2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "system/filesys.h"
60 #include "lib/param/loadparm.h"
61 #include "lib/param/param.h"
63 #include "lib/smbconf/smbconf.h"
64 #include "lib/smbconf/smbconf_init.h"
67 #include "../librpc/gen_ndr/svcctl.h"
69 #include "../libcli/smb/smb_signing.h"
70 #include "dbwrap/dbwrap.h"
71 #include "dbwrap/dbwrap_rbt.h"
72 #include "../lib/util/bitmap.h"
73 #include "librpc/gen_ndr/nbt.h"
74 #include "source4/lib/tls/tls.h"
75 #include "libcli/auth/ntlm_check.h"
76 #include "lib/crypto/gnutls_helpers.h"
77 #include "lib/util/string_wrappers.h"
78 #include "auth/credentials/credentials.h"
79 #include "source3/lib/substitute.h"
81 #ifdef HAVE_SYS_SYSCTL_H
82 #include <sys/sysctl.h>
87 extern userdom_struct current_user_info;
89 /* the special value for the include parameter
90 * to be interpreted not as a file name but to
91 * trigger loading of the global smb.conf options
93 #ifndef INCLUDE_REGISTRY_NAME
94 #define INCLUDE_REGISTRY_NAME "registry"
97 static bool in_client = false; /* Not in the client by default */
98 static struct smbconf_csn conf_last_csn;
100 static int config_backend = CONFIG_BACKEND_FILE;
102 /* some helpful bits */
103 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
104 (ServicePtrs != NULL) && \
105 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
106 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
107 ServicePtrs[i]->valid)
109 #define USERSHARE_VALID 1
110 #define USERSHARE_PENDING_DELETE 2
112 static bool defaults_saved = false;
114 #include "lib/param/param_global.h"
116 static struct loadparm_global Globals;
118 /* This is a default service used to prime a services structure */
119 static const struct loadparm_service _sDefault =
124 .usershare_last_mod = {0, 0},
127 .invalid_users = NULL,
134 .root_preexec = NULL,
135 .root_postexec = NULL,
136 .cups_options = NULL,
137 .print_command = NULL,
139 .lprm_command = NULL,
140 .lppause_command = NULL,
141 .lpresume_command = NULL,
142 .queuepause_command = NULL,
143 .queueresume_command = NULL,
144 ._printername = NULL,
145 .printjob_username = NULL,
146 .dont_descend = NULL,
149 .magic_script = NULL,
150 .magic_output = NULL,
153 .veto_oplock_files = NULL,
163 .aio_write_behind = NULL,
164 .dfree_command = NULL,
165 .min_print_space = 0,
166 .max_print_jobs = 1000,
167 .max_reported_print_jobs = 0,
169 .force_create_mode = 0,
170 .directory_mask = 0755,
171 .force_directory_mode = 0,
172 .max_connections = 0,
173 .default_case = CASE_LOWER,
174 .printing = DEFAULT_PRINTING,
177 .dfree_cache_time = 0,
178 .preexec_close = false,
179 .root_preexec_close = false,
180 .case_sensitive = Auto,
181 .preserve_case = true,
182 .short_preserve_case = true,
183 .hide_dot_files = true,
184 .hide_special_files = false,
185 .hide_unreadable = false,
186 .hide_unwriteable_files = false,
188 .access_based_share_enum = false,
193 .administrative_share = false,
196 .print_notify_backchannel = false,
200 .store_dos_attributes = true,
201 .smbd_max_xattr_size = 65536,
202 .dmapi_support = false,
204 .strict_locking = Auto,
205 .posix_locking = true,
207 .kernel_oplocks = false,
208 .level2_oplocks = true,
209 .mangled_names = MANGLED_NAMES_ILLEGAL,
211 .follow_symlinks = true,
212 .sync_always = false,
213 .strict_allocate = false,
214 .strict_rename = false,
216 .mangling_char = '~',
218 .delete_readonly = false,
219 .fake_oplocks = false,
220 .delete_veto_files = false,
221 .dos_filemode = false,
222 .dos_filetimes = true,
223 .dos_filetime_resolution = false,
224 .fake_directory_create_times = false,
225 .blocking_locks = true,
226 .inherit_permissions = false,
227 .inherit_acls = false,
228 .inherit_owner = false,
230 .msdfs_shuffle_referrals = false,
231 .use_client_driver = false,
232 .default_devmode = true,
233 .force_printername = false,
234 .nt_acl_support = true,
235 .force_unknown_acl_user = false,
236 ._use_sendfile = false,
237 .map_acl_inherit = false,
240 .acl_check_permissions = true,
241 .acl_map_full_control = true,
242 .acl_group_control = false,
243 .acl_allow_execute_always = false,
244 .acl_flag_inherited_canonicalization = true,
247 .map_readonly = MAP_READONLY_NO,
248 .directory_name_cache_size = 100,
249 .server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
250 .kernel_share_modes = true,
251 .durable_handles = true,
252 .check_parent_directory_delete_on_close = false,
254 .smbd_search_ask_sharemode = true,
255 .smbd_getinfo_ask_sharemode = true,
256 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
257 .honor_change_notify_privilege = false,
262 * This is a copy of the default service structure. Service options in the
263 * global section would otherwise overwrite the initial default values.
265 static struct loadparm_service sDefault;
267 /* local variables */
268 static struct loadparm_service **ServicePtrs = NULL;
269 static int iNumServices = 0;
270 static int iServiceIndex = 0;
271 static struct db_context *ServiceHash;
272 static bool bInGlobalSection = true;
273 static bool bGlobalOnly = false;
274 static struct file_lists *file_lists = NULL;
275 static unsigned int *flags_list = NULL;
277 static void set_allowed_client_auth(void);
279 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
280 static void free_param_opts(struct parmlist_entry **popts);
283 * Function to return the default value for the maximum number of open
284 * file descriptors permitted. This function tries to consult the
285 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
286 * the smaller of those.
288 static int max_open_files(void)
290 int sysctl_max = MAX_OPEN_FILES;
291 int rlimit_max = MAX_OPEN_FILES;
293 #ifdef HAVE_SYSCTLBYNAME
295 size_t size = sizeof(sysctl_max);
296 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
301 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
307 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
308 rlimit_max = rl.rlim_cur;
310 #if defined(RLIM_INFINITY)
311 if(rl.rlim_cur == RLIM_INFINITY)
312 rlimit_max = MAX_OPEN_FILES;
317 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
318 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
319 "minimum Windows limit (%d)\n",
321 MIN_OPEN_FILES_WINDOWS));
322 sysctl_max = MIN_OPEN_FILES_WINDOWS;
325 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
326 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
327 "minimum Windows limit (%d)\n",
329 MIN_OPEN_FILES_WINDOWS));
330 rlimit_max = MIN_OPEN_FILES_WINDOWS;
333 return MIN(sysctl_max, rlimit_max);
337 * Common part of freeing allocated data for one parameter.
339 static void free_one_parameter_common(void *parm_ptr,
340 struct parm_struct parm)
342 if ((parm.type == P_STRING) ||
343 (parm.type == P_USTRING))
345 lpcfg_string_free((char**)parm_ptr);
346 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
347 TALLOC_FREE(*((char***)parm_ptr));
352 * Free the allocated data for one parameter for a share
353 * given as a service struct.
355 static void free_one_parameter(struct loadparm_service *service,
356 struct parm_struct parm)
360 if (parm.p_class != P_LOCAL) {
364 parm_ptr = lp_parm_ptr(service, &parm);
366 free_one_parameter_common(parm_ptr, parm);
370 * Free the allocated parameter data of a share given
371 * as a service struct.
373 static void free_parameters(struct loadparm_service *service)
377 for (i=0; parm_table[i].label; i++) {
378 free_one_parameter(service, parm_table[i]);
383 * Free the allocated data for one parameter for a given share
384 * specified by an snum.
386 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
391 parm_ptr = lp_parm_ptr(NULL, &parm);
392 } else if (parm.p_class != P_LOCAL) {
395 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
398 free_one_parameter_common(parm_ptr, parm);
402 * Free the allocated parameter data for a share specified
405 static void free_parameters_by_snum(int snum)
409 for (i=0; parm_table[i].label; i++) {
410 free_one_parameter_by_snum(snum, parm_table[i]);
415 * Free the allocated global parameters.
417 static void free_global_parameters(void)
420 struct parm_struct *parm;
422 free_param_opts(&Globals.param_opt);
423 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
425 /* Reset references in the defaults because the context is going to be freed */
426 for (i=0; parm_table[i].label; i++) {
427 parm = &parm_table[i];
428 if ((parm->type == P_STRING) ||
429 (parm->type == P_USTRING)) {
430 if ((parm->def.svalue != NULL) &&
431 (*(parm->def.svalue) != '\0')) {
432 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
433 parm->def.svalue = NULL;
438 TALLOC_FREE(Globals.ctx);
441 struct lp_stored_option {
442 struct lp_stored_option *prev, *next;
447 static struct lp_stored_option *stored_options;
450 save options set by lp_set_cmdline() into a list. This list is
451 re-applied when we do a globals reset, so that cmdline set options
452 are sticky across reloads of smb.conf
454 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
456 struct lp_stored_option *entry, *entry_next;
457 for (entry = stored_options; entry != NULL; entry = entry_next) {
458 entry_next = entry->next;
459 if (strcmp(pszParmName, entry->label) == 0) {
460 DLIST_REMOVE(stored_options, entry);
466 entry = talloc(NULL, struct lp_stored_option);
471 entry->label = talloc_strdup(entry, pszParmName);
477 entry->value = talloc_strdup(entry, pszParmValue);
483 DLIST_ADD_END(stored_options, entry);
488 static bool apply_lp_set_cmdline(void)
490 struct lp_stored_option *entry = NULL;
491 for (entry = stored_options; entry != NULL; entry = entry->next) {
492 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
493 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
494 entry->label, entry->value));
501 /***************************************************************************
502 Initialise the global parameter structure.
503 ***************************************************************************/
505 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
507 static bool done_init = false;
511 /* If requested to initialize only once and we've already done it... */
512 if (!reinit_globals && done_init) {
513 /* ... then we have nothing more to do */
518 /* The logfile can be set before this is invoked. Free it if so. */
519 lpcfg_string_free(&Globals.logfile);
522 free_global_parameters();
525 /* This memset and the free_global_parameters() above will
526 * wipe out smb.conf options set with lp_set_cmdline(). The
527 * apply_lp_set_cmdline() call puts these values back in the
528 * table once the defaults are set */
529 ZERO_STRUCT(Globals);
531 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
533 /* Initialize the flags list if necessary */
534 if (flags_list == NULL) {
538 for (i = 0; parm_table[i].label; i++) {
539 if ((parm_table[i].type == P_STRING ||
540 parm_table[i].type == P_USTRING))
544 (char **)lp_parm_ptr(NULL, &parm_table[i]),
550 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
551 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
553 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
555 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
557 DEBUG(3, ("Initialising global parameters\n"));
559 /* Must manually force to upper case here, as this does not go via the handler */
560 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
563 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
564 get_dyn_SMB_PASSWD_FILE());
565 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
566 get_dyn_PRIVATE_DIR());
567 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
568 get_dyn_BINDDNS_DIR());
570 /* use the new 'hash2' method by default, with a prefix of 1 */
571 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
572 Globals.mangle_prefix = 1;
574 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
576 /* using UTF8 by default allows us to support all chars */
577 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
578 DEFAULT_UNIX_CHARSET);
580 /* Use codepage 850 as a default for the dos character set */
581 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
582 DEFAULT_DOS_CHARSET);
585 * Allow the default PASSWD_CHAT to be overridden in local.h.
