#include "ads.h"
#include "../librpc/gen_ndr/svcctl.h"
-
+#include "intl.h"
#include "smb_signing.h"
#include "dbwrap.h"
#include "smbldap.h"
bool bWinbindNormalizeNames;
bool bWinbindRpcOnly;
bool bCreateKrb5Conf;
+ int winbindMaxDomainConnections;
char *szIdmapBackend;
bool bIdmapReadOnly;
char *szAddShareCommand;
bool bClientNTLMv2Auth;
bool bClientPlaintextAuth;
bool bClientUseSpnego;
+ bool client_use_spnego_principal;
+ bool send_spnego_principal;
bool bDebugPrefixTimestamp;
bool bDebugHiresTimestamp;
bool bDebugPid;
char *szSMBPerfcountModule;
bool bMapUntrustedToDomain;
bool bAsyncSMBEchoHandler;
+ bool bMulticastDnsRegister;
int ismb2_max_read;
int ismb2_max_write;
int ismb2_max_trans;
+ int ismb2_max_credits;
char *ncalrpc_dir;
};
bool bAdministrative_share;
bool bGuest_ok;
bool bPrint_ok;
+ bool bPrintNotifyBackchannel;
bool bMap_system;
bool bMap_hidden;
bool bMap_archive;
False, /* bAdministrative_share */
False, /* bGuest_ok */
False, /* bPrint_ok */
+ True, /* bPrintNotifyBackchannel */
False, /* bMap_system */
False, /* bMap_hidden */
True, /* bMap_archive */
false, /* bWidelinks */
True, /* bSymlinks */
False, /* bSyncAlways */
- False, /* bStrictAllocate */
+ True, /* bStrictAllocate */
False, /* bStrictSync */
'~', /* magic char */
NULL, /* copymap */
static bool handle_include( int snum, const char *pszParmValue, char **ptr);
static bool handle_copy( int snum, const char *pszParmValue, char **ptr);
static bool handle_netbios_name( int snum, const char *pszParmValue, char **ptr);
+static bool handle_idmap_backend(int snum, const char *pszParmValue, char **ptr);
static bool handle_idmap_uid( int snum, const char *pszParmValue, char **ptr);
static bool handle_idmap_gid( int snum, const char *pszParmValue, char **ptr);
static bool handle_debug_list( int snum, const char *pszParmValue, char **ptr );
{PRINT_IPRINT, "iprint"},
{PRINT_LPRNT, "nt"},
{PRINT_LPROS2, "os2"},
-#ifdef DEVELOPER
+#if defined(DEVELOPER) || defined(ENABLE_BUILD_FARM_HACKS)
{PRINT_TEST, "test"},
{PRINT_VLP, "vlp"},
#endif /* DEVELOPER */
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "client use spnego principal",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.client_use_spnego_principal,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
+ {
+ .label = "send spnego principal",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.send_spnego_principal,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{
.label = "username",
.type = P_STRING,
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "smb2 max credits",
+ .type = P_INTEGER,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.ismb2_max_credits,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{N_("Printing Options"), P_SEP, P_SEPARATOR},
.enum_list = NULL,
.flags = FLAG_ADVANCED | FLAG_PRINT,
},
+ {
+ .label = "print notify backchannel",
+ .type = P_BOOL,
+ .p_class = P_LOCAL,
+ .ptr = &sDefault.bPrintNotifyBackchannel,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{
.label = "print ok",
.type = P_BOOL,
.enum_list = NULL,
.flags = FLAG_ADVANCED | FLAG_GLOBAL,
},
+ {
+ .label = "multicast dns register",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.bMulticastDnsRegister,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED | FLAG_GLOBAL,
+ },
{
.label = "panic action",
.type = P_STRING,
.type = P_STRING,
.p_class = P_GLOBAL,
.ptr = &Globals.szIdmapBackend,
- .special = NULL,
- .enum_list = NULL,
- .flags = FLAG_ADVANCED,
- },
- {
- .label = "idmap read only",
- .type = P_BOOL,
- .p_class = P_GLOBAL,
- .ptr = &Globals.bIdmapReadOnly,
