2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "system/filesys.h"
60 #include "lib/param/loadparm.h"
61 #include "lib/param/param.h"
63 #include "lib/smbconf/smbconf.h"
64 #include "lib/smbconf/smbconf_init.h"
67 #include "../librpc/gen_ndr/svcctl.h"
69 #include "../libcli/smb/smb_signing.h"
70 #include "dbwrap/dbwrap.h"
71 #include "dbwrap/dbwrap_rbt.h"
72 #include "../lib/util/bitmap.h"
73 #include "librpc/gen_ndr/nbt.h"
74 #include "source4/lib/tls/tls.h"
75 #include "libcli/auth/ntlm_check.h"
77 #ifdef HAVE_SYS_SYSCTL_H
78 #include <sys/sysctl.h>
83 extern userdom_struct current_user_info;
85 /* the special value for the include parameter
86 * to be interpreted not as a file name but to
87 * trigger loading of the global smb.conf options
89 #ifndef INCLUDE_REGISTRY_NAME
90 #define INCLUDE_REGISTRY_NAME "registry"
93 static bool in_client = false; /* Not in the client by default */
94 static struct smbconf_csn conf_last_csn;
96 static int config_backend = CONFIG_BACKEND_FILE;
98 /* some helpful bits */
99 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
100 (ServicePtrs != NULL) && \
101 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
102 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
103 ServicePtrs[i]->valid)
105 #define USERSHARE_VALID 1
106 #define USERSHARE_PENDING_DELETE 2
108 static bool defaults_saved = false;
110 #include "lib/param/param_global.h"
112 static struct loadparm_global Globals;
114 /* This is a default service used to prime a services structure */
115 static const struct loadparm_service _sDefault =
120 .usershare_last_mod = {0, 0},
123 .invalid_users = NULL,
130 .root_preexec = NULL,
131 .root_postexec = NULL,
132 .cups_options = NULL,
133 .print_command = NULL,
135 .lprm_command = NULL,
136 .lppause_command = NULL,
137 .lpresume_command = NULL,
138 .queuepause_command = NULL,
139 .queueresume_command = NULL,
140 ._printername = NULL,
141 .printjob_username = NULL,
142 .dont_descend = NULL,
145 .magic_script = NULL,
146 .magic_output = NULL,
149 .veto_oplock_files = NULL,
159 .aio_write_behind = NULL,
160 .dfree_command = NULL,
161 .min_print_space = 0,
162 .max_print_jobs = 1000,
163 .max_reported_print_jobs = 0,
165 .force_create_mode = 0,
166 .directory_mask = 0755,
167 .force_directory_mode = 0,
168 .max_connections = 0,
169 .default_case = CASE_LOWER,
170 .printing = DEFAULT_PRINTING,
173 .dfree_cache_time = 0,
174 .preexec_close = false,
175 .root_preexec_close = false,
176 .case_sensitive = Auto,
177 .preserve_case = true,
178 .short_preserve_case = true,
179 .hide_dot_files = true,
180 .hide_special_files = false,
181 .hide_unreadable = false,
182 .hide_unwriteable_files = false,
184 .access_based_share_enum = false,
189 .administrative_share = false,
192 .print_notify_backchannel = false,
196 .store_dos_attributes = true,
197 .dmapi_support = false,
199 .strict_locking = Auto,
200 .posix_locking = true,
202 .kernel_oplocks = false,
203 .level2_oplocks = true,
204 .mangled_names = MANGLED_NAMES_ILLEGAL,
206 .follow_symlinks = true,
207 .sync_always = false,
208 .strict_allocate = false,
209 .strict_rename = false,
211 .mangling_char = '~',
213 .delete_readonly = false,
214 .fake_oplocks = false,
215 .delete_veto_files = false,
216 .dos_filemode = false,
217 .dos_filetimes = true,
218 .dos_filetime_resolution = false,
219 .fake_directory_create_times = false,
220 .blocking_locks = true,
221 .inherit_permissions = false,
222 .inherit_acls = false,
223 .inherit_owner = false,
225 .msdfs_shuffle_referrals = false,
226 .use_client_driver = false,
227 .default_devmode = true,
228 .force_printername = false,
229 .nt_acl_support = true,
230 .force_unknown_acl_user = false,
231 ._use_sendfile = false,
232 .map_acl_inherit = false,
235 .acl_check_permissions = true,
236 .acl_map_full_control = true,
237 .acl_group_control = false,
238 .acl_allow_execute_always = false,
241 .map_readonly = MAP_READONLY_NO,
242 .directory_name_cache_size = 100,
243 .smb_encrypt = SMB_SIGNING_DEFAULT,
244 .kernel_share_modes = true,
245 .durable_handles = true,
246 .check_parent_directory_delete_on_close = false,
248 .smbd_search_ask_sharemode = true,
249 .smbd_getinfo_ask_sharemode = true,
250 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
255 * This is a copy of the default service structure. Service options in the
256 * global section would otherwise overwrite the initial default values.
258 static struct loadparm_service sDefault;
260 /* local variables */
261 static struct loadparm_service **ServicePtrs = NULL;
262 static int iNumServices = 0;
263 static int iServiceIndex = 0;
264 static struct db_context *ServiceHash;
265 static bool bInGlobalSection = true;
266 static bool bGlobalOnly = false;
267 static struct file_lists *file_lists = NULL;
268 static unsigned int *flags_list = NULL;
270 static void set_allowed_client_auth(void);
272 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
273 static void free_param_opts(struct parmlist_entry **popts);
276 * Function to return the default value for the maximum number of open
277 * file descriptors permitted. This function tries to consult the
278 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
279 * the smaller of those.
281 static int max_open_files(void)
283 int sysctl_max = MAX_OPEN_FILES;
284 int rlimit_max = MAX_OPEN_FILES;
286 #ifdef HAVE_SYSCTLBYNAME
288 size_t size = sizeof(sysctl_max);
289 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
294 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
300 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
301 rlimit_max = rl.rlim_cur;
303 #if defined(RLIM_INFINITY)
304 if(rl.rlim_cur == RLIM_INFINITY)
305 rlimit_max = MAX_OPEN_FILES;
310 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
311 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
312 "minimum Windows limit (%d)\n",
314 MIN_OPEN_FILES_WINDOWS));
315 sysctl_max = MIN_OPEN_FILES_WINDOWS;
318 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
319 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
320 "minimum Windows limit (%d)\n",
322 MIN_OPEN_FILES_WINDOWS));
323 rlimit_max = MIN_OPEN_FILES_WINDOWS;
326 return MIN(sysctl_max, rlimit_max);
330 * Common part of freeing allocated data for one parameter.
332 static void free_one_parameter_common(void *parm_ptr,
333 struct parm_struct parm)
335 if ((parm.type == P_STRING) ||
336 (parm.type == P_USTRING))
338 lpcfg_string_free((char**)parm_ptr);
339 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
340 TALLOC_FREE(*((char***)parm_ptr));
345 * Free the allocated data for one parameter for a share
346 * given as a service struct.
348 static void free_one_parameter(struct loadparm_service *service,
349 struct parm_struct parm)
353 if (parm.p_class != P_LOCAL) {
357 parm_ptr = lp_parm_ptr(service, &parm);
359 free_one_parameter_common(parm_ptr, parm);
363 * Free the allocated parameter data of a share given
364 * as a service struct.
366 static void free_parameters(struct loadparm_service *service)
370 for (i=0; parm_table[i].label; i++) {
371 free_one_parameter(service, parm_table[i]);
376 * Free the allocated data for one parameter for a given share
377 * specified by an snum.
379 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
384 parm_ptr = lp_parm_ptr(NULL, &parm);
385 } else if (parm.p_class != P_LOCAL) {
388 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
391 free_one_parameter_common(parm_ptr, parm);
395 * Free the allocated parameter data for a share specified
398 static void free_parameters_by_snum(int snum)
402 for (i=0; parm_table[i].label; i++) {
403 free_one_parameter_by_snum(snum, parm_table[i]);
408 * Free the allocated global parameters.
410 static void free_global_parameters(void)
413 struct parm_struct *parm;
415 free_param_opts(&Globals.param_opt);
416 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
418 /* Reset references in the defaults because the context is going to be freed */
419 for (i=0; parm_table[i].label; i++) {
420 parm = &parm_table[i];
421 if ((parm->type == P_STRING) ||
422 (parm->type == P_USTRING)) {
423 if ((parm->def.svalue != NULL) &&
424 (*(parm->def.svalue) != '\0')) {
425 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
426 parm->def.svalue = NULL;
431 TALLOC_FREE(Globals.ctx);
434 struct lp_stored_option {
435 struct lp_stored_option *prev, *next;
440 static struct lp_stored_option *stored_options;
443 save options set by lp_set_cmdline() into a list. This list is
444 re-applied when we do a globals reset, so that cmdline set options
445 are sticky across reloads of smb.conf
447 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
449 struct lp_stored_option *entry, *entry_next;
450 for (entry = stored_options; entry != NULL; entry = entry_next) {
451 entry_next = entry->next;
452 if (strcmp(pszParmName, entry->label) == 0) {
453 DLIST_REMOVE(stored_options, entry);
459 entry = talloc(NULL, struct lp_stored_option);
464 entry->label = talloc_strdup(entry, pszParmName);
470 entry->value = talloc_strdup(entry, pszParmValue);
476 DLIST_ADD_END(stored_options, entry);
481 static bool apply_lp_set_cmdline(void)
483 struct lp_stored_option *entry = NULL;
484 for (entry = stored_options; entry != NULL; entry = entry->next) {
485 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
486 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
487 entry->label, entry->value));
494 /***************************************************************************
495 Initialise the global parameter structure.
496 ***************************************************************************/
498 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
500 static bool done_init = false;
504 /* If requested to initialize only once and we've already done it... */
505 if (!reinit_globals && done_init) {
506 /* ... then we have nothing more to do */
511 /* The logfile can be set before this is invoked. Free it if so. */
512 lpcfg_string_free(&Globals.logfile);
515 free_global_parameters();
518 /* This memset and the free_global_parameters() above will
519 * wipe out smb.conf options set with lp_set_cmdline(). The
520 * apply_lp_set_cmdline() call puts these values back in the
521 * table once the defaults are set */
522 ZERO_STRUCT(Globals);
524 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
526 /* Initialize the flags list if necessary */
527 if (flags_list == NULL) {
531 for (i = 0; parm_table[i].label; i++) {
532 if ((parm_table[i].type == P_STRING ||
533 parm_table[i].type == P_USTRING))
537 (char **)lp_parm_ptr(NULL, &parm_table[i]),
543 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
544 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
546 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
548 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
550 DEBUG(3, ("Initialising global parameters\n"));
552 /* Must manually force to upper case here, as this does not go via the handler */
553 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
556 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
557 get_dyn_SMB_PASSWD_FILE());
558 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
559 get_dyn_PRIVATE_DIR());
560 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
561 get_dyn_BINDDNS_DIR());
563 /* use the new 'hash2' method by default, with a prefix of 1 */
564 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
565 Globals.mangle_prefix = 1;
567 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
569 /* using UTF8 by default allows us to support all chars */
570 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
571 DEFAULT_UNIX_CHARSET);
573 /* Use codepage 850 as a default for the dos character set */
574 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
575 DEFAULT_DOS_CHARSET);
578 * Allow the default PASSWD_CHAT to be overridden in local.h.
