2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
57 #include "system/filesys.h"
59 #include "lib/param/loadparm.h"
60 #include "lib/param/param.h"
62 #include "lib/smbconf/smbconf.h"
63 #include "lib/smbconf/smbconf_init.h"
66 #include "../librpc/gen_ndr/svcctl.h"
68 #include "../libcli/smb/smb_signing.h"
69 #include "dbwrap/dbwrap.h"
70 #include "dbwrap/dbwrap_rbt.h"
71 #include "../lib/util/bitmap.h"
72 #include "librpc/gen_ndr/nbt.h"
73 #include "source4/lib/tls/tls.h"
74 #include "libcli/auth/ntlm_check.h"
76 #ifdef HAVE_SYS_SYSCTL_H
77 #include <sys/sysctl.h>
82 extern userdom_struct current_user_info;
84 /* the special value for the include parameter
85 * to be interpreted not as a file name but to
86 * trigger loading of the global smb.conf options
88 #ifndef INCLUDE_REGISTRY_NAME
89 #define INCLUDE_REGISTRY_NAME "registry"
92 static bool in_client = false; /* Not in the client by default */
93 static struct smbconf_csn conf_last_csn;
95 static int config_backend = CONFIG_BACKEND_FILE;
97 /* some helpful bits */
98 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
99 (ServicePtrs != NULL) && \
100 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
101 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
102 ServicePtrs[i]->valid)
104 #define USERSHARE_VALID 1
105 #define USERSHARE_PENDING_DELETE 2
107 static bool defaults_saved = false;
109 #include "lib/param/param_global.h"
111 static struct loadparm_global Globals;
113 /* This is a default service used to prime a services structure */
114 static const struct loadparm_service _sDefault =
119 .usershare_last_mod = {0, 0},
122 .invalid_users = NULL,
129 .root_preexec = NULL,
130 .root_postexec = NULL,
131 .cups_options = NULL,
132 .print_command = NULL,
134 .lprm_command = NULL,
135 .lppause_command = NULL,
136 .lpresume_command = NULL,
137 .queuepause_command = NULL,
138 .queueresume_command = NULL,
139 ._printername = NULL,
140 .printjob_username = NULL,
141 .dont_descend = NULL,
144 .magic_script = NULL,
145 .magic_output = NULL,
148 .veto_oplock_files = NULL,
158 .aio_write_behind = NULL,
159 .dfree_command = NULL,
160 .min_print_space = 0,
161 .max_print_jobs = 1000,
162 .max_reported_print_jobs = 0,
163 .write_cache_size = 0,
165 .force_create_mode = 0,
166 .directory_mask = 0755,
167 .force_directory_mode = 0,
168 .max_connections = 0,
169 .default_case = CASE_LOWER,
170 .printing = DEFAULT_PRINTING,
173 .dfree_cache_time = 0,
174 .preexec_close = false,
175 .root_preexec_close = false,
176 .case_sensitive = Auto,
177 .preserve_case = true,
178 .short_preserve_case = true,
179 .hide_dot_files = true,
180 .hide_special_files = false,
181 .hide_unreadable = false,
182 .hide_unwriteable_files = false,
184 .access_based_share_enum = false,
189 .administrative_share = false,
192 .print_notify_backchannel = false,
196 .store_dos_attributes = true,
197 .dmapi_support = false,
199 .strict_locking = Auto,
200 .posix_locking = true,
202 .kernel_oplocks = false,
203 .level2_oplocks = true,
204 .mangled_names = MANGLED_NAMES_YES,
206 .follow_symlinks = true,
207 .sync_always = false,
208 .strict_allocate = false,
209 .strict_rename = false,
211 .mangling_char = '~',
213 .delete_readonly = false,
214 .fake_oplocks = false,
215 .delete_veto_files = false,
216 .dos_filemode = false,
217 .dos_filetimes = true,
218 .dos_filetime_resolution = false,
219 .fake_directory_create_times = false,
220 .blocking_locks = true,
221 .inherit_permissions = false,
222 .inherit_acls = false,
223 .inherit_owner = false,
225 .msdfs_shuffle_referrals = false,
226 .use_client_driver = false,
227 .default_devmode = true,
228 .force_printername = false,
229 .nt_acl_support = true,
230 .force_unknown_acl_user = false,
231 ._use_sendfile = false,
232 .map_acl_inherit = false,
235 .acl_check_permissions = true,
236 .acl_map_full_control = true,
237 .acl_group_control = false,
238 .acl_allow_execute_always = false,
241 .map_readonly = MAP_READONLY_NO,
242 .directory_name_cache_size = 100,
243 .smb_encrypt = SMB_SIGNING_DEFAULT,
244 .kernel_share_modes = true,
245 .durable_handles = true,
246 .check_parent_directory_delete_on_close = false,
248 .smbd_search_ask_sharemode = true,
249 .smbd_getinfo_ask_sharemode = true,
254 * This is a copy of the default service structure. Service options in the
255 * global section would otherwise overwrite the initial default values.
257 static struct loadparm_service sDefault;
259 /* local variables */
260 static struct loadparm_service **ServicePtrs = NULL;
261 static int iNumServices = 0;
262 static int iServiceIndex = 0;
263 static struct db_context *ServiceHash;
264 static bool bInGlobalSection = true;
265 static bool bGlobalOnly = false;
266 static struct file_lists *file_lists = NULL;
267 static unsigned int *flags_list = NULL;
269 static void set_allowed_client_auth(void);
271 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
272 static void free_param_opts(struct parmlist_entry **popts);
275 * Function to return the default value for the maximum number of open
276 * file descriptors permitted. This function tries to consult the
277 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
278 * the smaller of those.
280 static int max_open_files(void)
282 int sysctl_max = MAX_OPEN_FILES;
283 int rlimit_max = MAX_OPEN_FILES;
285 #ifdef HAVE_SYSCTLBYNAME
287 size_t size = sizeof(sysctl_max);
288 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
293 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
299 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
300 rlimit_max = rl.rlim_cur;
302 #if defined(RLIM_INFINITY)
303 if(rl.rlim_cur == RLIM_INFINITY)
304 rlimit_max = MAX_OPEN_FILES;
309 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
310 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
311 "minimum Windows limit (%d)\n",
313 MIN_OPEN_FILES_WINDOWS));
314 sysctl_max = MIN_OPEN_FILES_WINDOWS;
317 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
318 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
319 "minimum Windows limit (%d)\n",
321 MIN_OPEN_FILES_WINDOWS));
322 rlimit_max = MIN_OPEN_FILES_WINDOWS;
325 return MIN(sysctl_max, rlimit_max);
329 * Common part of freeing allocated data for one parameter.
331 static void free_one_parameter_common(void *parm_ptr,
332 struct parm_struct parm)
334 if ((parm.type == P_STRING) ||
335 (parm.type == P_USTRING))
337 lpcfg_string_free((char**)parm_ptr);
338 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
339 TALLOC_FREE(*((char***)parm_ptr));
344 * Free the allocated data for one parameter for a share
345 * given as a service struct.
347 static void free_one_parameter(struct loadparm_service *service,
348 struct parm_struct parm)
352 if (parm.p_class != P_LOCAL) {
356 parm_ptr = lp_parm_ptr(service, &parm);
358 free_one_parameter_common(parm_ptr, parm);
362 * Free the allocated parameter data of a share given
363 * as a service struct.
365 static void free_parameters(struct loadparm_service *service)
369 for (i=0; parm_table[i].label; i++) {
370 free_one_parameter(service, parm_table[i]);
375 * Free the allocated data for one parameter for a given share
376 * specified by an snum.
378 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
383 parm_ptr = lp_parm_ptr(NULL, &parm);
384 } else if (parm.p_class != P_LOCAL) {
387 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
390 free_one_parameter_common(parm_ptr, parm);
394 * Free the allocated parameter data for a share specified
397 static void free_parameters_by_snum(int snum)
401 for (i=0; parm_table[i].label; i++) {
402 free_one_parameter_by_snum(snum, parm_table[i]);
407 * Free the allocated global parameters.
409 static void free_global_parameters(void)
412 struct parm_struct *parm;
414 free_param_opts(&Globals.param_opt);
415 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
417 /* Reset references in the defaults because the context is going to be freed */
418 for (i=0; parm_table[i].label; i++) {
419 parm = &parm_table[i];
420 if ((parm->type == P_STRING) ||
421 (parm->type == P_USTRING)) {
422 if ((parm->def.svalue != NULL) &&
423 (*(parm->def.svalue) != '\0')) {
424 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
425 parm->def.svalue = NULL;
430 TALLOC_FREE(Globals.ctx);
433 struct lp_stored_option {
434 struct lp_stored_option *prev, *next;
439 static struct lp_stored_option *stored_options;
442 save options set by lp_set_cmdline() into a list. This list is
443 re-applied when we do a globals reset, so that cmdline set options
444 are sticky across reloads of smb.conf
446 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
448 struct lp_stored_option *entry, *entry_next;
449 for (entry = stored_options; entry != NULL; entry = entry_next) {
450 entry_next = entry->next;
451 if (strcmp(pszParmName, entry->label) == 0) {
452 DLIST_REMOVE(stored_options, entry);
458 entry = talloc(NULL, struct lp_stored_option);
463 entry->label = talloc_strdup(entry, pszParmName);
469 entry->value = talloc_strdup(entry, pszParmValue);
475 DLIST_ADD_END(stored_options, entry);
480 static bool apply_lp_set_cmdline(void)
482 struct lp_stored_option *entry = NULL;
483 for (entry = stored_options; entry != NULL; entry = entry->next) {
484 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
485 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
486 entry->label, entry->value));
493 /***************************************************************************
494 Initialise the global parameter structure.
495 ***************************************************************************/
497 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
499 static bool done_init = false;
503 /* If requested to initialize only once and we've already done it... */
504 if (!reinit_globals && done_init) {
505 /* ... then we have nothing more to do */
510 /* The logfile can be set before this is invoked. Free it if so. */
511 lpcfg_string_free(&Globals.logfile);
514 free_global_parameters();
517 /* This memset and the free_global_parameters() above will
518 * wipe out smb.conf options set with lp_set_cmdline(). The
519 * apply_lp_set_cmdline() call puts these values back in the
520 * table once the defaults are set */
521 ZERO_STRUCT(Globals);
523 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
525 /* Initialize the flags list if necessary */
526 if (flags_list == NULL) {
530 for (i = 0; parm_table[i].label; i++) {
531 if ((parm_table[i].type == P_STRING ||
532 parm_table[i].type == P_USTRING))
536 (char **)lp_parm_ptr(NULL, &parm_table[i]),
542 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
543 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
545 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
547 sDefault.ntvfs_handler = str_list_make_v3_const(NULL, "unixuid default", NULL);
549 DEBUG(3, ("Initialising global parameters\n"));
551 /* Must manually force to upper case here, as this does not go via the handler */
552 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
555 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
556 get_dyn_SMB_PASSWD_FILE());
557 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
558 get_dyn_PRIVATE_DIR());
559 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
560 get_dyn_BINDDNS_DIR());
562 /* use the new 'hash2' method by default, with a prefix of 1 */
563 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
564 Globals.mangle_prefix = 1;
566 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
568 /* using UTF8 by default allows us to support all chars */
569 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
570 DEFAULT_UNIX_CHARSET);
572 /* Use codepage 850 as a default for the dos character set */
573 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
574 DEFAULT_DOS_CHARSET);
577 * Allow the default PASSWD_CHAT to be overridden in local.h.