- .special = NULL,
+ .special = handle_idmap_backend,
.enum_list = NULL,
- .flags = FLAG_ADVANCED,
+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
},
{
.label = "idmap cache time",
.ptr = &Globals.szIdmapUID,
.special = handle_idmap_uid,
.enum_list = NULL,
- .flags = FLAG_ADVANCED,
+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
},
{
.label = "winbind uid",
.ptr = &Globals.szIdmapGID,
.special = handle_idmap_gid,
.enum_list = NULL,
- .flags = FLAG_ADVANCED,
+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
},
{
.label = "winbind gid",
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "winbind max domain connections",
+ .type = P_INTEGER,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.winbindMaxDomainConnections,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
};
string_set(&pService->szPrintcommand, "lp -r -P%p %s");
break;
-#ifdef DEVELOPER
+#if defined(DEVELOPER) || defined(ENABLE_BUILD_FARM_HACKS)
+
case PRINT_TEST:
case PRINT_VLP:
string_set(&pService->szPrintcommand, "vlp print %p %s");
#if defined(RLIM_INFINITY)
if(rl.rlim_cur == RLIM_INFINITY)
rlimit_max = MAX_OPEN_FILES;
- }
#endif
+ }
#endif
if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
- DEBUG(2,("max_open_files: sysctl_max (%d) below "
+ DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
"minimum Windows limit (%d)\n",
sysctl_max,
MIN_OPEN_FILES_WINDOWS));
}
if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
- DEBUG(2,("rlimit_max: rlimit_max (%d) below "
+ DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
"minimum Windows limit (%d)\n",
rlimit_max,
MIN_OPEN_FILES_WINDOWS));
*/
static bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
{
- struct lp_stored_option *entry = NULL;
- for (entry = stored_options; entry != NULL; entry = entry->next) {
+ struct lp_stored_option *entry, *entry_next;
+ for (entry = stored_options; entry != NULL; entry = entry_next) {
+ entry_next = entry->next;
if (strcmp(pszParmName, entry->label) == 0) {
DLIST_REMOVE(stored_options, entry);
talloc_free(entry);
Globals.bClientPlaintextAuth = False; /* Do NOT use a plaintext password even if is requested by the server */
Globals.bLanmanAuth = False; /* Do NOT use the LanMan hash, even if it is supplied */
Globals.bNTLMAuth = True; /* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
- Globals.bClientNTLMv2Auth = False; /* Client should not use NTLMv2, as we can't tell that the server supports it. */
- /* Note, that we will use NTLM2 session security (which is different), if it is available */
+ Globals.bClientNTLMv2Auth = True; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
+ /* Note, that we will also use NTLM2 session security (which is different), if it is available */
Globals.map_to_guest = 0; /* By Default, "Never" */
Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
Globals.bResetOnZeroVC = False;
Globals.bLogWriteableFilesOnExit = False;
Globals.bCreateKrb5Conf = true;
+ Globals.winbindMaxDomainConnections = 1;
/* hostname lookups can be very expensive and are broken on
a large number of sites (tridge) */
Globals.iminreceivefile = 0;
Globals.bMapUntrustedToDomain = false;
+ Globals.bMulticastDnsRegister = true;
- Globals.ismb2_max_read = 1024*1024;
- Globals.ismb2_max_write = 1024*1024;
- Globals.ismb2_max_trans = 1024*1024;
+ Globals.ismb2_max_read = DEFAULT_SMB2_MAX_READ;
+ Globals.ismb2_max_write = DEFAULT_SMB2_MAX_WRITE;
+ Globals.ismb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
+ Globals.ismb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
