2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
57 #include "system/filesys.h"
59 #include "lib/param/loadparm.h"
60 #include "lib/param/param.h"
62 #include "lib/smbconf/smbconf.h"
63 #include "lib/smbconf/smbconf_init.h"
66 #include "../librpc/gen_ndr/svcctl.h"
68 #include "../libcli/smb/smb_signing.h"
69 #include "dbwrap/dbwrap.h"
70 #include "dbwrap/dbwrap_rbt.h"
71 #include "../lib/util/bitmap.h"
72 #include "librpc/gen_ndr/nbt.h"
74 #ifdef HAVE_SYS_SYSCTL_H
75 #include <sys/sysctl.h>
78 #ifdef HAVE_HTTPCONNECTENCRYPT
79 #include <cups/http.h>
84 extern userdom_struct current_user_info;
86 /* the special value for the include parameter
87 * to be interpreted not as a file name but to
88 * trigger loading of the global smb.conf options
90 #ifndef INCLUDE_REGISTRY_NAME
91 #define INCLUDE_REGISTRY_NAME "registry"
94 static bool in_client = false; /* Not in the client by default */
95 static struct smbconf_csn conf_last_csn;
97 static int config_backend = CONFIG_BACKEND_FILE;
99 /* some helpful bits */
100 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && (ServicePtrs != NULL) && ServicePtrs[(i)]->valid)
101 #define VALID(i) (ServicePtrs != NULL && ServicePtrs[i]->valid)
103 #define USERSHARE_VALID 1
104 #define USERSHARE_PENDING_DELETE 2
106 static bool defaults_saved = false;
108 #include "lib/param/param_global.h"
110 static struct loadparm_global Globals;
112 /* This is a default service used to prime a services structure */
113 static struct loadparm_service sDefault =
118 .usershare_last_mod = {0, 0},
122 .invalid_users = NULL,
129 .root_preexec = NULL,
130 .root_postexec = NULL,
131 .cups_options = NULL,
132 .print_command = NULL,
134 .lprm_command = NULL,
135 .lppause_command = NULL,
136 .lpresume_command = NULL,
137 .queuepause_command = NULL,
138 .queueresume_command = NULL,
139 ._printername = NULL,
140 .printjob_username = NULL,
141 .dont_descend = NULL,
144 .magic_script = NULL,
145 .magic_output = NULL,
148 .veto_oplock_files = NULL,
158 .aio_write_behind = NULL,
159 .dfree_command = NULL,
160 .min_print_space = 0,
161 .iMaxPrintJobs = 1000,
162 .max_reported_print_jobs = 0,
163 .write_cache_size = 0,
165 .force_create_mode = 0,
166 .directory_mask = 0755,
167 .force_directory_mode = 0,
168 .max_connections = 0,
169 .default_case = CASE_LOWER,
170 .printing = DEFAULT_PRINTING,
171 .oplock_contention_limit = 2,
174 .dfree_cache_time = 0,
175 .preexec_close = false,
176 .root_preexec_close = false,
177 .case_sensitive = Auto,
178 .preserve_case = true,
179 .short_preserve_case = true,
180 .hide_dot_files = true,
181 .hide_special_files = false,
182 .hide_unreadable = false,
183 .hide_unwriteable_files = false,
185 .access_based_share_enum = false,
190 .administrative_share = false,
193 .print_notify_backchannel = false,
197 .store_dos_attributes = false,
198 .dmapi_support = false,
200 .strict_locking = Auto,
201 .posix_locking = true,
203 .kernel_oplocks = false,
204 .level2_oplocks = true,
206 .mangled_names = true,
208 .follow_symlinks = true,
209 .sync_always = false,
210 .strict_allocate = false,
211 .strict_rename = false,
212 .strict_sync = false,
213 .mangling_char = '~',
215 .delete_readonly = false,
216 .fake_oplocks = false,
217 .delete_veto_files = false,
218 .dos_filemode = false,
219 .dos_filetimes = true,
220 .dos_filetime_resolution = false,
221 .fake_directory_create_times = false,
222 .blocking_locks = true,
223 .inherit_permissions = false,
224 .inherit_acls = false,
225 .inherit_owner = false,
227 .msdfs_shuffle_referrals = false,
228 .use_client_driver = false,
229 .default_devmode = true,
230 .force_printername = false,
231 .nt_acl_support = true,
232 .force_unknown_acl_user = false,
233 ._use_sendfile = false,
234 .profile_acls = false,
235 .map_acl_inherit = false,
238 .acl_check_permissions = true,
239 .acl_map_full_control = true,
240 .acl_group_control = false,
241 .acl_allow_execute_always = false,
242 .allocation_roundup_size = SMB_ROUNDUP_ALLOCATION_SIZE,
245 .map_readonly = MAP_READONLY_YES,
246 .directory_name_cache_size = 100,
247 .smb_encrypt = SMB_SIGNING_DEFAULT,
248 .kernel_share_modes = true,
249 .durable_handles = true,
254 /* local variables */
255 static struct loadparm_service **ServicePtrs = NULL;
256 static int iNumServices = 0;
257 static int iServiceIndex = 0;
258 static struct db_context *ServiceHash;
259 static bool bInGlobalSection = true;
260 static bool bGlobalOnly = false;
261 static struct file_lists *file_lists = NULL;
262 static unsigned int *flags_list = NULL;
264 static void set_allowed_client_auth(void);
266 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
267 static void free_param_opts(struct parmlist_entry **popts);
269 /* this is used to prevent lots of mallocs of size 1 */
270 static const char null_string[] = "";
276 static void string_free(char **s)
280 if (*s == null_string)
286 Set a string value, deallocating any existing space, and allocing the space
290 static bool string_set(TALLOC_CTX *mem_ctx, char **dest,const char *src)
298 (*dest) = talloc_strdup(mem_ctx, src);
299 if ((*dest) == NULL) {
300 DEBUG(0,("Out of memory in string_init\n"));
308 * Function to return the default value for the maximum number of open
309 * file descriptors permitted. This function tries to consult the
310 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
311 * the smaller of those.
313 static int max_open_files(void)
315 int sysctl_max = MAX_OPEN_FILES;
316 int rlimit_max = MAX_OPEN_FILES;
318 #ifdef HAVE_SYSCTLBYNAME
320 size_t size = sizeof(sysctl_max);
321 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
326 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
332 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
333 rlimit_max = rl.rlim_cur;
335 #if defined(RLIM_INFINITY)
336 if(rl.rlim_cur == RLIM_INFINITY)
337 rlimit_max = MAX_OPEN_FILES;
342 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
343 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
344 "minimum Windows limit (%d)\n",
346 MIN_OPEN_FILES_WINDOWS));
347 sysctl_max = MIN_OPEN_FILES_WINDOWS;
350 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
351 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
352 "minimum Windows limit (%d)\n",
354 MIN_OPEN_FILES_WINDOWS));
355 rlimit_max = MIN_OPEN_FILES_WINDOWS;
358 return MIN(sysctl_max, rlimit_max);
362 * Common part of freeing allocated data for one parameter.
364 static void free_one_parameter_common(void *parm_ptr,
365 struct parm_struct parm)
367 if ((parm.type == P_STRING) ||
368 (parm.type == P_USTRING))
370 string_free((char**)parm_ptr);
371 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
372 TALLOC_FREE(*((char***)parm_ptr));
377 * Free the allocated data for one parameter for a share
378 * given as a service struct.
380 static void free_one_parameter(struct loadparm_service *service,
381 struct parm_struct parm)
385 if (parm.p_class != P_LOCAL) {
389 parm_ptr = lp_parm_ptr(service, &parm);
391 free_one_parameter_common(parm_ptr, parm);
395 * Free the allocated parameter data of a share given
396 * as a service struct.
398 static void free_parameters(struct loadparm_service *service)
402 for (i=0; parm_table[i].label; i++) {
403 free_one_parameter(service, parm_table[i]);
408 * Free the allocated data for one parameter for a given share
409 * specified by an snum.
411 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
416 parm_ptr = lp_parm_ptr(NULL, &parm);
417 } else if (parm.p_class != P_LOCAL) {
420 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
423 free_one_parameter_common(parm_ptr, parm);
427 * Free the allocated parameter data for a share specified
430 static void free_parameters_by_snum(int snum)
434 for (i=0; parm_table[i].label; i++) {
435 free_one_parameter_by_snum(snum, parm_table[i]);
440 * Free the allocated global parameters.
442 static void free_global_parameters(void)
444 free_param_opts(&Globals.param_opt);
445 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
446 TALLOC_FREE(Globals.ctx);
449 struct lp_stored_option {
450 struct lp_stored_option *prev, *next;
455 static struct lp_stored_option *stored_options;
458 save options set by lp_set_cmdline() into a list. This list is
459 re-applied when we do a globals reset, so that cmdline set options
460 are sticky across reloads of smb.conf
462 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
464 struct lp_stored_option *entry, *entry_next;
465 for (entry = stored_options; entry != NULL; entry = entry_next) {
466 entry_next = entry->next;
467 if (strcmp(pszParmName, entry->label) == 0) {
468 DLIST_REMOVE(stored_options, entry);
474 entry = talloc(NULL, struct lp_stored_option);
479 entry->label = talloc_strdup(entry, pszParmName);
485 entry->value = talloc_strdup(entry, pszParmValue);
491 DLIST_ADD_END(stored_options, entry, struct lp_stored_option);
496 static bool apply_lp_set_cmdline(void)
498 struct lp_stored_option *entry = NULL;
499 for (entry = stored_options; entry != NULL; entry = entry->next) {
500 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
501 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
502 entry->label, entry->value));
509 /***************************************************************************
510 Initialise the global parameter structure.
511 ***************************************************************************/
513 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
515 static bool done_init = false;
519 /* If requested to initialize only once and we've already done it... */
520 if (!reinit_globals && done_init) {
521 /* ... then we have nothing more to do */
526 /* The logfile can be set before this is invoked. Free it if so. */
527 if (Globals.logfile != NULL) {
528 string_free(&Globals.logfile);
529 Globals.logfile = NULL;
533 free_global_parameters();
536 /* This memset and the free_global_parameters() above will
537 * wipe out smb.conf options set with lp_set_cmdline(). The
538 * apply_lp_set_cmdline() call puts these values back in the
539 * table once the defaults are set */
540 ZERO_STRUCT(Globals);
542 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
544 /* Initialize the flags list if necessary */
545 if (flags_list == NULL) {
549 for (i = 0; parm_table[i].label; i++) {
550 if ((parm_table[i].type == P_STRING ||
551 parm_table[i].type == P_USTRING))
553 string_set(Globals.ctx, (char **)lp_parm_ptr(NULL, &parm_table[i]), "");
558 string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
559 string_set(Globals.ctx, &sDefault.printjob_username, "%U");
561 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
563 sDefault.ntvfs_handler = str_list_make_v3_const(NULL, "unixuid default", NULL);
565 DEBUG(3, ("Initialising global parameters\n"));
567 /* Must manually force to upper case here, as this does not go via the handler */
568 string_set(Globals.ctx, &Globals.netbios_name, myhostname_upper());
570 string_set(Globals.ctx, &Globals.smb_passwd_file, get_dyn_SMB_PASSWD_FILE());
571 string_set(Globals.ctx, &Globals.private_dir, get_dyn_PRIVATE_DIR());
573 /* use the new 'hash2' method by default, with a prefix of 1 */
574 string_set(Globals.ctx, &Globals.mangling_method, "hash2");
575 Globals.mangle_prefix = 1;
577 string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
579 /* using UTF8 by default allows us to support all chars */
580 string_set(Globals.ctx, &Globals.unix_charset, DEFAULT_UNIX_CHARSET);
582 /* Use codepage 850 as a default for the dos character set */
583 string_set(Globals.ctx, &Globals.dos_charset, DEFAULT_DOS_CHARSET);
586 * Allow the default PASSWD_CHAT to be overridden in local.h.