587 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
588 DEFAULT_PASSWD_CHAT);
590 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
592 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
593 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
595 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
597 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
599 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
601 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
604 * By default support explicit binding to broadcast
607 Globals.nmbd_bind_explicit_broadcast = true;
609 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
611 smb_panic("init_globals: ENOMEM");
613 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
616 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
617 "/bin/sleep 999999999");
620 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
621 DEFAULT_SOCKET_OPTIONS);
623 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
624 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
625 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
626 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
627 "\\\\%N\\%U\\profile");
629 Globals.name_resolve_order =
630 str_list_make_v3_const(Globals.ctx,
631 DEFAULT_NAME_RESOLVE_ORDER,
633 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
635 Globals.algorithmic_rid_base = BASE_RID;
637 Globals.load_printers = true;
638 Globals.printcap_cache_time = 750; /* 12.5 minutes */
640 Globals.config_backend = config_backend;
641 Globals._server_role = ROLE_AUTO;
643 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
644 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
645 Globals.max_xmit = 0x4104;
646 Globals.max_mux = 50; /* This is *needed* for profile support. */
647 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
648 Globals._disable_spoolss = false;
649 Globals.max_smbd_processes = 0;/* no limit specified */
650 Globals.username_level = 0;
651 Globals.deadtime = 10080;
652 Globals.getwd_cache = true;
653 Globals.large_readwrite = true;
654 Globals.max_log_size = 5000;
655 Globals.max_open_files = max_open_files();
656 Globals.server_max_protocol = PROTOCOL_SMB3_11;
657 Globals.server_min_protocol = PROTOCOL_SMB2_02;
658 Globals._client_max_protocol = PROTOCOL_DEFAULT;
659 Globals.client_min_protocol = PROTOCOL_SMB2_02;
660 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
661 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
662 Globals._security = SEC_AUTO;
663 Globals.encrypt_passwords = true;
664 Globals.client_schannel = true;
665 Globals.winbind_sealed_pipes = true;
666 Globals.require_strong_key = true;
667 Globals.reject_md5_servers = true;
668 Globals.server_schannel = true;
669 Globals.server_schannel_require_seal = true;
670 Globals.reject_md5_clients = true;
671 Globals.read_raw = true;
672 Globals.write_raw = true;
673 Globals.null_passwords = false;
674 Globals.old_password_allowed_period = 60;
675 Globals.obey_pam_restrictions = false;
677 Globals.syslog_only = false;
678 Globals.timestamp_logs = true;
679 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
680 Globals.debug_prefix_timestamp = false;
681 Globals.debug_hires_timestamp = true;
682 Globals.debug_pid = false;
683 Globals.debug_uid = false;
684 Globals.debug_class = false;
685 Globals.enable_core_files = true;
686 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
687 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
688 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
689 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
690 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
691 Globals.lm_interval = 60;
692 Globals.time_server = false;
693 Globals.bind_interfaces_only = false;
694 Globals.unix_password_sync = false;
695 Globals.pam_password_change = false;
696 Globals.passwd_chat_debug = false;
697 Globals.passwd_chat_timeout = 2; /* 2 second default. */
698 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
699 Globals.nt_status_support = true; /* Use NT status by default. */
700 Globals.smbd_profiling_level = 0;
701 Globals.stat_cache = true; /* use stat cache by default */
702 Globals.max_stat_cache_size = 512; /* 512k by default */
703 Globals.restrict_anonymous = 0;
704 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
705 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
706 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
707 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
708 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
709 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
710 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
712 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
714 Globals.map_to_guest = 0; /* By Default, "Never" */
715 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
716 Globals.enhanced_browsing = true;
717 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
718 Globals.use_mmap = true;
719 Globals.unicode = true;
720 Globals.unix_extensions = true;
721 Globals.reset_on_zero_vc = false;
722 Globals.log_writeable_files_on_exit = false;
723 Globals.create_krb5_conf = true;
724 Globals.include_system_krb5_conf = true;
725 Globals._winbind_max_domain_connections = 1;
727 /* hostname lookups can be very expensive and are broken on
728 a large number of sites (tridge) */
729 Globals.hostname_lookups = false;
731 Globals.change_notify = true,
732 Globals.kernel_change_notify = true,
734 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
735 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
738 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
739 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
741 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
742 Globals.ldap_ssl = LDAP_SSL_START_TLS;
743 Globals.ldap_deref = -1;
744 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
745 Globals.ldap_delete_dn = false;
746 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
747 Globals.ldap_follow_referral = Auto;
748 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
749 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
750 Globals.ldap_page_size = LDAP_PAGE_SIZE;
752 Globals.ldap_debug_level = 0;
753 Globals.ldap_debug_threshold = 10;
755 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
757 Globals.ldap_server_require_strong_auth =
758 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
760 /* This is what we tell the afs client. in reality we set the token
761 * to never expire, though, when this runs out the afs client will
762 * forget the token. Set to 0 to get NEVERDATE.*/
763 Globals.afs_token_lifetime = 604800;
764 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
766 /* these parameters are set to defaults that are more appropriate
767 for the increasing samba install base:
769 as a member of the workgroup, that will possibly become a
770 _local_ master browser (lm = true). this is opposed to a forced
771 local master browser startup (pm = true).
773 doesn't provide WINS server service by default (wsupp = false),
774 and doesn't provide domain master browser services by default, either.
778 Globals.show_add_printer_wizard = true;
779 Globals.os_level = 20;
780 Globals.local_master = true;
781 Globals._domain_master = Auto; /* depending on _domain_logons */
782 Globals._domain_logons = false;
783 Globals.browse_list = true;
784 Globals.we_are_a_wins_server = false;
785 Globals.wins_proxy = false;
787 TALLOC_FREE(Globals.init_logon_delayed_hosts);
788 Globals.init_logon_delay = 100; /* 100 ms default delay */
790 Globals.wins_dns_proxy = true;
792 Globals.allow_trusted_domains = true;
793 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
795 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
796 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
798 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
799 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
800 dyn_WINBINDD_SOCKET_DIR);
802 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
803 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
805 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
807 Globals.cluster_addresses = NULL;
808 Globals.clustering = false;
809 Globals.ctdb_timeout = 0;
810 Globals.ctdb_locktime_warn_threshold = 0;
812 Globals.winbind_cache_time = 300; /* 5 minutes */
813 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
814 Globals.winbind_request_timeout = 60; /* 60 seconds */
815 Globals.winbind_max_clients = 200;
816 Globals.winbind_enum_users = false;
817 Globals.winbind_enum_groups = false;
818 Globals.winbind_use_default_domain = false;
819 Globals.winbind_nested_groups = true;
820 Globals.winbind_expand_groups = 0;
821 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
822 Globals.winbind_refresh_tickets = false;
823 Globals.winbind_offline_logon = false;
824 Globals.winbind_scan_trusted_domains = false;
826 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
827 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
829 Globals.passdb_expand_explicit = false;
831 Globals.name_cache_timeout = 660; /* In seconds */
833 Globals.client_use_spnego = true;
835 Globals.client_signing = SMB_SIGNING_DEFAULT;
836 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
837 Globals.server_signing = SMB_SIGNING_DEFAULT;
839 Globals.defer_sharing_violations = true;
840 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
842 Globals.enable_privileges = true;
843 Globals.host_msdfs = true;
844 Globals.enable_asu_support = false;
846 /* User defined shares. */
847 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
849 smb_panic("init_globals: ENOMEM");
851 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
853 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
854 Globals.usershare_max_shares = 0;
855 /* By default disallow sharing of directories not owned by the sharer. */
856 Globals.usershare_owner_only = true;
857 /* By default disallow guest access to usershares. */
858 Globals.usershare_allow_guests = false;
860 Globals.keepalive = DEFAULT_KEEPALIVE;
862 /* By default no shares out of the registry */
863 Globals.registry_shares = false;
865 Globals.min_receivefile_size = 0;
867 Globals.multicast_dns_register = true;
869 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
870 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
871 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
872 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
873 Globals.smb2_leases = true;
874 Globals.server_multi_channel_support = true;
876 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
877 get_dyn_NCALRPCDIR());
879 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
881 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
883 Globals.tls_enabled = true;
884 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
886 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
887 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
888 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
889 lpcfg_string_set(Globals.ctx,
890 &Globals.tls_priority,
891 "NORMAL:-VERS-SSL3.0");
893 Globals._preferred_master = Auto;
895 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
896 Globals.dns_zone_scavenging = false;
898 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
899 get_dyn_NTP_SIGND_SOCKET_DIR());
901 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
903 smb_panic("init_globals: ENOMEM");
905 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
909 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
912 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
914 smb_panic("init_globals: ENOMEM");
916 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
919 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
921 smb_panic("init_globals: ENOMEM");
923 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
926 Globals.apply_group_policies = false;
928 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
930 smb_panic("init_globals: ENOMEM");
932 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
935 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
937 Globals.cldap_port = 389;
939 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
941 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
943 Globals.krb5_port = 88;
945 Globals.kpasswd_port = 464;
947 Globals.aio_max_threads = 100;
949 lpcfg_string_set(Globals.ctx,
950 &Globals.rpc_server_dynamic_port_range,
952 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
953 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
954 Globals.prefork_children = 4;
955 Globals.prefork_backoff_increment = 10;
956 Globals.prefork_maximum_backoff = 120;
958 Globals.ldap_max_anonymous_request_size = 256000;
959 Globals.ldap_max_authenticated_request_size = 16777216;
960 Globals.ldap_max_search_request_size = 256000;
962 /* Async DNS query timeout (in seconds). */
963 Globals.async_dns_timeout = 10;
965 Globals.client_smb_encrypt = SMB_ENCRYPTION_DEFAULT;
967 Globals._client_use_kerberos = CRED_USE_KERBEROS_DESIRED;
969 Globals.client_protection = CRED_CLIENT_PROTECTION_DEFAULT;
971 Globals.winbind_use_krb5_enterprise_principals = true;
973 Globals.client_smb3_signing_algorithms =
974 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
975 Globals.server_smb3_signing_algorithms =
976 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
978 Globals.client_smb3_encryption_algorithms =
979 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
980 Globals.server_smb3_encryption_algorithms =
981 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
983 Globals.min_domain_uid = 1000;
985 /* Now put back the settings that were set with lp_set_cmdline() */
986 apply_lp_set_cmdline();
989 /* Convenience routine to setup an lp_context with additional s3 variables */
990 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
992 struct loadparm_context *lp_ctx;
994 lp_ctx = loadparm_init_s3(mem_ctx,
995 loadparm_s3_helpers());
996 if (lp_ctx == NULL) {
997 DEBUG(0, ("loadparm_init_s3 failed\n"));
1001 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
1002 if (lp_ctx->sDefault == NULL) {
1003 DBG_ERR("talloc_zero failed\n");
1004 TALLOC_FREE(lp_ctx);
1008 *lp_ctx->sDefault = _sDefault;
1009 lp_ctx->services = NULL; /* We do not want to access this directly */
1010 lp_ctx->bInGlobalSection = bInGlobalSection;
1011 lp_ctx->flags = flags_list;
1016 /*******************************************************************
1017 Convenience routine to grab string parameters into talloced memory
1018 and run standard_sub_basic on them. The buffers can be written to by
1019 callers without affecting the source string.
