2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
57 #include "system/filesys.h"
59 #include "lib/param/loadparm.h"
60 #include "lib/param/param.h"
62 #include "lib/smbconf/smbconf.h"
63 #include "lib/smbconf/smbconf_init.h"
66 #include "../librpc/gen_ndr/svcctl.h"
68 #include "../libcli/smb/smb_signing.h"
69 #include "dbwrap/dbwrap.h"
70 #include "dbwrap/dbwrap_rbt.h"
71 #include "../lib/util/bitmap.h"
72 #include "librpc/gen_ndr/nbt.h"
73 #include "source4/lib/tls/tls.h"
74 #include "libcli/auth/ntlm_check.h"
76 #ifdef HAVE_SYS_SYSCTL_H
77 #include <sys/sysctl.h>
82 extern userdom_struct current_user_info;
84 /* the special value for the include parameter
85 * to be interpreted not as a file name but to
86 * trigger loading of the global smb.conf options
88 #ifndef INCLUDE_REGISTRY_NAME
89 #define INCLUDE_REGISTRY_NAME "registry"
92 static bool in_client = false; /* Not in the client by default */
93 static struct smbconf_csn conf_last_csn;
95 static int config_backend = CONFIG_BACKEND_FILE;
97 /* some helpful bits */
98 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
99 (ServicePtrs != NULL) && \
100 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
101 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
102 ServicePtrs[i]->valid)
104 #define USERSHARE_VALID 1
105 #define USERSHARE_PENDING_DELETE 2
107 static bool defaults_saved = false;
109 #include "lib/param/param_global.h"
111 static struct loadparm_global Globals;
113 /* This is a default service used to prime a services structure */
114 static const struct loadparm_service _sDefault =
119 .usershare_last_mod = {0, 0},
122 .invalid_users = NULL,
129 .root_preexec = NULL,
130 .root_postexec = NULL,
131 .cups_options = NULL,
132 .print_command = NULL,
134 .lprm_command = NULL,
135 .lppause_command = NULL,
136 .lpresume_command = NULL,
137 .queuepause_command = NULL,
138 .queueresume_command = NULL,
139 ._printername = NULL,
140 .printjob_username = NULL,
141 .dont_descend = NULL,
144 .magic_script = NULL,
145 .magic_output = NULL,
148 .veto_oplock_files = NULL,
158 .aio_write_behind = NULL,
159 .dfree_command = NULL,
160 .min_print_space = 0,
161 .max_print_jobs = 1000,
162 .max_reported_print_jobs = 0,
163 .write_cache_size = 0,
165 .force_create_mode = 0,
166 .directory_mask = 0755,
167 .force_directory_mode = 0,
168 .max_connections = 0,
169 .default_case = CASE_LOWER,
170 .printing = DEFAULT_PRINTING,
173 .dfree_cache_time = 0,
174 .preexec_close = false,
175 .root_preexec_close = false,
176 .case_sensitive = Auto,
177 .preserve_case = true,
178 .short_preserve_case = true,
179 .hide_dot_files = true,
180 .hide_special_files = false,
181 .hide_unreadable = false,
182 .hide_unwriteable_files = false,
184 .access_based_share_enum = false,
189 .administrative_share = false,
192 .print_notify_backchannel = false,
196 .store_dos_attributes = false,
197 .dmapi_support = false,
199 .strict_locking = Auto,
200 .posix_locking = true,
202 .kernel_oplocks = false,
203 .level2_oplocks = true,
204 .mangled_names = MANGLED_NAMES_YES,
206 .follow_symlinks = true,
207 .sync_always = false,
208 .strict_allocate = false,
209 .strict_rename = false,
211 .mangling_char = '~',
213 .delete_readonly = false,
214 .fake_oplocks = false,
215 .delete_veto_files = false,
216 .dos_filemode = false,
217 .dos_filetimes = true,
218 .dos_filetime_resolution = false,
219 .fake_directory_create_times = false,
220 .blocking_locks = true,
221 .inherit_permissions = false,
222 .inherit_acls = false,
223 .inherit_owner = false,
225 .msdfs_shuffle_referrals = false,
226 .use_client_driver = false,
227 .default_devmode = true,
228 .force_printername = false,
229 .nt_acl_support = true,
230 .force_unknown_acl_user = false,
231 ._use_sendfile = false,
232 .map_acl_inherit = false,
235 .acl_check_permissions = true,
236 .acl_map_full_control = true,
237 .acl_group_control = false,
238 .acl_allow_execute_always = false,
239 .allocation_roundup_size = SMB_ROUNDUP_ALLOCATION_SIZE,
242 .map_readonly = MAP_READONLY_YES,
243 .directory_name_cache_size = 100,
244 .smb_encrypt = SMB_SIGNING_DEFAULT,
245 .kernel_share_modes = true,
246 .durable_handles = true,
252 * This is a copy of the default service structure. Service options in the
253 * global section would otherwise overwrite the initial default values.
255 static struct loadparm_service sDefault;
257 /* local variables */
258 static struct loadparm_service **ServicePtrs = NULL;
259 static int iNumServices = 0;
260 static int iServiceIndex = 0;
261 static struct db_context *ServiceHash;
262 static bool bInGlobalSection = true;
263 static bool bGlobalOnly = false;
264 static struct file_lists *file_lists = NULL;
265 static unsigned int *flags_list = NULL;
267 static void set_allowed_client_auth(void);
269 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
270 static void free_param_opts(struct parmlist_entry **popts);
273 * Function to return the default value for the maximum number of open
274 * file descriptors permitted. This function tries to consult the
275 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
276 * the smaller of those.
278 static int max_open_files(void)
280 int sysctl_max = MAX_OPEN_FILES;
281 int rlimit_max = MAX_OPEN_FILES;
283 #ifdef HAVE_SYSCTLBYNAME
285 size_t size = sizeof(sysctl_max);
286 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
291 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
297 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
298 rlimit_max = rl.rlim_cur;
300 #if defined(RLIM_INFINITY)
301 if(rl.rlim_cur == RLIM_INFINITY)
302 rlimit_max = MAX_OPEN_FILES;
307 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
308 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
309 "minimum Windows limit (%d)\n",
311 MIN_OPEN_FILES_WINDOWS));
312 sysctl_max = MIN_OPEN_FILES_WINDOWS;
315 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
316 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
317 "minimum Windows limit (%d)\n",
319 MIN_OPEN_FILES_WINDOWS));
320 rlimit_max = MIN_OPEN_FILES_WINDOWS;
323 return MIN(sysctl_max, rlimit_max);
327 * Common part of freeing allocated data for one parameter.
329 static void free_one_parameter_common(void *parm_ptr,
330 struct parm_struct parm)
332 if ((parm.type == P_STRING) ||
333 (parm.type == P_USTRING))
335 lpcfg_string_free((char**)parm_ptr);
336 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
337 TALLOC_FREE(*((char***)parm_ptr));
342 * Free the allocated data for one parameter for a share
343 * given as a service struct.
345 static void free_one_parameter(struct loadparm_service *service,
346 struct parm_struct parm)
350 if (parm.p_class != P_LOCAL) {
354 parm_ptr = lp_parm_ptr(service, &parm);
356 free_one_parameter_common(parm_ptr, parm);
360 * Free the allocated parameter data of a share given
361 * as a service struct.
363 static void free_parameters(struct loadparm_service *service)
367 for (i=0; parm_table[i].label; i++) {
368 free_one_parameter(service, parm_table[i]);
373 * Free the allocated data for one parameter for a given share
374 * specified by an snum.
376 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
381 parm_ptr = lp_parm_ptr(NULL, &parm);
382 } else if (parm.p_class != P_LOCAL) {
385 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
388 free_one_parameter_common(parm_ptr, parm);
392 * Free the allocated parameter data for a share specified
395 static void free_parameters_by_snum(int snum)
399 for (i=0; parm_table[i].label; i++) {
400 free_one_parameter_by_snum(snum, parm_table[i]);
405 * Free the allocated global parameters.
407 static void free_global_parameters(void)
410 struct parm_struct *parm;
412 free_param_opts(&Globals.param_opt);
413 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
415 /* Reset references in the defaults because the context is going to be freed */
416 for (i=0; parm_table[i].label; i++) {
417 parm = &parm_table[i];
418 if ((parm->type == P_STRING) ||
419 (parm->type == P_USTRING)) {
420 if ((parm->def.svalue != NULL) &&
421 (*(parm->def.svalue) != '\0')) {
422 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
423 parm->def.svalue = NULL;
428 TALLOC_FREE(Globals.ctx);
431 struct lp_stored_option {
432 struct lp_stored_option *prev, *next;
437 static struct lp_stored_option *stored_options;
440 save options set by lp_set_cmdline() into a list. This list is
441 re-applied when we do a globals reset, so that cmdline set options
442 are sticky across reloads of smb.conf
444 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
446 struct lp_stored_option *entry, *entry_next;
447 for (entry = stored_options; entry != NULL; entry = entry_next) {
448 entry_next = entry->next;
449 if (strcmp(pszParmName, entry->label) == 0) {
450 DLIST_REMOVE(stored_options, entry);
456 entry = talloc(NULL, struct lp_stored_option);
461 entry->label = talloc_strdup(entry, pszParmName);
467 entry->value = talloc_strdup(entry, pszParmValue);
473 DLIST_ADD_END(stored_options, entry);
478 static bool apply_lp_set_cmdline(void)
480 struct lp_stored_option *entry = NULL;
481 for (entry = stored_options; entry != NULL; entry = entry->next) {
482 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
483 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
484 entry->label, entry->value));
491 /***************************************************************************
492 Initialise the global parameter structure.
493 ***************************************************************************/
495 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
497 static bool done_init = false;
501 /* If requested to initialize only once and we've already done it... */
502 if (!reinit_globals && done_init) {
503 /* ... then we have nothing more to do */
508 /* The logfile can be set before this is invoked. Free it if so. */
509 lpcfg_string_free(&Globals.logfile);
512 free_global_parameters();
515 /* This memset and the free_global_parameters() above will
516 * wipe out smb.conf options set with lp_set_cmdline(). The
517 * apply_lp_set_cmdline() call puts these values back in the
518 * table once the defaults are set */
519 ZERO_STRUCT(Globals);
521 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
523 /* Initialize the flags list if necessary */
524 if (flags_list == NULL) {
528 for (i = 0; parm_table[i].label; i++) {
529 if ((parm_table[i].type == P_STRING ||
530 parm_table[i].type == P_USTRING))
534 (char **)lp_parm_ptr(NULL, &parm_table[i]),
540 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
541 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
543 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
545 sDefault.ntvfs_handler = str_list_make_v3_const(NULL, "unixuid default", NULL);
547 DEBUG(3, ("Initialising global parameters\n"));
549 /* Must manually force to upper case here, as this does not go via the handler */
550 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
553 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
554 get_dyn_SMB_PASSWD_FILE());
555 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
556 get_dyn_PRIVATE_DIR());
557 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
558 get_dyn_BINDDNS_DIR());
560 /* use the new 'hash2' method by default, with a prefix of 1 */
561 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
562 Globals.mangle_prefix = 1;
564 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
566 /* using UTF8 by default allows us to support all chars */
567 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
568 DEFAULT_UNIX_CHARSET);
570 /* Use codepage 850 as a default for the dos character set */
571 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
572 DEFAULT_DOS_CHARSET);
575 * Allow the default PASSWD_CHAT to be overridden in local.h.