580 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
581 DEFAULT_PASSWD_CHAT);
583 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
585 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
586 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
588 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
590 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
592 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
594 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
597 * By default support explicit binding to broadcast
600 Globals.nmbd_bind_explicit_broadcast = true;
602 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
604 smb_panic("init_globals: ENOMEM");
606 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
609 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
610 "/bin/sleep 999999999");
613 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
614 DEFAULT_SOCKET_OPTIONS);
616 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
617 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
618 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
619 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
620 "\\\\%N\\%U\\profile");
622 Globals.name_resolve_order =
623 str_list_make_v3_const(Globals.ctx,
624 DEFAULT_NAME_RESOLVE_ORDER,
626 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
628 Globals.algorithmic_rid_base = BASE_RID;
630 Globals.load_printers = true;
631 Globals.printcap_cache_time = 750; /* 12.5 minutes */
633 Globals.config_backend = config_backend;
634 Globals._server_role = ROLE_AUTO;
636 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
637 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
638 Globals.max_xmit = 0x4104;
639 Globals.max_mux = 50; /* This is *needed* for profile support. */
640 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
641 Globals._disable_spoolss = false;
642 Globals.max_smbd_processes = 0;/* no limit specified */
643 Globals.username_level = 0;
644 Globals.deadtime = 10080;
645 Globals.getwd_cache = true;
646 Globals.large_readwrite = true;
647 Globals.max_log_size = 5000;
648 Globals.max_open_files = max_open_files();
649 Globals.server_max_protocol = PROTOCOL_SMB3_11;
650 Globals.server_min_protocol = PROTOCOL_SMB2_02;
651 Globals._client_max_protocol = PROTOCOL_DEFAULT;
652 Globals.client_min_protocol = PROTOCOL_SMB2_02;
653 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
654 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
655 Globals._security = SEC_AUTO;
656 Globals.encrypt_passwords = true;
657 Globals.client_schannel = true;
658 Globals.winbind_sealed_pipes = true;
659 Globals.require_strong_key = true;
660 Globals.server_schannel = true;
661 Globals.read_raw = true;
662 Globals.write_raw = true;
663 Globals.null_passwords = false;
664 Globals.old_password_allowed_period = 60;
665 Globals.obey_pam_restrictions = false;
667 Globals.syslog_only = false;
668 Globals.timestamp_logs = true;
669 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
670 Globals.debug_prefix_timestamp = false;
671 Globals.debug_hires_timestamp = true;
672 Globals.debug_pid = false;
673 Globals.debug_uid = false;
674 Globals.debug_class = false;
675 Globals.enable_core_files = true;
676 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
677 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
678 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
679 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
680 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
681 Globals.lm_interval = 60;
682 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
683 Globals.nis_homedir = false;
684 #ifdef WITH_NISPLUS_HOME
685 lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
686 "auto_home.org_dir");
688 lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
691 Globals.time_server = false;
692 Globals.bind_interfaces_only = false;
693 Globals.unix_password_sync = false;
694 Globals.pam_password_change = false;
695 Globals.passwd_chat_debug = false;
696 Globals.passwd_chat_timeout = 2; /* 2 second default. */
697 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
698 Globals.nt_status_support = true; /* Use NT status by default. */
699 Globals.smbd_profiling_level = 0;
700 Globals.stat_cache = true; /* use stat cache by default */
701 Globals.max_stat_cache_size = 512; /* 512k by default */
702 Globals.restrict_anonymous = 0;
703 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
704 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
705 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
706 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
707 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
708 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
709 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
711 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
713 Globals.map_to_guest = 0; /* By Default, "Never" */
714 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
715 Globals.enhanced_browsing = true;
716 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
717 Globals.use_mmap = true;
718 Globals.unicode = true;
719 Globals.unix_extensions = true;
720 Globals.reset_on_zero_vc = false;
721 Globals.log_writeable_files_on_exit = false;
722 Globals.create_krb5_conf = true;
723 Globals.include_system_krb5_conf = true;
724 Globals._winbind_max_domain_connections = 1;
726 /* hostname lookups can be very expensive and are broken on
727 a large number of sites (tridge) */
728 Globals.hostname_lookups = false;
730 Globals.change_notify = true,
731 Globals.kernel_change_notify = true,
733 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
734 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
735 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
738 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
740 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
741 Globals.ldap_ssl = LDAP_SSL_START_TLS;
742 Globals.ldap_ssl_ads = false;
743 Globals.ldap_deref = -1;
744 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
745 Globals.ldap_delete_dn = false;
746 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
747 Globals.ldap_follow_referral = Auto;
748 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
749 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
750 Globals.ldap_page_size = LDAP_PAGE_SIZE;
752 Globals.ldap_debug_level = 0;
753 Globals.ldap_debug_threshold = 10;
755 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
757 Globals.ldap_server_require_strong_auth =
758 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
760 /* This is what we tell the afs client. in reality we set the token
761 * to never expire, though, when this runs out the afs client will
762 * forget the token. Set to 0 to get NEVERDATE.*/
763 Globals.afs_token_lifetime = 604800;
764 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
766 /* these parameters are set to defaults that are more appropriate
767 for the increasing samba install base:
769 as a member of the workgroup, that will possibly become a
770 _local_ master browser (lm = true). this is opposed to a forced
771 local master browser startup (pm = true).
773 doesn't provide WINS server service by default (wsupp = false),
774 and doesn't provide domain master browser services by default, either.
778 Globals.show_add_printer_wizard = true;
779 Globals.os_level = 20;
780 Globals.local_master = true;
781 Globals._domain_master = Auto; /* depending on _domain_logons */
782 Globals._domain_logons = false;
783 Globals.browse_list = true;
784 Globals.we_are_a_wins_server = false;
785 Globals.wins_proxy = false;
787 TALLOC_FREE(Globals.init_logon_delayed_hosts);
788 Globals.init_logon_delay = 100; /* 100 ms default delay */
790 Globals.wins_dns_proxy = true;
792 Globals.allow_trusted_domains = true;
793 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
795 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
796 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
798 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
799 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
800 dyn_WINBINDD_SOCKET_DIR);
802 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
803 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
805 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
807 Globals.cluster_addresses = NULL;
808 Globals.clustering = false;
809 Globals.ctdb_timeout = 0;
810 Globals.ctdb_locktime_warn_threshold = 0;
812 Globals.winbind_cache_time = 300; /* 5 minutes */
813 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
814 Globals.winbind_request_timeout = 60; /* 60 seconds */
815 Globals.winbind_max_clients = 200;
816 Globals.winbind_enum_users = false;
817 Globals.winbind_enum_groups = false;
818 Globals.winbind_use_default_domain = false;
819 Globals.winbind_nested_groups = true;
820 Globals.winbind_expand_groups = 0;
821 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
822 Globals.winbind_refresh_tickets = false;
823 Globals.winbind_offline_logon = false;
824 Globals.winbind_scan_trusted_domains = true;
826 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
827 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
829 Globals.passdb_expand_explicit = false;
831 Globals.name_cache_timeout = 660; /* In seconds */
833 Globals.client_use_spnego = true;
835 Globals.client_signing = SMB_SIGNING_DEFAULT;
836 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
837 Globals.server_signing = SMB_SIGNING_DEFAULT;
839 Globals.defer_sharing_violations = true;
840 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
842 Globals.enable_privileges = true;
843 Globals.host_msdfs = true;
844 Globals.enable_asu_support = false;
846 /* User defined shares. */
847 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
849 smb_panic("init_globals: ENOMEM");
851 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
853 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
854 Globals.usershare_max_shares = 0;
855 /* By default disallow sharing of directories not owned by the sharer. */
856 Globals.usershare_owner_only = true;
857 /* By default disallow guest access to usershares. */
858 Globals.usershare_allow_guests = false;
860 Globals.keepalive = DEFAULT_KEEPALIVE;
862 /* By default no shares out of the registry */
863 Globals.registry_shares = false;
865 Globals.min_receivefile_size = 0;
867 Globals.multicast_dns_register = true;
869 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
870 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
871 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
872 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
873 Globals.smb2_leases = true;
875 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
876 get_dyn_NCALRPCDIR());
878 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
880 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
882 Globals.tls_enabled = true;
883 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
885 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
886 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
887 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
888 lpcfg_string_set(Globals.ctx, &Globals.tls_priority,
889 "NORMAL:-VERS-SSL3.0");
891 lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
893 Globals._preferred_master = Auto;
895 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
896 Globals.dns_zone_scavenging = false;
898 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
899 get_dyn_NTP_SIGND_SOCKET_DIR());
901 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
903 smb_panic("init_globals: ENOMEM");
905 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
909 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
912 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
914 smb_panic("init_globals: ENOMEM");
916 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
919 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
921 smb_panic("init_globals: ENOMEM");
923 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
926 Globals.apply_group_policies = false;
928 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
930 smb_panic("init_globals: ENOMEM");
932 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
935 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
937 Globals.cldap_port = 389;
939 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
941 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
943 Globals.krb5_port = 88;
945 Globals.kpasswd_port = 464;
947 Globals.aio_max_threads = 100;
949 lpcfg_string_set(Globals.ctx,
950 &Globals.rpc_server_dynamic_port_range,
952 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
953 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
954 Globals.prefork_children = 4;
955 Globals.prefork_backoff_increment = 10;
956 Globals.prefork_maximum_backoff = 120;
958 /* Now put back the settings that were set with lp_set_cmdline() */
959 apply_lp_set_cmdline();
962 /* Convenience routine to setup an lp_context with additional s3 variables */
963 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
965 struct loadparm_context *lp_ctx;
967 lp_ctx = loadparm_init_s3(mem_ctx,
968 loadparm_s3_helpers());
969 if (lp_ctx == NULL) {
970 DEBUG(0, ("loadparm_init_s3 failed\n"));
974 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
975 if (lp_ctx->sDefault == NULL) {
976 DBG_ERR("talloc_zero failed\n");
981 *lp_ctx->sDefault = _sDefault;
982 lp_ctx->services = NULL; /* We do not want to access this directly */
983 lp_ctx->bInGlobalSection = bInGlobalSection;
984 lp_ctx->flags = flags_list;
989 /*******************************************************************
990 Convenience routine to grab string parameters into talloced memory
991 and run standard_sub_basic on them. The buffers can be written to by
992 callers without affecting the source string.
993 ********************************************************************/
995 static char *loadparm_s3_global_substitution_fn(
997 const struct loadparm_substitution *lp_sub,
1003 /* The follow debug is useful for tracking down memory problems
1004 especially if you have an inner loop that is calling a lp_*()
1005 function that returns a string. Perhaps this debug should be
1006 present all the time? */
1009 DEBUG(10, ("lp_string(%s)\n", s));
1015 ret = talloc_sub_basic(mem_ctx,
1016 get_current_username(),
1017 current_user_info.domain,
1019 if (trim_char(ret, '\"', '\"')) {
1020 if (strchr(ret,'\"') != NULL) {
1022 ret = talloc_sub_basic(mem_ctx,
1023 get_current_username(),
1024 current_user_info.domain,
1031 static const struct loadparm_substitution s3_global_substitution = {
1032 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1035 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1037 return &s3_global_substitution;
1040 char *lp_string(TALLOC_CTX *ctx, const char *s)
1042 return lpcfg_substituted_string(ctx, &s3_global_substitution, s);
1046 In this section all the functions that are used to access the
1047 parameters from the rest of the program are defined
1050 #define FN_GLOBAL_STRING(fn_name,ptr) \
1051 char *lp_ ## fn_name(TALLOC_CTX *ctx) {return(lp_string((ctx), *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : ""));}
1052 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1053 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1054 #define FN_GLOBAL_LIST(fn_name,ptr) \
1055 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1056 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1057 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1058 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1059 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1060 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1061 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1063 #define FN_LOCAL_STRING(fn_name,val) \
1064 char *lp_ ## fn_name(TALLOC_CTX *ctx,int i) {return(lp_string((ctx), (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));}
1065 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1066 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1067 #define FN_LOCAL_LIST(fn_name,val) \
1068 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1069 #define FN_LOCAL_BOOL(fn_name,val) \
1070 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1071 #define FN_LOCAL_INTEGER(fn_name,val) \
1072 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1074 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1075 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1076 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1077 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1078 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1079 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1081 int lp_winbind_max_domain_connections(void)
1083 if (lp_winbind_offline_logon() &&
1084 lp__winbind_max_domain_connections() > 1) {
1085 DEBUG(1, ("offline logons active, restricting max domain "
1086 "connections to 1\n"));
1089 return MAX(1, lp__winbind_max_domain_connections());
1092 /* These functions remain in source3/param for now */
1094 #include "lib/param/param_functions.c"
1096 FN_LOCAL_STRING(servicename, szService)
1097 FN_LOCAL_CONST_STRING(const_servicename, szService)
1099 /* These functions cannot be auto-generated */
1100 FN_LOCAL_BOOL(autoloaded, autoloaded)
1101 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1103 /* local prototypes */
1105 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1106 static const char *get_boolean(bool bool_value);
1107 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1109 static bool hash_a_service(const char *name, int number);
1110 static void free_service_byindex(int iService);
1111 static void show_parameter(int parmIndex);
1112 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1113 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1116 * This is a helper function for parametrical options support. It returns a
1117 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1118 * parametrical functions are quite simple
1120 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1123 if (snum >= iNumServices) return NULL;
1126 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1128 return get_parametric_helper(ServicePtrs[snum],
1129 type, option, Globals.param_opt);
1133 static void discard_whitespace(char *str)
1135 size_t len = strlen(str);
1139 if (isspace(str[i])) {
1140 memmove(&str[i], &str[i+1], len-i);
1149 * @brief Go through all global parametric parameters
1151 * @param regex_str A regular expression to scan param for
1152 * @param max_matches Max number of submatches the regexp expects
1153 * @param cb Function to call on match. Should return true
1154 * when it wants wi_scan_global_parametrics to stop
1156 * @param private_data Anonymous pointer passed to cb
1158 * @return 0: success, regcomp/regexec return value on error.