1020 ********************************************************************/
1022 static char *loadparm_s3_global_substitution_fn(
1023 TALLOC_CTX *mem_ctx,
1024 const struct loadparm_substitution *lp_sub,
1030 /* The follow debug is useful for tracking down memory problems
1031 especially if you have an inner loop that is calling a lp_*()
1032 function that returns a string. Perhaps this debug should be
1033 present all the time? */
1036 DEBUG(10, ("lp_string(%s)\n", s));
1042 ret = talloc_sub_basic(mem_ctx,
1043 get_current_username(),
1044 current_user_info.domain,
1046 if (trim_char(ret, '\"', '\"')) {
1047 if (strchr(ret,'\"') != NULL) {
1049 ret = talloc_sub_basic(mem_ctx,
1050 get_current_username(),
1051 current_user_info.domain,
1058 static const struct loadparm_substitution s3_global_substitution = {
1059 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1062 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1064 return &s3_global_substitution;
1068 In this section all the functions that are used to access the
1069 parameters from the rest of the program are defined
1072 #define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
1073 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
1074 {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
1075 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1076 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1077 #define FN_GLOBAL_LIST(fn_name,ptr) \
1078 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1079 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1080 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1081 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1082 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1083 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1084 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1086 #define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
1087 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
1088 {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1089 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1090 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1091 #define FN_LOCAL_LIST(fn_name,val) \
1092 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1093 #define FN_LOCAL_BOOL(fn_name,val) \
1094 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1095 #define FN_LOCAL_INTEGER(fn_name,val) \
1096 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1098 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1099 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1100 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1101 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1102 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1103 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1105 int lp_winbind_max_domain_connections(void)
1107 if (lp_winbind_offline_logon() &&
1108 lp__winbind_max_domain_connections() > 1) {
1109 DEBUG(1, ("offline logons active, restricting max domain "
1110 "connections to 1\n"));
1113 return MAX(1, lp__winbind_max_domain_connections());
1116 /* These functions remain in source3/param for now */
1118 #include "lib/param/param_functions.c"
1120 FN_LOCAL_SUBSTITUTED_STRING(servicename, szService)
1121 FN_LOCAL_CONST_STRING(const_servicename, szService)
1123 /* These functions cannot be auto-generated */
1124 FN_LOCAL_BOOL(autoloaded, autoloaded)
1125 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1127 /* local prototypes */
1129 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1130 static const char *get_boolean(bool bool_value);
1131 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1133 static bool hash_a_service(const char *name, int number);
1134 static void free_service_byindex(int iService);
1135 static void show_parameter(int parmIndex);
1136 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1137 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1140 * This is a helper function for parametrical options support. It returns a
1141 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1142 * parametrical functions are quite simple
1144 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1147 if (snum >= iNumServices) return NULL;
1150 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1152 return get_parametric_helper(ServicePtrs[snum],
1153 type, option, Globals.param_opt);
1157 static void discard_whitespace(char *str)
1159 size_t len = strlen(str);
1163 if (isspace(str[i])) {
1164 memmove(&str[i], &str[i+1], len-i);
1173 * @brief Go through all global parametric parameters
1175 * @param regex_str A regular expression to scan param for
1176 * @param max_matches Max number of submatches the regexp expects
1177 * @param cb Function to call on match. Should return true
1178 * when it wants wi_scan_global_parametrics to stop
1180 * @param private_data Anonymous pointer passed to cb
1182 * @return 0: success, regcomp/regexec return value on error.
1183 * See "man regexec" for possible errors
1186 int lp_wi_scan_global_parametrics(
1187 const char *regex_str, size_t max_matches,
1188 bool (*cb)(const char *string, regmatch_t matches[],
1189 void *private_data),
1192 struct parmlist_entry *data;
1196 ret = regcomp(®ex, regex_str, REG_ICASE);
1201 for (data = Globals.param_opt; data != NULL; data = data->next) {
1202 size_t keylen = strlen(data->key);
1204 regmatch_t matches[max_matches];
1207 memcpy(key, data->key, sizeof(key));
1208 discard_whitespace(key);
1210 ret = regexec(®ex, key, max_matches, matches, 0);
1211 if (ret == REG_NOMATCH) {
1218 stop = cb(key, matches, private_data);
1231 #define MISSING_PARAMETER(name) \
1232 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1234 /*******************************************************************
1235 convenience routine to return enum parameters.
1236 ********************************************************************/
1237 static int lp_enum(const char *s,const struct enum_list *_enum)
1241 if (!s || !*s || !_enum) {
1242 MISSING_PARAMETER(lp_enum);
1246 for (i=0; _enum[i].name; i++) {
1247 if (strequal(_enum[i].name,s))
1248 return _enum[i].value;
1251 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1255 #undef MISSING_PARAMETER
1257 /* Return parametric option from a given service. Type is a part of option before ':' */
1258 /* Parametric option has following syntax: 'Type: option = value' */
1259 char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
1260 const struct loadparm_substitution *lp_sub,
1266 struct parmlist_entry *data = get_parametrics(snum, type, option);
1268 SMB_ASSERT(lp_sub != NULL);
1270 if (data == NULL||data->value==NULL) {
1272 return lpcfg_substituted_string(mem_ctx, lp_sub, def);
1278 return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
1281 /* Return parametric option from a given service. Type is a part of option before ':' */
1282 /* Parametric option has following syntax: 'Type: option = value' */
1283 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1285 struct parmlist_entry *data = get_parametrics(snum, type, option);
1287 if (data == NULL||data->value==NULL)
1294 /* Return parametric option from a given service. Type is a part of option before ':' */
1295 /* Parametric option has following syntax: 'Type: option = value' */
1297 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1299 struct parmlist_entry *data = get_parametrics(snum, type, option);
1301 if (data == NULL||data->value==NULL)
1302 return (const char **)def;
1304 if (data->list==NULL) {
1305 data->list = str_list_make_v3(NULL, data->value, NULL);
1308 return discard_const_p(const char *, data->list);
1311 /* Return parametric option from a given service. Type is a part of option before ':' */
1312 /* Parametric option has following syntax: 'Type: option = value' */
1314 int lp_parm_int(int snum, const char *type, const char *option, int def)
1316 struct parmlist_entry *data = get_parametrics(snum, type, option);
1318 if (data && data->value && *data->value)
1319 return lp_int(data->value);
1324 /* Return parametric option from a given service. Type is a part of option before ':' */
1325 /* Parametric option has following syntax: 'Type: option = value' */
1327 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1329 struct parmlist_entry *data = get_parametrics(snum, type, option);
1331 if (data && data->value && *data->value)
1332 return lp_ulong(data->value);
1337 /* Return parametric option from a given service. Type is a part of option before ':' */
1338 /* Parametric option has following syntax: 'Type: option = value' */
1340 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1341 const char *option, unsigned long long def)
1343 struct parmlist_entry *data = get_parametrics(snum, type, option);
1345 if (data && data->value && *data->value) {
1346 return lp_ulonglong(data->value);
1352 /* Return parametric option from a given service. Type is a part of option
1354 /* Parametric option has following syntax: 'Type: option = value' */
1356 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1358 struct parmlist_entry *data = get_parametrics(snum, type, option);
1360 if (data && data->value && *data->value)
1361 return lp_bool(data->value);
1366 /* Return parametric option from a given service. Type is a part of option before ':' */
1367 /* Parametric option has following syntax: 'Type: option = value' */
1369 int lp_parm_enum(int snum, const char *type, const char *option,
1370 const struct enum_list *_enum, int def)
1372 struct parmlist_entry *data = get_parametrics(snum, type, option);
1374 if (data && data->value && *data->value && _enum)
1375 return lp_enum(data->value, _enum);
1381 * free a param_opts structure.
1382 * param_opts handling should be moved to talloc;
1383 * then this whole functions reduces to a TALLOC_FREE().
1386 static void free_param_opts(struct parmlist_entry **popts)
1388 struct parmlist_entry *opt, *next_opt;
1390 if (*popts != NULL) {
1391 DEBUG(5, ("Freeing parametrics:\n"));
1394 while (opt != NULL) {
1395 lpcfg_string_free(&opt->key);
1396 lpcfg_string_free(&opt->value);
1397 TALLOC_FREE(opt->list);
1398 next_opt = opt->next;
1405 /***************************************************************************
1406 Free the dynamically allocated parts of a service struct.
1407 ***************************************************************************/
1409 static void free_service(struct loadparm_service *pservice)
1414 if (pservice->szService)
1415 DEBUG(5, ("free_service: Freeing service %s\n",
1416 pservice->szService));
1418 free_parameters(pservice);
1420 lpcfg_string_free(&pservice->szService);
1421 TALLOC_FREE(pservice->copymap);
1423 free_param_opts(&pservice->param_opt);
1425 ZERO_STRUCTP(pservice);
1429 /***************************************************************************
1430 remove a service indexed in the ServicePtrs array from the ServiceHash
1431 and free the dynamically allocated parts
1432 ***************************************************************************/
1434 static void free_service_byindex(int idx)
1436 if ( !LP_SNUM_OK(idx) )
1439 ServicePtrs[idx]->valid = false;
1441 /* we have to cleanup the hash record */
1443 if (ServicePtrs[idx]->szService) {
1444 char *canon_name = canonicalize_servicename(
1446 ServicePtrs[idx]->szService );
1448 dbwrap_delete_bystring(ServiceHash, canon_name );
1449 TALLOC_FREE(canon_name);
1452 free_service(ServicePtrs[idx]);
1453 TALLOC_FREE(ServicePtrs[idx]);
1456 /***************************************************************************
1457 Add a new service to the services array initialising it with the given
1459 ***************************************************************************/
1461 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1464 struct loadparm_service **tsp = NULL;
1466 /* it might already exist */
1468 i = getservicebyname(name, NULL);
1474 /* Re use empty slots if any before allocating new one.*/
1475 for (i=0; i < iNumServices; i++) {
1476 if (ServicePtrs[i] == NULL) {
1480 if (i == iNumServices) {
1481 /* if not, then create one */
1482 tsp = talloc_realloc(NULL, ServicePtrs,
1483 struct loadparm_service *,
1486 DEBUG(0, ("add_a_service: failed to enlarge "
1493 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1494 if (!ServicePtrs[i]) {
1495 DEBUG(0,("add_a_service: out of memory!\n"));
1499 ServicePtrs[i]->valid = true;
1501 copy_service(ServicePtrs[i], pservice, NULL);
1503 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1506 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1507 i, ServicePtrs[i]->szService));
1509 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1516 /***************************************************************************
1517 Convert a string to uppercase and remove whitespaces.
1518 ***************************************************************************/
1520 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1525 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1529 result = talloc_strdup(ctx, src);
1530 SMB_ASSERT(result != NULL);
1532 if (!strlower_m(result)) {
1533 TALLOC_FREE(result);
1539 /***************************************************************************
1540 Add a name/index pair for the services array to the hash table.
1541 ***************************************************************************/
1543 static bool hash_a_service(const char *name, int idx)
1547 if ( !ServiceHash ) {
1548 DEBUG(10,("hash_a_service: creating servicehash\n"));
1549 ServiceHash = db_open_rbt(NULL);
1550 if ( !ServiceHash ) {
1551 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1556 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1559 canon_name = canonicalize_servicename(talloc_tos(), name );
1561 dbwrap_store_bystring(ServiceHash, canon_name,
1562 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1565 TALLOC_FREE(canon_name);
1570 /***************************************************************************
1571 Add a new home service, with the specified home directory, defaults coming
1573 ***************************************************************************/
1575 bool lp_add_home(const char *pszHomename, int iDefaultService,
1576 const char *user, const char *pszHomedir)
1578 const struct loadparm_substitution *lp_sub =
1579 loadparm_s3_global_substitution();
1583 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1584 pszHomedir[0] == '\0') {
1588 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1593 global_path = lp_path(talloc_tos(), lp_sub, GLOBAL_SECTION_SNUM);
1594 if (!(*(ServicePtrs[iDefaultService]->path))
1595 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1596 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1599 TALLOC_FREE(global_path);
1601 if (!(*(ServicePtrs[i]->comment))) {
1602 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1603 if (comment == NULL) {
1606 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1608 TALLOC_FREE(comment);
1611 /* set the browseable flag from the global default */
1613 ServicePtrs[i]->browseable = sDefault.browseable;
1614 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1616 ServicePtrs[i]->autoloaded = true;
1618 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1619 user, ServicePtrs[i]->path ));
1624 /***************************************************************************
1625 Add a new service, based on an old one.
1626 ***************************************************************************/
1628 int lp_add_service(const char *pszService, int iDefaultService)
1630 if (iDefaultService < 0) {
1631 return add_a_service(&sDefault, pszService);
1634 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1637 /***************************************************************************
1638 Add the IPC service.
1639 ***************************************************************************/
1641 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1643 char *comment = NULL;
1644 int i = add_a_service(&sDefault, ipc_name);
1649 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1650 Globals.server_string);
1651 if (comment == NULL) {
1655 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1656 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1657 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1658 ServicePtrs[i]->max_connections = 0;
1659 ServicePtrs[i]->available = true;
1660 ServicePtrs[i]->read_only = true;
1661 ServicePtrs[i]->guest_only = false;
1662 ServicePtrs[i]->administrative_share = true;
1663 ServicePtrs[i]->guest_ok = guest_ok;
1664 ServicePtrs[i]->printable = false;
1665 ServicePtrs[i]->browseable = sDefault.browseable;
1666 ServicePtrs[i]->autoloaded = false;
1668 DEBUG(3, ("adding IPC service\n"));
1670 TALLOC_FREE(comment);
1674 /***************************************************************************
1675 Add a new printer service, with defaults coming from service iFrom.
1676 ***************************************************************************/
1678 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1680 const char *comment = "From Printcap";
1681 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1686 /* note that we do NOT default the availability flag to true - */
1687 /* we take it from the default service passed. This allows all */
1688 /* dynamic printers to be disabled by disabling the [printers] */
1689 /* entry (if/when the 'available' keyword is implemented!). */
1691 /* the printer name is set to the service name. */
1692 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1694 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1696 /* set the browseable flag from the gloabl default */
1697 ServicePtrs[i]->browseable = sDefault.browseable;
1699 /* Printers cannot be read_only. */
1700 ServicePtrs[i]->read_only = false;
1701 /* No oplocks on printer services. */
1702 ServicePtrs[i]->oplocks = false;
1703 /* Printer services must be printable. */
1704 ServicePtrs[i]->printable = true;
1706 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1712 /***************************************************************************
1713 Check whether the given parameter name is valid.
1714 Parametric options (names containing a colon) are considered valid.
1715 ***************************************************************************/
1717 bool lp_parameter_is_valid(const char *pszParmName)
1719 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1720 (strchr(pszParmName, ':') != NULL));
1723 /***************************************************************************
1724 Check whether the given name is the name of a global parameter.
1725 Returns true for strings belonging to parameters of class
1726 P_GLOBAL, false for all other strings, also for parametric options
1727 and strings not belonging to any option.
