#include "librpc/gen_ndr/nbt.h"
#include "libds/common/roles.h"
#include "lib/util/samba_util.h"
+#include "libcli/auth/ntlm_check.h"
#ifdef HAVE_HTTPCONNECTENCRYPT
#include <cups/http.h>
*/
unsigned long lp_ulong(const char *s)
{
+ int error = 0;
+ unsigned long int ret;
if (!s || !*s) {
- DEBUG(0,("lp_ulong(%s): is called with NULL!\n",s));
+ DBG_DEBUG("lp_ulong(%s): is called with NULL!\n",s);
return -1;
}
- return strtoul(s, NULL, 0);
+ ret = strtoul_err(s, NULL, 0, &error);
+ if (error != 0) {
+ DBG_DEBUG("lp_ulong(%s): conversion failed\n",s);
+ return -1;
+ }
+
+ return ret;
}
/**
*/
unsigned long long lp_ulonglong(const char *s)
{
+ int error = 0;
+ unsigned long long int ret;
if (!s || !*s) {
- DEBUG(0, ("lp_ulonglong(%s): is called with NULL!\n", s));
+ DBG_DEBUG("lp_ulonglong(%s): is called with NULL!\n", s);
+ return -1;
+ }
+
+ ret = strtoull_err(s, NULL, 0, &error);
+ if (error != 0) {
+ DBG_DEBUG("lp_ulonglong(%s): conversion failed\n",s);
return -1;
}
- return strtoull(s, NULL, 0);
+ return ret;
}
/**
return false;
}
- lpcfg_string_set(lp_ctx->globals->ctx, &lp_ctx->globals->realm_original, pszParmValue);
lpcfg_string_set(lp_ctx->globals->ctx, &lp_ctx->globals->realm, upper);
lpcfg_string_set(lp_ctx->globals->ctx, &lp_ctx->globals->dnsdomain, lower);
{
if (lp_ctx->s3_fns) {
if (*ptr == NULL || strcmp(*ptr, pszParmValue) != 0) {
- global_iconv_handle = smb_iconv_handle_reinit(NULL,
- lpcfg_dos_charset(lp_ctx),
- lpcfg_unix_charset(lp_ctx),
- true, global_iconv_handle);
+ struct smb_iconv_handle *ret = NULL;
+
+ ret = reinit_iconv_handle(NULL,
+ lpcfg_dos_charset(lp_ctx),
+ lpcfg_unix_charset(lp_ctx));
+ if (ret == NULL) {
+ smb_panic("reinit_iconv_handle failed");
+ }
}
}
}
if (*ptr == NULL || strcmp(*ptr, pszParmValue) != 0) {
+ struct smb_iconv_handle *ret = NULL;
if (is_utf8) {
DEBUG(0,("ERROR: invalid DOS charset: 'dos charset' must not "
"be UTF8, using (default value) %s instead.\n",
DEFAULT_DOS_CHARSET));
pszParmValue = DEFAULT_DOS_CHARSET;
}
- global_iconv_handle = smb_iconv_handle_reinit(NULL,
- lpcfg_dos_charset(lp_ctx),
- lpcfg_unix_charset(lp_ctx),
- true, global_iconv_handle);
+ ret = reinit_iconv_handle(NULL,
+ lpcfg_dos_charset(lp_ctx),
+ lpcfg_unix_charset(lp_ctx));
+ if (ret == NULL) {
+ smb_panic("reinit_iconv_handle failed");
+ }
}
}
static bool set_variable_helper(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr,
const char *pszParmName, const char *pszParmValue)
{
- int i;
+ size_t i;
/* switch on the type of variable it is */
switch (parm_table[parmnum].type)
case P_CMDLIST:
list_sep = " ";
- /* fall through */
+
+ FALL_THROUGH;
case P_LIST:
if ((char ***)ptr && *(char ***)ptr) {
char **list = *(char ***)ptr;
return 0;
}
-struct defaults_hook_data {
- const char *name;
- lpcfg_defaults_hook hook;
- struct defaults_hook_data *prev, *next;
-} *defaults_hooks = NULL;
-
-
-bool lpcfg_register_defaults_hook(const char *name, lpcfg_defaults_hook hook)
-{
- struct defaults_hook_data *hook_data = talloc(talloc_autofree_context(),
- struct defaults_hook_data);
- hook_data->name = talloc_strdup(hook_data, name);
- hook_data->hook = hook;
- DLIST_ADD(defaults_hooks, hook_data);
- return false;
-}
-
/**
* Initialise the global parameter structure.