1159 * See "man regexec" for possible errors
1162 int lp_wi_scan_global_parametrics(
1163 const char *regex_str, size_t max_matches,
1164 bool (*cb)(const char *string, regmatch_t matches[],
1165 void *private_data),
1168 struct parmlist_entry *data;
1172 ret = regcomp(®ex, regex_str, REG_ICASE);
1177 for (data = Globals.param_opt; data != NULL; data = data->next) {
1178 size_t keylen = strlen(data->key);
1180 regmatch_t matches[max_matches];
1183 memcpy(key, data->key, sizeof(key));
1184 discard_whitespace(key);
1186 ret = regexec(®ex, key, max_matches, matches, 0);
1187 if (ret == REG_NOMATCH) {
1194 stop = cb(key, matches, private_data);
1207 #define MISSING_PARAMETER(name) \
1208 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1210 /*******************************************************************
1211 convenience routine to return enum parameters.
1212 ********************************************************************/
1213 static int lp_enum(const char *s,const struct enum_list *_enum)
1217 if (!s || !*s || !_enum) {
1218 MISSING_PARAMETER(lp_enum);
1222 for (i=0; _enum[i].name; i++) {
1223 if (strequal(_enum[i].name,s))
1224 return _enum[i].value;
1227 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1231 #undef MISSING_PARAMETER
1233 /* Return parametric option from a given service. Type is a part of option before ':' */
1234 /* Parametric option has following syntax: 'Type: option = value' */
1235 char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def)
1237 struct parmlist_entry *data = get_parametrics(snum, type, option);
1239 if (data == NULL||data->value==NULL) {
1241 return lp_string(ctx, def);
1247 return lp_string(ctx, data->value);
1250 /* Return parametric option from a given service. Type is a part of option before ':' */
1251 /* Parametric option has following syntax: 'Type: option = value' */
1252 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1254 struct parmlist_entry *data = get_parametrics(snum, type, option);
1256 if (data == NULL||data->value==NULL)
1263 /* Return parametric option from a given service. Type is a part of option before ':' */
1264 /* Parametric option has following syntax: 'Type: option = value' */
1266 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1268 struct parmlist_entry *data = get_parametrics(snum, type, option);
1270 if (data == NULL||data->value==NULL)
1271 return (const char **)def;
1273 if (data->list==NULL) {
1274 data->list = str_list_make_v3(NULL, data->value, NULL);
1277 return discard_const_p(const char *, data->list);
1280 /* Return parametric option from a given service. Type is a part of option before ':' */
1281 /* Parametric option has following syntax: 'Type: option = value' */
1283 int lp_parm_int(int snum, const char *type, const char *option, int def)
1285 struct parmlist_entry *data = get_parametrics(snum, type, option);
1287 if (data && data->value && *data->value)
1288 return lp_int(data->value);
1293 /* Return parametric option from a given service. Type is a part of option before ':' */
1294 /* Parametric option has following syntax: 'Type: option = value' */
1296 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1298 struct parmlist_entry *data = get_parametrics(snum, type, option);
1300 if (data && data->value && *data->value)
1301 return lp_ulong(data->value);
1306 /* Return parametric option from a given service. Type is a part of option before ':' */
1307 /* Parametric option has following syntax: 'Type: option = value' */
1309 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1310 const char *option, unsigned long long def)
1312 struct parmlist_entry *data = get_parametrics(snum, type, option);
1314 if (data && data->value && *data->value) {
1315 return lp_ulonglong(data->value);
1321 /* Return parametric option from a given service. Type is a part of option
1323 /* Parametric option has following syntax: 'Type: option = value' */
1325 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1327 struct parmlist_entry *data = get_parametrics(snum, type, option);
1329 if (data && data->value && *data->value)
1330 return lp_bool(data->value);
1335 /* Return parametric option from a given service. Type is a part of option before ':' */
1336 /* Parametric option has following syntax: 'Type: option = value' */
1338 int lp_parm_enum(int snum, const char *type, const char *option,
1339 const struct enum_list *_enum, int def)
1341 struct parmlist_entry *data = get_parametrics(snum, type, option);
1343 if (data && data->value && *data->value && _enum)
1344 return lp_enum(data->value, _enum);
1350 * free a param_opts structure.
1351 * param_opts handling should be moved to talloc;
1352 * then this whole functions reduces to a TALLOC_FREE().
1355 static void free_param_opts(struct parmlist_entry **popts)
1357 struct parmlist_entry *opt, *next_opt;
1359 if (*popts != NULL) {
1360 DEBUG(5, ("Freeing parametrics:\n"));
1363 while (opt != NULL) {
1364 lpcfg_string_free(&opt->key);
1365 lpcfg_string_free(&opt->value);
1366 TALLOC_FREE(opt->list);
1367 next_opt = opt->next;
1374 /***************************************************************************
1375 Free the dynamically allocated parts of a service struct.
1376 ***************************************************************************/
1378 static void free_service(struct loadparm_service *pservice)
1383 if (pservice->szService)
1384 DEBUG(5, ("free_service: Freeing service %s\n",
1385 pservice->szService));
1387 free_parameters(pservice);
1389 lpcfg_string_free(&pservice->szService);
1390 TALLOC_FREE(pservice->copymap);
1392 free_param_opts(&pservice->param_opt);
1394 ZERO_STRUCTP(pservice);
1398 /***************************************************************************
1399 remove a service indexed in the ServicePtrs array from the ServiceHash
1400 and free the dynamically allocated parts
1401 ***************************************************************************/
1403 static void free_service_byindex(int idx)
1405 if ( !LP_SNUM_OK(idx) )
1408 ServicePtrs[idx]->valid = false;
1410 /* we have to cleanup the hash record */
1412 if (ServicePtrs[idx]->szService) {
1413 char *canon_name = canonicalize_servicename(
1415 ServicePtrs[idx]->szService );
1417 dbwrap_delete_bystring(ServiceHash, canon_name );
1418 TALLOC_FREE(canon_name);
1421 free_service(ServicePtrs[idx]);
1422 TALLOC_FREE(ServicePtrs[idx]);
1425 /***************************************************************************
1426 Add a new service to the services array initialising it with the given
1428 ***************************************************************************/
1430 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1433 struct loadparm_service **tsp = NULL;
1435 /* it might already exist */
1437 i = getservicebyname(name, NULL);
1443 /* Re use empty slots if any before allocating new one.*/
1444 for (i=0; i < iNumServices; i++) {
1445 if (ServicePtrs[i] == NULL) {
1449 if (i == iNumServices) {
1450 /* if not, then create one */
1451 tsp = talloc_realloc(NULL, ServicePtrs,
1452 struct loadparm_service *,
1455 DEBUG(0, ("add_a_service: failed to enlarge "
1462 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1463 if (!ServicePtrs[i]) {
1464 DEBUG(0,("add_a_service: out of memory!\n"));
1468 ServicePtrs[i]->valid = true;
1470 copy_service(ServicePtrs[i], pservice, NULL);
1472 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1475 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1476 i, ServicePtrs[i]->szService));
1478 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1485 /***************************************************************************
1486 Convert a string to uppercase and remove whitespaces.
1487 ***************************************************************************/
1489 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1494 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1498 result = talloc_strdup(ctx, src);
1499 SMB_ASSERT(result != NULL);
1501 if (!strlower_m(result)) {
1502 TALLOC_FREE(result);
1508 /***************************************************************************
1509 Add a name/index pair for the services array to the hash table.
1510 ***************************************************************************/
1512 static bool hash_a_service(const char *name, int idx)
1516 if ( !ServiceHash ) {
1517 DEBUG(10,("hash_a_service: creating servicehash\n"));
1518 ServiceHash = db_open_rbt(NULL);
1519 if ( !ServiceHash ) {
1520 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1525 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1528 canon_name = canonicalize_servicename(talloc_tos(), name );
1530 dbwrap_store_bystring(ServiceHash, canon_name,
1531 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1534 TALLOC_FREE(canon_name);
1539 /***************************************************************************
1540 Add a new home service, with the specified home directory, defaults coming
1542 ***************************************************************************/
1544 bool lp_add_home(const char *pszHomename, int iDefaultService,
1545 const char *user, const char *pszHomedir)
1550 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1551 pszHomedir[0] == '\0') {
1555 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1560 global_path = lp_path(talloc_tos(), GLOBAL_SECTION_SNUM);
1561 if (!(*(ServicePtrs[iDefaultService]->path))
1562 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1563 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1566 TALLOC_FREE(global_path);
1568 if (!(*(ServicePtrs[i]->comment))) {
1569 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1570 if (comment == NULL) {
1573 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1575 TALLOC_FREE(comment);
1578 /* set the browseable flag from the global default */
1580 ServicePtrs[i]->browseable = sDefault.browseable;
1581 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1583 ServicePtrs[i]->autoloaded = true;
1585 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1586 user, ServicePtrs[i]->path ));
1591 /***************************************************************************
1592 Add a new service, based on an old one.
1593 ***************************************************************************/
1595 int lp_add_service(const char *pszService, int iDefaultService)
1597 if (iDefaultService < 0) {
1598 return add_a_service(&sDefault, pszService);
1601 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1604 /***************************************************************************
1605 Add the IPC service.
1606 ***************************************************************************/
1608 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1610 char *comment = NULL;
1611 int i = add_a_service(&sDefault, ipc_name);
1616 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1617 Globals.server_string);
1618 if (comment == NULL) {
1622 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1623 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1624 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1625 ServicePtrs[i]->max_connections = 0;
1626 ServicePtrs[i]->available = true;
1627 ServicePtrs[i]->read_only = true;
1628 ServicePtrs[i]->guest_only = false;
1629 ServicePtrs[i]->administrative_share = true;
1630 ServicePtrs[i]->guest_ok = guest_ok;
1631 ServicePtrs[i]->printable = false;
1632 ServicePtrs[i]->browseable = sDefault.browseable;
1633 ServicePtrs[i]->autoloaded = false;
1635 DEBUG(3, ("adding IPC service\n"));
1637 TALLOC_FREE(comment);
1641 /***************************************************************************
1642 Add a new printer service, with defaults coming from service iFrom.
1643 ***************************************************************************/
1645 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1647 const char *comment = "From Printcap";
1648 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1653 /* note that we do NOT default the availability flag to true - */
1654 /* we take it from the default service passed. This allows all */
1655 /* dynamic printers to be disabled by disabling the [printers] */
1656 /* entry (if/when the 'available' keyword is implemented!). */
1658 /* the printer name is set to the service name. */
1659 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1661 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1663 /* set the browseable flag from the gloabl default */
1664 ServicePtrs[i]->browseable = sDefault.browseable;
1666 /* Printers cannot be read_only. */
1667 ServicePtrs[i]->read_only = false;
1668 /* No oplocks on printer services. */
1669 ServicePtrs[i]->oplocks = false;
1670 /* Printer services must be printable. */
1671 ServicePtrs[i]->printable = true;
1673 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1679 /***************************************************************************
1680 Check whether the given parameter name is valid.
1681 Parametric options (names containing a colon) are considered valid.
1682 ***************************************************************************/
1684 bool lp_parameter_is_valid(const char *pszParmName)
1686 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1687 (strchr(pszParmName, ':') != NULL));
1690 /***************************************************************************
1691 Check whether the given name is the name of a global parameter.
1692 Returns true for strings belonging to parameters of class
1693 P_GLOBAL, false for all other strings, also for parametric options
1694 and strings not belonging to any option.
