2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
57 #include "system/filesys.h"
59 #include "lib/param/loadparm.h"
60 #include "lib/param/param.h"
62 #include "lib/smbconf/smbconf.h"
63 #include "lib/smbconf/smbconf_init.h"
66 #include "../librpc/gen_ndr/svcctl.h"
68 #include "../libcli/smb/smb_signing.h"
69 #include "dbwrap/dbwrap.h"
70 #include "dbwrap/dbwrap_rbt.h"
71 #include "../lib/util/bitmap.h"
72 #include "librpc/gen_ndr/nbt.h"
73 #include "source4/lib/tls/tls.h"
74 #include "libcli/auth/ntlm_check.h"
76 #ifdef HAVE_SYS_SYSCTL_H
77 #include <sys/sysctl.h>
82 extern userdom_struct current_user_info;
84 /* the special value for the include parameter
85 * to be interpreted not as a file name but to
86 * trigger loading of the global smb.conf options
88 #ifndef INCLUDE_REGISTRY_NAME
89 #define INCLUDE_REGISTRY_NAME "registry"
92 static bool in_client = false; /* Not in the client by default */
93 static struct smbconf_csn conf_last_csn;
95 static int config_backend = CONFIG_BACKEND_FILE;
97 /* some helpful bits */
98 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
99 (ServicePtrs != NULL) && \
100 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
101 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
102 ServicePtrs[i]->valid)
104 #define USERSHARE_VALID 1
105 #define USERSHARE_PENDING_DELETE 2
107 static bool defaults_saved = false;
109 #include "lib/param/param_global.h"
111 static struct loadparm_global Globals;
113 /* This is a default service used to prime a services structure */
114 static const struct loadparm_service _sDefault =
119 .usershare_last_mod = {0, 0},
122 .invalid_users = NULL,
129 .root_preexec = NULL,
130 .root_postexec = NULL,
131 .cups_options = NULL,
132 .print_command = NULL,
134 .lprm_command = NULL,
135 .lppause_command = NULL,
136 .lpresume_command = NULL,
137 .queuepause_command = NULL,
138 .queueresume_command = NULL,
139 ._printername = NULL,
140 .printjob_username = NULL,
141 .dont_descend = NULL,
144 .magic_script = NULL,
145 .magic_output = NULL,
148 .veto_oplock_files = NULL,
158 .aio_write_behind = NULL,
159 .dfree_command = NULL,
160 .min_print_space = 0,
161 .max_print_jobs = 1000,
162 .max_reported_print_jobs = 0,
163 .write_cache_size = 0,
165 .force_create_mode = 0,
166 .directory_mask = 0755,
167 .force_directory_mode = 0,
168 .max_connections = 0,
169 .default_case = CASE_LOWER,
170 .printing = DEFAULT_PRINTING,
173 .dfree_cache_time = 0,
174 .preexec_close = false,
175 .root_preexec_close = false,
176 .case_sensitive = Auto,
177 .preserve_case = true,
178 .short_preserve_case = true,
179 .hide_dot_files = true,
180 .hide_special_files = false,
181 .hide_unreadable = false,
182 .hide_unwriteable_files = false,
184 .access_based_share_enum = false,
189 .administrative_share = false,
192 .print_notify_backchannel = false,
196 .store_dos_attributes = true,
197 .dmapi_support = false,
199 .strict_locking = Auto,
200 .posix_locking = true,
202 .kernel_oplocks = false,
203 .level2_oplocks = true,
204 .mangled_names = MANGLED_NAMES_YES,
206 .follow_symlinks = true,
207 .sync_always = false,
208 .strict_allocate = false,
209 .strict_rename = false,
211 .mangling_char = '~',
213 .delete_readonly = false,
214 .fake_oplocks = false,
215 .delete_veto_files = false,
216 .dos_filemode = false,
217 .dos_filetimes = true,
218 .dos_filetime_resolution = false,
219 .fake_directory_create_times = false,
220 .blocking_locks = true,
221 .inherit_permissions = false,
222 .inherit_acls = false,
223 .inherit_owner = false,
225 .msdfs_shuffle_referrals = false,
226 .use_client_driver = false,
227 .default_devmode = true,
228 .force_printername = false,
229 .nt_acl_support = true,
230 .force_unknown_acl_user = false,
231 ._use_sendfile = false,
232 .map_acl_inherit = false,
235 .acl_check_permissions = true,
236 .acl_map_full_control = true,
237 .acl_group_control = false,
238 .acl_allow_execute_always = false,
239 .allocation_roundup_size = SMB_ROUNDUP_ALLOCATION_SIZE,
242 .map_readonly = MAP_READONLY_NO,
243 .directory_name_cache_size = 100,
244 .smb_encrypt = SMB_SIGNING_DEFAULT,
245 .kernel_share_modes = true,
246 .durable_handles = true,
247 .check_parent_directory_delete_on_close = false,
249 .smbd_search_ask_sharemode = true,
250 .smbd_getinfo_ask_sharemode = true,
255 * This is a copy of the default service structure. Service options in the
256 * global section would otherwise overwrite the initial default values.
258 static struct loadparm_service sDefault;
260 /* local variables */
261 static struct loadparm_service **ServicePtrs = NULL;
262 static int iNumServices = 0;
263 static int iServiceIndex = 0;
264 static struct db_context *ServiceHash;
265 static bool bInGlobalSection = true;
266 static bool bGlobalOnly = false;
267 static struct file_lists *file_lists = NULL;
268 static unsigned int *flags_list = NULL;
270 static void set_allowed_client_auth(void);
272 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
273 static void free_param_opts(struct parmlist_entry **popts);
276 * Function to return the default value for the maximum number of open
277 * file descriptors permitted. This function tries to consult the
278 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
279 * the smaller of those.
281 static int max_open_files(void)
283 int sysctl_max = MAX_OPEN_FILES;
284 int rlimit_max = MAX_OPEN_FILES;
286 #ifdef HAVE_SYSCTLBYNAME
288 size_t size = sizeof(sysctl_max);
289 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
294 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
300 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
301 rlimit_max = rl.rlim_cur;
303 #if defined(RLIM_INFINITY)
304 if(rl.rlim_cur == RLIM_INFINITY)
305 rlimit_max = MAX_OPEN_FILES;
310 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
311 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
312 "minimum Windows limit (%d)\n",
314 MIN_OPEN_FILES_WINDOWS));
315 sysctl_max = MIN_OPEN_FILES_WINDOWS;
318 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
319 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
320 "minimum Windows limit (%d)\n",
322 MIN_OPEN_FILES_WINDOWS));
323 rlimit_max = MIN_OPEN_FILES_WINDOWS;
326 return MIN(sysctl_max, rlimit_max);
330 * Common part of freeing allocated data for one parameter.
332 static void free_one_parameter_common(void *parm_ptr,
333 struct parm_struct parm)
335 if ((parm.type == P_STRING) ||
336 (parm.type == P_USTRING))
338 lpcfg_string_free((char**)parm_ptr);
339 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
340 TALLOC_FREE(*((char***)parm_ptr));
345 * Free the allocated data for one parameter for a share
346 * given as a service struct.
348 static void free_one_parameter(struct loadparm_service *service,
349 struct parm_struct parm)
353 if (parm.p_class != P_LOCAL) {
357 parm_ptr = lp_parm_ptr(service, &parm);
359 free_one_parameter_common(parm_ptr, parm);
363 * Free the allocated parameter data of a share given
364 * as a service struct.
366 static void free_parameters(struct loadparm_service *service)
370 for (i=0; parm_table[i].label; i++) {
371 free_one_parameter(service, parm_table[i]);
376 * Free the allocated data for one parameter for a given share
377 * specified by an snum.
379 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
384 parm_ptr = lp_parm_ptr(NULL, &parm);
385 } else if (parm.p_class != P_LOCAL) {
388 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
391 free_one_parameter_common(parm_ptr, parm);
395 * Free the allocated parameter data for a share specified
398 static void free_parameters_by_snum(int snum)
402 for (i=0; parm_table[i].label; i++) {
403 free_one_parameter_by_snum(snum, parm_table[i]);
408 * Free the allocated global parameters.
410 static void free_global_parameters(void)
413 struct parm_struct *parm;
415 free_param_opts(&Globals.param_opt);
416 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
418 /* Reset references in the defaults because the context is going to be freed */
419 for (i=0; parm_table[i].label; i++) {
420 parm = &parm_table[i];
421 if ((parm->type == P_STRING) ||
422 (parm->type == P_USTRING)) {
423 if ((parm->def.svalue != NULL) &&
424 (*(parm->def.svalue) != '\0')) {
425 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
426 parm->def.svalue = NULL;
431 TALLOC_FREE(Globals.ctx);
434 struct lp_stored_option {
435 struct lp_stored_option *prev, *next;
440 static struct lp_stored_option *stored_options;
443 save options set by lp_set_cmdline() into a list. This list is
444 re-applied when we do a globals reset, so that cmdline set options
445 are sticky across reloads of smb.conf
447 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
449 struct lp_stored_option *entry, *entry_next;
450 for (entry = stored_options; entry != NULL; entry = entry_next) {
451 entry_next = entry->next;
452 if (strcmp(pszParmName, entry->label) == 0) {
453 DLIST_REMOVE(stored_options, entry);
459 entry = talloc(NULL, struct lp_stored_option);
464 entry->label = talloc_strdup(entry, pszParmName);
470 entry->value = talloc_strdup(entry, pszParmValue);
476 DLIST_ADD_END(stored_options, entry);
481 static bool apply_lp_set_cmdline(void)
483 struct lp_stored_option *entry = NULL;
484 for (entry = stored_options; entry != NULL; entry = entry->next) {
485 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
486 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
487 entry->label, entry->value));
494 /***************************************************************************
495 Initialise the global parameter structure.
496 ***************************************************************************/
498 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
500 static bool done_init = false;
504 /* If requested to initialize only once and we've already done it... */
505 if (!reinit_globals && done_init) {
506 /* ... then we have nothing more to do */
511 /* The logfile can be set before this is invoked. Free it if so. */
512 lpcfg_string_free(&Globals.logfile);
515 free_global_parameters();
518 /* This memset and the free_global_parameters() above will
519 * wipe out smb.conf options set with lp_set_cmdline(). The
520 * apply_lp_set_cmdline() call puts these values back in the
521 * table once the defaults are set */
522 ZERO_STRUCT(Globals);
524 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
526 /* Initialize the flags list if necessary */
527 if (flags_list == NULL) {
531 for (i = 0; parm_table[i].label; i++) {
532 if ((parm_table[i].type == P_STRING ||
533 parm_table[i].type == P_USTRING))
537 (char **)lp_parm_ptr(NULL, &parm_table[i]),
543 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
544 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
546 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
548 sDefault.ntvfs_handler = str_list_make_v3_const(NULL, "unixuid default", NULL);
550 DEBUG(3, ("Initialising global parameters\n"));
552 /* Must manually force to upper case here, as this does not go via the handler */
553 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
556 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
557 get_dyn_SMB_PASSWD_FILE());
558 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
559 get_dyn_PRIVATE_DIR());
560 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
561 get_dyn_BINDDNS_DIR());
563 /* use the new 'hash2' method by default, with a prefix of 1 */
564 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
565 Globals.mangle_prefix = 1;
567 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
569 /* using UTF8 by default allows us to support all chars */
570 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
571 DEFAULT_UNIX_CHARSET);
573 /* Use codepage 850 as a default for the dos character set */
574 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
575 DEFAULT_DOS_CHARSET);
578 * Allow the default PASSWD_CHAT to be overridden in local.h.
