2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
57 #include "system/filesys.h"
59 #include "lib/param/loadparm.h"
60 #include "lib/param/param.h"
62 #include "lib/smbconf/smbconf.h"
63 #include "lib/smbconf/smbconf_init.h"
66 #include "../librpc/gen_ndr/svcctl.h"
68 #include "../libcli/smb/smb_signing.h"
69 #include "dbwrap/dbwrap.h"
70 #include "dbwrap/dbwrap_rbt.h"
71 #include "../lib/util/bitmap.h"
72 #include "librpc/gen_ndr/nbt.h"
73 #include "source4/lib/tls/tls.h"
74 #include "libcli/auth/ntlm_check.h"
76 #ifdef HAVE_SYS_SYSCTL_H
77 #include <sys/sysctl.h>
82 extern userdom_struct current_user_info;
84 /* the special value for the include parameter
85 * to be interpreted not as a file name but to
86 * trigger loading of the global smb.conf options
88 #ifndef INCLUDE_REGISTRY_NAME
89 #define INCLUDE_REGISTRY_NAME "registry"
92 static bool in_client = false; /* Not in the client by default */
93 static struct smbconf_csn conf_last_csn;
95 static int config_backend = CONFIG_BACKEND_FILE;
97 /* some helpful bits */
98 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
99 (ServicePtrs != NULL) && \
100 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
101 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
102 ServicePtrs[i]->valid)
104 #define USERSHARE_VALID 1
105 #define USERSHARE_PENDING_DELETE 2
107 static bool defaults_saved = false;
109 #include "lib/param/param_global.h"
111 static struct loadparm_global Globals;
113 /* This is a default service used to prime a services structure */
114 static const struct loadparm_service _sDefault =
119 .usershare_last_mod = {0, 0},
122 .invalid_users = NULL,
129 .root_preexec = NULL,
130 .root_postexec = NULL,
131 .cups_options = NULL,
132 .print_command = NULL,
134 .lprm_command = NULL,
135 .lppause_command = NULL,
136 .lpresume_command = NULL,
137 .queuepause_command = NULL,
138 .queueresume_command = NULL,
139 ._printername = NULL,
140 .printjob_username = NULL,
141 .dont_descend = NULL,
144 .magic_script = NULL,
145 .magic_output = NULL,
148 .veto_oplock_files = NULL,
158 .aio_write_behind = NULL,
159 .dfree_command = NULL,
160 .min_print_space = 0,
161 .max_print_jobs = 1000,
162 .max_reported_print_jobs = 0,
164 .force_create_mode = 0,
165 .directory_mask = 0755,
166 .force_directory_mode = 0,
167 .max_connections = 0,
168 .default_case = CASE_LOWER,
169 .printing = DEFAULT_PRINTING,
172 .dfree_cache_time = 0,
173 .preexec_close = false,
174 .root_preexec_close = false,
175 .case_sensitive = Auto,
176 .preserve_case = true,
177 .short_preserve_case = true,
178 .hide_dot_files = true,
179 .hide_special_files = false,
180 .hide_unreadable = false,
181 .hide_unwriteable_files = false,
183 .access_based_share_enum = false,
188 .administrative_share = false,
191 .print_notify_backchannel = false,
195 .store_dos_attributes = true,
196 .dmapi_support = false,
198 .strict_locking = Auto,
199 .posix_locking = true,
201 .kernel_oplocks = false,
202 .level2_oplocks = true,
203 .mangled_names = MANGLED_NAMES_ILLEGAL,
205 .follow_symlinks = true,
206 .sync_always = false,
207 .strict_allocate = false,
208 .strict_rename = false,
210 .mangling_char = '~',
212 .delete_readonly = false,
213 .fake_oplocks = false,
214 .delete_veto_files = false,
215 .dos_filemode = false,
216 .dos_filetimes = true,
217 .dos_filetime_resolution = false,
218 .fake_directory_create_times = false,
219 .blocking_locks = true,
220 .inherit_permissions = false,
221 .inherit_acls = false,
222 .inherit_owner = false,
224 .msdfs_shuffle_referrals = false,
225 .use_client_driver = false,
226 .default_devmode = true,
227 .force_printername = false,
228 .nt_acl_support = true,
229 .force_unknown_acl_user = false,
230 ._use_sendfile = false,
231 .map_acl_inherit = false,
234 .acl_check_permissions = true,
235 .acl_map_full_control = true,
236 .acl_group_control = false,
237 .acl_allow_execute_always = false,
240 .map_readonly = MAP_READONLY_NO,
241 .directory_name_cache_size = 100,
242 .smb_encrypt = SMB_SIGNING_DEFAULT,
243 .kernel_share_modes = true,
244 .durable_handles = true,
245 .check_parent_directory_delete_on_close = false,
247 .smbd_search_ask_sharemode = true,
248 .smbd_getinfo_ask_sharemode = true,
249 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
254 * This is a copy of the default service structure. Service options in the
255 * global section would otherwise overwrite the initial default values.
257 static struct loadparm_service sDefault;
259 /* local variables */
260 static struct loadparm_service **ServicePtrs = NULL;
261 static int iNumServices = 0;
262 static int iServiceIndex = 0;
263 static struct db_context *ServiceHash;
264 static bool bInGlobalSection = true;
265 static bool bGlobalOnly = false;
266 static struct file_lists *file_lists = NULL;
267 static unsigned int *flags_list = NULL;
269 static void set_allowed_client_auth(void);
271 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
272 static void free_param_opts(struct parmlist_entry **popts);
275 * Function to return the default value for the maximum number of open
276 * file descriptors permitted. This function tries to consult the
277 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
278 * the smaller of those.
280 static int max_open_files(void)
282 int sysctl_max = MAX_OPEN_FILES;
283 int rlimit_max = MAX_OPEN_FILES;
285 #ifdef HAVE_SYSCTLBYNAME
287 size_t size = sizeof(sysctl_max);
288 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
293 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
299 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
300 rlimit_max = rl.rlim_cur;
302 #if defined(RLIM_INFINITY)
303 if(rl.rlim_cur == RLIM_INFINITY)
304 rlimit_max = MAX_OPEN_FILES;
309 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
310 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
311 "minimum Windows limit (%d)\n",
313 MIN_OPEN_FILES_WINDOWS));
314 sysctl_max = MIN_OPEN_FILES_WINDOWS;
317 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
318 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
319 "minimum Windows limit (%d)\n",
321 MIN_OPEN_FILES_WINDOWS));
322 rlimit_max = MIN_OPEN_FILES_WINDOWS;
325 return MIN(sysctl_max, rlimit_max);
329 * Common part of freeing allocated data for one parameter.
331 static void free_one_parameter_common(void *parm_ptr,
332 struct parm_struct parm)
334 if ((parm.type == P_STRING) ||
335 (parm.type == P_USTRING))
337 lpcfg_string_free((char**)parm_ptr);
338 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
339 TALLOC_FREE(*((char***)parm_ptr));
344 * Free the allocated data for one parameter for a share
345 * given as a service struct.
347 static void free_one_parameter(struct loadparm_service *service,
348 struct parm_struct parm)
352 if (parm.p_class != P_LOCAL) {
356 parm_ptr = lp_parm_ptr(service, &parm);
358 free_one_parameter_common(parm_ptr, parm);
362 * Free the allocated parameter data of a share given
363 * as a service struct.
365 static void free_parameters(struct loadparm_service *service)
369 for (i=0; parm_table[i].label; i++) {
370 free_one_parameter(service, parm_table[i]);
375 * Free the allocated data for one parameter for a given share
376 * specified by an snum.
378 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
383 parm_ptr = lp_parm_ptr(NULL, &parm);
384 } else if (parm.p_class != P_LOCAL) {
387 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
390 free_one_parameter_common(parm_ptr, parm);
394 * Free the allocated parameter data for a share specified
397 static void free_parameters_by_snum(int snum)
401 for (i=0; parm_table[i].label; i++) {
402 free_one_parameter_by_snum(snum, parm_table[i]);
407 * Free the allocated global parameters.
409 static void free_global_parameters(void)
412 struct parm_struct *parm;
414 free_param_opts(&Globals.param_opt);
415 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
417 /* Reset references in the defaults because the context is going to be freed */
418 for (i=0; parm_table[i].label; i++) {
419 parm = &parm_table[i];
420 if ((parm->type == P_STRING) ||
421 (parm->type == P_USTRING)) {
422 if ((parm->def.svalue != NULL) &&
423 (*(parm->def.svalue) != '\0')) {
424 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
425 parm->def.svalue = NULL;
430 TALLOC_FREE(Globals.ctx);
433 struct lp_stored_option {
434 struct lp_stored_option *prev, *next;
439 static struct lp_stored_option *stored_options;
442 save options set by lp_set_cmdline() into a list. This list is
443 re-applied when we do a globals reset, so that cmdline set options
444 are sticky across reloads of smb.conf
446 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
448 struct lp_stored_option *entry, *entry_next;
449 for (entry = stored_options; entry != NULL; entry = entry_next) {
450 entry_next = entry->next;
451 if (strcmp(pszParmName, entry->label) == 0) {
452 DLIST_REMOVE(stored_options, entry);
458 entry = talloc(NULL, struct lp_stored_option);
463 entry->label = talloc_strdup(entry, pszParmName);
469 entry->value = talloc_strdup(entry, pszParmValue);
475 DLIST_ADD_END(stored_options, entry);
480 static bool apply_lp_set_cmdline(void)
482 struct lp_stored_option *entry = NULL;
483 for (entry = stored_options; entry != NULL; entry = entry->next) {
484 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
485 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
486 entry->label, entry->value));
493 /***************************************************************************
494 Initialise the global parameter structure.
495 ***************************************************************************/
497 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
499 static bool done_init = false;
503 /* If requested to initialize only once and we've already done it... */
504 if (!reinit_globals && done_init) {
505 /* ... then we have nothing more to do */
510 /* The logfile can be set before this is invoked. Free it if so. */
511 lpcfg_string_free(&Globals.logfile);
514 free_global_parameters();
517 /* This memset and the free_global_parameters() above will
518 * wipe out smb.conf options set with lp_set_cmdline(). The
519 * apply_lp_set_cmdline() call puts these values back in the
520 * table once the defaults are set */
521 ZERO_STRUCT(Globals);
523 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
525 /* Initialize the flags list if necessary */
526 if (flags_list == NULL) {
530 for (i = 0; parm_table[i].label; i++) {
531 if ((parm_table[i].type == P_STRING ||
532 parm_table[i].type == P_USTRING))
536 (char **)lp_parm_ptr(NULL, &parm_table[i]),
542 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
543 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
545 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
547 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
549 DEBUG(3, ("Initialising global parameters\n"));
551 /* Must manually force to upper case here, as this does not go via the handler */
552 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
555 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
556 get_dyn_SMB_PASSWD_FILE());
557 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
558 get_dyn_PRIVATE_DIR());
559 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
560 get_dyn_BINDDNS_DIR());
562 /* use the new 'hash2' method by default, with a prefix of 1 */
563 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
564 Globals.mangle_prefix = 1;
566 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
568 /* using UTF8 by default allows us to support all chars */
569 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
570 DEFAULT_UNIX_CHARSET);
572 /* Use codepage 850 as a default for the dos character set */
573 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
574 DEFAULT_DOS_CHARSET);
577 * Allow the default PASSWD_CHAT to be overridden in local.h.
