#include "libcli/smb/smb_constants.h"
#include "tdb.h"
#include "librpc/gen_ndr/nbt.h"
+#include "libds/common/roles.h"
#ifdef HAVE_HTTPCONNECTENCRYPT
#include <cups/http.h>
return strtoul(s, NULL, 0);
}
+/**
+ * convenience routine to return unsigned long long parameters.
+ */
+unsigned long long lp_ulonglong(const char *s)
+{
+
+ if (!s || !*s) {
+ DEBUG(0, ("lp_ulonglong(%s): is called with NULL!\n", s));
+ return -1;
+ }
+
+ return strtoull(s, NULL, 0);
+}
+
/**
* convenience routine to return unsigned long parameters.
*/
return default_v;
}
+/**
+ * Return parametric option from a given service.
+ * Type is a part of option before ':'
+ * Parametric option has following syntax: 'Type: option = value'
+ */
+unsigned long long lpcfg_parm_ulonglong(struct loadparm_context *lp_ctx,
+ struct loadparm_service *service,
+ const char *type, const char *option,
+ unsigned long long default_v)
+{
+ const char *value = lpcfg_get_parametric(lp_ctx, service, type, option);
+
+ if (value) {
+ return lp_ulonglong(value);
+ }
+
+ return default_v;
+}
+
long lpcfg_parm_long(struct loadparm_context *lp_ctx,
struct loadparm_service *service, const char *type,
const char *option, long default_v)
}
+/* this is used to prevent lots of mallocs of size 1 */
+static const char lpcfg_string_emtpy[] = "";
+
+/**
+ Free a string value.
+**/
+void lpcfg_string_free(char **s)
+{
+ if (s == NULL) {
+ return;
+ }
+ if (*s == lpcfg_string_emtpy) {
+ *s = NULL;
+ return;
+ }
+ TALLOC_FREE(*s);
+}
+
/**
* Set a string value, deallocating any existing space, and allocing the space
* for the string
*/
bool lpcfg_string_set(TALLOC_CTX *mem_ctx, char **dest, const char *src)
{
- talloc_free(*dest);
+ lpcfg_string_free(dest);
- if (src == NULL)
- src = "";
+ if ((src == NULL) || (*src == '\0')) {
+ *dest = discard_const_p(char, lpcfg_string_emtpy);
+ return true;
+ }
*dest = talloc_strdup(mem_ctx, src);
if ((*dest) == NULL) {
*/
bool lpcfg_string_set_upper(TALLOC_CTX *mem_ctx, char **dest, const char *src)
{
- talloc_free(*dest);
+ lpcfg_string_free(dest);
- if (src == NULL)
- src = "";
+ if ((src == NULL) || (*src == '\0')) {
+ *dest = discard_const_p(char, lpcfg_string_emtpy);
+ return true;
+ }
*dest = strupper_talloc(mem_ctx, src);
if ((*dest) == NULL) {
overridden */
return;
}
- TALLOC_FREE(opt->value);
TALLOC_FREE(opt->list);
- opt->value = talloc_strdup(opt, opt_value);
+ lpcfg_string_set(opt, &opt->value, opt_value);
opt->priority = priority;
return;
}
if (new_opt == NULL) {
smb_panic("OOM");
}
- new_opt->key = talloc_strdup(new_opt, opt_name);
- new_opt->value = talloc_strdup(new_opt, opt_value);
+ new_opt->key = NULL;
+ lpcfg_string_set(new_opt, &new_opt->key, opt_name);
+ new_opt->value = NULL;
+ lpcfg_string_set(new_opt, &new_opt->value, opt_value);
new_opt->list = NULL;
new_opt->priority = priority;
const char *pszParmValue, char **ptr)
{
char *fname;
+ const char *substitution_variable_substring;
+ char next_char;
if (lp_ctx->s3_fns) {
return lp_ctx->s3_fns->lp_include(lp_ctx, service, pszParmValue, ptr);
if (file_exist(fname))
return pm_process(fname, do_section, lpcfg_do_parameter, lp_ctx);
+ /*
+ * If the file doesn't exist, we check that it isn't due to variable
+ * substitution
+ */
+ substitution_variable_substring = strchr(fname, '%');
+
+ if (substitution_variable_substring != NULL) {
+ next_char = substitution_variable_substring[1];
+ if ((next_char >= 'a' && next_char <= 'z')
+ || (next_char >= 'A' && next_char <= 'Z')) {
+ DEBUG(2, ("Tried to load %s but variable substitution in "