580 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
581 DEFAULT_PASSWD_CHAT);
583 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
585 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
586 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
588 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
590 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
592 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
594 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
597 * By default support explicit binding to broadcast
600 Globals.nmbd_bind_explicit_broadcast = true;
602 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
604 smb_panic("init_globals: ENOMEM");
606 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
609 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
610 "/bin/sleep 999999999");
613 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
614 DEFAULT_SOCKET_OPTIONS);
616 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
617 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
618 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
619 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
620 "\\\\%N\\%U\\profile");
622 Globals.name_resolve_order =
623 str_list_make_v3_const(Globals.ctx,
624 DEFAULT_NAME_RESOLVE_ORDER,
626 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
628 Globals.algorithmic_rid_base = BASE_RID;
630 Globals.load_printers = true;
631 Globals.printcap_cache_time = 750; /* 12.5 minutes */
633 Globals.config_backend = config_backend;
634 Globals._server_role = ROLE_AUTO;
636 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
637 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
638 Globals.max_xmit = 0x4104;
639 Globals.max_mux = 50; /* This is *needed* for profile support. */
640 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
641 Globals._disable_spoolss = false;
642 Globals.max_smbd_processes = 0;/* no limit specified */
643 Globals.username_level = 0;
644 Globals.deadtime = 10080;
645 Globals.getwd_cache = true;
646 Globals.large_readwrite = true;
647 Globals.max_log_size = 5000;
648 Globals.max_open_files = max_open_files();
649 Globals.server_max_protocol = PROTOCOL_SMB3_11;
650 Globals.server_min_protocol = PROTOCOL_LANMAN1;
651 Globals._client_max_protocol = PROTOCOL_DEFAULT;
652 Globals.client_min_protocol = PROTOCOL_CORE;
653 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
654 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
655 Globals._security = SEC_AUTO;
656 Globals.encrypt_passwords = true;
657 Globals.client_schannel = true;
658 Globals.winbind_sealed_pipes = true;
659 Globals.require_strong_key = true;
660 Globals.server_schannel = true;
661 Globals.read_raw = true;
662 Globals.write_raw = true;
663 Globals.null_passwords = false;
664 Globals.old_password_allowed_period = 60;
665 Globals.obey_pam_restrictions = false;
667 Globals.syslog_only = false;
668 Globals.timestamp_logs = true;
669 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
670 Globals.debug_prefix_timestamp = false;
671 Globals.debug_hires_timestamp = true;
672 Globals.debug_pid = false;
673 Globals.debug_uid = false;
674 Globals.debug_class = false;
675 Globals.enable_core_files = true;
676 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
677 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
678 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
679 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
680 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
681 Globals.lm_interval = 60;
682 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
683 Globals.nis_homedir = false;
684 #ifdef WITH_NISPLUS_HOME
685 lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
686 "auto_home.org_dir");
688 lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
691 Globals.time_server = false;
692 Globals.bind_interfaces_only = false;
693 Globals.unix_password_sync = false;
694 Globals.pam_password_change = false;
695 Globals.passwd_chat_debug = false;
696 Globals.passwd_chat_timeout = 2; /* 2 second default. */
697 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
698 Globals.nt_status_support = true; /* Use NT status by default. */
699 Globals.smbd_profiling_level = 0;
700 Globals.stat_cache = true; /* use stat cache by default */
701 Globals.max_stat_cache_size = 512; /* 512k by default */
702 Globals.restrict_anonymous = 0;
703 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
704 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
705 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
706 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
707 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
708 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
709 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
711 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
713 Globals.map_to_guest = 0; /* By Default, "Never" */
714 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
715 Globals.enhanced_browsing = true;
716 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
717 Globals.use_mmap = true;
718 Globals.unicode = true;
719 Globals.unix_extensions = true;
720 Globals.reset_on_zero_vc = false;
721 Globals.log_writeable_files_on_exit = false;
722 Globals.create_krb5_conf = true;
723 Globals.include_system_krb5_conf = true;
724 Globals._winbind_max_domain_connections = 1;
726 /* hostname lookups can be very expensive and are broken on
727 a large number of sites (tridge) */
728 Globals.hostname_lookups = false;
730 Globals.change_notify = true,
731 Globals.kernel_change_notify = true,
733 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
734 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
735 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
738 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
740 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
741 Globals.ldap_ssl = LDAP_SSL_START_TLS;
742 Globals.ldap_ssl_ads = false;
743 Globals.ldap_deref = -1;
744 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
745 Globals.ldap_delete_dn = false;
746 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
747 Globals.ldap_follow_referral = Auto;
748 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
749 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
750 Globals.ldap_page_size = LDAP_PAGE_SIZE;
752 Globals.ldap_debug_level = 0;
753 Globals.ldap_debug_threshold = 10;
755 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
757 Globals.ldap_server_require_strong_auth =
758 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
760 /* This is what we tell the afs client. in reality we set the token
761 * to never expire, though, when this runs out the afs client will
762 * forget the token. Set to 0 to get NEVERDATE.*/
763 Globals.afs_token_lifetime = 604800;
764 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
766 /* these parameters are set to defaults that are more appropriate
767 for the increasing samba install base:
769 as a member of the workgroup, that will possibly become a
770 _local_ master browser (lm = true). this is opposed to a forced
771 local master browser startup (pm = true).
773 doesn't provide WINS server service by default (wsupp = false),
774 and doesn't provide domain master browser services by default, either.
778 Globals.show_add_printer_wizard = true;
779 Globals.os_level = 20;
780 Globals.local_master = true;
781 Globals._domain_master = Auto; /* depending on _domain_logons */
782 Globals._domain_logons = false;
783 Globals.browse_list = true;
784 Globals.we_are_a_wins_server = false;
785 Globals.wins_proxy = false;
787 TALLOC_FREE(Globals.init_logon_delayed_hosts);
788 Globals.init_logon_delay = 100; /* 100 ms default delay */
790 Globals.wins_dns_proxy = true;
792 Globals.allow_trusted_domains = true;
793 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
795 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
796 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
798 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
799 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
800 dyn_WINBINDD_SOCKET_DIR);
802 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
803 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
805 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
807 Globals.cluster_addresses = NULL;
808 Globals.clustering = false;
809 Globals.ctdb_timeout = 0;
810 Globals.ctdb_locktime_warn_threshold = 0;
812 Globals.winbind_cache_time = 300; /* 5 minutes */
813 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
814 Globals.winbind_request_timeout = 60; /* 60 seconds */
815 Globals.winbind_max_clients = 200;
816 Globals.winbind_enum_users = false;
817 Globals.winbind_enum_groups = false;
818 Globals.winbind_use_default_domain = false;
819 Globals.winbind_nested_groups = true;
820 Globals.winbind_expand_groups = 0;
821 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
822 Globals.winbind_refresh_tickets = false;
823 Globals.winbind_offline_logon = false;
824 Globals.winbind_scan_trusted_domains = true;
826 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
827 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
829 Globals.passdb_expand_explicit = false;
831 Globals.name_cache_timeout = 660; /* In seconds */
833 Globals.client_use_spnego = true;
835 Globals.client_signing = SMB_SIGNING_DEFAULT;
836 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
837 Globals.server_signing = SMB_SIGNING_DEFAULT;
839 Globals.defer_sharing_violations = true;
840 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
842 Globals.enable_privileges = true;
843 Globals.host_msdfs = true;
844 Globals.enable_asu_support = false;
846 /* User defined shares. */
847 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
849 smb_panic("init_globals: ENOMEM");
851 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
853 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
854 Globals.usershare_max_shares = 0;
855 /* By default disallow sharing of directories not owned by the sharer. */
856 Globals.usershare_owner_only = true;
857 /* By default disallow guest access to usershares. */
858 Globals.usershare_allow_guests = false;
860 Globals.keepalive = DEFAULT_KEEPALIVE;
862 /* By default no shares out of the registry */
863 Globals.registry_shares = false;
865 Globals.min_receivefile_size = 0;
867 Globals.multicast_dns_register = true;
869 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
870 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
871 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
872 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
873 Globals.smb2_leases = true;
875 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
876 get_dyn_NCALRPCDIR());
878 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
880 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
882 Globals.tls_enabled = true;
883 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
885 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
886 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
887 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
888 lpcfg_string_set(Globals.ctx, &Globals.tls_priority,
889 "NORMAL:-VERS-SSL3.0");
891 lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
893 Globals._preferred_master = Auto;
895 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
896 Globals.dns_zone_scavenging = false;
898 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
899 get_dyn_NTP_SIGND_SOCKET_DIR());
901 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
903 smb_panic("init_globals: ENOMEM");
905 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
909 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
912 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
914 smb_panic("init_globals: ENOMEM");
916 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
919 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
921 smb_panic("init_globals: ENOMEM");
923 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
926 Globals.apply_group_policies = false;
928 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
930 smb_panic("init_globals: ENOMEM");
932 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
935 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
937 Globals.rndc_command = str_list_make_v3_const(NULL, "/usr/sbin/rndc", NULL);
939 Globals.cldap_port = 389;
941 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
943 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
945 Globals.krb5_port = 88;
947 Globals.kpasswd_port = 464;
949 Globals.aio_max_threads = 100;
951 lpcfg_string_set(Globals.ctx,
952 &Globals.rpc_server_dynamic_port_range,
954 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
955 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
956 Globals.prefork_children = 4;
957 Globals.prefork_backoff_increment = 10;
958 Globals.prefork_maximum_backoff = 120;
960 /* Now put back the settings that were set with lp_set_cmdline() */
961 apply_lp_set_cmdline();
964 /* Convenience routine to setup an lp_context with additional s3 variables */
965 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
967 struct loadparm_context *lp_ctx;
969 lp_ctx = loadparm_init_s3(mem_ctx,
970 loadparm_s3_helpers());
971 if (lp_ctx == NULL) {
972 DEBUG(0, ("loadparm_init_s3 failed\n"));
976 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
977 if (lp_ctx->sDefault == NULL) {
978 DBG_ERR("talloc_zero failed\n");
983 *lp_ctx->sDefault = _sDefault;
984 lp_ctx->services = NULL; /* We do not want to access this directly */
985 lp_ctx->bInGlobalSection = bInGlobalSection;
986 lp_ctx->flags = flags_list;
991 /*******************************************************************
992 Convenience routine to grab string parameters into talloced memory
993 and run standard_sub_basic on them. The buffers can be written to by
994 callers without affecting the source string.