579 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
580 DEFAULT_PASSWD_CHAT);
582 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
584 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
585 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
587 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
589 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
591 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
593 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
596 * By default support explicit binding to broadcast
599 Globals.nmbd_bind_explicit_broadcast = true;
601 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
603 smb_panic("init_globals: ENOMEM");
605 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
608 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
609 "/bin/sleep 999999999");
612 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
613 DEFAULT_SOCKET_OPTIONS);
615 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
616 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
617 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
618 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
619 "\\\\%N\\%U\\profile");
621 Globals.name_resolve_order =
622 str_list_make_v3_const(Globals.ctx,
623 DEFAULT_NAME_RESOLVE_ORDER,
625 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
627 Globals.algorithmic_rid_base = BASE_RID;
629 Globals.load_printers = true;
630 Globals.printcap_cache_time = 750; /* 12.5 minutes */
632 Globals.config_backend = config_backend;
633 Globals._server_role = ROLE_AUTO;
635 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
636 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
637 Globals.max_xmit = 0x4104;
638 Globals.max_mux = 50; /* This is *needed* for profile support. */
639 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
640 Globals._disable_spoolss = false;
641 Globals.max_smbd_processes = 0;/* no limit specified */
642 Globals.username_level = 0;
643 Globals.deadtime = 10080;
644 Globals.getwd_cache = true;
645 Globals.large_readwrite = true;
646 Globals.max_log_size = 5000;
647 Globals.max_open_files = max_open_files();
648 Globals.server_max_protocol = PROTOCOL_SMB3_11;
649 Globals.server_min_protocol = PROTOCOL_SMB2_02;
650 Globals._client_max_protocol = PROTOCOL_DEFAULT;
651 Globals.client_min_protocol = PROTOCOL_SMB2_02;
652 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
653 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
654 Globals._security = SEC_AUTO;
655 Globals.encrypt_passwords = true;
656 Globals.client_schannel = true;
657 Globals.winbind_sealed_pipes = true;
658 Globals.require_strong_key = true;
659 Globals.server_schannel = true;
660 Globals.read_raw = true;
661 Globals.write_raw = true;
662 Globals.null_passwords = false;
663 Globals.old_password_allowed_period = 60;
664 Globals.obey_pam_restrictions = false;
666 Globals.syslog_only = false;
667 Globals.timestamp_logs = true;
668 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
669 Globals.debug_prefix_timestamp = false;
670 Globals.debug_hires_timestamp = true;
671 Globals.debug_pid = false;
672 Globals.debug_uid = false;
673 Globals.debug_class = false;
674 Globals.enable_core_files = true;
675 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
676 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
677 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
678 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
679 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
680 Globals.lm_interval = 60;
681 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
682 Globals.nis_homedir = false;
683 #ifdef WITH_NISPLUS_HOME
684 lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
685 "auto_home.org_dir");
687 lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
690 Globals.time_server = false;
691 Globals.bind_interfaces_only = false;
692 Globals.unix_password_sync = false;
693 Globals.pam_password_change = false;
694 Globals.passwd_chat_debug = false;
695 Globals.passwd_chat_timeout = 2; /* 2 second default. */
696 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
697 Globals.nt_status_support = true; /* Use NT status by default. */
698 Globals.smbd_profiling_level = 0;
699 Globals.stat_cache = true; /* use stat cache by default */
700 Globals.max_stat_cache_size = 512; /* 512k by default */
701 Globals.restrict_anonymous = 0;
702 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
703 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
704 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
705 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
706 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
707 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
708 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
710 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
712 Globals.map_to_guest = 0; /* By Default, "Never" */
713 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
714 Globals.enhanced_browsing = true;
715 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
716 Globals.use_mmap = true;
717 Globals.unicode = true;
718 Globals.unix_extensions = true;
719 Globals.reset_on_zero_vc = false;
720 Globals.log_writeable_files_on_exit = false;
721 Globals.create_krb5_conf = true;
722 Globals.include_system_krb5_conf = true;
723 Globals._winbind_max_domain_connections = 1;
725 /* hostname lookups can be very expensive and are broken on
726 a large number of sites (tridge) */
727 Globals.hostname_lookups = false;
729 Globals.change_notify = true,
730 Globals.kernel_change_notify = true,
732 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
733 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
734 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
735 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
739 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
740 Globals.ldap_ssl = LDAP_SSL_START_TLS;
741 Globals.ldap_ssl_ads = false;
742 Globals.ldap_deref = -1;
743 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
744 Globals.ldap_delete_dn = false;
745 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
746 Globals.ldap_follow_referral = Auto;
747 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
748 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
749 Globals.ldap_page_size = LDAP_PAGE_SIZE;
751 Globals.ldap_debug_level = 0;
752 Globals.ldap_debug_threshold = 10;
754 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
756 Globals.ldap_server_require_strong_auth =
757 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
759 /* This is what we tell the afs client. in reality we set the token
760 * to never expire, though, when this runs out the afs client will
761 * forget the token. Set to 0 to get NEVERDATE.*/
762 Globals.afs_token_lifetime = 604800;
763 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
765 /* these parameters are set to defaults that are more appropriate
766 for the increasing samba install base:
768 as a member of the workgroup, that will possibly become a
769 _local_ master browser (lm = true). this is opposed to a forced
770 local master browser startup (pm = true).
772 doesn't provide WINS server service by default (wsupp = false),
773 and doesn't provide domain master browser services by default, either.
777 Globals.show_add_printer_wizard = true;
778 Globals.os_level = 20;
779 Globals.local_master = true;
780 Globals._domain_master = Auto; /* depending on _domain_logons */
781 Globals._domain_logons = false;
782 Globals.browse_list = true;
783 Globals.we_are_a_wins_server = false;
784 Globals.wins_proxy = false;
786 TALLOC_FREE(Globals.init_logon_delayed_hosts);
787 Globals.init_logon_delay = 100; /* 100 ms default delay */
789 Globals.wins_dns_proxy = true;
791 Globals.allow_trusted_domains = true;
792 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
794 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
795 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
797 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
798 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
799 dyn_WINBINDD_SOCKET_DIR);
801 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
802 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
804 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
806 Globals.cluster_addresses = NULL;
807 Globals.clustering = false;
808 Globals.ctdb_timeout = 0;
809 Globals.ctdb_locktime_warn_threshold = 0;
811 Globals.winbind_cache_time = 300; /* 5 minutes */
812 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
813 Globals.winbind_request_timeout = 60; /* 60 seconds */
814 Globals.winbind_max_clients = 200;
815 Globals.winbind_enum_users = false;
816 Globals.winbind_enum_groups = false;
817 Globals.winbind_use_default_domain = false;
818 Globals.winbind_nested_groups = true;
819 Globals.winbind_expand_groups = 0;
820 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
821 Globals.winbind_refresh_tickets = false;
822 Globals.winbind_offline_logon = false;
823 Globals.winbind_scan_trusted_domains = true;
825 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
826 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
828 Globals.passdb_expand_explicit = false;
830 Globals.name_cache_timeout = 660; /* In seconds */
832 Globals.client_use_spnego = true;
834 Globals.client_signing = SMB_SIGNING_DEFAULT;
835 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
836 Globals.server_signing = SMB_SIGNING_DEFAULT;
838 Globals.defer_sharing_violations = true;
839 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
841 Globals.enable_privileges = true;
842 Globals.host_msdfs = true;
843 Globals.enable_asu_support = false;
845 /* User defined shares. */
846 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
848 smb_panic("init_globals: ENOMEM");
850 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
852 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
853 Globals.usershare_max_shares = 0;
854 /* By default disallow sharing of directories not owned by the sharer. */
855 Globals.usershare_owner_only = true;
856 /* By default disallow guest access to usershares. */
857 Globals.usershare_allow_guests = false;
859 Globals.keepalive = DEFAULT_KEEPALIVE;
861 /* By default no shares out of the registry */
862 Globals.registry_shares = false;
864 Globals.min_receivefile_size = 0;
866 Globals.multicast_dns_register = true;
868 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
869 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
870 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
871 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
872 Globals.smb2_leases = true;
874 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
875 get_dyn_NCALRPCDIR());
877 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
879 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
881 Globals.tls_enabled = true;
882 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
884 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
885 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
886 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
887 lpcfg_string_set(Globals.ctx, &Globals.tls_priority,
888 "NORMAL:-VERS-SSL3.0");
890 lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
892 Globals._preferred_master = Auto;
894 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
895 Globals.dns_zone_scavenging = false;
897 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
898 get_dyn_NTP_SIGND_SOCKET_DIR());
900 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
902 smb_panic("init_globals: ENOMEM");
904 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
908 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
911 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
913 smb_panic("init_globals: ENOMEM");
915 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
918 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
920 smb_panic("init_globals: ENOMEM");
922 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
925 Globals.apply_group_policies = false;
927 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
929 smb_panic("init_globals: ENOMEM");
931 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
934 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
936 Globals.cldap_port = 389;
938 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
940 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
942 Globals.krb5_port = 88;
944 Globals.kpasswd_port = 464;
946 Globals.aio_max_threads = 100;
948 lpcfg_string_set(Globals.ctx,
949 &Globals.rpc_server_dynamic_port_range,
951 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
952 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
953 Globals.prefork_children = 4;
954 Globals.prefork_backoff_increment = 10;
955 Globals.prefork_maximum_backoff = 120;
957 /* Now put back the settings that were set with lp_set_cmdline() */
958 apply_lp_set_cmdline();
961 /* Convenience routine to setup an lp_context with additional s3 variables */
962 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
964 struct loadparm_context *lp_ctx;
966 lp_ctx = loadparm_init_s3(mem_ctx,
967 loadparm_s3_helpers());
968 if (lp_ctx == NULL) {
969 DEBUG(0, ("loadparm_init_s3 failed\n"));
973 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
974 if (lp_ctx->sDefault == NULL) {
975 DBG_ERR("talloc_zero failed\n");
980 *lp_ctx->sDefault = _sDefault;
981 lp_ctx->services = NULL; /* We do not want to access this directly */
982 lp_ctx->bInGlobalSection = bInGlobalSection;
983 lp_ctx->flags = flags_list;
988 /*******************************************************************
989 Convenience routine to grab string parameters into talloced memory
990 and run standard_sub_basic on them. The buffers can be written to by
991 callers without affecting the source string.
992 ********************************************************************/
994 char *lp_string(TALLOC_CTX *ctx, const char *s)
998 /* The follow debug is useful for tracking down memory problems
999 especially if you have an inner loop that is calling a lp_*()
1000 function that returns a string. Perhaps this debug should be
1001 present all the time? */
1004 DEBUG(10, ("lp_string(%s)\n", s));
1010 ret = talloc_sub_basic(ctx,
1011 get_current_username(),
1012 current_user_info.domain,
1014 if (trim_char(ret, '\"', '\"')) {
1015 if (strchr(ret,'\"') != NULL) {
1017 ret = talloc_sub_basic(ctx,
1018 get_current_username(),
1019 current_user_info.domain,
1027 In this section all the functions that are used to access the
1028 parameters from the rest of the program are defined
1031 #define FN_GLOBAL_STRING(fn_name,ptr) \
1032 char *lp_ ## fn_name(TALLOC_CTX *ctx) {return(lp_string((ctx), *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : ""));}
1033 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1034 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1035 #define FN_GLOBAL_LIST(fn_name,ptr) \
1036 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1037 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1038 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1039 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1040 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1041 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1042 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1044 #define FN_LOCAL_STRING(fn_name,val) \
1045 char *lp_ ## fn_name(TALLOC_CTX *ctx,int i) {return(lp_string((ctx), (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));}
1046 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1047 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1048 #define FN_LOCAL_LIST(fn_name,val) \
1049 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1050 #define FN_LOCAL_BOOL(fn_name,val) \
1051 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1052 #define FN_LOCAL_INTEGER(fn_name,val) \
1053 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1055 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1056 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1057 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1058 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1059 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1060 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1062 int lp_winbind_max_domain_connections(void)
1064 if (lp_winbind_offline_logon() &&
1065 lp__winbind_max_domain_connections() > 1) {
1066 DEBUG(1, ("offline logons active, restricting max domain "
1067 "connections to 1\n"));
1070 return MAX(1, lp__winbind_max_domain_connections());
1073 /* These functions remain in source3/param for now */
1075 #include "lib/param/param_functions.c"
1077 FN_LOCAL_STRING(servicename, szService)
1078 FN_LOCAL_CONST_STRING(const_servicename, szService)
1080 /* These functions cannot be auto-generated */
1081 FN_LOCAL_BOOL(autoloaded, autoloaded)
1082 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1084 /* local prototypes */
1086 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1087 static const char *get_boolean(bool bool_value);
1088 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1090 static bool hash_a_service(const char *name, int number);
1091 static void free_service_byindex(int iService);
1092 static void show_parameter(int parmIndex);
1093 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1094 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1097 * This is a helper function for parametrical options support. It returns a
1098 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1099 * parametrical functions are quite simple
1101 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1104 if (snum >= iNumServices) return NULL;
1107 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1109 return get_parametric_helper(ServicePtrs[snum],
1110 type, option, Globals.param_opt);
1114 static void discard_whitespace(char *str)
1116 size_t len = strlen(str);
1120 if (isspace(str[i])) {
1121 memmove(&str[i], &str[i+1], len-i);
1130 * @brief Go through all global parametric parameters
1132 * @param regex_str A regular expression to scan param for
1133 * @param max_matches Max number of submatches the regexp expects
1134 * @param cb Function to call on match. Should return true
1135 * when it wants wi_scan_global_parametrics to stop
1137 * @param private_data Anonymous pointer passed to cb
1139 * @return 0: success, regcomp/regexec return value on error.