577 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
578 DEFAULT_PASSWD_CHAT);
580 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
582 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
583 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
585 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
587 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
589 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
591 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
594 * By default support explicit binding to broadcast
597 Globals.nmbd_bind_explicit_broadcast = true;
599 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
601 smb_panic("init_globals: ENOMEM");
603 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
606 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
607 "/bin/sleep 999999999");
610 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
611 DEFAULT_SOCKET_OPTIONS);
613 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
614 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
615 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
616 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
617 "\\\\%N\\%U\\profile");
619 Globals.name_resolve_order =
620 str_list_make_v3_const(Globals.ctx,
621 DEFAULT_NAME_RESOLVE_ORDER,
623 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
625 Globals.algorithmic_rid_base = BASE_RID;
627 Globals.load_printers = true;
628 Globals.printcap_cache_time = 750; /* 12.5 minutes */
630 Globals.config_backend = config_backend;
631 Globals._server_role = ROLE_AUTO;
633 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
634 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
635 Globals.max_xmit = 0x4104;
636 Globals.max_mux = 50; /* This is *needed* for profile support. */
637 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
638 Globals._disable_spoolss = false;
639 Globals.max_smbd_processes = 0;/* no limit specified */
640 Globals.username_level = 0;
641 Globals.deadtime = 0;
642 Globals.getwd_cache = true;
643 Globals.large_readwrite = true;
644 Globals.max_log_size = 5000;
645 Globals.max_open_files = max_open_files();
646 Globals.server_max_protocol = PROTOCOL_SMB3_11;
647 Globals.server_min_protocol = PROTOCOL_LANMAN1;
648 Globals._client_max_protocol = PROTOCOL_DEFAULT;
649 Globals.client_min_protocol = PROTOCOL_CORE;
650 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
651 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
652 Globals._security = SEC_AUTO;
653 Globals.encrypt_passwords = true;
654 Globals.client_schannel = Auto;
655 Globals.winbind_sealed_pipes = true;
656 Globals.require_strong_key = true;
657 Globals.server_schannel = Auto;
658 Globals.read_raw = true;
659 Globals.write_raw = true;
660 Globals.null_passwords = false;
661 Globals.old_password_allowed_period = 60;
662 Globals.obey_pam_restrictions = false;
664 Globals.syslog_only = false;
665 Globals.timestamp_logs = true;
666 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
667 Globals.debug_prefix_timestamp = false;
668 Globals.debug_hires_timestamp = true;
669 Globals.debug_pid = false;
670 Globals.debug_uid = false;
671 Globals.debug_class = false;
672 Globals.enable_core_files = true;
673 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
674 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
675 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
676 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
677 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
678 Globals.lm_interval = 60;
679 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
680 Globals.nis_homedir = false;
681 #ifdef WITH_NISPLUS_HOME
682 lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
683 "auto_home.org_dir");
685 lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
688 Globals.time_server = false;
689 Globals.bind_interfaces_only = false;
690 Globals.unix_password_sync = false;
691 Globals.pam_password_change = false;
692 Globals.passwd_chat_debug = false;
693 Globals.passwd_chat_timeout = 2; /* 2 second default. */
694 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
695 Globals.nt_status_support = true; /* Use NT status by default. */
696 Globals.smbd_profiling_level = 0;
697 Globals.stat_cache = true; /* use stat cache by default */
698 Globals.max_stat_cache_size = 256; /* 256k by default */
699 Globals.restrict_anonymous = 0;
700 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
701 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
702 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
703 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
704 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
705 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
706 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
708 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
710 Globals.map_to_guest = 0; /* By Default, "Never" */
711 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
712 Globals.enhanced_browsing = true;
713 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
714 #ifdef MMAP_BLACKLIST
715 Globals.use_mmap = false;
717 Globals.use_mmap = true;
719 Globals.unicode = true;
720 Globals.unix_extensions = true;
721 Globals.reset_on_zero_vc = false;
722 Globals.log_writeable_files_on_exit = false;
723 Globals.create_krb5_conf = true;
724 Globals.include_system_krb5_conf = true;
725 Globals._winbind_max_domain_connections = 1;
727 /* hostname lookups can be very expensive and are broken on
728 a large number of sites (tridge) */
729 Globals.hostname_lookups = false;
731 Globals.change_notify = true,
732 Globals.kernel_change_notify = true,
734 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
735 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
738 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
739 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
741 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
742 Globals.ldap_ssl = LDAP_SSL_START_TLS;
743 Globals.ldap_ssl_ads = false;
744 Globals.ldap_deref = -1;
745 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
746 Globals.ldap_delete_dn = false;
747 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
748 Globals.ldap_follow_referral = Auto;
749 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
750 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
751 Globals.ldap_page_size = LDAP_PAGE_SIZE;
753 Globals.ldap_debug_level = 0;
754 Globals.ldap_debug_threshold = 10;
756 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
758 Globals.ldap_server_require_strong_auth =
759 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
761 /* This is what we tell the afs client. in reality we set the token
762 * to never expire, though, when this runs out the afs client will
763 * forget the token. Set to 0 to get NEVERDATE.*/
764 Globals.afs_token_lifetime = 604800;
765 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
767 /* these parameters are set to defaults that are more appropriate
768 for the increasing samba install base:
770 as a member of the workgroup, that will possibly become a
771 _local_ master browser (lm = true). this is opposed to a forced
772 local master browser startup (pm = true).
774 doesn't provide WINS server service by default (wsupp = false),
775 and doesn't provide domain master browser services by default, either.
779 Globals.show_add_printer_wizard = true;
780 Globals.os_level = 20;
781 Globals.local_master = true;
782 Globals._domain_master = Auto; /* depending on _domain_logons */
783 Globals._domain_logons = false;
784 Globals.browse_list = true;
785 Globals.we_are_a_wins_server = false;
786 Globals.wins_proxy = false;
788 TALLOC_FREE(Globals.init_logon_delayed_hosts);
789 Globals.init_logon_delay = 100; /* 100 ms default delay */
791 Globals.wins_dns_proxy = true;
793 Globals.allow_trusted_domains = true;
794 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
796 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
797 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
799 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
800 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
801 dyn_WINBINDD_SOCKET_DIR);
803 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
804 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
806 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
808 Globals.cluster_addresses = NULL;
809 Globals.clustering = false;
810 Globals.ctdb_timeout = 0;
811 Globals.ctdb_locktime_warn_threshold = 0;
813 Globals.winbind_cache_time = 300; /* 5 minutes */
814 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
815 Globals.winbind_request_timeout = 60; /* 60 seconds */
816 Globals.winbind_max_clients = 200;
817 Globals.winbind_enum_users = false;
818 Globals.winbind_enum_groups = false;
819 Globals.winbind_use_default_domain = false;
820 Globals.winbind_trusted_domains_only = false;
821 Globals.winbind_nested_groups = true;
822 Globals.winbind_expand_groups = 0;
823 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
824 Globals.winbind_refresh_tickets = false;
825 Globals.winbind_offline_logon = false;
827 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
828 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
830 Globals.passdb_expand_explicit = false;
832 Globals.name_cache_timeout = 660; /* In seconds */
834 Globals.use_spnego = true;
835 Globals.client_use_spnego = true;
837 Globals.client_signing = SMB_SIGNING_DEFAULT;
838 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
839 Globals.server_signing = SMB_SIGNING_DEFAULT;
841 Globals.defer_sharing_violations = true;
842 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
844 Globals.enable_privileges = true;
845 Globals.host_msdfs = true;
846 Globals.enable_asu_support = false;
848 /* User defined shares. */
849 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
851 smb_panic("init_globals: ENOMEM");
853 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
855 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
856 Globals.usershare_max_shares = 0;
857 /* By default disallow sharing of directories not owned by the sharer. */
858 Globals.usershare_owner_only = true;
859 /* By default disallow guest access to usershares. */
860 Globals.usershare_allow_guests = false;
862 Globals.keepalive = DEFAULT_KEEPALIVE;
864 /* By default no shares out of the registry */
865 Globals.registry_shares = false;
867 Globals.min_receivefile_size = 0;
869 Globals.multicast_dns_register = true;
871 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
872 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
873 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
874 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
875 Globals.smb2_leases = true;
877 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
878 get_dyn_NCALRPCDIR());
880 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
882 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
884 Globals.tls_enabled = true;
885 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
887 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
888 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
889 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
890 lpcfg_string_set(Globals.ctx, &Globals.tls_priority,
891 "NORMAL:-VERS-SSL3.0");
893 lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
895 Globals._preferred_master = Auto;
897 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
899 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
900 get_dyn_NTP_SIGND_SOCKET_DIR());
902 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
904 smb_panic("init_globals: ENOMEM");
906 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
910 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
913 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
915 smb_panic("init_globals: ENOMEM");
917 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
920 s = talloc_asprintf(talloc_tos(), "%s/samba_gpoupdate", get_dyn_SCRIPTSBINDIR());
922 smb_panic("init_globals: ENOMEM");
924 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
927 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
929 smb_panic("init_globals: ENOMEM");
931 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
934 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
936 Globals.rndc_command = str_list_make_v3_const(NULL, "/usr/sbin/rndc", NULL);
938 Globals.cldap_port = 389;
940 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
942 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
944 Globals.krb5_port = 88;
946 Globals.kpasswd_port = 464;
948 Globals.web_port = 901;
950 Globals.aio_max_threads = 100;
952 lpcfg_string_set(Globals.ctx,
953 &Globals.rpc_server_dynamic_port_range,
955 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
956 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
957 Globals.prefork_children = 1;
959 /* Now put back the settings that were set with lp_set_cmdline() */
960 apply_lp_set_cmdline();
963 /* Convenience routine to setup an lp_context with additional s3 variables */
964 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
966 struct loadparm_context *lp_ctx;
968 lp_ctx = loadparm_init_s3(mem_ctx,
969 loadparm_s3_helpers());
970 if (lp_ctx == NULL) {
971 DEBUG(0, ("loadparm_init_s3 failed\n"));
975 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
976 if (lp_ctx->sDefault == NULL) {
977 DBG_ERR("talloc_zero failed\n");
982 *lp_ctx->sDefault = _sDefault;
983 lp_ctx->services = NULL; /* We do not want to access this directly */
984 lp_ctx->bInGlobalSection = bInGlobalSection;
985 lp_ctx->flags = flags_list;
990 /*******************************************************************
991 Convenience routine to grab string parameters into talloced memory
992 and run standard_sub_basic on them. The buffers can be written to by
993 callers without affecting the source string.