995 ********************************************************************/
997 char *lp_string(TALLOC_CTX *ctx, const char *s)
1001 /* The follow debug is useful for tracking down memory problems
1002 especially if you have an inner loop that is calling a lp_*()
1003 function that returns a string. Perhaps this debug should be
1004 present all the time? */
1007 DEBUG(10, ("lp_string(%s)\n", s));
1013 ret = talloc_sub_basic(ctx,
1014 get_current_username(),
1015 current_user_info.domain,
1017 if (trim_char(ret, '\"', '\"')) {
1018 if (strchr(ret,'\"') != NULL) {
1020 ret = talloc_sub_basic(ctx,
1021 get_current_username(),
1022 current_user_info.domain,
1030 In this section all the functions that are used to access the
1031 parameters from the rest of the program are defined
1034 #define FN_GLOBAL_STRING(fn_name,ptr) \
1035 char *lp_ ## fn_name(TALLOC_CTX *ctx) {return(lp_string((ctx), *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : ""));}
1036 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1037 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1038 #define FN_GLOBAL_LIST(fn_name,ptr) \
1039 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1040 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1041 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1042 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1043 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1044 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1045 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1047 #define FN_LOCAL_STRING(fn_name,val) \
1048 char *lp_ ## fn_name(TALLOC_CTX *ctx,int i) {return(lp_string((ctx), (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));}
1049 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1050 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1051 #define FN_LOCAL_LIST(fn_name,val) \
1052 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1053 #define FN_LOCAL_BOOL(fn_name,val) \
1054 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1055 #define FN_LOCAL_INTEGER(fn_name,val) \
1056 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1058 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1059 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1060 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1061 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1062 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1063 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1065 int lp_winbind_max_domain_connections(void)
1067 if (lp_winbind_offline_logon() &&
1068 lp__winbind_max_domain_connections() > 1) {
1069 DEBUG(1, ("offline logons active, restricting max domain "
1070 "connections to 1\n"));
1073 return MAX(1, lp__winbind_max_domain_connections());
1076 /* These functions remain in source3/param for now */
1078 #include "lib/param/param_functions.c"
1080 FN_LOCAL_STRING(servicename, szService)
1081 FN_LOCAL_CONST_STRING(const_servicename, szService)
1083 /* These functions cannot be auto-generated */
1084 FN_LOCAL_BOOL(autoloaded, autoloaded)
1085 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1087 /* local prototypes */
1089 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1090 static const char *get_boolean(bool bool_value);
1091 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1093 static bool hash_a_service(const char *name, int number);
1094 static void free_service_byindex(int iService);
1095 static void show_parameter(int parmIndex);
1096 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1097 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1100 * This is a helper function for parametrical options support. It returns a
1101 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1102 * parametrical functions are quite simple
1104 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1107 if (snum >= iNumServices) return NULL;
1110 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1112 return get_parametric_helper(ServicePtrs[snum],
1113 type, option, Globals.param_opt);
1117 static void discard_whitespace(char *str)
1119 size_t len = strlen(str);
1123 if (isspace(str[i])) {
1124 memmove(&str[i], &str[i+1], len-i);
1133 * @brief Go through all global parametric parameters
1135 * @param regex_str A regular expression to scan param for
1136 * @param max_matches Max number of submatches the regexp expects
1137 * @param cb Function to call on match. Should return true
1138 * when it wants wi_scan_global_parametrics to stop
1140 * @param private_data Anonymous pointer passed to cb
1142 * @return 0: success, regcomp/regexec return value on error.
1143 * See "man regexec" for possible errors
1146 int lp_wi_scan_global_parametrics(
1147 const char *regex_str, size_t max_matches,
1148 bool (*cb)(const char *string, regmatch_t matches[],
1149 void *private_data),
1152 struct parmlist_entry *data;
1156 ret = regcomp(®ex, regex_str, REG_ICASE);
1161 for (data = Globals.param_opt; data != NULL; data = data->next) {
1162 size_t keylen = strlen(data->key);
1164 regmatch_t matches[max_matches];
1167 memcpy(key, data->key, sizeof(key));
1168 discard_whitespace(key);
1170 ret = regexec(®ex, key, max_matches, matches, 0);
1171 if (ret == REG_NOMATCH) {
1178 stop = cb(key, matches, private_data);
1191 #define MISSING_PARAMETER(name) \
1192 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1194 /*******************************************************************
1195 convenience routine to return enum parameters.
1196 ********************************************************************/
1197 static int lp_enum(const char *s,const struct enum_list *_enum)
1201 if (!s || !*s || !_enum) {
1202 MISSING_PARAMETER(lp_enum);
1206 for (i=0; _enum[i].name; i++) {
1207 if (strequal(_enum[i].name,s))
1208 return _enum[i].value;
1211 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1215 #undef MISSING_PARAMETER
1217 /* Return parametric option from a given service. Type is a part of option before ':' */
1218 /* Parametric option has following syntax: 'Type: option = value' */
1219 char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def)
1221 struct parmlist_entry *data = get_parametrics(snum, type, option);
1223 if (data == NULL||data->value==NULL) {
1225 return lp_string(ctx, def);
1231 return lp_string(ctx, data->value);
1234 /* Return parametric option from a given service. Type is a part of option before ':' */
1235 /* Parametric option has following syntax: 'Type: option = value' */
1236 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1238 struct parmlist_entry *data = get_parametrics(snum, type, option);
1240 if (data == NULL||data->value==NULL)
1247 /* Return parametric option from a given service. Type is a part of option before ':' */
1248 /* Parametric option has following syntax: 'Type: option = value' */
1250 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1252 struct parmlist_entry *data = get_parametrics(snum, type, option);
1254 if (data == NULL||data->value==NULL)
1255 return (const char **)def;
1257 if (data->list==NULL) {
1258 data->list = str_list_make_v3(NULL, data->value, NULL);
1261 return discard_const_p(const char *, data->list);
1264 /* Return parametric option from a given service. Type is a part of option before ':' */
1265 /* Parametric option has following syntax: 'Type: option = value' */
1267 int lp_parm_int(int snum, const char *type, const char *option, int def)
1269 struct parmlist_entry *data = get_parametrics(snum, type, option);
1271 if (data && data->value && *data->value)
1272 return lp_int(data->value);
1277 /* Return parametric option from a given service. Type is a part of option before ':' */
1278 /* Parametric option has following syntax: 'Type: option = value' */
1280 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1282 struct parmlist_entry *data = get_parametrics(snum, type, option);
1284 if (data && data->value && *data->value)
1285 return lp_ulong(data->value);
1290 /* Return parametric option from a given service. Type is a part of option before ':' */
1291 /* Parametric option has following syntax: 'Type: option = value' */
1293 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1294 const char *option, unsigned long long def)
1296 struct parmlist_entry *data = get_parametrics(snum, type, option);
1298 if (data && data->value && *data->value) {
1299 return lp_ulonglong(data->value);
1305 /* Return parametric option from a given service. Type is a part of option
1307 /* Parametric option has following syntax: 'Type: option = value' */
1309 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1311 struct parmlist_entry *data = get_parametrics(snum, type, option);
1313 if (data && data->value && *data->value)
1314 return lp_bool(data->value);
1319 /* Return parametric option from a given service. Type is a part of option before ':' */
1320 /* Parametric option has following syntax: 'Type: option = value' */
1322 int lp_parm_enum(int snum, const char *type, const char *option,
1323 const struct enum_list *_enum, int def)
1325 struct parmlist_entry *data = get_parametrics(snum, type, option);
1327 if (data && data->value && *data->value && _enum)
1328 return lp_enum(data->value, _enum);
1334 * free a param_opts structure.
1335 * param_opts handling should be moved to talloc;
1336 * then this whole functions reduces to a TALLOC_FREE().
1339 static void free_param_opts(struct parmlist_entry **popts)
1341 struct parmlist_entry *opt, *next_opt;
1343 if (*popts != NULL) {
1344 DEBUG(5, ("Freeing parametrics:\n"));
1347 while (opt != NULL) {
1348 lpcfg_string_free(&opt->key);
1349 lpcfg_string_free(&opt->value);
1350 TALLOC_FREE(opt->list);
1351 next_opt = opt->next;
1358 /***************************************************************************
1359 Free the dynamically allocated parts of a service struct.
1360 ***************************************************************************/
1362 static void free_service(struct loadparm_service *pservice)
1367 if (pservice->szService)
1368 DEBUG(5, ("free_service: Freeing service %s\n",
1369 pservice->szService));
1371 free_parameters(pservice);
1373 lpcfg_string_free(&pservice->szService);
1374 TALLOC_FREE(pservice->copymap);
1376 free_param_opts(&pservice->param_opt);
1378 ZERO_STRUCTP(pservice);
1382 /***************************************************************************
1383 remove a service indexed in the ServicePtrs array from the ServiceHash
1384 and free the dynamically allocated parts
1385 ***************************************************************************/
1387 static void free_service_byindex(int idx)
1389 if ( !LP_SNUM_OK(idx) )
1392 ServicePtrs[idx]->valid = false;
1394 /* we have to cleanup the hash record */
1396 if (ServicePtrs[idx]->szService) {
1397 char *canon_name = canonicalize_servicename(
1399 ServicePtrs[idx]->szService );
1401 dbwrap_delete_bystring(ServiceHash, canon_name );
1402 TALLOC_FREE(canon_name);
1405 free_service(ServicePtrs[idx]);
1406 TALLOC_FREE(ServicePtrs[idx]);
1409 /***************************************************************************
1410 Add a new service to the services array initialising it with the given
1412 ***************************************************************************/
1414 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1417 struct loadparm_service **tsp = NULL;
1419 /* it might already exist */
1421 i = getservicebyname(name, NULL);
1427 /* Re use empty slots if any before allocating new one.*/
1428 for (i=0; i < iNumServices; i++) {
1429 if (ServicePtrs[i] == NULL) {
1433 if (i == iNumServices) {
1434 /* if not, then create one */
1435 tsp = talloc_realloc(NULL, ServicePtrs,
1436 struct loadparm_service *,
1439 DEBUG(0, ("add_a_service: failed to enlarge "
1446 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1447 if (!ServicePtrs[i]) {
1448 DEBUG(0,("add_a_service: out of memory!\n"));
1452 ServicePtrs[i]->valid = true;
1454 copy_service(ServicePtrs[i], pservice, NULL);
1456 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1459 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1460 i, ServicePtrs[i]->szService));
1462 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1469 /***************************************************************************
1470 Convert a string to uppercase and remove whitespaces.
1471 ***************************************************************************/
1473 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1478 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1482 result = talloc_strdup(ctx, src);
1483 SMB_ASSERT(result != NULL);
1485 if (!strlower_m(result)) {
1486 TALLOC_FREE(result);
1492 /***************************************************************************
1493 Add a name/index pair for the services array to the hash table.
1494 ***************************************************************************/
1496 static bool hash_a_service(const char *name, int idx)
1500 if ( !ServiceHash ) {
1501 DEBUG(10,("hash_a_service: creating servicehash\n"));
1502 ServiceHash = db_open_rbt(NULL);
1503 if ( !ServiceHash ) {
1504 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1509 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1512 canon_name = canonicalize_servicename(talloc_tos(), name );
1514 dbwrap_store_bystring(ServiceHash, canon_name,
1515 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1518 TALLOC_FREE(canon_name);
1523 /***************************************************************************
1524 Add a new home service, with the specified home directory, defaults coming
1526 ***************************************************************************/
1528 bool lp_add_home(const char *pszHomename, int iDefaultService,
1529 const char *user, const char *pszHomedir)
1534 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1535 pszHomedir[0] == '\0') {
1539 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1544 global_path = lp_path(talloc_tos(), GLOBAL_SECTION_SNUM);
1545 if (!(*(ServicePtrs[iDefaultService]->path))
1546 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1547 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1550 TALLOC_FREE(global_path);
1552 if (!(*(ServicePtrs[i]->comment))) {
1553 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1554 if (comment == NULL) {
1557 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1559 TALLOC_FREE(comment);
1562 /* set the browseable flag from the global default */
1564 ServicePtrs[i]->browseable = sDefault.browseable;
1565 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1567 ServicePtrs[i]->autoloaded = true;
1569 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1570 user, ServicePtrs[i]->path ));
1575 /***************************************************************************
1576 Add a new service, based on an old one.
1577 ***************************************************************************/
1579 int lp_add_service(const char *pszService, int iDefaultService)
1581 if (iDefaultService < 0) {
1582 return add_a_service(&sDefault, pszService);
1585 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1588 /***************************************************************************
1589 Add the IPC service.
1590 ***************************************************************************/
1592 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1594 char *comment = NULL;
1595 int i = add_a_service(&sDefault, ipc_name);
1600 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1601 Globals.server_string);
1602 if (comment == NULL) {
1606 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1607 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1608 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1609 ServicePtrs[i]->max_connections = 0;
1610 ServicePtrs[i]->available = true;
1611 ServicePtrs[i]->read_only = true;
1612 ServicePtrs[i]->guest_only = false;
1613 ServicePtrs[i]->administrative_share = true;
1614 ServicePtrs[i]->guest_ok = guest_ok;
1615 ServicePtrs[i]->printable = false;
1616 ServicePtrs[i]->browseable = sDefault.browseable;
1617 ServicePtrs[i]->autoloaded = false;
1619 DEBUG(3, ("adding IPC service\n"));
1621 TALLOC_FREE(comment);
1625 /***************************************************************************
1626 Add a new printer service, with defaults coming from service iFrom.
1627 ***************************************************************************/
1629 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1631 const char *comment = "From Printcap";
1632 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1637 /* note that we do NOT default the availability flag to true - */
1638 /* we take it from the default service passed. This allows all */
1639 /* dynamic printers to be disabled by disabling the [printers] */
1640 /* entry (if/when the 'available' keyword is implemented!). */
1642 /* the printer name is set to the service name. */
1643 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1645 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1647 /* set the browseable flag from the gloabl default */
1648 ServicePtrs[i]->browseable = sDefault.browseable;
1650 /* Printers cannot be read_only. */
1651 ServicePtrs[i]->read_only = false;
1652 /* No oplocks on printer services. */
1653 ServicePtrs[i]->oplocks = false;
1654 /* Printer services must be printable. */
1655 ServicePtrs[i]->printable = true;
1657 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1663 /***************************************************************************
1664 Check whether the given parameter name is valid.
1665 Parametric options (names containing a colon) are considered valid.
1666 ***************************************************************************/
1668 bool lp_parameter_is_valid(const char *pszParmName)
1670 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1671 (strchr(pszParmName, ':') != NULL));
1674 /***************************************************************************
1675 Check whether the given name is the name of a global parameter.
1676 Returns true for strings belonging to parameters of class
1677 P_GLOBAL, false for all other strings, also for parametric options
1678 and strings not belonging to any option.
