git.samba.org / sfrench / samba-autobuild / .git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
pyldb: avoid segfault when adding an element with no name
[sfrench/samba-autobuild/.git] / lib / param / loadparm.c
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 4d21d88cc6c7ed5283a220b042484f3341eb3b2d..ebbccc22b71b5e863f9dee02e4c9d8eea862212f 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -70,6 +70,7 @@
 #include "librpc/gen_ndr/nbt.h"
 #include "libds/common/roles.h"
 #include "lib/util/samba_util.h"
+#include "libcli/auth/ntlm_check.h"
 
 #ifdef HAVE_HTTPCONNECTENCRYPT
 #include <cups/http.h>
@@ -330,13 +331,21 @@ int lp_int(const char *s)
  */
 unsigned long lp_ulong(const char *s)
 {
+       int error = 0;
+       unsigned long int ret;
 
        if (!s || !*s) {
-               DEBUG(0,("lp_ulong(%s): is called with NULL!\n",s));
+               DBG_DEBUG("lp_ulong(%s): is called with NULL!\n",s);
                return -1;
        }
 
-       return strtoul(s, NULL, 0);
+       ret = strtoul_err(s, NULL, 0, &error);
+       if (error != 0) {
+               DBG_DEBUG("lp_ulong(%s): conversion failed\n",s);
+               return -1;
+       }
+
+       return ret;
 }
 
 /**
@@ -344,13 +353,21 @@ unsigned long lp_ulong(const char *s)
  */
 unsigned long long lp_ulonglong(const char *s)
 {
+       int error = 0;
+       unsigned long long int ret;
 
        if (!s || !*s) {
-               DEBUG(0, ("lp_ulonglong(%s): is called with NULL!\n", s));
+               DBG_DEBUG("lp_ulonglong(%s): is called with NULL!\n", s);
+               return -1;
+       }
+
+       ret = strtoull_err(s, NULL, 0, &error);
+       if (error != 0) {
+               DBG_DEBUG("lp_ulonglong(%s): conversion failed\n",s);
                return -1;
        }
 
-       return strtoull(s, NULL, 0);
+       return ret;
 }
 
 /**
@@ -1143,7 +1160,6 @@ bool handle_realm(struct loadparm_context *lp_ctx, struct loadparm_service *serv
                return false;
        }
 
-       lpcfg_string_set(lp_ctx->globals->ctx, &lp_ctx->globals->realm_original, pszParmValue);
        lpcfg_string_set(lp_ctx->globals->ctx, &lp_ctx->globals->realm, upper);
        lpcfg_string_set(lp_ctx->globals->ctx, &lp_ctx->globals->dnsdomain, lower);
 
@@ -1265,10 +1281,14 @@ bool handle_charset(struct loadparm_context *lp_ctx, struct loadparm_service *se
 {
        if (lp_ctx->s3_fns) {
                if (*ptr == NULL || strcmp(*ptr, pszParmValue) != 0) {
-                       global_iconv_handle = smb_iconv_handle_reinit(NULL,
-                                                       lpcfg_dos_charset(lp_ctx),
-                                                       lpcfg_unix_charset(lp_ctx),
-                                                       true, global_iconv_handle);
+                       struct smb_iconv_handle *ret = NULL;
+
+                       ret = reinit_iconv_handle(NULL,
+                                                 lpcfg_dos_charset(lp_ctx),
+                                                 lpcfg_unix_charset(lp_ctx));
+                       if (ret == NULL) {
+                               smb_panic("reinit_iconv_handle failed");
+                       }
                }
 
        }
@@ -1303,16 +1323,19 @@ bool handle_dos_charset(struct loadparm_context *lp_ctx, struct loadparm_service
                }
 
                if (*ptr == NULL || strcmp(*ptr, pszParmValue) != 0) {
+                       struct smb_iconv_handle *ret = NULL;
                        if (is_utf8) {
                                DEBUG(0,("ERROR: invalid DOS charset: 'dos charset' must not "
                                        "be UTF8, using (default value) %s instead.\n",
                                        DEFAULT_DOS_CHARSET));
                                pszParmValue = DEFAULT_DOS_CHARSET;
                        }
-                       global_iconv_handle = smb_iconv_handle_reinit(NULL,
-                                                       lpcfg_dos_charset(lp_ctx),
-                                                       lpcfg_unix_charset(lp_ctx),
-                                                       true, global_iconv_handle);
+                       ret = reinit_iconv_handle(NULL,
+                                               lpcfg_dos_charset(lp_ctx),
+                                               lpcfg_unix_charset(lp_ctx));
+                       if (ret == NULL) {
+                               smb_panic("reinit_iconv_handle failed");
+                       }
                }
        }
 