*
struct loadparm_context *lp_ctx;
struct parmlist_entry *parm;
char *logfile;
- struct defaults_hook_data *defaults_hook;
lp_ctx = talloc_zero(mem_ctx, struct loadparm_context);
if (lp_ctx == NULL)
lp_ctx->sDefault->force_create_mode = 0000;
lp_ctx->sDefault->directory_mask = 0755;
lp_ctx->sDefault->force_directory_mode = 0000;
+ lp_ctx->sDefault->aio_read_size = 1;
+ lp_ctx->sDefault->aio_write_size = 1;
+ lp_ctx->sDefault->smbd_search_ask_sharemode = true;
+ lp_ctx->sDefault->smbd_getinfo_ask_sharemode = true;
DEBUG(3, ("Initialising global parameters\n"));
/* the winbind method for domain controllers is for both RODC
auth forwarding and for trusted domains */
lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
+ lpcfg_do_global_parameter(lp_ctx, "binddns dir", dyn_BINDDNS_DIR);
lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
/* This hive should be dynamically generated by Samba using
lpcfg_do_global_parameter(lp_ctx, "ClientLanManAuth", "False");
lpcfg_do_global_parameter(lp_ctx, "ClientNTLMv2Auth", "True");
lpcfg_do_global_parameter(lp_ctx, "LanmanAuth", "False");
- lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "False");
+ lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "ntlmv2-only");
lpcfg_do_global_parameter(lp_ctx, "RawNTLMv2Auth", "False");
lpcfg_do_global_parameter(lp_ctx, "client use spnego principal", "False");
lpcfg_do_global_parameter(lp_ctx, "winbind separator", "\\");
lpcfg_do_global_parameter(lp_ctx, "winbind sealed pipes", "True");
+ lpcfg_do_global_parameter(lp_ctx, "winbind scan trusted domains", "True");
lpcfg_do_global_parameter(lp_ctx, "require strong key", "True");
lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR);
lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR);
+ lpcfg_do_global_parameter_var(lp_ctx, "gpo update command", "%s/samba-gpupdate", dyn_SCRIPTSBINDIR);
+ lpcfg_do_global_parameter_var(lp_ctx, "apply group policies", "False");
lpcfg_do_global_parameter_var(lp_ctx, "dns update command", "%s/samba_dnsupdate", dyn_SCRIPTSBINDIR);
lpcfg_do_global_parameter_var(lp_ctx, "spn update command", "%s/samba_spnupdate", dyn_SCRIPTSBINDIR);
lpcfg_do_global_parameter_var(lp_ctx, "samba kcc command",
"%s/samba_kcc", dyn_SCRIPTSBINDIR);
+#ifdef MIT_KDC_PATH
+ lpcfg_do_global_parameter_var(lp_ctx,
+ "mit kdc command",
+ MIT_KDC_PATH);
+#endif
lpcfg_do_global_parameter(lp_ctx, "template shell", "/bin/false");
lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%D/%U");
lpcfg_do_global_parameter(lp_ctx, "client ipc signing", "default");
lpcfg_do_global_parameter(lp_ctx, "server signing", "default");
- lpcfg_do_global_parameter(lp_ctx, "use spnego", "True");
-
lpcfg_do_global_parameter(lp_ctx, "use mmap", "True");
lpcfg_do_global_parameter(lp_ctx, "smb ports", "445 139");
lpcfg_do_global_parameter(lp_ctx, "cldap port", "389");
lpcfg_do_global_parameter(lp_ctx, "krb5 port", "88");
lpcfg_do_global_parameter(lp_ctx, "kpasswd port", "464");
- lpcfg_do_global_parameter(lp_ctx, "web port", "901");
lpcfg_do_global_parameter(lp_ctx, "nt status support", "True");
lpcfg_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
lpcfg_do_global_parameter(lp_ctx, "tls priority", "NORMAL:-VERS-SSL3.0");
- lpcfg_do_global_parameter(lp_ctx, "prefork children:smb", "4");
lpcfg_do_global_parameter(lp_ctx, "rndc command", "/usr/sbin/rndc");
lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g");
lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "secure only");
+ lpcfg_do_global_parameter(lp_ctx, "dns zone scavenging", "False");
lpcfg_do_global_parameter(lp_ctx, "dns forwarder", "");
lpcfg_do_global_parameter(lp_ctx, "algorithmic rid base", "1000");
lpcfg_do_global_parameter(lp_ctx, "winbind nss info", "template");
- lpcfg_do_global_parameter(lp_ctx, "server schannel", "Auto");
+ lpcfg_do_global_parameter(lp_ctx, "server schannel", "True");
lpcfg_do_global_parameter(lp_ctx, "short preserve case", "True");
lpcfg_do_global_parameter(lp_ctx, "guest account", GUEST_ACCOUNT);
- lpcfg_do_global_parameter(lp_ctx, "client schannel", "auto");
+ lpcfg_do_global_parameter(lp_ctx, "client schannel", "True");
