2 Unix SMB/CIFS implementation.
3 Test validity of smb.conf
4 Copyright (C) Karl Auer 1993, 1994-1998
6 Extensively modified by Andrew Tridgell, 1995
7 Converted to popt by Jelmer Vernooij (jelmer@nl.linux.org), 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 * Testbed for loadparm.c/params.c
26 * This module simply loads a specified configuration file and
27 * if successful, dumps it's contents to stdout. Note that the
28 * operation is performed with DEBUGLEVEL at 3.
30 * Useful for a quick 'syntax check' of a configuration file.
35 #include "system/filesys.h"
36 #include "popt_common.h"
37 #include "lib/param/loadparm.h"
38 #include "cmdline_contexts.h"
42 /*******************************************************************
43 Check if a directory exists.
44 ********************************************************************/
46 static bool directory_exist_stat(const char *dname,SMB_STRUCT_STAT *st)
54 if (sys_stat(dname, st, false) != 0)
57 ret = S_ISDIR(st->st_ex_mode);
64 const char *domain_name;
70 struct idmap_domains {
71 struct idmap_config *c;
76 static bool lp_scan_idmap_found_domain(const char *string,
82 if (matches[1].rm_so == -1) {
83 fprintf(stderr, "Found match, but no name - invalid idmap config");
86 if (matches[1].rm_eo <= matches[1].rm_so) {
87 fprintf(stderr, "Invalid match - invalid idmap config");
92 struct idmap_domains *d = private_data;
93 struct idmap_config *c = &d->c[d->count];
94 regoff_t len = matches[1].rm_eo - matches[1].rm_so;
95 char domname[len + 1];
97 if (d->count >= d->size) {
101 memcpy(domname, string + matches[1].rm_so, len);
104 c->domain_name = talloc_strdup_upper(d->c, domname);
105 if (c->domain_name == NULL) {
108 c->backend = talloc_strdup(d->c, lp_idmap_backend(domname));
109 if (c->backend == NULL) {
113 if (lp_server_role() != ROLE_ACTIVE_DIRECTORY_DC) {
114 ok = lp_idmap_range(domname, &c->low, &c->high);
117 "ERROR: Invalid idmap range for domain "
127 return false; /* Keep scanning */
130 static bool do_idmap_check(void)
132 struct idmap_domains *d;
137 d = talloc_zero(talloc_tos(), struct idmap_domains);
144 d->c = talloc_array(d, struct idmap_config, d->size);
149 rc = lp_wi_scan_global_parametrics("idmapconfig\\(.*\\):backend",
151 lp_scan_idmap_found_domain,
155 "FATAL: wi_scan_global_parametrics failed: %d",
159 for (i = 0; i < d->count; i++) {
160 struct idmap_config *c = &d->c[i];
163 for (j = 0; j < d->count && j != i; j++) {
164 struct idmap_config *x = &d->c[j];
166 if ((c->low >= x->low && c->low <= x->high) ||
167 (c->high >= x->low && c->high <= x->high)) {
168 /* Allow overlapping ranges for idmap_ad */
169 ok = strequal(c->backend, x->backend);
171 ok = strequal(c->backend, "ad");
174 "NOTE: The idmap_ad "
175 "range for the domain "
176 "%s overlaps with the "
185 "ERROR: The idmap range for the domain "
186 "%s (%s) overlaps with the range of "
204 /***********************************************
205 Here we do a set of 'hard coded' checks for bad
206 configuration settings.
207 ************************************************/
209 static int do_global_checks(void)
213 const char *socket_options;
215 if (lp_security() >= SEC_DOMAIN && !lp_encrypt_passwords()) {
216 fprintf(stderr, "ERROR: in 'security=domain' mode the "
217 "'encrypt passwords' parameter must always be "
218 "set to 'true'.\n\n");
222 if (lp_we_are_a_wins_server() && lp_wins_server_list()) {
223 fprintf(stderr, "ERROR: both 'wins support = true' and "
224 "'wins server = <server list>' cannot be set in "
225 "the smb.conf file. nmbd will abort with this "
230 if (strequal(lp_workgroup(), lp_netbios_name())) {
231 fprintf(stderr, "WARNING: 'workgroup' and 'netbios name' "
235 if (lp_client_ipc_signing() == SMB_SIGNING_IF_REQUIRED
236 || lp_client_ipc_signing() == SMB_SIGNING_OFF) {
237 fprintf(stderr, "WARNING: The 'client ipc signing' value "
238 "%s SMB signing is not used when contacting a "
239 "domain controller or other server. "
240 "This setting is not recommended; please be "
241 "aware of the security implications when using "
242 "this configuration setting.\n\n",
243 lp_client_ipc_signing() == SMB_SIGNING_OFF ?