@@ -1590,7 +1613,7 @@ static bool lp_do_parameter_parametric(struct loadparm_context *lp_ctx,
 static bool set_variable_helper(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr,
                         const char *pszParmName, const char *pszParmValue)
 {
-       int i;
+       size_t i;
 
        /* switch on the type of variable it is */
        switch (parm_table[parmnum].type)
@@ -2050,7 +2073,8 @@ void lpcfg_print_parameter(struct parm_struct *p, void *ptr, FILE * f)
 
                case P_CMDLIST:
                        list_sep = " ";
-                       /* fall through */
+
+                       FALL_THROUGH;
                case P_LIST:
                        if ((char ***)ptr && *(char ***)ptr) {
                                char **list = *(char ***)ptr;
@@ -2544,23 +2568,6 @@ static int lpcfg_destructor(struct loadparm_context *lp_ctx)
        return 0;
 }
 
-struct defaults_hook_data {
-       const char *name;
-       lpcfg_defaults_hook hook;
-       struct defaults_hook_data *prev, *next;
-} *defaults_hooks = NULL;
-
-
-bool lpcfg_register_defaults_hook(const char *name, lpcfg_defaults_hook hook)
-{
-       struct defaults_hook_data *hook_data = talloc(talloc_autofree_context(),
-                                                                                                 struct defaults_hook_data);
-       hook_data->name = talloc_strdup(hook_data, name);
-       hook_data->hook = hook;
-       DLIST_ADD(defaults_hooks, hook_data);
-       return false;
-}
-
 /**
  * Initialise the global parameter structure.
  *
@@ -2573,7 +2580,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        struct loadparm_context *lp_ctx;
        struct parmlist_entry *parm;
        char *logfile;
-       struct defaults_hook_data *defaults_hook;
 
        lp_ctx = talloc_zero(mem_ctx, struct loadparm_context);
        if (lp_ctx == NULL)
@@ -2600,6 +2606,10 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lp_ctx->sDefault->force_create_mode = 0000;
        lp_ctx->sDefault->directory_mask = 0755;
        lp_ctx->sDefault->force_directory_mode = 0000;
+       lp_ctx->sDefault->aio_read_size = 1;
+       lp_ctx->sDefault->aio_write_size = 1;
+       lp_ctx->sDefault->smbd_search_ask_sharemode = true;
+       lp_ctx->sDefault->smbd_getinfo_ask_sharemode = true;
 
        DEBUG(3, ("Initialising global parameters\n"));
 
@@ -2665,6 +2675,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        /* the winbind method for domain controllers is for both RODC
           auth forwarding and for trusted domains */
        lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
+       lpcfg_do_global_parameter(lp_ctx, "binddns dir", dyn_BINDDNS_DIR);
        lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
 
        /* This hive should be dynamically generated by Samba using
@@ -2720,7 +2731,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "ClientLanManAuth", "False");
        lpcfg_do_global_parameter(lp_ctx, "ClientNTLMv2Auth", "True");
        lpcfg_do_global_parameter(lp_ctx, "LanmanAuth", "False");
-       lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "False");
+       lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "ntlmv2-only");
        lpcfg_do_global_parameter(lp_ctx, "RawNTLMv2Auth", "False");
        lpcfg_do_global_parameter(lp_ctx, "client use spnego principal", "False");
 
@@ -2736,13 +2747,21 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "winbind separator", "\\");
        lpcfg_do_global_parameter(lp_ctx, "winbind sealed pipes", "True");
+       lpcfg_do_global_parameter(lp_ctx, "winbind scan trusted domains", "True");
        lpcfg_do_global_parameter(lp_ctx, "require strong key", "True");
        lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR);
        lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR);
+       lpcfg_do_global_parameter_var(lp_ctx, "gpo update command", "%s/samba-gpupdate", dyn_SCRIPTSBINDIR);
+       lpcfg_do_global_parameter_var(lp_ctx, "apply group policies", "False");
        lpcfg_do_global_parameter_var(lp_ctx, "dns update command", "%s/samba_dnsupdate", dyn_SCRIPTSBINDIR);
        lpcfg_do_global_parameter_var(lp_ctx, "spn update command", "%s/samba_spnupdate", dyn_SCRIPTSBINDIR);
        lpcfg_do_global_parameter_var(lp_ctx, "samba kcc command",
                                        "%s/samba_kcc", dyn_SCRIPTSBINDIR);
+#ifdef MIT_KDC_PATH
+       lpcfg_do_global_parameter_var(lp_ctx,
+                                     "mit kdc command",
+                                     MIT_KDC_PATH);
+#endif
        lpcfg_do_global_parameter(lp_ctx, "template shell", "/bin/false");
        lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%D/%U");
 