588 string_set(Globals.ctx, &Globals.passwd_chat, DEFAULT_PASSWD_CHAT);
590 string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
592 string_set(Globals.ctx, &Globals.passwd_program, "");
593 string_set(Globals.ctx, &Globals.lock_directory, get_dyn_LOCKDIR());
594 string_set(Globals.ctx, &Globals.state_directory, get_dyn_STATEDIR());
595 string_set(Globals.ctx, &Globals.cache_directory, get_dyn_CACHEDIR());
596 string_set(Globals.ctx, &Globals.pid_directory, get_dyn_PIDDIR());
597 string_set(Globals.ctx, &Globals.nbt_client_socket_address, "0.0.0.0");
599 * By default support explicit binding to broadcast
602 Globals.nmbd_bind_explicit_broadcast = true;
604 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
606 smb_panic("init_globals: ENOMEM");
608 string_set(Globals.ctx, &Globals.server_string, s);
611 string_set(Globals.ctx, &Globals.panic_action, "/bin/sleep 999999999");
614 string_set(Globals.ctx, &Globals.socket_options, DEFAULT_SOCKET_OPTIONS);
616 string_set(Globals.ctx, &Globals.logon_drive, "");
617 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
618 string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
619 string_set(Globals.ctx, &Globals.logon_path, "\\\\%N\\%U\\profile");
621 Globals.name_resolve_order = str_list_make_v3_const(NULL, "lmhosts wins host bcast", NULL);
622 string_set(Globals.ctx, &Globals.password_server, "*");
624 Globals.algorithmic_rid_base = BASE_RID;
626 Globals.load_printers = true;
627 Globals.printcap_cache_time = 750; /* 12.5 minutes */
629 Globals.config_backend = config_backend;
630 Globals._server_role = ROLE_AUTO;
632 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
633 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
634 Globals.max_xmit = 0x4104;
635 Globals.max_mux = 50; /* This is *needed* for profile support. */
636 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
637 Globals._disable_spoolss = false;
638 Globals.max_smbd_processes = 0;/* no limit specified */
639 Globals.username_level = 0;
640 Globals.deadtime = 0;
641 Globals.getwd_cache = true;
642 Globals.large_readwrite = true;
643 Globals.max_log_size = 5000;
644 Globals.max_open_files = max_open_files();
645 Globals.server_max_protocol = PROTOCOL_SMB3_11;
646 Globals.server_min_protocol = PROTOCOL_LANMAN1;
647 Globals._client_max_protocol = PROTOCOL_DEFAULT;
648 Globals.client_min_protocol = PROTOCOL_CORE;
649 Globals._security = SEC_AUTO;
650 Globals.encrypt_passwords = true;
651 Globals.client_schannel = Auto;
652 Globals.winbind_sealed_pipes = true;
653 Globals.require_strong_key = true;
654 Globals.server_schannel = Auto;
655 Globals.read_raw = true;
656 Globals.write_raw = true;
657 Globals.null_passwords = false;
658 Globals.old_password_allowed_period = 60;
659 Globals.obey_pam_restrictions = false;
661 Globals.syslog_only = false;
662 Globals.timestamp_logs = true;
663 string_set(Globals.ctx, &Globals.log_level, "0");
664 Globals.debug_prefix_timestamp = false;
665 Globals.debug_hires_timestamp = true;
666 Globals.debug_pid = false;
667 Globals.debug_uid = false;
668 Globals.debug_class = false;
669 Globals.enable_core_files = true;
670 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
671 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
672 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
673 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
674 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
675 Globals.lm_interval = 60;
676 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
677 Globals.nis_homedir = false;
678 #ifdef WITH_NISPLUS_HOME
679 string_set(Globals.ctx, &Globals.homedir_map, "auto_home.org_dir");
681 string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
684 Globals.time_server = false;
685 Globals.bind_interfaces_only = false;
686 Globals.unix_password_sync = false;
687 Globals.pam_password_change = false;
688 Globals.passwd_chat_debug = false;
689 Globals.passwd_chat_timeout = 2; /* 2 second default. */
690 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
691 Globals.nt_status_support = true; /* Use NT status by default. */
692 Globals.smbd_profiling_level = 0;
693 Globals.stat_cache = true; /* use stat cache by default */
694 Globals.max_stat_cache_size = 256; /* 256k by default */
695 Globals.restrict_anonymous = 0;
696 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
697 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
698 Globals.lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
699 Globals.ntlm_auth = true; /* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
700 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
701 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
703 Globals.map_to_guest = 0; /* By Default, "Never" */
704 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
705 Globals.enhanced_browsing = true;
706 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
707 #ifdef MMAP_BLACKLIST
708 Globals.use_mmap = false;
710 Globals.use_mmap = true;
712 Globals.unicode = true;
713 Globals.unix_extensions = true;
714 Globals.reset_on_zero_vc = false;
715 Globals.log_writeable_files_on_exit = false;
716 Globals.create_krb5_conf = true;
717 Globals.winbindMaxDomainConnections = 1;
719 /* hostname lookups can be very expensive and are broken on
720 a large number of sites (tridge) */
721 Globals.hostname_lookups = false;
723 Globals.change_notify = true,
724 Globals.kernel_change_notify = true,
726 string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
727 string_set(Globals.ctx, &Globals.ldap_suffix, "");
728 string_set(Globals.ctx, &Globals.szLdapMachineSuffix, "");
729 string_set(Globals.ctx, &Globals.szLdapUserSuffix, "");
730 string_set(Globals.ctx, &Globals.szLdapGroupSuffix, "");
731 string_set(Globals.ctx, &Globals.szLdapIdmapSuffix, "");
733 string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
734 Globals.ldap_ssl = LDAP_SSL_START_TLS;
735 Globals.ldap_ssl_ads = false;
736 Globals.ldap_deref = -1;
737 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
738 Globals.ldap_delete_dn = false;
739 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
740 Globals.ldap_follow_referral = Auto;
741 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
742 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
743 Globals.ldap_page_size = LDAP_PAGE_SIZE;
745 Globals.ldap_debug_level = 0;
746 Globals.ldap_debug_threshold = 10;
748 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
750 /* This is what we tell the afs client. in reality we set the token
751 * to never expire, though, when this runs out the afs client will
752 * forget the token. Set to 0 to get NEVERDATE.*/
753 Globals.afs_token_lifetime = 604800;
754 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
756 /* these parameters are set to defaults that are more appropriate
757 for the increasing samba install base:
759 as a member of the workgroup, that will possibly become a
760 _local_ master browser (lm = true). this is opposed to a forced
761 local master browser startup (pm = true).
763 doesn't provide WINS server service by default (wsupp = false),
764 and doesn't provide domain master browser services by default, either.
768 Globals.show_add_printer_wizard = true;
769 Globals.os_level = 20;
770 Globals.local_master = true;
771 Globals._domain_master = Auto; /* depending on _domain_logons */
772 Globals._domain_logons = false;
773 Globals.browse_list = true;
774 Globals.we_are_a_wins_server = false;
775 Globals.wins_proxy = false;
777 TALLOC_FREE(Globals.init_logon_delayed_hosts);
778 Globals.init_logon_delay = 100; /* 100 ms default delay */
780 Globals.wins_dns_proxy = true;
782 Globals.allow_trusted_domains = true;
783 string_set(Globals.ctx, &Globals.szIdmapBackend, "tdb");
785 string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
786 string_set(Globals.ctx, &Globals.template_homedir, "/home/%D/%U");
787 string_set(Globals.ctx, &Globals.winbind_separator, "\\");
788 string_set(Globals.ctx, &Globals.winbindd_socket_directory, dyn_WINBINDD_SOCKET_DIR);
790 string_set(Globals.ctx, &Globals.cups_server, "");
791 string_set(Globals.ctx, &Globals.iprint_server, "");
793 string_set(Globals.ctx, &Globals._ctdbd_socket, "");
795 Globals.cluster_addresses = NULL;
796 Globals.clustering = false;
797 Globals.ctdb_timeout = 0;
798 Globals.ctdb_locktime_warn_threshold = 0;
800 Globals.winbind_cache_time = 300; /* 5 minutes */
801 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
802 Globals.winbind_request_timeout = 60; /* 60 seconds */
803 Globals.winbind_max_clients = 200;
804 Globals.winbind_enum_users = false;
805 Globals.winbind_enum_groups = false;
806 Globals.winbind_use_default_domain = false;
807 Globals.winbind_trusted_domains_only = false;
808 Globals.winbind_nested_groups = true;
809 Globals.winbind_expand_groups = 0;
810 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
811 Globals.winbind_refresh_tickets = false;
812 Globals.winbind_offline_logon = false;
814 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
815 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
817 Globals.passdb_expand_explicit = false;
819 Globals.name_cache_timeout = 660; /* In seconds */
821 Globals.use_spnego = true;
822 Globals.client_use_spnego = true;
824 Globals.client_signing = SMB_SIGNING_DEFAULT;
825 Globals.server_signing = SMB_SIGNING_DEFAULT;
827 Globals.defer_sharing_violations = true;
828 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
830 Globals.enable_privileges = true;
831 Globals.host_msdfs = true;
832 Globals.enable_asu_support = false;
834 /* User defined shares. */
835 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
837 smb_panic("init_globals: ENOMEM");
839 string_set(Globals.ctx, &Globals.usershare_path, s);
841 string_set(Globals.ctx, &Globals.usershare_template_share, "");
842 Globals.usershare_max_shares = 0;
843 /* By default disallow sharing of directories not owned by the sharer. */
844 Globals.usershare_owner_only = true;
845 /* By default disallow guest access to usershares. */
846 Globals.usershare_allow_guests = false;
848 Globals.keepalive = DEFAULT_KEEPALIVE;
850 /* By default no shares out of the registry */
851 Globals.registry_shares = false;
853 Globals.iminreceivefile = 0;
855 Globals.map_untrusted_to_domain = false;
856 Globals.multicast_dns_register = true;
858 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
859 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
860 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
861 Globals.ismb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
862 Globals.smb2_leases = false;
864 string_set(Globals.ctx, &Globals.ncalrpc_dir, get_dyn_NCALRPCDIR());
866 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
868 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
870 Globals.tls_enabled = true;
872 string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
873 string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
874 string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
876 string_set(Globals.ctx, &Globals.share_backend, "classic");
878 Globals.iPreferredMaster = Auto;
880 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
882 string_set(Globals.ctx, &Globals.ntp_signd_socket_directory, get_dyn_NTP_SIGND_SOCKET_DIR());
884 string_set(Globals.ctx, &Globals.winbindd_privileged_socket_directory, get_dyn_WINBINDD_PRIVILEGED_SOCKET_DIR());
886 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
888 smb_panic("init_globals: ENOMEM");
890 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
893 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
895 smb_panic("init_globals: ENOMEM");
897 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
900 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
902 smb_panic("init_globals: ENOMEM");
904 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
907 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
909 Globals.rndc_command = str_list_make_v3_const(NULL, "/usr/sbin/rndc", NULL);
911 Globals.cldap_port = 389;
913 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
915 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
917 Globals.krb5_port = 88;
919 Globals.kpasswd_port = 464;
921 Globals.web_port = 901;
923 /* Now put back the settings that were set with lp_set_cmdline() */
924 apply_lp_set_cmdline();
927 /* Convenience routine to setup an lp_context with additional s3 variables */
928 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
930 struct loadparm_context *lp_ctx;
932 lp_ctx = loadparm_init_s3(mem_ctx,
933 loadparm_s3_helpers());
934 if (lp_ctx == NULL) {
935 DEBUG(0, ("loadparm_init_s3 failed\n"));
939 lp_ctx->sDefault = &sDefault;
940 lp_ctx->services = NULL; /* We do not want to access this directly */
941 lp_ctx->bInGlobalSection = bInGlobalSection;
942 lp_ctx->flags = flags_list;
947 /*******************************************************************
948 Convenience routine to grab string parameters into talloced memory
949 and run standard_sub_basic on them. The buffers can be written to by
950 callers without affecting the source string.