244 "ensures" : "may mean");
247 if (strlen(lp_netbios_name()) > 15) {
248 fprintf(stderr, "WARNING: The 'netbios name' is too long "
249 "(max. 15 chars).\n\n");
252 if (!directory_exist_stat(lp_lock_directory(), &st)) {
253 fprintf(stderr, "ERROR: lock directory %s does not exist\n\n",
254 lp_lock_directory());
256 } else if ((st.st_ex_mode & 0777) != 0755) {
257 fprintf(stderr, "WARNING: lock directory %s should have "
258 "permissions 0755 for browsing to work\n\n",
259 lp_lock_directory());
262 if (!directory_exist_stat(lp_state_directory(), &st)) {
263 fprintf(stderr, "ERROR: state directory %s does not exist\n\n",
264 lp_state_directory());
266 } else if ((st.st_ex_mode & 0777) != 0755) {
267 fprintf(stderr, "WARNING: state directory %s should have "
268 "permissions 0755 for browsing to work\n\n",
269 lp_state_directory());
272 if (!directory_exist_stat(lp_cache_directory(), &st)) {
273 fprintf(stderr, "ERROR: cache directory %s does not exist\n\n",
274 lp_cache_directory());
276 } else if ((st.st_ex_mode & 0777) != 0755) {
277 fprintf(stderr, "WARNING: cache directory %s should have "
278 "permissions 0755 for browsing to work\n\n",
279 lp_cache_directory());
282 if (!directory_exist_stat(lp_pid_directory(), &st)) {
283 fprintf(stderr, "ERROR: pid directory %s does not exist\n\n",
288 if (lp_passdb_expand_explicit()) {
289 fprintf(stderr, "WARNING: passdb expand explicit = yes is "
296 socket_options = lp_socket_options();
297 if (socket_options != NULL &&
298 (strstr(socket_options, "SO_SNDBUF") ||
299 strstr(socket_options, "SO_RCVBUF") ||
300 strstr(socket_options, "SO_SNDLOWAT") ||
301 strstr(socket_options, "SO_RCVLOWAT")))
304 "WARNING: socket options = %s\n"
305 "This warning is printed because you set one of the\n"
306 "following options: SO_SNDBUF, SO_RCVBUF, SO_SNDLOWAT,\n"
308 "Modern server operating systems are tuned for\n"
309 "high network performance in the majority of situations;\n"
310 "when you set 'socket options' you are overriding those\n"
312 "Linux in particular has an auto-tuning mechanism for\n"
313 "buffer sizes (SO_SNDBUF, SO_RCVBUF) that will be\n"
314 "disabled if you specify a socket buffer size. This can\n"
315 "potentially cripple your TCP/IP stack.\n\n"
316 "Getting the 'socket options' correct can make a big\n"
317 "difference to your performance, but getting them wrong\n"
318 "can degrade it by just as much. As with any other low\n"
319 "level setting, if you must make changes to it, make\n "
320 "small changes and test the effect before making any\n"
321 "large changes.\n\n",
326 * Password server sanity checks.
329 if((lp_security() >= SEC_DOMAIN) && !*lp_password_server()) {
330 const char *sec_setting;
331 if(lp_security() == SEC_DOMAIN)
332 sec_setting = "domain";
333 else if(lp_security() == SEC_ADS)
338 fprintf(stderr, "ERROR: The setting 'security=%s' requires the "
339 "'password server' parameter be set to the "
340 "default value * or a valid password server.\n\n",
345 if((lp_security() >= SEC_DOMAIN) && (strcmp(lp_password_server(), "*") != 0)) {
346 const char *sec_setting;
347 if(lp_security() == SEC_DOMAIN)
348 sec_setting = "domain";
349 else if(lp_security() == SEC_ADS)
354 fprintf(stderr, "WARNING: The setting 'security=%s' should NOT "
355 "be combined with the 'password server' "
357 "(by default Samba will discover the correct DC "
358 "to contact automatically).\n\n",
363 * Password chat sanity checks.