579 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
580 DEFAULT_PASSWD_CHAT);
582 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
584 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
585 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
587 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
589 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
591 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
593 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
596 * By default support explicit binding to broadcast
599 Globals.nmbd_bind_explicit_broadcast = true;
601 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
603 smb_panic("init_globals: ENOMEM");
605 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
608 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
609 "/bin/sleep 999999999");
612 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
613 DEFAULT_SOCKET_OPTIONS);
615 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
616 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
617 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
618 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
619 "\\\\%N\\%U\\profile");
621 Globals.name_resolve_order =
622 str_list_make_v3_const(Globals.ctx,
623 DEFAULT_NAME_RESOLVE_ORDER,
625 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
627 Globals.algorithmic_rid_base = BASE_RID;
629 Globals.load_printers = true;
630 Globals.printcap_cache_time = 750; /* 12.5 minutes */
632 Globals.config_backend = config_backend;
633 Globals._server_role = ROLE_AUTO;
635 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
636 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
637 Globals.max_xmit = 0x4104;
638 Globals.max_mux = 50; /* This is *needed* for profile support. */
639 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
640 Globals._disable_spoolss = false;
641 Globals.max_smbd_processes = 0;/* no limit specified */
642 Globals.username_level = 0;
643 Globals.deadtime = 10080;
644 Globals.getwd_cache = true;
645 Globals.large_readwrite = true;
646 Globals.max_log_size = 5000;
647 Globals.max_open_files = max_open_files();
648 Globals.server_max_protocol = PROTOCOL_SMB3_11;
649 Globals.server_min_protocol = PROTOCOL_SMB2_02;
650 Globals._client_max_protocol = PROTOCOL_DEFAULT;
651 Globals.client_min_protocol = PROTOCOL_SMB2_02;
652 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
653 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
654 Globals._security = SEC_AUTO;
655 Globals.encrypt_passwords = true;
656 Globals.client_schannel = true;
657 Globals.winbind_sealed_pipes = true;
658 Globals.require_strong_key = true;
659 Globals.server_schannel = true;
660 Globals.read_raw = true;
661 Globals.write_raw = true;
662 Globals.null_passwords = false;
663 Globals.old_password_allowed_period = 60;
664 Globals.obey_pam_restrictions = false;
666 Globals.syslog_only = false;
667 Globals.timestamp_logs = true;
668 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
669 Globals.debug_prefix_timestamp = false;
670 Globals.debug_hires_timestamp = true;
671 Globals.debug_pid = false;
672 Globals.debug_uid = false;
673 Globals.debug_class = false;
674 Globals.enable_core_files = true;
675 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
676 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
677 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
678 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
679 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
680 Globals.lm_interval = 60;
681 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
682 Globals.nis_homedir = false;
683 #ifdef WITH_NISPLUS_HOME
684 lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
685 "auto_home.org_dir");
687 lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
690 Globals.time_server = false;
691 Globals.bind_interfaces_only = false;
692 Globals.unix_password_sync = false;
693 Globals.pam_password_change = false;
694 Globals.passwd_chat_debug = false;
695 Globals.passwd_chat_timeout = 2; /* 2 second default. */
696 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
697 Globals.nt_status_support = true; /* Use NT status by default. */
698 Globals.smbd_profiling_level = 0;
699 Globals.stat_cache = true; /* use stat cache by default */
700 Globals.max_stat_cache_size = 512; /* 512k by default */
701 Globals.restrict_anonymous = 0;
702 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
703 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
704 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
705 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
706 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
707 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
708 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
710 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
712 Globals.map_to_guest = 0; /* By Default, "Never" */
713 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
714 Globals.enhanced_browsing = true;
715 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
716 Globals.use_mmap = true;
717 Globals.unicode = true;
718 Globals.unix_extensions = true;
719 Globals.reset_on_zero_vc = false;
720 Globals.log_writeable_files_on_exit = false;
721 Globals.create_krb5_conf = true;
722 Globals.include_system_krb5_conf = true;
723 Globals._winbind_max_domain_connections = 1;
725 /* hostname lookups can be very expensive and are broken on
726 a large number of sites (tridge) */
727 Globals.hostname_lookups = false;
729 Globals.change_notify = true,
730 Globals.kernel_change_notify = true,
732 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
733 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
734 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
735 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
739 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
740 Globals.ldap_ssl = LDAP_SSL_START_TLS;
741 Globals.ldap_ssl_ads = false;
742 Globals.ldap_deref = -1;
743 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
744 Globals.ldap_delete_dn = false;
745 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
746 Globals.ldap_follow_referral = Auto;
747 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
748 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
749 Globals.ldap_page_size = LDAP_PAGE_SIZE;
751 Globals.ldap_debug_level = 0;
752 Globals.ldap_debug_threshold = 10;
754 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
756 Globals.ldap_server_require_strong_auth =
757 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
759 /* This is what we tell the afs client. in reality we set the token
760 * to never expire, though, when this runs out the afs client will
761 * forget the token. Set to 0 to get NEVERDATE.*/
762 Globals.afs_token_lifetime = 604800;
763 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
765 /* these parameters are set to defaults that are more appropriate
766 for the increasing samba install base:
768 as a member of the workgroup, that will possibly become a
769 _local_ master browser (lm = true). this is opposed to a forced
770 local master browser startup (pm = true).
772 doesn't provide WINS server service by default (wsupp = false),
773 and doesn't provide domain master browser services by default, either.
777 Globals.show_add_printer_wizard = true;
778 Globals.os_level = 20;
779 Globals.local_master = true;
780 Globals._domain_master = Auto; /* depending on _domain_logons */
781 Globals._domain_logons = false;
782 Globals.browse_list = true;
783 Globals.we_are_a_wins_server = false;
784 Globals.wins_proxy = false;
786 TALLOC_FREE(Globals.init_logon_delayed_hosts);
787 Globals.init_logon_delay = 100; /* 100 ms default delay */
789 Globals.wins_dns_proxy = true;
791 Globals.allow_trusted_domains = true;
792 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
794 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
795 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
797 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
798 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
799 dyn_WINBINDD_SOCKET_DIR);
801 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
802 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
804 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
806 Globals.cluster_addresses = NULL;
807 Globals.clustering = false;
808 Globals.ctdb_timeout = 0;
809 Globals.ctdb_locktime_warn_threshold = 0;
811 Globals.winbind_cache_time = 300; /* 5 minutes */
812 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
813 Globals.winbind_request_timeout = 60; /* 60 seconds */
814 Globals.winbind_max_clients = 200;
815 Globals.winbind_enum_users = false;
816 Globals.winbind_enum_groups = false;
817 Globals.winbind_use_default_domain = false;
818 Globals.winbind_nested_groups = true;
819 Globals.winbind_expand_groups = 0;
820 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
821 Globals.winbind_refresh_tickets = false;
822 Globals.winbind_offline_logon = false;
823 Globals.winbind_scan_trusted_domains = true;
825 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
826 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
828 Globals.passdb_expand_explicit = false;
830 Globals.name_cache_timeout = 660; /* In seconds */
832 Globals.client_use_spnego = true;
834 Globals.client_signing = SMB_SIGNING_DEFAULT;
835 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
836 Globals.server_signing = SMB_SIGNING_DEFAULT;
838 Globals.defer_sharing_violations = true;
839 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
841 Globals.enable_privileges = true;
842 Globals.host_msdfs = true;
843 Globals.enable_asu_support = false;
845 /* User defined shares. */
846 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
848 smb_panic("init_globals: ENOMEM");
850 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
852 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
853 Globals.usershare_max_shares = 0;
854 /* By default disallow sharing of directories not owned by the sharer. */
855 Globals.usershare_owner_only = true;
856 /* By default disallow guest access to usershares. */
857 Globals.usershare_allow_guests = false;
859 Globals.keepalive = DEFAULT_KEEPALIVE;
861 /* By default no shares out of the registry */
862 Globals.registry_shares = false;
864 Globals.min_receivefile_size = 0;
866 Globals.multicast_dns_register = true;
868 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
869 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
870 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
871 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
872 Globals.smb2_leases = true;
874 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
875 get_dyn_NCALRPCDIR());
877 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
879 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
881 Globals.tls_enabled = true;
882 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
884 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
885 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
886 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
887 lpcfg_string_set(Globals.ctx, &Globals.tls_priority,
888 "NORMAL:-VERS-SSL3.0");
890 lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
892 Globals._preferred_master = Auto;
894 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
895 Globals.dns_zone_scavenging = false;
897 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
898 get_dyn_NTP_SIGND_SOCKET_DIR());
900 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
902 smb_panic("init_globals: ENOMEM");
904 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
908 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
911 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
913 smb_panic("init_globals: ENOMEM");
915 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
918 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
920 smb_panic("init_globals: ENOMEM");
922 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
925 Globals.apply_group_policies = false;
927 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
929 smb_panic("init_globals: ENOMEM");
931 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
934 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
936 Globals.rndc_command = str_list_make_v3_const(NULL, "/usr/sbin/rndc", NULL);
938 Globals.cldap_port = 389;
940 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
942 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
944 Globals.krb5_port = 88;
946 Globals.kpasswd_port = 464;
948 Globals.aio_max_threads = 100;
950 lpcfg_string_set(Globals.ctx,
951 &Globals.rpc_server_dynamic_port_range,
953 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
954 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
955 Globals.prefork_children = 4;
956 Globals.prefork_backoff_increment = 10;
957 Globals.prefork_maximum_backoff = 120;
959 /* Now put back the settings that were set with lp_set_cmdline() */
960 apply_lp_set_cmdline();
963 /* Convenience routine to setup an lp_context with additional s3 variables */
964 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
966 struct loadparm_context *lp_ctx;
968 lp_ctx = loadparm_init_s3(mem_ctx,
969 loadparm_s3_helpers());
970 if (lp_ctx == NULL) {
971 DEBUG(0, ("loadparm_init_s3 failed\n"));
975 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
976 if (lp_ctx->sDefault == NULL) {
977 DBG_ERR("talloc_zero failed\n");
982 *lp_ctx->sDefault = _sDefault;
983 lp_ctx->services = NULL; /* We do not want to access this directly */
984 lp_ctx->bInGlobalSection = bInGlobalSection;
985 lp_ctx->flags = flags_list;
990 /*******************************************************************
991 Convenience routine to grab string parameters into talloced memory
992 and run standard_sub_basic on them. The buffers can be written to by
993 callers without affecting the source string.
994 ********************************************************************/
996 char *lp_string(TALLOC_CTX *ctx, const char *s)
1000 /* The follow debug is useful for tracking down memory problems
1001 especially if you have an inner loop that is calling a lp_*()
1002 function that returns a string. Perhaps this debug should be
1003 present all the time? */
1006 DEBUG(10, ("lp_string(%s)\n", s));
1012 ret = talloc_sub_basic(ctx,
1013 get_current_username(),
1014 current_user_info.domain,
1016 if (trim_char(ret, '\"', '\"')) {
1017 if (strchr(ret,'\"') != NULL) {
1019 ret = talloc_sub_basic(ctx,
1020 get_current_username(),
1021 current_user_info.domain,
1029 In this section all the functions that are used to access the
1030 parameters from the rest of the program are defined
1033 #define FN_GLOBAL_STRING(fn_name,ptr) \
1034 char *lp_ ## fn_name(TALLOC_CTX *ctx) {return(lp_string((ctx), *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : ""));}
1035 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1036 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1037 #define FN_GLOBAL_LIST(fn_name,ptr) \
1038 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1039 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1040 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1041 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1042 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1043 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1044 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1046 #define FN_LOCAL_STRING(fn_name,val) \
1047 char *lp_ ## fn_name(TALLOC_CTX *ctx,int i) {return(lp_string((ctx), (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));}
1048 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1049 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1050 #define FN_LOCAL_LIST(fn_name,val) \
1051 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1052 #define FN_LOCAL_BOOL(fn_name,val) \
1053 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1054 #define FN_LOCAL_INTEGER(fn_name,val) \
1055 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1057 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1058 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1059 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1060 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1061 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1062 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1064 int lp_winbind_max_domain_connections(void)
1066 if (lp_winbind_offline_logon() &&
1067 lp__winbind_max_domain_connections() > 1) {
1068 DEBUG(1, ("offline logons active, restricting max domain "
1069 "connections to 1\n"));
1072 return MAX(1, lp__winbind_max_domain_connections());
1075 /* These functions remain in source3/param for now */
1077 #include "lib/param/param_functions.c"
1079 FN_LOCAL_STRING(servicename, szService)
1080 FN_LOCAL_CONST_STRING(const_servicename, szService)
1082 /* These functions cannot be auto-generated */
1083 FN_LOCAL_BOOL(autoloaded, autoloaded)
1084 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1086 /* local prototypes */
1088 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1089 static const char *get_boolean(bool bool_value);
1090 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1092 static bool hash_a_service(const char *name, int number);
1093 static void free_service_byindex(int iService);
1094 static void show_parameter(int parmIndex);
1095 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1096 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1099 * This is a helper function for parametrical options support. It returns a
1100 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1101 * parametrical functions are quite simple
1103 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1106 if (snum >= iNumServices) return NULL;
1109 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1111 return get_parametric_helper(ServicePtrs[snum],
1112 type, option, Globals.param_opt);
1116 static void discard_whitespace(char *str)
1118 size_t len = strlen(str);
1122 if (isspace(str[i])) {
1123 memmove(&str[i], &str[i+1], len-i);
1132 * @brief Go through all global parametric parameters
1134 * @param regex_str A regular expression to scan param for
1135 * @param max_matches Max number of submatches the regexp expects
1136 * @param cb Function to call on match. Should return true
1137 * when it wants wi_scan_global_parametrics to stop
1139 * @param private_data Anonymous pointer passed to cb
1141 * @return 0: success, regcomp/regexec return value on error.