994 ********************************************************************/
996 char *lp_string(TALLOC_CTX *ctx, const char *s)
1000 /* The follow debug is useful for tracking down memory problems
1001 especially if you have an inner loop that is calling a lp_*()
1002 function that returns a string. Perhaps this debug should be
1003 present all the time? */
1006 DEBUG(10, ("lp_string(%s)\n", s));
1012 ret = talloc_sub_basic(ctx,
1013 get_current_username(),
1014 current_user_info.domain,
1016 if (trim_char(ret, '\"', '\"')) {
1017 if (strchr(ret,'\"') != NULL) {
1019 ret = talloc_sub_basic(ctx,
1020 get_current_username(),
1021 current_user_info.domain,
1029 In this section all the functions that are used to access the
1030 parameters from the rest of the program are defined
1033 #define FN_GLOBAL_STRING(fn_name,ptr) \
1034 char *lp_ ## fn_name(TALLOC_CTX *ctx) {return(lp_string((ctx), *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : ""));}
1035 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1036 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1037 #define FN_GLOBAL_LIST(fn_name,ptr) \
1038 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1039 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1040 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1041 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1042 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1043 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1044 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1046 #define FN_LOCAL_STRING(fn_name,val) \
1047 char *lp_ ## fn_name(TALLOC_CTX *ctx,int i) {return(lp_string((ctx), (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));}
1048 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1049 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1050 #define FN_LOCAL_LIST(fn_name,val) \
1051 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1052 #define FN_LOCAL_BOOL(fn_name,val) \
1053 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1054 #define FN_LOCAL_INTEGER(fn_name,val) \
1055 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1057 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1058 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1059 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1060 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1061 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1062 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1064 int lp_winbind_max_domain_connections(void)
1066 if (lp_winbind_offline_logon() &&
1067 lp__winbind_max_domain_connections() > 1) {
1068 DEBUG(1, ("offline logons active, restricting max domain "
1069 "connections to 1\n"));
1072 return MAX(1, lp__winbind_max_domain_connections());
1075 /* These functions remain in source3/param for now */
1077 #include "lib/param/param_functions.c"
1079 FN_LOCAL_STRING(servicename, szService)
1080 FN_LOCAL_CONST_STRING(const_servicename, szService)
1082 /* These functions cannot be auto-generated */
1083 FN_LOCAL_BOOL(autoloaded, autoloaded)
1084 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1086 /* local prototypes */
1088 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1089 static const char *get_boolean(bool bool_value);
1090 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1092 static bool hash_a_service(const char *name, int number);
1093 static void free_service_byindex(int iService);
1094 static void show_parameter(int parmIndex);
1095 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1096 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1099 * This is a helper function for parametrical options support. It returns a
1100 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1101 * parametrical functions are quite simple
1103 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1106 if (snum >= iNumServices) return NULL;
1109 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1111 return get_parametric_helper(ServicePtrs[snum],
1112 type, option, Globals.param_opt);
1116 static void discard_whitespace(char *str)
1118 size_t len = strlen(str);
1122 if (isspace(str[i])) {
1123 memmove(&str[i], &str[i+1], len-i);
1132 * @brief Go through all global parametric parameters
1134 * @param regex_str A regular expression to scan param for
1135 * @param max_matches Max number of submatches the regexp expects
1136 * @param cb Function to call on match. Should return true
1137 * when it wants wi_scan_global_parametrics to stop
1139 * @param private_data Anonymous pointer passed to cb
1141 * @return 0: success, regcomp/regexec return value on error.
1142 * See "man regexec" for possible errors
1145 int lp_wi_scan_global_parametrics(
1146 const char *regex_str, size_t max_matches,
1147 bool (*cb)(const char *string, regmatch_t matches[],
1148 void *private_data),
1151 struct parmlist_entry *data;
1155 ret = regcomp(®ex, regex_str, REG_ICASE);
1160 for (data = Globals.param_opt; data != NULL; data = data->next) {
1161 size_t keylen = strlen(data->key);
1163 regmatch_t matches[max_matches];
1166 memcpy(key, data->key, sizeof(key));
1167 discard_whitespace(key);
1169 ret = regexec(®ex, key, max_matches, matches, 0);
1170 if (ret == REG_NOMATCH) {
1177 stop = cb(key, matches, private_data);
1190 #define MISSING_PARAMETER(name) \
1191 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1193 /*******************************************************************
1194 convenience routine to return enum parameters.
1195 ********************************************************************/
1196 static int lp_enum(const char *s,const struct enum_list *_enum)
1200 if (!s || !*s || !_enum) {
1201 MISSING_PARAMETER(lp_enum);
1205 for (i=0; _enum[i].name; i++) {
1206 if (strequal(_enum[i].name,s))
1207 return _enum[i].value;
1210 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1214 #undef MISSING_PARAMETER
1216 /* Return parametric option from a given service. Type is a part of option before ':' */
1217 /* Parametric option has following syntax: 'Type: option = value' */
1218 char *lp_parm_talloc_string(TALLOC_CTX *ctx, int snum, const char *type, const char *option, const char *def)
1220 struct parmlist_entry *data = get_parametrics(snum, type, option);
1222 if (data == NULL||data->value==NULL) {
1224 return lp_string(ctx, def);
1230 return lp_string(ctx, data->value);
1233 /* Return parametric option from a given service. Type is a part of option before ':' */
1234 /* Parametric option has following syntax: 'Type: option = value' */
1235 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1237 struct parmlist_entry *data = get_parametrics(snum, type, option);
1239 if (data == NULL||data->value==NULL)
1246 /* Return parametric option from a given service. Type is a part of option before ':' */
1247 /* Parametric option has following syntax: 'Type: option = value' */
1249 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1251 struct parmlist_entry *data = get_parametrics(snum, type, option);
1253 if (data == NULL||data->value==NULL)
1254 return (const char **)def;
1256 if (data->list==NULL) {
1257 data->list = str_list_make_v3(NULL, data->value, NULL);
1260 return discard_const_p(const char *, data->list);
1263 /* Return parametric option from a given service. Type is a part of option before ':' */
1264 /* Parametric option has following syntax: 'Type: option = value' */
1266 int lp_parm_int(int snum, const char *type, const char *option, int def)
1268 struct parmlist_entry *data = get_parametrics(snum, type, option);
1270 if (data && data->value && *data->value)
1271 return lp_int(data->value);
1276 /* Return parametric option from a given service. Type is a part of option before ':' */
1277 /* Parametric option has following syntax: 'Type: option = value' */
1279 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1281 struct parmlist_entry *data = get_parametrics(snum, type, option);
1283 if (data && data->value && *data->value)
1284 return lp_ulong(data->value);
1289 /* Return parametric option from a given service. Type is a part of option before ':' */
1290 /* Parametric option has following syntax: 'Type: option = value' */
1292 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1293 const char *option, unsigned long long def)
1295 struct parmlist_entry *data = get_parametrics(snum, type, option);
1297 if (data && data->value && *data->value) {
1298 return lp_ulonglong(data->value);
1304 /* Return parametric option from a given service. Type is a part of option
1306 /* Parametric option has following syntax: 'Type: option = value' */
1308 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1310 struct parmlist_entry *data = get_parametrics(snum, type, option);
1312 if (data && data->value && *data->value)
1313 return lp_bool(data->value);
1318 /* Return parametric option from a given service. Type is a part of option before ':' */
1319 /* Parametric option has following syntax: 'Type: option = value' */
1321 int lp_parm_enum(int snum, const char *type, const char *option,
1322 const struct enum_list *_enum, int def)
1324 struct parmlist_entry *data = get_parametrics(snum, type, option);
1326 if (data && data->value && *data->value && _enum)
1327 return lp_enum(data->value, _enum);
1333 * free a param_opts structure.
1334 * param_opts handling should be moved to talloc;
1335 * then this whole functions reduces to a TALLOC_FREE().
1338 static void free_param_opts(struct parmlist_entry **popts)
1340 struct parmlist_entry *opt, *next_opt;
1342 if (*popts != NULL) {
1343 DEBUG(5, ("Freeing parametrics:\n"));
1346 while (opt != NULL) {
1347 lpcfg_string_free(&opt->key);
1348 lpcfg_string_free(&opt->value);
1349 TALLOC_FREE(opt->list);
1350 next_opt = opt->next;
1357 /***************************************************************************
1358 Free the dynamically allocated parts of a service struct.
1359 ***************************************************************************/
1361 static void free_service(struct loadparm_service *pservice)
1366 if (pservice->szService)
1367 DEBUG(5, ("free_service: Freeing service %s\n",
1368 pservice->szService));
1370 free_parameters(pservice);
1372 lpcfg_string_free(&pservice->szService);
1373 TALLOC_FREE(pservice->copymap);
1375 free_param_opts(&pservice->param_opt);
1377 ZERO_STRUCTP(pservice);
1381 /***************************************************************************
1382 remove a service indexed in the ServicePtrs array from the ServiceHash
1383 and free the dynamically allocated parts
1384 ***************************************************************************/
1386 static void free_service_byindex(int idx)
1388 if ( !LP_SNUM_OK(idx) )
1391 ServicePtrs[idx]->valid = false;
1393 /* we have to cleanup the hash record */
1395 if (ServicePtrs[idx]->szService) {
1396 char *canon_name = canonicalize_servicename(
1398 ServicePtrs[idx]->szService );
1400 dbwrap_delete_bystring(ServiceHash, canon_name );
1401 TALLOC_FREE(canon_name);
1404 free_service(ServicePtrs[idx]);
1405 TALLOC_FREE(ServicePtrs[idx]);
1408 /***************************************************************************
1409 Add a new service to the services array initialising it with the given
1411 ***************************************************************************/
1413 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1416 struct loadparm_service **tsp = NULL;
1418 /* it might already exist */
1420 i = getservicebyname(name, NULL);
1426 /* Re use empty slots if any before allocating new one.*/
1427 for (i=0; i < iNumServices; i++) {
1428 if (ServicePtrs[i] == NULL) {
1432 if (i == iNumServices) {
1433 /* if not, then create one */
1434 tsp = talloc_realloc(NULL, ServicePtrs,
1435 struct loadparm_service *,
1438 DEBUG(0, ("add_a_service: failed to enlarge "
1445 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1446 if (!ServicePtrs[i]) {
1447 DEBUG(0,("add_a_service: out of memory!\n"));
1451 ServicePtrs[i]->valid = true;
1453 copy_service(ServicePtrs[i], pservice, NULL);
1455 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1458 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1459 i, ServicePtrs[i]->szService));
1461 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1468 /***************************************************************************
1469 Convert a string to uppercase and remove whitespaces.
1470 ***************************************************************************/
1472 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1477 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1481 result = talloc_strdup(ctx, src);
1482 SMB_ASSERT(result != NULL);
1484 if (!strlower_m(result)) {
1485 TALLOC_FREE(result);
1491 /***************************************************************************
1492 Add a name/index pair for the services array to the hash table.
1493 ***************************************************************************/
1495 static bool hash_a_service(const char *name, int idx)
1499 if ( !ServiceHash ) {
1500 DEBUG(10,("hash_a_service: creating servicehash\n"));
1501 ServiceHash = db_open_rbt(NULL);
1502 if ( !ServiceHash ) {
1503 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1508 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1511 canon_name = canonicalize_servicename(talloc_tos(), name );
1513 dbwrap_store_bystring(ServiceHash, canon_name,
1514 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1517 TALLOC_FREE(canon_name);
1522 /***************************************************************************
1523 Add a new home service, with the specified home directory, defaults coming
1525 ***************************************************************************/
1527 bool lp_add_home(const char *pszHomename, int iDefaultService,
1528 const char *user, const char *pszHomedir)
1532 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1533 pszHomedir[0] == '\0') {
1537 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1542 if (!(*(ServicePtrs[iDefaultService]->path))
1543 || strequal(ServicePtrs[iDefaultService]->path,
1544 lp_path(talloc_tos(), GLOBAL_SECTION_SNUM))) {
1545 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1549 if (!(*(ServicePtrs[i]->comment))) {
1550 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1551 if (comment == NULL) {
1554 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1556 TALLOC_FREE(comment);
1559 /* set the browseable flag from the global default */
1561 ServicePtrs[i]->browseable = sDefault.browseable;
1562 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1564 ServicePtrs[i]->autoloaded = true;
1566 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1567 user, ServicePtrs[i]->path ));
1572 /***************************************************************************
1573 Add a new service, based on an old one.
1574 ***************************************************************************/
1576 int lp_add_service(const char *pszService, int iDefaultService)
1578 if (iDefaultService < 0) {
1579 return add_a_service(&sDefault, pszService);
1582 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1585 /***************************************************************************
1586 Add the IPC service.
1587 ***************************************************************************/
1589 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1591 char *comment = NULL;
1592 int i = add_a_service(&sDefault, ipc_name);
1597 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1598 Globals.server_string);
1599 if (comment == NULL) {
1603 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1604 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1605 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1606 ServicePtrs[i]->max_connections = 0;
1607 ServicePtrs[i]->available = true;
1608 ServicePtrs[i]->read_only = true;
1609 ServicePtrs[i]->guest_only = false;
1610 ServicePtrs[i]->administrative_share = true;
1611 ServicePtrs[i]->guest_ok = guest_ok;
1612 ServicePtrs[i]->printable = false;
1613 ServicePtrs[i]->browseable = sDefault.browseable;
1614 ServicePtrs[i]->autoloaded = false;
1616 DEBUG(3, ("adding IPC service\n"));
1618 TALLOC_FREE(comment);
1622 /***************************************************************************
1623 Add a new printer service, with defaults coming from service iFrom.
1624 ***************************************************************************/
1626 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1628 const char *comment = "From Printcap";
1629 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1634 /* note that we do NOT default the availability flag to true - */
1635 /* we take it from the default service passed. This allows all */
1636 /* dynamic printers to be disabled by disabling the [printers] */
1637 /* entry (if/when the 'available' keyword is implemented!). */
1639 /* the printer name is set to the service name. */
1640 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1642 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1644 /* set the browseable flag from the gloabl default */
1645 ServicePtrs[i]->browseable = sDefault.browseable;
1647 /* Printers cannot be read_only. */
1648 ServicePtrs[i]->read_only = false;
1649 /* No oplocks on printer services. */
1650 ServicePtrs[i]->oplocks = false;
1651 /* Printer services must be printable. */
1652 ServicePtrs[i]->printable = true;
1654 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1660 /***************************************************************************
1661 Check whether the given parameter name is valid.
1662 Parametric options (names containing a colon) are considered valid.
1663 ***************************************************************************/
1665 bool lp_parameter_is_valid(const char *pszParmName)
1667 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1668 (strchr(pszParmName, ':') != NULL));
1671 /***************************************************************************
1672 Check whether the given name is the name of a global parameter.
1673 Returns true for strings belonging to parameters of class
1674 P_GLOBAL, false for all other strings, also for parametric options
1675 and strings not belonging to any option.
