#include "ads.h"
#include "../librpc/gen_ndr/svcctl.h"
#include "intl.h"
-#include "smb_signing.h"
+#include "../libcli/smb/smb_signing.h"
#include "dbwrap/dbwrap.h"
-#include "smbldap.h"
+#include "dbwrap/dbwrap_rbt.h"
#include "../lib/util/bitmap.h"
+#include "../source4/dns_server/dns_update.h"
#ifdef HAVE_SYS_SYSCTL_H
#include <sys/sysctl.h>
static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue, bool store_values);
static void free_param_opts(struct parmlist_entry **popts);
-static const struct enum_list enum_protocol[] = {
- {PROTOCOL_SMB2_02, "SMB2"}, /* for now keep PROTOCOL_SMB2_02 */
- {PROTOCOL_SMB2_10, "SMB2_10"},
- {PROTOCOL_SMB2_02, "SMB2_02"},
- {PROTOCOL_NT1, "NT1"},
- {PROTOCOL_LANMAN2, "LANMAN2"},
- {PROTOCOL_LANMAN1, "LANMAN1"},
- {PROTOCOL_CORE, "CORE"},
- {PROTOCOL_COREPLUS, "COREPLUS"},
- {PROTOCOL_COREPLUS, "CORE+"},
- {-1, NULL}
-};
-
-static const struct enum_list enum_security[] = {
- {SEC_SHARE, "SHARE"},
- {SEC_USER, "USER"},
- {SEC_SERVER, "SERVER"},
- {SEC_DOMAIN, "DOMAIN"},
-#ifdef HAVE_ADS
- {SEC_ADS, "ADS"},
-#endif
- {-1, NULL}
-};
+#include "lib/param/param_enums.c"
static const struct enum_list enum_printing[] = {
{PRINT_SYSV, "sysv"},
};
-
-static const struct enum_list enum_bool_auto[] = {
- {false, "No"},
- {false, "False"},
- {false, "0"},
- {true, "Yes"},
- {true, "True"},
- {true, "1"},
- {Auto, "Auto"},
- {-1, NULL}
-};
-
-static const struct enum_list enum_csc_policy[] = {
- {CSC_POLICY_MANUAL, "manual"},
- {CSC_POLICY_DOCUMENTS, "documents"},
- {CSC_POLICY_PROGRAMS, "programs"},
- {CSC_POLICY_DISABLE, "disable"},
- {-1, NULL}
-};
-
-/* SMB signing types. */
-static const struct enum_list enum_smb_signing_vals[] = {
- {false, "No"},
- {false, "False"},
- {false, "0"},
- {false, "Off"},
- {false, "disabled"},
- {true, "Yes"},
- {true, "True"},
- {true, "1"},
- {true, "On"},
- {true, "enabled"},
- {Auto, "auto"},
- {Required, "required"},
- {Required, "mandatory"},
- {Required, "force"},
- {Required, "forced"},
- {Required, "enforced"},
- {-1, NULL}
-};
-
/* ACL compatibility options. */
static const struct enum_list enum_acl_compat_vals[] = {
{ ACL_COMPAT_AUTO, "auto" },
.enum_list = enum_config_backend,
.flags = FLAG_HIDE|FLAG_ADVANCED|FLAG_META,
},
+ {
+ .label = "server role",
+ .type = P_ENUM,
+ .p_class = P_GLOBAL,
+ .offset = GLOBAL_VAR(ServerRole),
+ .special = NULL,
+ .enum_list = enum_server_role,
+ .flags = FLAG_BASIC | FLAG_ADVANCED,
+ },
{N_("Security Options"), P_SEP, P_SEPARATOR},
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
- {
- .label = "send spnego principal",
- .type = P_BOOL,
- .p_class = P_GLOBAL,
- .offset = GLOBAL_VAR(send_spnego_principal),
- .special = NULL,
- .enum_list = NULL,
- .flags = FLAG_ADVANCED,
- },
{
.label = "username",
.type = P_STRING,
.offset = LOCAL_VAR(bAclCheckPermissions),
.special = NULL,
.enum_list = NULL,
- .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE,
+ .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE | FLAG_DEPRECATED,
},
{
.label = "acl group control",
},
{
.label = "max log size",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_GLOBAL,
.offset = GLOBAL_VAR(max_log_size),
.special = NULL,
{
.label = "allocation roundup size",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_LOCAL,
.offset = LOCAL_VAR(iallocation_roundup_size),
.special = NULL,
},
{
.label = "aio read size",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_LOCAL,
.offset = LOCAL_VAR(iAioReadSize),
.special = NULL,
},
{
.label = "aio write size",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_LOCAL,
.offset = LOCAL_VAR(iAioWriteSize),
.special = NULL,
.label = "max protocol",
.type = P_ENUM,
.p_class = P_GLOBAL,
- .offset = GLOBAL_VAR(maxprotocol),