1140 * See "man regexec" for possible errors
1143 int lp_wi_scan_global_parametrics(
1144 const char *regex_str, size_t max_matches,
1145 bool (*cb)(const char *string, regmatch_t matches[],
1146 void *private_data),
1149 struct parmlist_entry *data;
1153 ret = regcomp(®ex, regex_str, REG_ICASE);
1158 for (data = Globals.param_opt; data != NULL; data = data->next) {
1159 size_t keylen = strlen(data->key);
1161 regmatch_t matches[max_matches];
1164 memcpy(key, data->key, sizeof(key));
1165 discard_whitespace(key);
1167 ret = regexec(®ex, key, max_matches, matches, 0);
1168 if (ret == REG_NOMATCH) {
1175 stop = cb(key, matches, private_data);
1188 #define MISSING_PARAMETER(name) \
1189 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1191 /*******************************************************************
1192 convenience routine to return enum parameters.
1193 ********************************************************************/
1194 static int lp_enum(const char *s,const struct enum_list *_enum)
1198 if (!s || !*s || !_enum) {
1199 MISSING_PARAMETER(lp_enum);
1203 for (i=0; _enum[i].name; i++) {
1204 if (strequal(_enum[i].name,s))
1205 return _enum[i].value;
1208 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1212 #undef MISSING_PARAMETER
1214 /* Return parametric option from a given service. Type is a part of option before ':' */
1215 /* Parametric option has following syntax: 'Type: option = value' */
1216 char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def)
1218 struct parmlist_entry *data = get_parametrics(snum, type, option);
1220 if (data == NULL||data->value==NULL) {
1222 return lp_string(ctx, def);
1228 return lp_string(ctx, data->value);
1231 /* Return parametric option from a given service. Type is a part of option before ':' */
1232 /* Parametric option has following syntax: 'Type: option = value' */
1233 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1235 struct parmlist_entry *data = get_parametrics(snum, type, option);
1237 if (data == NULL||data->value==NULL)
1244 /* Return parametric option from a given service. Type is a part of option before ':' */
1245 /* Parametric option has following syntax: 'Type: option = value' */
1247 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1249 struct parmlist_entry *data = get_parametrics(snum, type, option);
1251 if (data == NULL||data->value==NULL)
1252 return (const char **)def;
1254 if (data->list==NULL) {
1255 data->list = str_list_make_v3(NULL, data->value, NULL);
1258 return discard_const_p(const char *, data->list);
1261 /* Return parametric option from a given service. Type is a part of option before ':' */
1262 /* Parametric option has following syntax: 'Type: option = value' */
1264 int lp_parm_int(int snum, const char *type, const char *option, int def)
1266 struct parmlist_entry *data = get_parametrics(snum, type, option);
1268 if (data && data->value && *data->value)
1269 return lp_int(data->value);
1274 /* Return parametric option from a given service. Type is a part of option before ':' */
1275 /* Parametric option has following syntax: 'Type: option = value' */
1277 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1279 struct parmlist_entry *data = get_parametrics(snum, type, option);
1281 if (data && data->value && *data->value)
1282 return lp_ulong(data->value);
1287 /* Return parametric option from a given service. Type is a part of option before ':' */
1288 /* Parametric option has following syntax: 'Type: option = value' */
1290 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1291 const char *option, unsigned long long def)
1293 struct parmlist_entry *data = get_parametrics(snum, type, option);
1295 if (data && data->value && *data->value) {
1296 return lp_ulonglong(data->value);
1302 /* Return parametric option from a given service. Type is a part of option
1304 /* Parametric option has following syntax: 'Type: option = value' */
1306 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1308 struct parmlist_entry *data = get_parametrics(snum, type, option);
1310 if (data && data->value && *data->value)
1311 return lp_bool(data->value);
1316 /* Return parametric option from a given service. Type is a part of option before ':' */
1317 /* Parametric option has following syntax: 'Type: option = value' */
1319 int lp_parm_enum(int snum, const char *type, const char *option,
1320 const struct enum_list *_enum, int def)
1322 struct parmlist_entry *data = get_parametrics(snum, type, option);
1324 if (data && data->value && *data->value && _enum)
1325 return lp_enum(data->value, _enum);
1331 * free a param_opts structure.
1332 * param_opts handling should be moved to talloc;
1333 * then this whole functions reduces to a TALLOC_FREE().
1336 static void free_param_opts(struct parmlist_entry **popts)
1338 struct parmlist_entry *opt, *next_opt;
1340 if (*popts != NULL) {
1341 DEBUG(5, ("Freeing parametrics:\n"));
1344 while (opt != NULL) {
1345 lpcfg_string_free(&opt->key);
1346 lpcfg_string_free(&opt->value);
1347 TALLOC_FREE(opt->list);
1348 next_opt = opt->next;
1355 /***************************************************************************
1356 Free the dynamically allocated parts of a service struct.
1357 ***************************************************************************/
1359 static void free_service(struct loadparm_service *pservice)
1364 if (pservice->szService)
1365 DEBUG(5, ("free_service: Freeing service %s\n",
1366 pservice->szService));
1368 free_parameters(pservice);
1370 lpcfg_string_free(&pservice->szService);
1371 TALLOC_FREE(pservice->copymap);
1373 free_param_opts(&pservice->param_opt);
1375 ZERO_STRUCTP(pservice);
1379 /***************************************************************************
1380 remove a service indexed in the ServicePtrs array from the ServiceHash
1381 and free the dynamically allocated parts
1382 ***************************************************************************/
1384 static void free_service_byindex(int idx)
1386 if ( !LP_SNUM_OK(idx) )
1389 ServicePtrs[idx]->valid = false;
1391 /* we have to cleanup the hash record */
1393 if (ServicePtrs[idx]->szService) {
1394 char *canon_name = canonicalize_servicename(
1396 ServicePtrs[idx]->szService );
1398 dbwrap_delete_bystring(ServiceHash, canon_name );
1399 TALLOC_FREE(canon_name);
1402 free_service(ServicePtrs[idx]);
1403 TALLOC_FREE(ServicePtrs[idx]);
1406 /***************************************************************************
1407 Add a new service to the services array initialising it with the given
1409 ***************************************************************************/
1411 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1414 struct loadparm_service **tsp = NULL;
1416 /* it might already exist */
1418 i = getservicebyname(name, NULL);
1424 /* Re use empty slots if any before allocating new one.*/
1425 for (i=0; i < iNumServices; i++) {
1426 if (ServicePtrs[i] == NULL) {
1430 if (i == iNumServices) {
1431 /* if not, then create one */
1432 tsp = talloc_realloc(NULL, ServicePtrs,
1433 struct loadparm_service *,
1436 DEBUG(0, ("add_a_service: failed to enlarge "
1443 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1444 if (!ServicePtrs[i]) {
1445 DEBUG(0,("add_a_service: out of memory!\n"));
1449 ServicePtrs[i]->valid = true;
1451 copy_service(ServicePtrs[i], pservice, NULL);
1453 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1456 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1457 i, ServicePtrs[i]->szService));
1459 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1466 /***************************************************************************
1467 Convert a string to uppercase and remove whitespaces.
1468 ***************************************************************************/
1470 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1475 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1479 result = talloc_strdup(ctx, src);
1480 SMB_ASSERT(result != NULL);
1482 if (!strlower_m(result)) {
1483 TALLOC_FREE(result);
1489 /***************************************************************************
1490 Add a name/index pair for the services array to the hash table.
1491 ***************************************************************************/
1493 static bool hash_a_service(const char *name, int idx)
1497 if ( !ServiceHash ) {
1498 DEBUG(10,("hash_a_service: creating servicehash\n"));
1499 ServiceHash = db_open_rbt(NULL);
1500 if ( !ServiceHash ) {
1501 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1506 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1509 canon_name = canonicalize_servicename(talloc_tos(), name );
1511 dbwrap_store_bystring(ServiceHash, canon_name,
1512 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1515 TALLOC_FREE(canon_name);
1520 /***************************************************************************
1521 Add a new home service, with the specified home directory, defaults coming
1523 ***************************************************************************/
1525 bool lp_add_home(const char *pszHomename, int iDefaultService,
1526 const char *user, const char *pszHomedir)
1531 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1532 pszHomedir[0] == '\0') {
1536 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1541 global_path = lp_path(talloc_tos(), GLOBAL_SECTION_SNUM);
1542 if (!(*(ServicePtrs[iDefaultService]->path))
1543 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1544 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1547 TALLOC_FREE(global_path);
1549 if (!(*(ServicePtrs[i]->comment))) {
1550 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1551 if (comment == NULL) {
1554 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1556 TALLOC_FREE(comment);
1559 /* set the browseable flag from the global default */
1561 ServicePtrs[i]->browseable = sDefault.browseable;
1562 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1564 ServicePtrs[i]->autoloaded = true;
1566 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1567 user, ServicePtrs[i]->path ));
1572 /***************************************************************************
1573 Add a new service, based on an old one.
1574 ***************************************************************************/
1576 int lp_add_service(const char *pszService, int iDefaultService)
1578 if (iDefaultService < 0) {
1579 return add_a_service(&sDefault, pszService);
1582 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1585 /***************************************************************************
1586 Add the IPC service.
1587 ***************************************************************************/
1589 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1591 char *comment = NULL;
1592 int i = add_a_service(&sDefault, ipc_name);
1597 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1598 Globals.server_string);
1599 if (comment == NULL) {
1603 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1604 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1605 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1606 ServicePtrs[i]->max_connections = 0;
1607 ServicePtrs[i]->available = true;
1608 ServicePtrs[i]->read_only = true;
1609 ServicePtrs[i]->guest_only = false;
1610 ServicePtrs[i]->administrative_share = true;
1611 ServicePtrs[i]->guest_ok = guest_ok;
1612 ServicePtrs[i]->printable = false;
1613 ServicePtrs[i]->browseable = sDefault.browseable;
1614 ServicePtrs[i]->autoloaded = false;
1616 DEBUG(3, ("adding IPC service\n"));
1618 TALLOC_FREE(comment);
1622 /***************************************************************************
1623 Add a new printer service, with defaults coming from service iFrom.
1624 ***************************************************************************/
1626 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1628 const char *comment = "From Printcap";
1629 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1634 /* note that we do NOT default the availability flag to true - */
1635 /* we take it from the default service passed. This allows all */
1636 /* dynamic printers to be disabled by disabling the [printers] */
1637 /* entry (if/when the 'available' keyword is implemented!). */
1639 /* the printer name is set to the service name. */
1640 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1642 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1644 /* set the browseable flag from the gloabl default */
1645 ServicePtrs[i]->browseable = sDefault.browseable;
1647 /* Printers cannot be read_only. */
1648 ServicePtrs[i]->read_only = false;
1649 /* No oplocks on printer services. */
1650 ServicePtrs[i]->oplocks = false;
1651 /* Printer services must be printable. */
1652 ServicePtrs[i]->printable = true;
1654 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1660 /***************************************************************************
1661 Check whether the given parameter name is valid.
1662 Parametric options (names containing a colon) are considered valid.
1663 ***************************************************************************/
1665 bool lp_parameter_is_valid(const char *pszParmName)
1667 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1668 (strchr(pszParmName, ':') != NULL));
1671 /***************************************************************************
1672 Check whether the given name is the name of a global parameter.
1673 Returns true for strings belonging to parameters of class
1674 P_GLOBAL, false for all other strings, also for parametric options
1675 and strings not belonging to any option.