951 ********************************************************************/
953 char *lp_string(TALLOC_CTX *ctx, const char *s)
957 /* The follow debug is useful for tracking down memory problems
958 especially if you have an inner loop that is calling a lp_*()
959 function that returns a string. Perhaps this debug should be
960 present all the time? */
963 DEBUG(10, ("lp_string(%s)\n", s));
969 ret = talloc_sub_basic(ctx,
970 get_current_username(),
971 current_user_info.domain,
973 if (trim_char(ret, '\"', '\"')) {
974 if (strchr(ret,'\"') != NULL) {
976 ret = talloc_sub_basic(ctx,
977 get_current_username(),
978 current_user_info.domain,
986 In this section all the functions that are used to access the
987 parameters from the rest of the program are defined
990 #define FN_GLOBAL_STRING(fn_name,ptr) \
991 char *lp_ ## fn_name(TALLOC_CTX *ctx) {return(lp_string((ctx), *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : ""));}
992 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
993 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
994 #define FN_GLOBAL_LIST(fn_name,ptr) \
995 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
996 #define FN_GLOBAL_BOOL(fn_name,ptr) \
997 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
998 #define FN_GLOBAL_CHAR(fn_name,ptr) \
999 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1000 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1001 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1003 #define FN_LOCAL_STRING(fn_name,val) \
1004 char *lp_ ## fn_name(TALLOC_CTX *ctx,int i) {return(lp_string((ctx), (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));}
1005 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1006 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1007 #define FN_LOCAL_LIST(fn_name,val) \
1008 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1009 #define FN_LOCAL_BOOL(fn_name,val) \
1010 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1011 #define FN_LOCAL_INTEGER(fn_name,val) \
1012 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1014 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1015 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1016 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1017 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1018 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1019 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1021 static FN_GLOBAL_INTEGER(winbind_max_domain_connections_int,
1022 winbindMaxDomainConnections)
1024 int lp_winbind_max_domain_connections(void)
1026 if (lp_winbind_offline_logon() &&
1027 lp_winbind_max_domain_connections_int() > 1) {
1028 DEBUG(1, ("offline logons active, restricting max domain "
1029 "connections to 1\n"));
1032 return MAX(1, lp_winbind_max_domain_connections_int());
1035 int lp_smb2_max_credits(void)
1037 if (Globals.ismb2_max_credits == 0) {
1038 Globals.ismb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
1040 return Globals.ismb2_max_credits;
1042 int lp_cups_encrypt(void)
1045 #ifdef HAVE_HTTPCONNECTENCRYPT
1046 switch (Globals.CupsEncrypt) {
1048 result = HTTP_ENCRYPT_REQUIRED;
1051 result = HTTP_ENCRYPT_ALWAYS;
1054 result = HTTP_ENCRYPT_NEVER;
1061 /* These functions remain in source3/param for now */
1063 #include "lib/param/param_functions.c"
1065 FN_LOCAL_STRING(servicename, szService)
1066 FN_LOCAL_CONST_STRING(const_servicename, szService)
1068 /* These functions cannot be auto-generated */
1069 FN_LOCAL_BOOL(autoloaded, autoloaded)
1070 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1072 /* local prototypes */
1074 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1075 static const char *get_boolean(bool bool_value);
1076 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1078 static bool hash_a_service(const char *name, int number);
1079 static void free_service_byindex(int iService);
1080 static void show_parameter(int parmIndex);
1081 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1084 * This is a helper function for parametrical options support. It returns a
1085 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1086 * parametrical functions are quite simple
1088 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1091 if (snum >= iNumServices) return NULL;
1094 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1096 return get_parametric_helper(ServicePtrs[snum],
1097 type, option, Globals.param_opt);
1102 #define MISSING_PARAMETER(name) \
1103 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1105 /*******************************************************************
1106 convenience routine to return enum parameters.
1107 ********************************************************************/
1108 static int lp_enum(const char *s,const struct enum_list *_enum)
1112 if (!s || !*s || !_enum) {
1113 MISSING_PARAMETER(lp_enum);
1117 for (i=0; _enum[i].name; i++) {
1118 if (strequal(_enum[i].name,s))
1119 return _enum[i].value;
1122 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1126 #undef MISSING_PARAMETER
1128 /* Return parametric option from a given service. Type is a part of option before ':' */
1129 /* Parametric option has following syntax: 'Type: option = value' */
1130 char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def)
1132 struct parmlist_entry *data = get_parametrics(snum, type, option);
1134 if (data == NULL||data->value==NULL) {
1136 return lp_string(ctx, def);
1142 return lp_string(ctx, data->value);
1145 /* Return parametric option from a given service. Type is a part of option before ':' */
1146 /* Parametric option has following syntax: 'Type: option = value' */
1147 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1149 struct parmlist_entry *data = get_parametrics(snum, type, option);
1151 if (data == NULL||data->value==NULL)
1158 /* Return parametric option from a given service. Type is a part of option before ':' */
1159 /* Parametric option has following syntax: 'Type: option = value' */
1161 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1163 struct parmlist_entry *data = get_parametrics(snum, type, option);
1165 if (data == NULL||data->value==NULL)
1166 return (const char **)def;
1168 if (data->list==NULL) {
1169 data->list = str_list_make_v3(NULL, data->value, NULL);
1172 return discard_const_p(const char *, data->list);
1175 /* Return parametric option from a given service. Type is a part of option before ':' */
1176 /* Parametric option has following syntax: 'Type: option = value' */
1178 int lp_parm_int(int snum, const char *type, const char *option, int def)
1180 struct parmlist_entry *data = get_parametrics(snum, type, option);
1182 if (data && data->value && *data->value)
1183 return lp_int(data->value);
1188 /* Return parametric option from a given service. Type is a part of option before ':' */
1189 /* Parametric option has following syntax: 'Type: option = value' */
1191 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1193 struct parmlist_entry *data = get_parametrics(snum, type, option);
1195 if (data && data->value && *data->value)
1196 return lp_ulong(data->value);
1201 /* Return parametric option from a given service. Type is a part of option before ':' */
1202 /* Parametric option has following syntax: 'Type: option = value' */
1204 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1206 struct parmlist_entry *data = get_parametrics(snum, type, option);
1208 if (data && data->value && *data->value)
1209 return lp_bool(data->value);
1214 /* Return parametric option from a given service. Type is a part of option before ':' */
1215 /* Parametric option has following syntax: 'Type: option = value' */
1217 int lp_parm_enum(int snum, const char *type, const char *option,
1218 const struct enum_list *_enum, int def)
1220 struct parmlist_entry *data = get_parametrics(snum, type, option);
1222 if (data && data->value && *data->value && _enum)
1223 return lp_enum(data->value, _enum);
1229 * free a param_opts structure.
1230 * param_opts handling should be moved to talloc;
1231 * then this whole functions reduces to a TALLOC_FREE().
1234 static void free_param_opts(struct parmlist_entry **popts)
1236 struct parmlist_entry *opt, *next_opt;
1238 if (*popts != NULL) {
1239 DEBUG(5, ("Freeing parametrics:\n"));
1242 while (opt != NULL) {
1243 string_free(&opt->key);
1244 string_free(&opt->value);
1245 TALLOC_FREE(opt->list);
1246 next_opt = opt->next;
1253 /***************************************************************************
1254 Free the dynamically allocated parts of a service struct.
1255 ***************************************************************************/
1257 static void free_service(struct loadparm_service *pservice)
1262 if (pservice->szService)
1263 DEBUG(5, ("free_service: Freeing service %s\n",
1264 pservice->szService));
1266 free_parameters(pservice);
1268 string_free(&pservice->szService);
1269 TALLOC_FREE(pservice->copymap);
1271 free_param_opts(&pservice->param_opt);
1273 ZERO_STRUCTP(pservice);
1277 /***************************************************************************
1278 remove a service indexed in the ServicePtrs array from the ServiceHash
1279 and free the dynamically allocated parts
1280 ***************************************************************************/
1282 static void free_service_byindex(int idx)
1284 if ( !LP_SNUM_OK(idx) )
1287 ServicePtrs[idx]->valid = false;
1289 /* we have to cleanup the hash record */
1291 if (ServicePtrs[idx]->szService) {
1292 char *canon_name = canonicalize_servicename(
1294 ServicePtrs[idx]->szService );
1296 dbwrap_delete_bystring(ServiceHash, canon_name );
1297 TALLOC_FREE(canon_name);
1300 free_service(ServicePtrs[idx]);
1301 talloc_free_children(ServicePtrs[idx]);
1304 /***************************************************************************
1305 Add a new service to the services array initialising it with the given
1307 ***************************************************************************/
1309 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1312 int num_to_alloc = iNumServices + 1;
1313 struct loadparm_service **tsp = NULL;
1315 /* it might already exist */
1317 i = getservicebyname(name, NULL);
1323 /* if not, then create one */
1325 tsp = talloc_realloc(NULL, ServicePtrs, struct loadparm_service *, num_to_alloc);
1327 DEBUG(0,("add_a_service: failed to enlarge ServicePtrs!\n"));
1331 ServicePtrs[iNumServices] = talloc_zero(NULL, struct loadparm_service);
1332 if (!ServicePtrs[iNumServices]) {
1333 DEBUG(0,("add_a_service: out of memory!\n"));
1338 ServicePtrs[i]->valid = true;
1340 copy_service(ServicePtrs[i], pservice, NULL);
1342 string_set(ServicePtrs[i], &ServicePtrs[i]->szService, name);
1344 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1345 i, ServicePtrs[i]->szService));
1347 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1354 /***************************************************************************
1355 Convert a string to uppercase and remove whitespaces.
1356 ***************************************************************************/
1358 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1363 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1367 result = talloc_strdup(ctx, src);
1368 SMB_ASSERT(result != NULL);
1370 if (!strlower_m(result)) {
1371 TALLOC_FREE(result);
1377 /***************************************************************************
1378 Add a name/index pair for the services array to the hash table.
1379 ***************************************************************************/
1381 static bool hash_a_service(const char *name, int idx)
1385 if ( !ServiceHash ) {
1386 DEBUG(10,("hash_a_service: creating servicehash\n"));
1387 ServiceHash = db_open_rbt(NULL);
1388 if ( !ServiceHash ) {
1389 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1394 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1397 canon_name = canonicalize_servicename(talloc_tos(), name );
1399 dbwrap_store_bystring(ServiceHash, canon_name,
1400 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1403 TALLOC_FREE(canon_name);
1408 /***************************************************************************
1409 Add a new home service, with the specified home directory, defaults coming
1411 ***************************************************************************/
1413 bool lp_add_home(const char *pszHomename, int iDefaultService,
1414 const char *user, const char *pszHomedir)
1418 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1419 pszHomedir[0] == '\0') {
1423 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1428 if (!(*(ServicePtrs[iDefaultService]->path))
1429 || strequal(ServicePtrs[iDefaultService]->path,
1430 lp_path(talloc_tos(), GLOBAL_SECTION_SNUM))) {
1431 string_set(ServicePtrs[i], &ServicePtrs[i]->path, pszHomedir);
1434 if (!(*(ServicePtrs[i]->comment))) {
1435 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1436 if (comment == NULL) {
1439 string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1440 TALLOC_FREE(comment);
1443 /* set the browseable flag from the global default */
1445 ServicePtrs[i]->browseable = sDefault.browseable;
1446 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1448 ServicePtrs[i]->autoloaded = true;
1450 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1451 user, ServicePtrs[i]->path ));
1456 /***************************************************************************
1457 Add a new service, based on an old one.
1458 ***************************************************************************/
1460 int lp_add_service(const char *pszService, int iDefaultService)
1462 if (iDefaultService < 0) {
1463 return add_a_service(&sDefault, pszService);
1466 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1469 /***************************************************************************