1679 ***************************************************************************/
1681 bool lp_parameter_is_global(const char *pszParmName)
1683 int num = lpcfg_map_parameter(pszParmName);
1686 return (parm_table[num].p_class == P_GLOBAL);
1692 /**************************************************************************
1693 Determine the canonical name for a parameter.
1694 Indicate when it is an inverse (boolean) synonym instead of a
1696 **************************************************************************/
1698 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1703 if (!lp_parameter_is_valid(parm_name)) {
1708 num = map_parameter_canonical(parm_name, inverse);
1710 /* parametric option */
1711 *canon_parm = parm_name;
1713 *canon_parm = parm_table[num].label;
1720 /**************************************************************************
1721 Determine the canonical name for a parameter.
1722 Turn the value given into the inverse boolean expression when
1723 the synonym is an invers boolean synonym.
1726 - parm_name is a valid parameter name and
1727 - val is a valid value for this parameter and
1728 - in case the parameter is an inverse boolean synonym, if the val
1729 string could successfully be converted to the reverse bool.
1730 Return false in all other cases.
1731 **************************************************************************/
1733 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1735 const char **canon_parm,
1736 const char **canon_val)
1742 if (!lp_parameter_is_valid(parm_name)) {
1748 num = map_parameter_canonical(parm_name, &inverse);
1750 /* parametric option */
1751 *canon_parm = parm_name;
1756 *canon_parm = parm_table[num].label;
1758 if (!lp_invert_boolean(val, canon_val)) {
1766 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1771 /***************************************************************************
1772 Map a parameter's string representation to the index of the canonical
1773 form of the parameter (it might be a synonym).
1774 Returns -1 if the parameter string is not recognised.
1775 ***************************************************************************/
1777 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1779 int parm_num, canon_num;
1780 bool loc_inverse = false;
1782 parm_num = lpcfg_map_parameter(pszParmName);
1783 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1784 /* invalid, parametric or no canidate for synonyms ... */
1788 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1789 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1790 parm_num = canon_num;
1796 if (inverse != NULL) {
1797 *inverse = loc_inverse;
1802 /***************************************************************************
1803 return true if parameter number parm1 is a synonym of parameter
1804 number parm2 (parm2 being the principal name).
1805 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1807 ***************************************************************************/
1809 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1811 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1812 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1813 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1814 !(parm_table[parm2].flags & FLAG_SYNONYM))
1816 if (inverse != NULL) {
1817 if ((parm_table[parm1].type == P_BOOLREV) &&
1818 (parm_table[parm2].type == P_BOOL))
1830 /***************************************************************************
1831 Show one parameter's name, type, [values,] and flags.
1832 (helper functions for show_parameter_list)
1833 ***************************************************************************/
1835 static void show_parameter(int parmIndex)
1837 size_t enumIndex, flagIndex;
1842 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1843 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1844 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1845 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1846 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1848 printf("%s=%s", parm_table[parmIndex].label,
1849 type[parm_table[parmIndex].type]);
1850 if (parm_table[parmIndex].type == P_ENUM) {
1853 parm_table[parmIndex].enum_list[enumIndex].name;
1857 enumIndex ? "|" : "",
1858 parm_table[parmIndex].enum_list[enumIndex].name);
1863 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1864 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1867 flag_names[flagIndex]);
1872 /* output synonyms */
1874 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1875 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1876 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1877 parm_table[parmIndex2].label);
1878 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1880 printf(" (synonyms: ");
1885 printf("%s%s", parm_table[parmIndex2].label,
1886 inverse ? "[i]" : "");
1897 * Check the value for a P_ENUM
1899 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1903 for (i = 0; parm->enum_list[i].name; i++) {
1904 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1911 /**************************************************************************
1912 Check whether the given value is valid for the given parameter name.
1913 **************************************************************************/
1915 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1917 bool ret = false, tmp_bool;
1918 int num = lpcfg_map_parameter(parm_name), tmp_int;
1919 uint64_t tmp_int64 = 0;
1920 struct parm_struct *parm;
1922 /* parametric options (parameter names containing a colon) cannot
1923 be checked and are therefore considered valid. */
1924 if (strchr(parm_name, ':') != NULL) {
1929 parm = &parm_table[num];
1930 switch (parm->type) {
1933 ret = set_boolean(val, &tmp_bool);
1937 ret = (sscanf(val, "%d", &tmp_int) == 1);
1941 ret = (sscanf(val, "%o", &tmp_int) == 1);
1945 ret = check_enum_parameter(parm, val);
1949 if (conv_str_size_error(val, &tmp_int64) &&
1950 tmp_int64 <= INT_MAX) {
1967 /***************************************************************************
1968 Show all parameter's name, type, [values,] and flags.
1969 ***************************************************************************/
1971 void show_parameter_list(void)
1973 int classIndex, parmIndex;
1974 const char *section_names[] = { "local", "global", NULL};
1976 for (classIndex=0; section_names[classIndex]; classIndex++) {
1977 printf("[%s]\n", section_names[classIndex]);
1978 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
1979 if (parm_table[parmIndex].p_class == classIndex) {
1980 show_parameter(parmIndex);
1986 /***************************************************************************
1987 Get the standard string representation of a boolean value ("yes" or "no")
1988 ***************************************************************************/
1990 static const char *get_boolean(bool bool_value)
1992 static const char *yes_str = "yes";
1993 static const char *no_str = "no";
1995 return (bool_value ? yes_str : no_str);
1998 /***************************************************************************
1999 Provide the string of the negated boolean value associated to the boolean
2000 given as a string. Returns false if the passed string does not correctly
2001 represent a boolean.
2002 ***************************************************************************/
2004 bool lp_invert_boolean(const char *str, const char **inverse_str)
2008 if (!set_boolean(str, &val)) {
2012 *inverse_str = get_boolean(!val);
2016 /***************************************************************************
2017 Provide the canonical string representation of a boolean value given
2018 as a string. Return true on success, false if the string given does
2019 not correctly represent a boolean.
2020 ***************************************************************************/
2022 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2026 if (!set_boolean(str, &val)) {
2030 *canon_str = get_boolean(val);
2034 /***************************************************************************
2035 Find a service by name. Otherwise works like get_service.
2036 ***************************************************************************/
2038 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2045 if (ServiceHash == NULL) {
2049 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2051 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2054 if (NT_STATUS_IS_OK(status) &&
2055 (data.dptr != NULL) &&
2056 (data.dsize == sizeof(iService)))
2058 memcpy(&iService, data.dptr, sizeof(iService));
2061 TALLOC_FREE(canon_name);
2063 if ((iService != -1) && (LP_SNUM_OK(iService))
2064 && (pserviceDest != NULL)) {
2065 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2071 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2072 struct loadparm_service *lp_service(const char *pszServiceName)
2074 int iService = getservicebyname(pszServiceName, NULL);
2075 if (iService == -1 || !LP_SNUM_OK(iService)) {
2078 return ServicePtrs[iService];
2081 struct loadparm_service *lp_servicebynum(int snum)
2083 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2086 return ServicePtrs[snum];
2089 struct loadparm_service *lp_default_loadparm_service()
2094 static struct smbconf_ctx *lp_smbconf_ctx(void)
2097 static struct smbconf_ctx *conf_ctx = NULL;
2099 if (conf_ctx == NULL) {
2100 err = smbconf_init(NULL, &conf_ctx, "registry:");
2101 if (!SBC_ERROR_IS_OK(err)) {
2102 DEBUG(1, ("error initializing registry configuration: "
2103 "%s\n", sbcErrorString(err)));
2111 static bool process_smbconf_service(struct smbconf_service *service)
2116 if (service == NULL) {
2120 ret = lp_do_section(service->name, NULL);
2124 for (count = 0; count < service->num_params; count++) {
2126 if (!bInGlobalSection && bGlobalOnly) {
2129 const char *pszParmName = service->param_names[count];
2130 const char *pszParmValue = service->param_values[count];
2132 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2134 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2135 pszParmName, pszParmValue);
2142 if (iServiceIndex >= 0) {
2143 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2149 * load a service from registry and activate it
2151 bool process_registry_service(const char *service_name)
2154 struct smbconf_service *service = NULL;
2155 TALLOC_CTX *mem_ctx = talloc_stackframe();
2156 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2159 if (conf_ctx == NULL) {
2163 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2165 if (!smbconf_share_exists(conf_ctx, service_name)) {
2167 * Registry does not contain data for this service (yet),
2168 * but make sure lp_load doesn't return false.
2174 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2175 if (!SBC_ERROR_IS_OK(err)) {
2179 ret = process_smbconf_service(service);
2185 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2188 TALLOC_FREE(mem_ctx);
2193 * process_registry_globals
2195 static bool process_registry_globals(void)
2199 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2201 if (!bInGlobalSection && bGlobalOnly) {
2204 const char *pszParmName = "registry shares";
2205 const char *pszParmValue = "yes";
2207 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2209 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2210 pszParmName, pszParmValue);
2217 return process_registry_service(GLOBAL_NAME);
2220 bool process_registry_shares(void)
2224 struct smbconf_service **service = NULL;
2225 uint32_t num_shares = 0;
2226 TALLOC_CTX *mem_ctx = talloc_stackframe();
2227 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2230 if (conf_ctx == NULL) {
2234 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2235 if (!SBC_ERROR_IS_OK(err)) {
2241 for (count = 0; count < num_shares; count++) {
2242 if (strequal(service[count]->name, GLOBAL_NAME)) {
2245 ret = process_smbconf_service(service[count]);
2252 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2255 TALLOC_FREE(mem_ctx);
2260 * reload those shares from registry that are already
2261 * activated in the services array.
2263 static bool reload_registry_shares(void)
2268 for (i = 0; i < iNumServices; i++) {
2273 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2277 ret = process_registry_service(ServicePtrs[i]->szService);
2288 #define MAX_INCLUDE_DEPTH 100
2290 static uint8_t include_depth;
2293 * Free the file lists
2295 static void free_file_list(void)
2297 struct file_lists *f;
2298 struct file_lists *next;
2311 * Utility function for outsiders to check if we're running on registry.
2313 bool lp_config_backend_is_registry(void)
2315 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2319 * Utility function to check if the config backend is FILE.