1676 ***************************************************************************/
1678 bool lp_parameter_is_global(const char *pszParmName)
1680 int num = lpcfg_map_parameter(pszParmName);
1683 return (parm_table[num].p_class == P_GLOBAL);
1689 /**************************************************************************
1690 Determine the canonical name for a parameter.
1691 Indicate when it is an inverse (boolean) synonym instead of a
1693 **************************************************************************/
1695 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1700 if (!lp_parameter_is_valid(parm_name)) {
1705 num = map_parameter_canonical(parm_name, inverse);
1707 /* parametric option */
1708 *canon_parm = parm_name;
1710 *canon_parm = parm_table[num].label;
1717 /**************************************************************************
1718 Determine the canonical name for a parameter.
1719 Turn the value given into the inverse boolean expression when
1720 the synonym is an invers boolean synonym.
1723 - parm_name is a valid parameter name and
1724 - val is a valid value for this parameter and
1725 - in case the parameter is an inverse boolean synonym, if the val
1726 string could successfully be converted to the reverse bool.
1727 Return false in all other cases.
1728 **************************************************************************/
1730 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1732 const char **canon_parm,
1733 const char **canon_val)
1739 if (!lp_parameter_is_valid(parm_name)) {
1745 num = map_parameter_canonical(parm_name, &inverse);
1747 /* parametric option */
1748 *canon_parm = parm_name;
1753 *canon_parm = parm_table[num].label;
1755 if (!lp_invert_boolean(val, canon_val)) {
1763 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1768 /***************************************************************************
1769 Map a parameter's string representation to the index of the canonical
1770 form of the parameter (it might be a synonym).
1771 Returns -1 if the parameter string is not recognised.
1772 ***************************************************************************/
1774 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1776 int parm_num, canon_num;
1777 bool loc_inverse = false;
1779 parm_num = lpcfg_map_parameter(pszParmName);
1780 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1781 /* invalid, parametric or no canidate for synonyms ... */
1785 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1786 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1787 parm_num = canon_num;
1793 if (inverse != NULL) {
1794 *inverse = loc_inverse;
1799 /***************************************************************************
1800 return true if parameter number parm1 is a synonym of parameter
1801 number parm2 (parm2 being the principal name).
1802 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1804 ***************************************************************************/
1806 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1808 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1809 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1810 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1811 !(parm_table[parm2].flags & FLAG_SYNONYM))
1813 if (inverse != NULL) {
1814 if ((parm_table[parm1].type == P_BOOLREV) &&
1815 (parm_table[parm2].type == P_BOOL))
1827 /***************************************************************************
1828 Show one parameter's name, type, [values,] and flags.
1829 (helper functions for show_parameter_list)
1830 ***************************************************************************/
1832 static void show_parameter(int parmIndex)
1834 int enumIndex, flagIndex;
1839 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1840 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1841 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1842 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1843 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1845 printf("%s=%s", parm_table[parmIndex].label,
1846 type[parm_table[parmIndex].type]);
1847 if (parm_table[parmIndex].type == P_ENUM) {
1850 parm_table[parmIndex].enum_list[enumIndex].name;
1854 enumIndex ? "|" : "",
1855 parm_table[parmIndex].enum_list[enumIndex].name);
1860 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1861 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1864 flag_names[flagIndex]);
1869 /* output synonyms */
1871 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1872 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1873 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1874 parm_table[parmIndex2].label);
1875 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1877 printf(" (synonyms: ");
1882 printf("%s%s", parm_table[parmIndex2].label,
1883 inverse ? "[i]" : "");
1894 * Check the value for a P_ENUM
1896 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1900 for (i = 0; parm->enum_list[i].name; i++) {
1901 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1908 /**************************************************************************
1909 Check whether the given value is valid for the given parameter name.
1910 **************************************************************************/
1912 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1914 bool ret = false, tmp_bool;
1915 int num = lpcfg_map_parameter(parm_name), tmp_int;
1916 uint64_t tmp_int64 = 0;
1917 struct parm_struct *parm;
1919 /* parametric options (parameter names containing a colon) cannot
1920 be checked and are therefore considered valid. */
1921 if (strchr(parm_name, ':') != NULL) {
1926 parm = &parm_table[num];
1927 switch (parm->type) {
1930 ret = set_boolean(val, &tmp_bool);
1934 ret = (sscanf(val, "%d", &tmp_int) == 1);
1938 ret = (sscanf(val, "%o", &tmp_int) == 1);
1942 ret = check_enum_parameter(parm, val);
1946 if (conv_str_size_error(val, &tmp_int64) &&
1947 tmp_int64 <= INT_MAX) {
1964 /***************************************************************************
1965 Show all parameter's name, type, [values,] and flags.
1966 ***************************************************************************/
1968 void show_parameter_list(void)
1970 int classIndex, parmIndex;
1971 const char *section_names[] = { "local", "global", NULL};
1973 for (classIndex=0; section_names[classIndex]; classIndex++) {
1974 printf("[%s]\n", section_names[classIndex]);
1975 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
1976 if (parm_table[parmIndex].p_class == classIndex) {
1977 show_parameter(parmIndex);
1983 /***************************************************************************
1984 Get the standard string representation of a boolean value ("yes" or "no")
1985 ***************************************************************************/
1987 static const char *get_boolean(bool bool_value)
1989 static const char *yes_str = "yes";
1990 static const char *no_str = "no";
1992 return (bool_value ? yes_str : no_str);
1995 /***************************************************************************
1996 Provide the string of the negated boolean value associated to the boolean
1997 given as a string. Returns false if the passed string does not correctly
1998 represent a boolean.
1999 ***************************************************************************/
2001 bool lp_invert_boolean(const char *str, const char **inverse_str)
2005 if (!set_boolean(str, &val)) {
2009 *inverse_str = get_boolean(!val);
2013 /***************************************************************************
2014 Provide the canonical string representation of a boolean value given
2015 as a string. Return true on success, false if the string given does
2016 not correctly represent a boolean.
2017 ***************************************************************************/
2019 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2023 if (!set_boolean(str, &val)) {
2027 *canon_str = get_boolean(val);
2031 /***************************************************************************
2032 Find a service by name. Otherwise works like get_service.
2033 ***************************************************************************/
2035 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2042 if (ServiceHash == NULL) {
2046 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2048 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2051 if (NT_STATUS_IS_OK(status) &&
2052 (data.dptr != NULL) &&
2053 (data.dsize == sizeof(iService)))
2055 memcpy(&iService, data.dptr, sizeof(iService));
2058 TALLOC_FREE(canon_name);
2060 if ((iService != -1) && (LP_SNUM_OK(iService))
2061 && (pserviceDest != NULL)) {
2062 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2068 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2069 struct loadparm_service *lp_service(const char *pszServiceName)
2071 int iService = getservicebyname(pszServiceName, NULL);
2072 if (iService == -1 || !LP_SNUM_OK(iService)) {
2075 return ServicePtrs[iService];
2078 struct loadparm_service *lp_servicebynum(int snum)
2080 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2083 return ServicePtrs[snum];
2086 struct loadparm_service *lp_default_loadparm_service()
2091 static struct smbconf_ctx *lp_smbconf_ctx(void)
2094 static struct smbconf_ctx *conf_ctx = NULL;
2096 if (conf_ctx == NULL) {
2097 err = smbconf_init(NULL, &conf_ctx, "registry:");
2098 if (!SBC_ERROR_IS_OK(err)) {
2099 DEBUG(1, ("error initializing registry configuration: "
2100 "%s\n", sbcErrorString(err)));
2108 static bool process_smbconf_service(struct smbconf_service *service)
2113 if (service == NULL) {
2117 ret = lp_do_section(service->name, NULL);
2121 for (count = 0; count < service->num_params; count++) {
2123 if (!bInGlobalSection && bGlobalOnly) {
2126 const char *pszParmName = service->param_names[count];
2127 const char *pszParmValue = service->param_values[count];
2129 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2131 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2132 pszParmName, pszParmValue);
2139 if (iServiceIndex >= 0) {
2140 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2146 * load a service from registry and activate it
2148 bool process_registry_service(const char *service_name)
2151 struct smbconf_service *service = NULL;
2152 TALLOC_CTX *mem_ctx = talloc_stackframe();
2153 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2156 if (conf_ctx == NULL) {
2160 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2162 if (!smbconf_share_exists(conf_ctx, service_name)) {
2164 * Registry does not contain data for this service (yet),
2165 * but make sure lp_load doesn't return false.
2171 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2172 if (!SBC_ERROR_IS_OK(err)) {
2176 ret = process_smbconf_service(service);
2182 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2185 TALLOC_FREE(mem_ctx);
2190 * process_registry_globals
2192 static bool process_registry_globals(void)
2196 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2198 if (!bInGlobalSection && bGlobalOnly) {
2201 const char *pszParmName = "registry shares";
2202 const char *pszParmValue = "yes";
2204 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2206 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2207 pszParmName, pszParmValue);
2214 return process_registry_service(GLOBAL_NAME);
2217 bool process_registry_shares(void)
2221 struct smbconf_service **service = NULL;
2222 uint32_t num_shares = 0;
2223 TALLOC_CTX *mem_ctx = talloc_stackframe();
2224 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2227 if (conf_ctx == NULL) {
2231 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2232 if (!SBC_ERROR_IS_OK(err)) {
2238 for (count = 0; count < num_shares; count++) {
2239 if (strequal(service[count]->name, GLOBAL_NAME)) {
2242 ret = process_smbconf_service(service[count]);
2249 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2252 TALLOC_FREE(mem_ctx);
2257 * reload those shares from registry that are already
2258 * activated in the services array.
2260 static bool reload_registry_shares(void)
2265 for (i = 0; i < iNumServices; i++) {
2270 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2274 ret = process_registry_service(ServicePtrs[i]->szService);
2285 #define MAX_INCLUDE_DEPTH 100
2287 static uint8_t include_depth;
2290 * Free the file lists
2292 static void free_file_list(void)
2294 struct file_lists *f;
2295 struct file_lists *next;
2308 * Utility function for outsiders to check if we're running on registry.
2310 bool lp_config_backend_is_registry(void)
2312 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2316 * Utility function to check if the config backend is FILE.