+ .offset = GLOBAL_VAR(srv_maxprotocol),
+ .special = NULL,
+ .enum_list = enum_protocol,
+ .flags = FLAG_ADVANCED,
+ },
+ {
+ .label = "server max protocol",
+ .type = P_ENUM,
+ .p_class = P_GLOBAL,
+ .offset = GLOBAL_VAR(srv_maxprotocol),
.special = NULL,
.enum_list = enum_protocol,
.flags = FLAG_ADVANCED,
.label = "protocol",
.type = P_ENUM,
.p_class = P_GLOBAL,
- .offset = GLOBAL_VAR(maxprotocol),
+ .offset = GLOBAL_VAR(srv_maxprotocol),
.special = NULL,
.enum_list = enum_protocol,
.flags = FLAG_ADVANCED,
.label = "min protocol",
.type = P_ENUM,
.p_class = P_GLOBAL,
- .offset = GLOBAL_VAR(minprotocol),
+ .offset = GLOBAL_VAR(srv_minprotocol),
+ .special = NULL,
+ .enum_list = enum_protocol,
+ .flags = FLAG_ADVANCED,
+ },
+ {
+ .label = "server min protocol",
+ .type = P_ENUM,
+ .p_class = P_GLOBAL,
+ .offset = GLOBAL_VAR(srv_minprotocol),
.special = NULL,
.enum_list = enum_protocol,
.flags = FLAG_ADVANCED,
},
{
.label = "min receivefile size",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_GLOBAL,
.offset = GLOBAL_VAR(iminreceivefile),
.special = NULL,
},
{
.label = "max xmit",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_GLOBAL,
.offset = GLOBAL_VAR(max_xmit),
.special = NULL,
{
.label = "block size",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_LOCAL,
.offset = LOCAL_VAR(iBlock_size),
.special = NULL,
},
{
.label = "max disk size",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_GLOBAL,
.offset = GLOBAL_VAR(maxdisksize),
.special = NULL,
},
{
.label = "write cache size",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_LOCAL,
.offset = LOCAL_VAR(iWriteCacheSize),
.special = NULL,
},
{
.label = "smb2 max read",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_GLOBAL,
.offset = GLOBAL_VAR(ismb2_max_read),
.special = NULL,
},
{
.label = "smb2 max write",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_GLOBAL,
.offset = GLOBAL_VAR(ismb2_max_write),
.special = NULL,
},
{
.label = "smb2 max trans",
- .type = P_INTEGER,
+ .type = P_BYTES,
.p_class = P_GLOBAL,
.offset = GLOBAL_VAR(ismb2_max_trans),
.special = NULL,
Globals.PrintcapCacheTime = 750; /* 12.5 minutes */
Globals.ConfigBackend = config_backend;
+ Globals.ServerRole = ROLE_AUTO;
/* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
/* Discovered by 2 days of pain by Don McCall @ HP :-). */
Globals.max_log_size = 5000;
Globals.max_open_files = max_open_files();
Globals.open_files_db_hash_size = SMB_OPEN_DATABASE_TDB_HASH_SIZE;
- Globals.maxprotocol = PROTOCOL_NT1;
- Globals.minprotocol = PROTOCOL_CORE;
+ Globals.srv_maxprotocol = PROTOCOL_NT1;
+ Globals.srv_minprotocol = PROTOCOL_CORE;
Globals.security = SEC_USER;
Globals.paranoid_server_security = true;
Globals.bEncryptPasswords = true;
Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
- Globals.lm_announce = 2; /* = Auto: send only if LM clients found */
+ Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
Globals.lm_interval = 60;
#if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
Globals.bNISHomeMap = false;
Globals.bUseSpnego = true;
Globals.bClientUseSpnego = true;
- Globals.client_signing = Auto;
- Globals.server_signing = false;
+ Globals.client_signing = SMB_SIGNING_DEFAULT;
+ Globals.server_signing = SMB_SIGNING_DEFAULT;
Globals.bDeferSharingViolations = true;
string_set(&Globals.smb_ports, SMB_PORTS);
FN_GLOBAL_BOOL(lp_we_are_a_wins_server, bWINSsupport)
FN_GLOBAL_BOOL(lp_wins_proxy, bWINSproxy)
FN_GLOBAL_BOOL(lp_local_master, bLocalMaster)
-FN_GLOBAL_BOOL(lp_domain_logons, bDomainLogons)
+static FN_GLOBAL_BOOL(lp_domain_logons, bDomainLogons)
FN_GLOBAL_LIST(lp_init_logon_delayed_hosts, szInitLogonDelayedHosts)
FN_GLOBAL_INTEGER(lp_init_logon_delay, InitLogonDelay)