2321 bool lp_config_backend_is_file(void)
2323 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2326 /*******************************************************************
2327 Check if a config file has changed date.
2328 ********************************************************************/
2330 bool lp_file_list_changed(void)
2332 struct file_lists *f = file_lists;
2334 DEBUG(6, ("lp_file_list_changed()\n"));
2337 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2338 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2340 if (conf_ctx == NULL) {
2343 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2346 DEBUGADD(6, ("registry config changed\n"));
2353 n2 = talloc_sub_basic(talloc_tos(),
2354 get_current_username(),
2355 current_user_info.domain,
2360 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2361 f->name, n2, ctime(&f->modtime)));
2363 mod_time = file_modtime(n2);
2366 ((f->modtime != mod_time) ||
2367 (f->subfname == NULL) ||
2368 (strcmp(n2, f->subfname) != 0)))
2371 ("file %s modified: %s\n", n2,
2373 f->modtime = mod_time;
2374 TALLOC_FREE(f->subfname);
2375 f->subfname = talloc_strdup(f, n2);
2376 if (f->subfname == NULL) {
2377 smb_panic("talloc_strdup failed");
2391 * Initialize iconv conversion descriptors.
2393 * This is called the first time it is needed, and also called again
2394 * every time the configuration is reloaded, because the charset or
2395 * codepage might have changed.
2397 static void init_iconv(void)
2399 struct smb_iconv_handle *ret = NULL;
2401 ret = reinit_iconv_handle(NULL,
2405 smb_panic("reinit_iconv_handle failed");
2409 /***************************************************************************
2410 Handle the include operation.
2411 ***************************************************************************/
2412 static bool bAllowIncludeRegistry = true;
2414 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2415 const char *pszParmValue, char **ptr)
2419 if (include_depth >= MAX_INCLUDE_DEPTH) {
2420 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2425 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2426 if (!bAllowIncludeRegistry) {
2429 if (lp_ctx->bInGlobalSection) {
2432 ret = process_registry_globals();
2436 DEBUG(1, ("\"include = registry\" only effective "
2437 "in %s section\n", GLOBAL_NAME));
2442 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2443 current_user_info.domain,
2446 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2448 if (service == NULL) {
2449 lpcfg_string_set(Globals.ctx, ptr, fname);
2451 lpcfg_string_set(service, ptr, fname);
2454 if (file_exist(fname)) {
2457 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2463 DEBUG(2, ("Can't find include file %s\n", fname));
2468 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2470 char *config_option = NULL;
2471 const char *range = NULL;
2474 SMB_ASSERT(low != NULL);
2475 SMB_ASSERT(high != NULL);
2477 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2481 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2483 if (config_option == NULL) {
2484 DEBUG(0, ("out of memory\n"));
2488 range = lp_parm_const_string(-1, config_option, "range", NULL);
2489 if (range == NULL) {
2490 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2494 if (sscanf(range, "%u - %u", low, high) != 2) {
2495 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2496 range, domain_name));
2503 talloc_free(config_option);
2508 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2510 return lp_idmap_range("*", low, high);
2513 const char *lp_idmap_backend(const char *domain_name)
2515 char *config_option = NULL;
2516 const char *backend = NULL;
2518 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2522 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2524 if (config_option == NULL) {
2525 DEBUG(0, ("out of memory\n"));
2529 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2530 if (backend == NULL) {
2531 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2536 talloc_free(config_option);
2540 const char *lp_idmap_default_backend(void)
2542 return lp_idmap_backend("*");
2545 /***************************************************************************
2546 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2547 ***************************************************************************/
2549 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2551 const char *suffix_string;
2553 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2554 Globals.ldap_suffix );
2555 if ( !suffix_string ) {
2556 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2560 return suffix_string;
2563 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2565 if (Globals._ldap_machine_suffix[0])
2566 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2568 return lp_string(ctx, Globals.ldap_suffix);
2571 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2573 if (Globals._ldap_user_suffix[0])
2574 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2576 return lp_string(ctx, Globals.ldap_suffix);
2579 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2581 if (Globals._ldap_group_suffix[0])
2582 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2584 return lp_string(ctx, Globals.ldap_suffix);
2587 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2589 if (Globals._ldap_idmap_suffix[0])
2590 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2592 return lp_string(ctx, Globals.ldap_suffix);
2596 return the parameter pointer for a parameter
2598 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2600 if (service == NULL) {
2601 if (parm->p_class == P_LOCAL)
2602 return (void *)(((char *)&sDefault)+parm->offset);
2603 else if (parm->p_class == P_GLOBAL)
2604 return (void *)(((char *)&Globals)+parm->offset);
2607 return (void *)(((char *)service) + parm->offset);
2611 /***************************************************************************
2612 Process a parameter for a particular service number. If snum < 0
2613 then assume we are in the globals.
2614 ***************************************************************************/
2616 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2618 TALLOC_CTX *frame = talloc_stackframe();
2619 struct loadparm_context *lp_ctx;
2622 lp_ctx = setup_lp_context(frame);
2623 if (lp_ctx == NULL) {
2629 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2631 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2632 pszParmName, pszParmValue);
2640 /***************************************************************************
2641 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2642 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2643 ***************************************************************************/
2645 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2648 parmnum = lpcfg_map_parameter(pszParmName);
2650 flags_list[parmnum] &= ~FLAG_CMDLINE;
2651 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2654 flags_list[parmnum] |= FLAG_CMDLINE;
2656 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2657 * be grouped in the table, so we don't have to search the
2660 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2661 && parm_table[i].p_class == parm_table[parmnum].p_class;
2663 flags_list[i] |= FLAG_CMDLINE;
2665 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2666 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2667 flags_list[i] |= FLAG_CMDLINE;
2673 /* it might be parametric */
2674 if (strchr(pszParmName, ':') != NULL) {
2675 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2679 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2683 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2686 TALLOC_CTX *frame = talloc_stackframe();
2687 struct loadparm_context *lp_ctx;
2689 lp_ctx = setup_lp_context(frame);
2690 if (lp_ctx == NULL) {
2695 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2701 /***************************************************************************
2702 Process a parameter.
2703 ***************************************************************************/
2705 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2708 if (!bInGlobalSection && bGlobalOnly)
2711 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2713 if (bInGlobalSection) {
2714 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2716 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2717 pszParmName, pszParmValue);
2721 /***************************************************************************
2722 Initialize any local variables in the sDefault table, after parsing a
2724 ***************************************************************************/
2726 static void init_locals(void)
2729 * We run this check once the [globals] is parsed, to force
2730 * the VFS objects and other per-share settings we need for
2731 * the standard way a AD DC is operated. We may change these
2732 * as our code evolves, which is why we force these settings.
2734 * We can't do this at the end of lp_load_ex(), as by that
2735 * point the services have been loaded and they will already
2736 * have "" as their vfs objects.
2738 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2739 const char **vfs_objects = lp_vfs_objects(-1);
2740 if (!vfs_objects || !vfs_objects[0]) {
2741 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2742 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2743 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2744 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2746 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2750 lp_do_parameter(-1, "map hidden", "no");
2751 lp_do_parameter(-1, "map system", "no");
2752 lp_do_parameter(-1, "map readonly", "no");
2753 lp_do_parameter(-1, "map archive", "no");
2754 lp_do_parameter(-1, "store dos attributes", "yes");
2758 /***************************************************************************
2759 Process a new section (service). At this stage all sections are services.
2760 Later we'll have special sections that permit server parameters to be set.
2761 Returns true on success, false on failure.
2762 ***************************************************************************/
2764 bool lp_do_section(const char *pszSectionName, void *userdata)
2766 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2768 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2769 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2772 /* if we were in a global section then do the local inits */
2773 if (bInGlobalSection && !isglobal)
2776 /* if we've just struck a global section, note the fact. */
2777 bInGlobalSection = isglobal;
2778 if (lp_ctx != NULL) {
2779 lp_ctx->bInGlobalSection = isglobal;
2782 /* check for multiple global sections */
2783 if (bInGlobalSection) {
2784 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2788 if (!bInGlobalSection && bGlobalOnly)
2791 /* if we have a current service, tidy it up before moving on */
2794 if (iServiceIndex >= 0)
2795 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2797 /* if all is still well, move to the next record in the services array */
2799 /* We put this here to avoid an odd message order if messages are */
2800 /* issued by the post-processing of a previous section. */
2801 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2803 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2804 if (iServiceIndex < 0) {
2805 DEBUG(0, ("Failed to add a new service\n"));
2808 /* Clean all parametric options for service */
2809 /* They will be added during parsing again */
2810 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2816 /***************************************************************************
2817 Display the contents of a parameter of a single services record.
2818 ***************************************************************************/
2820 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2822 bool result = false;
2823 struct loadparm_context *lp_ctx;
2825 lp_ctx = setup_lp_context(talloc_tos());
2826 if (lp_ctx == NULL) {
2831 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2833 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2835 TALLOC_FREE(lp_ctx);
2840 /***************************************************************************
2841 Display the contents of a single copy structure.
2842 ***************************************************************************/
2843 static void dump_copy_map(bool *pcopymap)
2849 printf("\n\tNon-Copied parameters:\n");
2851 for (i = 0; parm_table[i].label; i++)
2852 if (parm_table[i].p_class == P_LOCAL &&
2853 parm_table[i].ptr && !pcopymap[i] &&
2854 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2856 printf("\t\t%s\n", parm_table[i].label);
2861 /***************************************************************************
2862 Return TRUE if the passed service number is within range.
2863 ***************************************************************************/
2865 bool lp_snum_ok(int iService)
2867 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2870 /***************************************************************************
2871 Auto-load some home services.
2872 ***************************************************************************/
2874 static void lp_add_auto_services(char *str)
2884 s = talloc_strdup(talloc_tos(), str);
2886 smb_panic("talloc_strdup failed");
2890 homes = lp_servicenumber(HOMES_NAME);
2892 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2893 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2896 if (lp_servicenumber(p) >= 0)
2899 home = get_user_home_dir(talloc_tos(), p);
2901 if (home && home[0] && homes >= 0)
2902 lp_add_home(p, homes, p, home);
2909 /***************************************************************************
2910 Auto-load one printer.
2911 ***************************************************************************/
2913 void lp_add_one_printer(const char *name, const char *comment,
2914 const char *location, void *pdata)
2916 int printers = lp_servicenumber(PRINTERS_NAME);
2919 if (lp_servicenumber(name) < 0) {
2920 lp_add_printer(name, printers);
2921 if ((i = lp_servicenumber(name)) >= 0) {
2922 lpcfg_string_set(ServicePtrs[i],
2923 &ServicePtrs[i]->comment, comment);
2924 ServicePtrs[i]->autoloaded = true;
2929 /***************************************************************************
2930 Have we loaded a services file yet?
2931 ***************************************************************************/
2933 bool lp_loaded(void)
2938 /***************************************************************************
2939 Unload unused services.
2940 ***************************************************************************/
2942 void lp_killunused(struct smbd_server_connection *sconn,
2943 bool (*snumused) (struct smbd_server_connection *, int))
2946 for (i = 0; i < iNumServices; i++) {
2950 /* don't kill autoloaded or usershare services */
2951 if ( ServicePtrs[i]->autoloaded ||
2952 ServicePtrs[i]->usershare == USERSHARE_VALID) {
2956 if (!snumused || !snumused(sconn, i)) {
2957 free_service_byindex(i);
2963 * Kill all except autoloaded and usershare services - convenience wrapper
2965 void lp_kill_all_services(void)
2967 lp_killunused(NULL, NULL);
2970 /***************************************************************************
2972 ***************************************************************************/
2974 void lp_killservice(int iServiceIn)
2976 if (VALID(iServiceIn)) {
2977 free_service_byindex(iServiceIn);
2981 /***************************************************************************
2982 Save the curent values of all global and sDefault parameters into the
2983 defaults union. This allows testparm to show only the
2984 changed (ie. non-default) parameters.