1676 ***************************************************************************/
1678 bool lp_parameter_is_global(const char *pszParmName)
1680 int num = lpcfg_map_parameter(pszParmName);
1683 return (parm_table[num].p_class == P_GLOBAL);
1689 /**************************************************************************
1690 Determine the canonical name for a parameter.
1691 Indicate when it is an inverse (boolean) synonym instead of a
1693 **************************************************************************/
1695 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1700 if (!lp_parameter_is_valid(parm_name)) {
1705 num = map_parameter_canonical(parm_name, inverse);
1707 /* parametric option */
1708 *canon_parm = parm_name;
1710 *canon_parm = parm_table[num].label;
1717 /**************************************************************************
1718 Determine the canonical name for a parameter.
1719 Turn the value given into the inverse boolean expression when
1720 the synonym is an invers boolean synonym.
1723 - parm_name is a valid parameter name and
1724 - val is a valid value for this parameter and
1725 - in case the parameter is an inverse boolean synonym, if the val
1726 string could successfully be converted to the reverse bool.
1727 Return false in all other cases.
1728 **************************************************************************/
1730 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1732 const char **canon_parm,
1733 const char **canon_val)
1739 if (!lp_parameter_is_valid(parm_name)) {
1745 num = map_parameter_canonical(parm_name, &inverse);
1747 /* parametric option */
1748 *canon_parm = parm_name;
1753 *canon_parm = parm_table[num].label;
1755 if (!lp_invert_boolean(val, canon_val)) {
1763 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1768 /***************************************************************************
1769 Map a parameter's string representation to the index of the canonical
1770 form of the parameter (it might be a synonym).
1771 Returns -1 if the parameter string is not recognised.
1772 ***************************************************************************/
1774 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1776 int parm_num, canon_num;
1777 bool loc_inverse = false;
1779 parm_num = lpcfg_map_parameter(pszParmName);
1780 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1781 /* invalid, parametric or no canidate for synonyms ... */
1785 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1786 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1787 parm_num = canon_num;
1793 if (inverse != NULL) {
1794 *inverse = loc_inverse;
1799 /***************************************************************************
1800 return true if parameter number parm1 is a synonym of parameter
1801 number parm2 (parm2 being the principal name).
1802 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1804 ***************************************************************************/
1806 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1808 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1809 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1810 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1811 !(parm_table[parm2].flags & FLAG_SYNONYM))
1813 if (inverse != NULL) {
1814 if ((parm_table[parm1].type == P_BOOLREV) &&
1815 (parm_table[parm2].type == P_BOOL))
1827 /***************************************************************************
1828 Show one parameter's name, type, [values,] and flags.
1829 (helper functions for show_parameter_list)
1830 ***************************************************************************/
1832 static void show_parameter(int parmIndex)
1834 size_t enumIndex, flagIndex;
1839 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1840 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1841 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1842 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1843 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1845 printf("%s=%s", parm_table[parmIndex].label,
1846 type[parm_table[parmIndex].type]);
1847 if (parm_table[parmIndex].type == P_ENUM) {
1850 parm_table[parmIndex].enum_list[enumIndex].name;
1854 enumIndex ? "|" : "",
1855 parm_table[parmIndex].enum_list[enumIndex].name);
1860 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1861 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1864 flag_names[flagIndex]);
1869 /* output synonyms */
1871 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1872 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1873 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1874 parm_table[parmIndex2].label);
1875 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1877 printf(" (synonyms: ");
1882 printf("%s%s", parm_table[parmIndex2].label,
1883 inverse ? "[i]" : "");
1894 * Check the value for a P_ENUM
1896 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1900 for (i = 0; parm->enum_list[i].name; i++) {
1901 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1908 /**************************************************************************
1909 Check whether the given value is valid for the given parameter name.
1910 **************************************************************************/
1912 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1914 bool ret = false, tmp_bool;
1915 int num = lpcfg_map_parameter(parm_name), tmp_int;
1916 uint64_t tmp_int64 = 0;
1917 struct parm_struct *parm;
1919 /* parametric options (parameter names containing a colon) cannot
1920 be checked and are therefore considered valid. */
1921 if (strchr(parm_name, ':') != NULL) {
1926 parm = &parm_table[num];
1927 switch (parm->type) {
1930 ret = set_boolean(val, &tmp_bool);
1934 ret = (sscanf(val, "%d", &tmp_int) == 1);
1938 ret = (sscanf(val, "%o", &tmp_int) == 1);
1942 ret = check_enum_parameter(parm, val);
1946 if (conv_str_size_error(val, &tmp_int64) &&
1947 tmp_int64 <= INT_MAX) {
1964 /***************************************************************************
1965 Show all parameter's name, type, [values,] and flags.
1966 ***************************************************************************/
1968 void show_parameter_list(void)
1970 int classIndex, parmIndex;
1971 const char *section_names[] = { "local", "global", NULL};
1973 for (classIndex=0; section_names[classIndex]; classIndex++) {
1974 printf("[%s]\n", section_names[classIndex]);
1975 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
1976 if (parm_table[parmIndex].p_class == classIndex) {
1977 show_parameter(parmIndex);
1983 /***************************************************************************
1984 Get the standard string representation of a boolean value ("yes" or "no")
1985 ***************************************************************************/
1987 static const char *get_boolean(bool bool_value)
1989 static const char *yes_str = "yes";
1990 static const char *no_str = "no";
1992 return (bool_value ? yes_str : no_str);
1995 /***************************************************************************
1996 Provide the string of the negated boolean value associated to the boolean
1997 given as a string. Returns false if the passed string does not correctly
1998 represent a boolean.
1999 ***************************************************************************/
2001 bool lp_invert_boolean(const char *str, const char **inverse_str)
2005 if (!set_boolean(str, &val)) {
2009 *inverse_str = get_boolean(!val);
2013 /***************************************************************************
2014 Provide the canonical string representation of a boolean value given
2015 as a string. Return true on success, false if the string given does
2016 not correctly represent a boolean.
2017 ***************************************************************************/
2019 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2023 if (!set_boolean(str, &val)) {
2027 *canon_str = get_boolean(val);
2031 /***************************************************************************
2032 Find a service by name. Otherwise works like get_service.
2033 ***************************************************************************/
2035 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2042 if (ServiceHash == NULL) {
2046 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2048 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2051 if (NT_STATUS_IS_OK(status) &&
2052 (data.dptr != NULL) &&
2053 (data.dsize == sizeof(iService)))
2055 memcpy(&iService, data.dptr, sizeof(iService));
2058 TALLOC_FREE(canon_name);
2060 if ((iService != -1) && (LP_SNUM_OK(iService))
2061 && (pserviceDest != NULL)) {
2062 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2068 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2069 struct loadparm_service *lp_service(const char *pszServiceName)
2071 int iService = getservicebyname(pszServiceName, NULL);
2072 if (iService == -1 || !LP_SNUM_OK(iService)) {
2075 return ServicePtrs[iService];
2078 struct loadparm_service *lp_servicebynum(int snum)
2080 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2083 return ServicePtrs[snum];
2086 struct loadparm_service *lp_default_loadparm_service()
2091 static struct smbconf_ctx *lp_smbconf_ctx(void)
2094 static struct smbconf_ctx *conf_ctx = NULL;
2096 if (conf_ctx == NULL) {
2097 err = smbconf_init(NULL, &conf_ctx, "registry:");
2098 if (!SBC_ERROR_IS_OK(err)) {
2099 DEBUG(1, ("error initializing registry configuration: "
2100 "%s\n", sbcErrorString(err)));
2108 static bool process_smbconf_service(struct smbconf_service *service)
2113 if (service == NULL) {
2117 ret = lp_do_section(service->name, NULL);
2121 for (count = 0; count < service->num_params; count++) {
2123 if (!bInGlobalSection && bGlobalOnly) {
2126 const char *pszParmName = service->param_names[count];
2127 const char *pszParmValue = service->param_values[count];
2129 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2131 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2132 pszParmName, pszParmValue);
2139 if (iServiceIndex >= 0) {
2140 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2146 * load a service from registry and activate it
2148 bool process_registry_service(const char *service_name)
2151 struct smbconf_service *service = NULL;
2152 TALLOC_CTX *mem_ctx = talloc_stackframe();
2153 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2156 if (conf_ctx == NULL) {
2160 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2162 if (!smbconf_share_exists(conf_ctx, service_name)) {
2164 * Registry does not contain data for this service (yet),
2165 * but make sure lp_load doesn't return false.
2171 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2172 if (!SBC_ERROR_IS_OK(err)) {
2176 ret = process_smbconf_service(service);
2182 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2185 TALLOC_FREE(mem_ctx);
2190 * process_registry_globals
2192 static bool process_registry_globals(void)
2196 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2198 if (!bInGlobalSection && bGlobalOnly) {
2201 const char *pszParmName = "registry shares";
2202 const char *pszParmValue = "yes";
2204 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2206 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2207 pszParmName, pszParmValue);
2214 return process_registry_service(GLOBAL_NAME);
2217 bool process_registry_shares(void)
2221 struct smbconf_service **service = NULL;
2222 uint32_t num_shares = 0;
2223 TALLOC_CTX *mem_ctx = talloc_stackframe();
2224 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2227 if (conf_ctx == NULL) {
2231 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2232 if (!SBC_ERROR_IS_OK(err)) {
2238 for (count = 0; count < num_shares; count++) {
2239 if (strequal(service[count]->name, GLOBAL_NAME)) {
2242 ret = process_smbconf_service(service[count]);
2249 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2252 TALLOC_FREE(mem_ctx);
2257 * reload those shares from registry that are already
2258 * activated in the services array.
2260 static bool reload_registry_shares(void)
2265 for (i = 0; i < iNumServices; i++) {
2270 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2274 ret = process_registry_service(ServicePtrs[i]->szService);
2285 #define MAX_INCLUDE_DEPTH 100
2287 static uint8_t include_depth;
2290 * Free the file lists
2292 static void free_file_list(void)
2294 struct file_lists *f;
2295 struct file_lists *next;
2308 * Utility function for outsiders to check if we're running on registry.
2310 bool lp_config_backend_is_registry(void)
2312 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2316 * Utility function to check if the config backend is FILE.
2318 bool lp_config_backend_is_file(void)
2320 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2323 /*******************************************************************
2324 Check if a config file has changed date.
2325 ********************************************************************/
2327 bool lp_file_list_changed(void)
2329 struct file_lists *f = file_lists;
2331 DEBUG(6, ("lp_file_list_changed()\n"));
2334 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2335 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2337 if (conf_ctx == NULL) {
2340 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2343 DEBUGADD(6, ("registry config changed\n"));
2350 n2 = talloc_sub_basic(talloc_tos(),
2351 get_current_username(),
2352 current_user_info.domain,
2357 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2358 f->name, n2, ctime(&f->modtime)));
2360 mod_time = file_modtime(n2);
2363 ((f->modtime != mod_time) ||
2364 (f->subfname == NULL) ||
2365 (strcmp(n2, f->subfname) != 0)))
2368 ("file %s modified: %s\n", n2,
2370 f->modtime = mod_time;
2371 TALLOC_FREE(f->subfname);
2372 f->subfname = talloc_strdup(f, n2);
2373 if (f->subfname == NULL) {
2374 smb_panic("talloc_strdup failed");
2388 * Initialize iconv conversion descriptors.