1142 * See "man regexec" for possible errors
1145 int lp_wi_scan_global_parametrics(
1146 const char *regex_str, size_t max_matches,
1147 bool (*cb)(const char *string, regmatch_t matches[],
1148 void *private_data),
1151 struct parmlist_entry *data;
1155 ret = regcomp(®ex, regex_str, REG_ICASE);
1160 for (data = Globals.param_opt; data != NULL; data = data->next) {
1161 size_t keylen = strlen(data->key);
1163 regmatch_t matches[max_matches];
1166 memcpy(key, data->key, sizeof(key));
1167 discard_whitespace(key);
1169 ret = regexec(®ex, key, max_matches, matches, 0);
1170 if (ret == REG_NOMATCH) {
1177 stop = cb(key, matches, private_data);
1190 #define MISSING_PARAMETER(name) \
1191 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1193 /*******************************************************************
1194 convenience routine to return enum parameters.
1195 ********************************************************************/
1196 static int lp_enum(const char *s,const struct enum_list *_enum)
1200 if (!s || !*s || !_enum) {
1201 MISSING_PARAMETER(lp_enum);
1205 for (i=0; _enum[i].name; i++) {
1206 if (strequal(_enum[i].name,s))
1207 return _enum[i].value;
1210 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1214 #undef MISSING_PARAMETER
1216 /* Return parametric option from a given service. Type is a part of option before ':' */
1217 /* Parametric option has following syntax: 'Type: option = value' */
1218 char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def)
1220 struct parmlist_entry *data = get_parametrics(snum, type, option);
1222 if (data == NULL||data->value==NULL) {
1224 return lp_string(ctx, def);
1230 return lp_string(ctx, data->value);
1233 /* Return parametric option from a given service. Type is a part of option before ':' */
1234 /* Parametric option has following syntax: 'Type: option = value' */
1235 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1237 struct parmlist_entry *data = get_parametrics(snum, type, option);
1239 if (data == NULL||data->value==NULL)
1246 /* Return parametric option from a given service. Type is a part of option before ':' */
1247 /* Parametric option has following syntax: 'Type: option = value' */
1249 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1251 struct parmlist_entry *data = get_parametrics(snum, type, option);
1253 if (data == NULL||data->value==NULL)
1254 return (const char **)def;
1256 if (data->list==NULL) {
1257 data->list = str_list_make_v3(NULL, data->value, NULL);
1260 return discard_const_p(const char *, data->list);
1263 /* Return parametric option from a given service. Type is a part of option before ':' */
1264 /* Parametric option has following syntax: 'Type: option = value' */
1266 int lp_parm_int(int snum, const char *type, const char *option, int def)
1268 struct parmlist_entry *data = get_parametrics(snum, type, option);
1270 if (data && data->value && *data->value)
1271 return lp_int(data->value);
1276 /* Return parametric option from a given service. Type is a part of option before ':' */
1277 /* Parametric option has following syntax: 'Type: option = value' */
1279 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1281 struct parmlist_entry *data = get_parametrics(snum, type, option);
1283 if (data && data->value && *data->value)
1284 return lp_ulong(data->value);
1289 /* Return parametric option from a given service. Type is a part of option before ':' */
1290 /* Parametric option has following syntax: 'Type: option = value' */
1292 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1293 const char *option, unsigned long long def)
1295 struct parmlist_entry *data = get_parametrics(snum, type, option);
1297 if (data && data->value && *data->value) {
1298 return lp_ulonglong(data->value);
1304 /* Return parametric option from a given service. Type is a part of option
1306 /* Parametric option has following syntax: 'Type: option = value' */
1308 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1310 struct parmlist_entry *data = get_parametrics(snum, type, option);
1312 if (data && data->value && *data->value)
1313 return lp_bool(data->value);
1318 /* Return parametric option from a given service. Type is a part of option before ':' */
1319 /* Parametric option has following syntax: 'Type: option = value' */
1321 int lp_parm_enum(int snum, const char *type, const char *option,
1322 const struct enum_list *_enum, int def)
1324 struct parmlist_entry *data = get_parametrics(snum, type, option);
1326 if (data && data->value && *data->value && _enum)
1327 return lp_enum(data->value, _enum);
1333 * free a param_opts structure.
1334 * param_opts handling should be moved to talloc;
1335 * then this whole functions reduces to a TALLOC_FREE().
1338 static void free_param_opts(struct parmlist_entry **popts)
1340 struct parmlist_entry *opt, *next_opt;
1342 if (*popts != NULL) {
1343 DEBUG(5, ("Freeing parametrics:\n"));
1346 while (opt != NULL) {
1347 lpcfg_string_free(&opt->key);
1348 lpcfg_string_free(&opt->value);
1349 TALLOC_FREE(opt->list);
1350 next_opt = opt->next;
1357 /***************************************************************************
1358 Free the dynamically allocated parts of a service struct.
1359 ***************************************************************************/
1361 static void free_service(struct loadparm_service *pservice)
1366 if (pservice->szService)
1367 DEBUG(5, ("free_service: Freeing service %s\n",
1368 pservice->szService));
1370 free_parameters(pservice);
1372 lpcfg_string_free(&pservice->szService);
1373 TALLOC_FREE(pservice->copymap);
1375 free_param_opts(&pservice->param_opt);
1377 ZERO_STRUCTP(pservice);
1381 /***************************************************************************
1382 remove a service indexed in the ServicePtrs array from the ServiceHash
1383 and free the dynamically allocated parts
1384 ***************************************************************************/
1386 static void free_service_byindex(int idx)
1388 if ( !LP_SNUM_OK(idx) )
1391 ServicePtrs[idx]->valid = false;
1393 /* we have to cleanup the hash record */
1395 if (ServicePtrs[idx]->szService) {
1396 char *canon_name = canonicalize_servicename(
1398 ServicePtrs[idx]->szService );
1400 dbwrap_delete_bystring(ServiceHash, canon_name );
1401 TALLOC_FREE(canon_name);
1404 free_service(ServicePtrs[idx]);
1405 TALLOC_FREE(ServicePtrs[idx]);
1408 /***************************************************************************
1409 Add a new service to the services array initialising it with the given
1411 ***************************************************************************/
1413 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1416 struct loadparm_service **tsp = NULL;
1418 /* it might already exist */
1420 i = getservicebyname(name, NULL);
1426 /* Re use empty slots if any before allocating new one.*/
1427 for (i=0; i < iNumServices; i++) {
1428 if (ServicePtrs[i] == NULL) {
1432 if (i == iNumServices) {
1433 /* if not, then create one */
1434 tsp = talloc_realloc(NULL, ServicePtrs,
1435 struct loadparm_service *,
1438 DEBUG(0, ("add_a_service: failed to enlarge "
1445 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1446 if (!ServicePtrs[i]) {
1447 DEBUG(0,("add_a_service: out of memory!\n"));
1451 ServicePtrs[i]->valid = true;
1453 copy_service(ServicePtrs[i], pservice, NULL);
1455 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1458 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1459 i, ServicePtrs[i]->szService));
1461 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1468 /***************************************************************************
1469 Convert a string to uppercase and remove whitespaces.
1470 ***************************************************************************/
1472 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1477 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1481 result = talloc_strdup(ctx, src);
1482 SMB_ASSERT(result != NULL);
1484 if (!strlower_m(result)) {
1485 TALLOC_FREE(result);
1491 /***************************************************************************
1492 Add a name/index pair for the services array to the hash table.
1493 ***************************************************************************/
1495 static bool hash_a_service(const char *name, int idx)
1499 if ( !ServiceHash ) {
1500 DEBUG(10,("hash_a_service: creating servicehash\n"));
1501 ServiceHash = db_open_rbt(NULL);
1502 if ( !ServiceHash ) {
1503 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1508 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1511 canon_name = canonicalize_servicename(talloc_tos(), name );
1513 dbwrap_store_bystring(ServiceHash, canon_name,
1514 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1517 TALLOC_FREE(canon_name);
1522 /***************************************************************************
1523 Add a new home service, with the specified home directory, defaults coming
1525 ***************************************************************************/
1527 bool lp_add_home(const char *pszHomename, int iDefaultService,
1528 const char *user, const char *pszHomedir)
1533 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1534 pszHomedir[0] == '\0') {
1538 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1543 global_path = lp_path(talloc_tos(), GLOBAL_SECTION_SNUM);
1544 if (!(*(ServicePtrs[iDefaultService]->path))
1545 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1546 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1549 TALLOC_FREE(global_path);
1551 if (!(*(ServicePtrs[i]->comment))) {
1552 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1553 if (comment == NULL) {
1556 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1558 TALLOC_FREE(comment);
1561 /* set the browseable flag from the global default */
1563 ServicePtrs[i]->browseable = sDefault.browseable;
1564 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1566 ServicePtrs[i]->autoloaded = true;
1568 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1569 user, ServicePtrs[i]->path ));
1574 /***************************************************************************
1575 Add a new service, based on an old one.
1576 ***************************************************************************/
1578 int lp_add_service(const char *pszService, int iDefaultService)
1580 if (iDefaultService < 0) {
1581 return add_a_service(&sDefault, pszService);
1584 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1587 /***************************************************************************
1588 Add the IPC service.
1589 ***************************************************************************/
1591 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1593 char *comment = NULL;
1594 int i = add_a_service(&sDefault, ipc_name);
1599 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1600 Globals.server_string);
1601 if (comment == NULL) {
1605 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1606 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1607 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1608 ServicePtrs[i]->max_connections = 0;
1609 ServicePtrs[i]->available = true;
1610 ServicePtrs[i]->read_only = true;
1611 ServicePtrs[i]->guest_only = false;
1612 ServicePtrs[i]->administrative_share = true;
1613 ServicePtrs[i]->guest_ok = guest_ok;
1614 ServicePtrs[i]->printable = false;
1615 ServicePtrs[i]->browseable = sDefault.browseable;
1616 ServicePtrs[i]->autoloaded = false;
1618 DEBUG(3, ("adding IPC service\n"));
1620 TALLOC_FREE(comment);
1624 /***************************************************************************
1625 Add a new printer service, with defaults coming from service iFrom.
1626 ***************************************************************************/
1628 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1630 const char *comment = "From Printcap";
1631 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1636 /* note that we do NOT default the availability flag to true - */
1637 /* we take it from the default service passed. This allows all */
1638 /* dynamic printers to be disabled by disabling the [printers] */
1639 /* entry (if/when the 'available' keyword is implemented!). */
1641 /* the printer name is set to the service name. */
1642 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1644 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1646 /* set the browseable flag from the gloabl default */
1647 ServicePtrs[i]->browseable = sDefault.browseable;
1649 /* Printers cannot be read_only. */
1650 ServicePtrs[i]->read_only = false;
1651 /* No oplocks on printer services. */
1652 ServicePtrs[i]->oplocks = false;
1653 /* Printer services must be printable. */
1654 ServicePtrs[i]->printable = true;
1656 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1662 /***************************************************************************
1663 Check whether the given parameter name is valid.
1664 Parametric options (names containing a colon) are considered valid.
1665 ***************************************************************************/
1667 bool lp_parameter_is_valid(const char *pszParmName)
1669 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1670 (strchr(pszParmName, ':') != NULL));
1673 /***************************************************************************
1674 Check whether the given name is the name of a global parameter.
1675 Returns true for strings belonging to parameters of class
1676 P_GLOBAL, false for all other strings, also for parametric options
1677 and strings not belonging to any option.