2985 ***************************************************************************/
2987 static void lp_save_defaults(void)
2990 struct parmlist_entry * parm;
2991 for (i = 0; parm_table[i].label; i++) {
2992 if (!(flags_list[i] & FLAG_CMDLINE)) {
2993 flags_list[i] |= FLAG_DEFAULT;
2996 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
2997 && parm_table[i].p_class == parm_table[i - 1].p_class)
2999 switch (parm_table[i].type) {
3002 parm_table[i].def.lvalue = str_list_copy(
3003 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3009 &parm_table[i].def.svalue,
3010 *(char **)lp_parm_ptr(
3011 NULL, &parm_table[i]));
3012 if (parm_table[i].def.svalue == NULL) {
3013 smb_panic("lpcfg_string_set() failed");
3018 parm_table[i].def.bvalue =
3019 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3022 parm_table[i].def.cvalue =
3023 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3029 parm_table[i].def.ivalue =
3030 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3035 for (parm=Globals.param_opt; parm; parm=parm->next) {
3036 if (!(parm->priority & FLAG_CMDLINE)) {
3037 parm->priority |= FLAG_DEFAULT;
3041 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3042 if (!(parm->priority & FLAG_CMDLINE)) {
3043 parm->priority |= FLAG_DEFAULT;
3047 defaults_saved = true;
3050 /***********************************************************
3051 If we should send plaintext/LANMAN passwords in the clinet
3052 ************************************************************/
3054 static void set_allowed_client_auth(void)
3056 if (Globals.client_ntlmv2_auth) {
3057 Globals.client_lanman_auth = false;
3059 if (!Globals.client_lanman_auth) {
3060 Globals.client_plaintext_auth = false;
3064 /***************************************************************************
3066 The following code allows smbd to read a user defined share file.
3067 Yes, this is my intent. Yes, I'm comfortable with that...
3069 THE FOLLOWING IS SECURITY CRITICAL CODE.
3071 It washes your clothes, it cleans your house, it guards you while you sleep...
3072 Do not f%^k with it....
3073 ***************************************************************************/
3075 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3077 /***************************************************************************
3078 Check allowed stat state of a usershare file.
3079 Ensure we print out who is dicking with us so the admin can
3080 get their sorry ass fired.
3081 ***************************************************************************/
3083 static bool check_usershare_stat(const char *fname,
3084 const SMB_STRUCT_STAT *psbuf)
3086 if (!S_ISREG(psbuf->st_ex_mode)) {
3087 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3088 "not a regular file\n",
3089 fname, (unsigned int)psbuf->st_ex_uid ));
3093 /* Ensure this doesn't have the other write bit set. */
3094 if (psbuf->st_ex_mode & S_IWOTH) {
3095 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3096 "public write. Refusing to allow as a usershare file.\n",
3097 fname, (unsigned int)psbuf->st_ex_uid ));
3101 /* Should be 10k or less. */
3102 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3103 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3104 "too large (%u) to be a user share file.\n",
3105 fname, (unsigned int)psbuf->st_ex_uid,
3106 (unsigned int)psbuf->st_ex_size ));
3113 /***************************************************************************
3114 Parse the contents of a usershare file.
3115 ***************************************************************************/
3117 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3118 SMB_STRUCT_STAT *psbuf,
3119 const char *servicename,
3123 char **pp_sharepath,
3125 char **pp_cp_servicename,
3126 struct security_descriptor **ppsd,
3129 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3130 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3133 SMB_STRUCT_STAT sbuf;
3134 char *sharepath = NULL;
3135 char *comment = NULL;
3137 *pp_sharepath = NULL;
3140 *pallow_guest = false;
3143 return USERSHARE_MALFORMED_FILE;
3146 if (strcmp(lines[0], "#VERSION 1") == 0) {
3148 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3151 return USERSHARE_MALFORMED_FILE;
3154 return USERSHARE_BAD_VERSION;
3157 if (strncmp(lines[1], "path=", 5) != 0) {
3158 return USERSHARE_MALFORMED_PATH;
3161 sharepath = talloc_strdup(ctx, &lines[1][5]);
3163 return USERSHARE_POSIX_ERR;
3165 trim_string(sharepath, " ", " ");
3167 if (strncmp(lines[2], "comment=", 8) != 0) {
3168 return USERSHARE_MALFORMED_COMMENT_DEF;
3171 comment = talloc_strdup(ctx, &lines[2][8]);
3173 return USERSHARE_POSIX_ERR;
3175 trim_string(comment, " ", " ");
3176 trim_char(comment, '"', '"');
3178 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3179 return USERSHARE_MALFORMED_ACL_DEF;
3182 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3183 return USERSHARE_ACL_ERR;
3187 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3188 return USERSHARE_MALFORMED_ACL_DEF;
3190 if (lines[4][9] == 'y') {
3191 *pallow_guest = true;
3194 /* Backwards compatible extension to file version #2. */
3196 if (strncmp(lines[5], "sharename=", 10) != 0) {
3197 return USERSHARE_MALFORMED_SHARENAME_DEF;
3199 if (!strequal(&lines[5][10], servicename)) {
3200 return USERSHARE_BAD_SHARENAME;
3202 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3203 if (!*pp_cp_servicename) {
3204 return USERSHARE_POSIX_ERR;
3209 if (*pp_cp_servicename == NULL) {
3210 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3211 if (!*pp_cp_servicename) {
3212 return USERSHARE_POSIX_ERR;
3216 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3217 /* Path didn't change, no checks needed. */
3218 *pp_sharepath = sharepath;
3219 *pp_comment = comment;
3220 return USERSHARE_OK;
3223 /* The path *must* be absolute. */
3224 if (sharepath[0] != '/') {
3225 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3226 servicename, sharepath));
3227 return USERSHARE_PATH_NOT_ABSOLUTE;
3230 /* If there is a usershare prefix deny list ensure one of these paths
3231 doesn't match the start of the user given path. */
3232 if (prefixdenylist) {
3234 for ( i=0; prefixdenylist[i]; i++ ) {
3235 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3236 servicename, i, prefixdenylist[i], sharepath ));
3237 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3238 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3239 "usershare prefix deny list entries.\n",
3240 servicename, sharepath));
3241 return USERSHARE_PATH_IS_DENIED;
3246 /* If there is a usershare prefix allow list ensure one of these paths
3247 does match the start of the user given path. */
3249 if (prefixallowlist) {
3251 for ( i=0; prefixallowlist[i]; i++ ) {
3252 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3253 servicename, i, prefixallowlist[i], sharepath ));
3254 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3258 if (prefixallowlist[i] == NULL) {
3259 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3260 "usershare prefix allow list entries.\n",
3261 servicename, sharepath));
3262 return USERSHARE_PATH_NOT_ALLOWED;
3266 /* Ensure this is pointing to a directory. */
3267 dp = opendir(sharepath);
3270 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3271 servicename, sharepath));
3272 return USERSHARE_PATH_NOT_DIRECTORY;
3275 /* Ensure the owner of the usershare file has permission to share
3278 if (sys_stat(sharepath, &sbuf, false) == -1) {
3279 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3280 servicename, sharepath, strerror(errno) ));
3282 return USERSHARE_POSIX_ERR;
3287 if (!S_ISDIR(sbuf.st_ex_mode)) {
3288 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3289 servicename, sharepath ));
3290 return USERSHARE_PATH_NOT_DIRECTORY;
3293 /* Check if sharing is restricted to owner-only. */
3294 /* psbuf is the stat of the usershare definition file,
3295 sbuf is the stat of the target directory to be shared. */
3297 if (lp_usershare_owner_only()) {
3298 /* root can share anything. */
3299 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3300 return USERSHARE_PATH_NOT_ALLOWED;
3304 *pp_sharepath = sharepath;
3305 *pp_comment = comment;
3306 return USERSHARE_OK;
3309 /***************************************************************************
3310 Deal with a usershare file.
3313 -1 - Bad name, invalid contents.
3314 - service name already existed and not a usershare, problem
3315 with permissions to share directory etc.
3316 ***************************************************************************/
3318 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3320 SMB_STRUCT_STAT sbuf;
3321 SMB_STRUCT_STAT lsbuf;
3323 char *sharepath = NULL;
3324 char *comment = NULL;
3325 char *cp_service_name = NULL;
3326 char **lines = NULL;
3330 TALLOC_CTX *ctx = talloc_stackframe();
3331 struct security_descriptor *psd = NULL;
3332 bool guest_ok = false;
3333 char *canon_name = NULL;
3334 bool added_service = false;
3337 /* Ensure share name doesn't contain invalid characters. */
3338 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3339 DEBUG(0,("process_usershare_file: share name %s contains "
3340 "invalid characters (any of %s)\n",
3341 file_name, INVALID_SHARENAME_CHARS ));
3345 canon_name = canonicalize_servicename(ctx, file_name);
3350 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3355 /* Minimize the race condition by doing an lstat before we
3356 open and fstat. Ensure this isn't a symlink link. */
3358 if (sys_lstat(fname, &lsbuf, false) != 0) {
3359 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3360 fname, strerror(errno) ));
3364 /* This must be a regular file, not a symlink, directory or
3365 other strange filetype. */
3366 if (!check_usershare_stat(fname, &lsbuf)) {
3374 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3379 if (NT_STATUS_IS_OK(status) &&
3380 (data.dptr != NULL) &&
3381 (data.dsize == sizeof(iService))) {
3382 memcpy(&iService, data.dptr, sizeof(iService));
3386 if (iService != -1 &&
3387 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3388 &lsbuf.st_ex_mtime) == 0) {
3389 /* Nothing changed - Mark valid and return. */
3390 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3392 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3397 /* Try and open the file read only - no symlinks allowed. */
3399 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3401 fd = open(fname, O_RDONLY, 0);
3405 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3406 fname, strerror(errno) ));
3410 /* Now fstat to be *SURE* it's a regular file. */
3411 if (sys_fstat(fd, &sbuf, false) != 0) {
3413 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3414 fname, strerror(errno) ));
3418 /* Is it the same dev/inode as was lstated ? */
3419 if (!check_same_stat(&lsbuf, &sbuf)) {
3421 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3422 "Symlink spoofing going on ?\n", fname ));
3426 /* This must be a regular file, not a symlink, directory or
3427 other strange filetype. */
3428 if (!check_usershare_stat(fname, &sbuf)) {
3433 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3436 if (lines == NULL) {
3437 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3438 fname, (unsigned int)sbuf.st_ex_uid ));
3442 if (parse_usershare_file(ctx, &sbuf, file_name,
3443 iService, lines, numlines, &sharepath,
3444 &comment, &cp_service_name,
3445 &psd, &guest_ok) != USERSHARE_OK) {
3449 /* Everything ok - add the service possibly using a template. */
3451 const struct loadparm_service *sp = &sDefault;
3452 if (snum_template != -1) {
3453 sp = ServicePtrs[snum_template];
3456 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3457 DEBUG(0, ("process_usershare_file: Failed to add "
3458 "new service %s\n", cp_service_name));
3462 added_service = true;
3464 /* Read only is controlled by usershare ACL below. */
3465 ServicePtrs[iService]->read_only = false;
3468 /* Write the ACL of the new/modified share. */
3469 if (!set_share_security(canon_name, psd)) {
3470 DEBUG(0, ("process_usershare_file: Failed to set share "
3471 "security for user share %s\n",
3476 /* If from a template it may be marked invalid. */
3477 ServicePtrs[iService]->valid = true;
3479 /* Set the service as a valid usershare. */
3480 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3482 /* Set guest access. */
3483 if (lp_usershare_allow_guests()) {
3484 ServicePtrs[iService]->guest_ok = guest_ok;
3487 /* And note when it was loaded. */
3488 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3489 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3491 lpcfg_string_set(ServicePtrs[iService],
3492 &ServicePtrs[iService]->comment, comment);
3498 if (ret == -1 && iService != -1 && added_service) {
3499 lp_remove_service(iService);
3507 /***************************************************************************
3508 Checks if a usershare entry has been modified since last load.
3509 ***************************************************************************/
3511 static bool usershare_exists(int iService, struct timespec *last_mod)
3513 SMB_STRUCT_STAT lsbuf;
3514 const char *usersharepath = Globals.usershare_path;
3517 fname = talloc_asprintf(talloc_tos(),
3520 ServicePtrs[iService]->szService);
3521 if (fname == NULL) {
3525 if (sys_lstat(fname, &lsbuf, false) != 0) {
3530 if (!S_ISREG(lsbuf.st_ex_mode)) {
3536 *last_mod = lsbuf.st_ex_mtime;
3540 static bool usershare_directory_is_root(uid_t uid)
3546 if (uid_wrapper_enabled()) {
3553 /***************************************************************************
3554 Load a usershare service by name. Returns a valid servicenumber or -1.
3555 ***************************************************************************/
3557 int load_usershare_service(const char *servicename)
3559 SMB_STRUCT_STAT sbuf;
3560 const char *usersharepath = Globals.usershare_path;
3561 int max_user_shares = Globals.usershare_max_shares;
3562 int snum_template = -1;
3564 if (*usersharepath == 0 || max_user_shares == 0) {
3568 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3569 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3570 usersharepath, strerror(errno) ));
3574 if (!S_ISDIR(sbuf.st_ex_mode)) {
3575 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3581 * This directory must be owned by root, and have the 't' bit set.