2390 * This is called the first time it is needed, and also called again
2391 * every time the configuration is reloaded, because the charset or
2392 * codepage might have changed.
2394 static void init_iconv(void)
2396 struct smb_iconv_handle *ret = NULL;
2398 ret = reinit_iconv_handle(NULL,
2402 smb_panic("reinit_iconv_handle failed");
2406 /***************************************************************************
2407 Handle the include operation.
2408 ***************************************************************************/
2409 static bool bAllowIncludeRegistry = true;
2411 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2412 const char *pszParmValue, char **ptr)
2416 if (include_depth >= MAX_INCLUDE_DEPTH) {
2417 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2422 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2423 if (!bAllowIncludeRegistry) {
2426 if (lp_ctx->bInGlobalSection) {
2429 ret = process_registry_globals();
2433 DEBUG(1, ("\"include = registry\" only effective "
2434 "in %s section\n", GLOBAL_NAME));
2439 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2440 current_user_info.domain,
2443 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2445 if (service == NULL) {
2446 lpcfg_string_set(Globals.ctx, ptr, fname);
2448 lpcfg_string_set(service, ptr, fname);
2451 if (file_exist(fname)) {
2454 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2460 DEBUG(2, ("Can't find include file %s\n", fname));
2465 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2467 char *config_option = NULL;
2468 const char *range = NULL;
2471 SMB_ASSERT(low != NULL);
2472 SMB_ASSERT(high != NULL);
2474 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2478 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2480 if (config_option == NULL) {
2481 DEBUG(0, ("out of memory\n"));
2485 range = lp_parm_const_string(-1, config_option, "range", NULL);
2486 if (range == NULL) {
2487 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2491 if (sscanf(range, "%u - %u", low, high) != 2) {
2492 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2493 range, domain_name));
2500 talloc_free(config_option);
2505 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2507 return lp_idmap_range("*", low, high);
2510 const char *lp_idmap_backend(const char *domain_name)
2512 char *config_option = NULL;
2513 const char *backend = NULL;
2515 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2519 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2521 if (config_option == NULL) {
2522 DEBUG(0, ("out of memory\n"));
2526 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2527 if (backend == NULL) {
2528 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2533 talloc_free(config_option);
2537 const char *lp_idmap_default_backend(void)
2539 return lp_idmap_backend("*");
2542 /***************************************************************************
2543 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2544 ***************************************************************************/
2546 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2548 const char *suffix_string;
2550 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2551 Globals.ldap_suffix );
2552 if ( !suffix_string ) {
2553 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2557 return suffix_string;
2560 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2562 if (Globals._ldap_machine_suffix[0])
2563 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2565 return lp_string(ctx, Globals.ldap_suffix);
2568 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2570 if (Globals._ldap_user_suffix[0])
2571 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2573 return lp_string(ctx, Globals.ldap_suffix);
2576 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2578 if (Globals._ldap_group_suffix[0])
2579 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2581 return lp_string(ctx, Globals.ldap_suffix);
2584 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2586 if (Globals._ldap_idmap_suffix[0])
2587 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2589 return lp_string(ctx, Globals.ldap_suffix);
2593 return the parameter pointer for a parameter
2595 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2597 if (service == NULL) {
2598 if (parm->p_class == P_LOCAL)
2599 return (void *)(((char *)&sDefault)+parm->offset);
2600 else if (parm->p_class == P_GLOBAL)
2601 return (void *)(((char *)&Globals)+parm->offset);
2604 return (void *)(((char *)service) + parm->offset);
2608 /***************************************************************************
2609 Process a parameter for a particular service number. If snum < 0
2610 then assume we are in the globals.
2611 ***************************************************************************/
2613 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2615 TALLOC_CTX *frame = talloc_stackframe();
2616 struct loadparm_context *lp_ctx;
2619 lp_ctx = setup_lp_context(frame);
2620 if (lp_ctx == NULL) {
2626 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2628 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2629 pszParmName, pszParmValue);
2637 /***************************************************************************
2638 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2639 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2640 ***************************************************************************/
2642 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2645 parmnum = lpcfg_map_parameter(pszParmName);
2647 flags_list[parmnum] &= ~FLAG_CMDLINE;
2648 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2651 flags_list[parmnum] |= FLAG_CMDLINE;
2653 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2654 * be grouped in the table, so we don't have to search the
2657 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2658 && parm_table[i].p_class == parm_table[parmnum].p_class;
2660 flags_list[i] |= FLAG_CMDLINE;
2662 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2663 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2664 flags_list[i] |= FLAG_CMDLINE;
2670 /* it might be parametric */
2671 if (strchr(pszParmName, ':') != NULL) {
2672 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2676 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2680 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2683 TALLOC_CTX *frame = talloc_stackframe();
2684 struct loadparm_context *lp_ctx;
2686 lp_ctx = setup_lp_context(frame);
2687 if (lp_ctx == NULL) {
2692 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2698 /***************************************************************************
2699 Process a parameter.
2700 ***************************************************************************/
2702 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2705 if (!bInGlobalSection && bGlobalOnly)
2708 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2710 if (bInGlobalSection) {
2711 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2713 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2714 pszParmName, pszParmValue);
2718 /***************************************************************************
2719 Initialize any local variables in the sDefault table, after parsing a
2721 ***************************************************************************/
2723 static void init_locals(void)
2726 * We run this check once the [globals] is parsed, to force
2727 * the VFS objects and other per-share settings we need for
2728 * the standard way a AD DC is operated. We may change these
2729 * as our code evolves, which is why we force these settings.
2731 * We can't do this at the end of lp_load_ex(), as by that
2732 * point the services have been loaded and they will already
2733 * have "" as their vfs objects.
2735 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2736 const char **vfs_objects = lp_vfs_objects(-1);
2737 if (!vfs_objects || !vfs_objects[0]) {
2738 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2739 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2740 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2741 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2743 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2747 lp_do_parameter(-1, "map hidden", "no");
2748 lp_do_parameter(-1, "map system", "no");
2749 lp_do_parameter(-1, "map readonly", "no");
2750 lp_do_parameter(-1, "map archive", "no");
2751 lp_do_parameter(-1, "store dos attributes", "yes");
2755 /***************************************************************************
2756 Process a new section (service). At this stage all sections are services.
2757 Later we'll have special sections that permit server parameters to be set.
2758 Returns true on success, false on failure.
2759 ***************************************************************************/
2761 bool lp_do_section(const char *pszSectionName, void *userdata)
2763 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2765 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2766 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2768 /* if we were in a global section then do the local inits */
2769 if (bInGlobalSection && !isglobal)
2772 /* if we've just struck a global section, note the fact. */
2773 bInGlobalSection = isglobal;
2774 if (lp_ctx != NULL) {
2775 lp_ctx->bInGlobalSection = isglobal;
2778 /* check for multiple global sections */
2779 if (bInGlobalSection) {
2780 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2784 if (!bInGlobalSection && bGlobalOnly)
2787 /* if we have a current service, tidy it up before moving on */
2790 if (iServiceIndex >= 0)
2791 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2793 /* if all is still well, move to the next record in the services array */
2795 /* We put this here to avoid an odd message order if messages are */
2796 /* issued by the post-processing of a previous section. */
2797 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2799 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2800 if (iServiceIndex < 0) {
2801 DEBUG(0, ("Failed to add a new service\n"));
2804 /* Clean all parametric options for service */
2805 /* They will be added during parsing again */
2806 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2812 /***************************************************************************
2813 Display the contents of a parameter of a single services record.
2814 ***************************************************************************/
2816 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2818 bool result = false;
2819 struct loadparm_context *lp_ctx;
2821 lp_ctx = setup_lp_context(talloc_tos());
2822 if (lp_ctx == NULL) {
2827 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2829 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2831 TALLOC_FREE(lp_ctx);
2836 /***************************************************************************
2837 Display the contents of a single copy structure.
2838 ***************************************************************************/
2839 static void dump_copy_map(bool *pcopymap)
2845 printf("\n\tNon-Copied parameters:\n");
2847 for (i = 0; parm_table[i].label; i++)
2848 if (parm_table[i].p_class == P_LOCAL &&
2849 parm_table[i].ptr && !pcopymap[i] &&
2850 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2852 printf("\t\t%s\n", parm_table[i].label);
2857 /***************************************************************************
2858 Return TRUE if the passed service number is within range.
2859 ***************************************************************************/
2861 bool lp_snum_ok(int iService)
2863 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2866 /***************************************************************************
2867 Auto-load some home services.
2868 ***************************************************************************/
2870 static void lp_add_auto_services(char *str)
2880 s = talloc_strdup(talloc_tos(), str);
2882 smb_panic("talloc_strdup failed");
2886 homes = lp_servicenumber(HOMES_NAME);
2888 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2889 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2892 if (lp_servicenumber(p) >= 0)
2895 home = get_user_home_dir(talloc_tos(), p);
2897 if (home && home[0] && homes >= 0)
2898 lp_add_home(p, homes, p, home);
2905 /***************************************************************************
2906 Auto-load one printer.
2907 ***************************************************************************/
2909 void lp_add_one_printer(const char *name, const char *comment,
2910 const char *location, void *pdata)
2912 int printers = lp_servicenumber(PRINTERS_NAME);
2915 if (lp_servicenumber(name) < 0) {
2916 lp_add_printer(name, printers);
2917 if ((i = lp_servicenumber(name)) >= 0) {
2918 lpcfg_string_set(ServicePtrs[i],
2919 &ServicePtrs[i]->comment, comment);
2920 ServicePtrs[i]->autoloaded = true;
2925 /***************************************************************************
2926 Have we loaded a services file yet?
2927 ***************************************************************************/
2929 bool lp_loaded(void)
2934 /***************************************************************************
2935 Unload unused services.
2936 ***************************************************************************/
2938 void lp_killunused(struct smbd_server_connection *sconn,
2939 bool (*snumused) (struct smbd_server_connection *, int))
2942 for (i = 0; i < iNumServices; i++) {
2946 /* don't kill autoloaded or usershare services */
2947 if ( ServicePtrs[i]->autoloaded ||
2948 ServicePtrs[i]->usershare == USERSHARE_VALID) {
2952 if (!snumused || !snumused(sconn, i)) {
2953 free_service_byindex(i);
2959 * Kill all except autoloaded and usershare services - convenience wrapper
2961 void lp_kill_all_services(void)
2963 lp_killunused(NULL, NULL);
2966 /***************************************************************************
2968 ***************************************************************************/
2970 void lp_killservice(int iServiceIn)
2972 if (VALID(iServiceIn)) {
2973 free_service_byindex(iServiceIn);
2977 /***************************************************************************
2978 Save the curent values of all global and sDefault parameters into the
2979 defaults union. This allows testparm to show only the
2980 changed (ie. non-default) parameters.