1678 ***************************************************************************/
1680 bool lp_parameter_is_global(const char *pszParmName)
1682 int num = lpcfg_map_parameter(pszParmName);
1685 return (parm_table[num].p_class == P_GLOBAL);
1691 /**************************************************************************
1692 Determine the canonical name for a parameter.
1693 Indicate when it is an inverse (boolean) synonym instead of a
1695 **************************************************************************/
1697 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1702 if (!lp_parameter_is_valid(parm_name)) {
1707 num = map_parameter_canonical(parm_name, inverse);
1709 /* parametric option */
1710 *canon_parm = parm_name;
1712 *canon_parm = parm_table[num].label;
1719 /**************************************************************************
1720 Determine the canonical name for a parameter.
1721 Turn the value given into the inverse boolean expression when
1722 the synonym is an invers boolean synonym.
1725 - parm_name is a valid parameter name and
1726 - val is a valid value for this parameter and
1727 - in case the parameter is an inverse boolean synonym, if the val
1728 string could successfully be converted to the reverse bool.
1729 Return false in all other cases.
1730 **************************************************************************/
1732 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1734 const char **canon_parm,
1735 const char **canon_val)
1741 if (!lp_parameter_is_valid(parm_name)) {
1747 num = map_parameter_canonical(parm_name, &inverse);
1749 /* parametric option */
1750 *canon_parm = parm_name;
1755 *canon_parm = parm_table[num].label;
1757 if (!lp_invert_boolean(val, canon_val)) {
1765 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1770 /***************************************************************************
1771 Map a parameter's string representation to the index of the canonical
1772 form of the parameter (it might be a synonym).
1773 Returns -1 if the parameter string is not recognised.
1774 ***************************************************************************/
1776 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1778 int parm_num, canon_num;
1779 bool loc_inverse = false;
1781 parm_num = lpcfg_map_parameter(pszParmName);
1782 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1783 /* invalid, parametric or no canidate for synonyms ... */
1787 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1788 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1789 parm_num = canon_num;
1795 if (inverse != NULL) {
1796 *inverse = loc_inverse;
1801 /***************************************************************************
1802 return true if parameter number parm1 is a synonym of parameter
1803 number parm2 (parm2 being the principal name).
1804 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1806 ***************************************************************************/
1808 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1810 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1811 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1812 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1813 !(parm_table[parm2].flags & FLAG_SYNONYM))
1815 if (inverse != NULL) {
1816 if ((parm_table[parm1].type == P_BOOLREV) &&
1817 (parm_table[parm2].type == P_BOOL))
1829 /***************************************************************************
1830 Show one parameter's name, type, [values,] and flags.
1831 (helper functions for show_parameter_list)
1832 ***************************************************************************/
1834 static void show_parameter(int parmIndex)
1836 size_t enumIndex, flagIndex;
1841 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1842 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1843 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1844 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1845 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1847 printf("%s=%s", parm_table[parmIndex].label,
1848 type[parm_table[parmIndex].type]);
1849 if (parm_table[parmIndex].type == P_ENUM) {
1852 parm_table[parmIndex].enum_list[enumIndex].name;
1856 enumIndex ? "|" : "",
1857 parm_table[parmIndex].enum_list[enumIndex].name);
1862 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1863 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1866 flag_names[flagIndex]);
1871 /* output synonyms */
1873 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1874 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1875 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1876 parm_table[parmIndex2].label);
1877 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1879 printf(" (synonyms: ");
1884 printf("%s%s", parm_table[parmIndex2].label,
1885 inverse ? "[i]" : "");
1896 * Check the value for a P_ENUM
1898 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1902 for (i = 0; parm->enum_list[i].name; i++) {
1903 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1910 /**************************************************************************
1911 Check whether the given value is valid for the given parameter name.
1912 **************************************************************************/
1914 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1916 bool ret = false, tmp_bool;
1917 int num = lpcfg_map_parameter(parm_name), tmp_int;
1918 uint64_t tmp_int64 = 0;
1919 struct parm_struct *parm;
1921 /* parametric options (parameter names containing a colon) cannot
1922 be checked and are therefore considered valid. */
1923 if (strchr(parm_name, ':') != NULL) {
1928 parm = &parm_table[num];
1929 switch (parm->type) {
1932 ret = set_boolean(val, &tmp_bool);
1936 ret = (sscanf(val, "%d", &tmp_int) == 1);
1940 ret = (sscanf(val, "%o", &tmp_int) == 1);
1944 ret = check_enum_parameter(parm, val);
1948 if (conv_str_size_error(val, &tmp_int64) &&
1949 tmp_int64 <= INT_MAX) {
1966 /***************************************************************************
1967 Show all parameter's name, type, [values,] and flags.
1968 ***************************************************************************/
1970 void show_parameter_list(void)
1972 int classIndex, parmIndex;
1973 const char *section_names[] = { "local", "global", NULL};
1975 for (classIndex=0; section_names[classIndex]; classIndex++) {
1976 printf("[%s]\n", section_names[classIndex]);
1977 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
1978 if (parm_table[parmIndex].p_class == classIndex) {
1979 show_parameter(parmIndex);
1985 /***************************************************************************
1986 Get the standard string representation of a boolean value ("yes" or "no")
1987 ***************************************************************************/
1989 static const char *get_boolean(bool bool_value)
1991 static const char *yes_str = "yes";
1992 static const char *no_str = "no";
1994 return (bool_value ? yes_str : no_str);
1997 /***************************************************************************
1998 Provide the string of the negated boolean value associated to the boolean
1999 given as a string. Returns false if the passed string does not correctly
2000 represent a boolean.
2001 ***************************************************************************/
2003 bool lp_invert_boolean(const char *str, const char **inverse_str)
2007 if (!set_boolean(str, &val)) {
2011 *inverse_str = get_boolean(!val);
2015 /***************************************************************************
2016 Provide the canonical string representation of a boolean value given
2017 as a string. Return true on success, false if the string given does
2018 not correctly represent a boolean.
2019 ***************************************************************************/
2021 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2025 if (!set_boolean(str, &val)) {
2029 *canon_str = get_boolean(val);
2033 /***************************************************************************
2034 Find a service by name. Otherwise works like get_service.
2035 ***************************************************************************/
2037 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2044 if (ServiceHash == NULL) {
2048 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2050 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2053 if (NT_STATUS_IS_OK(status) &&
2054 (data.dptr != NULL) &&
2055 (data.dsize == sizeof(iService)))
2057 memcpy(&iService, data.dptr, sizeof(iService));
2060 TALLOC_FREE(canon_name);
2062 if ((iService != -1) && (LP_SNUM_OK(iService))
2063 && (pserviceDest != NULL)) {
2064 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2070 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2071 struct loadparm_service *lp_service(const char *pszServiceName)
2073 int iService = getservicebyname(pszServiceName, NULL);
2074 if (iService == -1 || !LP_SNUM_OK(iService)) {
2077 return ServicePtrs[iService];
2080 struct loadparm_service *lp_servicebynum(int snum)
2082 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2085 return ServicePtrs[snum];
2088 struct loadparm_service *lp_default_loadparm_service()
2093 static struct smbconf_ctx *lp_smbconf_ctx(void)
2096 static struct smbconf_ctx *conf_ctx = NULL;
2098 if (conf_ctx == NULL) {
2099 err = smbconf_init(NULL, &conf_ctx, "registry:");
2100 if (!SBC_ERROR_IS_OK(err)) {
2101 DEBUG(1, ("error initializing registry configuration: "
2102 "%s\n", sbcErrorString(err)));
2110 static bool process_smbconf_service(struct smbconf_service *service)
2115 if (service == NULL) {
2119 ret = lp_do_section(service->name, NULL);
2123 for (count = 0; count < service->num_params; count++) {
2125 if (!bInGlobalSection && bGlobalOnly) {
2128 const char *pszParmName = service->param_names[count];
2129 const char *pszParmValue = service->param_values[count];
2131 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2133 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2134 pszParmName, pszParmValue);
2141 if (iServiceIndex >= 0) {
2142 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2148 * load a service from registry and activate it
2150 bool process_registry_service(const char *service_name)
2153 struct smbconf_service *service = NULL;
2154 TALLOC_CTX *mem_ctx = talloc_stackframe();
2155 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2158 if (conf_ctx == NULL) {
2162 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2164 if (!smbconf_share_exists(conf_ctx, service_name)) {
2166 * Registry does not contain data for this service (yet),
2167 * but make sure lp_load doesn't return false.
2173 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2174 if (!SBC_ERROR_IS_OK(err)) {
2178 ret = process_smbconf_service(service);
2184 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2187 TALLOC_FREE(mem_ctx);
2192 * process_registry_globals
2194 static bool process_registry_globals(void)
2198 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2200 if (!bInGlobalSection && bGlobalOnly) {
2203 const char *pszParmName = "registry shares";
2204 const char *pszParmValue = "yes";
2206 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2208 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2209 pszParmName, pszParmValue);
2216 return process_registry_service(GLOBAL_NAME);
2219 bool process_registry_shares(void)
2223 struct smbconf_service **service = NULL;
2224 uint32_t num_shares = 0;
2225 TALLOC_CTX *mem_ctx = talloc_stackframe();
2226 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2229 if (conf_ctx == NULL) {
2233 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2234 if (!SBC_ERROR_IS_OK(err)) {
2240 for (count = 0; count < num_shares; count++) {
2241 if (strequal(service[count]->name, GLOBAL_NAME)) {
2244 ret = process_smbconf_service(service[count]);
2251 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2254 TALLOC_FREE(mem_ctx);
2259 * reload those shares from registry that are already
2260 * activated in the services array.
2262 static bool reload_registry_shares(void)
2267 for (i = 0; i < iNumServices; i++) {
2272 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2276 ret = process_registry_service(ServicePtrs[i]->szService);
2287 #define MAX_INCLUDE_DEPTH 100
2289 static uint8_t include_depth;
2292 * Free the file lists
2294 static void free_file_list(void)
2296 struct file_lists *f;
2297 struct file_lists *next;
2310 * Utility function for outsiders to check if we're running on registry.
2312 bool lp_config_backend_is_registry(void)
2314 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2318 * Utility function to check if the config backend is FILE.
2320 bool lp_config_backend_is_file(void)
2322 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2325 /*******************************************************************
2326 Check if a config file has changed date.
2327 ********************************************************************/
2329 bool lp_file_list_changed(void)
2331 struct file_lists *f = file_lists;
2333 DEBUG(6, ("lp_file_list_changed()\n"));
2336 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2337 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2339 if (conf_ctx == NULL) {
2342 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2345 DEBUGADD(6, ("registry config changed\n"));
2352 n2 = talloc_sub_basic(talloc_tos(),
2353 get_current_username(),
2354 current_user_info.domain,
2359 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2360 f->name, n2, ctime(&f->modtime)));
2362 mod_time = file_modtime(n2);
2365 ((f->modtime != mod_time) ||
2366 (f->subfname == NULL) ||
2367 (strcmp(n2, f->subfname) != 0)))
2370 ("file %s modified: %s\n", n2,
2372 f->modtime = mod_time;
2373 TALLOC_FREE(f->subfname);
2374 f->subfname = talloc_strdup(f, n2);
2375 if (f->subfname == NULL) {
2376 smb_panic("talloc_strdup failed");
2390 * Initialize iconv conversion descriptors.