1470 Add the IPC service.
1471 ***************************************************************************/
1473 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1475 char *comment = NULL;
1476 int i = add_a_service(&sDefault, ipc_name);
1481 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1482 Globals.server_string);
1483 if (comment == NULL) {
1487 string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1488 string_set(ServicePtrs[i], &ServicePtrs[i]->username, "");
1489 string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1490 string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1491 ServicePtrs[i]->max_connections = 0;
1492 ServicePtrs[i]->bAvailable = true;
1493 ServicePtrs[i]->read_only = true;
1494 ServicePtrs[i]->guest_only = false;
1495 ServicePtrs[i]->administrative_share = true;
1496 ServicePtrs[i]->guest_ok = guest_ok;
1497 ServicePtrs[i]->printable = false;
1498 ServicePtrs[i]->browseable = sDefault.browseable;
1500 DEBUG(3, ("adding IPC service\n"));
1502 TALLOC_FREE(comment);
1506 /***************************************************************************
1507 Add a new printer service, with defaults coming from service iFrom.
1508 ***************************************************************************/
1510 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1512 const char *comment = "From Printcap";
1513 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1518 /* note that we do NOT default the availability flag to true - */
1519 /* we take it from the default service passed. This allows all */
1520 /* dynamic printers to be disabled by disabling the [printers] */
1521 /* entry (if/when the 'available' keyword is implemented!). */
1523 /* the printer name is set to the service name. */
1524 string_set(ServicePtrs[i], &ServicePtrs[i]->_printername, pszPrintername);
1525 string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1527 /* set the browseable flag from the gloabl default */
1528 ServicePtrs[i]->browseable = sDefault.browseable;
1530 /* Printers cannot be read_only. */
1531 ServicePtrs[i]->read_only = false;
1532 /* No oplocks on printer services. */
1533 ServicePtrs[i]->oplocks = false;
1534 /* Printer services must be printable. */
1535 ServicePtrs[i]->printable = true;
1537 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1543 /***************************************************************************
1544 Check whether the given parameter name is valid.
1545 Parametric options (names containing a colon) are considered valid.
1546 ***************************************************************************/
1548 bool lp_parameter_is_valid(const char *pszParmName)
1550 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1551 (strchr(pszParmName, ':') != NULL));
1554 /***************************************************************************
1555 Check whether the given name is the name of a global parameter.
1556 Returns true for strings belonging to parameters of class
1557 P_GLOBAL, false for all other strings, also for parametric options
1558 and strings not belonging to any option.
1559 ***************************************************************************/
1561 bool lp_parameter_is_global(const char *pszParmName)
1563 int num = lpcfg_map_parameter(pszParmName);
1566 return (parm_table[num].p_class == P_GLOBAL);
1572 /**************************************************************************
1573 Determine the canonical name for a parameter.
1574 Indicate when it is an inverse (boolean) synonym instead of a
1576 **************************************************************************/
1578 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1583 if (!lp_parameter_is_valid(parm_name)) {
1588 num = map_parameter_canonical(parm_name, inverse);
1590 /* parametric option */
1591 *canon_parm = parm_name;
1593 *canon_parm = parm_table[num].label;
1600 /**************************************************************************
1601 Determine the canonical name for a parameter.
1602 Turn the value given into the inverse boolean expression when
1603 the synonym is an invers boolean synonym.
1605 Return true if parm_name is a valid parameter name and
1606 in case it is an invers boolean synonym, if the val string could
1607 successfully be converted to the reverse bool.
1608 Return false in all other cases.
1609 **************************************************************************/
1611 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1613 const char **canon_parm,
1614 const char **canon_val)
1619 if (!lp_parameter_is_valid(parm_name)) {
1625 num = map_parameter_canonical(parm_name, &inverse);
1627 /* parametric option */
1628 *canon_parm = parm_name;
1631 *canon_parm = parm_table[num].label;
1633 if (!lp_invert_boolean(val, canon_val)) {
1645 /***************************************************************************
1646 Map a parameter's string representation to the index of the canonical
1647 form of the parameter (it might be a synonym).
1648 Returns -1 if the parameter string is not recognised.
1649 ***************************************************************************/
1651 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1653 int parm_num, canon_num;
1654 bool loc_inverse = false;
1656 parm_num = lpcfg_map_parameter(pszParmName);
1657 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1658 /* invalid, parametric or no canidate for synonyms ... */
1662 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1663 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1664 parm_num = canon_num;
1670 if (inverse != NULL) {
1671 *inverse = loc_inverse;
1676 /***************************************************************************
1677 return true if parameter number parm1 is a synonym of parameter
1678 number parm2 (parm2 being the principal name).
1679 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1681 ***************************************************************************/
1683 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1685 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1686 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1687 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1688 !(parm_table[parm2].flags & FLAG_SYNONYM))
1690 if (inverse != NULL) {
1691 if ((parm_table[parm1].type == P_BOOLREV) &&
1692 (parm_table[parm2].type == P_BOOL))
1704 /***************************************************************************
1705 Show one parameter's name, type, [values,] and flags.
1706 (helper functions for show_parameter_list)
1707 ***************************************************************************/
1709 static void show_parameter(int parmIndex)
1711 int enumIndex, flagIndex;
1716 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1717 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1718 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1719 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1720 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1722 printf("%s=%s", parm_table[parmIndex].label,
1723 type[parm_table[parmIndex].type]);
1724 if (parm_table[parmIndex].type == P_ENUM) {
1727 parm_table[parmIndex].enum_list[enumIndex].name;
1731 enumIndex ? "|" : "",
1732 parm_table[parmIndex].enum_list[enumIndex].name);
1737 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1738 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1741 flag_names[flagIndex]);
1746 /* output synonyms */
1748 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1749 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1750 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1751 parm_table[parmIndex2].label);
1752 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1754 printf(" (synonyms: ");
1759 printf("%s%s", parm_table[parmIndex2].label,
1760 inverse ? "[i]" : "");
1770 /***************************************************************************
1771 Show all parameter's name, type, [values,] and flags.
1772 ***************************************************************************/
1774 void show_parameter_list(void)
1776 int classIndex, parmIndex;
1777 const char *section_names[] = { "local", "global", NULL};
1779 for (classIndex=0; section_names[classIndex]; classIndex++) {
1780 printf("[%s]\n", section_names[classIndex]);
1781 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
1782 if (parm_table[parmIndex].p_class == classIndex) {
1783 show_parameter(parmIndex);
1789 /***************************************************************************
1790 Get the standard string representation of a boolean value ("yes" or "no")
1791 ***************************************************************************/
1793 static const char *get_boolean(bool bool_value)
1795 static const char *yes_str = "yes";
1796 static const char *no_str = "no";
1798 return (bool_value ? yes_str : no_str);
1801 /***************************************************************************
1802 Provide the string of the negated boolean value associated to the boolean
1803 given as a string. Returns false if the passed string does not correctly
1804 represent a boolean.
1805 ***************************************************************************/
1807 bool lp_invert_boolean(const char *str, const char **inverse_str)
1811 if (!set_boolean(str, &val)) {
1815 *inverse_str = get_boolean(!val);
1819 /***************************************************************************
1820 Provide the canonical string representation of a boolean value given
1821 as a string. Return true on success, false if the string given does
1822 not correctly represent a boolean.
1823 ***************************************************************************/
1825 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
1829 if (!set_boolean(str, &val)) {
1833 *canon_str = get_boolean(val);
1837 /***************************************************************************
1838 Find a service by name. Otherwise works like get_service.
1839 ***************************************************************************/
1841 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
1848 if (ServiceHash == NULL) {
1852 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
1854 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
1857 if (NT_STATUS_IS_OK(status) &&
1858 (data.dptr != NULL) &&
1859 (data.dsize == sizeof(iService)))
1861 iService = *(int *)data.dptr;
1864 TALLOC_FREE(canon_name);
1866 if ((iService != -1) && (LP_SNUM_OK(iService))
1867 && (pserviceDest != NULL)) {
1868 copy_service(pserviceDest, ServicePtrs[iService], NULL);
1874 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
1875 struct loadparm_service *lp_service(const char *pszServiceName)
1877 int iService = getservicebyname(pszServiceName, NULL);
1878 if (iService == -1 || !LP_SNUM_OK(iService)) {
1881 return ServicePtrs[iService];
1884 struct loadparm_service *lp_servicebynum(int snum)
1886 if ((snum == -1) || !LP_SNUM_OK(snum)) {
1889 return ServicePtrs[snum];
1892 struct loadparm_service *lp_default_loadparm_service()
1897 static struct smbconf_ctx *lp_smbconf_ctx(void)
1900 static struct smbconf_ctx *conf_ctx = NULL;
1902 if (conf_ctx == NULL) {
1903 err = smbconf_init(NULL, &conf_ctx, "registry:");
1904 if (!SBC_ERROR_IS_OK(err)) {
1905 DEBUG(1, ("error initializing registry configuration: "
1906 "%s\n", sbcErrorString(err)));
1914 static bool process_smbconf_service(struct smbconf_service *service)
1919 if (service == NULL) {
1923 ret = lp_do_section(service->name, NULL);
1927 for (count = 0; count < service->num_params; count++) {
1929 if (!bInGlobalSection && bGlobalOnly) {
1932 const char *pszParmName = service->param_names[count];
1933 const char *pszParmValue = service->param_values[count];
1935 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
1937 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
1938 pszParmName, pszParmValue);
1945 if (iServiceIndex >= 0) {
1946 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
1952 * load a service from registry and activate it
1954 bool process_registry_service(const char *service_name)
1957 struct smbconf_service *service = NULL;
1958 TALLOC_CTX *mem_ctx = talloc_stackframe();
1959 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
1962 if (conf_ctx == NULL) {
1966 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
1968 if (!smbconf_share_exists(conf_ctx, service_name)) {
1970 * Registry does not contain data for this service (yet),
1971 * but make sure lp_load doesn't return false.
1977 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
1978 if (!SBC_ERROR_IS_OK(err)) {
1982 ret = process_smbconf_service(service);
1988 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
1991 TALLOC_FREE(mem_ctx);
1996 * process_registry_globals
1998 static bool process_registry_globals(void)
2002 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2004 if (!bInGlobalSection && bGlobalOnly) {
2007 const char *pszParmName = "registry shares";
2008 const char *pszParmValue = "yes";
2010 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2012 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2013 pszParmName, pszParmValue);
2020 return process_registry_service(GLOBAL_NAME);
2023 bool process_registry_shares(void)
2027 struct smbconf_service **service = NULL;
2028 uint32_t num_shares = 0;
2029 TALLOC_CTX *mem_ctx = talloc_stackframe();
2030 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2033 if (conf_ctx == NULL) {
2037 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2038 if (!SBC_ERROR_IS_OK(err)) {
2044 for (count = 0; count < num_shares; count++) {
2045 if (strequal(service[count]->name, GLOBAL_NAME)) {
2048 ret = process_smbconf_service(service[count]);
2055 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2058 TALLOC_FREE(mem_ctx);
2063 * reload those shares from registry that are already
2064 * activated in the services array.
2066 static bool reload_registry_shares(void)
2071 for (i = 0; i < iNumServices; i++) {
2076 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2080 ret = process_registry_service(ServicePtrs[i]->szService);
2091 #define MAX_INCLUDE_DEPTH 100
2093 static uint8_t include_depth;
2096 * Free the file lists
2098 static void free_file_list(void)
2100 struct file_lists *f;
2101 struct file_lists *next;
2114 * Utility function for outsiders to check if we're running on registry.
2116 bool lp_config_backend_is_registry(void)
2118 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2122 * Utility function to check if the config backend is FILE.