1695 ***************************************************************************/
1697 bool lp_parameter_is_global(const char *pszParmName)
1699 int num = lpcfg_map_parameter(pszParmName);
1702 return (parm_table[num].p_class == P_GLOBAL);
1708 /**************************************************************************
1709 Determine the canonical name for a parameter.
1710 Indicate when it is an inverse (boolean) synonym instead of a
1712 **************************************************************************/
1714 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1719 if (!lp_parameter_is_valid(parm_name)) {
1724 num = map_parameter_canonical(parm_name, inverse);
1726 /* parametric option */
1727 *canon_parm = parm_name;
1729 *canon_parm = parm_table[num].label;
1736 /**************************************************************************
1737 Determine the canonical name for a parameter.
1738 Turn the value given into the inverse boolean expression when
1739 the synonym is an invers boolean synonym.
1742 - parm_name is a valid parameter name and
1743 - val is a valid value for this parameter and
1744 - in case the parameter is an inverse boolean synonym, if the val
1745 string could successfully be converted to the reverse bool.
1746 Return false in all other cases.
1747 **************************************************************************/
1749 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1751 const char **canon_parm,
1752 const char **canon_val)
1758 if (!lp_parameter_is_valid(parm_name)) {
1764 num = map_parameter_canonical(parm_name, &inverse);
1766 /* parametric option */
1767 *canon_parm = parm_name;
1772 *canon_parm = parm_table[num].label;
1774 if (!lp_invert_boolean(val, canon_val)) {
1782 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1787 /***************************************************************************
1788 Map a parameter's string representation to the index of the canonical
1789 form of the parameter (it might be a synonym).
1790 Returns -1 if the parameter string is not recognised.
1791 ***************************************************************************/
1793 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1795 int parm_num, canon_num;
1796 bool loc_inverse = false;
1798 parm_num = lpcfg_map_parameter(pszParmName);
1799 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1800 /* invalid, parametric or no canidate for synonyms ... */
1804 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1805 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1806 parm_num = canon_num;
1812 if (inverse != NULL) {
1813 *inverse = loc_inverse;
1818 /***************************************************************************
1819 return true if parameter number parm1 is a synonym of parameter
1820 number parm2 (parm2 being the principal name).
1821 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1823 ***************************************************************************/
1825 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1827 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1828 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1829 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1830 !(parm_table[parm2].flags & FLAG_SYNONYM))
1832 if (inverse != NULL) {
1833 if ((parm_table[parm1].type == P_BOOLREV) &&
1834 (parm_table[parm2].type == P_BOOL))
1846 /***************************************************************************
1847 Show one parameter's name, type, [values,] and flags.
1848 (helper functions for show_parameter_list)
1849 ***************************************************************************/
1851 static void show_parameter(int parmIndex)
1853 size_t enumIndex, flagIndex;
1858 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1859 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1860 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1861 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1862 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1864 printf("%s=%s", parm_table[parmIndex].label,
1865 type[parm_table[parmIndex].type]);
1866 if (parm_table[parmIndex].type == P_ENUM) {
1869 parm_table[parmIndex].enum_list[enumIndex].name;
1873 enumIndex ? "|" : "",
1874 parm_table[parmIndex].enum_list[enumIndex].name);
1879 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1880 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1883 flag_names[flagIndex]);
1888 /* output synonyms */
1890 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1891 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1892 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1893 parm_table[parmIndex2].label);
1894 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1896 printf(" (synonyms: ");
1901 printf("%s%s", parm_table[parmIndex2].label,
1902 inverse ? "[i]" : "");
1913 * Check the value for a P_ENUM
1915 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1919 for (i = 0; parm->enum_list[i].name; i++) {
1920 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1927 /**************************************************************************
1928 Check whether the given value is valid for the given parameter name.
1929 **************************************************************************/
1931 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1933 bool ret = false, tmp_bool;
1934 int num = lpcfg_map_parameter(parm_name), tmp_int;
1935 uint64_t tmp_int64 = 0;
1936 struct parm_struct *parm;
1938 /* parametric options (parameter names containing a colon) cannot
1939 be checked and are therefore considered valid. */
1940 if (strchr(parm_name, ':') != NULL) {
1945 parm = &parm_table[num];
1946 switch (parm->type) {
1949 ret = set_boolean(val, &tmp_bool);
1953 ret = (sscanf(val, "%d", &tmp_int) == 1);
1957 ret = (sscanf(val, "%o", &tmp_int) == 1);
1961 ret = check_enum_parameter(parm, val);
1965 if (conv_str_size_error(val, &tmp_int64) &&
1966 tmp_int64 <= INT_MAX) {
1983 /***************************************************************************
1984 Show all parameter's name, type, [values,] and flags.
1985 ***************************************************************************/
1987 void show_parameter_list(void)
1989 int classIndex, parmIndex;
1990 const char *section_names[] = { "local", "global", NULL};
1992 for (classIndex=0; section_names[classIndex]; classIndex++) {
1993 printf("[%s]\n", section_names[classIndex]);
1994 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
1995 if (parm_table[parmIndex].p_class == classIndex) {
1996 show_parameter(parmIndex);
2002 /***************************************************************************
2003 Get the standard string representation of a boolean value ("yes" or "no")
2004 ***************************************************************************/
2006 static const char *get_boolean(bool bool_value)
2008 static const char *yes_str = "yes";
2009 static const char *no_str = "no";
2011 return (bool_value ? yes_str : no_str);
2014 /***************************************************************************
2015 Provide the string of the negated boolean value associated to the boolean
2016 given as a string. Returns false if the passed string does not correctly
2017 represent a boolean.
2018 ***************************************************************************/
2020 bool lp_invert_boolean(const char *str, const char **inverse_str)
2024 if (!set_boolean(str, &val)) {
2028 *inverse_str = get_boolean(!val);
2032 /***************************************************************************
2033 Provide the canonical string representation of a boolean value given
2034 as a string. Return true on success, false if the string given does
2035 not correctly represent a boolean.
2036 ***************************************************************************/
2038 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2042 if (!set_boolean(str, &val)) {
2046 *canon_str = get_boolean(val);
2050 /***************************************************************************
2051 Find a service by name. Otherwise works like get_service.
2052 ***************************************************************************/
2054 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2061 if (ServiceHash == NULL) {
2065 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2067 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2070 if (NT_STATUS_IS_OK(status) &&
2071 (data.dptr != NULL) &&
2072 (data.dsize == sizeof(iService)))
2074 memcpy(&iService, data.dptr, sizeof(iService));
2077 TALLOC_FREE(canon_name);
2079 if ((iService != -1) && (LP_SNUM_OK(iService))
2080 && (pserviceDest != NULL)) {
2081 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2087 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2088 struct loadparm_service *lp_service(const char *pszServiceName)
2090 int iService = getservicebyname(pszServiceName, NULL);
2091 if (iService == -1 || !LP_SNUM_OK(iService)) {
2094 return ServicePtrs[iService];
2097 struct loadparm_service *lp_servicebynum(int snum)
2099 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2102 return ServicePtrs[snum];
2105 struct loadparm_service *lp_default_loadparm_service()
2110 static struct smbconf_ctx *lp_smbconf_ctx(void)
2113 static struct smbconf_ctx *conf_ctx = NULL;
2115 if (conf_ctx == NULL) {
2116 err = smbconf_init(NULL, &conf_ctx, "registry:");
2117 if (!SBC_ERROR_IS_OK(err)) {
2118 DEBUG(1, ("error initializing registry configuration: "
2119 "%s\n", sbcErrorString(err)));
2127 static bool process_smbconf_service(struct smbconf_service *service)
2132 if (service == NULL) {
2136 ret = lp_do_section(service->name, NULL);
2140 for (count = 0; count < service->num_params; count++) {
2142 if (!bInGlobalSection && bGlobalOnly) {
2145 const char *pszParmName = service->param_names[count];
2146 const char *pszParmValue = service->param_values[count];
2148 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2150 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2151 pszParmName, pszParmValue);
2158 if (iServiceIndex >= 0) {
2159 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2165 * load a service from registry and activate it
2167 bool process_registry_service(const char *service_name)
2170 struct smbconf_service *service = NULL;
2171 TALLOC_CTX *mem_ctx = talloc_stackframe();
2172 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2175 if (conf_ctx == NULL) {
2179 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2181 if (!smbconf_share_exists(conf_ctx, service_name)) {
2183 * Registry does not contain data for this service (yet),
2184 * but make sure lp_load doesn't return false.
2190 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2191 if (!SBC_ERROR_IS_OK(err)) {
2195 ret = process_smbconf_service(service);
2201 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2204 TALLOC_FREE(mem_ctx);
2209 * process_registry_globals
2211 static bool process_registry_globals(void)
2215 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2217 if (!bInGlobalSection && bGlobalOnly) {
2220 const char *pszParmName = "registry shares";
2221 const char *pszParmValue = "yes";
2223 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2225 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2226 pszParmName, pszParmValue);
2233 return process_registry_service(GLOBAL_NAME);
2236 bool process_registry_shares(void)
2240 struct smbconf_service **service = NULL;
2241 uint32_t num_shares = 0;
2242 TALLOC_CTX *mem_ctx = talloc_stackframe();
2243 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2246 if (conf_ctx == NULL) {
2250 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2251 if (!SBC_ERROR_IS_OK(err)) {
2257 for (count = 0; count < num_shares; count++) {
2258 if (strequal(service[count]->name, GLOBAL_NAME)) {
2261 ret = process_smbconf_service(service[count]);
2268 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2271 TALLOC_FREE(mem_ctx);
2276 * reload those shares from registry that are already
2277 * activated in the services array.
2279 static bool reload_registry_shares(void)
2284 for (i = 0; i < iNumServices; i++) {
2289 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2293 ret = process_registry_service(ServicePtrs[i]->szService);
2304 #define MAX_INCLUDE_DEPTH 100
2306 static uint8_t include_depth;
2309 * Free the file lists
2311 static void free_file_list(void)
2313 struct file_lists *f;
2314 struct file_lists *next;
2327 * Utility function for outsiders to check if we're running on registry.
2329 bool lp_config_backend_is_registry(void)
2331 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2335 * Utility function to check if the config backend is FILE.
2337 bool lp_config_backend_is_file(void)
2339 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2342 /*******************************************************************
2343 Check if a config file has changed date.
2344 ********************************************************************/
2346 bool lp_file_list_changed(void)
2348 struct file_lists *f = file_lists;
2350 DEBUG(6, ("lp_file_list_changed()\n"));
2353 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2354 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2356 if (conf_ctx == NULL) {
2359 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2362 DEBUGADD(6, ("registry config changed\n"));
2369 n2 = talloc_sub_basic(talloc_tos(),
2370 get_current_username(),
2371 current_user_info.domain,
2376 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2377 f->name, n2, ctime(&f->modtime)));
2379 mod_time = file_modtime(n2);
2382 ((f->modtime != mod_time) ||
2383 (f->subfname == NULL) ||
2384 (strcmp(n2, f->subfname) != 0)))
2387 ("file %s modified: %s\n", n2,
2389 f->modtime = mod_time;
2390 TALLOC_FREE(f->subfname);
2391 f->subfname = talloc_strdup(f, n2);
2392 if (f->subfname == NULL) {
2393 smb_panic("talloc_strdup failed");
2407 * Initialize iconv conversion descriptors.
