes, p, home);
- }
- SAFE_FREE(s);
+ return;
}
/***************************************************************************