2124 bool lp_config_backend_is_file(void)
2126 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2129 /*******************************************************************
2130 Check if a config file has changed date.
2131 ********************************************************************/
2133 bool lp_file_list_changed(void)
2135 struct file_lists *f = file_lists;
2137 DEBUG(6, ("lp_file_list_changed()\n"));
2140 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2141 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2143 if (conf_ctx == NULL) {
2146 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2149 DEBUGADD(6, ("registry config changed\n"));
2156 n2 = talloc_sub_basic(talloc_tos(),
2157 get_current_username(),
2158 current_user_info.domain,
2163 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2164 f->name, n2, ctime(&f->modtime)));
2166 mod_time = file_modtime(n2);
2169 ((f->modtime != mod_time) ||
2170 (f->subfname == NULL) ||
2171 (strcmp(n2, f->subfname) != 0)))
2174 ("file %s modified: %s\n", n2,
2176 f->modtime = mod_time;
2177 TALLOC_FREE(f->subfname);
2178 f->subfname = talloc_strdup(f, n2);
2179 if (f->subfname == NULL) {
2180 smb_panic("talloc_strdup failed");
2194 * Initialize iconv conversion descriptors.
2196 * This is called the first time it is needed, and also called again
2197 * every time the configuration is reloaded, because the charset or
2198 * codepage might have changed.
2200 static void init_iconv(void)
2202 global_iconv_handle = smb_iconv_handle_reinit(NULL, lp_dos_charset(),
2204 true, global_iconv_handle);
2207 /***************************************************************************
2208 Handle the include operation.
2209 ***************************************************************************/
2210 static bool bAllowIncludeRegistry = true;
2212 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2213 const char *pszParmValue, char **ptr)
2217 if (include_depth >= MAX_INCLUDE_DEPTH) {
2218 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2223 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2224 if (!bAllowIncludeRegistry) {
2227 if (lp_ctx->bInGlobalSection) {
2230 ret = process_registry_globals();
2234 DEBUG(1, ("\"include = registry\" only effective "
2235 "in %s section\n", GLOBAL_NAME));
2240 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2241 current_user_info.domain,
2244 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2246 if (service == NULL) {
2247 string_set(Globals.ctx, ptr, fname);
2249 string_set(service, ptr, fname);
2252 if (file_exist(fname)) {
2255 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2261 DEBUG(2, ("Can't find include file %s\n", fname));
2266 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2268 char *config_option = NULL;
2269 const char *range = NULL;
2272 SMB_ASSERT(low != NULL);
2273 SMB_ASSERT(high != NULL);
2275 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2279 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2281 if (config_option == NULL) {
2282 DEBUG(0, ("out of memory\n"));
2286 range = lp_parm_const_string(-1, config_option, "range", NULL);
2287 if (range == NULL) {
2288 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2292 if (sscanf(range, "%u - %u", low, high) != 2) {
2293 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2294 range, domain_name));
2301 talloc_free(config_option);
2306 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2308 return lp_idmap_range("*", low, high);
2311 const char *lp_idmap_backend(const char *domain_name)
2313 char *config_option = NULL;
2314 const char *backend = NULL;
2316 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2320 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2322 if (config_option == NULL) {
2323 DEBUG(0, ("out of memory\n"));
2327 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2328 if (backend == NULL) {
2329 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2334 talloc_free(config_option);
2338 const char *lp_idmap_default_backend(void)
2340 return lp_idmap_backend("*");
2343 /***************************************************************************
2344 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2345 ***************************************************************************/
2347 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2349 const char *suffix_string;
2351 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2352 Globals.ldap_suffix );
2353 if ( !suffix_string ) {
2354 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2358 return suffix_string;
2361 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2363 if (Globals.szLdapMachineSuffix[0])
2364 return append_ldap_suffix(ctx, Globals.szLdapMachineSuffix);
2366 return lp_string(ctx, Globals.ldap_suffix);
2369 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2371 if (Globals.szLdapUserSuffix[0])
2372 return append_ldap_suffix(ctx, Globals.szLdapUserSuffix);
2374 return lp_string(ctx, Globals.ldap_suffix);
2377 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2379 if (Globals.szLdapGroupSuffix[0])
2380 return append_ldap_suffix(ctx, Globals.szLdapGroupSuffix);
2382 return lp_string(ctx, Globals.ldap_suffix);
2385 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2387 if (Globals.szLdapIdmapSuffix[0])
2388 return append_ldap_suffix(ctx, Globals.szLdapIdmapSuffix);
2390 return lp_string(ctx, Globals.ldap_suffix);
2394 return the parameter pointer for a parameter
2396 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2398 if (service == NULL) {
2399 if (parm->p_class == P_LOCAL)
2400 return (void *)(((char *)&sDefault)+parm->offset);
2401 else if (parm->p_class == P_GLOBAL)
2402 return (void *)(((char *)&Globals)+parm->offset);
2405 return (void *)(((char *)service) + parm->offset);
2409 /***************************************************************************
2410 Process a parameter for a particular service number. If snum < 0
2411 then assume we are in the globals.
2412 ***************************************************************************/
2414 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2416 TALLOC_CTX *frame = talloc_stackframe();
2417 struct loadparm_context *lp_ctx;
2420 lp_ctx = setup_lp_context(frame);
2421 if (lp_ctx == NULL) {
2427 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2429 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2430 pszParmName, pszParmValue);
2438 /***************************************************************************
2439 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2440 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2441 ***************************************************************************/
2443 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2446 parmnum = lpcfg_map_parameter(pszParmName);
2448 flags_list[parmnum] &= ~FLAG_CMDLINE;
2449 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2452 flags_list[parmnum] |= FLAG_CMDLINE;
2454 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2455 * be grouped in the table, so we don't have to search the
2458 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2459 && parm_table[i].p_class == parm_table[parmnum].p_class;
2461 flags_list[i] |= FLAG_CMDLINE;
2463 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2464 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2465 flags_list[i] |= FLAG_CMDLINE;
2471 /* it might be parametric */
2472 if (strchr(pszParmName, ':') != NULL) {
2473 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2477 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2481 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2484 TALLOC_CTX *frame = talloc_stackframe();
2485 struct loadparm_context *lp_ctx;
2487 lp_ctx = setup_lp_context(frame);
2488 if (lp_ctx == NULL) {
2493 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2499 /***************************************************************************
2500 Process a parameter.
2501 ***************************************************************************/
2503 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2506 if (!bInGlobalSection && bGlobalOnly)
2509 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2511 if (bInGlobalSection) {
2512 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2514 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2515 pszParmName, pszParmValue);
2519 /***************************************************************************
2520 Initialize any local variables in the sDefault table, after parsing a
2522 ***************************************************************************/
2524 static void init_locals(void)
2527 * We run this check once the [globals] is parsed, to force
2528 * the VFS objects and other per-share settings we need for
2529 * the standard way a AD DC is operated. We may change these
2530 * as our code evolves, which is why we force these settings.
2532 * We can't do this at the end of lp_load_ex(), as by that
2533 * point the services have been loaded and they will already
2534 * have "" as their vfs objects.
2536 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2537 const char **vfs_objects = lp_vfs_objects(-1);
2538 if (!vfs_objects || !vfs_objects[0]) {
2539 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2540 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2541 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2542 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2544 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2548 lp_do_parameter(-1, "map hidden", "no");
2549 lp_do_parameter(-1, "map system", "no");
2550 lp_do_parameter(-1, "map readonly", "no");
2551 lp_do_parameter(-1, "map archive", "no");
2552 lp_do_parameter(-1, "store dos attributes", "yes");
2556 /***************************************************************************
2557 Process a new section (service). At this stage all sections are services.
2558 Later we'll have special sections that permit server parameters to be set.
2559 Returns true on success, false on failure.
2560 ***************************************************************************/
2562 bool lp_do_section(const char *pszSectionName, void *userdata)
2564 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2566 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2567 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2570 /* if we were in a global section then do the local inits */
2571 if (bInGlobalSection && !isglobal)
2574 /* if we've just struck a global section, note the fact. */
2575 bInGlobalSection = isglobal;
2576 if (lp_ctx != NULL) {
2577 lp_ctx->bInGlobalSection = isglobal;
2580 /* check for multiple global sections */
2581 if (bInGlobalSection) {
2582 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2586 if (!bInGlobalSection && bGlobalOnly)
2589 /* if we have a current service, tidy it up before moving on */
2592 if (iServiceIndex >= 0)
2593 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2595 /* if all is still well, move to the next record in the services array */
2597 /* We put this here to avoid an odd message order if messages are */
2598 /* issued by the post-processing of a previous section. */
2599 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2601 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2602 if (iServiceIndex < 0) {
2603 DEBUG(0, ("Failed to add a new service\n"));
2606 /* Clean all parametric options for service */
2607 /* They will be added during parsing again */
2608 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2614 /***************************************************************************
2615 Display the contents of a parameter of a single services record.
2616 ***************************************************************************/
2618 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2620 bool result = false;
2621 struct loadparm_context *lp_ctx;
2623 lp_ctx = setup_lp_context(talloc_tos());
2624 if (lp_ctx == NULL) {
2629 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2631 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2633 TALLOC_FREE(lp_ctx);
2638 /***************************************************************************
2639 Display the contents of a single copy structure.
2640 ***************************************************************************/
2641 static void dump_copy_map(bool *pcopymap)
2647 printf("\n\tNon-Copied parameters:\n");
2649 for (i = 0; parm_table[i].label; i++)
2650 if (parm_table[i].p_class == P_LOCAL &&
2651 parm_table[i].ptr && !pcopymap[i] &&
2652 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2654 printf("\t\t%s\n", parm_table[i].label);
2659 /***************************************************************************
2660 Return TRUE if the passed service number is within range.
2661 ***************************************************************************/
2663 bool lp_snum_ok(int iService)
2665 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->bAvailable);
2668 /***************************************************************************
2669 Auto-load some home services.
2670 ***************************************************************************/
2672 static void lp_add_auto_services(char *str)
2682 s = talloc_strdup(talloc_tos(), str);
2684 smb_panic("talloc_strdup failed");
2688 homes = lp_servicenumber(HOMES_NAME);
2690 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2691 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2694 if (lp_servicenumber(p) >= 0)
2697 home = get_user_home_dir(talloc_tos(), p);
2699 if (home && home[0] && homes >= 0)
2700 lp_add_home(p, homes, p, home);
2707 /***************************************************************************
2708 Auto-load one printer.
2709 ***************************************************************************/
2711 void lp_add_one_printer(const char *name, const char *comment,
2712 const char *location, void *pdata)
2714 int printers = lp_servicenumber(PRINTERS_NAME);
2717 if (lp_servicenumber(name) < 0) {
2718 lp_add_printer(name, printers);
2719 if ((i = lp_servicenumber(name)) >= 0) {
2720 string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
2721 ServicePtrs[i]->autoloaded = true;
2726 /***************************************************************************
2727 Have we loaded a services file yet?
2728 ***************************************************************************/
2730 bool lp_loaded(void)
2735 /***************************************************************************
2736 Unload unused services.
2737 ***************************************************************************/
2739 void lp_killunused(struct smbd_server_connection *sconn,
2740 bool (*snumused) (struct smbd_server_connection *, int))
2743 for (i = 0; i < iNumServices; i++) {
2747 /* don't kill autoloaded or usershare services */
2748 if ( ServicePtrs[i]->autoloaded ||
2749 ServicePtrs[i]->usershare == USERSHARE_VALID) {
2753 if (!snumused || !snumused(sconn, i)) {
2754 free_service_byindex(i);
2760 * Kill all except autoloaded and usershare services - convenience wrapper
2762 void lp_kill_all_services(void)
2764 lp_killunused(NULL, NULL);
2767 /***************************************************************************
2769 ***************************************************************************/
2771 void lp_killservice(int iServiceIn)
2773 if (VALID(iServiceIn)) {
2774 free_service_byindex(iServiceIn);
2778 /***************************************************************************
2779 Save the curent values of all global and sDefault parameters into the
2780 defaults union. This allows testparm to show only the
2781 changed (ie. non-default) parameters.