+ "filename, ignoring file.\n", fname));
+ return true;
+ }
+ }
+
DEBUG(2, ("Can't find include file %s\n", fname));
return false;
if ((parm_table[i].type == P_STRING ||
parm_table[i].type == P_USTRING) &&
!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
+ TALLOC_CTX *parent_mem;
char **r;
if (parm_table[i].p_class == P_LOCAL) {
+ parent_mem = lp_ctx->sDefault;
r = (char **)(((char *)lp_ctx->sDefault) + parm_table[i].offset);
} else {
+ parent_mem = lp_ctx->globals;
r = (char **)(((char *)lp_ctx->globals) + parm_table[i].offset);
}
- *r = talloc_strdup(lp_ctx, "");
+ lpcfg_string_set(parent_mem, r, "");
}
}
lpcfg_do_global_parameter(lp_ctx, "server max protocol", "SMB3");
lpcfg_do_global_parameter(lp_ctx, "client min protocol", "CORE");
lpcfg_do_global_parameter(lp_ctx, "client max protocol", "default");
+ lpcfg_do_global_parameter(lp_ctx, "client ipc min protocol", "default");
+ lpcfg_do_global_parameter(lp_ctx, "client ipc max protocol", "default");
lpcfg_do_global_parameter(lp_ctx, "security", "AUTO");
lpcfg_do_global_parameter(lp_ctx, "EncryptPasswords", "True");
lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True");
lpcfg_do_global_parameter(lp_ctx, "ClientNTLMv2Auth", "True");
lpcfg_do_global_parameter(lp_ctx, "LanmanAuth", "False");
lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "True");
+ lpcfg_do_global_parameter(lp_ctx, "RawNTLMv2Auth", "False");
lpcfg_do_global_parameter(lp_ctx, "client use spnego principal", "False");
lpcfg_do_global_parameter(lp_ctx, "UnixExtensions", "True");
lpcfg_do_global_parameter(lp_ctx, "min wins ttl", "21600");
lpcfg_do_global_parameter(lp_ctx, "tls enabled", "True");
+ lpcfg_do_global_parameter(lp_ctx, "tls verify peer", "as_strict_as_possible");
lpcfg_do_global_parameter(lp_ctx, "tls keyfile", "tls/key.pem");
lpcfg_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
lpcfg_do_global_parameter(lp_ctx, "allocation roundup size", "1048576");
- lpcfg_do_global_parameter(lp_ctx, "ldap page size", "1024");
+ lpcfg_do_global_parameter(lp_ctx, "ldap page size", "1000");
lpcfg_do_global_parameter(lp_ctx, "kernel share modes", "yes");
lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "sign");
+ lpcfg_do_global_parameter(lp_ctx, "ldap server require strong auth", "yes");
+
lpcfg_do_global_parameter(lp_ctx, "follow symlinks", "yes");
lpcfg_do_global_parameter(lp_ctx, "machine password timeout", "604800");
lpcfg_do_global_parameter(lp_ctx, "printjob username", "%U");
+ lpcfg_do_global_parameter(lp_ctx, "aio max threads", "100");
+
/* Allow modules to adjust defaults */
for (defaults_hook = defaults_hooks; defaults_hook;
defaults_hook = defaults_hook->next) {
return client_max_protocol;
}
+int lpcfg_client_ipc_min_protocol(struct loadparm_context *lp_ctx)
+{
+ int client_ipc_min_protocol = lpcfg__client_ipc_min_protocol(lp_ctx);
+ if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
+ client_ipc_min_protocol = lpcfg_client_min_protocol(lp_ctx);
+ }
+ if (client_ipc_min_protocol < PROTOCOL_NT1) {
+ return PROTOCOL_NT1;
+ }
+ return client_ipc_min_protocol;
+}
+
+int lpcfg_client_ipc_max_protocol(struct loadparm_context *lp_ctx)
+{
+ int client_ipc_max_protocol = lpcfg__client_ipc_max_protocol(lp_ctx);
+ if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
+ return PROTOCOL_LATEST;
+ }
+ if (client_ipc_max_protocol < PROTOCOL_NT1) {
+ return PROTOCOL_NT1;
+ }
+ return client_ipc_max_protocol;
+}
+
bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory)
{
bool allowed = true;