366 if(lp_security() == SEC_USER && lp_unix_password_sync()) {
369 * Check that we have a valid lp_passwd_program() if not using pam.
373 if (!lp_pam_password_change()) {
376 if((lp_passwd_program(talloc_tos()) == NULL) ||
377 (strlen(lp_passwd_program(talloc_tos())) == 0))
380 "ERROR: the 'unix password sync' "
381 "parameter is set and there is no valid "
382 "'passwd program' parameter.\n\n");
385 const char *passwd_prog;
386 char *truncated_prog = NULL;
389 passwd_prog = lp_passwd_program(talloc_tos());
391 next_token_talloc(talloc_tos(),
393 &truncated_prog, NULL);
394 if (truncated_prog && access(truncated_prog, F_OK) == -1) {
396 "ERROR: the 'unix password sync' "
397 "parameter is set and the "
398 "'passwd program' (%s) cannot be "
399 "executed (error was %s).\n\n",
410 if(lp_passwd_chat(talloc_tos()) == NULL) {
412 "ERROR: the 'unix password sync' parameter is "
413 "set and there is no valid 'passwd chat' "
418 if ((lp_passwd_program(talloc_tos()) != NULL) &&
419 (strlen(lp_passwd_program(talloc_tos())) > 0))
421 /* check if there's a %u parameter present */
422 if(strstr_m(lp_passwd_program(talloc_tos()), "%u") == NULL) {
424 "ERROR: the 'passwd program' (%s) "
425 "requires a '%%u' parameter.\n\n",
426 lp_passwd_program(talloc_tos()));
432 * Check that we have a valid script and that it hasn't
433 * been written to expect the old password.
436 if(lp_encrypt_passwords()) {
437 if(strstr_m( lp_passwd_chat(talloc_tos()), "%o")!=NULL) {
439 "ERROR: the 'passwd chat' script [%s] "
440 "expects to use the old plaintext "
441 "password via the %%o substitution. With "
442 "encrypted passwords this is not "
444 lp_passwd_chat(talloc_tos()) );
450 if (strlen(lp_winbind_separator()) != 1) {
451 fprintf(stderr, "ERROR: the 'winbind separator' parameter must "
452 "be a single character.\n\n");
456 if (*lp_winbind_separator() == '+') {
457 fprintf(stderr, "'winbind separator = +' might cause problems "
458 "with group membership.\n\n");
461 if (lp_algorithmic_rid_base() < BASE_RID) {
462 /* Try to prevent admin foot-shooting, we can't put algorithmic
463 rids below 1000, that's the 'well known RIDs' on NT */
464 fprintf(stderr, "'algorithmic rid base' must be equal to or "
465 "above %lu\n\n", BASE_RID);
468 if (lp_algorithmic_rid_base() & 1) {
469 fprintf(stderr, "'algorithmic rid base' must be even.\n\n");
472 if (lp_server_role() != ROLE_STANDALONE) {
473 const char *default_backends[] = {
474 "tdb", "tdb2", "ldap", "autorid", "hash"
476 const char *idmap_backend;
477 bool valid_backend = false;
481 idmap_backend = lp_idmap_default_backend();
483 for (i = 0; i < ARRAY_SIZE(default_backends); i++) {
484 ok = strequal(idmap_backend, default_backends[i]);
486 valid_backend = true;
490 if (!valid_backend) {
492 fprintf(stderr, "ERROR: Do not use the '%s' backend "
493 "as the default idmap backend!\n\n",
497 ok = do_idmap_check();
504 if (lp_preload_modules()) {
505 fprintf(stderr, "WARNING: 'preload modules = ' set while loading "
506 "plugins not supported.\n\n");
510 if (!lp_passdb_backend()) {
511 fprintf(stderr, "ERROR: passdb backend must have a value or be "
515 if (lp_os_level() > 255) {
516 fprintf(stderr, "WARNING: Maximum value for 'os level' is "
520 if (strequal(lp_dos_charset(), "UTF8") || strequal(lp_dos_charset(), "UTF-8")) {
521 fprintf(stderr, "ERROR: 'dos charset' must not be UTF8\n\n");
529 * per-share logic tests
531 static void do_per_share_checks(int s)
533 const char **deny_list = lp_hosts_deny(s);
534 const char **allow_list = lp_hosts_allow(s);
535 const char **vfs_objects = NULL;
537 static bool uses_fruit;
538 static bool doesnt_use_fruit;
539 static bool fruit_mix_warned;
542 for (i=0; deny_list[i]; i++) {
543 char *hasstar = strchr_m(deny_list[i], '*');