2981 ***************************************************************************/
2983 static void lp_save_defaults(void)
2986 struct parmlist_entry * parm;
2987 for (i = 0; parm_table[i].label; i++) {
2988 if (!(flags_list[i] & FLAG_CMDLINE)) {
2989 flags_list[i] |= FLAG_DEFAULT;
2992 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
2993 && parm_table[i].p_class == parm_table[i - 1].p_class)
2995 switch (parm_table[i].type) {
2998 parm_table[i].def.lvalue = str_list_copy(
2999 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3005 &parm_table[i].def.svalue,
3006 *(char **)lp_parm_ptr(
3007 NULL, &parm_table[i]));
3008 if (parm_table[i].def.svalue == NULL) {
3009 smb_panic("lpcfg_string_set() failed");
3014 parm_table[i].def.bvalue =
3015 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3018 parm_table[i].def.cvalue =
3019 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3025 parm_table[i].def.ivalue =
3026 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3031 for (parm=Globals.param_opt; parm; parm=parm->next) {
3032 if (!(parm->priority & FLAG_CMDLINE)) {
3033 parm->priority |= FLAG_DEFAULT;
3037 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3038 if (!(parm->priority & FLAG_CMDLINE)) {
3039 parm->priority |= FLAG_DEFAULT;
3043 defaults_saved = true;
3046 /***********************************************************
3047 If we should send plaintext/LANMAN passwords in the clinet
3048 ************************************************************/
3050 static void set_allowed_client_auth(void)
3052 if (Globals.client_ntlmv2_auth) {
3053 Globals.client_lanman_auth = false;
3055 if (!Globals.client_lanman_auth) {
3056 Globals.client_plaintext_auth = false;
3060 /***************************************************************************
3062 The following code allows smbd to read a user defined share file.
3063 Yes, this is my intent. Yes, I'm comfortable with that...
3065 THE FOLLOWING IS SECURITY CRITICAL CODE.
3067 It washes your clothes, it cleans your house, it guards you while you sleep...
3068 Do not f%^k with it....
3069 ***************************************************************************/
3071 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3073 /***************************************************************************
3074 Check allowed stat state of a usershare file.
3075 Ensure we print out who is dicking with us so the admin can
3076 get their sorry ass fired.
3077 ***************************************************************************/
3079 static bool check_usershare_stat(const char *fname,
3080 const SMB_STRUCT_STAT *psbuf)
3082 if (!S_ISREG(psbuf->st_ex_mode)) {
3083 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3084 "not a regular file\n",
3085 fname, (unsigned int)psbuf->st_ex_uid ));
3089 /* Ensure this doesn't have the other write bit set. */
3090 if (psbuf->st_ex_mode & S_IWOTH) {
3091 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3092 "public write. Refusing to allow as a usershare file.\n",
3093 fname, (unsigned int)psbuf->st_ex_uid ));
3097 /* Should be 10k or less. */
3098 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3099 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3100 "too large (%u) to be a user share file.\n",
3101 fname, (unsigned int)psbuf->st_ex_uid,
3102 (unsigned int)psbuf->st_ex_size ));
3109 /***************************************************************************
3110 Parse the contents of a usershare file.
3111 ***************************************************************************/
3113 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3114 SMB_STRUCT_STAT *psbuf,
3115 const char *servicename,
3119 char **pp_sharepath,
3121 char **pp_cp_servicename,
3122 struct security_descriptor **ppsd,
3125 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3126 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3129 SMB_STRUCT_STAT sbuf;
3130 char *sharepath = NULL;
3131 char *comment = NULL;
3133 *pp_sharepath = NULL;
3136 *pallow_guest = false;
3139 return USERSHARE_MALFORMED_FILE;
3142 if (strcmp(lines[0], "#VERSION 1") == 0) {
3144 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3147 return USERSHARE_MALFORMED_FILE;
3150 return USERSHARE_BAD_VERSION;
3153 if (strncmp(lines[1], "path=", 5) != 0) {
3154 return USERSHARE_MALFORMED_PATH;
3157 sharepath = talloc_strdup(ctx, &lines[1][5]);
3159 return USERSHARE_POSIX_ERR;
3161 trim_string(sharepath, " ", " ");
3163 if (strncmp(lines[2], "comment=", 8) != 0) {
3164 return USERSHARE_MALFORMED_COMMENT_DEF;
3167 comment = talloc_strdup(ctx, &lines[2][8]);
3169 return USERSHARE_POSIX_ERR;
3171 trim_string(comment, " ", " ");
3172 trim_char(comment, '"', '"');
3174 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3175 return USERSHARE_MALFORMED_ACL_DEF;
3178 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3179 return USERSHARE_ACL_ERR;
3183 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3184 return USERSHARE_MALFORMED_ACL_DEF;
3186 if (lines[4][9] == 'y') {
3187 *pallow_guest = true;
3190 /* Backwards compatible extension to file version #2. */
3192 if (strncmp(lines[5], "sharename=", 10) != 0) {
3193 return USERSHARE_MALFORMED_SHARENAME_DEF;
3195 if (!strequal(&lines[5][10], servicename)) {
3196 return USERSHARE_BAD_SHARENAME;
3198 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3199 if (!*pp_cp_servicename) {
3200 return USERSHARE_POSIX_ERR;
3205 if (*pp_cp_servicename == NULL) {
3206 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3207 if (!*pp_cp_servicename) {
3208 return USERSHARE_POSIX_ERR;
3212 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3213 /* Path didn't change, no checks needed. */
3214 *pp_sharepath = sharepath;
3215 *pp_comment = comment;
3216 return USERSHARE_OK;
3219 /* The path *must* be absolute. */
3220 if (sharepath[0] != '/') {
3221 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3222 servicename, sharepath));
3223 return USERSHARE_PATH_NOT_ABSOLUTE;
3226 /* If there is a usershare prefix deny list ensure one of these paths
3227 doesn't match the start of the user given path. */
3228 if (prefixdenylist) {
3230 for ( i=0; prefixdenylist[i]; i++ ) {
3231 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3232 servicename, i, prefixdenylist[i], sharepath ));
3233 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3234 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3235 "usershare prefix deny list entries.\n",
3236 servicename, sharepath));
3237 return USERSHARE_PATH_IS_DENIED;
3242 /* If there is a usershare prefix allow list ensure one of these paths
3243 does match the start of the user given path. */
3245 if (prefixallowlist) {
3247 for ( i=0; prefixallowlist[i]; i++ ) {
3248 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3249 servicename, i, prefixallowlist[i], sharepath ));
3250 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3254 if (prefixallowlist[i] == NULL) {
3255 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3256 "usershare prefix allow list entries.\n",
3257 servicename, sharepath));
3258 return USERSHARE_PATH_NOT_ALLOWED;
3262 /* Ensure this is pointing to a directory. */
3263 dp = opendir(sharepath);
3266 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3267 servicename, sharepath));
3268 return USERSHARE_PATH_NOT_DIRECTORY;
3271 /* Ensure the owner of the usershare file has permission to share
3274 if (sys_stat(sharepath, &sbuf, false) == -1) {
3275 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3276 servicename, sharepath, strerror(errno) ));
3278 return USERSHARE_POSIX_ERR;
3283 if (!S_ISDIR(sbuf.st_ex_mode)) {
3284 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3285 servicename, sharepath ));
3286 return USERSHARE_PATH_NOT_DIRECTORY;
3289 /* Check if sharing is restricted to owner-only. */
3290 /* psbuf is the stat of the usershare definition file,
3291 sbuf is the stat of the target directory to be shared. */
3293 if (lp_usershare_owner_only()) {
3294 /* root can share anything. */
3295 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3296 return USERSHARE_PATH_NOT_ALLOWED;
3300 *pp_sharepath = sharepath;
3301 *pp_comment = comment;
3302 return USERSHARE_OK;
3305 /***************************************************************************
3306 Deal with a usershare file.
3309 -1 - Bad name, invalid contents.
3310 - service name already existed and not a usershare, problem
3311 with permissions to share directory etc.
3312 ***************************************************************************/
3314 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3316 SMB_STRUCT_STAT sbuf;
3317 SMB_STRUCT_STAT lsbuf;
3319 char *sharepath = NULL;
3320 char *comment = NULL;
3321 char *cp_service_name = NULL;
3322 char **lines = NULL;
3326 TALLOC_CTX *ctx = talloc_stackframe();
3327 struct security_descriptor *psd = NULL;
3328 bool guest_ok = false;
3329 char *canon_name = NULL;
3330 bool added_service = false;
3333 /* Ensure share name doesn't contain invalid characters. */
3334 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3335 DEBUG(0,("process_usershare_file: share name %s contains "
3336 "invalid characters (any of %s)\n",
3337 file_name, INVALID_SHARENAME_CHARS ));
3341 canon_name = canonicalize_servicename(ctx, file_name);
3346 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3351 /* Minimize the race condition by doing an lstat before we
3352 open and fstat. Ensure this isn't a symlink link. */
3354 if (sys_lstat(fname, &lsbuf, false) != 0) {
3355 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3356 fname, strerror(errno) ));
3360 /* This must be a regular file, not a symlink, directory or
3361 other strange filetype. */
3362 if (!check_usershare_stat(fname, &lsbuf)) {
3370 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3375 if (NT_STATUS_IS_OK(status) &&
3376 (data.dptr != NULL) &&
3377 (data.dsize == sizeof(iService))) {
3378 memcpy(&iService, data.dptr, sizeof(iService));
3382 if (iService != -1 &&
3383 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3384 &lsbuf.st_ex_mtime) == 0) {
3385 /* Nothing changed - Mark valid and return. */
3386 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3388 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3393 /* Try and open the file read only - no symlinks allowed. */
3395 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3397 fd = open(fname, O_RDONLY, 0);
3401 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3402 fname, strerror(errno) ));
3406 /* Now fstat to be *SURE* it's a regular file. */
3407 if (sys_fstat(fd, &sbuf, false) != 0) {
3409 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3410 fname, strerror(errno) ));
3414 /* Is it the same dev/inode as was lstated ? */
3415 if (!check_same_stat(&lsbuf, &sbuf)) {
3417 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3418 "Symlink spoofing going on ?\n", fname ));
3422 /* This must be a regular file, not a symlink, directory or
3423 other strange filetype. */
3424 if (!check_usershare_stat(fname, &sbuf)) {
3429 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3432 if (lines == NULL) {
3433 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3434 fname, (unsigned int)sbuf.st_ex_uid ));
3438 if (parse_usershare_file(ctx, &sbuf, file_name,
3439 iService, lines, numlines, &sharepath,
3440 &comment, &cp_service_name,
3441 &psd, &guest_ok) != USERSHARE_OK) {
3445 /* Everything ok - add the service possibly using a template. */
3447 const struct loadparm_service *sp = &sDefault;
3448 if (snum_template != -1) {
3449 sp = ServicePtrs[snum_template];
3452 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3453 DEBUG(0, ("process_usershare_file: Failed to add "
3454 "new service %s\n", cp_service_name));
3458 added_service = true;
3460 /* Read only is controlled by usershare ACL below. */
3461 ServicePtrs[iService]->read_only = false;
3464 /* Write the ACL of the new/modified share. */
3465 if (!set_share_security(canon_name, psd)) {
3466 DEBUG(0, ("process_usershare_file: Failed to set share "
3467 "security for user share %s\n",
3472 /* If from a template it may be marked invalid. */
3473 ServicePtrs[iService]->valid = true;
3475 /* Set the service as a valid usershare. */
3476 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3478 /* Set guest access. */
3479 if (lp_usershare_allow_guests()) {
3480 ServicePtrs[iService]->guest_ok = guest_ok;
3483 /* And note when it was loaded. */
3484 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3485 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3487 lpcfg_string_set(ServicePtrs[iService],
3488 &ServicePtrs[iService]->comment, comment);
3494 if (ret == -1 && iService != -1 && added_service) {
3495 lp_remove_service(iService);
3503 /***************************************************************************
3504 Checks if a usershare entry has been modified since last load.
3505 ***************************************************************************/
3507 static bool usershare_exists(int iService, struct timespec *last_mod)
3509 SMB_STRUCT_STAT lsbuf;
3510 const char *usersharepath = Globals.usershare_path;
3513 fname = talloc_asprintf(talloc_tos(),
3516 ServicePtrs[iService]->szService);
3517 if (fname == NULL) {
3521 if (sys_lstat(fname, &lsbuf, false) != 0) {
3526 if (!S_ISREG(lsbuf.st_ex_mode)) {
3532 *last_mod = lsbuf.st_ex_mtime;
3536 static bool usershare_directory_is_root(uid_t uid)
3542 if (uid_wrapper_enabled()) {
3549 /***************************************************************************
3550 Load a usershare service by name. Returns a valid servicenumber or -1.
3551 ***************************************************************************/
3553 int load_usershare_service(const char *servicename)
3555 SMB_STRUCT_STAT sbuf;
3556 const char *usersharepath = Globals.usershare_path;
3557 int max_user_shares = Globals.usershare_max_shares;
3558 int snum_template = -1;
3560 if (*usersharepath == 0 || max_user_shares == 0) {
3564 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3565 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3566 usersharepath, strerror(errno) ));
3570 if (!S_ISDIR(sbuf.st_ex_mode)) {
3571 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3577 * This directory must be owned by root, and have the 't' bit set.