2782 ***************************************************************************/
2784 static void lp_save_defaults(void)
2787 struct parmlist_entry * parm;
2788 for (i = 0; parm_table[i].label; i++) {
2789 if (!(flags_list[i] & FLAG_CMDLINE)) {
2790 flags_list[i] |= FLAG_DEFAULT;
2793 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
2794 && parm_table[i].p_class == parm_table[i - 1].p_class)
2796 switch (parm_table[i].type) {
2799 parm_table[i].def.lvalue = str_list_copy(
2800 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
2804 parm_table[i].def.svalue = talloc_strdup(Globals.ctx, *(char **)lp_parm_ptr(NULL, &parm_table[i]));
2805 if (parm_table[i].def.svalue == NULL) {
2806 smb_panic("talloc_strdup failed");
2811 parm_table[i].def.bvalue =
2812 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
2815 parm_table[i].def.cvalue =
2816 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
2822 parm_table[i].def.ivalue =
2823 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
2828 for (parm=Globals.param_opt; parm; parm=parm->next) {
2829 if (!(parm->priority & FLAG_CMDLINE)) {
2830 parm->priority |= FLAG_DEFAULT;
2834 for (parm=sDefault.param_opt; parm; parm=parm->next) {
2835 if (!(parm->priority & FLAG_CMDLINE)) {
2836 parm->priority |= FLAG_DEFAULT;
2840 defaults_saved = true;
2843 /***********************************************************
2844 If we should send plaintext/LANMAN passwords in the clinet
2845 ************************************************************/
2847 static void set_allowed_client_auth(void)
2849 if (Globals.client_ntlmv2_auth) {
2850 Globals.client_lanman_auth = false;
2852 if (!Globals.client_lanman_auth) {
2853 Globals.client_plaintext_auth = false;
2857 /***************************************************************************
2859 The following code allows smbd to read a user defined share file.
2860 Yes, this is my intent. Yes, I'm comfortable with that...
2862 THE FOLLOWING IS SECURITY CRITICAL CODE.
2864 It washes your clothes, it cleans your house, it guards you while you sleep...
2865 Do not f%^k with it....
2866 ***************************************************************************/
2868 #define MAX_USERSHARE_FILE_SIZE (10*1024)
2870 /***************************************************************************
2871 Check allowed stat state of a usershare file.
2872 Ensure we print out who is dicking with us so the admin can
2873 get their sorry ass fired.
2874 ***************************************************************************/
2876 static bool check_usershare_stat(const char *fname,
2877 const SMB_STRUCT_STAT *psbuf)
2879 if (!S_ISREG(psbuf->st_ex_mode)) {
2880 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
2881 "not a regular file\n",
2882 fname, (unsigned int)psbuf->st_ex_uid ));
2886 /* Ensure this doesn't have the other write bit set. */
2887 if (psbuf->st_ex_mode & S_IWOTH) {
2888 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
2889 "public write. Refusing to allow as a usershare file.\n",
2890 fname, (unsigned int)psbuf->st_ex_uid ));
2894 /* Should be 10k or less. */
2895 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
2896 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
2897 "too large (%u) to be a user share file.\n",
2898 fname, (unsigned int)psbuf->st_ex_uid,
2899 (unsigned int)psbuf->st_ex_size ));
2906 /***************************************************************************
2907 Parse the contents of a usershare file.
2908 ***************************************************************************/
2910 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
2911 SMB_STRUCT_STAT *psbuf,
2912 const char *servicename,
2916 char **pp_sharepath,
2918 char **pp_cp_servicename,
2919 struct security_descriptor **ppsd,
2922 const char **prefixallowlist = lp_usershare_prefix_allow_list();
2923 const char **prefixdenylist = lp_usershare_prefix_deny_list();
2926 SMB_STRUCT_STAT sbuf;
2927 char *sharepath = NULL;
2928 char *comment = NULL;
2930 *pp_sharepath = NULL;
2933 *pallow_guest = false;
2936 return USERSHARE_MALFORMED_FILE;
2939 if (strcmp(lines[0], "#VERSION 1") == 0) {
2941 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
2944 return USERSHARE_MALFORMED_FILE;
2947 return USERSHARE_BAD_VERSION;
2950 if (strncmp(lines[1], "path=", 5) != 0) {
2951 return USERSHARE_MALFORMED_PATH;
2954 sharepath = talloc_strdup(ctx, &lines[1][5]);
2956 return USERSHARE_POSIX_ERR;
2958 trim_string(sharepath, " ", " ");
2960 if (strncmp(lines[2], "comment=", 8) != 0) {
2961 return USERSHARE_MALFORMED_COMMENT_DEF;
2964 comment = talloc_strdup(ctx, &lines[2][8]);
2966 return USERSHARE_POSIX_ERR;
2968 trim_string(comment, " ", " ");
2969 trim_char(comment, '"', '"');
2971 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
2972 return USERSHARE_MALFORMED_ACL_DEF;
2975 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
2976 return USERSHARE_ACL_ERR;
2980 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
2981 return USERSHARE_MALFORMED_ACL_DEF;
2983 if (lines[4][9] == 'y') {
2984 *pallow_guest = true;
2987 /* Backwards compatible extension to file version #2. */
2989 if (strncmp(lines[5], "sharename=", 10) != 0) {
2990 return USERSHARE_MALFORMED_SHARENAME_DEF;
2992 if (!strequal(&lines[5][10], servicename)) {
2993 return USERSHARE_BAD_SHARENAME;
2995 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
2996 if (!*pp_cp_servicename) {
2997 return USERSHARE_POSIX_ERR;
3002 if (*pp_cp_servicename == NULL) {
3003 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3004 if (!*pp_cp_servicename) {
3005 return USERSHARE_POSIX_ERR;
3009 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3010 /* Path didn't change, no checks needed. */
3011 *pp_sharepath = sharepath;
3012 *pp_comment = comment;
3013 return USERSHARE_OK;
3016 /* The path *must* be absolute. */
3017 if (sharepath[0] != '/') {
3018 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3019 servicename, sharepath));
3020 return USERSHARE_PATH_NOT_ABSOLUTE;
3023 /* If there is a usershare prefix deny list ensure one of these paths
3024 doesn't match the start of the user given path. */
3025 if (prefixdenylist) {
3027 for ( i=0; prefixdenylist[i]; i++ ) {
3028 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3029 servicename, i, prefixdenylist[i], sharepath ));
3030 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3031 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3032 "usershare prefix deny list entries.\n",
3033 servicename, sharepath));
3034 return USERSHARE_PATH_IS_DENIED;
3039 /* If there is a usershare prefix allow list ensure one of these paths
3040 does match the start of the user given path. */
3042 if (prefixallowlist) {
3044 for ( i=0; prefixallowlist[i]; i++ ) {
3045 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3046 servicename, i, prefixallowlist[i], sharepath ));
3047 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3051 if (prefixallowlist[i] == NULL) {
3052 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3053 "usershare prefix allow list entries.\n",
3054 servicename, sharepath));
3055 return USERSHARE_PATH_NOT_ALLOWED;
3059 /* Ensure this is pointing to a directory. */
3060 dp = opendir(sharepath);
3063 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3064 servicename, sharepath));
3065 return USERSHARE_PATH_NOT_DIRECTORY;
3068 /* Ensure the owner of the usershare file has permission to share
3071 if (sys_stat(sharepath, &sbuf, false) == -1) {
3072 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3073 servicename, sharepath, strerror(errno) ));
3075 return USERSHARE_POSIX_ERR;
3080 if (!S_ISDIR(sbuf.st_ex_mode)) {
3081 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3082 servicename, sharepath ));
3083 return USERSHARE_PATH_NOT_DIRECTORY;
3086 /* Check if sharing is restricted to owner-only. */
3087 /* psbuf is the stat of the usershare definition file,
3088 sbuf is the stat of the target directory to be shared. */
3090 if (lp_usershare_owner_only()) {
3091 /* root can share anything. */
3092 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3093 return USERSHARE_PATH_NOT_ALLOWED;
3097 *pp_sharepath = sharepath;
3098 *pp_comment = comment;
3099 return USERSHARE_OK;
3102 /***************************************************************************
3103 Deal with a usershare file.
3106 -1 - Bad name, invalid contents.
3107 - service name already existed and not a usershare, problem
3108 with permissions to share directory etc.
3109 ***************************************************************************/
3111 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3113 SMB_STRUCT_STAT sbuf;
3114 SMB_STRUCT_STAT lsbuf;
3116 char *sharepath = NULL;
3117 char *comment = NULL;
3118 char *cp_service_name = NULL;
3119 char **lines = NULL;
3123 TALLOC_CTX *ctx = talloc_stackframe();
3124 struct security_descriptor *psd = NULL;
3125 bool guest_ok = false;
3126 char *canon_name = NULL;
3127 bool added_service = false;
3130 /* Ensure share name doesn't contain invalid characters. */
3131 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3132 DEBUG(0,("process_usershare_file: share name %s contains "
3133 "invalid characters (any of %s)\n",
3134 file_name, INVALID_SHARENAME_CHARS ));
3138 canon_name = canonicalize_servicename(ctx, file_name);
3143 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3148 /* Minimize the race condition by doing an lstat before we
3149 open and fstat. Ensure this isn't a symlink link. */
3151 if (sys_lstat(fname, &lsbuf, false) != 0) {
3152 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3153 fname, strerror(errno) ));
3157 /* This must be a regular file, not a symlink, directory or
3158 other strange filetype. */
3159 if (!check_usershare_stat(fname, &lsbuf)) {
3167 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3172 if (NT_STATUS_IS_OK(status) &&
3173 (data.dptr != NULL) &&
3174 (data.dsize == sizeof(iService))) {
3175 memcpy(&iService, data.dptr, sizeof(iService));
3179 if (iService != -1 &&
3180 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3181 &lsbuf.st_ex_mtime) == 0) {
3182 /* Nothing changed - Mark valid and return. */
3183 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3185 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3190 /* Try and open the file read only - no symlinks allowed. */
3192 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3194 fd = open(fname, O_RDONLY, 0);
3198 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3199 fname, strerror(errno) ));
3203 /* Now fstat to be *SURE* it's a regular file. */
3204 if (sys_fstat(fd, &sbuf, false) != 0) {
3206 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3207 fname, strerror(errno) ));
3211 /* Is it the same dev/inode as was lstated ? */
3212 if (!check_same_stat(&lsbuf, &sbuf)) {
3214 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3215 "Symlink spoofing going on ?\n", fname ));
3219 /* This must be a regular file, not a symlink, directory or
3220 other strange filetype. */
3221 if (!check_usershare_stat(fname, &sbuf)) {
3226 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3229 if (lines == NULL) {
3230 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3231 fname, (unsigned int)sbuf.st_ex_uid ));
3235 if (parse_usershare_file(ctx, &sbuf, file_name,
3236 iService, lines, numlines, &sharepath,
3237 &comment, &cp_service_name,
3238 &psd, &guest_ok) != USERSHARE_OK) {
3242 /* Everything ok - add the service possibly using a template. */
3244 const struct loadparm_service *sp = &sDefault;
3245 if (snum_template != -1) {
3246 sp = ServicePtrs[snum_template];
3249 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3250 DEBUG(0, ("process_usershare_file: Failed to add "
3251 "new service %s\n", cp_service_name));
3255 added_service = true;
3257 /* Read only is controlled by usershare ACL below. */
3258 ServicePtrs[iService]->read_only = false;
3261 /* Write the ACL of the new/modified share. */
3262 if (!set_share_security(canon_name, psd)) {
3263 DEBUG(0, ("process_usershare_file: Failed to set share "
3264 "security for user share %s\n",
3269 /* If from a template it may be marked invalid. */
3270 ServicePtrs[iService]->valid = true;
3272 /* Set the service as a valid usershare. */
3273 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3275 /* Set guest access. */
3276 if (lp_usershare_allow_guests()) {
3277 ServicePtrs[iService]->guest_ok = guest_ok;
3280 /* And note when it was loaded. */
3281 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3282 string_set(ServicePtrs[iService], &ServicePtrs[iService]->path, sharepath);
3283 string_set(ServicePtrs[iService], &ServicePtrs[iService]->comment, comment);
3289 if (ret == -1 && iService != -1 && added_service) {
3290 lp_remove_service(iService);
3298 /***************************************************************************
3299 Checks if a usershare entry has been modified since last load.
3300 ***************************************************************************/
3302 static bool usershare_exists(int iService, struct timespec *last_mod)
3304 SMB_STRUCT_STAT lsbuf;
3305 const char *usersharepath = Globals.usershare_path;
3308 fname = talloc_asprintf(talloc_tos(),
3311 ServicePtrs[iService]->szService);
3312 if (fname == NULL) {
3316 if (sys_lstat(fname, &lsbuf, false) != 0) {
3321 if (!S_ISREG(lsbuf.st_ex_mode)) {
3327 *last_mod = lsbuf.st_ex_mtime;
3331 /***************************************************************************
3332 Load a usershare service by name. Returns a valid servicenumber or -1.
3333 ***************************************************************************/
3335 int load_usershare_service(const char *servicename)
3337 SMB_STRUCT_STAT sbuf;
3338 const char *usersharepath = Globals.usershare_path;
3339 int max_user_shares = Globals.usershare_max_shares;
3340 int snum_template = -1;
3342 if (*usersharepath == 0 || max_user_shares == 0) {
3346 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3347 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3348 usersharepath, strerror(errno) ));
3352 if (!S_ISDIR(sbuf.st_ex_mode)) {
3353 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3359 * This directory must be owned by root, and have the 't' bit set.