1728 ***************************************************************************/
1730 bool lp_parameter_is_global(const char *pszParmName)
1732 int num = lpcfg_map_parameter(pszParmName);
1735 return (parm_table[num].p_class == P_GLOBAL);
1741 /**************************************************************************
1742 Determine the canonical name for a parameter.
1743 Indicate when it is an inverse (boolean) synonym instead of a
1745 **************************************************************************/
1747 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1752 if (!lp_parameter_is_valid(parm_name)) {
1757 num = map_parameter_canonical(parm_name, inverse);
1759 /* parametric option */
1760 *canon_parm = parm_name;
1762 *canon_parm = parm_table[num].label;
1769 /**************************************************************************
1770 Determine the canonical name for a parameter.
1771 Turn the value given into the inverse boolean expression when
1772 the synonym is an invers boolean synonym.
1775 - parm_name is a valid parameter name and
1776 - val is a valid value for this parameter and
1777 - in case the parameter is an inverse boolean synonym, if the val
1778 string could successfully be converted to the reverse bool.
1779 Return false in all other cases.
1780 **************************************************************************/
1782 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1784 const char **canon_parm,
1785 const char **canon_val)
1791 if (!lp_parameter_is_valid(parm_name)) {
1797 num = map_parameter_canonical(parm_name, &inverse);
1799 /* parametric option */
1800 *canon_parm = parm_name;
1805 *canon_parm = parm_table[num].label;
1807 if (!lp_invert_boolean(val, canon_val)) {
1815 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1820 /***************************************************************************
1821 Map a parameter's string representation to the index of the canonical
1822 form of the parameter (it might be a synonym).
1823 Returns -1 if the parameter string is not recognised.
1824 ***************************************************************************/
1826 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1828 int parm_num, canon_num;
1829 bool loc_inverse = false;
1831 parm_num = lpcfg_map_parameter(pszParmName);
1832 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1833 /* invalid, parametric or no canidate for synonyms ... */
1837 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1838 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1839 parm_num = canon_num;
1845 if (inverse != NULL) {
1846 *inverse = loc_inverse;
1851 /***************************************************************************
1852 return true if parameter number parm1 is a synonym of parameter
1853 number parm2 (parm2 being the principal name).
1854 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1856 ***************************************************************************/
1858 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1860 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1861 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1862 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1863 !(parm_table[parm2].flags & FLAG_SYNONYM))
1865 if (inverse != NULL) {
1866 if ((parm_table[parm1].type == P_BOOLREV) &&
1867 (parm_table[parm2].type == P_BOOL))
1879 /***************************************************************************
1880 Show one parameter's name, type, [values,] and flags.
1881 (helper functions for show_parameter_list)
1882 ***************************************************************************/
1884 static void show_parameter(int parmIndex)
1886 size_t enumIndex, flagIndex;
1891 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1892 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1893 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1894 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1895 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1897 printf("%s=%s", parm_table[parmIndex].label,
1898 type[parm_table[parmIndex].type]);
1899 if (parm_table[parmIndex].type == P_ENUM) {
1902 parm_table[parmIndex].enum_list[enumIndex].name;
1906 enumIndex ? "|" : "",
1907 parm_table[parmIndex].enum_list[enumIndex].name);
1912 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1913 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1916 flag_names[flagIndex]);
1921 /* output synonyms */
1923 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1924 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1925 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1926 parm_table[parmIndex2].label);
1927 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1929 printf(" (synonyms: ");
1934 printf("%s%s", parm_table[parmIndex2].label,
1935 inverse ? "[i]" : "");
1946 * Check the value for a P_ENUM
1948 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1952 for (i = 0; parm->enum_list[i].name; i++) {
1953 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1960 /**************************************************************************
1961 Check whether the given value is valid for the given parameter name.
1962 **************************************************************************/
1964 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1966 bool ret = false, tmp_bool;
1967 int num = lpcfg_map_parameter(parm_name), tmp_int;
1968 uint64_t tmp_int64 = 0;
1969 struct parm_struct *parm;
1971 /* parametric options (parameter names containing a colon) cannot
1972 be checked and are therefore considered valid. */
1973 if (strchr(parm_name, ':') != NULL) {
1978 parm = &parm_table[num];
1979 switch (parm->type) {
1982 ret = set_boolean(val, &tmp_bool);
1986 ret = (sscanf(val, "%d", &tmp_int) == 1);
1990 ret = (sscanf(val, "%o", &tmp_int) == 1);
1994 ret = check_enum_parameter(parm, val);
1998 if (conv_str_size_error(val, &tmp_int64) &&
1999 tmp_int64 <= INT_MAX) {
2016 /***************************************************************************
2017 Show all parameter's name, type, [values,] and flags.
2018 ***************************************************************************/
2020 void show_parameter_list(void)
2022 int classIndex, parmIndex;
2023 const char *section_names[] = { "local", "global", NULL};
2025 for (classIndex=0; section_names[classIndex]; classIndex++) {
2026 printf("[%s]\n", section_names[classIndex]);
2027 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
2028 if (parm_table[parmIndex].p_class == classIndex) {
2029 show_parameter(parmIndex);
2035 /***************************************************************************
2036 Get the standard string representation of a boolean value ("yes" or "no")
2037 ***************************************************************************/
2039 static const char *get_boolean(bool bool_value)
2041 static const char *yes_str = "yes";
2042 static const char *no_str = "no";
2044 return (bool_value ? yes_str : no_str);
2047 /***************************************************************************
2048 Provide the string of the negated boolean value associated to the boolean
2049 given as a string. Returns false if the passed string does not correctly
2050 represent a boolean.
2051 ***************************************************************************/
2053 bool lp_invert_boolean(const char *str, const char **inverse_str)
2057 if (!set_boolean(str, &val)) {
2061 *inverse_str = get_boolean(!val);
2065 /***************************************************************************
2066 Provide the canonical string representation of a boolean value given
2067 as a string. Return true on success, false if the string given does
2068 not correctly represent a boolean.
2069 ***************************************************************************/
2071 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2075 if (!set_boolean(str, &val)) {
2079 *canon_str = get_boolean(val);
2083 /***************************************************************************
2084 Find a service by name. Otherwise works like get_service.
2085 ***************************************************************************/
2087 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2094 if (ServiceHash == NULL) {
2098 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2100 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2103 if (NT_STATUS_IS_OK(status) &&
2104 (data.dptr != NULL) &&
2105 (data.dsize == sizeof(iService)))
2107 memcpy(&iService, data.dptr, sizeof(iService));
2110 TALLOC_FREE(canon_name);
2112 if ((iService != -1) && (LP_SNUM_OK(iService))
2113 && (pserviceDest != NULL)) {
2114 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2120 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2121 struct loadparm_service *lp_service(const char *pszServiceName)
2123 int iService = getservicebyname(pszServiceName, NULL);
2124 if (iService == -1 || !LP_SNUM_OK(iService)) {
2127 return ServicePtrs[iService];
2130 struct loadparm_service *lp_servicebynum(int snum)
2132 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2135 return ServicePtrs[snum];
2138 struct loadparm_service *lp_default_loadparm_service()
2143 static struct smbconf_ctx *lp_smbconf_ctx(void)
2146 static struct smbconf_ctx *conf_ctx = NULL;
2148 if (conf_ctx == NULL) {
2149 err = smbconf_init(NULL, &conf_ctx, "registry:");
2150 if (!SBC_ERROR_IS_OK(err)) {
2151 DEBUG(1, ("error initializing registry configuration: "
2152 "%s\n", sbcErrorString(err)));
2160 static bool process_smbconf_service(struct smbconf_service *service)
2165 if (service == NULL) {
2169 ret = lp_do_section(service->name, NULL);
2173 for (count = 0; count < service->num_params; count++) {
2175 if (!bInGlobalSection && bGlobalOnly) {
2178 const char *pszParmName = service->param_names[count];
2179 const char *pszParmValue = service->param_values[count];
2181 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2183 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2184 pszParmName, pszParmValue);
2191 if (iServiceIndex >= 0) {
2192 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2198 * load a service from registry and activate it
2200 bool process_registry_service(const char *service_name)
2203 struct smbconf_service *service = NULL;
2204 TALLOC_CTX *mem_ctx = talloc_stackframe();
2205 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2208 if (conf_ctx == NULL) {
2212 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2214 if (!smbconf_share_exists(conf_ctx, service_name)) {
2216 * Registry does not contain data for this service (yet),
2217 * but make sure lp_load doesn't return false.
2223 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2224 if (!SBC_ERROR_IS_OK(err)) {
2228 ret = process_smbconf_service(service);
2234 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2237 TALLOC_FREE(mem_ctx);
2242 * process_registry_globals
2244 static bool process_registry_globals(void)
2248 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2250 if (!bInGlobalSection && bGlobalOnly) {
2253 const char *pszParmName = "registry shares";
2254 const char *pszParmValue = "yes";
2256 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2258 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2259 pszParmName, pszParmValue);
2266 return process_registry_service(GLOBAL_NAME);
2269 bool process_registry_shares(void)
2273 struct smbconf_service **service = NULL;
2274 uint32_t num_shares = 0;
2275 TALLOC_CTX *mem_ctx = talloc_stackframe();
2276 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2279 if (conf_ctx == NULL) {
2283 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2284 if (!SBC_ERROR_IS_OK(err)) {
2290 for (count = 0; count < num_shares; count++) {
2291 if (strequal(service[count]->name, GLOBAL_NAME)) {
2294 ret = process_smbconf_service(service[count]);
2301 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2304 TALLOC_FREE(mem_ctx);
2309 * reload those shares from registry that are already
2310 * activated in the services array.
2312 static bool reload_registry_shares(void)
2317 for (i = 0; i < iNumServices; i++) {
2322 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2326 ret = process_registry_service(ServicePtrs[i]->szService);
2337 #define MAX_INCLUDE_DEPTH 100
2339 static uint8_t include_depth;
2342 * Free the file lists
2344 static void free_file_list(void)
2346 struct file_lists *f;
2347 struct file_lists *next;
2360 * Utility function for outsiders to check if we're running on registry.
2362 bool lp_config_backend_is_registry(void)
2364 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2368 * Utility function to check if the config backend is FILE.
2370 bool lp_config_backend_is_file(void)
2372 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2375 /*******************************************************************
2376 Check if a config file has changed date.
2377 ********************************************************************/
2379 bool lp_file_list_changed(void)
2381 struct file_lists *f = file_lists;
2383 DEBUG(6, ("lp_file_list_changed()\n"));
2386 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2387 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2389 if (conf_ctx == NULL) {
2392 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2395 DEBUGADD(6, ("registry config changed\n"));
2402 n2 = talloc_sub_basic(talloc_tos(),
2403 get_current_username(),
2404 current_user_info.domain,
2409 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2410 f->name, n2, ctime(&f->modtime)));
2412 mod_time = file_modtime(n2);
2415 ((f->modtime != mod_time) ||
2416 (f->subfname == NULL) ||
2417 (strcmp(n2, f->subfname) != 0)))
2420 ("file %s modified: %s\n", n2,
2422 f->modtime = mod_time;
2423 TALLOC_FREE(f->subfname);
2424 f->subfname = talloc_strdup(f, n2);
2425 if (f->subfname == NULL) {
2426 smb_panic("talloc_strdup failed");
2440 * Initialize iconv conversion descriptors.