2409 * This is called the first time it is needed, and also called again
2410 * every time the configuration is reloaded, because the charset or
2411 * codepage might have changed.
2413 static void init_iconv(void)
2415 struct smb_iconv_handle *ret = NULL;
2417 ret = reinit_iconv_handle(NULL,
2421 smb_panic("reinit_iconv_handle failed");
2425 /***************************************************************************
2426 Handle the include operation.
2427 ***************************************************************************/
2428 static bool bAllowIncludeRegistry = true;
2430 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2431 const char *pszParmValue, char **ptr)
2435 if (include_depth >= MAX_INCLUDE_DEPTH) {
2436 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2441 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2442 if (!bAllowIncludeRegistry) {
2445 if (lp_ctx->bInGlobalSection) {
2448 ret = process_registry_globals();
2452 DEBUG(1, ("\"include = registry\" only effective "
2453 "in %s section\n", GLOBAL_NAME));
2458 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2459 current_user_info.domain,
2462 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2464 if (service == NULL) {
2465 lpcfg_string_set(Globals.ctx, ptr, fname);
2467 lpcfg_string_set(service, ptr, fname);
2470 if (file_exist(fname)) {
2473 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2479 DEBUG(2, ("Can't find include file %s\n", fname));
2484 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2486 char *config_option = NULL;
2487 const char *range = NULL;
2490 SMB_ASSERT(low != NULL);
2491 SMB_ASSERT(high != NULL);
2493 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2497 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2499 if (config_option == NULL) {
2500 DEBUG(0, ("out of memory\n"));
2504 range = lp_parm_const_string(-1, config_option, "range", NULL);
2505 if (range == NULL) {
2506 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2510 if (sscanf(range, "%u - %u", low, high) != 2) {
2511 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2512 range, domain_name));
2519 talloc_free(config_option);
2524 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2526 return lp_idmap_range("*", low, high);
2529 const char *lp_idmap_backend(const char *domain_name)
2531 char *config_option = NULL;
2532 const char *backend = NULL;
2534 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2538 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2540 if (config_option == NULL) {
2541 DEBUG(0, ("out of memory\n"));
2545 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2546 if (backend == NULL) {
2547 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2552 talloc_free(config_option);
2556 const char *lp_idmap_default_backend(void)
2558 return lp_idmap_backend("*");
2561 /***************************************************************************
2562 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2563 ***************************************************************************/
2565 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2567 const char *suffix_string;
2569 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2570 Globals.ldap_suffix );
2571 if ( !suffix_string ) {
2572 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2576 return suffix_string;
2579 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2581 if (Globals._ldap_machine_suffix[0])
2582 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2584 return lp_string(ctx, Globals.ldap_suffix);
2587 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2589 if (Globals._ldap_user_suffix[0])
2590 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2592 return lp_string(ctx, Globals.ldap_suffix);
2595 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2597 if (Globals._ldap_group_suffix[0])
2598 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2600 return lp_string(ctx, Globals.ldap_suffix);
2603 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2605 if (Globals._ldap_idmap_suffix[0])
2606 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2608 return lp_string(ctx, Globals.ldap_suffix);
2612 return the parameter pointer for a parameter
2614 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2616 if (service == NULL) {
2617 if (parm->p_class == P_LOCAL)
2618 return (void *)(((char *)&sDefault)+parm->offset);
2619 else if (parm->p_class == P_GLOBAL)
2620 return (void *)(((char *)&Globals)+parm->offset);
2623 return (void *)(((char *)service) + parm->offset);
2627 /***************************************************************************
2628 Process a parameter for a particular service number. If snum < 0
2629 then assume we are in the globals.
2630 ***************************************************************************/
2632 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2634 TALLOC_CTX *frame = talloc_stackframe();
2635 struct loadparm_context *lp_ctx;
2638 lp_ctx = setup_lp_context(frame);
2639 if (lp_ctx == NULL) {
2645 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2647 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2648 pszParmName, pszParmValue);
2656 /***************************************************************************
2657 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2658 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2659 ***************************************************************************/
2661 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2664 parmnum = lpcfg_map_parameter(pszParmName);
2666 flags_list[parmnum] &= ~FLAG_CMDLINE;
2667 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2670 flags_list[parmnum] |= FLAG_CMDLINE;
2672 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2673 * be grouped in the table, so we don't have to search the
2676 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2677 && parm_table[i].p_class == parm_table[parmnum].p_class;
2679 flags_list[i] |= FLAG_CMDLINE;
2681 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2682 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2683 flags_list[i] |= FLAG_CMDLINE;
2689 /* it might be parametric */
2690 if (strchr(pszParmName, ':') != NULL) {
2691 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2695 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2699 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2702 TALLOC_CTX *frame = talloc_stackframe();
2703 struct loadparm_context *lp_ctx;
2705 lp_ctx = setup_lp_context(frame);
2706 if (lp_ctx == NULL) {
2711 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2717 /***************************************************************************
2718 Process a parameter.
2719 ***************************************************************************/
2721 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2724 if (!bInGlobalSection && bGlobalOnly)
2727 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2729 if (bInGlobalSection) {
2730 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2732 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2733 pszParmName, pszParmValue);
2737 /***************************************************************************
2738 Initialize any local variables in the sDefault table, after parsing a
2740 ***************************************************************************/
2742 static void init_locals(void)
2745 * We run this check once the [globals] is parsed, to force
2746 * the VFS objects and other per-share settings we need for
2747 * the standard way a AD DC is operated. We may change these
2748 * as our code evolves, which is why we force these settings.
2750 * We can't do this at the end of lp_load_ex(), as by that
2751 * point the services have been loaded and they will already
2752 * have "" as their vfs objects.
2754 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2755 const char **vfs_objects = lp_vfs_objects(-1);
2756 if (!vfs_objects || !vfs_objects[0]) {
2757 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2758 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2759 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2760 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2762 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2766 lp_do_parameter(-1, "map hidden", "no");
2767 lp_do_parameter(-1, "map system", "no");
2768 lp_do_parameter(-1, "map readonly", "no");
2769 lp_do_parameter(-1, "map archive", "no");
2770 lp_do_parameter(-1, "store dos attributes", "yes");
2774 /***************************************************************************
2775 Process a new section (service). At this stage all sections are services.
2776 Later we'll have special sections that permit server parameters to be set.
2777 Returns true on success, false on failure.
2778 ***************************************************************************/
2780 bool lp_do_section(const char *pszSectionName, void *userdata)
2782 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2784 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2785 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2787 /* if we were in a global section then do the local inits */
2788 if (bInGlobalSection && !isglobal)
2791 /* if we've just struck a global section, note the fact. */
2792 bInGlobalSection = isglobal;
2793 if (lp_ctx != NULL) {
2794 lp_ctx->bInGlobalSection = isglobal;
2797 /* check for multiple global sections */
2798 if (bInGlobalSection) {
2799 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2803 if (!bInGlobalSection && bGlobalOnly)
2806 /* if we have a current service, tidy it up before moving on */
2809 if (iServiceIndex >= 0)
2810 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2812 /* if all is still well, move to the next record in the services array */
2814 /* We put this here to avoid an odd message order if messages are */
2815 /* issued by the post-processing of a previous section. */
2816 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2818 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2819 if (iServiceIndex < 0) {
2820 DEBUG(0, ("Failed to add a new service\n"));
2823 /* Clean all parametric options for service */
2824 /* They will be added during parsing again */
2825 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2831 /***************************************************************************
2832 Display the contents of a parameter of a single services record.
2833 ***************************************************************************/
2835 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2837 bool result = false;
2838 struct loadparm_context *lp_ctx;
2840 lp_ctx = setup_lp_context(talloc_tos());
2841 if (lp_ctx == NULL) {
2846 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2848 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2850 TALLOC_FREE(lp_ctx);
2855 /***************************************************************************
2856 Display the contents of a single copy structure.
2857 ***************************************************************************/
2858 static void dump_copy_map(bool *pcopymap)
2864 printf("\n\tNon-Copied parameters:\n");
2866 for (i = 0; parm_table[i].label; i++)
2867 if (parm_table[i].p_class == P_LOCAL &&
2868 parm_table[i].ptr && !pcopymap[i] &&
2869 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2871 printf("\t\t%s\n", parm_table[i].label);
2876 /***************************************************************************
2877 Return TRUE if the passed service number is within range.
2878 ***************************************************************************/
2880 bool lp_snum_ok(int iService)
2882 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2885 /***************************************************************************
2886 Auto-load some home services.
2887 ***************************************************************************/
2889 static void lp_add_auto_services(char *str)
2899 s = talloc_strdup(talloc_tos(), str);
2901 smb_panic("talloc_strdup failed");
2905 homes = lp_servicenumber(HOMES_NAME);
2907 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2908 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2911 if (lp_servicenumber(p) >= 0)
2914 home = get_user_home_dir(talloc_tos(), p);
2916 if (home && home[0] && homes >= 0)
2917 lp_add_home(p, homes, p, home);
2924 /***************************************************************************
2925 Auto-load one printer.
2926 ***************************************************************************/
2928 void lp_add_one_printer(const char *name, const char *comment,
2929 const char *location, void *pdata)
2931 int printers = lp_servicenumber(PRINTERS_NAME);
2934 if (lp_servicenumber(name) < 0) {
2935 lp_add_printer(name, printers);
2936 if ((i = lp_servicenumber(name)) >= 0) {
2937 lpcfg_string_set(ServicePtrs[i],
2938 &ServicePtrs[i]->comment, comment);
2939 ServicePtrs[i]->autoloaded = true;
2944 /***************************************************************************
2945 Have we loaded a services file yet?
2946 ***************************************************************************/
2948 bool lp_loaded(void)
2953 /***************************************************************************
2954 Unload unused services.
2955 ***************************************************************************/
2957 void lp_killunused(struct smbd_server_connection *sconn,
2958 bool (*snumused) (struct smbd_server_connection *, int))
2961 for (i = 0; i < iNumServices; i++) {
2965 /* don't kill autoloaded or usershare services */
2966 if ( ServicePtrs[i]->autoloaded ||
2967 ServicePtrs[i]->usershare == USERSHARE_VALID) {
2971 if (!snumused || !snumused(sconn, i)) {
2972 free_service_byindex(i);
2978 * Kill all except autoloaded and usershare services - convenience wrapper
2980 void lp_kill_all_services(void)
2982 lp_killunused(NULL, NULL);
2985 /***************************************************************************
2987 ***************************************************************************/
2989 void lp_killservice(int iServiceIn)
2991 if (VALID(iServiceIn)) {
2992 free_service_byindex(iServiceIn);
2996 /***************************************************************************
2997 Save the curent values of all global and sDefault parameters into the
2998 defaults union. This allows testparm to show only the
2999 changed (ie. non-default) parameters.