3360 * It also must not be writable by "other".
3364 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3366 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3368 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3369 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3374 /* Ensure the template share exists if it's set. */
3375 if (Globals.usershare_template_share[0]) {
3376 /* We can't use lp_servicenumber here as we are recommending that
3377 template shares have -valid=false set. */
3378 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3379 if (ServicePtrs[snum_template]->szService &&
3380 strequal(ServicePtrs[snum_template]->szService,
3381 Globals.usershare_template_share)) {
3386 if (snum_template == -1) {
3387 DEBUG(0,("load_usershare_service: usershare template share %s "
3388 "does not exist.\n",
3389 Globals.usershare_template_share ));
3394 return process_usershare_file(usersharepath, servicename, snum_template);
3397 /***************************************************************************
3398 Load all user defined shares from the user share directory.
3399 We only do this if we're enumerating the share list.
3400 This is the function that can delete usershares that have
3402 ***************************************************************************/
3404 int load_usershare_shares(struct smbd_server_connection *sconn,
3405 bool (*snumused) (struct smbd_server_connection *, int))
3408 SMB_STRUCT_STAT sbuf;
3410 int num_usershares = 0;
3411 int max_user_shares = Globals.usershare_max_shares;
3412 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3413 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3414 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3416 int snum_template = -1;
3417 const char *usersharepath = Globals.usershare_path;
3418 int ret = lp_numservices();
3419 TALLOC_CTX *tmp_ctx;
3421 if (max_user_shares == 0 || *usersharepath == '\0') {
3422 return lp_numservices();
3425 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3426 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3427 usersharepath, strerror(errno) ));
3432 * This directory must be owned by root, and have the 't' bit set.
3433 * It also must not be writable by "other".
3437 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3439 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3441 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3442 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3447 /* Ensure the template share exists if it's set. */
3448 if (Globals.usershare_template_share[0]) {
3449 /* We can't use lp_servicenumber here as we are recommending that
3450 template shares have -valid=false set. */
3451 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3452 if (ServicePtrs[snum_template]->szService &&
3453 strequal(ServicePtrs[snum_template]->szService,
3454 Globals.usershare_template_share)) {
3459 if (snum_template == -1) {
3460 DEBUG(0,("load_usershare_shares: usershare template share %s "
3461 "does not exist.\n",
3462 Globals.usershare_template_share ));
3467 /* Mark all existing usershares as pending delete. */
3468 for (iService = iNumServices - 1; iService >= 0; iService--) {
3469 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3470 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3474 dp = opendir(usersharepath);
3476 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3477 usersharepath, strerror(errno) ));
3481 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3483 num_dir_entries++ ) {
3485 const char *n = de->d_name;
3487 /* Ignore . and .. */
3489 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3495 /* Temporary file used when creating a share. */
3496 num_tmp_dir_entries++;
3499 /* Allow 20% tmp entries. */
3500 if (num_tmp_dir_entries > allowed_tmp_entries) {
3501 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3502 "in directory %s\n",
3503 num_tmp_dir_entries, usersharepath));
3507 r = process_usershare_file(usersharepath, n, snum_template);
3509 /* Update the services count. */
3511 if (num_usershares >= max_user_shares) {
3512 DEBUG(0,("load_usershare_shares: max user shares reached "
3513 "on file %s in directory %s\n",
3514 n, usersharepath ));
3517 } else if (r == -1) {
3518 num_bad_dir_entries++;
3521 /* Allow 20% bad entries. */
3522 if (num_bad_dir_entries > allowed_bad_entries) {
3523 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3524 "in directory %s\n",
3525 num_bad_dir_entries, usersharepath));
3529 /* Allow 20% bad entries. */
3530 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3531 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3532 "in directory %s\n",
3533 num_dir_entries, usersharepath));
3540 /* Sweep through and delete any non-refreshed usershares that are
3541 not currently in use. */
3542 tmp_ctx = talloc_stackframe();
3543 for (iService = iNumServices - 1; iService >= 0; iService--) {
3544 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3547 if (snumused && snumused(sconn, iService)) {
3551 servname = lp_servicename(tmp_ctx, iService);
3553 /* Remove from the share ACL db. */
3554 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3556 delete_share_security(servname);
3557 free_service_byindex(iService);
3560 talloc_free(tmp_ctx);
3562 return lp_numservices();
3565 /********************************************************
3566 Destroy global resources allocated in this file
3567 ********************************************************/
3569 void gfree_loadparm(void)
3575 /* Free resources allocated to services */
3577 for ( i = 0; i < iNumServices; i++ ) {
3579 free_service_byindex(i);
3583 TALLOC_FREE( ServicePtrs );
3586 /* Now release all resources allocated to global
3587 parameters and the default service */
3589 free_global_parameters();
3593 /***************************************************************************
3594 Allow client apps to specify that they are a client
3595 ***************************************************************************/
3596 static void lp_set_in_client(bool b)
3602 /***************************************************************************
3603 Determine if we're running in a client app
3604 ***************************************************************************/
3605 static bool lp_is_in_client(void)
3610 static void lp_enforce_ad_dc_settings(void)
3612 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3613 lp_do_parameter(GLOBAL_SECTION_SNUM,
3614 "winbindd:use external pipes", "true");
3615 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3616 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3617 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3618 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3619 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3620 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3621 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3622 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3623 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3626 /***************************************************************************
3627 Load the services array from the services file. Return true on success,
3629 ***************************************************************************/
3631 static bool lp_load_ex(const char *pszFname,
3635 bool reinit_globals,
3636 bool allow_include_registry,
3637 bool load_all_shares)
3641 TALLOC_CTX *frame = talloc_stackframe();
3642 struct loadparm_context *lp_ctx;
3646 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3648 bInGlobalSection = true;
3649 bGlobalOnly = global_only;
3650 bAllowIncludeRegistry = allow_include_registry;
3652 lp_ctx = setup_lp_context(talloc_tos());
3654 init_globals(lp_ctx, reinit_globals);
3658 if (save_defaults) {
3663 if (!reinit_globals) {
3664 free_param_opts(&Globals.param_opt);
3665 apply_lp_set_cmdline();
3668 lp_do_parameter(-1, "idmap config * : backend", Globals.szIdmapBackend);
3670 /* We get sections first, so have to start 'behind' to make up */
3673 if (lp_config_backend_is_file()) {
3674 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3675 current_user_info.domain,
3678 smb_panic("lp_load_ex: out of memory");
3681 add_to_file_list(NULL, &file_lists, pszFname, n2);
3683 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3686 /* finish up the last section */
3687 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3689 if (iServiceIndex >= 0) {
3690 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3694 if (lp_config_backend_is_registry()) {
3696 /* config backend changed to registry in config file */
3698 * We need to use this extra global variable here to
3699 * survive restart: init_globals uses this as a default
3700 * for config_backend. Otherwise, init_globals would
3701 * send us into an endless loop here.
3704 config_backend = CONFIG_BACKEND_REGISTRY;
3706 DEBUG(1, ("lp_load_ex: changing to config backend "
3708 init_globals(lp_ctx, true);
3710 TALLOC_FREE(lp_ctx);
3712 lp_kill_all_services();
3713 ok = lp_load_ex(pszFname, global_only, save_defaults,
3714 add_ipc, reinit_globals,
3715 allow_include_registry,
3720 } else if (lp_config_backend_is_registry()) {
3721 bRetval = process_registry_globals();
3723 DEBUG(0, ("Illegal config backend given: %d\n",
3724 lp_config_backend()));
3728 if (bRetval && lp_registry_shares()) {
3729 if (load_all_shares) {
3730 bRetval = process_registry_shares();
3732 bRetval = reload_registry_shares();
3737 char *serv = lp_auto_services(talloc_tos());
3738 lp_add_auto_services(serv);
3743 /* When 'restrict anonymous = 2' guest connections to ipc$
3745 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
3746 if ( lp_enable_asu_support() ) {
3747 lp_add_ipc("ADMIN$", false);
3751 set_allowed_client_auth();
3753 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
3754 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
3755 lp_password_server()));
3760 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
3761 /* if we_are_a_wins_server is true and we are in the client */
3762 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
3763 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
3768 fault_configure(smb_panic_s3);
3771 * We run this check once the whole smb.conf is parsed, to
3772 * force some settings for the standard way a AD DC is
3773 * operated. We may change these as our code evolves, which
3774 * is why we force these settings.
3776 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
3777 lp_enforce_ad_dc_settings();
3780 bAllowIncludeRegistry = true;
3786 static bool lp_load(const char *pszFname,
3790 bool reinit_globals)
3792 return lp_load_ex(pszFname,
3797 true, /* allow_include_registry */
3798 false); /* load_all_shares*/
3801 bool lp_load_initial_only(const char *pszFname)
3803 return lp_load_ex(pszFname,
3804 true, /* global only */
3805 true, /* save_defaults */
3806 false, /* add_ipc */
3807 true, /* reinit_globals */
3808 false, /* allow_include_registry */
3809 false); /* load_all_shares*/
3813 * most common lp_load wrapper, loading only the globals
3815 bool lp_load_global(const char *file_name)
3817 return lp_load(file_name,
3818 true, /* global_only */
3819 false, /* save_defaults */
3820 false, /* add_ipc */
3821 true); /* reinit_globals */
3825 * The typical lp_load wrapper with shares, loads global and
3826 * shares, including IPC, but does not force immediate
3827 * loading of all shares from registry.
3829 bool lp_load_with_shares(const char *file_name)
3831 return lp_load(file_name,
3832 false, /* global_only */
3833 false, /* save_defaults */
3835 true); /* reinit_globals */
3839 * lp_load wrapper, especially for clients
3841 bool lp_load_client(const char *file_name)
3843 lp_set_in_client(true);
3845 return lp_load_global(file_name);
3849 * lp_load wrapper, loading only globals, but intended
3850 * for subsequent calls, not reinitializing the globals
3853 bool lp_load_global_no_reinit(const char *file_name)
3855 return lp_load(file_name,
3856 true, /* global_only */
3857 false, /* save_defaults */
3858 false, /* add_ipc */
3859 false); /* reinit_globals */
3863 * lp_load wrapper, loading globals and shares,
3864 * intended for subsequent calls, i.e. not reinitializing
3865 * the globals to default values.