string_set(&Globals.ncalrpc_dir, get_dyn_NCALRPCDIR());
FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames)
FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly)
FN_GLOBAL_BOOL(lp_create_krb5_conf, &Globals.bCreateKrb5Conf)
+static FN_GLOBAL_INTEGER(lp_winbind_max_domain_connections_int,
+ &Globals.winbindMaxDomainConnections)
+
+int lp_winbind_max_domain_connections(void)
+{
+ if (lp_winbind_offline_logon() &&
+ lp_winbind_max_domain_connections_int() > 1) {
+ DEBUG(1, ("offline logons active, restricting max domain "
+ "connections to 1\n"));
+ return 1;
+ }
+ return MAX(1, lp_winbind_max_domain_connections_int());
+}
FN_GLOBAL_CONST_STRING(lp_idmap_backend, &Globals.szIdmapBackend)
-FN_GLOBAL_BOOL(lp_idmap_read_only, &Globals.bIdmapReadOnly)
FN_GLOBAL_INTEGER(lp_idmap_cache_time, &Globals.iIdmapCacheTime)
FN_GLOBAL_INTEGER(lp_idmap_negative_cache_time, &Globals.iIdmapNegativeCacheTime)
FN_GLOBAL_INTEGER(lp_keepalive, &Globals.iKeepalive)
FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions)
FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego)
FN_GLOBAL_BOOL(lp_client_use_spnego, &Globals.bClientUseSpnego)
+FN_GLOBAL_BOOL(lp_client_use_spnego_principal, &Globals.client_use_spnego_principal)
+FN_GLOBAL_BOOL(lp_send_spnego_principal, &Globals.send_spnego_principal)
FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups)
FN_LOCAL_PARM_BOOL(lp_change_notify, bChangeNotify)
FN_LOCAL_PARM_BOOL(lp_kernel_change_notify, bKernelChangeNotify)
FN_GLOBAL_INTEGER(lp_usernamelevel, &Globals.unamelevel)
FN_GLOBAL_INTEGER(lp_deadtime, &Globals.deadtime)
FN_GLOBAL_BOOL(lp_getwd_cache, &Globals.getwd_cache)
-FN_GLOBAL_INTEGER(lp_maxprotocol, &Globals.maxprotocol)
+static FN_GLOBAL_INTEGER(_lp_maxprotocol, &Globals.maxprotocol)
+int lp_maxprotocol(void)
+{
+ int ret = _lp_maxprotocol();
+ if ((ret == PROTOCOL_SMB2) && (lp_security() == SEC_SHARE)) {
+ DEBUG(2,("WARNING!!: \"security = share\" is incompatible "
+ "with the SMB2 protocol. Resetting to SMB1.\n" ));
+ lp_do_parameter(-1, "max protocol", "NT1");
+ return PROTOCOL_NT1;
+ }
+ return ret;
+}
FN_GLOBAL_INTEGER(lp_minprotocol, &Globals.minprotocol)
FN_GLOBAL_INTEGER(lp_security, &Globals.security)
FN_GLOBAL_LIST(lp_auth_methods, &Globals.AuthMethods)
FN_GLOBAL_INTEGER(lp_smb2_max_read, &Globals.ismb2_max_read)
FN_GLOBAL_INTEGER(lp_smb2_max_write, &Globals.ismb2_max_write)
FN_GLOBAL_INTEGER(lp_smb2_max_trans, &Globals.ismb2_max_trans)
-
+int lp_smb2_max_credits(void)
+{
+ if (Globals.ismb2_max_credits == 0) {
+ Globals.ismb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
+ }
+ return Globals.ismb2_max_credits;
+}
FN_LOCAL_STRING(lp_preexec, szPreExec)
FN_LOCAL_STRING(lp_postexec, szPostExec)
FN_LOCAL_STRING(lp_rootpreexec, szRootPreExec)
FN_LOCAL_BOOL(lp_guest_only, bGuest_only)
FN_LOCAL_BOOL(lp_administrative_share, bAdministrative_share)
FN_LOCAL_BOOL(lp_print_ok, bPrint_ok)
+FN_LOCAL_BOOL(lp_print_notify_backchannel, bPrintNotifyBackchannel)
FN_LOCAL_BOOL(lp_map_hidden, bMap_hidden)
FN_LOCAL_BOOL(lp_map_archive, bMap_archive)
FN_LOCAL_BOOL(lp_store_dos_attributes, bStoreDosAttributes)
FN_LOCAL_BOOL(lp_dos_filetime_resolution, bDosFiletimeResolution)
FN_LOCAL_BOOL(lp_fake_dir_create_times, bFakeDirCreateTimes)
FN_GLOBAL_BOOL(lp_async_smb_echo_handler, &Globals.bAsyncSMBEchoHandler)
+FN_GLOBAL_BOOL(lp_multicast_dns_register, &Globals.bMulticastDnsRegister)
FN_LOCAL_BOOL(lp_blocking_locks, bBlockingLocks)
FN_LOCAL_BOOL(lp_inherit_perms, bInheritPerms)
FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS)
if (name) {
i = getservicebyname(name, NULL);