2442 * This is called the first time it is needed, and also called again
2443 * every time the configuration is reloaded, because the charset or
2444 * codepage might have changed.
2446 static void init_iconv(void)
2448 struct smb_iconv_handle *ret = NULL;
2450 ret = reinit_iconv_handle(NULL,
2454 smb_panic("reinit_iconv_handle failed");
2458 /***************************************************************************
2459 Handle the include operation.
2460 ***************************************************************************/
2461 static bool bAllowIncludeRegistry = true;
2463 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2464 const char *pszParmValue, char **ptr)
2468 if (include_depth >= MAX_INCLUDE_DEPTH) {
2469 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2474 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2475 if (!bAllowIncludeRegistry) {
2478 if (lp_ctx->bInGlobalSection) {
2481 ret = process_registry_globals();
2485 DEBUG(1, ("\"include = registry\" only effective "
2486 "in %s section\n", GLOBAL_NAME));
2491 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2492 current_user_info.domain,
2495 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2497 if (service == NULL) {
2498 lpcfg_string_set(Globals.ctx, ptr, fname);
2500 lpcfg_string_set(service, ptr, fname);
2503 if (file_exist(fname)) {
2506 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2512 DEBUG(2, ("Can't find include file %s\n", fname));
2517 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2519 char *config_option = NULL;
2520 const char *range = NULL;
2523 SMB_ASSERT(low != NULL);
2524 SMB_ASSERT(high != NULL);
2526 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2530 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2532 if (config_option == NULL) {
2533 DEBUG(0, ("out of memory\n"));
2537 range = lp_parm_const_string(-1, config_option, "range", NULL);
2538 if (range == NULL) {
2539 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2543 if (sscanf(range, "%u - %u", low, high) != 2) {
2544 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2545 range, domain_name));
2552 talloc_free(config_option);
2557 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2559 return lp_idmap_range("*", low, high);
2562 const char *lp_idmap_backend(const char *domain_name)
2564 char *config_option = NULL;
2565 const char *backend = NULL;
2567 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2571 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2573 if (config_option == NULL) {
2574 DEBUG(0, ("out of memory\n"));
2578 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2579 if (backend == NULL) {
2580 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2585 talloc_free(config_option);
2589 const char *lp_idmap_default_backend(void)
2591 return lp_idmap_backend("*");
2594 /***************************************************************************
2595 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2596 ***************************************************************************/
2598 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2600 const char *suffix_string;
2602 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2603 Globals.ldap_suffix );
2604 if ( !suffix_string ) {
2605 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2609 return suffix_string;
2612 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2614 if (Globals._ldap_machine_suffix[0])
2615 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2617 return talloc_strdup(ctx, Globals.ldap_suffix);
2620 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2622 if (Globals._ldap_user_suffix[0])
2623 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2625 return talloc_strdup(ctx, Globals.ldap_suffix);
2628 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2630 if (Globals._ldap_group_suffix[0])
2631 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2633 return talloc_strdup(ctx, Globals.ldap_suffix);
2636 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2638 if (Globals._ldap_idmap_suffix[0])
2639 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2641 return talloc_strdup(ctx, Globals.ldap_suffix);
2645 return the parameter pointer for a parameter
2647 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2649 if (service == NULL) {
2650 if (parm->p_class == P_LOCAL)
2651 return (void *)(((char *)&sDefault)+parm->offset);
2652 else if (parm->p_class == P_GLOBAL)
2653 return (void *)(((char *)&Globals)+parm->offset);
2656 return (void *)(((char *)service) + parm->offset);
2660 /***************************************************************************
2661 Process a parameter for a particular service number. If snum < 0
2662 then assume we are in the globals.
2663 ***************************************************************************/
2665 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2667 TALLOC_CTX *frame = talloc_stackframe();
2668 struct loadparm_context *lp_ctx;
2671 lp_ctx = setup_lp_context(frame);
2672 if (lp_ctx == NULL) {
2678 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2680 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2681 pszParmName, pszParmValue);
2689 /***************************************************************************
2690 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2691 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2692 ***************************************************************************/
2694 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2697 parmnum = lpcfg_map_parameter(pszParmName);
2699 flags_list[parmnum] &= ~FLAG_CMDLINE;
2700 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2703 flags_list[parmnum] |= FLAG_CMDLINE;
2705 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2706 * be grouped in the table, so we don't have to search the
2709 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2710 && parm_table[i].p_class == parm_table[parmnum].p_class;
2712 flags_list[i] |= FLAG_CMDLINE;
2714 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2715 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2716 flags_list[i] |= FLAG_CMDLINE;
2722 /* it might be parametric */
2723 if (strchr(pszParmName, ':') != NULL) {
2724 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2728 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2732 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2735 TALLOC_CTX *frame = talloc_stackframe();
2736 struct loadparm_context *lp_ctx;
2738 lp_ctx = setup_lp_context(frame);
2739 if (lp_ctx == NULL) {
2744 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2750 /***************************************************************************
2751 Process a parameter.
2752 ***************************************************************************/
2754 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2757 if (!bInGlobalSection && bGlobalOnly)
2760 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2762 if (bInGlobalSection) {
2763 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2765 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2766 pszParmName, pszParmValue);
2771 static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
2774 * check that @vfs_objects includes all vfs modules required by an AD DC.
2776 static bool check_ad_dc_required_mods(const char **vfs_objects)
2782 for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
2784 for (j = 0; vfs_objects[j] != NULL; j++) {
2785 if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
2791 DEBUG(0, ("vfs objects specified without required AD "
2792 "DC module: %s\n", ad_dc_req_vfs_mods[i]));
2797 DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
2802 /***************************************************************************
2803 Initialize any local variables in the sDefault table, after parsing a
2805 ***************************************************************************/
2807 static void init_locals(void)
2810 * We run this check once the [globals] is parsed, to force
2811 * the VFS objects and other per-share settings we need for
2812 * the standard way a AD DC is operated. We may change these
2813 * as our code evolves, which is why we force these settings.
2815 * We can't do this at the end of lp_load_ex(), as by that
2816 * point the services have been loaded and they will already
2817 * have "" as their vfs objects.
2819 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2820 const char **vfs_objects = lp_vfs_objects(-1);
2821 if (vfs_objects != NULL) {
2822 /* ignore return, only warn if modules are missing */
2823 check_ad_dc_required_mods(vfs_objects);
2825 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2826 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2827 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2828 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2830 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2834 lp_do_parameter(-1, "map hidden", "no");
2835 lp_do_parameter(-1, "map system", "no");
2836 lp_do_parameter(-1, "map readonly", "no");
2837 lp_do_parameter(-1, "map archive", "no");
2838 lp_do_parameter(-1, "store dos attributes", "yes");
2842 /***************************************************************************
2843 Process a new section (service). At this stage all sections are services.
2844 Later we'll have special sections that permit server parameters to be set.
2845 Returns true on success, false on failure.
2846 ***************************************************************************/
2848 bool lp_do_section(const char *pszSectionName, void *userdata)
2850 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2852 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2853 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2855 /* if we were in a global section then do the local inits */
2856 if (bInGlobalSection && !isglobal)
2859 /* if we've just struck a global section, note the fact. */
2860 bInGlobalSection = isglobal;
2861 if (lp_ctx != NULL) {
2862 lp_ctx->bInGlobalSection = isglobal;
2865 /* check for multiple global sections */
2866 if (bInGlobalSection) {
2867 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2871 if (!bInGlobalSection && bGlobalOnly)
2874 /* if we have a current service, tidy it up before moving on */
2877 if (iServiceIndex >= 0)
2878 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2880 /* if all is still well, move to the next record in the services array */
2882 /* We put this here to avoid an odd message order if messages are */
2883 /* issued by the post-processing of a previous section. */
2884 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2886 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2887 if (iServiceIndex < 0) {
2888 DEBUG(0, ("Failed to add a new service\n"));
2891 /* Clean all parametric options for service */
2892 /* They will be added during parsing again */
2893 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2899 /***************************************************************************
2900 Display the contents of a parameter of a single services record.
2901 ***************************************************************************/
2903 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2905 bool result = false;
2906 struct loadparm_context *lp_ctx;
2908 lp_ctx = setup_lp_context(talloc_tos());
2909 if (lp_ctx == NULL) {
2914 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2916 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2918 TALLOC_FREE(lp_ctx);
2923 /***************************************************************************
2924 Display the contents of a single copy structure.
2925 ***************************************************************************/
2926 static void dump_copy_map(bool *pcopymap)
2932 printf("\n\tNon-Copied parameters:\n");
2934 for (i = 0; parm_table[i].label; i++)
2935 if (parm_table[i].p_class == P_LOCAL &&
2936 parm_table[i].ptr && !pcopymap[i] &&
2937 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2939 printf("\t\t%s\n", parm_table[i].label);
2944 /***************************************************************************
2945 Return TRUE if the passed service number is within range.
2946 ***************************************************************************/
2948 bool lp_snum_ok(int iService)
2950 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2953 /***************************************************************************
2954 Auto-load some home services.
2955 ***************************************************************************/
2957 static void lp_add_auto_services(const char *str)
2967 s = talloc_strdup(talloc_tos(), str);
2969 smb_panic("talloc_strdup failed");
2973 homes = lp_servicenumber(HOMES_NAME);
2975 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2976 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2979 if (lp_servicenumber(p) >= 0)
2982 home = get_user_home_dir(talloc_tos(), p);
2984 if (home && home[0] && homes >= 0)
2985 lp_add_home(p, homes, p, home);
2992 /***************************************************************************
2993 Auto-load one printer.
2994 ***************************************************************************/
2996 void lp_add_one_printer(const char *name, const char *comment,
2997 const char *location, void *pdata)
2999 int printers = lp_servicenumber(PRINTERS_NAME);
3002 if (lp_servicenumber(name) < 0) {
3003 lp_add_printer(name, printers);
3004 if ((i = lp_servicenumber(name)) >= 0) {
3005 lpcfg_string_set(ServicePtrs[i],
3006 &ServicePtrs[i]->comment, comment);
3007 ServicePtrs[i]->autoloaded = true;
3012 /***************************************************************************
3013 Have we loaded a services file yet?
3014 ***************************************************************************/
3016 bool lp_loaded(void)
3021 /***************************************************************************
3022 Unload unused services.
3023 ***************************************************************************/
3025 void lp_killunused(struct smbd_server_connection *sconn,
3026 bool (*snumused) (struct smbd_server_connection *, int))
3029 for (i = 0; i < iNumServices; i++) {
3033 /* don't kill autoloaded or usershare services */
3034 if ( ServicePtrs[i]->autoloaded ||
3035 ServicePtrs[i]->usershare == USERSHARE_VALID) {
3039 if (!snumused || !snumused(sconn, i)) {
3040 free_service_byindex(i);
3046 * Kill all except autoloaded and usershare services - convenience wrapper
3048 void lp_kill_all_services(void)
3050 lp_killunused(NULL, NULL);
3053 /***************************************************************************
3055 ***************************************************************************/
3057 void lp_killservice(int iServiceIn)
3059 if (VALID(iServiceIn)) {
3060 free_service_byindex(iServiceIn);
3064 /***************************************************************************
3065 Save the curent values of all global and sDefault parameters into the
3066 defaults union. This allows testparm to show only the
3067 changed (ie. non-default) parameters.