3578 * It also must not be writable by "other".
3582 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3583 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3585 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3586 (sbuf.st_ex_mode & S_IWOTH)) {
3588 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3589 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3594 /* Ensure the template share exists if it's set. */
3595 if (Globals.usershare_template_share[0]) {
3596 /* We can't use lp_servicenumber here as we are recommending that
3597 template shares have -valid=false set. */
3598 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3599 if (ServicePtrs[snum_template]->szService &&
3600 strequal(ServicePtrs[snum_template]->szService,
3601 Globals.usershare_template_share)) {
3606 if (snum_template == -1) {
3607 DEBUG(0,("load_usershare_service: usershare template share %s "
3608 "does not exist.\n",
3609 Globals.usershare_template_share ));
3614 return process_usershare_file(usersharepath, servicename, snum_template);
3617 /***************************************************************************
3618 Load all user defined shares from the user share directory.
3619 We only do this if we're enumerating the share list.
3620 This is the function that can delete usershares that have
3622 ***************************************************************************/
3624 int load_usershare_shares(struct smbd_server_connection *sconn,
3625 bool (*snumused) (struct smbd_server_connection *, int))
3628 SMB_STRUCT_STAT sbuf;
3630 int num_usershares = 0;
3631 int max_user_shares = Globals.usershare_max_shares;
3632 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3633 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3634 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3636 int snum_template = -1;
3637 const char *usersharepath = Globals.usershare_path;
3638 int ret = lp_numservices();
3639 TALLOC_CTX *tmp_ctx;
3641 if (max_user_shares == 0 || *usersharepath == '\0') {
3642 return lp_numservices();
3645 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3646 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3647 usersharepath, strerror(errno) ));
3652 * This directory must be owned by root, and have the 't' bit set.
3653 * It also must not be writable by "other".
3657 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3659 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3661 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3662 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3667 /* Ensure the template share exists if it's set. */
3668 if (Globals.usershare_template_share[0]) {
3669 /* We can't use lp_servicenumber here as we are recommending that
3670 template shares have -valid=false set. */
3671 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3672 if (ServicePtrs[snum_template]->szService &&
3673 strequal(ServicePtrs[snum_template]->szService,
3674 Globals.usershare_template_share)) {
3679 if (snum_template == -1) {
3680 DEBUG(0,("load_usershare_shares: usershare template share %s "
3681 "does not exist.\n",
3682 Globals.usershare_template_share ));
3687 /* Mark all existing usershares as pending delete. */
3688 for (iService = iNumServices - 1; iService >= 0; iService--) {
3689 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3690 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3694 dp = opendir(usersharepath);
3696 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3697 usersharepath, strerror(errno) ));
3701 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3703 num_dir_entries++ ) {
3705 const char *n = de->d_name;
3707 /* Ignore . and .. */
3709 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3715 /* Temporary file used when creating a share. */
3716 num_tmp_dir_entries++;
3719 /* Allow 20% tmp entries. */
3720 if (num_tmp_dir_entries > allowed_tmp_entries) {
3721 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3722 "in directory %s\n",
3723 num_tmp_dir_entries, usersharepath));
3727 r = process_usershare_file(usersharepath, n, snum_template);
3729 /* Update the services count. */
3731 if (num_usershares >= max_user_shares) {
3732 DEBUG(0,("load_usershare_shares: max user shares reached "
3733 "on file %s in directory %s\n",
3734 n, usersharepath ));
3737 } else if (r == -1) {
3738 num_bad_dir_entries++;
3741 /* Allow 20% bad entries. */
3742 if (num_bad_dir_entries > allowed_bad_entries) {
3743 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3744 "in directory %s\n",
3745 num_bad_dir_entries, usersharepath));
3749 /* Allow 20% bad entries. */
3750 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3751 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3752 "in directory %s\n",
3753 num_dir_entries, usersharepath));
3760 /* Sweep through and delete any non-refreshed usershares that are
3761 not currently in use. */
3762 tmp_ctx = talloc_stackframe();
3763 for (iService = iNumServices - 1; iService >= 0; iService--) {
3764 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3767 if (snumused && snumused(sconn, iService)) {
3771 servname = lp_servicename(tmp_ctx, iService);
3773 /* Remove from the share ACL db. */
3774 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3776 delete_share_security(servname);
3777 free_service_byindex(iService);
3780 talloc_free(tmp_ctx);
3782 return lp_numservices();
3785 /********************************************************
3786 Destroy global resources allocated in this file
3787 ********************************************************/
3789 void gfree_loadparm(void)
3795 /* Free resources allocated to services */
3797 for ( i = 0; i < iNumServices; i++ ) {
3799 free_service_byindex(i);
3803 TALLOC_FREE( ServicePtrs );
3806 /* Now release all resources allocated to global
3807 parameters and the default service */
3809 free_global_parameters();
3813 /***************************************************************************
3814 Allow client apps to specify that they are a client
3815 ***************************************************************************/
3816 static void lp_set_in_client(bool b)
3822 /***************************************************************************
3823 Determine if we're running in a client app
3824 ***************************************************************************/
3825 static bool lp_is_in_client(void)
3830 static void lp_enforce_ad_dc_settings(void)
3832 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3833 lp_do_parameter(GLOBAL_SECTION_SNUM,
3834 "winbindd:use external pipes", "true");
3835 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3836 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3837 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3838 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3839 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3840 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3841 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3842 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3843 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3846 /***************************************************************************
3847 Load the services array from the services file. Return true on success,
3849 ***************************************************************************/
3851 static bool lp_load_ex(const char *pszFname,
3855 bool reinit_globals,
3856 bool allow_include_registry,
3857 bool load_all_shares)
3861 TALLOC_CTX *frame = talloc_stackframe();
3862 struct loadparm_context *lp_ctx;
3863 int max_protocol, min_protocol;
3865 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3867 bInGlobalSection = true;
3868 bGlobalOnly = global_only;
3869 bAllowIncludeRegistry = allow_include_registry;
3870 sDefault = _sDefault;
3872 lp_ctx = setup_lp_context(talloc_tos());
3874 init_globals(lp_ctx, reinit_globals);
3878 if (save_defaults) {
3883 if (!reinit_globals) {
3884 free_param_opts(&Globals.param_opt);
3885 apply_lp_set_cmdline();
3888 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3890 /* We get sections first, so have to start 'behind' to make up */
3893 if (lp_config_backend_is_file()) {
3894 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3895 current_user_info.domain,
3898 smb_panic("lp_load_ex: out of memory");
3901 add_to_file_list(NULL, &file_lists, pszFname, n2);
3903 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3906 /* finish up the last section */
3907 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3909 if (iServiceIndex >= 0) {
3910 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3914 if (lp_config_backend_is_registry()) {
3916 /* config backend changed to registry in config file */
3918 * We need to use this extra global variable here to
3919 * survive restart: init_globals uses this as a default
3920 * for config_backend. Otherwise, init_globals would
3921 * send us into an endless loop here.
3924 config_backend = CONFIG_BACKEND_REGISTRY;
3926 DEBUG(1, ("lp_load_ex: changing to config backend "
3928 init_globals(lp_ctx, true);
3930 TALLOC_FREE(lp_ctx);
3932 lp_kill_all_services();
3933 ok = lp_load_ex(pszFname, global_only, save_defaults,
3934 add_ipc, reinit_globals,
3935 allow_include_registry,
3940 } else if (lp_config_backend_is_registry()) {
3941 bRetval = process_registry_globals();
3943 DEBUG(0, ("Illegal config backend given: %d\n",
3944 lp_config_backend()));
3948 if (bRetval && lp_registry_shares()) {
3949 if (load_all_shares) {
3950 bRetval = process_registry_shares();
3952 bRetval = reload_registry_shares();
3957 char *serv = lp_auto_services(talloc_tos());
3958 lp_add_auto_services(serv);
3963 /* When 'restrict anonymous = 2' guest connections to ipc$
3965 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
3966 if ( lp_enable_asu_support() ) {
3967 lp_add_ipc("ADMIN$", false);
3971 set_allowed_client_auth();
3973 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
3974 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
3975 lp_password_server()));
3980 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
3981 /* if we_are_a_wins_server is true and we are in the client */
3982 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
3983 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
3988 fault_configure(smb_panic_s3);
3991 * We run this check once the whole smb.conf is parsed, to
3992 * force some settings for the standard way a AD DC is
3993 * operated. We may change these as our code evolves, which
3994 * is why we force these settings.
3996 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
3997 lp_enforce_ad_dc_settings();
4000 bAllowIncludeRegistry = true;
4002 /* Check if command line max protocol < min protocol, if so
4003 * report a warning to the user.
4005 max_protocol = lp_client_max_protocol();
4006 min_protocol = lp_client_min_protocol();
4007 if (max_protocol < min_protocol) {
4008 const char *max_protocolp, *min_protocolp;
4009 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4010 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4011 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4012 max_protocolp, min_protocolp);
4019 static bool lp_load(const char *pszFname,
4023 bool reinit_globals)
4025 return lp_load_ex(pszFname,
4030 true, /* allow_include_registry */
4031 false); /* load_all_shares*/
4034 bool lp_load_initial_only(const char *pszFname)
4036 return lp_load_ex(pszFname,
4037 true, /* global only */
4038 true, /* save_defaults */
4039 false, /* add_ipc */
4040 true, /* reinit_globals */
4041 false, /* allow_include_registry */
4042 false); /* load_all_shares*/
4046 * most common lp_load wrapper, loading only the globals
4048 * If this is used in a daemon or client utility it should be called
4049 * after processing popt.
4051 bool lp_load_global(const char *file_name)
4053 return lp_load(file_name,
4054 true, /* global_only */
4055 false, /* save_defaults */
4056 false, /* add_ipc */
4057 true); /* reinit_globals */
4061 * The typical lp_load wrapper with shares, loads global and
4062 * shares, including IPC, but does not force immediate
4063 * loading of all shares from registry.
4065 bool lp_load_with_shares(const char *file_name)
4067 return lp_load(file_name,
4068 false, /* global_only */
4069 false, /* save_defaults */
4071 true); /* reinit_globals */
4075 * lp_load wrapper, especially for clients
4077 bool lp_load_client(const char *file_name)
4079 lp_set_in_client(true);
4081 return lp_load_global(file_name);
4085 * lp_load wrapper, loading only globals, but intended
4086 * for subsequent calls, not reinitializing the globals
4089 bool lp_load_global_no_reinit(const char *file_name)
4091 return lp_load(file_name,
4092 true, /* global_only */
4093 false, /* save_defaults */
4094 false, /* add_ipc */
4095 false); /* reinit_globals */
4099 * lp_load wrapper, loading globals and shares,
4100 * intended for subsequent calls, i.e. not reinitializing
4101 * the globals to default values.