lpcfg_do_global_parameter(lp_ctx, "smb encrypt", "default");
lpcfg_do_global_parameter(lp_ctx, "strict sync", "yes");
- lpcfg_do_global_parameter(lp_ctx, "map readonly", "yes");
+ lpcfg_do_global_parameter(lp_ctx, "map readonly", "no");
lpcfg_do_global_parameter(lp_ctx, "allow trusted domains", "yes");
lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "sign");
+ lpcfg_do_global_parameter(lp_ctx, "mdns name", "netbios");
+
lpcfg_do_global_parameter(lp_ctx, "ldap server require strong auth", "yes");
lpcfg_do_global_parameter(lp_ctx, "follow symlinks", "yes");
lpcfg_do_global_parameter(lp_ctx, "durable handles", "yes");
- lpcfg_do_global_parameter(lp_ctx, "max stat cache size", "256");
+ lpcfg_do_global_parameter(lp_ctx, "max stat cache size", "512");
lpcfg_do_global_parameter(lp_ctx, "ldap passwd sync", "no");
lpcfg_do_global_parameter(lp_ctx, "blocking locks", "yes");
- lpcfg_do_global_parameter(lp_ctx, "oplock contention limit", "2");
-
lpcfg_do_global_parameter(lp_ctx, "load printers", "yes");
lpcfg_do_global_parameter(lp_ctx, "idmap cache time", "604800");
"rpc server dynamic port range",
"49152-65535");
- /* Allow modules to adjust defaults */
- for (defaults_hook = defaults_hooks; defaults_hook;
- defaults_hook = defaults_hook->next) {
- bool ret;
+ lpcfg_do_global_parameter(lp_ctx, "prefork children", "4");
+ lpcfg_do_global_parameter(lp_ctx, "prefork backoff increment", "10");
+ lpcfg_do_global_parameter(lp_ctx, "prefork maximum backoff", "120");
- ret = defaults_hook->hook(lp_ctx);
- if (!ret) {
- DEBUG(1, ("Defaults hook %s failed to run.",
- defaults_hook->name));
- talloc_free(lp_ctx);
- return NULL;
- }
- }
+ lpcfg_do_global_parameter(lp_ctx, "check parent directory delete on close", "no");
+
+ lpcfg_do_global_parameter(lp_ctx, "ea support", "yes");
+
+ lpcfg_do_global_parameter(lp_ctx, "store dos attributes", "yes");
+
+ lpcfg_do_global_parameter(lp_ctx, "debug encryption", "no");
for (i = 0; parm_table[i].label; i++) {
if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
*
* Return True on success, False on failure.
*/
-bool lpcfg_load(struct loadparm_context *lp_ctx, const char *filename)
+static bool lpcfg_load_internal(struct loadparm_context *lp_ctx,
+ const char *filename, bool set_global)
{
char *n2;
bool bRetval;
for a missing smb.conf */
reload_charcnv(lp_ctx);
- if (bRetval == true) {
+ if (bRetval == true && set_global) {
/* set this up so that any child python tasks will
find the right smb.conf */
setenv("SMB_CONF_PATH", filename, 1);
return bRetval;
}
+bool lpcfg_load_no_global(struct loadparm_context *lp_ctx, const char *filename)
+{
+ return lpcfg_load_internal(lp_ctx, filename, false);
+}
+
+bool lpcfg_load(struct loadparm_context *lp_ctx, const char *filename)
+{
+ return lpcfg_load_internal(lp_ctx, filename, true);
+}
+
/**
* Return the max number of services.
*/
_PUBLIC_ void reload_charcnv(struct loadparm_context *lp_ctx)
{
- struct smb_iconv_handle *old_ic = lp_ctx->iconv_handle;
if (!lp_ctx->global) {
return;
}
- if (old_ic == NULL) {
- old_ic = global_iconv_handle;
+ lp_ctx->iconv_handle =
+ reinit_iconv_handle(lp_ctx,
+ lpcfg_dos_charset(lp_ctx),
+ lpcfg_unix_charset(lp_ctx));
+ if (lp_ctx->iconv_handle == NULL) {
+ smb_panic("reinit_iconv_handle failed");
}
- lp_ctx->iconv_handle = smb_iconv_handle_reinit_lp(lp_ctx, lp_ctx, old_ic);
- global_iconv_handle = lp_ctx->iconv_handle;
}
_PUBLIC_ char *lpcfg_tls_keyfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
{
int client_max_protocol = lpcfg__client_max_protocol(lp_ctx);
if (client_max_protocol == PROTOCOL_DEFAULT) {
- return PROTOCOL_NT1;
+ return PROTOCOL_LATEST;
}
return client_max_protocol;
}
}
return tdb_flags;
}
+
+/*
+ * Do not allow LanMan auth if unless NTLMv1 is also allowed
+ *
+ * This also ensures it is disabled if NTLM is totally disabled
+ */
+bool lpcfg_lanman_auth(struct loadparm_context *lp_ctx)
+{
+ enum ntlm_auth_level ntlm_auth_level = lpcfg_ntlm_auth(lp_ctx);
+
+ if (ntlm_auth_level == NTLM_AUTH_ON) {
+ return lpcfg__lanman_auth(lp_ctx);
+ } else {
+ return false;
+ }
+}