3068 ***************************************************************************/
3070 static void lp_save_defaults(void)
3073 struct parmlist_entry * parm;
3074 for (i = 0; parm_table[i].label; i++) {
3075 if (!(flags_list[i] & FLAG_CMDLINE)) {
3076 flags_list[i] |= FLAG_DEFAULT;
3079 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3080 && parm_table[i].p_class == parm_table[i - 1].p_class)
3082 switch (parm_table[i].type) {
3085 parm_table[i].def.lvalue = str_list_copy(
3086 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3092 &parm_table[i].def.svalue,
3093 *(char **)lp_parm_ptr(
3094 NULL, &parm_table[i]));
3095 if (parm_table[i].def.svalue == NULL) {
3096 smb_panic("lpcfg_string_set() failed");
3101 parm_table[i].def.bvalue =
3102 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3105 parm_table[i].def.cvalue =
3106 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3112 parm_table[i].def.ivalue =
3113 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3118 for (parm=Globals.param_opt; parm; parm=parm->next) {
3119 if (!(parm->priority & FLAG_CMDLINE)) {
3120 parm->priority |= FLAG_DEFAULT;
3124 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3125 if (!(parm->priority & FLAG_CMDLINE)) {
3126 parm->priority |= FLAG_DEFAULT;
3130 defaults_saved = true;
3133 /***********************************************************
3134 If we should send plaintext/LANMAN passwords in the clinet
3135 ************************************************************/
3137 static void set_allowed_client_auth(void)
3139 if (Globals.client_ntlmv2_auth) {
3140 Globals.client_lanman_auth = false;
3142 if (!Globals.client_lanman_auth) {
3143 Globals.client_plaintext_auth = false;
3147 /***************************************************************************
3149 The following code allows smbd to read a user defined share file.
3150 Yes, this is my intent. Yes, I'm comfortable with that...
3152 THE FOLLOWING IS SECURITY CRITICAL CODE.
3154 It washes your clothes, it cleans your house, it guards you while you sleep...
3155 Do not f%^k with it....
3156 ***************************************************************************/
3158 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3160 /***************************************************************************
3161 Check allowed stat state of a usershare file.
3162 Ensure we print out who is dicking with us so the admin can
3163 get their sorry ass fired.
3164 ***************************************************************************/
3166 static bool check_usershare_stat(const char *fname,
3167 const SMB_STRUCT_STAT *psbuf)
3169 if (!S_ISREG(psbuf->st_ex_mode)) {
3170 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3171 "not a regular file\n",
3172 fname, (unsigned int)psbuf->st_ex_uid ));
3176 /* Ensure this doesn't have the other write bit set. */
3177 if (psbuf->st_ex_mode & S_IWOTH) {
3178 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3179 "public write. Refusing to allow as a usershare file.\n",
3180 fname, (unsigned int)psbuf->st_ex_uid ));
3184 /* Should be 10k or less. */
3185 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3186 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3187 "too large (%u) to be a user share file.\n",
3188 fname, (unsigned int)psbuf->st_ex_uid,
3189 (unsigned int)psbuf->st_ex_size ));
3196 /***************************************************************************
3197 Parse the contents of a usershare file.
3198 ***************************************************************************/
3200 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3201 SMB_STRUCT_STAT *psbuf,
3202 const char *servicename,
3206 char **pp_sharepath,
3208 char **pp_cp_servicename,
3209 struct security_descriptor **ppsd,
3212 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3213 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3216 SMB_STRUCT_STAT sbuf;
3217 char *sharepath = NULL;
3218 char *comment = NULL;
3220 *pp_sharepath = NULL;
3223 *pallow_guest = false;
3226 return USERSHARE_MALFORMED_FILE;
3229 if (strcmp(lines[0], "#VERSION 1") == 0) {
3231 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3234 return USERSHARE_MALFORMED_FILE;
3237 return USERSHARE_BAD_VERSION;
3240 if (strncmp(lines[1], "path=", 5) != 0) {
3241 return USERSHARE_MALFORMED_PATH;
3244 sharepath = talloc_strdup(ctx, &lines[1][5]);
3246 return USERSHARE_POSIX_ERR;
3248 trim_string(sharepath, " ", " ");
3250 if (strncmp(lines[2], "comment=", 8) != 0) {
3251 return USERSHARE_MALFORMED_COMMENT_DEF;
3254 comment = talloc_strdup(ctx, &lines[2][8]);
3256 return USERSHARE_POSIX_ERR;
3258 trim_string(comment, " ", " ");
3259 trim_char(comment, '"', '"');
3261 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3262 return USERSHARE_MALFORMED_ACL_DEF;
3265 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3266 return USERSHARE_ACL_ERR;
3270 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3271 return USERSHARE_MALFORMED_ACL_DEF;
3273 if (lines[4][9] == 'y') {
3274 *pallow_guest = true;
3277 /* Backwards compatible extension to file version #2. */
3279 if (strncmp(lines[5], "sharename=", 10) != 0) {
3280 return USERSHARE_MALFORMED_SHARENAME_DEF;
3282 if (!strequal(&lines[5][10], servicename)) {
3283 return USERSHARE_BAD_SHARENAME;
3285 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3286 if (!*pp_cp_servicename) {
3287 return USERSHARE_POSIX_ERR;
3292 if (*pp_cp_servicename == NULL) {
3293 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3294 if (!*pp_cp_servicename) {
3295 return USERSHARE_POSIX_ERR;
3299 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3300 /* Path didn't change, no checks needed. */
3301 *pp_sharepath = sharepath;
3302 *pp_comment = comment;
3303 return USERSHARE_OK;
3306 /* The path *must* be absolute. */
3307 if (sharepath[0] != '/') {
3308 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3309 servicename, sharepath));
3310 return USERSHARE_PATH_NOT_ABSOLUTE;
3313 /* If there is a usershare prefix deny list ensure one of these paths
3314 doesn't match the start of the user given path. */
3315 if (prefixdenylist) {
3317 for ( i=0; prefixdenylist[i]; i++ ) {
3318 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3319 servicename, i, prefixdenylist[i], sharepath ));
3320 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3321 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3322 "usershare prefix deny list entries.\n",
3323 servicename, sharepath));
3324 return USERSHARE_PATH_IS_DENIED;
3329 /* If there is a usershare prefix allow list ensure one of these paths
3330 does match the start of the user given path. */
3332 if (prefixallowlist) {
3334 for ( i=0; prefixallowlist[i]; i++ ) {
3335 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3336 servicename, i, prefixallowlist[i], sharepath ));
3337 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3341 if (prefixallowlist[i] == NULL) {
3342 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3343 "usershare prefix allow list entries.\n",
3344 servicename, sharepath));
3345 return USERSHARE_PATH_NOT_ALLOWED;
3349 /* Ensure this is pointing to a directory. */
3350 dp = opendir(sharepath);
3353 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3354 servicename, sharepath));
3355 return USERSHARE_PATH_NOT_DIRECTORY;
3358 /* Ensure the owner of the usershare file has permission to share
3361 if (sys_stat(sharepath, &sbuf, false) == -1) {
3362 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3363 servicename, sharepath, strerror(errno) ));
3365 return USERSHARE_POSIX_ERR;
3370 if (!S_ISDIR(sbuf.st_ex_mode)) {
3371 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3372 servicename, sharepath ));
3373 return USERSHARE_PATH_NOT_DIRECTORY;
3376 /* Check if sharing is restricted to owner-only. */
3377 /* psbuf is the stat of the usershare definition file,
3378 sbuf is the stat of the target directory to be shared. */
3380 if (lp_usershare_owner_only()) {
3381 /* root can share anything. */
3382 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3383 return USERSHARE_PATH_NOT_ALLOWED;
3387 *pp_sharepath = sharepath;
3388 *pp_comment = comment;
3389 return USERSHARE_OK;
3392 /***************************************************************************
3393 Deal with a usershare file.
3396 -1 - Bad name, invalid contents.
3397 - service name already existed and not a usershare, problem
3398 with permissions to share directory etc.
3399 ***************************************************************************/
3401 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3403 SMB_STRUCT_STAT sbuf;
3404 SMB_STRUCT_STAT lsbuf;
3406 char *sharepath = NULL;
3407 char *comment = NULL;
3408 char *cp_service_name = NULL;
3409 char **lines = NULL;
3413 TALLOC_CTX *ctx = talloc_stackframe();
3414 struct security_descriptor *psd = NULL;
3415 bool guest_ok = false;
3416 char *canon_name = NULL;
3417 bool added_service = false;
3421 /* Ensure share name doesn't contain invalid characters. */
3422 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3423 DEBUG(0,("process_usershare_file: share name %s contains "
3424 "invalid characters (any of %s)\n",
3425 file_name, INVALID_SHARENAME_CHARS ));
3429 canon_name = canonicalize_servicename(ctx, file_name);
3434 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3439 /* Minimize the race condition by doing an lstat before we
3440 open and fstat. Ensure this isn't a symlink link. */
3442 if (sys_lstat(fname, &lsbuf, false) != 0) {
3443 if (errno == ENOENT) {
3444 /* Unknown share requested. Just ignore. */
3447 /* Only log messages for meaningful problems. */
3448 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3449 fname, strerror(errno) ));
3453 /* This must be a regular file, not a symlink, directory or
3454 other strange filetype. */
3455 if (!check_usershare_stat(fname, &lsbuf)) {
3462 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3467 if (NT_STATUS_IS_OK(status) &&
3468 (data.dptr != NULL) &&
3469 (data.dsize == sizeof(iService))) {
3470 memcpy(&iService, data.dptr, sizeof(iService));
3474 if (iService != -1 &&
3475 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3476 &lsbuf.st_ex_mtime) == 0) {
3477 /* Nothing changed - Mark valid and return. */
3478 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3480 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3485 /* Try and open the file read only - no symlinks allowed. */
3487 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3489 fd = open(fname, O_RDONLY, 0);
3493 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3494 fname, strerror(errno) ));
3498 /* Now fstat to be *SURE* it's a regular file. */
3499 if (sys_fstat(fd, &sbuf, false) != 0) {
3501 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3502 fname, strerror(errno) ));
3506 /* Is it the same dev/inode as was lstated ? */
3507 if (!check_same_stat(&lsbuf, &sbuf)) {
3509 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3510 "Symlink spoofing going on ?\n", fname ));
3514 /* This must be a regular file, not a symlink, directory or
3515 other strange filetype. */
3516 if (!check_usershare_stat(fname, &sbuf)) {
3521 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3524 if (lines == NULL) {
3525 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3526 fname, (unsigned int)sbuf.st_ex_uid ));
3530 if (parse_usershare_file(ctx, &sbuf, file_name,
3531 iService, lines, numlines, &sharepath,
3532 &comment, &cp_service_name,
3533 &psd, &guest_ok) != USERSHARE_OK) {
3537 /* Everything ok - add the service possibly using a template. */
3539 const struct loadparm_service *sp = &sDefault;
3540 if (snum_template != -1) {
3541 sp = ServicePtrs[snum_template];
3544 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3545 DEBUG(0, ("process_usershare_file: Failed to add "
3546 "new service %s\n", cp_service_name));
3550 added_service = true;
3552 /* Read only is controlled by usershare ACL below. */
3553 ServicePtrs[iService]->read_only = false;
3556 /* Write the ACL of the new/modified share. */
3557 status = set_share_security(canon_name, psd);
3558 if (!NT_STATUS_IS_OK(status)) {
3559 DEBUG(0, ("process_usershare_file: Failed to set share "
3560 "security for user share %s\n",
3565 /* If from a template it may be marked invalid. */
3566 ServicePtrs[iService]->valid = true;
3568 /* Set the service as a valid usershare. */
3569 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3571 /* Set guest access. */
3572 if (lp_usershare_allow_guests()) {
3573 ServicePtrs[iService]->guest_ok = guest_ok;
3576 /* And note when it was loaded. */
3577 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3578 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3580 lpcfg_string_set(ServicePtrs[iService],
3581 &ServicePtrs[iService]->comment, comment);
3587 if (ret == -1 && iService != -1 && added_service) {
3588 lp_remove_service(iService);
3596 /***************************************************************************
3597 Checks if a usershare entry has been modified since last load.
3598 ***************************************************************************/
3600 static bool usershare_exists(int iService, struct timespec *last_mod)
3602 SMB_STRUCT_STAT lsbuf;
3603 const char *usersharepath = Globals.usershare_path;
3606 fname = talloc_asprintf(talloc_tos(),
3609 ServicePtrs[iService]->szService);
3610 if (fname == NULL) {
3614 if (sys_lstat(fname, &lsbuf, false) != 0) {
3619 if (!S_ISREG(lsbuf.st_ex_mode)) {
3625 *last_mod = lsbuf.st_ex_mtime;
3629 static bool usershare_directory_is_root(uid_t uid)
3635 if (uid_wrapper_enabled()) {
3642 /***************************************************************************
3643 Load a usershare service by name. Returns a valid servicenumber or -1.
3644 ***************************************************************************/
3646 int load_usershare_service(const char *servicename)
3648 SMB_STRUCT_STAT sbuf;
3649 const char *usersharepath = Globals.usershare_path;
3650 int max_user_shares = Globals.usershare_max_shares;
3651 int snum_template = -1;
3653 if (servicename[0] == '\0') {
3654 /* Invalid service name. */
3658 if (*usersharepath == 0 || max_user_shares == 0) {
3662 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3663 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3664 usersharepath, strerror(errno) ));
3668 if (!S_ISDIR(sbuf.st_ex_mode)) {
3669 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3675 * This directory must be owned by root, and have the 't' bit set.