FN_GLOBAL_BOOL(lp_load_printers, bLoadPrinters)
FN_GLOBAL_BOOL(lp_use_spnego, bUseSpnego)
FN_GLOBAL_BOOL(lp_client_use_spnego, bClientUseSpnego)
FN_GLOBAL_BOOL(lp_client_use_spnego_principal, client_use_spnego_principal)
-FN_GLOBAL_BOOL(lp_send_spnego_principal, send_spnego_principal)
FN_GLOBAL_BOOL(lp_hostname_lookups, bHostnameLookups)
FN_GLOBAL_CONST_STRING(lp_dedicated_keytab_file, szDedicatedKeytabFile)
FN_GLOBAL_INTEGER(lp_kerberos_method, iKerberosMethod)
FN_GLOBAL_INTEGER(lp_usernamelevel, unamelevel)
FN_GLOBAL_INTEGER(lp_deadtime, deadtime)
FN_GLOBAL_BOOL(lp_getwd_cache, getwd_cache)
-static FN_GLOBAL_INTEGER(_lp_maxprotocol, maxprotocol)
-int lp_maxprotocol(void)
-{
- int ret = _lp_maxprotocol();
- if ((ret >= PROTOCOL_SMB2_02) && (lp_security() == SEC_SHARE)) {
- DEBUG(2,("WARNING!!: \"security = share\" is incompatible "
- "with the SMB2 protocol. Resetting to SMB1.\n" ));
- lp_do_parameter(-1, "max protocol", "NT1");
- return PROTOCOL_NT1;
- }
- return ret;
-}
-FN_GLOBAL_INTEGER(lp_minprotocol, minprotocol)
+FN_GLOBAL_INTEGER(lp_srv_maxprotocol, srv_maxprotocol)
+FN_GLOBAL_INTEGER(lp_srv_minprotocol, srv_minprotocol)
FN_GLOBAL_INTEGER(lp_security, security)
FN_GLOBAL_LIST(lp_auth_methods, AuthMethods)
FN_GLOBAL_BOOL(lp_paranoid_server_security, paranoid_server_security)
FN_GLOBAL_INTEGER(lp_usershare_max_shares, iUsershareMaxShares)
FN_GLOBAL_CONST_STRING(lp_socket_options, szSocketOptions)
FN_GLOBAL_INTEGER(lp_config_backend, ConfigBackend)
+static FN_GLOBAL_INTEGER(lp__server_role, ServerRole)
FN_GLOBAL_INTEGER(lp_smb2_max_read, ismb2_max_read)
FN_GLOBAL_INTEGER(lp_smb2_max_write, ismb2_max_write)
FN_GLOBAL_INTEGER(lp_smb2_max_trans, ismb2_max_trans)
i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
if (i < 0)
- return (false);
+ return false;
if (!(*(ServicePtrs[iDefaultService]->szPath))
|| strequal(ServicePtrs[iDefaultService]->szPath, lp_pathname(GLOBAL_SECTION_SNUM))) {
DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
user, ServicePtrs[i]->szPath ));
- return (true);
+ return true;
}
/***************************************************************************
int i = add_a_service(&sDefault, ipc_name);
if (i < 0)
- return (false);
+ return false;
if (asprintf(&comment, "IPC Service (%s)",
Globals.szServerString) < 0) {
- return (false);
+ return false;
}
string_set(&ServicePtrs[i]->szPath, tmpdir());
DEBUG(3, ("adding IPC service\n"));
SAFE_FREE(comment);
- return (true);
+ return true;
}
/***************************************************************************
int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
if (i < 0)
- return (false);
+ return false;
/* note that we do NOT default the availability flag to true - */
/* we take it from the default service passed. This allows all */
DEBUG(3, ("adding printer service %s\n", pszPrintername));
- return (true);
+ return true;
}
int iService = -1;
char *canon_name;
TDB_DATA data;
+ NTSTATUS status;
if (ServiceHash == NULL) {
return -1;
canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
- data = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name);
+ status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
+ &data);
- if ((data.dptr != NULL) && (data.dsize == sizeof(iService))) {
+ if (NT_STATUS_IS_OK(status) &&
+ (data.dptr != NULL) &&
+ (data.dsize == sizeof(iService)))
+ {
iService = *(int *)data.dptr;
}
case P_INTEGER:
case P_ENUM:
case P_OCTAL:
+ case P_BYTES:
*(int *)dest_ptr = *(int *)src_ptr;
break;
}
f = f->next;
}
- return (false);
+ return false;
}
if (strchr(pszParmName, ':') == NULL) {
DEBUG(0, ("Ignoring unknown parameter \"%s\"\n",
pszParmName));
- return (true);
+ return true;
}
/*
? &Globals.param_opt : &ServicePtrs[snum]->param_opt;