3867 bool lp_load_no_reinit(const char *file_name)
3869 return lp_load(file_name,
3870 false, /* global_only */
3871 false, /* save_defaults */
3872 false, /* add_ipc */
3873 false); /* reinit_globals */
3878 * lp_load wrapper, especially for clients, no reinitialization
3880 bool lp_load_client_no_reinit(const char *file_name)
3882 lp_set_in_client(true);
3884 return lp_load_global_no_reinit(file_name);
3887 bool lp_load_with_registry_shares(const char *pszFname)
3889 return lp_load_ex(pszFname,
3890 false, /* global_only */
3891 true, /* save_defaults */
3892 false, /* add_ipc */
3893 false, /* reinit_globals */
3894 true, /* allow_include_registry */
3895 true); /* load_all_shares*/
3898 /***************************************************************************
3899 Return the max number of services.
3900 ***************************************************************************/
3902 int lp_numservices(void)
3904 return (iNumServices);
3907 /***************************************************************************
3908 Display the contents of the services array in human-readable form.
3909 ***************************************************************************/
3911 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
3914 struct loadparm_context *lp_ctx;
3917 defaults_saved = false;
3919 lp_ctx = setup_lp_context(talloc_tos());
3920 if (lp_ctx == NULL) {
3924 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
3926 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
3928 for (iService = 0; iService < maxtoprint; iService++) {
3930 lp_dump_one(f, show_defaults, iService);
3934 /***************************************************************************
3935 Display the contents of one service in human-readable form.
3936 ***************************************************************************/
3938 void lp_dump_one(FILE * f, bool show_defaults, int snum)
3941 if (ServicePtrs[snum]->szService[0] == '\0')
3943 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
3944 flags_list, show_defaults);
3948 /***************************************************************************
3949 Return the number of the service with the given name, or -1 if it doesn't
3950 exist. Note that this is a DIFFERENT ANIMAL from the internal function
3951 getservicebyname()! This works ONLY if all services have been loaded, and
3952 does not copy the found service.
3953 ***************************************************************************/
3955 int lp_servicenumber(const char *pszServiceName)
3958 fstring serviceName;
3960 if (!pszServiceName) {
3961 return GLOBAL_SECTION_SNUM;
3964 for (iService = iNumServices - 1; iService >= 0; iService--) {
3965 if (VALID(iService) && ServicePtrs[iService]->szService) {
3967 * The substitution here is used to support %U in
3970 fstrcpy(serviceName, ServicePtrs[iService]->szService);
3971 standard_sub_basic(get_current_username(),
3972 current_user_info.domain,
3973 serviceName,sizeof(serviceName));
3974 if (strequal(serviceName, pszServiceName)) {
3980 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
3981 struct timespec last_mod;
3983 if (!usershare_exists(iService, &last_mod)) {
3984 /* Remove the share security tdb entry for it. */
3985 delete_share_security(lp_servicename(talloc_tos(), iService));
3986 /* Remove it from the array. */
3987 free_service_byindex(iService);
3988 /* Doesn't exist anymore. */
3989 return GLOBAL_SECTION_SNUM;
3992 /* Has it been modified ? If so delete and reload. */
3993 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3995 /* Remove it from the array. */
3996 free_service_byindex(iService);
3997 /* and now reload it. */
3998 iService = load_usershare_service(pszServiceName);
4003 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4004 return GLOBAL_SECTION_SNUM;
4010 /*******************************************************************
4011 A useful volume label function.
4012 ********************************************************************/
4014 const char *volume_label(TALLOC_CTX *ctx, int snum)
4017 const char *label = lp_volume(ctx, snum);
4019 label = lp_servicename(ctx, snum);
4022 /* This returns a 33 byte guarenteed null terminated string. */
4023 ret = talloc_strndup(ctx, label, 32);
4030 /*******************************************************************
4031 Get the default server type we will announce as via nmbd.
4032 ********************************************************************/
4034 int lp_default_server_announce(void)
4036 int default_server_announce = 0;
4037 default_server_announce |= SV_TYPE_WORKSTATION;
4038 default_server_announce |= SV_TYPE_SERVER;
4039 default_server_announce |= SV_TYPE_SERVER_UNIX;
4041 /* note that the flag should be set only if we have a
4042 printer service but nmbd doesn't actually load the
4043 services so we can't tell --jerry */
4045 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4047 default_server_announce |= SV_TYPE_SERVER_NT;
4048 default_server_announce |= SV_TYPE_NT;
4050 switch (lp_server_role()) {
4051 case ROLE_DOMAIN_MEMBER:
4052 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4054 case ROLE_DOMAIN_PDC:
4055 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4057 case ROLE_DOMAIN_BDC:
4058 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4060 case ROLE_STANDALONE:
4064 if (lp_time_server())
4065 default_server_announce |= SV_TYPE_TIME_SOURCE;
4067 if (lp_host_msdfs())
4068 default_server_announce |= SV_TYPE_DFS_SERVER;
4070 return default_server_announce;
4073 /***********************************************************
4074 If we are PDC then prefer us as DMB
4075 ************************************************************/
4077 bool lp_domain_master(void)
4079 if (Globals._domain_master == Auto)
4080 return (lp_server_role() == ROLE_DOMAIN_PDC);
4082 return (bool)Globals._domain_master;
4085 /***********************************************************
4086 If we are PDC then prefer us as DMB
4087 ************************************************************/
4089 static bool lp_domain_master_true_or_auto(void)
4091 if (Globals._domain_master) /* auto or yes */
4097 /***********************************************************
4098 If we are DMB then prefer us as LMB
4099 ************************************************************/
4101 bool lp_preferred_master(void)
4103 if (Globals.iPreferredMaster == Auto)
4104 return (lp_local_master() && lp_domain_master());
4106 return (bool)Globals.iPreferredMaster;
4109 /*******************************************************************
4111 ********************************************************************/
4113 void lp_remove_service(int snum)
4115 ServicePtrs[snum]->valid = false;
4118 const char *lp_printername(TALLOC_CTX *ctx, int snum)
4120 const char *ret = lp__printername(ctx, snum);
4121 if (ret == NULL || *ret == '\0') {
4122 ret = lp_const_servicename(snum);
4129 /***********************************************************
4130 Allow daemons such as winbindd to fix their logfile name.
4131 ************************************************************/
4133 void lp_set_logfile(const char *name)
4135 string_set(Globals.ctx, &Globals.logfile, name);
4136 debug_set_logfile(name);
4139 /*******************************************************************
4140 Return the max print jobs per queue.
4141 ********************************************************************/
4143 int lp_maxprintjobs(int snum)
4145 int maxjobs = LP_SNUM_OK(snum) ? ServicePtrs[snum]->iMaxPrintJobs : sDefault.iMaxPrintJobs;
4146 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4147 maxjobs = PRINT_MAX_JOBID - 1;
4152 const char *lp_printcapname(void)
4154 if ((Globals.szPrintcapname != NULL) &&
4155 (Globals.szPrintcapname[0] != '\0'))
4156 return Globals.szPrintcapname;
4158 if (sDefault.printing == PRINT_CUPS) {
4162 if (sDefault.printing == PRINT_BSD)
4163 return "/etc/printcap";
4165 return PRINTCAP_NAME;
4168 static uint32_t spoolss_state;
4170 bool lp_disable_spoolss( void )
4172 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4173 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4175 return spoolss_state == SVCCTL_STOPPED ? true : false;
4178 void lp_set_spoolss_state( uint32_t state )
4180 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4182 spoolss_state = state;
4185 uint32_t lp_get_spoolss_state( void )
4187 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4190 /*******************************************************************
4191 Ensure we don't use sendfile if server smb signing is active.
4192 ********************************************************************/
4194 bool lp_use_sendfile(int snum, struct smb_signing_state *signing_state)
4196 bool sign_active = false;
4198 /* Using sendfile blows the brains out of any DOS or Win9x TCP stack... JRA. */
4199 if (get_Protocol() < PROTOCOL_NT1) {
4202 if (signing_state) {
4203 sign_active = smb_signing_is_active(signing_state);
4205 return (lp__use_sendfile(snum) &&
4206 (get_remote_arch() != RA_WIN95) &&
4210 /*******************************************************************
4211 Turn off sendfile if we find the underlying OS doesn't support it.
4212 ********************************************************************/
4214 void set_use_sendfile(int snum, bool val)
4216 if (LP_SNUM_OK(snum))
4217 ServicePtrs[snum]->_use_sendfile = val;
4219 sDefault._use_sendfile = val;
4222 /*******************************************************************
4223 Turn off storing DOS attributes if this share doesn't support it.
4224 ********************************************************************/
4226 void set_store_dos_attributes(int snum, bool val)
4228 if (!LP_SNUM_OK(snum))
4230 ServicePtrs[(snum)]->store_dos_attributes = val;
4233 void lp_set_mangling_method(const char *new_method)
4235 string_set(Globals.ctx, &Globals.mangling_method, new_method);
4238 /*******************************************************************
4239 Global state for POSIX pathname processing.
4240 ********************************************************************/
4242 static bool posix_pathnames;
4244 bool lp_posix_pathnames(void)
4246 return posix_pathnames;
4249 /*******************************************************************
4250 Change everything needed to ensure POSIX pathname processing (currently
4252 ********************************************************************/
4254 void lp_set_posix_pathnames(void)
4256 posix_pathnames = true;
4259 /*******************************************************************
4260 Global state for POSIX lock processing - CIFS unix extensions.
4261 ********************************************************************/
4263 bool posix_default_lock_was_set;
4264 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4266 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4268 if (posix_default_lock_was_set) {
4269 return posix_cifsx_locktype;
4271 return fsp->posix_open ? POSIX_LOCK : WINDOWS_LOCK;
4275 /*******************************************************************
4276 ********************************************************************/
4278 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4280 posix_default_lock_was_set = true;
4281 posix_cifsx_locktype = val;
4284 int lp_min_receive_file_size(void)
4286 if (Globals.iminreceivefile < 0) {
4289 return Globals.iminreceivefile;
4292 /*******************************************************************
4293 Safe wide links checks.
4294 This helper function always verify the validity of wide links,
4295 even after a configuration file reload.
4296 ********************************************************************/
4298 static bool lp_widelinks_internal(int snum)
4300 return (bool)(LP_SNUM_OK(snum)? ServicePtrs[(snum)]->bWidelinks :
4301 sDefault.bWidelinks);
4304 void widelinks_warning(int snum)
4306 if (lp_allow_insecure_wide_links()) {
4310 if (lp_unix_extensions() && lp_widelinks_internal(snum)) {
4311 DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
4312 "These parameters are incompatible. "
4313 "Wide links will be disabled for this share.\n",
4314 lp_servicename(talloc_tos(), snum) ));
4318 bool lp_widelinks(int snum)
4320 /* wide links is always incompatible with unix extensions */
4321 if (lp_unix_extensions()) {
4323 * Unless we have "allow insecure widelinks"
4326 if (!lp_allow_insecure_wide_links()) {
4331 return lp_widelinks_internal(snum);
4334 int lp_server_role(void)
4336 return lp_find_server_role(lp__server_role(),
4338 lp__domain_logons(),
4339 lp_domain_master_true_or_auto());
4342 int lp_security(void)
4344 return lp_find_security(lp__server_role(),
4348 int lp_client_max_protocol(void)
4350 int client_max_protocol = lp__client_max_protocol();
4351 if (client_max_protocol == PROTOCOL_DEFAULT) {
4352 return PROTOCOL_NT1;
4354 return client_max_protocol;
4357 int lp_winbindd_max_protocol(void)
4359 int client_max_protocol = lp__client_max_protocol();
4360 if (client_max_protocol == PROTOCOL_DEFAULT) {
4361 return PROTOCOL_LATEST;
4363 return client_max_protocol;
4366 struct loadparm_global * get_globals(void)
4371 unsigned int * get_flags(void)
4373 if (flags_list == NULL) {
4374 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());