3000 ***************************************************************************/
3002 static void lp_save_defaults(void)
3005 struct parmlist_entry * parm;
3006 for (i = 0; parm_table[i].label; i++) {
3007 if (!(flags_list[i] & FLAG_CMDLINE)) {
3008 flags_list[i] |= FLAG_DEFAULT;
3011 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3012 && parm_table[i].p_class == parm_table[i - 1].p_class)
3014 switch (parm_table[i].type) {
3017 parm_table[i].def.lvalue = str_list_copy(
3018 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3024 &parm_table[i].def.svalue,
3025 *(char **)lp_parm_ptr(
3026 NULL, &parm_table[i]));
3027 if (parm_table[i].def.svalue == NULL) {
3028 smb_panic("lpcfg_string_set() failed");
3033 parm_table[i].def.bvalue =
3034 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3037 parm_table[i].def.cvalue =
3038 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3044 parm_table[i].def.ivalue =
3045 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3050 for (parm=Globals.param_opt; parm; parm=parm->next) {
3051 if (!(parm->priority & FLAG_CMDLINE)) {
3052 parm->priority |= FLAG_DEFAULT;
3056 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3057 if (!(parm->priority & FLAG_CMDLINE)) {
3058 parm->priority |= FLAG_DEFAULT;
3062 defaults_saved = true;
3065 /***********************************************************
3066 If we should send plaintext/LANMAN passwords in the clinet
3067 ************************************************************/
3069 static void set_allowed_client_auth(void)
3071 if (Globals.client_ntlmv2_auth) {
3072 Globals.client_lanman_auth = false;
3074 if (!Globals.client_lanman_auth) {
3075 Globals.client_plaintext_auth = false;
3079 /***************************************************************************
3081 The following code allows smbd to read a user defined share file.
3082 Yes, this is my intent. Yes, I'm comfortable with that...
3084 THE FOLLOWING IS SECURITY CRITICAL CODE.
3086 It washes your clothes, it cleans your house, it guards you while you sleep...
3087 Do not f%^k with it....
3088 ***************************************************************************/
3090 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3092 /***************************************************************************
3093 Check allowed stat state of a usershare file.
3094 Ensure we print out who is dicking with us so the admin can
3095 get their sorry ass fired.
3096 ***************************************************************************/
3098 static bool check_usershare_stat(const char *fname,
3099 const SMB_STRUCT_STAT *psbuf)
3101 if (!S_ISREG(psbuf->st_ex_mode)) {
3102 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3103 "not a regular file\n",
3104 fname, (unsigned int)psbuf->st_ex_uid ));
3108 /* Ensure this doesn't have the other write bit set. */
3109 if (psbuf->st_ex_mode & S_IWOTH) {
3110 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3111 "public write. Refusing to allow as a usershare file.\n",
3112 fname, (unsigned int)psbuf->st_ex_uid ));
3116 /* Should be 10k or less. */
3117 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3118 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3119 "too large (%u) to be a user share file.\n",
3120 fname, (unsigned int)psbuf->st_ex_uid,
3121 (unsigned int)psbuf->st_ex_size ));
3128 /***************************************************************************
3129 Parse the contents of a usershare file.
3130 ***************************************************************************/
3132 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3133 SMB_STRUCT_STAT *psbuf,
3134 const char *servicename,
3138 char **pp_sharepath,
3140 char **pp_cp_servicename,
3141 struct security_descriptor **ppsd,
3144 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3145 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3148 SMB_STRUCT_STAT sbuf;
3149 char *sharepath = NULL;
3150 char *comment = NULL;
3152 *pp_sharepath = NULL;
3155 *pallow_guest = false;
3158 return USERSHARE_MALFORMED_FILE;
3161 if (strcmp(lines[0], "#VERSION 1") == 0) {
3163 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3166 return USERSHARE_MALFORMED_FILE;
3169 return USERSHARE_BAD_VERSION;
3172 if (strncmp(lines[1], "path=", 5) != 0) {
3173 return USERSHARE_MALFORMED_PATH;
3176 sharepath = talloc_strdup(ctx, &lines[1][5]);
3178 return USERSHARE_POSIX_ERR;
3180 trim_string(sharepath, " ", " ");
3182 if (strncmp(lines[2], "comment=", 8) != 0) {
3183 return USERSHARE_MALFORMED_COMMENT_DEF;
3186 comment = talloc_strdup(ctx, &lines[2][8]);
3188 return USERSHARE_POSIX_ERR;
3190 trim_string(comment, " ", " ");
3191 trim_char(comment, '"', '"');
3193 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3194 return USERSHARE_MALFORMED_ACL_DEF;
3197 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3198 return USERSHARE_ACL_ERR;
3202 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3203 return USERSHARE_MALFORMED_ACL_DEF;
3205 if (lines[4][9] == 'y') {
3206 *pallow_guest = true;
3209 /* Backwards compatible extension to file version #2. */
3211 if (strncmp(lines[5], "sharename=", 10) != 0) {
3212 return USERSHARE_MALFORMED_SHARENAME_DEF;
3214 if (!strequal(&lines[5][10], servicename)) {
3215 return USERSHARE_BAD_SHARENAME;
3217 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3218 if (!*pp_cp_servicename) {
3219 return USERSHARE_POSIX_ERR;
3224 if (*pp_cp_servicename == NULL) {
3225 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3226 if (!*pp_cp_servicename) {
3227 return USERSHARE_POSIX_ERR;
3231 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3232 /* Path didn't change, no checks needed. */
3233 *pp_sharepath = sharepath;
3234 *pp_comment = comment;
3235 return USERSHARE_OK;
3238 /* The path *must* be absolute. */
3239 if (sharepath[0] != '/') {
3240 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3241 servicename, sharepath));
3242 return USERSHARE_PATH_NOT_ABSOLUTE;
3245 /* If there is a usershare prefix deny list ensure one of these paths
3246 doesn't match the start of the user given path. */
3247 if (prefixdenylist) {
3249 for ( i=0; prefixdenylist[i]; i++ ) {
3250 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3251 servicename, i, prefixdenylist[i], sharepath ));
3252 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3253 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3254 "usershare prefix deny list entries.\n",
3255 servicename, sharepath));
3256 return USERSHARE_PATH_IS_DENIED;
3261 /* If there is a usershare prefix allow list ensure one of these paths
3262 does match the start of the user given path. */
3264 if (prefixallowlist) {
3266 for ( i=0; prefixallowlist[i]; i++ ) {
3267 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3268 servicename, i, prefixallowlist[i], sharepath ));
3269 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3273 if (prefixallowlist[i] == NULL) {
3274 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3275 "usershare prefix allow list entries.\n",
3276 servicename, sharepath));
3277 return USERSHARE_PATH_NOT_ALLOWED;
3281 /* Ensure this is pointing to a directory. */
3282 dp = opendir(sharepath);
3285 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3286 servicename, sharepath));
3287 return USERSHARE_PATH_NOT_DIRECTORY;
3290 /* Ensure the owner of the usershare file has permission to share
3293 if (sys_stat(sharepath, &sbuf, false) == -1) {
3294 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3295 servicename, sharepath, strerror(errno) ));
3297 return USERSHARE_POSIX_ERR;
3302 if (!S_ISDIR(sbuf.st_ex_mode)) {
3303 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3304 servicename, sharepath ));
3305 return USERSHARE_PATH_NOT_DIRECTORY;
3308 /* Check if sharing is restricted to owner-only. */
3309 /* psbuf is the stat of the usershare definition file,
3310 sbuf is the stat of the target directory to be shared. */
3312 if (lp_usershare_owner_only()) {
3313 /* root can share anything. */
3314 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3315 return USERSHARE_PATH_NOT_ALLOWED;
3319 *pp_sharepath = sharepath;
3320 *pp_comment = comment;
3321 return USERSHARE_OK;
3324 /***************************************************************************
3325 Deal with a usershare file.
3328 -1 - Bad name, invalid contents.
3329 - service name already existed and not a usershare, problem
3330 with permissions to share directory etc.
3331 ***************************************************************************/
3333 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3335 SMB_STRUCT_STAT sbuf;
3336 SMB_STRUCT_STAT lsbuf;
3338 char *sharepath = NULL;
3339 char *comment = NULL;
3340 char *cp_service_name = NULL;
3341 char **lines = NULL;
3345 TALLOC_CTX *ctx = talloc_stackframe();
3346 struct security_descriptor *psd = NULL;
3347 bool guest_ok = false;
3348 char *canon_name = NULL;
3349 bool added_service = false;
3353 /* Ensure share name doesn't contain invalid characters. */
3354 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3355 DEBUG(0,("process_usershare_file: share name %s contains "
3356 "invalid characters (any of %s)\n",
3357 file_name, INVALID_SHARENAME_CHARS ));
3361 canon_name = canonicalize_servicename(ctx, file_name);
3366 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3371 /* Minimize the race condition by doing an lstat before we
3372 open and fstat. Ensure this isn't a symlink link. */
3374 if (sys_lstat(fname, &lsbuf, false) != 0) {
3375 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3376 fname, strerror(errno) ));
3380 /* This must be a regular file, not a symlink, directory or
3381 other strange filetype. */
3382 if (!check_usershare_stat(fname, &lsbuf)) {
3389 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3394 if (NT_STATUS_IS_OK(status) &&
3395 (data.dptr != NULL) &&
3396 (data.dsize == sizeof(iService))) {
3397 memcpy(&iService, data.dptr, sizeof(iService));
3401 if (iService != -1 &&
3402 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3403 &lsbuf.st_ex_mtime) == 0) {
3404 /* Nothing changed - Mark valid and return. */
3405 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3407 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3412 /* Try and open the file read only - no symlinks allowed. */
3414 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3416 fd = open(fname, O_RDONLY, 0);
3420 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3421 fname, strerror(errno) ));
3425 /* Now fstat to be *SURE* it's a regular file. */
3426 if (sys_fstat(fd, &sbuf, false) != 0) {
3428 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3429 fname, strerror(errno) ));
3433 /* Is it the same dev/inode as was lstated ? */
3434 if (!check_same_stat(&lsbuf, &sbuf)) {
3436 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3437 "Symlink spoofing going on ?\n", fname ));
3441 /* This must be a regular file, not a symlink, directory or
3442 other strange filetype. */
3443 if (!check_usershare_stat(fname, &sbuf)) {
3448 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3451 if (lines == NULL) {
3452 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3453 fname, (unsigned int)sbuf.st_ex_uid ));
3457 if (parse_usershare_file(ctx, &sbuf, file_name,
3458 iService, lines, numlines, &sharepath,
3459 &comment, &cp_service_name,
3460 &psd, &guest_ok) != USERSHARE_OK) {
3464 /* Everything ok - add the service possibly using a template. */
3466 const struct loadparm_service *sp = &sDefault;
3467 if (snum_template != -1) {
3468 sp = ServicePtrs[snum_template];
3471 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3472 DEBUG(0, ("process_usershare_file: Failed to add "
3473 "new service %s\n", cp_service_name));
3477 added_service = true;
3479 /* Read only is controlled by usershare ACL below. */
3480 ServicePtrs[iService]->read_only = false;
3483 /* Write the ACL of the new/modified share. */
3484 status = set_share_security(canon_name, psd);
3485 if (!NT_STATUS_IS_OK(status)) {
3486 DEBUG(0, ("process_usershare_file: Failed to set share "
3487 "security for user share %s\n",
3492 /* If from a template it may be marked invalid. */
3493 ServicePtrs[iService]->valid = true;
3495 /* Set the service as a valid usershare. */
3496 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3498 /* Set guest access. */
3499 if (lp_usershare_allow_guests()) {
3500 ServicePtrs[iService]->guest_ok = guest_ok;
3503 /* And note when it was loaded. */
3504 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3505 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3507 lpcfg_string_set(ServicePtrs[iService],
3508 &ServicePtrs[iService]->comment, comment);
3514 if (ret == -1 && iService != -1 && added_service) {
3515 lp_remove_service(iService);
3523 /***************************************************************************
3524 Checks if a usershare entry has been modified since last load.
3525 ***************************************************************************/
3527 static bool usershare_exists(int iService, struct timespec *last_mod)
3529 SMB_STRUCT_STAT lsbuf;
3530 const char *usersharepath = Globals.usershare_path;
3533 fname = talloc_asprintf(talloc_tos(),
3536 ServicePtrs[iService]->szService);
3537 if (fname == NULL) {
3541 if (sys_lstat(fname, &lsbuf, false) != 0) {
3546 if (!S_ISREG(lsbuf.st_ex_mode)) {
3552 *last_mod = lsbuf.st_ex_mtime;
3556 static bool usershare_directory_is_root(uid_t uid)
3562 if (uid_wrapper_enabled()) {
3569 /***************************************************************************
3570 Load a usershare service by name. Returns a valid servicenumber or -1.
3571 ***************************************************************************/
3573 int load_usershare_service(const char *servicename)
3575 SMB_STRUCT_STAT sbuf;
3576 const char *usersharepath = Globals.usershare_path;
3577 int max_user_shares = Globals.usershare_max_shares;
3578 int snum_template = -1;
3580 if (*usersharepath == 0 || max_user_shares == 0) {
3584 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3585 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3586 usersharepath, strerror(errno) ));
3590 if (!S_ISDIR(sbuf.st_ex_mode)) {
3591 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3597 * This directory must be owned by root, and have the 't' bit set.