4103 bool lp_load_no_reinit(const char *file_name)
4105 return lp_load(file_name,
4106 false, /* global_only */
4107 false, /* save_defaults */
4108 false, /* add_ipc */
4109 false); /* reinit_globals */
4114 * lp_load wrapper, especially for clients, no reinitialization
4116 bool lp_load_client_no_reinit(const char *file_name)
4118 lp_set_in_client(true);
4120 return lp_load_global_no_reinit(file_name);
4123 bool lp_load_with_registry_shares(const char *pszFname)
4125 return lp_load_ex(pszFname,
4126 false, /* global_only */
4127 true, /* save_defaults */
4128 false, /* add_ipc */
4129 true, /* reinit_globals */
4130 true, /* allow_include_registry */
4131 true); /* load_all_shares*/
4134 /***************************************************************************
4135 Return the max number of services.
4136 ***************************************************************************/
4138 int lp_numservices(void)
4140 return (iNumServices);
4143 /***************************************************************************
4144 Display the contents of the services array in human-readable form.
4145 ***************************************************************************/
4147 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4150 struct loadparm_context *lp_ctx;
4153 defaults_saved = false;
4155 lp_ctx = setup_lp_context(talloc_tos());
4156 if (lp_ctx == NULL) {
4160 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4162 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4164 for (iService = 0; iService < maxtoprint; iService++) {
4166 lp_dump_one(f, show_defaults, iService);
4168 TALLOC_FREE(lp_ctx);
4171 /***************************************************************************
4172 Display the contents of one service in human-readable form.
4173 ***************************************************************************/
4175 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4178 if (ServicePtrs[snum]->szService[0] == '\0')
4180 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4181 flags_list, show_defaults);
4185 /***************************************************************************
4186 Return the number of the service with the given name, or -1 if it doesn't
4187 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4188 getservicebyname()! This works ONLY if all services have been loaded, and
4189 does not copy the found service.
4190 ***************************************************************************/
4192 int lp_servicenumber(const char *pszServiceName)
4195 fstring serviceName;
4197 if (!pszServiceName) {
4198 return GLOBAL_SECTION_SNUM;
4201 for (iService = iNumServices - 1; iService >= 0; iService--) {
4202 if (VALID(iService) && ServicePtrs[iService]->szService) {
4204 * The substitution here is used to support %U in
4207 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4208 standard_sub_basic(get_current_username(),
4209 current_user_info.domain,
4210 serviceName,sizeof(serviceName));
4211 if (strequal(serviceName, pszServiceName)) {
4217 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4218 struct timespec last_mod;
4220 if (!usershare_exists(iService, &last_mod)) {
4221 /* Remove the share security tdb entry for it. */
4222 delete_share_security(lp_const_servicename(iService));
4223 /* Remove it from the array. */
4224 free_service_byindex(iService);
4225 /* Doesn't exist anymore. */
4226 return GLOBAL_SECTION_SNUM;
4229 /* Has it been modified ? If so delete and reload. */
4230 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4232 /* Remove it from the array. */
4233 free_service_byindex(iService);
4234 /* and now reload it. */
4235 iService = load_usershare_service(pszServiceName);
4240 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4241 return GLOBAL_SECTION_SNUM;
4247 /*******************************************************************
4248 A useful volume label function.
4249 ********************************************************************/
4251 const char *volume_label(TALLOC_CTX *ctx, int snum)
4254 const char *label = lp_volume(ctx, snum);
4258 label = lp_servicename(ctx, snum);
4262 * Volume label can be a max of 32 bytes. Make sure to truncate
4263 * it at a codepoint boundary if it's longer than 32 and contains
4264 * multibyte characters. Windows insists on a volume label being
4265 * a valid mb sequence, and errors out if not.
4267 if (strlen(label) > 32) {
4269 * A MB char can be a max of 5 bytes, thus
4270 * we should have a valid mb character at a
4271 * minimum position of (32-5) = 27.
4275 * Check if a codepoint starting from next byte
4276 * is valid. If yes, then the current byte is the
4277 * end of a MB or ascii sequence and the label can
4278 * be safely truncated here. If not, keep going
4279 * backwards till a valid codepoint is found.
4282 const char *s = &label[end];
4283 codepoint_t c = next_codepoint(s, &len);
4284 if (c != INVALID_CODEPOINT) {
4291 /* This returns a max of 33 byte guarenteed null terminated string. */
4292 ret = talloc_strndup(ctx, label, end);
4299 /*******************************************************************
4300 Get the default server type we will announce as via nmbd.
4301 ********************************************************************/
4303 int lp_default_server_announce(void)
4305 int default_server_announce = 0;
4306 default_server_announce |= SV_TYPE_WORKSTATION;
4307 default_server_announce |= SV_TYPE_SERVER;
4308 default_server_announce |= SV_TYPE_SERVER_UNIX;
4310 /* note that the flag should be set only if we have a
4311 printer service but nmbd doesn't actually load the
4312 services so we can't tell --jerry */
4314 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4316 default_server_announce |= SV_TYPE_SERVER_NT;
4317 default_server_announce |= SV_TYPE_NT;
4319 switch (lp_server_role()) {
4320 case ROLE_DOMAIN_MEMBER:
4321 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4323 case ROLE_DOMAIN_PDC:
4324 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4326 case ROLE_DOMAIN_BDC:
4327 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4329 case ROLE_STANDALONE:
4333 if (lp_time_server())
4334 default_server_announce |= SV_TYPE_TIME_SOURCE;
4336 if (lp_host_msdfs())
4337 default_server_announce |= SV_TYPE_DFS_SERVER;
4339 return default_server_announce;
4342 /***********************************************************
4343 If we are PDC then prefer us as DMB
4344 ************************************************************/
4346 bool lp_domain_master(void)
4348 if (Globals._domain_master == Auto)
4349 return (lp_server_role() == ROLE_DOMAIN_PDC);
4351 return (bool)Globals._domain_master;
4354 /***********************************************************
4355 If we are PDC then prefer us as DMB
4356 ************************************************************/
4358 static bool lp_domain_master_true_or_auto(void)
4360 if (Globals._domain_master) /* auto or yes */
4366 /***********************************************************
4367 If we are DMB then prefer us as LMB
4368 ************************************************************/
4370 bool lp_preferred_master(void)
4372 int preferred_master = lp__preferred_master();
4374 if (preferred_master == Auto)
4375 return (lp_local_master() && lp_domain_master());
4377 return (bool)preferred_master;
4380 /*******************************************************************
4382 ********************************************************************/
4384 void lp_remove_service(int snum)
4386 ServicePtrs[snum]->valid = false;
4389 const char *lp_printername(TALLOC_CTX *ctx, int snum)
4391 const char *ret = lp__printername(ctx, snum);
4392 if (ret == NULL || *ret == '\0') {
4393 ret = lp_const_servicename(snum);
4400 /***********************************************************
4401 Allow daemons such as winbindd to fix their logfile name.
4402 ************************************************************/
4404 void lp_set_logfile(const char *name)
4406 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4407 debug_set_logfile(name);
4410 /*******************************************************************
4411 Return the max print jobs per queue.
4412 ********************************************************************/
4414 int lp_maxprintjobs(int snum)
4416 int maxjobs = lp_max_print_jobs(snum);
4418 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4419 maxjobs = PRINT_MAX_JOBID - 1;
4424 const char *lp_printcapname(void)
4426 const char *printcap_name = lp_printcap_name();
4428 if ((printcap_name != NULL) &&
4429 (printcap_name[0] != '\0'))
4430 return printcap_name;
4432 if (sDefault.printing == PRINT_CUPS) {
4436 if (sDefault.printing == PRINT_BSD)
4437 return "/etc/printcap";
4439 return PRINTCAP_NAME;
4442 static uint32_t spoolss_state;
4444 bool lp_disable_spoolss( void )
4446 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4447 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4449 return spoolss_state == SVCCTL_STOPPED ? true : false;
4452 void lp_set_spoolss_state( uint32_t state )
4454 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4456 spoolss_state = state;
4459 uint32_t lp_get_spoolss_state( void )
4461 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4464 /*******************************************************************
4465 Ensure we don't use sendfile if server smb signing is active.
4466 ********************************************************************/
4468 bool lp_use_sendfile(int snum, struct smb_signing_state *signing_state)
4470 bool sign_active = false;
4472 /* Using sendfile blows the brains out of any DOS or Win9x TCP stack... JRA. */
4473 if (get_Protocol() < PROTOCOL_NT1) {
4476 if (signing_state) {
4477 sign_active = smb_signing_is_active(signing_state);
4479 return (lp__use_sendfile(snum) &&
4480 (get_remote_arch() != RA_WIN95) &&
4484 /*******************************************************************
4485 Turn off sendfile if we find the underlying OS doesn't support it.
4486 ********************************************************************/
4488 void set_use_sendfile(int snum, bool val)
4490 if (LP_SNUM_OK(snum))
4491 ServicePtrs[snum]->_use_sendfile = val;
4493 sDefault._use_sendfile = val;
4496 void lp_set_mangling_method(const char *new_method)
4498 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4501 /*******************************************************************
4502 Global state for POSIX pathname processing.
4503 ********************************************************************/
4505 static bool posix_pathnames;
4507 bool lp_posix_pathnames(void)
4509 return posix_pathnames;
4512 /*******************************************************************
4513 Change everything needed to ensure POSIX pathname processing (currently
4515 ********************************************************************/
4517 void lp_set_posix_pathnames(void)
4519 posix_pathnames = true;
4522 /*******************************************************************
4523 Global state for POSIX lock processing - CIFS unix extensions.
4524 ********************************************************************/
4526 bool posix_default_lock_was_set;
4527 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4529 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4531 if (posix_default_lock_was_set) {
4532 return posix_cifsx_locktype;
4534 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4535 POSIX_LOCK : WINDOWS_LOCK;
4539 /*******************************************************************
4540 ********************************************************************/
4542 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4544 posix_default_lock_was_set = true;
4545 posix_cifsx_locktype = val;
4548 int lp_min_receive_file_size(void)
4550 int min_receivefile_size = lp_min_receivefile_size();
4552 if (min_receivefile_size < 0) {
4555 return min_receivefile_size;
4558 /*******************************************************************
4559 Safe wide links checks.
4560 This helper function always verify the validity of wide links,
4561 even after a configuration file reload.
4562 ********************************************************************/
4564 void widelinks_warning(int snum)
4566 if (lp_allow_insecure_wide_links()) {
4570 if (lp_unix_extensions() && lp_wide_links(snum)) {
4571 DBG_ERR("Share '%s' has wide links and unix extensions enabled. "
4572 "These parameters are incompatible. "
4573 "Wide links will be disabled for this share.\n",
4574 lp_const_servicename(snum));
4578 bool lp_widelinks(int snum)
4580 /* wide links is always incompatible with unix extensions */
4581 if (lp_unix_extensions()) {
4583 * Unless we have "allow insecure widelinks"
4586 if (!lp_allow_insecure_wide_links()) {
4591 return lp_wide_links(snum);
4594 int lp_server_role(void)
4596 return lp_find_server_role(lp__server_role(),
4598 lp__domain_logons(),
4599 lp_domain_master_true_or_auto());
4602 int lp_security(void)
4604 return lp_find_security(lp__server_role(),
4608 int lp_client_max_protocol(void)
4610 int client_max_protocol = lp__client_max_protocol();
4611 if (client_max_protocol == PROTOCOL_DEFAULT) {
4612 return PROTOCOL_LATEST;
4614 return client_max_protocol;
4617 int lp_client_ipc_min_protocol(void)
4619 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4620 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4621 client_ipc_min_protocol = lp_client_min_protocol();
4623 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4624 return PROTOCOL_NT1;
4626 return client_ipc_min_protocol;
4629 int lp_client_ipc_max_protocol(void)
4631 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4632 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4633 return PROTOCOL_LATEST;
4635 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4636 return PROTOCOL_NT1;
4638 return client_ipc_max_protocol;
4641 int lp_client_ipc_signing(void)
4643 int client_ipc_signing = lp__client_ipc_signing();
4644 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4645 return SMB_SIGNING_REQUIRED;
4647 return client_ipc_signing;
4650 int lp_rpc_low_port(void)
4652 return Globals.rpc_low_port;
4655 int lp_rpc_high_port(void)
4657 return Globals.rpc_high_port;
4661 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4663 * This also ensures it is disabled if NTLM is totally disabled
4665 bool lp_lanman_auth(void)
4667 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4669 if (ntlm_auth_level == NTLM_AUTH_ON) {
4670 return lp__lanman_auth();
4676 struct loadparm_global * get_globals(void)
4681 unsigned int * get_flags(void)
4683 if (flags_list == NULL) {
4684 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());