3582 * It also must not be writable by "other".
3586 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3587 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3589 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3590 (sbuf.st_ex_mode & S_IWOTH)) {
3592 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3593 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3598 /* Ensure the template share exists if it's set. */
3599 if (Globals.usershare_template_share[0]) {
3600 /* We can't use lp_servicenumber here as we are recommending that
3601 template shares have -valid=false set. */
3602 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3603 if (ServicePtrs[snum_template]->szService &&
3604 strequal(ServicePtrs[snum_template]->szService,
3605 Globals.usershare_template_share)) {
3610 if (snum_template == -1) {
3611 DEBUG(0,("load_usershare_service: usershare template share %s "
3612 "does not exist.\n",
3613 Globals.usershare_template_share ));
3618 return process_usershare_file(usersharepath, servicename, snum_template);
3621 /***************************************************************************
3622 Load all user defined shares from the user share directory.
3623 We only do this if we're enumerating the share list.
3624 This is the function that can delete usershares that have
3626 ***************************************************************************/
3628 int load_usershare_shares(struct smbd_server_connection *sconn,
3629 bool (*snumused) (struct smbd_server_connection *, int))
3632 SMB_STRUCT_STAT sbuf;
3634 int num_usershares = 0;
3635 int max_user_shares = Globals.usershare_max_shares;
3636 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3637 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3638 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3640 int snum_template = -1;
3641 const char *usersharepath = Globals.usershare_path;
3642 int ret = lp_numservices();
3643 TALLOC_CTX *tmp_ctx;
3645 if (max_user_shares == 0 || *usersharepath == '\0') {
3646 return lp_numservices();
3649 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3650 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3651 usersharepath, strerror(errno) ));
3656 * This directory must be owned by root, and have the 't' bit set.
3657 * It also must not be writable by "other".
3661 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3663 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3665 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3666 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3671 /* Ensure the template share exists if it's set. */
3672 if (Globals.usershare_template_share[0]) {
3673 /* We can't use lp_servicenumber here as we are recommending that
3674 template shares have -valid=false set. */
3675 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3676 if (ServicePtrs[snum_template]->szService &&
3677 strequal(ServicePtrs[snum_template]->szService,
3678 Globals.usershare_template_share)) {
3683 if (snum_template == -1) {
3684 DEBUG(0,("load_usershare_shares: usershare template share %s "
3685 "does not exist.\n",
3686 Globals.usershare_template_share ));
3691 /* Mark all existing usershares as pending delete. */
3692 for (iService = iNumServices - 1; iService >= 0; iService--) {
3693 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3694 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3698 dp = opendir(usersharepath);
3700 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3701 usersharepath, strerror(errno) ));
3705 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3707 num_dir_entries++ ) {
3709 const char *n = de->d_name;
3711 /* Ignore . and .. */
3713 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3719 /* Temporary file used when creating a share. */
3720 num_tmp_dir_entries++;
3723 /* Allow 20% tmp entries. */
3724 if (num_tmp_dir_entries > allowed_tmp_entries) {
3725 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3726 "in directory %s\n",
3727 num_tmp_dir_entries, usersharepath));
3731 r = process_usershare_file(usersharepath, n, snum_template);
3733 /* Update the services count. */
3735 if (num_usershares >= max_user_shares) {
3736 DEBUG(0,("load_usershare_shares: max user shares reached "
3737 "on file %s in directory %s\n",
3738 n, usersharepath ));
3741 } else if (r == -1) {
3742 num_bad_dir_entries++;
3745 /* Allow 20% bad entries. */
3746 if (num_bad_dir_entries > allowed_bad_entries) {
3747 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3748 "in directory %s\n",
3749 num_bad_dir_entries, usersharepath));
3753 /* Allow 20% bad entries. */
3754 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3755 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3756 "in directory %s\n",
3757 num_dir_entries, usersharepath));
3764 /* Sweep through and delete any non-refreshed usershares that are
3765 not currently in use. */
3766 tmp_ctx = talloc_stackframe();
3767 for (iService = iNumServices - 1; iService >= 0; iService--) {
3768 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3771 if (snumused && snumused(sconn, iService)) {
3775 servname = lp_servicename(tmp_ctx, iService);
3777 /* Remove from the share ACL db. */
3778 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3780 delete_share_security(servname);
3781 free_service_byindex(iService);
3784 talloc_free(tmp_ctx);
3786 return lp_numservices();
3789 /********************************************************
3790 Destroy global resources allocated in this file
3791 ********************************************************/
3793 void gfree_loadparm(void)
3799 /* Free resources allocated to services */
3801 for ( i = 0; i < iNumServices; i++ ) {
3803 free_service_byindex(i);
3807 TALLOC_FREE( ServicePtrs );
3810 /* Now release all resources allocated to global
3811 parameters and the default service */
3813 free_global_parameters();
3817 /***************************************************************************
3818 Allow client apps to specify that they are a client
3819 ***************************************************************************/
3820 static void lp_set_in_client(bool b)
3826 /***************************************************************************
3827 Determine if we're running in a client app
3828 ***************************************************************************/
3829 static bool lp_is_in_client(void)
3834 static void lp_enforce_ad_dc_settings(void)
3836 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3837 lp_do_parameter(GLOBAL_SECTION_SNUM,
3838 "winbindd:use external pipes", "true");
3839 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3840 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3841 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3842 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3843 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3844 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3845 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3846 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3847 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3850 /***************************************************************************
3851 Load the services array from the services file. Return true on success,
3853 ***************************************************************************/
3855 static bool lp_load_ex(const char *pszFname,
3859 bool reinit_globals,
3860 bool allow_include_registry,
3861 bool load_all_shares)
3865 TALLOC_CTX *frame = talloc_stackframe();
3866 struct loadparm_context *lp_ctx;
3870 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3872 bInGlobalSection = true;
3873 bGlobalOnly = global_only;
3874 bAllowIncludeRegistry = allow_include_registry;
3875 sDefault = _sDefault;
3877 lp_ctx = setup_lp_context(talloc_tos());
3879 init_globals(lp_ctx, reinit_globals);
3883 if (save_defaults) {
3888 if (!reinit_globals) {
3889 free_param_opts(&Globals.param_opt);
3890 apply_lp_set_cmdline();
3893 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3895 /* We get sections first, so have to start 'behind' to make up */
3898 if (lp_config_backend_is_file()) {
3899 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3900 current_user_info.domain,
3903 smb_panic("lp_load_ex: out of memory");
3906 add_to_file_list(NULL, &file_lists, pszFname, n2);
3908 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3911 /* finish up the last section */
3912 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3914 if (iServiceIndex >= 0) {
3915 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3919 if (lp_config_backend_is_registry()) {
3921 /* config backend changed to registry in config file */
3923 * We need to use this extra global variable here to
3924 * survive restart: init_globals uses this as a default
3925 * for config_backend. Otherwise, init_globals would
3926 * send us into an endless loop here.
3929 config_backend = CONFIG_BACKEND_REGISTRY;
3931 DEBUG(1, ("lp_load_ex: changing to config backend "
3933 init_globals(lp_ctx, true);
3935 TALLOC_FREE(lp_ctx);
3937 lp_kill_all_services();
3938 ok = lp_load_ex(pszFname, global_only, save_defaults,
3939 add_ipc, reinit_globals,
3940 allow_include_registry,
3945 } else if (lp_config_backend_is_registry()) {
3946 bRetval = process_registry_globals();
3948 DEBUG(0, ("Illegal config backend given: %d\n",
3949 lp_config_backend()));
3953 if (bRetval && lp_registry_shares()) {
3954 if (load_all_shares) {
3955 bRetval = process_registry_shares();
3957 bRetval = reload_registry_shares();
3962 char *serv = lp_auto_services(talloc_tos());
3963 lp_add_auto_services(serv);
3968 /* When 'restrict anonymous = 2' guest connections to ipc$
3970 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
3971 if ( lp_enable_asu_support() ) {
3972 lp_add_ipc("ADMIN$", false);
3976 set_allowed_client_auth();
3978 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
3979 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
3980 lp_password_server()));
3985 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
3986 /* if we_are_a_wins_server is true and we are in the client */
3987 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
3988 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
3993 fault_configure(smb_panic_s3);
3996 * We run this check once the whole smb.conf is parsed, to
3997 * force some settings for the standard way a AD DC is
3998 * operated. We may change these as our code evolves, which
3999 * is why we force these settings.
4001 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4002 lp_enforce_ad_dc_settings();
4005 bAllowIncludeRegistry = true;
4011 static bool lp_load(const char *pszFname,
4015 bool reinit_globals)
4017 return lp_load_ex(pszFname,
4022 true, /* allow_include_registry */
4023 false); /* load_all_shares*/
4026 bool lp_load_initial_only(const char *pszFname)
4028 return lp_load_ex(pszFname,
4029 true, /* global only */
4030 true, /* save_defaults */
4031 false, /* add_ipc */
4032 true, /* reinit_globals */
4033 false, /* allow_include_registry */
4034 false); /* load_all_shares*/
4038 * most common lp_load wrapper, loading only the globals
4040 * If this is used in a daemon or client utility it should be called
4041 * after processing popt.
4043 bool lp_load_global(const char *file_name)
4045 return lp_load(file_name,
4046 true, /* global_only */
4047 false, /* save_defaults */
4048 false, /* add_ipc */
4049 true); /* reinit_globals */
4053 * The typical lp_load wrapper with shares, loads global and
4054 * shares, including IPC, but does not force immediate
4055 * loading of all shares from registry.
4057 bool lp_load_with_shares(const char *file_name)
4059 return lp_load(file_name,
4060 false, /* global_only */
4061 false, /* save_defaults */
4063 true); /* reinit_globals */
4067 * lp_load wrapper, especially for clients
4069 bool lp_load_client(const char *file_name)
4071 lp_set_in_client(true);
4073 return lp_load_global(file_name);
4077 * lp_load wrapper, loading only globals, but intended
4078 * for subsequent calls, not reinitializing the globals
4081 bool lp_load_global_no_reinit(const char *file_name)
4083 return lp_load(file_name,
4084 true, /* global_only */
4085 false, /* save_defaults */
4086 false, /* add_ipc */
4087 false); /* reinit_globals */
4091 * lp_load wrapper, loading globals and shares,
4092 * intended for subsequent calls, i.e. not reinitializing
4093 * the globals to default values.