2392 * This is called the first time it is needed, and also called again
2393 * every time the configuration is reloaded, because the charset or
2394 * codepage might have changed.
2396 static void init_iconv(void)
2398 struct smb_iconv_handle *ret = NULL;
2400 ret = reinit_iconv_handle(NULL,
2404 smb_panic("reinit_iconv_handle failed");
2408 /***************************************************************************
2409 Handle the include operation.
2410 ***************************************************************************/
2411 static bool bAllowIncludeRegistry = true;
2413 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2414 const char *pszParmValue, char **ptr)
2418 if (include_depth >= MAX_INCLUDE_DEPTH) {
2419 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2424 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2425 if (!bAllowIncludeRegistry) {
2428 if (lp_ctx->bInGlobalSection) {
2431 ret = process_registry_globals();
2435 DEBUG(1, ("\"include = registry\" only effective "
2436 "in %s section\n", GLOBAL_NAME));
2441 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2442 current_user_info.domain,
2445 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2447 if (service == NULL) {
2448 lpcfg_string_set(Globals.ctx, ptr, fname);
2450 lpcfg_string_set(service, ptr, fname);
2453 if (file_exist(fname)) {
2456 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2462 DEBUG(2, ("Can't find include file %s\n", fname));
2467 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2469 char *config_option = NULL;
2470 const char *range = NULL;
2473 SMB_ASSERT(low != NULL);
2474 SMB_ASSERT(high != NULL);
2476 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2480 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2482 if (config_option == NULL) {
2483 DEBUG(0, ("out of memory\n"));
2487 range = lp_parm_const_string(-1, config_option, "range", NULL);
2488 if (range == NULL) {
2489 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2493 if (sscanf(range, "%u - %u", low, high) != 2) {
2494 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2495 range, domain_name));
2502 talloc_free(config_option);
2507 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2509 return lp_idmap_range("*", low, high);
2512 const char *lp_idmap_backend(const char *domain_name)
2514 char *config_option = NULL;
2515 const char *backend = NULL;
2517 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2521 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2523 if (config_option == NULL) {
2524 DEBUG(0, ("out of memory\n"));
2528 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2529 if (backend == NULL) {
2530 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2535 talloc_free(config_option);
2539 const char *lp_idmap_default_backend(void)
2541 return lp_idmap_backend("*");
2544 /***************************************************************************
2545 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2546 ***************************************************************************/
2548 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2550 const char *suffix_string;
2552 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2553 Globals.ldap_suffix );
2554 if ( !suffix_string ) {
2555 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2559 return suffix_string;
2562 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2564 if (Globals._ldap_machine_suffix[0])
2565 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2567 return lp_string(ctx, Globals.ldap_suffix);
2570 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2572 if (Globals._ldap_user_suffix[0])
2573 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2575 return lp_string(ctx, Globals.ldap_suffix);
2578 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2580 if (Globals._ldap_group_suffix[0])
2581 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2583 return lp_string(ctx, Globals.ldap_suffix);
2586 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2588 if (Globals._ldap_idmap_suffix[0])
2589 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2591 return lp_string(ctx, Globals.ldap_suffix);
2595 return the parameter pointer for a parameter
2597 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2599 if (service == NULL) {
2600 if (parm->p_class == P_LOCAL)
2601 return (void *)(((char *)&sDefault)+parm->offset);
2602 else if (parm->p_class == P_GLOBAL)
2603 return (void *)(((char *)&Globals)+parm->offset);
2606 return (void *)(((char *)service) + parm->offset);
2610 /***************************************************************************
2611 Process a parameter for a particular service number. If snum < 0
2612 then assume we are in the globals.
2613 ***************************************************************************/
2615 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2617 TALLOC_CTX *frame = talloc_stackframe();
2618 struct loadparm_context *lp_ctx;
2621 lp_ctx = setup_lp_context(frame);
2622 if (lp_ctx == NULL) {
2628 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2630 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2631 pszParmName, pszParmValue);
2639 /***************************************************************************
2640 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2641 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2642 ***************************************************************************/
2644 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2647 parmnum = lpcfg_map_parameter(pszParmName);
2649 flags_list[parmnum] &= ~FLAG_CMDLINE;
2650 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2653 flags_list[parmnum] |= FLAG_CMDLINE;
2655 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2656 * be grouped in the table, so we don't have to search the
2659 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2660 && parm_table[i].p_class == parm_table[parmnum].p_class;
2662 flags_list[i] |= FLAG_CMDLINE;
2664 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2665 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2666 flags_list[i] |= FLAG_CMDLINE;
2672 /* it might be parametric */
2673 if (strchr(pszParmName, ':') != NULL) {
2674 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2678 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2682 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2685 TALLOC_CTX *frame = talloc_stackframe();
2686 struct loadparm_context *lp_ctx;
2688 lp_ctx = setup_lp_context(frame);
2689 if (lp_ctx == NULL) {
2694 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2700 /***************************************************************************
2701 Process a parameter.
2702 ***************************************************************************/
2704 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2707 if (!bInGlobalSection && bGlobalOnly)
2710 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2712 if (bInGlobalSection) {
2713 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2715 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2716 pszParmName, pszParmValue);
2720 /***************************************************************************
2721 Initialize any local variables in the sDefault table, after parsing a
2723 ***************************************************************************/
2725 static void init_locals(void)
2728 * We run this check once the [globals] is parsed, to force
2729 * the VFS objects and other per-share settings we need for
2730 * the standard way a AD DC is operated. We may change these
2731 * as our code evolves, which is why we force these settings.
2733 * We can't do this at the end of lp_load_ex(), as by that
2734 * point the services have been loaded and they will already
2735 * have "" as their vfs objects.
2737 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2738 const char **vfs_objects = lp_vfs_objects(-1);
2739 if (!vfs_objects || !vfs_objects[0]) {
2740 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2741 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2742 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2743 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2745 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2749 lp_do_parameter(-1, "map hidden", "no");
2750 lp_do_parameter(-1, "map system", "no");
2751 lp_do_parameter(-1, "map readonly", "no");
2752 lp_do_parameter(-1, "map archive", "no");
2753 lp_do_parameter(-1, "store dos attributes", "yes");
2757 /***************************************************************************
2758 Process a new section (service). At this stage all sections are services.
2759 Later we'll have special sections that permit server parameters to be set.
2760 Returns true on success, false on failure.
2761 ***************************************************************************/
2763 bool lp_do_section(const char *pszSectionName, void *userdata)
2765 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2767 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2768 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2771 /* if we were in a global section then do the local inits */
2772 if (bInGlobalSection && !isglobal)
2775 /* if we've just struck a global section, note the fact. */
2776 bInGlobalSection = isglobal;
2777 if (lp_ctx != NULL) {
2778 lp_ctx->bInGlobalSection = isglobal;
2781 /* check for multiple global sections */
2782 if (bInGlobalSection) {
2783 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2787 if (!bInGlobalSection && bGlobalOnly)
2790 /* if we have a current service, tidy it up before moving on */
2793 if (iServiceIndex >= 0)
2794 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2796 /* if all is still well, move to the next record in the services array */
2798 /* We put this here to avoid an odd message order if messages are */
2799 /* issued by the post-processing of a previous section. */
2800 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2802 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2803 if (iServiceIndex < 0) {
2804 DEBUG(0, ("Failed to add a new service\n"));
2807 /* Clean all parametric options for service */
2808 /* They will be added during parsing again */
2809 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2815 /***************************************************************************
2816 Display the contents of a parameter of a single services record.
2817 ***************************************************************************/
2819 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2821 bool result = false;
2822 struct loadparm_context *lp_ctx;
2824 lp_ctx = setup_lp_context(talloc_tos());
2825 if (lp_ctx == NULL) {
2830 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2832 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2834 TALLOC_FREE(lp_ctx);
2839 /***************************************************************************
2840 Display the contents of a single copy structure.
2841 ***************************************************************************/
2842 static void dump_copy_map(bool *pcopymap)
2848 printf("\n\tNon-Copied parameters:\n");
2850 for (i = 0; parm_table[i].label; i++)
2851 if (parm_table[i].p_class == P_LOCAL &&
2852 parm_table[i].ptr && !pcopymap[i] &&
2853 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2855 printf("\t\t%s\n", parm_table[i].label);
2860 /***************************************************************************
2861 Return TRUE if the passed service number is within range.
2862 ***************************************************************************/
2864 bool lp_snum_ok(int iService)
2866 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2869 /***************************************************************************
2870 Auto-load some home services.
2871 ***************************************************************************/
2873 static void lp_add_auto_services(char *str)
2883 s = talloc_strdup(talloc_tos(), str);
2885 smb_panic("talloc_strdup failed");
2889 homes = lp_servicenumber(HOMES_NAME);
2891 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2892 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2895 if (lp_servicenumber(p) >= 0)
2898 home = get_user_home_dir(talloc_tos(), p);
2900 if (home && home[0] && homes >= 0)
2901 lp_add_home(p, homes, p, home);
2908 /***************************************************************************
2909 Auto-load one printer.
2910 ***************************************************************************/
2912 void lp_add_one_printer(const char *name, const char *comment,
2913 const char *location, void *pdata)
2915 int printers = lp_servicenumber(PRINTERS_NAME);
2918 if (lp_servicenumber(name) < 0) {
2919 lp_add_printer(name, printers);
2920 if ((i = lp_servicenumber(name)) >= 0) {
2921 lpcfg_string_set(ServicePtrs[i],
2922 &ServicePtrs[i]->comment, comment);
2923 ServicePtrs[i]->autoloaded = true;
2928 /***************************************************************************
2929 Have we loaded a services file yet?
2930 ***************************************************************************/
2932 bool lp_loaded(void)
2937 /***************************************************************************
2938 Unload unused services.
2939 ***************************************************************************/
2941 void lp_killunused(struct smbd_server_connection *sconn,
2942 bool (*snumused) (struct smbd_server_connection *, int))
2945 for (i = 0; i < iNumServices; i++) {
2949 /* don't kill autoloaded or usershare services */
2950 if ( ServicePtrs[i]->autoloaded ||
2951 ServicePtrs[i]->usershare == USERSHARE_VALID) {
2955 if (!snumused || !snumused(sconn, i)) {
2956 free_service_byindex(i);
2962 * Kill all except autoloaded and usershare services - convenience wrapper
2964 void lp_kill_all_services(void)
2966 lp_killunused(NULL, NULL);
2969 /***************************************************************************
2971 ***************************************************************************/
2973 void lp_killservice(int iServiceIn)
2975 if (VALID(iServiceIn)) {
2976 free_service_byindex(iServiceIn);
2980 /***************************************************************************
2981 Save the curent values of all global and sDefault parameters into the
2982 defaults union. This allows testparm to show only the
2983 changed (ie. non-default) parameters.