3598 * It also must not be writable by "other".
3602 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3603 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3605 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3606 (sbuf.st_ex_mode & S_IWOTH)) {
3608 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3609 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3614 /* Ensure the template share exists if it's set. */
3615 if (Globals.usershare_template_share[0]) {
3616 /* We can't use lp_servicenumber here as we are recommending that
3617 template shares have -valid=false set. */
3618 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3619 if (ServicePtrs[snum_template]->szService &&
3620 strequal(ServicePtrs[snum_template]->szService,
3621 Globals.usershare_template_share)) {
3626 if (snum_template == -1) {
3627 DEBUG(0,("load_usershare_service: usershare template share %s "
3628 "does not exist.\n",
3629 Globals.usershare_template_share ));
3634 return process_usershare_file(usersharepath, servicename, snum_template);
3637 /***************************************************************************
3638 Load all user defined shares from the user share directory.
3639 We only do this if we're enumerating the share list.
3640 This is the function that can delete usershares that have
3642 ***************************************************************************/
3644 int load_usershare_shares(struct smbd_server_connection *sconn,
3645 bool (*snumused) (struct smbd_server_connection *, int))
3648 SMB_STRUCT_STAT sbuf;
3650 int num_usershares = 0;
3651 int max_user_shares = Globals.usershare_max_shares;
3652 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3653 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3654 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3656 int snum_template = -1;
3657 const char *usersharepath = Globals.usershare_path;
3658 int ret = lp_numservices();
3659 TALLOC_CTX *tmp_ctx;
3661 if (max_user_shares == 0 || *usersharepath == '\0') {
3662 return lp_numservices();
3665 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3666 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3667 usersharepath, strerror(errno) ));
3672 * This directory must be owned by root, and have the 't' bit set.
3673 * It also must not be writable by "other".
3677 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3679 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3681 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3682 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3687 /* Ensure the template share exists if it's set. */
3688 if (Globals.usershare_template_share[0]) {
3689 /* We can't use lp_servicenumber here as we are recommending that
3690 template shares have -valid=false set. */
3691 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3692 if (ServicePtrs[snum_template]->szService &&
3693 strequal(ServicePtrs[snum_template]->szService,
3694 Globals.usershare_template_share)) {
3699 if (snum_template == -1) {
3700 DEBUG(0,("load_usershare_shares: usershare template share %s "
3701 "does not exist.\n",
3702 Globals.usershare_template_share ));
3707 /* Mark all existing usershares as pending delete. */
3708 for (iService = iNumServices - 1; iService >= 0; iService--) {
3709 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3710 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3714 dp = opendir(usersharepath);
3716 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3717 usersharepath, strerror(errno) ));
3721 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3723 num_dir_entries++ ) {
3725 const char *n = de->d_name;
3727 /* Ignore . and .. */
3729 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3735 /* Temporary file used when creating a share. */
3736 num_tmp_dir_entries++;
3739 /* Allow 20% tmp entries. */
3740 if (num_tmp_dir_entries > allowed_tmp_entries) {
3741 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3742 "in directory %s\n",
3743 num_tmp_dir_entries, usersharepath));
3747 r = process_usershare_file(usersharepath, n, snum_template);
3749 /* Update the services count. */
3751 if (num_usershares >= max_user_shares) {
3752 DEBUG(0,("load_usershare_shares: max user shares reached "
3753 "on file %s in directory %s\n",
3754 n, usersharepath ));
3757 } else if (r == -1) {
3758 num_bad_dir_entries++;
3761 /* Allow 20% bad entries. */
3762 if (num_bad_dir_entries > allowed_bad_entries) {
3763 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3764 "in directory %s\n",
3765 num_bad_dir_entries, usersharepath));
3769 /* Allow 20% bad entries. */
3770 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3771 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3772 "in directory %s\n",
3773 num_dir_entries, usersharepath));
3780 /* Sweep through and delete any non-refreshed usershares that are
3781 not currently in use. */
3782 tmp_ctx = talloc_stackframe();
3783 for (iService = iNumServices - 1; iService >= 0; iService--) {
3784 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3787 if (snumused && snumused(sconn, iService)) {
3791 servname = lp_servicename(tmp_ctx, iService);
3793 /* Remove from the share ACL db. */
3794 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3796 delete_share_security(servname);
3797 free_service_byindex(iService);
3800 talloc_free(tmp_ctx);
3802 return lp_numservices();
3805 /********************************************************
3806 Destroy global resources allocated in this file
3807 ********************************************************/
3809 void gfree_loadparm(void)
3815 /* Free resources allocated to services */
3817 for ( i = 0; i < iNumServices; i++ ) {
3819 free_service_byindex(i);
3823 TALLOC_FREE( ServicePtrs );
3826 /* Now release all resources allocated to global
3827 parameters and the default service */
3829 free_global_parameters();
3833 /***************************************************************************
3834 Allow client apps to specify that they are a client
3835 ***************************************************************************/
3836 static void lp_set_in_client(bool b)
3842 /***************************************************************************
3843 Determine if we're running in a client app
3844 ***************************************************************************/
3845 static bool lp_is_in_client(void)
3850 static void lp_enforce_ad_dc_settings(void)
3852 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3853 lp_do_parameter(GLOBAL_SECTION_SNUM,
3854 "winbindd:use external pipes", "true");
3855 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3856 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3857 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3858 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3859 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3860 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3861 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3862 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3863 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3866 /***************************************************************************
3867 Load the services array from the services file. Return true on success,
3869 ***************************************************************************/
3871 static bool lp_load_ex(const char *pszFname,
3875 bool reinit_globals,
3876 bool allow_include_registry,
3877 bool load_all_shares)
3881 TALLOC_CTX *frame = talloc_stackframe();
3882 struct loadparm_context *lp_ctx;
3883 int max_protocol, min_protocol;
3885 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3887 bInGlobalSection = true;
3888 bGlobalOnly = global_only;
3889 bAllowIncludeRegistry = allow_include_registry;
3890 sDefault = _sDefault;
3892 lp_ctx = setup_lp_context(talloc_tos());
3894 init_globals(lp_ctx, reinit_globals);
3898 if (save_defaults) {
3903 if (!reinit_globals) {
3904 free_param_opts(&Globals.param_opt);
3905 apply_lp_set_cmdline();
3908 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3910 /* We get sections first, so have to start 'behind' to make up */
3913 if (lp_config_backend_is_file()) {
3914 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3915 current_user_info.domain,
3918 smb_panic("lp_load_ex: out of memory");
3921 add_to_file_list(NULL, &file_lists, pszFname, n2);
3923 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3926 /* finish up the last section */
3927 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3929 if (iServiceIndex >= 0) {
3930 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3934 if (lp_config_backend_is_registry()) {
3936 /* config backend changed to registry in config file */
3938 * We need to use this extra global variable here to
3939 * survive restart: init_globals uses this as a default
3940 * for config_backend. Otherwise, init_globals would
3941 * send us into an endless loop here.
3944 config_backend = CONFIG_BACKEND_REGISTRY;
3946 DEBUG(1, ("lp_load_ex: changing to config backend "
3948 init_globals(lp_ctx, true);
3950 TALLOC_FREE(lp_ctx);
3952 lp_kill_all_services();
3953 ok = lp_load_ex(pszFname, global_only, save_defaults,
3954 add_ipc, reinit_globals,
3955 allow_include_registry,
3960 } else if (lp_config_backend_is_registry()) {
3961 bRetval = process_registry_globals();
3963 DEBUG(0, ("Illegal config backend given: %d\n",
3964 lp_config_backend()));
3968 if (bRetval && lp_registry_shares()) {
3969 if (load_all_shares) {
3970 bRetval = process_registry_shares();
3972 bRetval = reload_registry_shares();
3977 char *serv = lp_auto_services(talloc_tos());
3978 lp_add_auto_services(serv);
3983 /* When 'restrict anonymous = 2' guest connections to ipc$
3985 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
3986 if ( lp_enable_asu_support() ) {
3987 lp_add_ipc("ADMIN$", false);
3991 set_allowed_client_auth();
3993 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
3994 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
3995 lp_password_server()));
4000 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4001 /* if we_are_a_wins_server is true and we are in the client */
4002 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4003 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4008 fault_configure(smb_panic_s3);
4011 * We run this check once the whole smb.conf is parsed, to
4012 * force some settings for the standard way a AD DC is
4013 * operated. We may change these as our code evolves, which
4014 * is why we force these settings.
4016 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4017 lp_enforce_ad_dc_settings();
4020 bAllowIncludeRegistry = true;
4022 /* Check if command line max protocol < min protocol, if so
4023 * report a warning to the user.
4025 max_protocol = lp_client_max_protocol();
4026 min_protocol = lp_client_min_protocol();
4027 if (max_protocol < min_protocol) {
4028 const char *max_protocolp, *min_protocolp;
4029 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4030 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4031 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4032 max_protocolp, min_protocolp);
4039 static bool lp_load(const char *pszFname,
4043 bool reinit_globals)
4045 return lp_load_ex(pszFname,
4050 true, /* allow_include_registry */
4051 false); /* load_all_shares*/
4054 bool lp_load_initial_only(const char *pszFname)
4056 return lp_load_ex(pszFname,
4057 true, /* global only */
4058 true, /* save_defaults */
4059 false, /* add_ipc */
4060 true, /* reinit_globals */
4061 false, /* allow_include_registry */
4062 false); /* load_all_shares*/
4066 * most common lp_load wrapper, loading only the globals
4068 * If this is used in a daemon or client utility it should be called
4069 * after processing popt.
4071 bool lp_load_global(const char *file_name)
4073 return lp_load(file_name,
4074 true, /* global_only */
4075 false, /* save_defaults */
4076 false, /* add_ipc */
4077 true); /* reinit_globals */
4081 * The typical lp_load wrapper with shares, loads global and
4082 * shares, including IPC, but does not force immediate
4083 * loading of all shares from registry.
4085 bool lp_load_with_shares(const char *file_name)
4087 return lp_load(file_name,
4088 false, /* global_only */
4089 false, /* save_defaults */
4091 true); /* reinit_globals */
4095 * lp_load wrapper, especially for clients
4097 bool lp_load_client(const char *file_name)
4099 lp_set_in_client(true);
4101 return lp_load_global(file_name);
4105 * lp_load wrapper, loading only globals, but intended
4106 * for subsequent calls, not reinitializing the globals
4109 bool lp_load_global_no_reinit(const char *file_name)
4111 return lp_load(file_name,
4112 true, /* global_only */
4113 false, /* save_defaults */
4114 false, /* add_ipc */
4115 false); /* reinit_globals */
4119 * lp_load wrapper, loading globals and shares,
4120 * intended for subsequent calls, i.e. not reinitializing
4121 * the globals to default values.