3676 * It also must not be writable by "other".
3680 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3681 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3683 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3684 (sbuf.st_ex_mode & S_IWOTH)) {
3686 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3687 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3692 /* Ensure the template share exists if it's set. */
3693 if (Globals.usershare_template_share[0]) {
3694 /* We can't use lp_servicenumber here as we are recommending that
3695 template shares have -valid=false set. */
3696 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3697 if (ServicePtrs[snum_template]->szService &&
3698 strequal(ServicePtrs[snum_template]->szService,
3699 Globals.usershare_template_share)) {
3704 if (snum_template == -1) {
3705 DEBUG(0,("load_usershare_service: usershare template share %s "
3706 "does not exist.\n",
3707 Globals.usershare_template_share ));
3712 return process_usershare_file(usersharepath, servicename, snum_template);
3715 /***************************************************************************
3716 Load all user defined shares from the user share directory.
3717 We only do this if we're enumerating the share list.
3718 This is the function that can delete usershares that have
3720 ***************************************************************************/
3722 int load_usershare_shares(struct smbd_server_connection *sconn,
3723 bool (*snumused) (struct smbd_server_connection *, int))
3726 SMB_STRUCT_STAT sbuf;
3728 int num_usershares = 0;
3729 int max_user_shares = Globals.usershare_max_shares;
3730 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3731 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3732 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3734 int snum_template = -1;
3735 const char *usersharepath = Globals.usershare_path;
3736 int ret = lp_numservices();
3737 TALLOC_CTX *tmp_ctx;
3739 if (max_user_shares == 0 || *usersharepath == '\0') {
3740 return lp_numservices();
3743 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3744 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3745 usersharepath, strerror(errno) ));
3750 * This directory must be owned by root, and have the 't' bit set.
3751 * It also must not be writable by "other".
3755 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3757 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3759 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3760 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3765 /* Ensure the template share exists if it's set. */
3766 if (Globals.usershare_template_share[0]) {
3767 /* We can't use lp_servicenumber here as we are recommending that
3768 template shares have -valid=false set. */
3769 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3770 if (ServicePtrs[snum_template]->szService &&
3771 strequal(ServicePtrs[snum_template]->szService,
3772 Globals.usershare_template_share)) {
3777 if (snum_template == -1) {
3778 DEBUG(0,("load_usershare_shares: usershare template share %s "
3779 "does not exist.\n",
3780 Globals.usershare_template_share ));
3785 /* Mark all existing usershares as pending delete. */
3786 for (iService = iNumServices - 1; iService >= 0; iService--) {
3787 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3788 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3792 dp = opendir(usersharepath);
3794 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3795 usersharepath, strerror(errno) ));
3799 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3801 num_dir_entries++ ) {
3803 const char *n = de->d_name;
3805 /* Ignore . and .. */
3807 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3813 /* Temporary file used when creating a share. */
3814 num_tmp_dir_entries++;
3817 /* Allow 20% tmp entries. */
3818 if (num_tmp_dir_entries > allowed_tmp_entries) {
3819 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3820 "in directory %s\n",
3821 num_tmp_dir_entries, usersharepath));
3825 r = process_usershare_file(usersharepath, n, snum_template);
3827 /* Update the services count. */
3829 if (num_usershares >= max_user_shares) {
3830 DEBUG(0,("load_usershare_shares: max user shares reached "
3831 "on file %s in directory %s\n",
3832 n, usersharepath ));
3835 } else if (r == -1) {
3836 num_bad_dir_entries++;
3839 /* Allow 20% bad entries. */
3840 if (num_bad_dir_entries > allowed_bad_entries) {
3841 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3842 "in directory %s\n",
3843 num_bad_dir_entries, usersharepath));
3847 /* Allow 20% bad entries. */
3848 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3849 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3850 "in directory %s\n",
3851 num_dir_entries, usersharepath));
3858 /* Sweep through and delete any non-refreshed usershares that are
3859 not currently in use. */
3860 tmp_ctx = talloc_stackframe();
3861 for (iService = iNumServices - 1; iService >= 0; iService--) {
3862 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3863 const struct loadparm_substitution *lp_sub =
3864 loadparm_s3_global_substitution();
3867 if (snumused && snumused(sconn, iService)) {
3871 servname = lp_servicename(tmp_ctx, lp_sub, iService);
3873 /* Remove from the share ACL db. */
3874 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3876 delete_share_security(servname);
3877 free_service_byindex(iService);
3880 talloc_free(tmp_ctx);
3882 return lp_numservices();
3885 /********************************************************
3886 Destroy global resources allocated in this file
3887 ********************************************************/
3889 void gfree_loadparm(void)
3895 /* Free resources allocated to services */
3897 for ( i = 0; i < iNumServices; i++ ) {
3899 free_service_byindex(i);
3903 TALLOC_FREE( ServicePtrs );
3906 /* Now release all resources allocated to global
3907 parameters and the default service */
3909 free_global_parameters();
3913 /***************************************************************************
3914 Allow client apps to specify that they are a client
3915 ***************************************************************************/
3916 static void lp_set_in_client(bool b)
3922 /***************************************************************************
3923 Determine if we're running in a client app
3924 ***************************************************************************/
3925 static bool lp_is_in_client(void)
3930 static void lp_enforce_ad_dc_settings(void)
3932 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3933 lp_do_parameter(GLOBAL_SECTION_SNUM,
3934 "winbindd:use external pipes", "true");
3935 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3936 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3937 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3938 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3939 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3940 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3941 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3942 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3943 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3946 /***************************************************************************
3947 Load the services array from the services file. Return true on success,
3949 ***************************************************************************/
3951 static bool lp_load_ex(const char *pszFname,
3955 bool reinit_globals,
3956 bool allow_include_registry,
3957 bool load_all_shares)
3961 TALLOC_CTX *frame = talloc_stackframe();
3962 struct loadparm_context *lp_ctx;
3963 int max_protocol, min_protocol;
3965 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3967 bInGlobalSection = true;
3968 bGlobalOnly = global_only;
3969 bAllowIncludeRegistry = allow_include_registry;
3970 sDefault = _sDefault;
3972 lp_ctx = setup_lp_context(talloc_tos());
3974 init_globals(lp_ctx, reinit_globals);
3978 if (save_defaults) {
3983 if (!reinit_globals) {
3984 free_param_opts(&Globals.param_opt);
3985 apply_lp_set_cmdline();
3988 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3990 /* We get sections first, so have to start 'behind' to make up */
3993 if (lp_config_backend_is_file()) {
3994 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3995 current_user_info.domain,
3998 smb_panic("lp_load_ex: out of memory");
4001 add_to_file_list(NULL, &file_lists, pszFname, n2);
4003 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
4006 /* finish up the last section */
4007 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
4009 if (iServiceIndex >= 0) {
4010 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
4014 if (lp_config_backend_is_registry()) {
4016 /* config backend changed to registry in config file */
4018 * We need to use this extra global variable here to
4019 * survive restart: init_globals uses this as a default
4020 * for config_backend. Otherwise, init_globals would
4021 * send us into an endless loop here.
4024 config_backend = CONFIG_BACKEND_REGISTRY;
4026 DEBUG(1, ("lp_load_ex: changing to config backend "
4028 init_globals(lp_ctx, true);
4030 TALLOC_FREE(lp_ctx);
4032 lp_kill_all_services();
4033 ok = lp_load_ex(pszFname, global_only, save_defaults,
4034 add_ipc, reinit_globals,
4035 allow_include_registry,
4040 } else if (lp_config_backend_is_registry()) {
4041 bRetval = process_registry_globals();
4043 DEBUG(0, ("Illegal config backend given: %d\n",
4044 lp_config_backend()));
4048 if (bRetval && lp_registry_shares()) {
4049 if (load_all_shares) {
4050 bRetval = process_registry_shares();
4052 bRetval = reload_registry_shares();
4057 const struct loadparm_substitution *lp_sub =
4058 loadparm_s3_global_substitution();
4059 char *serv = lp_auto_services(talloc_tos(), lp_sub);
4060 lp_add_auto_services(serv);
4065 /* When 'restrict anonymous = 2' guest connections to ipc$
4067 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
4068 if ( lp_enable_asu_support() ) {
4069 lp_add_ipc("ADMIN$", false);
4073 set_allowed_client_auth();
4075 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
4076 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
4077 lp_password_server()));
4082 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4083 /* if we_are_a_wins_server is true and we are in the client */
4084 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4085 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4090 fault_configure(smb_panic_s3);
4093 * We run this check once the whole smb.conf is parsed, to
4094 * force some settings for the standard way a AD DC is
4095 * operated. We may change these as our code evolves, which
4096 * is why we force these settings.
4098 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4099 lp_enforce_ad_dc_settings();
4102 bAllowIncludeRegistry = true;
4104 /* Check if command line max protocol < min protocol, if so
4105 * report a warning to the user.
4107 max_protocol = lp_client_max_protocol();
4108 min_protocol = lp_client_min_protocol();
4109 if (max_protocol < min_protocol) {
4110 const char *max_protocolp, *min_protocolp;
4111 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4112 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4113 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4114 max_protocolp, min_protocolp);
4121 static bool lp_load(const char *pszFname,
4125 bool reinit_globals)
4127 return lp_load_ex(pszFname,
4132 true, /* allow_include_registry */
4133 false); /* load_all_shares*/
4136 bool lp_load_initial_only(const char *pszFname)
4138 return lp_load_ex(pszFname,
4139 true, /* global only */
4140 true, /* save_defaults */
4141 false, /* add_ipc */
4142 true, /* reinit_globals */
4143 false, /* allow_include_registry */
4144 false); /* load_all_shares*/
4148 * most common lp_load wrapper, loading only the globals
4150 * If this is used in a daemon or client utility it should be called
4151 * after processing popt.
4153 bool lp_load_global(const char *file_name)
4155 return lp_load(file_name,
4156 true, /* global_only */
4157 false, /* save_defaults */
4158 false, /* add_ipc */
4159 true); /* reinit_globals */
4163 * The typical lp_load wrapper with shares, loads global and
4164 * shares, including IPC, but does not force immediate
4165 * loading of all shares from registry.
4167 bool lp_load_with_shares(const char *file_name)
4169 return lp_load(file_name,
4170 false, /* global_only */
4171 false, /* save_defaults */
4173 true); /* reinit_globals */
4177 * lp_load wrapper, especially for clients
4179 bool lp_load_client(const char *file_name)
4181 lp_set_in_client(true);
4183 return lp_load_global(file_name);
4187 * lp_load wrapper, loading only globals, but intended
4188 * for subsequent calls, not reinitializing the globals
4191 bool lp_load_global_no_reinit(const char *file_name)
4193 return lp_load(file_name,
4194 true, /* global_only */
4195 false, /* save_defaults */
4196 false, /* add_ipc */
4197 false); /* reinit_globals */
4201 * lp_load wrapper, loading globals and shares,
4202 * intended for subsequent calls, i.e. not reinitializing
4203 * the globals to default values.