544 char *hasquery = strchr_m(deny_list[i], '?');
545 if(hasstar || hasquery) {
547 "Invalid character %c in hosts deny list "
548 "(%s) for service %s.\n\n",
549 hasstar ? *hasstar : *hasquery,
551 lp_servicename(talloc_tos(), s));
557 for (i=0; allow_list[i]; i++) {
558 char *hasstar = strchr_m(allow_list[i], '*');
559 char *hasquery = strchr_m(allow_list[i], '?');
560 if(hasstar || hasquery) {
562 "Invalid character %c in hosts allow "
563 "list (%s) for service %s.\n\n",
564 hasstar ? *hasstar : *hasquery,
566 lp_servicename(talloc_tos(), s));
571 if(lp_level2_oplocks(s) && !lp_oplocks(s)) {
572 fprintf(stderr, "Invalid combination of parameters for service "
573 "%s. Level II oplocks can only be set if oplocks "
575 lp_servicename(talloc_tos(), s));
578 if (!lp_store_dos_attributes(s) && lp_map_hidden(s)
579 && !(lp_create_mask(s) & S_IXOTH))
582 "Invalid combination of parameters for service %s. Map "
583 "hidden can only work if create mask includes octal "
585 lp_servicename(talloc_tos(), s));
587 if (!lp_store_dos_attributes(s) && lp_map_hidden(s)
588 && (lp_force_create_mode(s) & S_IXOTH))
591 "Invalid combination of parameters for service "
592 "%s. Map hidden can only work if force create mode "
593 "excludes octal 01 (S_IXOTH).\n\n",
594 lp_servicename(talloc_tos(), s));
596 if (!lp_store_dos_attributes(s) && lp_map_system(s)
597 && !(lp_create_mask(s) & S_IXGRP))
600 "Invalid combination of parameters for service "
601 "%s. Map system can only work if create mask includes "
602 "octal 010 (S_IXGRP).\n\n",
603 lp_servicename(talloc_tos(), s));
605 if (!lp_store_dos_attributes(s) && lp_map_system(s)
606 && (lp_force_create_mode(s) & S_IXGRP))
609 "Invalid combination of parameters for service "
610 "%s. Map system can only work if force create mode "
611 "excludes octal 010 (S_IXGRP).\n\n",
612 lp_servicename(talloc_tos(), s));
614 if (lp_printing(s) == PRINT_CUPS && *(lp_print_command(talloc_tos(), s)) != '\0') {
616 "Warning: Service %s defines a print command, but "
617 "parameter is ignored when using CUPS libraries.\n\n",
618 lp_servicename(talloc_tos(), s));
621 vfs_objects = lp_vfs_objects(s);
622 if (vfs_objects && str_list_check(vfs_objects, "fruit")) {
625 doesnt_use_fruit = true;
628 if (uses_fruit && doesnt_use_fruit && !fruit_mix_warned) {
629 fruit_mix_warned = true;
631 "WARNING: some services use vfs_fruit, others don't. Mounting them "
632 "in conjunction on OS X clients results in undefined behaviour.\n\n");
636 int main(int argc, const char *argv[])
638 const char *config_file = get_dyn_CONFIGFILE();
640 static int silent_mode = False;
641 static int show_all_parameters = False;
644 static char *parameter_name = NULL;
645 static const char *section_name = NULL;
648 static int show_defaults;
649 static int skip_logic_checks = 0;
651 struct poptOption long_options[] = {
654 .longName = "suppress-prompt",
656 .argInfo = POPT_ARG_VAL,
659 .descrip = "Suppress prompt for enter",
662 .longName = "verbose",
664 .argInfo = POPT_ARG_NONE,
665 .arg = &show_defaults,
667 .descrip = "Show default options too",
670 .longName = "skip-logic-checks",
672 .argInfo = POPT_ARG_NONE,
673 .arg = &skip_logic_checks,
675 .descrip = "Skip the global checks",
678 .longName = "show-all-parameters",
680 .argInfo = POPT_ARG_VAL,
681 .arg = &show_all_parameters,
683 .descrip = "Show the parameters, type, possible "
687 .longName = "parameter-name",
689 .argInfo = POPT_ARG_STRING,
690 .arg = ¶meter_name,
692 .descrip = "Limit testparm to a named parameter",
695 .longName = "section-name",
697 .argInfo = POPT_ARG_STRING,
698 .arg = §ion_name,
700 .descrip = "Limit testparm to a named section",
703 POPT_COMMON_DEBUGLEVEL
708 TALLOC_CTX *frame = talloc_stackframe();
712 * Set the default debug level to 1.
