param: Remove winbindd privileged socket directory option

[sfrench/samba-autobuild/.git] / lib / param / loadparm.c

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 6247f88c19df5135cdc72814f546635e4f6ed51b..a05610130e8d2c81803ef4eb8c9cce2825d6a6b4 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -549,7 +549,7 @@ bool lpcfg_parm_bool(struct loadparm_context *lp_ctx,
 
 
 /* this is used to prevent lots of mallocs of size 1 */
-static const char lpcfg_string_emtpy[] = "";
+static const char lpcfg_string_empty[] = "";
 
 /**
  Free a string value.
@@ -559,7 +559,7 @@ void lpcfg_string_free(char **s)
        if (s == NULL) {
                return;
        }
-       if (*s == lpcfg_string_emtpy) {
+       if (*s == lpcfg_string_empty) {
                *s = NULL;
                return;
        }
@@ -575,7 +575,7 @@ bool lpcfg_string_set(TALLOC_CTX *mem_ctx, char **dest, const char *src)
        lpcfg_string_free(dest);
 
        if ((src == NULL) || (*src == '\0')) {
-               *dest = discard_const_p(char, lpcfg_string_emtpy);
+               *dest = discard_const_p(char, lpcfg_string_empty);
                return true;
        }
 
@@ -597,7 +597,7 @@ bool lpcfg_string_set_upper(TALLOC_CTX *mem_ctx, char **dest, const char *src)
        lpcfg_string_free(dest);
 
        if ((src == NULL) || (*src == '\0')) {
-               *dest = discard_const_p(char, lpcfg_string_emtpy);
+               *dest = discard_const_p(char, lpcfg_string_empty);
                return true;
        }
 
@@ -2569,9 +2569,9 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
        lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
 
-       lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
+       lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
        lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
-       lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "false");
+       lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
        /* the winbind method for domain controllers is for both RODC
           auth forwarding and for trusted domains */
        lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
@@ -2630,10 +2630,12 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "ClientLanManAuth", "False");
        lpcfg_do_global_parameter(lp_ctx, "ClientNTLMv2Auth", "True");
        lpcfg_do_global_parameter(lp_ctx, "LanmanAuth", "False");
-       lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "True");
+       lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "False");
        lpcfg_do_global_parameter(lp_ctx, "RawNTLMv2Auth", "False");
        lpcfg_do_global_parameter(lp_ctx, "client use spnego principal", "False");
 
+       lpcfg_do_global_parameter(lp_ctx, "allow dcerpc auth level connect", "False");
+
        lpcfg_do_global_parameter(lp_ctx, "UnixExtensions", "True");
 
        lpcfg_do_global_parameter(lp_ctx, "PreferredMaster", "Auto");
@@ -2646,7 +2648,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "winbind sealed pipes", "True");
        lpcfg_do_global_parameter(lp_ctx, "require strong key", "True");
        lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR);
-       lpcfg_do_global_parameter(lp_ctx, "winbindd privileged socket directory", dyn_WINBINDD_PRIVILEGED_SOCKET_DIR);
        lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR);
        lpcfg_do_global_parameter_var(lp_ctx, "dns update command", "%s/samba_dnsupdate", dyn_SCRIPTSBINDIR);
        lpcfg_do_global_parameter_var(lp_ctx, "spn update command", "%s/samba_spnupdate", dyn_SCRIPTSBINDIR);
@@ -2656,6 +2657,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%D/%U");
 
        lpcfg_do_global_parameter(lp_ctx, "client signing", "default");
+       lpcfg_do_global_parameter(lp_ctx, "client ipc signing", "default");
        lpcfg_do_global_parameter(lp_ctx, "server signing", "default");
 
        lpcfg_do_global_parameter(lp_ctx, "use spnego", "True");
@@ -2895,6 +2897,10 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "aio max threads", "100");
 
+       lpcfg_do_global_parameter(lp_ctx, "smb2 leases", "yes");
+
+       lpcfg_do_global_parameter(lp_ctx, "kerberos encryption types", "all");
+
        /* Allow modules to adjust defaults */
        for (defaults_hook = defaults_hooks; defaults_hook;
                 defaults_hook = defaults_hook->next) {
@@ -3345,6 +3351,15 @@ int lpcfg_client_ipc_max_protocol(struct loadparm_context *lp_ctx)
        return client_ipc_max_protocol;
 }
 
+int lpcfg_client_ipc_signing(struct loadparm_context *lp_ctx)
+{
+       int client_ipc_signing = lpcfg__client_ipc_signing(lp_ctx);
+       if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
+               return SMB_SIGNING_REQUIRED;
+       }
+       return client_ipc_signing;
+}
+
 bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory)
 {
        bool allowed = true;
@@ -3379,10 +3394,13 @@ bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandato
        case SMB_SIGNING_DESIRED:
        case SMB_SIGNING_IF_REQUIRED:
                break;
-       case SMB_SIGNING_DEFAULT:
        case SMB_SIGNING_OFF:
                allowed = false;
                break;
+       case SMB_SIGNING_DEFAULT:
+       case SMB_SIGNING_IPC_DEFAULT:
+               smb_panic(__location__);
+               break;
        }
 
        return allowed;