4205 bool lp_load_no_reinit(const char *file_name)
4207 return lp_load(file_name,
4208 false, /* global_only */
4209 false, /* save_defaults */
4210 false, /* add_ipc */
4211 false); /* reinit_globals */
4216 * lp_load wrapper, especially for clients, no reinitialization
4218 bool lp_load_client_no_reinit(const char *file_name)
4220 lp_set_in_client(true);
4222 return lp_load_global_no_reinit(file_name);
4225 bool lp_load_with_registry_shares(const char *pszFname)
4227 return lp_load_ex(pszFname,
4228 false, /* global_only */
4229 true, /* save_defaults */
4230 false, /* add_ipc */
4231 true, /* reinit_globals */
4232 true, /* allow_include_registry */
4233 true); /* load_all_shares*/
4236 /***************************************************************************
4237 Return the max number of services.
4238 ***************************************************************************/
4240 int lp_numservices(void)
4242 return (iNumServices);
4245 /***************************************************************************
4246 Display the contents of the services array in human-readable form.
4247 ***************************************************************************/
4249 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4252 struct loadparm_context *lp_ctx;
4255 defaults_saved = false;
4257 lp_ctx = setup_lp_context(talloc_tos());
4258 if (lp_ctx == NULL) {
4262 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4264 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4266 for (iService = 0; iService < maxtoprint; iService++) {
4268 lp_dump_one(f, show_defaults, iService);
4270 TALLOC_FREE(lp_ctx);
4273 /***************************************************************************
4274 Display the contents of one service in human-readable form.
4275 ***************************************************************************/
4277 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4280 if (ServicePtrs[snum]->szService[0] == '\0')
4282 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4283 flags_list, show_defaults);
4287 /***************************************************************************
4288 Return the number of the service with the given name, or -1 if it doesn't
4289 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4290 getservicebyname()! This works ONLY if all services have been loaded, and
4291 does not copy the found service.
4292 ***************************************************************************/
4294 int lp_servicenumber(const char *pszServiceName)
4297 fstring serviceName;
4299 if (!pszServiceName) {
4300 return GLOBAL_SECTION_SNUM;
4303 for (iService = iNumServices - 1; iService >= 0; iService--) {
4304 if (VALID(iService) && ServicePtrs[iService]->szService) {
4306 * The substitution here is used to support %U in
4309 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4310 standard_sub_basic(get_current_username(),
4311 current_user_info.domain,
4312 serviceName,sizeof(serviceName));
4313 if (strequal(serviceName, pszServiceName)) {
4319 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4320 struct timespec last_mod;
4322 if (!usershare_exists(iService, &last_mod)) {
4323 /* Remove the share security tdb entry for it. */
4324 delete_share_security(lp_const_servicename(iService));
4325 /* Remove it from the array. */
4326 free_service_byindex(iService);
4327 /* Doesn't exist anymore. */
4328 return GLOBAL_SECTION_SNUM;
4331 /* Has it been modified ? If so delete and reload. */
4332 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4334 /* Remove it from the array. */
4335 free_service_byindex(iService);
4336 /* and now reload it. */
4337 iService = load_usershare_service(pszServiceName);
4342 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4343 return GLOBAL_SECTION_SNUM;
4349 /*******************************************************************
4350 A useful volume label function.
4351 ********************************************************************/
4353 const char *volume_label(TALLOC_CTX *ctx, int snum)
4355 const struct loadparm_substitution *lp_sub =
4356 loadparm_s3_global_substitution();
4358 const char *label = lp_volume(ctx, lp_sub, snum);
4362 label = lp_servicename(ctx, lp_sub, snum);
4366 * Volume label can be a max of 32 bytes. Make sure to truncate
4367 * it at a codepoint boundary if it's longer than 32 and contains
4368 * multibyte characters. Windows insists on a volume label being
4369 * a valid mb sequence, and errors out if not.
4371 if (strlen(label) > 32) {
4373 * A MB char can be a max of 5 bytes, thus
4374 * we should have a valid mb character at a
4375 * minimum position of (32-5) = 27.
4379 * Check if a codepoint starting from next byte
4380 * is valid. If yes, then the current byte is the
4381 * end of a MB or ascii sequence and the label can
4382 * be safely truncated here. If not, keep going
4383 * backwards till a valid codepoint is found.
4386 const char *s = &label[end];
4387 codepoint_t c = next_codepoint(s, &len);
4388 if (c != INVALID_CODEPOINT) {
4395 /* This returns a max of 33 byte guarenteed null terminated string. */
4396 ret = talloc_strndup(ctx, label, end);
4403 /*******************************************************************
4404 Get the default server type we will announce as via nmbd.
4405 ********************************************************************/
4407 int lp_default_server_announce(void)
4409 int default_server_announce = 0;
4410 default_server_announce |= SV_TYPE_WORKSTATION;
4411 default_server_announce |= SV_TYPE_SERVER;
4412 default_server_announce |= SV_TYPE_SERVER_UNIX;
4414 /* note that the flag should be set only if we have a
4415 printer service but nmbd doesn't actually load the
4416 services so we can't tell --jerry */
4418 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4420 default_server_announce |= SV_TYPE_SERVER_NT;
4421 default_server_announce |= SV_TYPE_NT;
4423 switch (lp_server_role()) {
4424 case ROLE_DOMAIN_MEMBER:
4425 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4427 case ROLE_DOMAIN_PDC:
4429 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4431 case ROLE_DOMAIN_BDC:
4432 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4434 case ROLE_STANDALONE:
4438 if (lp_time_server())
4439 default_server_announce |= SV_TYPE_TIME_SOURCE;
4441 if (lp_host_msdfs())
4442 default_server_announce |= SV_TYPE_DFS_SERVER;
4444 return default_server_announce;
4447 /***********************************************************
4448 If we are PDC then prefer us as DMB
4449 ************************************************************/
4451 bool lp_domain_master(void)
4453 if (Globals._domain_master == Auto)
4454 return (lp_server_role() == ROLE_DOMAIN_PDC ||
4455 lp_server_role() == ROLE_IPA_DC);
4457 return (bool)Globals._domain_master;
4460 /***********************************************************
4461 If we are PDC then prefer us as DMB
4462 ************************************************************/
4464 static bool lp_domain_master_true_or_auto(void)
4466 if (Globals._domain_master) /* auto or yes */
4472 /***********************************************************
4473 If we are DMB then prefer us as LMB
4474 ************************************************************/
4476 bool lp_preferred_master(void)
4478 int preferred_master = lp__preferred_master();
4480 if (preferred_master == Auto)
4481 return (lp_local_master() && lp_domain_master());
4483 return (bool)preferred_master;
4486 /*******************************************************************
4488 ********************************************************************/
4490 void lp_remove_service(int snum)
4492 ServicePtrs[snum]->valid = false;
4495 const char *lp_printername(TALLOC_CTX *ctx,
4496 const struct loadparm_substitution *lp_sub,
4499 const char *ret = lp__printername(ctx, lp_sub, snum);
4501 if (ret == NULL || *ret == '\0') {
4502 ret = lp_const_servicename(snum);
4509 /***********************************************************
4510 Allow daemons such as winbindd to fix their logfile name.
4511 ************************************************************/
4513 void lp_set_logfile(const char *name)
4515 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4516 debug_set_logfile(name);
4519 /*******************************************************************
4520 Return the max print jobs per queue.
4521 ********************************************************************/
4523 int lp_maxprintjobs(int snum)
4525 int maxjobs = lp_max_print_jobs(snum);
4527 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4528 maxjobs = PRINT_MAX_JOBID - 1;
4533 const char *lp_printcapname(void)
4535 const char *printcap_name = lp_printcap_name();
4537 if ((printcap_name != NULL) &&
4538 (printcap_name[0] != '\0'))
4539 return printcap_name;
4541 if (sDefault.printing == PRINT_CUPS) {
4545 if (sDefault.printing == PRINT_BSD)
4546 return "/etc/printcap";
4548 return PRINTCAP_NAME;
4551 static uint32_t spoolss_state;
4553 bool lp_disable_spoolss( void )
4555 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4556 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4558 return spoolss_state == SVCCTL_STOPPED ? true : false;
4561 void lp_set_spoolss_state( uint32_t state )
4563 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4565 spoolss_state = state;
4568 uint32_t lp_get_spoolss_state( void )
4570 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4573 /*******************************************************************
4574 Turn off sendfile if we find the underlying OS doesn't support it.
4575 ********************************************************************/
4577 void set_use_sendfile(int snum, bool val)
4579 if (LP_SNUM_OK(snum))
4580 ServicePtrs[snum]->_use_sendfile = val;
4582 sDefault._use_sendfile = val;
4585 void lp_set_mangling_method(const char *new_method)
4587 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4590 /*******************************************************************
4591 Global state for POSIX pathname processing.
4592 ********************************************************************/
4594 static bool posix_pathnames;
4596 bool lp_posix_pathnames(void)
4598 return posix_pathnames;
4601 /*******************************************************************
4602 Change everything needed to ensure POSIX pathname processing (currently
4604 ********************************************************************/
4606 void lp_set_posix_pathnames(void)
4608 posix_pathnames = true;
4611 /*******************************************************************
4612 Global state for POSIX lock processing - CIFS unix extensions.
4613 ********************************************************************/
4615 bool posix_default_lock_was_set;
4616 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4618 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4620 if (posix_default_lock_was_set) {
4621 return posix_cifsx_locktype;
4623 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4624 POSIX_LOCK : WINDOWS_LOCK;
4628 /*******************************************************************
4629 ********************************************************************/
4631 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4633 posix_default_lock_was_set = true;
4634 posix_cifsx_locktype = val;
4637 int lp_min_receive_file_size(void)
4639 int min_receivefile_size = lp_min_receivefile_size();
4641 if (min_receivefile_size < 0) {
4644 return min_receivefile_size;
4647 /*******************************************************************
4648 Safe wide links checks.
4649 This helper function always verify the validity of wide links,
4650 even after a configuration file reload.
4651 ********************************************************************/
4653 void widelinks_warning(int snum)
4655 if (lp_allow_insecure_wide_links()) {
4659 if (lp_unix_extensions() && lp_wide_links(snum)) {
4660 DBG_ERR("Share '%s' has wide links and unix extensions enabled. "
4661 "These parameters are incompatible. "
4662 "Wide links will be disabled for this share.\n",
4663 lp_const_servicename(snum));
4667 bool lp_widelinks(int snum)
4669 /* wide links is always incompatible with unix extensions */
4670 if (lp_unix_extensions()) {
4672 * Unless we have "allow insecure widelinks"
4675 if (!lp_allow_insecure_wide_links()) {
4680 return lp_wide_links(snum);
4683 int lp_server_role(void)
4685 return lp_find_server_role(lp__server_role(),
4687 lp__domain_logons(),
4688 lp_domain_master_true_or_auto());
4691 int lp_security(void)
4693 return lp_find_security(lp__server_role(),
4697 int lp_client_max_protocol(void)
4699 int client_max_protocol = lp__client_max_protocol();
4700 if (client_max_protocol == PROTOCOL_DEFAULT) {
4701 return PROTOCOL_LATEST;
4703 return client_max_protocol;
4706 int lp_client_ipc_min_protocol(void)
4708 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4709 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4710 client_ipc_min_protocol = lp_client_min_protocol();
4712 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4713 return PROTOCOL_NT1;
4715 return client_ipc_min_protocol;
4718 int lp_client_ipc_max_protocol(void)
4720 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4721 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4722 return PROTOCOL_LATEST;
4724 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4725 return PROTOCOL_NT1;
4727 return client_ipc_max_protocol;
4730 int lp_client_ipc_signing(void)
4732 int client_ipc_signing = lp__client_ipc_signing();
4733 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4734 return SMB_SIGNING_REQUIRED;
4736 return client_ipc_signing;
4739 enum credentials_use_kerberos lp_client_use_kerberos(void)
4741 if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
4742 return CRED_USE_KERBEROS_REQUIRED;
4745 return lp__client_use_kerberos();
4749 int lp_rpc_low_port(void)
4751 return Globals.rpc_low_port;
4754 int lp_rpc_high_port(void)
4756 return Globals.rpc_high_port;
4760 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4762 * This also ensures it is disabled if NTLM is totally disabled
4764 bool lp_lanman_auth(void)
4766 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4768 if (ntlm_auth_level == NTLM_AUTH_ON) {
4769 return lp__lanman_auth();
4775 struct loadparm_global * get_globals(void)
4780 unsigned int * get_flags(void)
4782 if (flags_list == NULL) {
4783 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
4789 enum samba_weak_crypto lp_weak_crypto()
4791 if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
4792 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
4794 if (samba_gnutls_weak_crypto_allowed()) {
4795 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
4799 return Globals.weak_crypto;
4802 uint32_t lp_get_async_dns_timeout(void)
4805 * Clamp minimum async dns timeout to 1 second
4806 * as per the man page.
4808 return MAX(Globals.async_dns_timeout, 1);