set_param_opt(opt_list, pszParmName, pszParmValue, 0);
- return (true);
+ return true;
}
/* if it's already been set by the command line, then we don't
DEBUG(0,
("Global parameter %s found in service section!\n",
pszParmName));
- return (true);
+ return true;
}
parm_ptr = lp_local_ptr_by_snum(snum, &parm_table[parmnum]);
}
break;
}
- return (true);
+ return true;
}
/***************************************************************************
void *userdata)
{
if (!bInGlobalSection && bGlobalOnly)
- return (true);
+ return true;
DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
break;
case P_OCTAL: {
- char *o = octal_string(*(int *)ptr);
- fprintf(f, "%s", o);
- TALLOC_FREE(o);
+ int val = *(int *)ptr;
+ if (val == -1) {
+ fprintf(f, "-1");
+ } else {
+ fprintf(f, "0%o", val);
+ }
break;
}
case P_SEP:
break;
}
- return (false);
+ return false;
}
/***************************************************************************
/* check for multiple global sections */
if (bInGlobalSection) {
DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
- return (true);
+ return true;
}
if (!bInGlobalSection && bGlobalOnly)
- return (true);
+ return true;
/* if we have a current service, tidy it up before moving on */
bRetval = true;
iServiceIndex = add_a_service(&sDefault, pszSectionName);
if (iServiceIndex < 0) {
DEBUG(0, ("Failed to add a new service\n"));
- return (false);
+ return false;
}
/* Clean all parametric options for service */
/* They will be added during parsing again */
free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
}
- return (bRetval);
+ return bRetval;
}
}
{
- TDB_DATA data = dbwrap_fetch_bystring(
- ServiceHash, canon_name, canon_name);
+ TDB_DATA data;
+ NTSTATUS status;
+
+ status = dbwrap_fetch_bystring(ServiceHash, canon_name,
+ canon_name, &data);
iService = -1;
- if ((data.dptr != NULL) && (data.dsize == sizeof(iService))) {
- iService = *(int *)data.dptr;
+ if (NT_STATUS_IS_OK(status) &&
+ (data.dptr != NULL) &&
+ (data.dsize == sizeof(iService))) {
+ memcpy(&iService, data.dptr, sizeof(iService));
}
}
been removed.
***************************************************************************/
-int load_usershare_shares(struct smbd_server_connection *sconn)
+int load_usershare_shares(struct smbd_server_connection *sconn,
+ bool (*snumused) (struct smbd_server_connection *, int))
{
SMB_STRUCT_DIR *dp;
SMB_STRUCT_STAT sbuf;
not currently in use. */
for (iService = iNumServices - 1; iService >= 0; iService--) {
if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
- if (conn_snum_used(sconn, iService)) {
+ if (snumused && snumused(sconn, iService)) {
continue;
}
/* Remove from the share ACL db. */
}
}
- set_server_role();
set_allowed_client_auth();
- if (lp_security() == SEC_SHARE) {
- DEBUG(1, ("WARNING: The security=share option is deprecated\n"));
- } else if (lp_security() == SEC_SERVER) {
+ if (lp_security() == SEC_SERVER) {
DEBUG(1, ("WARNING: The security=server option is deprecated\n"));
}
return (iService);
}
-bool share_defined(const char *service_name)
-{
- return (lp_servicenumber(service_name) != -1);
-}
-
/*******************************************************************
A useful volume label function.
********************************************************************/
If we are PDC then prefer us as DMB
************************************************************/
-bool lp_domain_master_true_or_auto(void)
+static bool lp_domain_master_true_or_auto(void)
{
if (Globals.iDomainMaster) /* auto or yes */
return true;
}
return _lp_readraw();
}
+
+int lp_server_role(void)
+{
+ return lp_find_server_role(lp__server_role(),
+ lp_security(),
+ lp_domain_logons(),
+ lp_domain_master_true_or_auto());
+}