4095 bool lp_load_no_reinit(const char *file_name)
4097 return lp_load(file_name,
4098 false, /* global_only */
4099 false, /* save_defaults */
4100 false, /* add_ipc */
4101 false); /* reinit_globals */
4106 * lp_load wrapper, especially for clients, no reinitialization
4108 bool lp_load_client_no_reinit(const char *file_name)
4110 lp_set_in_client(true);
4112 return lp_load_global_no_reinit(file_name);
4115 bool lp_load_with_registry_shares(const char *pszFname)
4117 return lp_load_ex(pszFname,
4118 false, /* global_only */
4119 true, /* save_defaults */
4120 false, /* add_ipc */
4121 true, /* reinit_globals */
4122 true, /* allow_include_registry */
4123 true); /* load_all_shares*/
4126 /***************************************************************************
4127 Return the max number of services.
4128 ***************************************************************************/
4130 int lp_numservices(void)
4132 return (iNumServices);
4135 /***************************************************************************
4136 Display the contents of the services array in human-readable form.
4137 ***************************************************************************/
4139 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4142 struct loadparm_context *lp_ctx;
4145 defaults_saved = false;
4147 lp_ctx = setup_lp_context(talloc_tos());
4148 if (lp_ctx == NULL) {
4152 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4154 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4156 for (iService = 0; iService < maxtoprint; iService++) {
4158 lp_dump_one(f, show_defaults, iService);
4160 TALLOC_FREE(lp_ctx);
4163 /***************************************************************************
4164 Display the contents of one service in human-readable form.
4165 ***************************************************************************/
4167 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4170 if (ServicePtrs[snum]->szService[0] == '\0')
4172 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4173 flags_list, show_defaults);
4177 /***************************************************************************
4178 Return the number of the service with the given name, or -1 if it doesn't
4179 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4180 getservicebyname()! This works ONLY if all services have been loaded, and
4181 does not copy the found service.
4182 ***************************************************************************/
4184 int lp_servicenumber(const char *pszServiceName)
4187 fstring serviceName;
4189 if (!pszServiceName) {
4190 return GLOBAL_SECTION_SNUM;
4193 for (iService = iNumServices - 1; iService >= 0; iService--) {
4194 if (VALID(iService) && ServicePtrs[iService]->szService) {
4196 * The substitution here is used to support %U in
4199 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4200 standard_sub_basic(get_current_username(),
4201 current_user_info.domain,
4202 serviceName,sizeof(serviceName));
4203 if (strequal(serviceName, pszServiceName)) {
4209 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4210 struct timespec last_mod;
4212 if (!usershare_exists(iService, &last_mod)) {
4213 /* Remove the share security tdb entry for it. */
4214 delete_share_security(lp_const_servicename(iService));
4215 /* Remove it from the array. */
4216 free_service_byindex(iService);
4217 /* Doesn't exist anymore. */
4218 return GLOBAL_SECTION_SNUM;
4221 /* Has it been modified ? If so delete and reload. */
4222 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4224 /* Remove it from the array. */
4225 free_service_byindex(iService);
4226 /* and now reload it. */
4227 iService = load_usershare_service(pszServiceName);
4232 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4233 return GLOBAL_SECTION_SNUM;
4239 /*******************************************************************
4240 A useful volume label function.
4241 ********************************************************************/
4243 const char *volume_label(TALLOC_CTX *ctx, int snum)
4246 const char *label = lp_volume(ctx, snum);
4248 label = lp_servicename(ctx, snum);
4251 /* This returns a 33 byte guarenteed null terminated string. */
4252 ret = talloc_strndup(ctx, label, 32);
4259 /*******************************************************************
4260 Get the default server type we will announce as via nmbd.
4261 ********************************************************************/
4263 int lp_default_server_announce(void)
4265 int default_server_announce = 0;
4266 default_server_announce |= SV_TYPE_WORKSTATION;
4267 default_server_announce |= SV_TYPE_SERVER;
4268 default_server_announce |= SV_TYPE_SERVER_UNIX;
4270 /* note that the flag should be set only if we have a
4271 printer service but nmbd doesn't actually load the
4272 services so we can't tell --jerry */
4274 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4276 default_server_announce |= SV_TYPE_SERVER_NT;
4277 default_server_announce |= SV_TYPE_NT;
4279 switch (lp_server_role()) {
4280 case ROLE_DOMAIN_MEMBER:
4281 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4283 case ROLE_DOMAIN_PDC:
4284 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4286 case ROLE_DOMAIN_BDC:
4287 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4289 case ROLE_STANDALONE:
4293 if (lp_time_server())
4294 default_server_announce |= SV_TYPE_TIME_SOURCE;
4296 if (lp_host_msdfs())
4297 default_server_announce |= SV_TYPE_DFS_SERVER;
4299 return default_server_announce;
4302 /***********************************************************
4303 If we are PDC then prefer us as DMB
4304 ************************************************************/
4306 bool lp_domain_master(void)
4308 if (Globals._domain_master == Auto)
4309 return (lp_server_role() == ROLE_DOMAIN_PDC);
4311 return (bool)Globals._domain_master;
4314 /***********************************************************
4315 If we are PDC then prefer us as DMB
4316 ************************************************************/
4318 static bool lp_domain_master_true_or_auto(void)
4320 if (Globals._domain_master) /* auto or yes */
4326 /***********************************************************
4327 If we are DMB then prefer us as LMB
4328 ************************************************************/
4330 bool lp_preferred_master(void)
4332 int preferred_master = lp__preferred_master();
4334 if (preferred_master == Auto)
4335 return (lp_local_master() && lp_domain_master());
4337 return (bool)preferred_master;
4340 /*******************************************************************
4342 ********************************************************************/
4344 void lp_remove_service(int snum)
4346 ServicePtrs[snum]->valid = false;
4349 const char *lp_printername(TALLOC_CTX *ctx, int snum)
4351 const char *ret = lp__printername(ctx, snum);
4352 if (ret == NULL || *ret == '\0') {
4353 ret = lp_const_servicename(snum);
4360 /***********************************************************
4361 Allow daemons such as winbindd to fix their logfile name.
4362 ************************************************************/
4364 void lp_set_logfile(const char *name)
4366 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4367 debug_set_logfile(name);
4370 /*******************************************************************
4371 Return the max print jobs per queue.
4372 ********************************************************************/
4374 int lp_maxprintjobs(int snum)
4376 int maxjobs = lp_max_print_jobs(snum);
4378 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4379 maxjobs = PRINT_MAX_JOBID - 1;
4384 const char *lp_printcapname(void)
4386 const char *printcap_name = lp_printcap_name();
4388 if ((printcap_name != NULL) &&
4389 (printcap_name[0] != '\0'))
4390 return printcap_name;
4392 if (sDefault.printing == PRINT_CUPS) {
4396 if (sDefault.printing == PRINT_BSD)
4397 return "/etc/printcap";
4399 return PRINTCAP_NAME;
4402 static uint32_t spoolss_state;
4404 bool lp_disable_spoolss( void )
4406 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4407 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4409 return spoolss_state == SVCCTL_STOPPED ? true : false;
4412 void lp_set_spoolss_state( uint32_t state )
4414 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4416 spoolss_state = state;
4419 uint32_t lp_get_spoolss_state( void )
4421 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4424 /*******************************************************************
4425 Ensure we don't use sendfile if server smb signing is active.
4426 ********************************************************************/
4428 bool lp_use_sendfile(int snum, struct smb_signing_state *signing_state)
4430 bool sign_active = false;
4432 /* Using sendfile blows the brains out of any DOS or Win9x TCP stack... JRA. */
4433 if (get_Protocol() < PROTOCOL_NT1) {
4436 if (signing_state) {
4437 sign_active = smb_signing_is_active(signing_state);
4439 return (lp__use_sendfile(snum) &&
4440 (get_remote_arch() != RA_WIN95) &&
4444 /*******************************************************************
4445 Turn off sendfile if we find the underlying OS doesn't support it.
4446 ********************************************************************/
4448 void set_use_sendfile(int snum, bool val)
4450 if (LP_SNUM_OK(snum))
4451 ServicePtrs[snum]->_use_sendfile = val;
4453 sDefault._use_sendfile = val;
4456 void lp_set_mangling_method(const char *new_method)
4458 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4461 /*******************************************************************
4462 Global state for POSIX pathname processing.
4463 ********************************************************************/
4465 static bool posix_pathnames;
4467 bool lp_posix_pathnames(void)
4469 return posix_pathnames;
4472 /*******************************************************************
4473 Change everything needed to ensure POSIX pathname processing (currently
4475 ********************************************************************/
4477 void lp_set_posix_pathnames(void)
4479 posix_pathnames = true;
4482 /*******************************************************************
4483 Global state for POSIX lock processing - CIFS unix extensions.
4484 ********************************************************************/
4486 bool posix_default_lock_was_set;
4487 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4489 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4491 if (posix_default_lock_was_set) {
4492 return posix_cifsx_locktype;
4494 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4495 POSIX_LOCK : WINDOWS_LOCK;
4499 /*******************************************************************
4500 ********************************************************************/
4502 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4504 posix_default_lock_was_set = true;
4505 posix_cifsx_locktype = val;
4508 int lp_min_receive_file_size(void)
4510 int min_receivefile_size = lp_min_receivefile_size();
4512 if (min_receivefile_size < 0) {
4515 return min_receivefile_size;
4518 /*******************************************************************
4519 Safe wide links checks.
4520 This helper function always verify the validity of wide links,
4521 even after a configuration file reload.
4522 ********************************************************************/
4524 void widelinks_warning(int snum)
4526 if (lp_allow_insecure_wide_links()) {
4530 if (lp_unix_extensions() && lp_wide_links(snum)) {
4531 DBG_ERR("Share '%s' has wide links and unix extensions enabled. "
4532 "These parameters are incompatible. "
4533 "Wide links will be disabled for this share.\n",
4534 lp_const_servicename(snum));
4538 bool lp_widelinks(int snum)
4540 /* wide links is always incompatible with unix extensions */
4541 if (lp_unix_extensions()) {
4543 * Unless we have "allow insecure widelinks"
4546 if (!lp_allow_insecure_wide_links()) {
4551 return lp_wide_links(snum);
4554 int lp_server_role(void)
4556 return lp_find_server_role(lp__server_role(),
4558 lp__domain_logons(),
4559 lp_domain_master_true_or_auto());
4562 int lp_security(void)
4564 return lp_find_security(lp__server_role(),
4568 int lp_client_max_protocol(void)
4570 int client_max_protocol = lp__client_max_protocol();
4571 if (client_max_protocol == PROTOCOL_DEFAULT) {
4572 return PROTOCOL_LATEST;
4574 return client_max_protocol;
4577 int lp_client_ipc_min_protocol(void)
4579 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4580 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4581 client_ipc_min_protocol = lp_client_min_protocol();
4583 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4584 return PROTOCOL_NT1;
4586 return client_ipc_min_protocol;
4589 int lp_client_ipc_max_protocol(void)
4591 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4592 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4593 return PROTOCOL_LATEST;
4595 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4596 return PROTOCOL_NT1;
4598 return client_ipc_max_protocol;
4601 int lp_client_ipc_signing(void)
4603 int client_ipc_signing = lp__client_ipc_signing();
4604 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4605 return SMB_SIGNING_REQUIRED;
4607 return client_ipc_signing;
4610 int lp_rpc_low_port(void)
4612 return Globals.rpc_low_port;
4615 int lp_rpc_high_port(void)
4617 return Globals.rpc_high_port;
4621 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4623 * This also ensures it is disabled if NTLM is totally disabled
4625 bool lp_lanman_auth(void)
4627 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4629 if (ntlm_auth_level == NTLM_AUTH_ON) {
4630 return lp__lanman_auth();
4636 struct loadparm_global * get_globals(void)
4641 unsigned int * get_flags(void)
4643 if (flags_list == NULL) {
4644 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
git.samba.org / bbaumbach / samba-autobuild / .git / blob