if (i >= 0) {
- /* Clean all parametric options for service */
- /* They will be added during parsing again */
- free_param_opts(&ServicePtrs[i]->param_opt);
return (i);
}
}
return True;
}
-/* Do some simple checks on "idmap [ug]id" parameter values */
-
-static bool handle_idmap_uid(int snum, const char *pszParmValue, char **ptr)
+static bool handle_idmap_backend(int snum, const char *pszParmValue, char **ptr)
{
- uint32 low, high;
-
- if (sscanf(pszParmValue, "%u - %u", &low, &high) != 2 || high < low)
- return False;
+ lp_do_parameter(snum, "idmap config * : backend", pszParmValue);
- /* Parse OK */
+ return true;
+}
- string_set(ptr, pszParmValue);
+/* Do some simple checks on "idmap [ug]id" parameter values */
- idmap_uid_low = low;
- idmap_uid_high = high;
+static bool handle_idmap_uid(int snum, const char *pszParmValue, char **ptr)
+{
+ lp_do_parameter(snum, "idmap config * : range", pszParmValue);
return True;
}
static bool handle_idmap_gid(int snum, const char *pszParmValue, char **ptr)
{
- uint32 low, high;
-
- if (sscanf(pszParmValue, "%u - %u", &low, &high) != 2 || high < low)
- return False;
-
- /* Parse OK */
-
- string_set(ptr, pszParmValue);
-
- idmap_gid_low = low;
- idmap_gid_high = high;
+ lp_do_parameter(snum, "idmap config * : range", pszParmValue);
return True;
}
static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue, bool store_values)
{
- int parmnum;
+ int parmnum, i;
parmnum = map_parameter(pszParmName);
if (parmnum >= 0) {
parm_table[parmnum].flags &= ~FLAG_CMDLINE;
}
parm_table[parmnum].flags |= FLAG_CMDLINE;
- store_lp_set_cmdline(pszParmName, pszParmValue);
+ /* we have to also set FLAG_CMDLINE on aliases. Aliases must
+ * be grouped in the table, so we don't have to search the
+ * whole table */
+ for (i=parmnum-1;i>=0 && parm_table[i].ptr == parm_table[parmnum].ptr;i--) {
+ parm_table[i].flags |= FLAG_CMDLINE;
+ }
+ for (i=parmnum+1;i<NUMPARAMETERS && parm_table[i].ptr == parm_table[parmnum].ptr;i++) {
+ parm_table[i].flags |= FLAG_CMDLINE;
+ }
+
+ if (store_values) {
+ store_lp_set_cmdline(pszParmName, pszParmValue);
+ }
return true;
}
/* it might be parametric */
if (strchr(pszParmName, ':') != NULL) {
set_param_opt(&Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
- store_lp_set_cmdline(pszParmName, pszParmValue);
+ if (store_values) {
+ store_lp_set_cmdline(pszParmName, pszParmValue);
+ }
return true;
}
*p = 0;
- ret = lp_set_cmdline(s, p+1);
+ /* skip white spaces after the = sign */
+ do {
+ p++;
+ } while (*p == ' ');
+
+ ret = lp_set_cmdline(s, p);
talloc_free(s);
return ret;
}
DEBUG(0, ("Failed to add a new service\n"));
return (False);
}
+ /* Clean all parametric options for service */
+ /* They will be added during parsing again */
+ free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
}
return (bRetval);
bAllowIncludeRegistry = allow_include_registry;
init_globals(initialize_globals);
- debug_init();
free_file_list();
free_param_opts(&Globals.param_opt);
+ lp_do_parameter(-1, "idmap config * : backend", Globals.szIdmapBackend);
+
/* We get sections first, so have to start 'behind' to make up */
iServiceIndex = -1;
init_iconv();
+ fault_configure(smb_panic_s3);
+
bAllowIncludeRegistry = true;
return (bRetval);
const char *sharename)
{
struct share_params *result;
- char *sname;
+ char *sname = NULL;
int snum;
- if (!(sname = SMB_STRDUP(sharename))) {
- return NULL;
- }
-
- snum = find_service(sname);
- SAFE_FREE(sname);
-
- if (snum < 0) {
+ snum = find_service(mem_ctx, sharename, &sname);
+ if (snum < 0 || sname == NULL) {
return NULL;
}