4123 bool lp_load_no_reinit(const char *file_name)
4125 return lp_load(file_name,
4126 false, /* global_only */
4127 false, /* save_defaults */
4128 false, /* add_ipc */
4129 false); /* reinit_globals */
4134 * lp_load wrapper, especially for clients, no reinitialization
4136 bool lp_load_client_no_reinit(const char *file_name)
4138 lp_set_in_client(true);
4140 return lp_load_global_no_reinit(file_name);
4143 bool lp_load_with_registry_shares(const char *pszFname)
4145 return lp_load_ex(pszFname,
4146 false, /* global_only */
4147 true, /* save_defaults */
4148 false, /* add_ipc */
4149 true, /* reinit_globals */
4150 true, /* allow_include_registry */
4151 true); /* load_all_shares*/
4154 /***************************************************************************
4155 Return the max number of services.
4156 ***************************************************************************/
4158 int lp_numservices(void)
4160 return (iNumServices);
4163 /***************************************************************************
4164 Display the contents of the services array in human-readable form.
4165 ***************************************************************************/
4167 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4170 struct loadparm_context *lp_ctx;
4173 defaults_saved = false;
4175 lp_ctx = setup_lp_context(talloc_tos());
4176 if (lp_ctx == NULL) {
4180 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4182 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4184 for (iService = 0; iService < maxtoprint; iService++) {
4186 lp_dump_one(f, show_defaults, iService);
4188 TALLOC_FREE(lp_ctx);
4191 /***************************************************************************
4192 Display the contents of one service in human-readable form.
4193 ***************************************************************************/
4195 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4198 if (ServicePtrs[snum]->szService[0] == '\0')
4200 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4201 flags_list, show_defaults);
4205 /***************************************************************************
4206 Return the number of the service with the given name, or -1 if it doesn't
4207 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4208 getservicebyname()! This works ONLY if all services have been loaded, and
4209 does not copy the found service.
4210 ***************************************************************************/
4212 int lp_servicenumber(const char *pszServiceName)
4215 fstring serviceName;
4217 if (!pszServiceName) {
4218 return GLOBAL_SECTION_SNUM;
4221 for (iService = iNumServices - 1; iService >= 0; iService--) {
4222 if (VALID(iService) && ServicePtrs[iService]->szService) {
4224 * The substitution here is used to support %U in
4227 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4228 standard_sub_basic(get_current_username(),
4229 current_user_info.domain,
4230 serviceName,sizeof(serviceName));
4231 if (strequal(serviceName, pszServiceName)) {
4237 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4238 struct timespec last_mod;
4240 if (!usershare_exists(iService, &last_mod)) {
4241 /* Remove the share security tdb entry for it. */
4242 delete_share_security(lp_const_servicename(iService));
4243 /* Remove it from the array. */
4244 free_service_byindex(iService);
4245 /* Doesn't exist anymore. */
4246 return GLOBAL_SECTION_SNUM;
4249 /* Has it been modified ? If so delete and reload. */
4250 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4252 /* Remove it from the array. */
4253 free_service_byindex(iService);
4254 /* and now reload it. */
4255 iService = load_usershare_service(pszServiceName);
4260 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4261 return GLOBAL_SECTION_SNUM;
4267 /*******************************************************************
4268 A useful volume label function.
4269 ********************************************************************/
4271 const char *volume_label(TALLOC_CTX *ctx, int snum)
4274 const char *label = lp_volume(ctx, snum);
4278 label = lp_servicename(ctx, snum);
4282 * Volume label can be a max of 32 bytes. Make sure to truncate
4283 * it at a codepoint boundary if it's longer than 32 and contains
4284 * multibyte characters. Windows insists on a volume label being
4285 * a valid mb sequence, and errors out if not.
4287 if (strlen(label) > 32) {
4289 * A MB char can be a max of 5 bytes, thus
4290 * we should have a valid mb character at a
4291 * minimum position of (32-5) = 27.
4295 * Check if a codepoint starting from next byte
4296 * is valid. If yes, then the current byte is the
4297 * end of a MB or ascii sequence and the label can
4298 * be safely truncated here. If not, keep going
4299 * backwards till a valid codepoint is found.
4302 const char *s = &label[end];
4303 codepoint_t c = next_codepoint(s, &len);
4304 if (c != INVALID_CODEPOINT) {
4311 /* This returns a max of 33 byte guarenteed null terminated string. */
4312 ret = talloc_strndup(ctx, label, end);
4319 /*******************************************************************
4320 Get the default server type we will announce as via nmbd.
4321 ********************************************************************/
4323 int lp_default_server_announce(void)
4325 int default_server_announce = 0;
4326 default_server_announce |= SV_TYPE_WORKSTATION;
4327 default_server_announce |= SV_TYPE_SERVER;
4328 default_server_announce |= SV_TYPE_SERVER_UNIX;
4330 /* note that the flag should be set only if we have a
4331 printer service but nmbd doesn't actually load the
4332 services so we can't tell --jerry */
4334 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4336 default_server_announce |= SV_TYPE_SERVER_NT;
4337 default_server_announce |= SV_TYPE_NT;
4339 switch (lp_server_role()) {
4340 case ROLE_DOMAIN_MEMBER:
4341 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4343 case ROLE_DOMAIN_PDC:
4344 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4346 case ROLE_DOMAIN_BDC:
4347 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4349 case ROLE_STANDALONE:
4353 if (lp_time_server())
4354 default_server_announce |= SV_TYPE_TIME_SOURCE;
4356 if (lp_host_msdfs())
4357 default_server_announce |= SV_TYPE_DFS_SERVER;
4359 return default_server_announce;
4362 /***********************************************************
4363 If we are PDC then prefer us as DMB
4364 ************************************************************/
4366 bool lp_domain_master(void)
4368 if (Globals._domain_master == Auto)
4369 return (lp_server_role() == ROLE_DOMAIN_PDC);
4371 return (bool)Globals._domain_master;
4374 /***********************************************************
4375 If we are PDC then prefer us as DMB
4376 ************************************************************/
4378 static bool lp_domain_master_true_or_auto(void)
4380 if (Globals._domain_master) /* auto or yes */
4386 /***********************************************************
4387 If we are DMB then prefer us as LMB
4388 ************************************************************/
4390 bool lp_preferred_master(void)
4392 int preferred_master = lp__preferred_master();
4394 if (preferred_master == Auto)
4395 return (lp_local_master() && lp_domain_master());
4397 return (bool)preferred_master;
4400 /*******************************************************************
4402 ********************************************************************/
4404 void lp_remove_service(int snum)
4406 ServicePtrs[snum]->valid = false;
4409 const char *lp_printername(TALLOC_CTX *ctx, int snum)
4411 const char *ret = lp__printername(ctx, snum);
4412 if (ret == NULL || *ret == '\0') {
4413 ret = lp_const_servicename(snum);
4420 /***********************************************************
4421 Allow daemons such as winbindd to fix their logfile name.
4422 ************************************************************/
4424 void lp_set_logfile(const char *name)
4426 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4427 debug_set_logfile(name);
4430 /*******************************************************************
4431 Return the max print jobs per queue.
4432 ********************************************************************/
4434 int lp_maxprintjobs(int snum)
4436 int maxjobs = lp_max_print_jobs(snum);
4438 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4439 maxjobs = PRINT_MAX_JOBID - 1;
4444 const char *lp_printcapname(void)
4446 const char *printcap_name = lp_printcap_name();
4448 if ((printcap_name != NULL) &&
4449 (printcap_name[0] != '\0'))
4450 return printcap_name;
4452 if (sDefault.printing == PRINT_CUPS) {
4456 if (sDefault.printing == PRINT_BSD)
4457 return "/etc/printcap";
4459 return PRINTCAP_NAME;
4462 static uint32_t spoolss_state;
4464 bool lp_disable_spoolss( void )
4466 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4467 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4469 return spoolss_state == SVCCTL_STOPPED ? true : false;
4472 void lp_set_spoolss_state( uint32_t state )
4474 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4476 spoolss_state = state;
4479 uint32_t lp_get_spoolss_state( void )
4481 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4484 /*******************************************************************
4485 Ensure we don't use sendfile if server smb signing is active.
4486 ********************************************************************/
4488 bool lp_use_sendfile(int snum, struct smb_signing_state *signing_state)
4490 bool sign_active = false;
4492 /* Using sendfile blows the brains out of any DOS or Win9x TCP stack... JRA. */
4493 if (get_Protocol() < PROTOCOL_NT1) {
4496 if (signing_state) {
4497 sign_active = smb_signing_is_active(signing_state);
4499 return (lp__use_sendfile(snum) &&
4500 (get_remote_arch() != RA_WIN95) &&
4504 /*******************************************************************
4505 Turn off sendfile if we find the underlying OS doesn't support it.
4506 ********************************************************************/
4508 void set_use_sendfile(int snum, bool val)
4510 if (LP_SNUM_OK(snum))
4511 ServicePtrs[snum]->_use_sendfile = val;
4513 sDefault._use_sendfile = val;
4516 void lp_set_mangling_method(const char *new_method)
4518 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4521 /*******************************************************************
4522 Global state for POSIX pathname processing.
4523 ********************************************************************/
4525 static bool posix_pathnames;
4527 bool lp_posix_pathnames(void)
4529 return posix_pathnames;
4532 /*******************************************************************
4533 Change everything needed to ensure POSIX pathname processing (currently
4535 ********************************************************************/
4537 void lp_set_posix_pathnames(void)
4539 posix_pathnames = true;
4542 /*******************************************************************
4543 Global state for POSIX lock processing - CIFS unix extensions.
4544 ********************************************************************/
4546 bool posix_default_lock_was_set;
4547 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4549 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4551 if (posix_default_lock_was_set) {
4552 return posix_cifsx_locktype;
4554 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4555 POSIX_LOCK : WINDOWS_LOCK;
4559 /*******************************************************************
4560 ********************************************************************/
4562 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4564 posix_default_lock_was_set = true;
4565 posix_cifsx_locktype = val;
4568 int lp_min_receive_file_size(void)
4570 int min_receivefile_size = lp_min_receivefile_size();
4572 if (min_receivefile_size < 0) {
4575 return min_receivefile_size;
4578 /*******************************************************************
4579 Safe wide links checks.
4580 This helper function always verify the validity of wide links,
4581 even after a configuration file reload.
4582 ********************************************************************/
4584 void widelinks_warning(int snum)
4586 if (lp_allow_insecure_wide_links()) {
4590 if (lp_unix_extensions() && lp_wide_links(snum)) {
4591 DBG_ERR("Share '%s' has wide links and unix extensions enabled. "
4592 "These parameters are incompatible. "
4593 "Wide links will be disabled for this share.\n",
4594 lp_const_servicename(snum));
4598 bool lp_widelinks(int snum)
4600 /* wide links is always incompatible with unix extensions */
4601 if (lp_unix_extensions()) {
4603 * Unless we have "allow insecure widelinks"
4606 if (!lp_allow_insecure_wide_links()) {
4611 return lp_wide_links(snum);
4614 int lp_server_role(void)
4616 return lp_find_server_role(lp__server_role(),
4618 lp__domain_logons(),
4619 lp_domain_master_true_or_auto());
4622 int lp_security(void)
4624 return lp_find_security(lp__server_role(),
4628 int lp_client_max_protocol(void)
4630 int client_max_protocol = lp__client_max_protocol();
4631 if (client_max_protocol == PROTOCOL_DEFAULT) {
4632 return PROTOCOL_LATEST;
4634 return client_max_protocol;
4637 int lp_client_ipc_min_protocol(void)
4639 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4640 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4641 client_ipc_min_protocol = lp_client_min_protocol();
4643 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4644 return PROTOCOL_NT1;
4646 return client_ipc_min_protocol;
4649 int lp_client_ipc_max_protocol(void)
4651 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4652 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4653 return PROTOCOL_LATEST;
4655 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4656 return PROTOCOL_NT1;
4658 return client_ipc_max_protocol;
4661 int lp_client_ipc_signing(void)
4663 int client_ipc_signing = lp__client_ipc_signing();
4664 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4665 return SMB_SIGNING_REQUIRED;
4667 return client_ipc_signing;
4670 int lp_rpc_low_port(void)
4672 return Globals.rpc_low_port;
4675 int lp_rpc_high_port(void)
4677 return Globals.rpc_high_port;
4681 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4683 * This also ensures it is disabled if NTLM is totally disabled
4685 bool lp_lanman_auth(void)
4687 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4689 if (ntlm_auth_level == NTLM_AUTH_ON) {
4690 return lp__lanman_auth();
4696 struct loadparm_global * get_globals(void)
4701 unsigned int * get_flags(void)
4703 if (flags_list == NULL) {
4704 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
git.samba.org / amitay / samba.git / blob