2984 ***************************************************************************/
2986 static void lp_save_defaults(void)
2989 struct parmlist_entry * parm;
2990 for (i = 0; parm_table[i].label; i++) {
2991 if (!(flags_list[i] & FLAG_CMDLINE)) {
2992 flags_list[i] |= FLAG_DEFAULT;
2995 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
2996 && parm_table[i].p_class == parm_table[i - 1].p_class)
2998 switch (parm_table[i].type) {
3001 parm_table[i].def.lvalue = str_list_copy(
3002 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3008 &parm_table[i].def.svalue,
3009 *(char **)lp_parm_ptr(
3010 NULL, &parm_table[i]));
3011 if (parm_table[i].def.svalue == NULL) {
3012 smb_panic("lpcfg_string_set() failed");
3017 parm_table[i].def.bvalue =
3018 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3021 parm_table[i].def.cvalue =
3022 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3028 parm_table[i].def.ivalue =
3029 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3034 for (parm=Globals.param_opt; parm; parm=parm->next) {
3035 if (!(parm->priority & FLAG_CMDLINE)) {
3036 parm->priority |= FLAG_DEFAULT;
3040 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3041 if (!(parm->priority & FLAG_CMDLINE)) {
3042 parm->priority |= FLAG_DEFAULT;
3046 defaults_saved = true;
3049 /***********************************************************
3050 If we should send plaintext/LANMAN passwords in the clinet
3051 ************************************************************/
3053 static void set_allowed_client_auth(void)
3055 if (Globals.client_ntlmv2_auth) {
3056 Globals.client_lanman_auth = false;
3058 if (!Globals.client_lanman_auth) {
3059 Globals.client_plaintext_auth = false;
3063 /***************************************************************************
3065 The following code allows smbd to read a user defined share file.
3066 Yes, this is my intent. Yes, I'm comfortable with that...
3068 THE FOLLOWING IS SECURITY CRITICAL CODE.
3070 It washes your clothes, it cleans your house, it guards you while you sleep...
3071 Do not f%^k with it....
3072 ***************************************************************************/
3074 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3076 /***************************************************************************
3077 Check allowed stat state of a usershare file.
3078 Ensure we print out who is dicking with us so the admin can
3079 get their sorry ass fired.
3080 ***************************************************************************/
3082 static bool check_usershare_stat(const char *fname,
3083 const SMB_STRUCT_STAT *psbuf)
3085 if (!S_ISREG(psbuf->st_ex_mode)) {
3086 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3087 "not a regular file\n",
3088 fname, (unsigned int)psbuf->st_ex_uid ));
3092 /* Ensure this doesn't have the other write bit set. */
3093 if (psbuf->st_ex_mode & S_IWOTH) {
3094 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3095 "public write. Refusing to allow as a usershare file.\n",
3096 fname, (unsigned int)psbuf->st_ex_uid ));
3100 /* Should be 10k or less. */
3101 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3102 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3103 "too large (%u) to be a user share file.\n",
3104 fname, (unsigned int)psbuf->st_ex_uid,
3105 (unsigned int)psbuf->st_ex_size ));
3112 /***************************************************************************
3113 Parse the contents of a usershare file.
3114 ***************************************************************************/
3116 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3117 SMB_STRUCT_STAT *psbuf,
3118 const char *servicename,
3122 char **pp_sharepath,
3124 char **pp_cp_servicename,
3125 struct security_descriptor **ppsd,
3128 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3129 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3132 SMB_STRUCT_STAT sbuf;
3133 char *sharepath = NULL;
3134 char *comment = NULL;
3136 *pp_sharepath = NULL;
3139 *pallow_guest = false;
3142 return USERSHARE_MALFORMED_FILE;
3145 if (strcmp(lines[0], "#VERSION 1") == 0) {
3147 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3150 return USERSHARE_MALFORMED_FILE;
3153 return USERSHARE_BAD_VERSION;
3156 if (strncmp(lines[1], "path=", 5) != 0) {
3157 return USERSHARE_MALFORMED_PATH;
3160 sharepath = talloc_strdup(ctx, &lines[1][5]);
3162 return USERSHARE_POSIX_ERR;
3164 trim_string(sharepath, " ", " ");
3166 if (strncmp(lines[2], "comment=", 8) != 0) {
3167 return USERSHARE_MALFORMED_COMMENT_DEF;
3170 comment = talloc_strdup(ctx, &lines[2][8]);
3172 return USERSHARE_POSIX_ERR;
3174 trim_string(comment, " ", " ");
3175 trim_char(comment, '"', '"');
3177 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3178 return USERSHARE_MALFORMED_ACL_DEF;
3181 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3182 return USERSHARE_ACL_ERR;
3186 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3187 return USERSHARE_MALFORMED_ACL_DEF;
3189 if (lines[4][9] == 'y') {
3190 *pallow_guest = true;
3193 /* Backwards compatible extension to file version #2. */
3195 if (strncmp(lines[5], "sharename=", 10) != 0) {
3196 return USERSHARE_MALFORMED_SHARENAME_DEF;
3198 if (!strequal(&lines[5][10], servicename)) {
3199 return USERSHARE_BAD_SHARENAME;
3201 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3202 if (!*pp_cp_servicename) {
3203 return USERSHARE_POSIX_ERR;
3208 if (*pp_cp_servicename == NULL) {
3209 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3210 if (!*pp_cp_servicename) {
3211 return USERSHARE_POSIX_ERR;
3215 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3216 /* Path didn't change, no checks needed. */
3217 *pp_sharepath = sharepath;
3218 *pp_comment = comment;
3219 return USERSHARE_OK;
3222 /* The path *must* be absolute. */
3223 if (sharepath[0] != '/') {
3224 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3225 servicename, sharepath));
3226 return USERSHARE_PATH_NOT_ABSOLUTE;
3229 /* If there is a usershare prefix deny list ensure one of these paths
3230 doesn't match the start of the user given path. */
3231 if (prefixdenylist) {
3233 for ( i=0; prefixdenylist[i]; i++ ) {
3234 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3235 servicename, i, prefixdenylist[i], sharepath ));
3236 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3237 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3238 "usershare prefix deny list entries.\n",
3239 servicename, sharepath));
3240 return USERSHARE_PATH_IS_DENIED;
3245 /* If there is a usershare prefix allow list ensure one of these paths
3246 does match the start of the user given path. */
3248 if (prefixallowlist) {
3250 for ( i=0; prefixallowlist[i]; i++ ) {
3251 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3252 servicename, i, prefixallowlist[i], sharepath ));
3253 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3257 if (prefixallowlist[i] == NULL) {
3258 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3259 "usershare prefix allow list entries.\n",
3260 servicename, sharepath));
3261 return USERSHARE_PATH_NOT_ALLOWED;
3265 /* Ensure this is pointing to a directory. */
3266 dp = opendir(sharepath);
3269 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3270 servicename, sharepath));
3271 return USERSHARE_PATH_NOT_DIRECTORY;
3274 /* Ensure the owner of the usershare file has permission to share
3277 if (sys_stat(sharepath, &sbuf, false) == -1) {
3278 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3279 servicename, sharepath, strerror(errno) ));
3281 return USERSHARE_POSIX_ERR;
3286 if (!S_ISDIR(sbuf.st_ex_mode)) {
3287 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3288 servicename, sharepath ));
3289 return USERSHARE_PATH_NOT_DIRECTORY;
3292 /* Check if sharing is restricted to owner-only. */
3293 /* psbuf is the stat of the usershare definition file,
3294 sbuf is the stat of the target directory to be shared. */
3296 if (lp_usershare_owner_only()) {
3297 /* root can share anything. */
3298 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3299 return USERSHARE_PATH_NOT_ALLOWED;
3303 *pp_sharepath = sharepath;
3304 *pp_comment = comment;
3305 return USERSHARE_OK;
3308 /***************************************************************************
3309 Deal with a usershare file.
3312 -1 - Bad name, invalid contents.
3313 - service name already existed and not a usershare, problem
3314 with permissions to share directory etc.
3315 ***************************************************************************/
3317 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3319 SMB_STRUCT_STAT sbuf;
3320 SMB_STRUCT_STAT lsbuf;
3322 char *sharepath = NULL;
3323 char *comment = NULL;
3324 char *cp_service_name = NULL;
3325 char **lines = NULL;
3329 TALLOC_CTX *ctx = talloc_stackframe();
3330 struct security_descriptor *psd = NULL;
3331 bool guest_ok = false;
3332 char *canon_name = NULL;
3333 bool added_service = false;
3336 /* Ensure share name doesn't contain invalid characters. */
3337 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3338 DEBUG(0,("process_usershare_file: share name %s contains "
3339 "invalid characters (any of %s)\n",
3340 file_name, INVALID_SHARENAME_CHARS ));
3344 canon_name = canonicalize_servicename(ctx, file_name);
3349 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3354 /* Minimize the race condition by doing an lstat before we
3355 open and fstat. Ensure this isn't a symlink link. */
3357 if (sys_lstat(fname, &lsbuf, false) != 0) {
3358 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3359 fname, strerror(errno) ));
3363 /* This must be a regular file, not a symlink, directory or
3364 other strange filetype. */
3365 if (!check_usershare_stat(fname, &lsbuf)) {
3373 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3378 if (NT_STATUS_IS_OK(status) &&
3379 (data.dptr != NULL) &&
3380 (data.dsize == sizeof(iService))) {
3381 memcpy(&iService, data.dptr, sizeof(iService));
3385 if (iService != -1 &&
3386 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3387 &lsbuf.st_ex_mtime) == 0) {
3388 /* Nothing changed - Mark valid and return. */
3389 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3391 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3396 /* Try and open the file read only - no symlinks allowed. */
3398 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3400 fd = open(fname, O_RDONLY, 0);
3404 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3405 fname, strerror(errno) ));
3409 /* Now fstat to be *SURE* it's a regular file. */
3410 if (sys_fstat(fd, &sbuf, false) != 0) {
3412 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3413 fname, strerror(errno) ));
3417 /* Is it the same dev/inode as was lstated ? */
3418 if (!check_same_stat(&lsbuf, &sbuf)) {
3420 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3421 "Symlink spoofing going on ?\n", fname ));
3425 /* This must be a regular file, not a symlink, directory or
3426 other strange filetype. */
3427 if (!check_usershare_stat(fname, &sbuf)) {
3432 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3435 if (lines == NULL) {
3436 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3437 fname, (unsigned int)sbuf.st_ex_uid ));
3441 if (parse_usershare_file(ctx, &sbuf, file_name,
3442 iService, lines, numlines, &sharepath,
3443 &comment, &cp_service_name,
3444 &psd, &guest_ok) != USERSHARE_OK) {
3448 /* Everything ok - add the service possibly using a template. */
3450 const struct loadparm_service *sp = &sDefault;
3451 if (snum_template != -1) {
3452 sp = ServicePtrs[snum_template];
3455 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3456 DEBUG(0, ("process_usershare_file: Failed to add "
3457 "new service %s\n", cp_service_name));
3461 added_service = true;
3463 /* Read only is controlled by usershare ACL below. */
3464 ServicePtrs[iService]->read_only = false;
3467 /* Write the ACL of the new/modified share. */
3468 if (!set_share_security(canon_name, psd)) {
3469 DEBUG(0, ("process_usershare_file: Failed to set share "
3470 "security for user share %s\n",
3475 /* If from a template it may be marked invalid. */
3476 ServicePtrs[iService]->valid = true;
3478 /* Set the service as a valid usershare. */
3479 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3481 /* Set guest access. */
3482 if (lp_usershare_allow_guests()) {
3483 ServicePtrs[iService]->guest_ok = guest_ok;
3486 /* And note when it was loaded. */
3487 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3488 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3490 lpcfg_string_set(ServicePtrs[iService],
3491 &ServicePtrs[iService]->comment, comment);
3497 if (ret == -1 && iService != -1 && added_service) {
3498 lp_remove_service(iService);
3506 /***************************************************************************
3507 Checks if a usershare entry has been modified since last load.
3508 ***************************************************************************/
3510 static bool usershare_exists(int iService, struct timespec *last_mod)
3512 SMB_STRUCT_STAT lsbuf;
3513 const char *usersharepath = Globals.usershare_path;
3516 fname = talloc_asprintf(talloc_tos(),
3519 ServicePtrs[iService]->szService);
3520 if (fname == NULL) {
3524 if (sys_lstat(fname, &lsbuf, false) != 0) {
3529 if (!S_ISREG(lsbuf.st_ex_mode)) {
3535 *last_mod = lsbuf.st_ex_mtime;
3539 static bool usershare_directory_is_root(uid_t uid)
3545 if (uid_wrapper_enabled()) {
3552 /***************************************************************************
3553 Load a usershare service by name. Returns a valid servicenumber or -1.
3554 ***************************************************************************/
3556 int load_usershare_service(const char *servicename)
3558 SMB_STRUCT_STAT sbuf;
3559 const char *usersharepath = Globals.usershare_path;
3560 int max_user_shares = Globals.usershare_max_shares;
3561 int snum_template = -1;
3563 if (*usersharepath == 0 || max_user_shares == 0) {
3567 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3568 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3569 usersharepath, strerror(errno) ));
3573 if (!S_ISDIR(sbuf.st_ex_mode)) {
3574 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3580 * This directory must be owned by root, and have the 't' bit set.