@@ -2750,8 +2769,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "client ipc signing", "default");
        lpcfg_do_global_parameter(lp_ctx, "server signing", "default");
 
-       lpcfg_do_global_parameter(lp_ctx, "use spnego", "True");
-
        lpcfg_do_global_parameter(lp_ctx, "use mmap", "True");
 
        lpcfg_do_global_parameter(lp_ctx, "smb ports", "445 139");
@@ -2760,7 +2777,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "cldap port", "389");
        lpcfg_do_global_parameter(lp_ctx, "krb5 port", "88");
        lpcfg_do_global_parameter(lp_ctx, "kpasswd port", "464");
-       lpcfg_do_global_parameter(lp_ctx, "web port", "901");
 
        lpcfg_do_global_parameter(lp_ctx, "nt status support", "True");
 
@@ -2773,12 +2789,12 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
        lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
        lpcfg_do_global_parameter(lp_ctx, "tls priority", "NORMAL:-VERS-SSL3.0");
-       lpcfg_do_global_parameter(lp_ctx, "prefork children:smb", "4");
 
        lpcfg_do_global_parameter(lp_ctx, "rndc command", "/usr/sbin/rndc");
        lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g");
 
         lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "secure only");
+       lpcfg_do_global_parameter(lp_ctx, "dns zone scavenging", "False");
         lpcfg_do_global_parameter(lp_ctx, "dns forwarder", "");
 
        lpcfg_do_global_parameter(lp_ctx, "algorithmic rid base", "1000");
@@ -2787,7 +2803,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "winbind nss info", "template");
 
-       lpcfg_do_global_parameter(lp_ctx, "server schannel", "Auto");
+       lpcfg_do_global_parameter(lp_ctx, "server schannel", "True");
 
        lpcfg_do_global_parameter(lp_ctx, "short preserve case", "True");
 
@@ -2841,7 +2857,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "guest account", GUEST_ACCOUNT);
 
-       lpcfg_do_global_parameter(lp_ctx, "client schannel", "auto");
+       lpcfg_do_global_parameter(lp_ctx, "client schannel", "True");
 
        lpcfg_do_global_parameter(lp_ctx, "smb encrypt", "default");
 
@@ -2881,7 +2897,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "strict sync", "yes");
 
-       lpcfg_do_global_parameter(lp_ctx, "map readonly", "yes");
+       lpcfg_do_global_parameter(lp_ctx, "map readonly", "no");
 
        lpcfg_do_global_parameter(lp_ctx, "allow trusted domains", "yes");
 
@@ -2907,6 +2923,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "sign");
 
+       lpcfg_do_global_parameter(lp_ctx, "mdns name", "netbios");
+
        lpcfg_do_global_parameter(lp_ctx, "ldap server require strong auth", "yes");
 
        lpcfg_do_global_parameter(lp_ctx, "follow symlinks", "yes");
@@ -2927,7 +2945,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "durable handles", "yes");
 
-       lpcfg_do_global_parameter(lp_ctx, "max stat cache size", "256");
+       lpcfg_do_global_parameter(lp_ctx, "max stat cache size", "512");
 
        lpcfg_do_global_parameter(lp_ctx, "ldap passwd sync", "no");
 
@@ -2937,8 +2955,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "blocking locks", "yes");
 
-       lpcfg_do_global_parameter(lp_ctx, "oplock contention limit", "2");
-
        lpcfg_do_global_parameter(lp_ctx, "load printers", "yes");
 
        lpcfg_do_global_parameter(lp_ctx, "idmap cache time", "604800");
@@ -2997,19 +3013,17 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
                                  "rpc server dynamic port range",
                                  "49152-65535");
 
-       /* Allow modules to adjust defaults */
-       for (defaults_hook = defaults_hooks; defaults_hook;
-                defaults_hook = defaults_hook->next) {
-               bool ret;
+       lpcfg_do_global_parameter(lp_ctx, "prefork children", "4");
+       lpcfg_do_global_parameter(lp_ctx, "prefork backoff increment", "10");
+       lpcfg_do_global_parameter(lp_ctx, "prefork maximum backoff", "120");
 