2318 bool lp_config_backend_is_file(void)
2320 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2323 /*******************************************************************
2324 Check if a config file has changed date.
2325 ********************************************************************/
2327 bool lp_file_list_changed(void)
2329 struct file_lists *f = file_lists;
2331 DEBUG(6, ("lp_file_list_changed()\n"));
2334 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2335 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2337 if (conf_ctx == NULL) {
2340 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2343 DEBUGADD(6, ("registry config changed\n"));
2350 n2 = talloc_sub_basic(talloc_tos(),
2351 get_current_username(),
2352 current_user_info.domain,
2357 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2358 f->name, n2, ctime(&f->modtime)));
2360 mod_time = file_modtime(n2);
2363 ((f->modtime != mod_time) ||
2364 (f->subfname == NULL) ||
2365 (strcmp(n2, f->subfname) != 0)))
2368 ("file %s modified: %s\n", n2,
2370 f->modtime = mod_time;
2371 TALLOC_FREE(f->subfname);
2372 f->subfname = talloc_strdup(f, n2);
2373 if (f->subfname == NULL) {
2374 smb_panic("talloc_strdup failed");
2388 * Initialize iconv conversion descriptors.
2390 * This is called the first time it is needed, and also called again
2391 * every time the configuration is reloaded, because the charset or
2392 * codepage might have changed.
2394 static void init_iconv(void)
2396 struct smb_iconv_handle *ret = NULL;
2398 ret = reinit_iconv_handle(NULL,
2402 smb_panic("reinit_iconv_handle failed");
2406 /***************************************************************************
2407 Handle the include operation.
2408 ***************************************************************************/
2409 static bool bAllowIncludeRegistry = true;
2411 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2412 const char *pszParmValue, char **ptr)
2416 if (include_depth >= MAX_INCLUDE_DEPTH) {
2417 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2422 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2423 if (!bAllowIncludeRegistry) {
2426 if (lp_ctx->bInGlobalSection) {
2429 ret = process_registry_globals();
2433 DEBUG(1, ("\"include = registry\" only effective "
2434 "in %s section\n", GLOBAL_NAME));
2439 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2440 current_user_info.domain,
2443 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2445 if (service == NULL) {
2446 lpcfg_string_set(Globals.ctx, ptr, fname);
2448 lpcfg_string_set(service, ptr, fname);
2451 if (file_exist(fname)) {
2454 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2460 DEBUG(2, ("Can't find include file %s\n", fname));
2465 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2467 char *config_option = NULL;
2468 const char *range = NULL;
2471 SMB_ASSERT(low != NULL);
2472 SMB_ASSERT(high != NULL);
2474 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2478 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2480 if (config_option == NULL) {
2481 DEBUG(0, ("out of memory\n"));
2485 range = lp_parm_const_string(-1, config_option, "range", NULL);
2486 if (range == NULL) {
2487 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2491 if (sscanf(range, "%u - %u", low, high) != 2) {
2492 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2493 range, domain_name));
2500 talloc_free(config_option);
2505 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2507 return lp_idmap_range("*", low, high);
2510 const char *lp_idmap_backend(const char *domain_name)
2512 char *config_option = NULL;
2513 const char *backend = NULL;
2515 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2519 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2521 if (config_option == NULL) {
2522 DEBUG(0, ("out of memory\n"));
2526 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2527 if (backend == NULL) {
2528 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2533 talloc_free(config_option);
2537 const char *lp_idmap_default_backend(void)
2539 return lp_idmap_backend("*");
2542 /***************************************************************************
2543 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2544 ***************************************************************************/
2546 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2548 const char *suffix_string;
2550 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2551 Globals.ldap_suffix );
2552 if ( !suffix_string ) {
2553 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2557 return suffix_string;
2560 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2562 if (Globals._ldap_machine_suffix[0])
2563 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2565 return lp_string(ctx, Globals.ldap_suffix);
2568 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2570 if (Globals._ldap_user_suffix[0])
2571 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2573 return lp_string(ctx, Globals.ldap_suffix);
2576 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2578 if (Globals._ldap_group_suffix[0])
2579 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2581 return lp_string(ctx, Globals.ldap_suffix);
2584 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2586 if (Globals._ldap_idmap_suffix[0])
2587 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2589 return lp_string(ctx, Globals.ldap_suffix);
2593 return the parameter pointer for a parameter
2595 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2597 if (service == NULL) {
2598 if (parm->p_class == P_LOCAL)
2599 return (void *)(((char *)&sDefault)+parm->offset);
2600 else if (parm->p_class == P_GLOBAL)
2601 return (void *)(((char *)&Globals)+parm->offset);
2604 return (void *)(((char *)service) + parm->offset);
2608 /***************************************************************************
2609 Process a parameter for a particular service number. If snum < 0
2610 then assume we are in the globals.
2611 ***************************************************************************/
2613 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2615 TALLOC_CTX *frame = talloc_stackframe();
2616 struct loadparm_context *lp_ctx;
2619 lp_ctx = setup_lp_context(frame);
2620 if (lp_ctx == NULL) {
2626 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2628 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2629 pszParmName, pszParmValue);
2637 /***************************************************************************
2638 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2639 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2640 ***************************************************************************/
2642 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2645 parmnum = lpcfg_map_parameter(pszParmName);
2647 flags_list[parmnum] &= ~FLAG_CMDLINE;
2648 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2651 flags_list[parmnum] |= FLAG_CMDLINE;
2653 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2654 * be grouped in the table, so we don't have to search the
2657 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2658 && parm_table[i].p_class == parm_table[parmnum].p_class;
2660 flags_list[i] |= FLAG_CMDLINE;
2662 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2663 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2664 flags_list[i] |= FLAG_CMDLINE;
2670 /* it might be parametric */
2671 if (strchr(pszParmName, ':') != NULL) {
2672 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2676 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2680 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2683 TALLOC_CTX *frame = talloc_stackframe();
2684 struct loadparm_context *lp_ctx;
2686 lp_ctx = setup_lp_context(frame);
2687 if (lp_ctx == NULL) {
2692 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2698 /***************************************************************************
2699 Process a parameter.
2700 ***************************************************************************/
2702 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2705 if (!bInGlobalSection && bGlobalOnly)
2708 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2710 if (bInGlobalSection) {
2711 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2713 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2714 pszParmName, pszParmValue);
2718 /***************************************************************************
2719 Initialize any local variables in the sDefault table, after parsing a
2721 ***************************************************************************/
2723 static void init_locals(void)
2726 * We run this check once the [globals] is parsed, to force
2727 * the VFS objects and other per-share settings we need for
2728 * the standard way a AD DC is operated. We may change these
2729 * as our code evolves, which is why we force these settings.
2731 * We can't do this at the end of lp_load_ex(), as by that
2732 * point the services have been loaded and they will already
2733 * have "" as their vfs objects.
2735 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2736 const char **vfs_objects = lp_vfs_objects(-1);
2737 if (!vfs_objects || !vfs_objects[0]) {
2738 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2739 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2740 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2741 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2743 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2747 lp_do_parameter(-1, "map hidden", "no");
2748 lp_do_parameter(-1, "map system", "no");
2749 lp_do_parameter(-1, "map readonly", "no");
2750 lp_do_parameter(-1, "map archive", "no");
2751 lp_do_parameter(-1, "store dos attributes", "yes");
2755 /***************************************************************************
2756 Process a new section (service). At this stage all sections are services.
2757 Later we'll have special sections that permit server parameters to be set.
2758 Returns true on success, false on failure.
2759 ***************************************************************************/
2761 bool lp_do_section(const char *pszSectionName, void *userdata)
2763 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2765 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2766 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2769 /* if we were in a global section then do the local inits */
2770 if (bInGlobalSection && !isglobal)
2773 /* if we've just struck a global section, note the fact. */
2774 bInGlobalSection = isglobal;
2775 if (lp_ctx != NULL) {
2776 lp_ctx->bInGlobalSection = isglobal;
2779 /* check for multiple global sections */
2780 if (bInGlobalSection) {
2781 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2785 if (!bInGlobalSection && bGlobalOnly)
2788 /* if we have a current service, tidy it up before moving on */
2791 if (iServiceIndex >= 0)
2792 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2794 /* if all is still well, move to the next record in the services array */
2796 /* We put this here to avoid an odd message order if messages are */
2797 /* issued by the post-processing of a previous section. */
2798 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2800 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2801 if (iServiceIndex < 0) {
2802 DEBUG(0, ("Failed to add a new service\n"));
2805 /* Clean all parametric options for service */
2806 /* They will be added during parsing again */
2807 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2813 /***************************************************************************
2814 Display the contents of a parameter of a single services record.
2815 ***************************************************************************/
2817 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2819 bool result = false;
2820 struct loadparm_context *lp_ctx;
2822 lp_ctx = setup_lp_context(talloc_tos());
2823 if (lp_ctx == NULL) {
2828 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2830 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2832 TALLOC_FREE(lp_ctx);
2837 /***************************************************************************
2838 Display the contents of a single copy structure.
2839 ***************************************************************************/
2840 static void dump_copy_map(bool *pcopymap)
2846 printf("\n\tNon-Copied parameters:\n");
2848 for (i = 0; parm_table[i].label; i++)
2849 if (parm_table[i].p_class == P_LOCAL &&
2850 parm_table[i].ptr && !pcopymap[i] &&
2851 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2853 printf("\t\t%s\n", parm_table[i].label);
2858 /***************************************************************************
2859 Return TRUE if the passed service number is within range.
2860 ***************************************************************************/
2862 bool lp_snum_ok(int iService)
2864 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2867 /***************************************************************************
2868 Auto-load some home services.
2869 ***************************************************************************/
2871 static void lp_add_auto_services(char *str)
2881 s = talloc_strdup(talloc_tos(), str);
2883 smb_panic("talloc_strdup failed");
2887 homes = lp_servicenumber(HOMES_NAME);
2889 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2890 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2893 if (lp_servicenumber(p) >= 0)
2896 home = get_user_home_dir(talloc_tos(), p);
2898 if (home && home[0] && homes >= 0)
2899 lp_add_home(p, homes, p, home);
2906 /***************************************************************************
2907 Auto-load one printer.
2908 ***************************************************************************/
2910 void lp_add_one_printer(const char *name, const char *comment,
2911 const char *location, void *pdata)
2913 int printers = lp_servicenumber(PRINTERS_NAME);
2916 if (lp_servicenumber(name) < 0) {
2917 lp_add_printer(name, printers);
2918 if ((i = lp_servicenumber(name)) >= 0) {
2919 lpcfg_string_set(ServicePtrs[i],
2920 &ServicePtrs[i]->comment, comment);
2921 ServicePtrs[i]->autoloaded = true;
2926 /***************************************************************************
2927 Have we loaded a services file yet?
2928 ***************************************************************************/
2930 bool lp_loaded(void)
2935 /***************************************************************************
2936 Unload unused services.
2937 ***************************************************************************/
2939 void lp_killunused(struct smbd_server_connection *sconn,
2940 bool (*snumused) (struct smbd_server_connection *, int))
2943 for (i = 0; i < iNumServices; i++) {
2947 /* don't kill autoloaded or usershare services */
2948 if ( ServicePtrs[i]->autoloaded ||
2949 ServicePtrs[i]->usershare == USERSHARE_VALID) {
2953 if (!snumused || !snumused(sconn, i)) {
2954 free_service_byindex(i);
2960 * Kill all except autoloaded and usershare services - convenience wrapper
2962 void lp_kill_all_services(void)
2964 lp_killunused(NULL, NULL);
2967 /***************************************************************************
2969 ***************************************************************************/
2971 void lp_killservice(int iServiceIn)
2973 if (VALID(iServiceIn)) {
2974 free_service_byindex(iServiceIn);
2978 /***************************************************************************
2979 Save the curent values of all global and sDefault parameters into the
2980 defaults union. This allows testparm to show only the
2981 changed (ie. non-default) parameters.