713 * Allow it to be overridden by the command line,
716 lp_set_cmdline("log level", "1");
718 pc = poptGetContext(NULL, argc, argv, long_options,
719 POPT_CONTEXT_KEEP_FIRST);
720 poptSetOtherOptionHelp(pc, "[OPTION...] <config-file> [host-name] [host-ip]");
722 while(poptGetNextOpt(pc) != -1);
724 if (show_all_parameters) {
725 show_parameter_list();
729 setup_logging(poptGetArg(pc), DEBUG_STDERR);
732 config_file = poptGetArg(pc);
734 cname = poptGetArg(pc);
735 caddr = poptGetArg(pc);
739 if ( cname && ! caddr ) {
740 printf ( "ERROR: You must specify both a machine name and an IP address.\n" );
745 cmdline_messaging_context(config_file);
747 fprintf(stderr,"Load smb config files from %s\n",config_file);
749 if (!lp_load_with_registry_shares(config_file)) {
750 fprintf(stderr,"Error loading services.\n");
755 fprintf(stderr,"Loaded services file OK.\n");
757 if (skip_logic_checks == 0) {
758 ret = do_global_checks();
761 for (s=0;s<1000;s++) {
762 if (VALID_SNUM(s) && (skip_logic_checks == 0)) {
763 do_per_share_checks(s);
768 if (!section_name && !parameter_name) {
770 "Server role: %s\n\n",
771 server_role_str(lp_server_role()));
776 fprintf(stderr,"Press enter to see a dump of your service definitions\n");
780 if (parameter_name || section_name) {
781 bool isGlobal = False;
782 s = GLOBAL_SECTION_SNUM;
785 section_name = GLOBAL_NAME;
787 } else if ((isGlobal=!strwicmp(section_name, GLOBAL_NAME)) == 0 &&
788 (s=lp_servicenumber(section_name)) == -1) {
789 fprintf(stderr,"Unknown section %s\n",
794 if (parameter_name) {
795 if (!dump_a_parameter( s, parameter_name, stdout, isGlobal)) {
796 fprintf(stderr,"Parameter %s unknown for section %s\n",
797 parameter_name, section_name);
802 if (isGlobal == True)
803 lp_dump(stdout, show_defaults, 0);
805 lp_dump_one(stdout, show_defaults, s);
810 lp_dump(stdout, show_defaults, lp_numservices());
814 /* this is totally ugly, a real `quick' hack */
815 for (s=0;s<1000;s++) {
817 if (allow_access(lp_hosts_deny(-1), lp_hosts_allow(-1), cname, caddr)
818 && allow_access(lp_hosts_deny(s), lp_hosts_allow(s), cname, caddr)) {
819 fprintf(stderr,"Allow connection from %s (%s) to %s\n",
820 cname,caddr,lp_servicename(talloc_tos(), s));
822 fprintf(stderr,"Deny connection from %s (%s) to %s\n",
823 cname,caddr,lp_servicename(talloc_tos(), s));
git.samba.org / ambi / samba-autobuild / .git / blob