3581 * It also must not be writable by "other".
3585 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3586 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3588 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3589 (sbuf.st_ex_mode & S_IWOTH)) {
3591 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3592 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3597 /* Ensure the template share exists if it's set. */
3598 if (Globals.usershare_template_share[0]) {
3599 /* We can't use lp_servicenumber here as we are recommending that
3600 template shares have -valid=false set. */
3601 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3602 if (ServicePtrs[snum_template]->szService &&
3603 strequal(ServicePtrs[snum_template]->szService,
3604 Globals.usershare_template_share)) {
3609 if (snum_template == -1) {
3610 DEBUG(0,("load_usershare_service: usershare template share %s "
3611 "does not exist.\n",
3612 Globals.usershare_template_share ));
3617 return process_usershare_file(usersharepath, servicename, snum_template);
3620 /***************************************************************************
3621 Load all user defined shares from the user share directory.
3622 We only do this if we're enumerating the share list.
3623 This is the function that can delete usershares that have
3625 ***************************************************************************/
3627 int load_usershare_shares(struct smbd_server_connection *sconn,
3628 bool (*snumused) (struct smbd_server_connection *, int))
3631 SMB_STRUCT_STAT sbuf;
3633 int num_usershares = 0;
3634 int max_user_shares = Globals.usershare_max_shares;
3635 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3636 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3637 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3639 int snum_template = -1;
3640 const char *usersharepath = Globals.usershare_path;
3641 int ret = lp_numservices();
3642 TALLOC_CTX *tmp_ctx;
3644 if (max_user_shares == 0 || *usersharepath == '\0') {
3645 return lp_numservices();
3648 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3649 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3650 usersharepath, strerror(errno) ));
3655 * This directory must be owned by root, and have the 't' bit set.
3656 * It also must not be writable by "other".
3660 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3662 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3664 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3665 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3670 /* Ensure the template share exists if it's set. */
3671 if (Globals.usershare_template_share[0]) {
3672 /* We can't use lp_servicenumber here as we are recommending that
3673 template shares have -valid=false set. */
3674 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3675 if (ServicePtrs[snum_template]->szService &&
3676 strequal(ServicePtrs[snum_template]->szService,
3677 Globals.usershare_template_share)) {
3682 if (snum_template == -1) {
3683 DEBUG(0,("load_usershare_shares: usershare template share %s "
3684 "does not exist.\n",
3685 Globals.usershare_template_share ));
3690 /* Mark all existing usershares as pending delete. */
3691 for (iService = iNumServices - 1; iService >= 0; iService--) {
3692 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3693 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3697 dp = opendir(usersharepath);
3699 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3700 usersharepath, strerror(errno) ));
3704 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3706 num_dir_entries++ ) {
3708 const char *n = de->d_name;
3710 /* Ignore . and .. */
3712 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3718 /* Temporary file used when creating a share. */
3719 num_tmp_dir_entries++;
3722 /* Allow 20% tmp entries. */
3723 if (num_tmp_dir_entries > allowed_tmp_entries) {
3724 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3725 "in directory %s\n",
3726 num_tmp_dir_entries, usersharepath));
3730 r = process_usershare_file(usersharepath, n, snum_template);
3732 /* Update the services count. */
3734 if (num_usershares >= max_user_shares) {
3735 DEBUG(0,("load_usershare_shares: max user shares reached "
3736 "on file %s in directory %s\n",
3737 n, usersharepath ));
3740 } else if (r == -1) {
3741 num_bad_dir_entries++;
3744 /* Allow 20% bad entries. */
3745 if (num_bad_dir_entries > allowed_bad_entries) {
3746 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3747 "in directory %s\n",
3748 num_bad_dir_entries, usersharepath));
3752 /* Allow 20% bad entries. */
3753 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3754 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3755 "in directory %s\n",
3756 num_dir_entries, usersharepath));
3763 /* Sweep through and delete any non-refreshed usershares that are
3764 not currently in use. */
3765 tmp_ctx = talloc_stackframe();
3766 for (iService = iNumServices - 1; iService >= 0; iService--) {
3767 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3770 if (snumused && snumused(sconn, iService)) {
3774 servname = lp_servicename(tmp_ctx, iService);
3776 /* Remove from the share ACL db. */
3777 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3779 delete_share_security(servname);
3780 free_service_byindex(iService);
3783 talloc_free(tmp_ctx);
3785 return lp_numservices();
3788 /********************************************************
3789 Destroy global resources allocated in this file
3790 ********************************************************/
3792 void gfree_loadparm(void)
3798 /* Free resources allocated to services */
3800 for ( i = 0; i < iNumServices; i++ ) {
3802 free_service_byindex(i);
3806 TALLOC_FREE( ServicePtrs );
3809 /* Now release all resources allocated to global
3810 parameters and the default service */
3812 free_global_parameters();
3816 /***************************************************************************
3817 Allow client apps to specify that they are a client
3818 ***************************************************************************/
3819 static void lp_set_in_client(bool b)
3825 /***************************************************************************
3826 Determine if we're running in a client app
3827 ***************************************************************************/
3828 static bool lp_is_in_client(void)
3833 static void lp_enforce_ad_dc_settings(void)
3835 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3836 lp_do_parameter(GLOBAL_SECTION_SNUM,
3837 "winbindd:use external pipes", "true");
3838 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3839 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3840 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3841 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3842 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3843 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3844 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3845 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3846 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3849 /***************************************************************************
3850 Load the services array from the services file. Return true on success,
3852 ***************************************************************************/
3854 static bool lp_load_ex(const char *pszFname,
3858 bool reinit_globals,
3859 bool allow_include_registry,
3860 bool load_all_shares)
3864 TALLOC_CTX *frame = talloc_stackframe();
3865 struct loadparm_context *lp_ctx;
3869 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3871 bInGlobalSection = true;
3872 bGlobalOnly = global_only;
3873 bAllowIncludeRegistry = allow_include_registry;
3874 sDefault = _sDefault;
3876 lp_ctx = setup_lp_context(talloc_tos());
3878 init_globals(lp_ctx, reinit_globals);
3882 if (save_defaults) {
3887 if (!reinit_globals) {
3888 free_param_opts(&Globals.param_opt);
3889 apply_lp_set_cmdline();
3892 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3894 /* We get sections first, so have to start 'behind' to make up */
3897 if (lp_config_backend_is_file()) {
3898 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3899 current_user_info.domain,
3902 smb_panic("lp_load_ex: out of memory");
3905 add_to_file_list(NULL, &file_lists, pszFname, n2);
3907 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3910 /* finish up the last section */
3911 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3913 if (iServiceIndex >= 0) {
3914 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3918 if (lp_config_backend_is_registry()) {
3920 /* config backend changed to registry in config file */
3922 * We need to use this extra global variable here to
3923 * survive restart: init_globals uses this as a default
3924 * for config_backend. Otherwise, init_globals would
3925 * send us into an endless loop here.
3928 config_backend = CONFIG_BACKEND_REGISTRY;
3930 DEBUG(1, ("lp_load_ex: changing to config backend "
3932 init_globals(lp_ctx, true);
3934 TALLOC_FREE(lp_ctx);
3936 lp_kill_all_services();
3937 ok = lp_load_ex(pszFname, global_only, save_defaults,
3938 add_ipc, reinit_globals,
3939 allow_include_registry,
3944 } else if (lp_config_backend_is_registry()) {
3945 bRetval = process_registry_globals();
3947 DEBUG(0, ("Illegal config backend given: %d\n",
3948 lp_config_backend()));
3952 if (bRetval && lp_registry_shares()) {
3953 if (load_all_shares) {
3954 bRetval = process_registry_shares();
3956 bRetval = reload_registry_shares();
3961 char *serv = lp_auto_services(talloc_tos());
3962 lp_add_auto_services(serv);
3967 /* When 'restrict anonymous = 2' guest connections to ipc$
3969 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
3970 if ( lp_enable_asu_support() ) {
3971 lp_add_ipc("ADMIN$", false);
3975 set_allowed_client_auth();
3977 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
3978 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
3979 lp_password_server()));
3984 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
3985 /* if we_are_a_wins_server is true and we are in the client */
3986 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
3987 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
3992 fault_configure(smb_panic_s3);
3995 * We run this check once the whole smb.conf is parsed, to
3996 * force some settings for the standard way a AD DC is
3997 * operated. We may change these as our code evolves, which
3998 * is why we force these settings.
4000 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4001 lp_enforce_ad_dc_settings();
4004 bAllowIncludeRegistry = true;
4010 static bool lp_load(const char *pszFname,
4014 bool reinit_globals)
4016 return lp_load_ex(pszFname,
4021 true, /* allow_include_registry */
4022 false); /* load_all_shares*/
4025 bool lp_load_initial_only(const char *pszFname)
4027 return lp_load_ex(pszFname,
4028 true, /* global only */
4029 true, /* save_defaults */
4030 false, /* add_ipc */
4031 true, /* reinit_globals */
4032 false, /* allow_include_registry */
4033 false); /* load_all_shares*/
4037 * most common lp_load wrapper, loading only the globals
4039 * If this is used in a daemon or client utility it should be called
4040 * after processing popt.
4042 bool lp_load_global(const char *file_name)
4044 return lp_load(file_name,
4045 true, /* global_only */
4046 false, /* save_defaults */
4047 false, /* add_ipc */
4048 true); /* reinit_globals */
4052 * The typical lp_load wrapper with shares, loads global and
4053 * shares, including IPC, but does not force immediate
4054 * loading of all shares from registry.
4056 bool lp_load_with_shares(const char *file_name)
4058 return lp_load(file_name,
4059 false, /* global_only */
4060 false, /* save_defaults */
4062 true); /* reinit_globals */
4066 * lp_load wrapper, especially for clients
4068 bool lp_load_client(const char *file_name)
4070 lp_set_in_client(true);
4072 return lp_load_global(file_name);
4076 * lp_load wrapper, loading only globals, but intended
4077 * for subsequent calls, not reinitializing the globals
4080 bool lp_load_global_no_reinit(const char *file_name)
4082 return lp_load(file_name,
4083 true, /* global_only */
4084 false, /* save_defaults */
4085 false, /* add_ipc */
4086 false); /* reinit_globals */
4090 * lp_load wrapper, loading globals and shares,
4091 * intended for subsequent calls, i.e. not reinitializing
4092 * the globals to default values.