2982 ***************************************************************************/
2984 static void lp_save_defaults(void)
2987 struct parmlist_entry * parm;
2988 for (i = 0; parm_table[i].label; i++) {
2989 if (!(flags_list[i] & FLAG_CMDLINE)) {
2990 flags_list[i] |= FLAG_DEFAULT;
2993 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
2994 && parm_table[i].p_class == parm_table[i - 1].p_class)
2996 switch (parm_table[i].type) {
2999 parm_table[i].def.lvalue = str_list_copy(
3000 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3006 &parm_table[i].def.svalue,
3007 *(char **)lp_parm_ptr(
3008 NULL, &parm_table[i]));
3009 if (parm_table[i].def.svalue == NULL) {
3010 smb_panic("lpcfg_string_set() failed");
3015 parm_table[i].def.bvalue =
3016 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3019 parm_table[i].def.cvalue =
3020 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3026 parm_table[i].def.ivalue =
3027 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3032 for (parm=Globals.param_opt; parm; parm=parm->next) {
3033 if (!(parm->priority & FLAG_CMDLINE)) {
3034 parm->priority |= FLAG_DEFAULT;
3038 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3039 if (!(parm->priority & FLAG_CMDLINE)) {
3040 parm->priority |= FLAG_DEFAULT;
3044 defaults_saved = true;
3047 /***********************************************************
3048 If we should send plaintext/LANMAN passwords in the clinet
3049 ************************************************************/
3051 static void set_allowed_client_auth(void)
3053 if (Globals.client_ntlmv2_auth) {
3054 Globals.client_lanman_auth = false;
3056 if (!Globals.client_lanman_auth) {
3057 Globals.client_plaintext_auth = false;
3061 /***************************************************************************
3063 The following code allows smbd to read a user defined share file.
3064 Yes, this is my intent. Yes, I'm comfortable with that...
3066 THE FOLLOWING IS SECURITY CRITICAL CODE.
3068 It washes your clothes, it cleans your house, it guards you while you sleep...
3069 Do not f%^k with it....
3070 ***************************************************************************/
3072 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3074 /***************************************************************************
3075 Check allowed stat state of a usershare file.
3076 Ensure we print out who is dicking with us so the admin can
3077 get their sorry ass fired.
3078 ***************************************************************************/
3080 static bool check_usershare_stat(const char *fname,
3081 const SMB_STRUCT_STAT *psbuf)
3083 if (!S_ISREG(psbuf->st_ex_mode)) {
3084 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3085 "not a regular file\n",
3086 fname, (unsigned int)psbuf->st_ex_uid ));
3090 /* Ensure this doesn't have the other write bit set. */
3091 if (psbuf->st_ex_mode & S_IWOTH) {
3092 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3093 "public write. Refusing to allow as a usershare file.\n",
3094 fname, (unsigned int)psbuf->st_ex_uid ));
3098 /* Should be 10k or less. */
3099 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3100 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3101 "too large (%u) to be a user share file.\n",
3102 fname, (unsigned int)psbuf->st_ex_uid,
3103 (unsigned int)psbuf->st_ex_size ));
3110 /***************************************************************************
3111 Parse the contents of a usershare file.
3112 ***************************************************************************/
3114 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3115 SMB_STRUCT_STAT *psbuf,
3116 const char *servicename,
3120 char **pp_sharepath,
3122 char **pp_cp_servicename,
3123 struct security_descriptor **ppsd,
3126 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3127 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3130 SMB_STRUCT_STAT sbuf;
3131 char *sharepath = NULL;
3132 char *comment = NULL;
3134 *pp_sharepath = NULL;
3137 *pallow_guest = false;
3140 return USERSHARE_MALFORMED_FILE;
3143 if (strcmp(lines[0], "#VERSION 1") == 0) {
3145 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3148 return USERSHARE_MALFORMED_FILE;
3151 return USERSHARE_BAD_VERSION;
3154 if (strncmp(lines[1], "path=", 5) != 0) {
3155 return USERSHARE_MALFORMED_PATH;
3158 sharepath = talloc_strdup(ctx, &lines[1][5]);
3160 return USERSHARE_POSIX_ERR;
3162 trim_string(sharepath, " ", " ");
3164 if (strncmp(lines[2], "comment=", 8) != 0) {
3165 return USERSHARE_MALFORMED_COMMENT_DEF;
3168 comment = talloc_strdup(ctx, &lines[2][8]);
3170 return USERSHARE_POSIX_ERR;
3172 trim_string(comment, " ", " ");
3173 trim_char(comment, '"', '"');
3175 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3176 return USERSHARE_MALFORMED_ACL_DEF;
3179 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3180 return USERSHARE_ACL_ERR;
3184 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3185 return USERSHARE_MALFORMED_ACL_DEF;
3187 if (lines[4][9] == 'y') {
3188 *pallow_guest = true;
3191 /* Backwards compatible extension to file version #2. */
3193 if (strncmp(lines[5], "sharename=", 10) != 0) {
3194 return USERSHARE_MALFORMED_SHARENAME_DEF;
3196 if (!strequal(&lines[5][10], servicename)) {
3197 return USERSHARE_BAD_SHARENAME;
3199 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3200 if (!*pp_cp_servicename) {
3201 return USERSHARE_POSIX_ERR;
3206 if (*pp_cp_servicename == NULL) {
3207 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3208 if (!*pp_cp_servicename) {
3209 return USERSHARE_POSIX_ERR;
3213 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3214 /* Path didn't change, no checks needed. */
3215 *pp_sharepath = sharepath;
3216 *pp_comment = comment;
3217 return USERSHARE_OK;
3220 /* The path *must* be absolute. */
3221 if (sharepath[0] != '/') {
3222 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3223 servicename, sharepath));
3224 return USERSHARE_PATH_NOT_ABSOLUTE;
3227 /* If there is a usershare prefix deny list ensure one of these paths
3228 doesn't match the start of the user given path. */
3229 if (prefixdenylist) {
3231 for ( i=0; prefixdenylist[i]; i++ ) {
3232 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3233 servicename, i, prefixdenylist[i], sharepath ));
3234 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3235 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3236 "usershare prefix deny list entries.\n",
3237 servicename, sharepath));
3238 return USERSHARE_PATH_IS_DENIED;
3243 /* If there is a usershare prefix allow list ensure one of these paths
3244 does match the start of the user given path. */
3246 if (prefixallowlist) {
3248 for ( i=0; prefixallowlist[i]; i++ ) {
3249 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3250 servicename, i, prefixallowlist[i], sharepath ));
3251 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3255 if (prefixallowlist[i] == NULL) {
3256 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3257 "usershare prefix allow list entries.\n",
3258 servicename, sharepath));
3259 return USERSHARE_PATH_NOT_ALLOWED;
3263 /* Ensure this is pointing to a directory. */
3264 dp = opendir(sharepath);
3267 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3268 servicename, sharepath));
3269 return USERSHARE_PATH_NOT_DIRECTORY;
3272 /* Ensure the owner of the usershare file has permission to share
3275 if (sys_stat(sharepath, &sbuf, false) == -1) {
3276 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3277 servicename, sharepath, strerror(errno) ));
3279 return USERSHARE_POSIX_ERR;
3284 if (!S_ISDIR(sbuf.st_ex_mode)) {
3285 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3286 servicename, sharepath ));
3287 return USERSHARE_PATH_NOT_DIRECTORY;
3290 /* Check if sharing is restricted to owner-only. */
3291 /* psbuf is the stat of the usershare definition file,
3292 sbuf is the stat of the target directory to be shared. */
3294 if (lp_usershare_owner_only()) {
3295 /* root can share anything. */
3296 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3297 return USERSHARE_PATH_NOT_ALLOWED;
3301 *pp_sharepath = sharepath;
3302 *pp_comment = comment;
3303 return USERSHARE_OK;
3306 /***************************************************************************
3307 Deal with a usershare file.
3310 -1 - Bad name, invalid contents.
3311 - service name already existed and not a usershare, problem
3312 with permissions to share directory etc.
3313 ***************************************************************************/
3315 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3317 SMB_STRUCT_STAT sbuf;
3318 SMB_STRUCT_STAT lsbuf;
3320 char *sharepath = NULL;
3321 char *comment = NULL;
3322 char *cp_service_name = NULL;
3323 char **lines = NULL;
3327 TALLOC_CTX *ctx = talloc_stackframe();
3328 struct security_descriptor *psd = NULL;
3329 bool guest_ok = false;
3330 char *canon_name = NULL;
3331 bool added_service = false;
3334 /* Ensure share name doesn't contain invalid characters. */
3335 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3336 DEBUG(0,("process_usershare_file: share name %s contains "
3337 "invalid characters (any of %s)\n",
3338 file_name, INVALID_SHARENAME_CHARS ));
3342 canon_name = canonicalize_servicename(ctx, file_name);
3347 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3352 /* Minimize the race condition by doing an lstat before we
3353 open and fstat. Ensure this isn't a symlink link. */
3355 if (sys_lstat(fname, &lsbuf, false) != 0) {
3356 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3357 fname, strerror(errno) ));
3361 /* This must be a regular file, not a symlink, directory or
3362 other strange filetype. */
3363 if (!check_usershare_stat(fname, &lsbuf)) {
3371 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3376 if (NT_STATUS_IS_OK(status) &&
3377 (data.dptr != NULL) &&
3378 (data.dsize == sizeof(iService))) {
3379 memcpy(&iService, data.dptr, sizeof(iService));
3383 if (iService != -1 &&
3384 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3385 &lsbuf.st_ex_mtime) == 0) {
3386 /* Nothing changed - Mark valid and return. */
3387 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3389 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3394 /* Try and open the file read only - no symlinks allowed. */
3396 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3398 fd = open(fname, O_RDONLY, 0);
3402 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3403 fname, strerror(errno) ));
3407 /* Now fstat to be *SURE* it's a regular file. */
3408 if (sys_fstat(fd, &sbuf, false) != 0) {
3410 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3411 fname, strerror(errno) ));
3415 /* Is it the same dev/inode as was lstated ? */
3416 if (!check_same_stat(&lsbuf, &sbuf)) {
3418 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3419 "Symlink spoofing going on ?\n", fname ));
3423 /* This must be a regular file, not a symlink, directory or
3424 other strange filetype. */
3425 if (!check_usershare_stat(fname, &sbuf)) {
3430 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3433 if (lines == NULL) {
3434 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3435 fname, (unsigned int)sbuf.st_ex_uid ));
3439 if (parse_usershare_file(ctx, &sbuf, file_name,
3440 iService, lines, numlines, &sharepath,
3441 &comment, &cp_service_name,
3442 &psd, &guest_ok) != USERSHARE_OK) {
3446 /* Everything ok - add the service possibly using a template. */
3448 const struct loadparm_service *sp = &sDefault;
3449 if (snum_template != -1) {
3450 sp = ServicePtrs[snum_template];
3453 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3454 DEBUG(0, ("process_usershare_file: Failed to add "
3455 "new service %s\n", cp_service_name));
3459 added_service = true;
3461 /* Read only is controlled by usershare ACL below. */
3462 ServicePtrs[iService]->read_only = false;
3465 /* Write the ACL of the new/modified share. */
3466 if (!set_share_security(canon_name, psd)) {
3467 DEBUG(0, ("process_usershare_file: Failed to set share "
3468 "security for user share %s\n",
3473 /* If from a template it may be marked invalid. */
3474 ServicePtrs[iService]->valid = true;
3476 /* Set the service as a valid usershare. */
3477 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3479 /* Set guest access. */
3480 if (lp_usershare_allow_guests()) {
3481 ServicePtrs[iService]->guest_ok = guest_ok;
3484 /* And note when it was loaded. */
3485 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3486 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3488 lpcfg_string_set(ServicePtrs[iService],
3489 &ServicePtrs[iService]->comment, comment);
3495 if (ret == -1 && iService != -1 && added_service) {
3496 lp_remove_service(iService);
3504 /***************************************************************************
3505 Checks if a usershare entry has been modified since last load.
3506 ***************************************************************************/
3508 static bool usershare_exists(int iService, struct timespec *last_mod)
3510 SMB_STRUCT_STAT lsbuf;
3511 const char *usersharepath = Globals.usershare_path;
3514 fname = talloc_asprintf(talloc_tos(),
3517 ServicePtrs[iService]->szService);
3518 if (fname == NULL) {
3522 if (sys_lstat(fname, &lsbuf, false) != 0) {
3527 if (!S_ISREG(lsbuf.st_ex_mode)) {
3533 *last_mod = lsbuf.st_ex_mtime;
3537 static bool usershare_directory_is_root(uid_t uid)
3543 if (uid_wrapper_enabled()) {
3550 /***************************************************************************
3551 Load a usershare service by name. Returns a valid servicenumber or -1.
3552 ***************************************************************************/
3554 int load_usershare_service(const char *servicename)
3556 SMB_STRUCT_STAT sbuf;
3557 const char *usersharepath = Globals.usershare_path;
3558 int max_user_shares = Globals.usershare_max_shares;
3559 int snum_template = -1;
3561 if (*usersharepath == 0 || max_user_shares == 0) {
3565 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3566 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3567 usersharepath, strerror(errno) ));
3571 if (!S_ISDIR(sbuf.st_ex_mode)) {
3572 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3578 * This directory must be owned by root, and have the 't' bit set.