-               ret = defaults_hook->hook(lp_ctx);
-               if (!ret) {
-                       DEBUG(1, ("Defaults hook %s failed to run.",
-                                         defaults_hook->name));
-                       talloc_free(lp_ctx);
-                       return NULL;
-               }
-       }
+       lpcfg_do_global_parameter(lp_ctx, "check parent directory delete on close", "no");
+
+       lpcfg_do_global_parameter(lp_ctx, "ea support", "yes");
+
+       lpcfg_do_global_parameter(lp_ctx, "store dos attributes", "yes");
+
+       lpcfg_do_global_parameter(lp_ctx, "debug encryption", "no");
 
        for (i = 0; parm_table[i].label; i++) {
                if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
@@ -3155,7 +3169,8 @@ bool lpcfg_load_default(struct loadparm_context *lp_ctx)
  *
  * Return True on success, False on failure.
  */
-bool lpcfg_load(struct loadparm_context *lp_ctx, const char *filename)
+static bool lpcfg_load_internal(struct loadparm_context *lp_ctx,
+                               const char *filename, bool set_global)
 {
        char *n2;
        bool bRetval;
@@ -3190,7 +3205,7 @@ bool lpcfg_load(struct loadparm_context *lp_ctx, const char *filename)
           for a missing smb.conf */
        reload_charcnv(lp_ctx);
 
-       if (bRetval == true) {
+       if (bRetval == true && set_global) {
                /* set this up so that any child python tasks will
                   find the right smb.conf */
                setenv("SMB_CONF_PATH", filename, 1);
@@ -3204,6 +3219,16 @@ bool lpcfg_load(struct loadparm_context *lp_ctx, const char *filename)
        return bRetval;
 }
 
+bool lpcfg_load_no_global(struct loadparm_context *lp_ctx, const char *filename)
+{
+    return lpcfg_load_internal(lp_ctx, filename, false);
+}
+
+bool lpcfg_load(struct loadparm_context *lp_ctx, const char *filename)
+{
+    return lpcfg_load_internal(lp_ctx, filename, true);
+}
+
 /**
  * Return the max number of services.
  */
@@ -3349,16 +3374,17 @@ struct smb_iconv_handle *lpcfg_iconv_handle(struct loadparm_context *lp_ctx)
 
 _PUBLIC_ void reload_charcnv(struct loadparm_context *lp_ctx)
 {
-       struct smb_iconv_handle *old_ic = lp_ctx->iconv_handle;
        if (!lp_ctx->global) {
                return;
        }
 
-       if (old_ic == NULL) {
-               old_ic = global_iconv_handle;
+       lp_ctx->iconv_handle =
+               reinit_iconv_handle(lp_ctx,
+                                   lpcfg_dos_charset(lp_ctx),
+                                   lpcfg_unix_charset(lp_ctx));
+       if (lp_ctx->iconv_handle == NULL) {
+               smb_panic("reinit_iconv_handle failed");
        }
-       lp_ctx->iconv_handle = smb_iconv_handle_reinit_lp(lp_ctx, lp_ctx, old_ic);
-       global_iconv_handle = lp_ctx->iconv_handle;
 }
 
 _PUBLIC_ char *lpcfg_tls_keyfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
@@ -3418,7 +3444,7 @@ int lpcfg_client_max_protocol(struct loadparm_context *lp_ctx)
 {
        int client_max_protocol = lpcfg__client_max_protocol(lp_ctx);
        if (client_max_protocol == PROTOCOL_DEFAULT) {
-               return PROTOCOL_NT1;
+               return PROTOCOL_LATEST;
        }
        return client_max_protocol;
 }
@@ -3527,3 +3553,19 @@ int lpcfg_tdb_flags(struct loadparm_context *lp_ctx, int tdb_flags)
        }
        return tdb_flags;
 }
+
+/*
+ * Do not allow LanMan auth if unless NTLMv1 is also allowed
+ *
+ * This also ensures it is disabled if NTLM is totally disabled
+ */
+bool lpcfg_lanman_auth(struct loadparm_context *lp_ctx)
+{
+       enum ntlm_auth_level ntlm_auth_level = lpcfg_ntlm_auth(lp_ctx);
+
+       if (ntlm_auth_level == NTLM_AUTH_ON) {
+               return lpcfg__lanman_auth(lp_ctx);
+       } else {
+               return false;
+       }
+}
Unnamed repository; edit this file 'description' to name the repository.