4094 bool lp_load_no_reinit(const char *file_name)
4096 return lp_load(file_name,
4097 false, /* global_only */
4098 false, /* save_defaults */
4099 false, /* add_ipc */
4100 false); /* reinit_globals */
4105 * lp_load wrapper, especially for clients, no reinitialization
4107 bool lp_load_client_no_reinit(const char *file_name)
4109 lp_set_in_client(true);
4111 return lp_load_global_no_reinit(file_name);
4114 bool lp_load_with_registry_shares(const char *pszFname)
4116 return lp_load_ex(pszFname,
4117 false, /* global_only */
4118 true, /* save_defaults */
4119 false, /* add_ipc */
4120 true, /* reinit_globals */
4121 true, /* allow_include_registry */
4122 true); /* load_all_shares*/
4125 /***************************************************************************
4126 Return the max number of services.
4127 ***************************************************************************/
4129 int lp_numservices(void)
4131 return (iNumServices);
4134 /***************************************************************************
4135 Display the contents of the services array in human-readable form.
4136 ***************************************************************************/
4138 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4141 struct loadparm_context *lp_ctx;
4144 defaults_saved = false;
4146 lp_ctx = setup_lp_context(talloc_tos());
4147 if (lp_ctx == NULL) {
4151 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4153 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4155 for (iService = 0; iService < maxtoprint; iService++) {
4157 lp_dump_one(f, show_defaults, iService);
4159 TALLOC_FREE(lp_ctx);
4162 /***************************************************************************
4163 Display the contents of one service in human-readable form.
4164 ***************************************************************************/
4166 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4169 if (ServicePtrs[snum]->szService[0] == '\0')
4171 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4172 flags_list, show_defaults);
4176 /***************************************************************************
4177 Return the number of the service with the given name, or -1 if it doesn't
4178 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4179 getservicebyname()! This works ONLY if all services have been loaded, and
4180 does not copy the found service.
4181 ***************************************************************************/
4183 int lp_servicenumber(const char *pszServiceName)
4186 fstring serviceName;
4188 if (!pszServiceName) {
4189 return GLOBAL_SECTION_SNUM;
4192 for (iService = iNumServices - 1; iService >= 0; iService--) {
4193 if (VALID(iService) && ServicePtrs[iService]->szService) {
4195 * The substitution here is used to support %U in
4198 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4199 standard_sub_basic(get_current_username(),
4200 current_user_info.domain,
4201 serviceName,sizeof(serviceName));
4202 if (strequal(serviceName, pszServiceName)) {
4208 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4209 struct timespec last_mod;
4211 if (!usershare_exists(iService, &last_mod)) {
4212 /* Remove the share security tdb entry for it. */
4213 delete_share_security(lp_const_servicename(iService));
4214 /* Remove it from the array. */
4215 free_service_byindex(iService);
4216 /* Doesn't exist anymore. */
4217 return GLOBAL_SECTION_SNUM;
4220 /* Has it been modified ? If so delete and reload. */
4221 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4223 /* Remove it from the array. */
4224 free_service_byindex(iService);
4225 /* and now reload it. */
4226 iService = load_usershare_service(pszServiceName);
4231 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4232 return GLOBAL_SECTION_SNUM;
4238 /*******************************************************************
4239 A useful volume label function.
4240 ********************************************************************/
4242 const char *volume_label(TALLOC_CTX *ctx, int snum)
4245 const char *label = lp_volume(ctx, snum);
4249 label = lp_servicename(ctx, snum);
4253 * Volume label can be a max of 32 bytes. Make sure to truncate
4254 * it at a codepoint boundary if it's longer than 32 and contains
4255 * multibyte characters. Windows insists on a volume label being
4256 * a valid mb sequence, and errors out if not.
4258 if (strlen(label) > 32) {
4260 * A MB char can be a max of 5 bytes, thus
4261 * we should have a valid mb character at a
4262 * minimum position of (32-5) = 27.
4266 * Check if a codepoint starting from next byte
4267 * is valid. If yes, then the current byte is the
4268 * end of a MB or ascii sequence and the label can
4269 * be safely truncated here. If not, keep going
4270 * backwards till a valid codepoint is found.
4273 const char *s = &label[end];
4274 codepoint_t c = next_codepoint(s, &len);
4275 if (c != INVALID_CODEPOINT) {
4282 /* This returns a max of 33 byte guarenteed null terminated string. */
4283 ret = talloc_strndup(ctx, label, end);
4290 /*******************************************************************
4291 Get the default server type we will announce as via nmbd.
4292 ********************************************************************/
4294 int lp_default_server_announce(void)
4296 int default_server_announce = 0;
4297 default_server_announce |= SV_TYPE_WORKSTATION;
4298 default_server_announce |= SV_TYPE_SERVER;
4299 default_server_announce |= SV_TYPE_SERVER_UNIX;
4301 /* note that the flag should be set only if we have a
4302 printer service but nmbd doesn't actually load the
4303 services so we can't tell --jerry */
4305 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4307 default_server_announce |= SV_TYPE_SERVER_NT;
4308 default_server_announce |= SV_TYPE_NT;
4310 switch (lp_server_role()) {
4311 case ROLE_DOMAIN_MEMBER:
4312 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4314 case ROLE_DOMAIN_PDC:
4315 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4317 case ROLE_DOMAIN_BDC:
4318 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4320 case ROLE_STANDALONE:
4324 if (lp_time_server())
4325 default_server_announce |= SV_TYPE_TIME_SOURCE;
4327 if (lp_host_msdfs())
4328 default_server_announce |= SV_TYPE_DFS_SERVER;
4330 return default_server_announce;
4333 /***********************************************************
4334 If we are PDC then prefer us as DMB
4335 ************************************************************/
4337 bool lp_domain_master(void)
4339 if (Globals._domain_master == Auto)
4340 return (lp_server_role() == ROLE_DOMAIN_PDC);
4342 return (bool)Globals._domain_master;
4345 /***********************************************************
4346 If we are PDC then prefer us as DMB
4347 ************************************************************/
4349 static bool lp_domain_master_true_or_auto(void)
4351 if (Globals._domain_master) /* auto or yes */
4357 /***********************************************************
4358 If we are DMB then prefer us as LMB
4359 ************************************************************/
4361 bool lp_preferred_master(void)
4363 int preferred_master = lp__preferred_master();
4365 if (preferred_master == Auto)
4366 return (lp_local_master() && lp_domain_master());
4368 return (bool)preferred_master;
4371 /*******************************************************************
4373 ********************************************************************/
4375 void lp_remove_service(int snum)
4377 ServicePtrs[snum]->valid = false;
4380 const char *lp_printername(TALLOC_CTX *ctx, int snum)
4382 const char *ret = lp__printername(ctx, snum);
4383 if (ret == NULL || *ret == '\0') {
4384 ret = lp_const_servicename(snum);
4391 /***********************************************************
4392 Allow daemons such as winbindd to fix their logfile name.
4393 ************************************************************/
4395 void lp_set_logfile(const char *name)
4397 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4398 debug_set_logfile(name);
4401 /*******************************************************************
4402 Return the max print jobs per queue.
4403 ********************************************************************/
4405 int lp_maxprintjobs(int snum)
4407 int maxjobs = lp_max_print_jobs(snum);
4409 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4410 maxjobs = PRINT_MAX_JOBID - 1;
4415 const char *lp_printcapname(void)
4417 const char *printcap_name = lp_printcap_name();
4419 if ((printcap_name != NULL) &&
4420 (printcap_name[0] != '\0'))
4421 return printcap_name;
4423 if (sDefault.printing == PRINT_CUPS) {
4427 if (sDefault.printing == PRINT_BSD)
4428 return "/etc/printcap";
4430 return PRINTCAP_NAME;
4433 static uint32_t spoolss_state;
4435 bool lp_disable_spoolss( void )
4437 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4438 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4440 return spoolss_state == SVCCTL_STOPPED ? true : false;
4443 void lp_set_spoolss_state( uint32_t state )
4445 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4447 spoolss_state = state;
4450 uint32_t lp_get_spoolss_state( void )
4452 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4455 /*******************************************************************
4456 Ensure we don't use sendfile if server smb signing is active.
4457 ********************************************************************/
4459 bool lp_use_sendfile(int snum, struct smb_signing_state *signing_state)
4461 bool sign_active = false;
4463 /* Using sendfile blows the brains out of any DOS or Win9x TCP stack... JRA. */
4464 if (get_Protocol() < PROTOCOL_NT1) {
4467 if (signing_state) {
4468 sign_active = smb_signing_is_active(signing_state);
4470 return (lp__use_sendfile(snum) &&
4471 (get_remote_arch() != RA_WIN95) &&
4475 /*******************************************************************
4476 Turn off sendfile if we find the underlying OS doesn't support it.
4477 ********************************************************************/
4479 void set_use_sendfile(int snum, bool val)
4481 if (LP_SNUM_OK(snum))
4482 ServicePtrs[snum]->_use_sendfile = val;
4484 sDefault._use_sendfile = val;
4487 void lp_set_mangling_method(const char *new_method)
4489 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4492 /*******************************************************************
4493 Global state for POSIX pathname processing.
4494 ********************************************************************/
4496 static bool posix_pathnames;
4498 bool lp_posix_pathnames(void)
4500 return posix_pathnames;
4503 /*******************************************************************
4504 Change everything needed to ensure POSIX pathname processing (currently
4506 ********************************************************************/
4508 void lp_set_posix_pathnames(void)
4510 posix_pathnames = true;
4513 /*******************************************************************
4514 Global state for POSIX lock processing - CIFS unix extensions.
4515 ********************************************************************/
4517 bool posix_default_lock_was_set;
4518 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4520 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4522 if (posix_default_lock_was_set) {
4523 return posix_cifsx_locktype;
4525 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4526 POSIX_LOCK : WINDOWS_LOCK;
4530 /*******************************************************************
4531 ********************************************************************/
4533 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4535 posix_default_lock_was_set = true;
4536 posix_cifsx_locktype = val;
4539 int lp_min_receive_file_size(void)
4541 int min_receivefile_size = lp_min_receivefile_size();
4543 if (min_receivefile_size < 0) {
4546 return min_receivefile_size;
4549 /*******************************************************************
4550 Safe wide links checks.
4551 This helper function always verify the validity of wide links,
4552 even after a configuration file reload.
4553 ********************************************************************/
4555 void widelinks_warning(int snum)
4557 if (lp_allow_insecure_wide_links()) {
4561 if (lp_unix_extensions() && lp_wide_links(snum)) {
4562 DBG_ERR("Share '%s' has wide links and unix extensions enabled. "
4563 "These parameters are incompatible. "
4564 "Wide links will be disabled for this share.\n",
4565 lp_const_servicename(snum));
4569 bool lp_widelinks(int snum)
4571 /* wide links is always incompatible with unix extensions */
4572 if (lp_unix_extensions()) {
4574 * Unless we have "allow insecure widelinks"
4577 if (!lp_allow_insecure_wide_links()) {
4582 return lp_wide_links(snum);
4585 int lp_server_role(void)
4587 return lp_find_server_role(lp__server_role(),
4589 lp__domain_logons(),
4590 lp_domain_master_true_or_auto());
4593 int lp_security(void)
4595 return lp_find_security(lp__server_role(),
4599 int lp_client_max_protocol(void)
4601 int client_max_protocol = lp__client_max_protocol();
4602 if (client_max_protocol == PROTOCOL_DEFAULT) {
4603 return PROTOCOL_LATEST;
4605 return client_max_protocol;
4608 int lp_client_ipc_min_protocol(void)
4610 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4611 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4612 client_ipc_min_protocol = lp_client_min_protocol();
4614 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4615 return PROTOCOL_NT1;
4617 return client_ipc_min_protocol;
4620 int lp_client_ipc_max_protocol(void)
4622 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4623 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4624 return PROTOCOL_LATEST;
4626 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4627 return PROTOCOL_NT1;
4629 return client_ipc_max_protocol;
4632 int lp_client_ipc_signing(void)
4634 int client_ipc_signing = lp__client_ipc_signing();
4635 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4636 return SMB_SIGNING_REQUIRED;
4638 return client_ipc_signing;
4641 int lp_rpc_low_port(void)
4643 return Globals.rpc_low_port;
4646 int lp_rpc_high_port(void)
4648 return Globals.rpc_high_port;
4652 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4654 * This also ensures it is disabled if NTLM is totally disabled
4656 bool lp_lanman_auth(void)
4658 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4660 if (ntlm_auth_level == NTLM_AUTH_ON) {
4661 return lp__lanman_auth();
4667 struct loadparm_global * get_globals(void)
4672 unsigned int * get_flags(void)
4674 if (flags_list == NULL) {
4675 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());