3579 * It also must not be writable by "other".
3583 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3584 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3586 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3587 (sbuf.st_ex_mode & S_IWOTH)) {
3589 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3590 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3595 /* Ensure the template share exists if it's set. */
3596 if (Globals.usershare_template_share[0]) {
3597 /* We can't use lp_servicenumber here as we are recommending that
3598 template shares have -valid=false set. */
3599 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3600 if (ServicePtrs[snum_template]->szService &&
3601 strequal(ServicePtrs[snum_template]->szService,
3602 Globals.usershare_template_share)) {
3607 if (snum_template == -1) {
3608 DEBUG(0,("load_usershare_service: usershare template share %s "
3609 "does not exist.\n",
3610 Globals.usershare_template_share ));
3615 return process_usershare_file(usersharepath, servicename, snum_template);
3618 /***************************************************************************
3619 Load all user defined shares from the user share directory.
3620 We only do this if we're enumerating the share list.
3621 This is the function that can delete usershares that have
3623 ***************************************************************************/
3625 int load_usershare_shares(struct smbd_server_connection *sconn,
3626 bool (*snumused) (struct smbd_server_connection *, int))
3629 SMB_STRUCT_STAT sbuf;
3631 int num_usershares = 0;
3632 int max_user_shares = Globals.usershare_max_shares;
3633 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3634 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3635 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3637 int snum_template = -1;
3638 const char *usersharepath = Globals.usershare_path;
3639 int ret = lp_numservices();
3640 TALLOC_CTX *tmp_ctx;
3642 if (max_user_shares == 0 || *usersharepath == '\0') {
3643 return lp_numservices();
3646 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3647 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3648 usersharepath, strerror(errno) ));
3653 * This directory must be owned by root, and have the 't' bit set.
3654 * It also must not be writable by "other".
3658 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3660 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3662 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3663 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3668 /* Ensure the template share exists if it's set. */
3669 if (Globals.usershare_template_share[0]) {
3670 /* We can't use lp_servicenumber here as we are recommending that
3671 template shares have -valid=false set. */
3672 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3673 if (ServicePtrs[snum_template]->szService &&
3674 strequal(ServicePtrs[snum_template]->szService,
3675 Globals.usershare_template_share)) {
3680 if (snum_template == -1) {
3681 DEBUG(0,("load_usershare_shares: usershare template share %s "
3682 "does not exist.\n",
3683 Globals.usershare_template_share ));
3688 /* Mark all existing usershares as pending delete. */
3689 for (iService = iNumServices - 1; iService >= 0; iService--) {
3690 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3691 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3695 dp = opendir(usersharepath);
3697 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3698 usersharepath, strerror(errno) ));
3702 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3704 num_dir_entries++ ) {
3706 const char *n = de->d_name;
3708 /* Ignore . and .. */
3710 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3716 /* Temporary file used when creating a share. */
3717 num_tmp_dir_entries++;
3720 /* Allow 20% tmp entries. */
3721 if (num_tmp_dir_entries > allowed_tmp_entries) {
3722 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3723 "in directory %s\n",
3724 num_tmp_dir_entries, usersharepath));
3728 r = process_usershare_file(usersharepath, n, snum_template);
3730 /* Update the services count. */
3732 if (num_usershares >= max_user_shares) {
3733 DEBUG(0,("load_usershare_shares: max user shares reached "
3734 "on file %s in directory %s\n",
3735 n, usersharepath ));
3738 } else if (r == -1) {
3739 num_bad_dir_entries++;
3742 /* Allow 20% bad entries. */
3743 if (num_bad_dir_entries > allowed_bad_entries) {
3744 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3745 "in directory %s\n",
3746 num_bad_dir_entries, usersharepath));
3750 /* Allow 20% bad entries. */
3751 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3752 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3753 "in directory %s\n",
3754 num_dir_entries, usersharepath));
3761 /* Sweep through and delete any non-refreshed usershares that are
3762 not currently in use. */
3763 tmp_ctx = talloc_stackframe();
3764 for (iService = iNumServices - 1; iService >= 0; iService--) {
3765 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3768 if (snumused && snumused(sconn, iService)) {
3772 servname = lp_servicename(tmp_ctx, iService);
3774 /* Remove from the share ACL db. */
3775 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3777 delete_share_security(servname);
3778 free_service_byindex(iService);
3781 talloc_free(tmp_ctx);
3783 return lp_numservices();
3786 /********************************************************
3787 Destroy global resources allocated in this file
3788 ********************************************************/
3790 void gfree_loadparm(void)
3796 /* Free resources allocated to services */
3798 for ( i = 0; i < iNumServices; i++ ) {
3800 free_service_byindex(i);
3804 TALLOC_FREE( ServicePtrs );
3807 /* Now release all resources allocated to global
3808 parameters and the default service */
3810 free_global_parameters();
3814 /***************************************************************************
3815 Allow client apps to specify that they are a client
3816 ***************************************************************************/
3817 static void lp_set_in_client(bool b)
3823 /***************************************************************************
3824 Determine if we're running in a client app
3825 ***************************************************************************/
3826 static bool lp_is_in_client(void)
3831 static void lp_enforce_ad_dc_settings(void)
3833 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3834 lp_do_parameter(GLOBAL_SECTION_SNUM,
3835 "winbindd:use external pipes", "true");
3836 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3837 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3838 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3839 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3840 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3841 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3842 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3843 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3844 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3847 /***************************************************************************
3848 Load the services array from the services file. Return true on success,
3850 ***************************************************************************/
3852 static bool lp_load_ex(const char *pszFname,
3856 bool reinit_globals,
3857 bool allow_include_registry,
3858 bool load_all_shares)
3862 TALLOC_CTX *frame = talloc_stackframe();
3863 struct loadparm_context *lp_ctx;
3867 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3869 bInGlobalSection = true;
3870 bGlobalOnly = global_only;
3871 bAllowIncludeRegistry = allow_include_registry;
3872 sDefault = _sDefault;
3874 lp_ctx = setup_lp_context(talloc_tos());
3876 init_globals(lp_ctx, reinit_globals);
3880 if (save_defaults) {
3885 if (!reinit_globals) {
3886 free_param_opts(&Globals.param_opt);
3887 apply_lp_set_cmdline();
3890 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3892 /* We get sections first, so have to start 'behind' to make up */
3895 if (lp_config_backend_is_file()) {
3896 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3897 current_user_info.domain,
3900 smb_panic("lp_load_ex: out of memory");
3903 add_to_file_list(NULL, &file_lists, pszFname, n2);
3905 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3908 /* finish up the last section */
3909 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3911 if (iServiceIndex >= 0) {
3912 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3916 if (lp_config_backend_is_registry()) {
3918 /* config backend changed to registry in config file */
3920 * We need to use this extra global variable here to
3921 * survive restart: init_globals uses this as a default
3922 * for config_backend. Otherwise, init_globals would
3923 * send us into an endless loop here.
3926 config_backend = CONFIG_BACKEND_REGISTRY;
3928 DEBUG(1, ("lp_load_ex: changing to config backend "
3930 init_globals(lp_ctx, true);
3932 TALLOC_FREE(lp_ctx);
3934 lp_kill_all_services();
3935 ok = lp_load_ex(pszFname, global_only, save_defaults,
3936 add_ipc, reinit_globals,
3937 allow_include_registry,
3942 } else if (lp_config_backend_is_registry()) {
3943 bRetval = process_registry_globals();
3945 DEBUG(0, ("Illegal config backend given: %d\n",
3946 lp_config_backend()));
3950 if (bRetval && lp_registry_shares()) {
3951 if (load_all_shares) {
3952 bRetval = process_registry_shares();
3954 bRetval = reload_registry_shares();
3959 char *serv = lp_auto_services(talloc_tos());
3960 lp_add_auto_services(serv);
3965 /* When 'restrict anonymous = 2' guest connections to ipc$
3967 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
3968 if ( lp_enable_asu_support() ) {
3969 lp_add_ipc("ADMIN$", false);
3973 set_allowed_client_auth();
3975 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
3976 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
3977 lp_password_server()));
3982 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
3983 /* if we_are_a_wins_server is true and we are in the client */
3984 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
3985 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
3990 fault_configure(smb_panic_s3);
3993 * We run this check once the whole smb.conf is parsed, to
3994 * force some settings for the standard way a AD DC is
3995 * operated. We may change these as our code evolves, which
3996 * is why we force these settings.
3998 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
3999 lp_enforce_ad_dc_settings();
4002 bAllowIncludeRegistry = true;
4008 static bool lp_load(const char *pszFname,
4012 bool reinit_globals)
4014 return lp_load_ex(pszFname,
4019 true, /* allow_include_registry */
4020 false); /* load_all_shares*/
4023 bool lp_load_initial_only(const char *pszFname)
4025 return lp_load_ex(pszFname,
4026 true, /* global only */
4027 true, /* save_defaults */
4028 false, /* add_ipc */
4029 true, /* reinit_globals */
4030 false, /* allow_include_registry */
4031 false); /* load_all_shares*/
4035 * most common lp_load wrapper, loading only the globals
4037 * If this is used in a daemon or client utility it should be called
4038 * after processing popt.
4040 bool lp_load_global(const char *file_name)
4042 return lp_load(file_name,
4043 true, /* global_only */
4044 false, /* save_defaults */
4045 false, /* add_ipc */
4046 true); /* reinit_globals */
4050 * The typical lp_load wrapper with shares, loads global and
4051 * shares, including IPC, but does not force immediate
4052 * loading of all shares from registry.
4054 bool lp_load_with_shares(const char *file_name)
4056 return lp_load(file_name,
4057 false, /* global_only */
4058 false, /* save_defaults */
4060 true); /* reinit_globals */
4064 * lp_load wrapper, especially for clients
4066 bool lp_load_client(const char *file_name)
4068 lp_set_in_client(true);
4070 return lp_load_global(file_name);
4074 * lp_load wrapper, loading only globals, but intended
4075 * for subsequent calls, not reinitializing the globals
4078 bool lp_load_global_no_reinit(const char *file_name)
4080 return lp_load(file_name,
4081 true, /* global_only */
4082 false, /* save_defaults */
4083 false, /* add_ipc */
4084 false); /* reinit_globals */
4088 * lp_load wrapper, loading globals and shares,
4089 * intended for subsequent calls, i.e. not reinitializing
4090 * the globals to default values.
4092 bool lp_load_no_reinit(const char *file_name)
4094 return lp_load(file_name,
4095 false, /* global_only */
4096 false, /* save_defaults */
4097 false, /* add_ipc */
4098 false); /* reinit_globals */
4103 * lp_load wrapper, especially for clients, no reinitialization
4105 bool lp_load_client_no_reinit(const char *file_name)
4107 lp_set_in_client(true);
4109 return lp_load_global_no_reinit(file_name);
4112 bool lp_load_with_registry_shares(const char *pszFname)
4114 return lp_load_ex(pszFname,
4115 false, /* global_only */
4116 true, /* save_defaults */
4117 false, /* add_ipc */
4118 false, /* reinit_globals */
4119 true, /* allow_include_registry */
4120 true); /* load_all_shares*/
4123 /***************************************************************************
4124 Return the max number of services.
4125 ***************************************************************************/
4127 int lp_numservices(void)
4129 return (iNumServices);
4132 /***************************************************************************
4133 Display the contents of the services array in human-readable form.
4134 ***************************************************************************/
4136 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4139 struct loadparm_context *lp_ctx;
4142 defaults_saved = false;
4144 lp_ctx = setup_lp_context(talloc_tos());
4145 if (lp_ctx == NULL) {
4149 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4151 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4153 for (iService = 0; iService < maxtoprint; iService++) {
4155 lp_dump_one(f, show_defaults, iService);
4159 /***************************************************************************
4160 Display the contents of one service in human-readable form.
4161 ***************************************************************************/
4163 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4166 if (ServicePtrs[snum]->szService[0] == '\0')
4168 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4169 flags_list, show_defaults);
4173 /***************************************************************************
4174 Return the number of the service with the given name, or -1 if it doesn't
4175 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4176 getservicebyname()! This works ONLY if all services have been loaded, and
4177 does not copy the found service.
4178 ***************************************************************************/
4180 int lp_servicenumber(const char *pszServiceName)
4183 fstring serviceName;
4185 if (!pszServiceName) {
4186 return GLOBAL_SECTION_SNUM;
4189 for (iService = iNumServices - 1; iService >= 0; iService--) {
4190 if (VALID(iService) && ServicePtrs[iService]->szService) {
4192 * The substitution here is used to support %U in
4195 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4196 standard_sub_basic(get_current_username(),
4197 current_user_info.domain,
4198 serviceName,sizeof(serviceName));
4199 if (strequal(serviceName, pszServiceName)) {
4205 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4206 struct timespec last_mod;
4208 if (!usershare_exists(iService, &last_mod)) {
4209 /* Remove the share security tdb entry for it. */
4210 delete_share_security(lp_servicename(talloc_tos(), iService));
4211 /* Remove it from the array. */
4212 free_service_byindex(iService);
4213 /* Doesn't exist anymore. */
4214 return GLOBAL_SECTION_SNUM;
4217 /* Has it been modified ? If so delete and reload. */
4218 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4220 /* Remove it from the array. */
4221 free_service_byindex(iService);
4222 /* and now reload it. */
4223 iService = load_usershare_service(pszServiceName);
4228 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4229 return GLOBAL_SECTION_SNUM;
4235 /*******************************************************************
4236 A useful volume label function.
4237 ********************************************************************/
4239 const char *volume_label(TALLOC_CTX *ctx, int snum)
4242 const char *label = lp_volume(ctx, snum);
4244 label = lp_servicename(ctx, snum);
4247 /* This returns a 33 byte guarenteed null terminated string. */
4248 ret = talloc_strndup(ctx, label, 32);
4255 /*******************************************************************
4256 Get the default server type we will announce as via nmbd.
4257 ********************************************************************/
4259 int lp_default_server_announce(void)
4261 int default_server_announce = 0;
4262 default_server_announce |= SV_TYPE_WORKSTATION;
4263 default_server_announce |= SV_TYPE_SERVER;
4264 default_server_announce |= SV_TYPE_SERVER_UNIX;
4266 /* note that the flag should be set only if we have a
4267 printer service but nmbd doesn't actually load the
4268 services so we can't tell --jerry */
4270 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4272 default_server_announce |= SV_TYPE_SERVER_NT;
4273 default_server_announce |= SV_TYPE_NT;
4275 switch (lp_server_role()) {
4276 case ROLE_DOMAIN_MEMBER:
4277 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4279 case ROLE_DOMAIN_PDC:
4280 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4282 case ROLE_DOMAIN_BDC:
4283 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4285 case ROLE_STANDALONE:
4289 if (lp_time_server())
4290 default_server_announce |= SV_TYPE_TIME_SOURCE;
4292 if (lp_host_msdfs())
4293 default_server_announce |= SV_TYPE_DFS_SERVER;
4295 return default_server_announce;
4298 /***********************************************************
4299 If we are PDC then prefer us as DMB
4300 ************************************************************/
4302 bool lp_domain_master(void)
4304 if (Globals._domain_master == Auto)
4305 return (lp_server_role() == ROLE_DOMAIN_PDC);
4307 return (bool)Globals._domain_master;
4310 /***********************************************************
4311 If we are PDC then prefer us as DMB
4312 ************************************************************/
4314 static bool lp_domain_master_true_or_auto(void)
4316 if (Globals._domain_master) /* auto or yes */
4322 /***********************************************************
4323 If we are DMB then prefer us as LMB
4324 ************************************************************/
4326 bool lp_preferred_master(void)
4328 int preferred_master = lp__preferred_master();
4330 if (preferred_master == Auto)
4331 return (lp_local_master() && lp_domain_master());
4333 return (bool)preferred_master;
4336 /*******************************************************************
4338 ********************************************************************/
4340 void lp_remove_service(int snum)
4342 ServicePtrs[snum]->valid = false;
4345 const char *lp_printername(TALLOC_CTX *ctx, int snum)
4347 const char *ret = lp__printername(ctx, snum);
4348 if (ret == NULL || *ret == '\0') {
4349 ret = lp_const_servicename(snum);
4356 /***********************************************************
4357 Allow daemons such as winbindd to fix their logfile name.
4358 ************************************************************/
4360 void lp_set_logfile(const char *name)
4362 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4363 debug_set_logfile(name);
4366 /*******************************************************************
4367 Return the max print jobs per queue.
4368 ********************************************************************/
4370 int lp_maxprintjobs(int snum)
4372 int maxjobs = lp_max_print_jobs(snum);
4374 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4375 maxjobs = PRINT_MAX_JOBID - 1;
4380 const char *lp_printcapname(void)
4382 const char *printcap_name = lp_printcap_name();
4384 if ((printcap_name != NULL) &&
4385 (printcap_name[0] != '\0'))
4386 return printcap_name;
4388 if (sDefault.printing == PRINT_CUPS) {
4392 if (sDefault.printing == PRINT_BSD)
4393 return "/etc/printcap";
4395 return PRINTCAP_NAME;
4398 static uint32_t spoolss_state;
4400 bool lp_disable_spoolss( void )
4402 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4403 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4405 return spoolss_state == SVCCTL_STOPPED ? true : false;
4408 void lp_set_spoolss_state( uint32_t state )
4410 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4412 spoolss_state = state;
4415 uint32_t lp_get_spoolss_state( void )
4417 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4420 /*******************************************************************
4421 Ensure we don't use sendfile if server smb signing is active.
4422 ********************************************************************/
4424 bool lp_use_sendfile(int snum, struct smb_signing_state *signing_state)
4426 bool sign_active = false;
4428 /* Using sendfile blows the brains out of any DOS or Win9x TCP stack... JRA. */
4429 if (get_Protocol() < PROTOCOL_NT1) {
4432 if (signing_state) {
4433 sign_active = smb_signing_is_active(signing_state);
4435 return (lp__use_sendfile(snum) &&
4436 (get_remote_arch() != RA_WIN95) &&
4440 /*******************************************************************
4441 Turn off sendfile if we find the underlying OS doesn't support it.
4442 ********************************************************************/
4444 void set_use_sendfile(int snum, bool val)
4446 if (LP_SNUM_OK(snum))
4447 ServicePtrs[snum]->_use_sendfile = val;
4449 sDefault._use_sendfile = val;
4452 void lp_set_mangling_method(const char *new_method)
4454 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4457 /*******************************************************************
4458 Global state for POSIX pathname processing.
4459 ********************************************************************/
4461 static bool posix_pathnames;
4463 bool lp_posix_pathnames(void)
4465 return posix_pathnames;
4468 /*******************************************************************
4469 Change everything needed to ensure POSIX pathname processing (currently
4471 ********************************************************************/
4473 void lp_set_posix_pathnames(void)
4475 posix_pathnames = true;
4478 /*******************************************************************
4479 Global state for POSIX lock processing - CIFS unix extensions.
4480 ********************************************************************/
4482 bool posix_default_lock_was_set;
4483 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4485 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4487 if (posix_default_lock_was_set) {
4488 return posix_cifsx_locktype;
4490 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4491 POSIX_LOCK : WINDOWS_LOCK;
4495 /*******************************************************************
4496 ********************************************************************/
4498 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4500 posix_default_lock_was_set = true;
4501 posix_cifsx_locktype = val;
4504 int lp_min_receive_file_size(void)
4506 int min_receivefile_size = lp_min_receivefile_size();
4508 if (min_receivefile_size < 0) {
4511 return min_receivefile_size;
4514 /*******************************************************************
4515 Safe wide links checks.
4516 This helper function always verify the validity of wide links,
4517 even after a configuration file reload.
4518 ********************************************************************/
4520 void widelinks_warning(int snum)
4522 if (lp_allow_insecure_wide_links()) {
4526 if (lp_unix_extensions() && lp_wide_links(snum)) {
4527 DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
4528 "These parameters are incompatible. "
4529 "Wide links will be disabled for this share.\n",
4530 lp_servicename(talloc_tos(), snum) ));
4534 bool lp_widelinks(int snum)
4536 /* wide links is always incompatible with unix extensions */
4537 if (lp_unix_extensions()) {
4539 * Unless we have "allow insecure widelinks"
4542 if (!lp_allow_insecure_wide_links()) {
4547 return lp_wide_links(snum);
4550 int lp_server_role(void)
4552 return lp_find_server_role(lp__server_role(),
4554 lp__domain_logons(),
4555 lp_domain_master_true_or_auto());
4558 int lp_security(void)
4560 return lp_find_security(lp__server_role(),
4564 int lp_client_max_protocol(void)
4566 int client_max_protocol = lp__client_max_protocol();
4567 if (client_max_protocol == PROTOCOL_DEFAULT) {
4568 return PROTOCOL_LATEST;
4570 return client_max_protocol;
4573 int lp_client_ipc_min_protocol(void)
4575 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4576 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4577 client_ipc_min_protocol = lp_client_min_protocol();
4579 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4580 return PROTOCOL_NT1;
4582 return client_ipc_min_protocol;
4585 int lp_client_ipc_max_protocol(void)
4587 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4588 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4589 return PROTOCOL_LATEST;
4591 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4592 return PROTOCOL_NT1;
4594 return client_ipc_max_protocol;
4597 int lp_client_ipc_signing(void)
4599 int client_ipc_signing = lp__client_ipc_signing();
4600 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4601 return SMB_SIGNING_REQUIRED;
4603 return client_ipc_signing;
4606 int lp_rpc_low_port(void)
4608 return Globals.rpc_low_port;
4611 int lp_rpc_high_port(void)
4613 return Globals.rpc_high_port;
4617 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4619 * This also ensures it is disabled if NTLM is totally disabled
4621 bool lp_lanman_auth(void)
4623 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4625 if (ntlm_auth_level == NTLM_AUTH_ON) {
4626 return lp__lanman_auth();
4632 struct loadparm_global * get_globals(void)
4637 unsigned int * get_flags(void)
4639 if (flags_list == NULL) {
4640 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());