2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "system/filesys.h"
60 #include "lib/param/loadparm.h"
61 #include "lib/param/param.h"
63 #include "lib/smbconf/smbconf.h"
64 #include "lib/smbconf/smbconf_init.h"
66 #include "include/smb_ldap.h"
67 #include "../librpc/gen_ndr/svcctl.h"
69 #include "../libcli/smb/smb_signing.h"
70 #include "dbwrap/dbwrap.h"
71 #include "dbwrap/dbwrap_rbt.h"
72 #include "../lib/util/bitmap.h"
73 #include "librpc/gen_ndr/nbt.h"
74 #include "librpc/gen_ndr/dns.h"
75 #include "source4/lib/tls/tls.h"
76 #include "libcli/auth/ntlm_check.h"
77 #include "lib/crypto/gnutls_helpers.h"
78 #include "lib/util/string_wrappers.h"
79 #include "auth/credentials/credentials.h"
80 #include "source3/lib/substitute.h"
81 #include "source3/librpc/gen_ndr/ads.h"
82 #include "lib/util/time_basic.h"
84 #ifdef HAVE_SYS_SYSCTL_H
85 #include <sys/sysctl.h>
90 /* the special value for the include parameter
91 * to be interpreted not as a file name but to
92 * trigger loading of the global smb.conf options
94 #ifndef INCLUDE_REGISTRY_NAME
95 #define INCLUDE_REGISTRY_NAME "registry"
98 static bool in_client = false; /* Not in the client by default */
99 static struct smbconf_csn conf_last_csn;
101 static int config_backend = CONFIG_BACKEND_FILE;
103 /* some helpful bits */
104 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
105 (ServicePtrs != NULL) && \
106 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
107 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
108 ServicePtrs[i]->valid)
110 #define USERSHARE_VALID 1
111 #define USERSHARE_PENDING_DELETE 2
113 static bool defaults_saved = false;
115 #include "lib/param/param_global.h"
117 static struct loadparm_global Globals;
119 /* This is a default service used to prime a services structure */
120 static const struct loadparm_service _sDefault =
125 .usershare_last_mod = {0, 0},
128 .invalid_users = NULL,
135 .root_preexec = NULL,
136 .root_postexec = NULL,
137 .cups_options = NULL,
138 .print_command = NULL,
140 .lprm_command = NULL,
141 .lppause_command = NULL,
142 .lpresume_command = NULL,
143 .queuepause_command = NULL,
144 .queueresume_command = NULL,
145 ._printername = NULL,
146 .printjob_username = NULL,
147 .dont_descend = NULL,
150 .magic_script = NULL,
151 .magic_output = NULL,
154 .veto_oplock_files = NULL,
164 .aio_write_behind = NULL,
165 .dfree_command = NULL,
166 .min_print_space = 0,
167 .max_print_jobs = 1000,
168 .max_reported_print_jobs = 0,
170 .force_create_mode = 0,
171 .directory_mask = 0755,
172 .force_directory_mode = 0,
173 .max_connections = 0,
174 .default_case = CASE_LOWER,
175 .printing = DEFAULT_PRINTING,
178 .dfree_cache_time = 0,
179 .preexec_close = false,
180 .root_preexec_close = false,
181 .case_sensitive = Auto,
182 .preserve_case = true,
183 .short_preserve_case = true,
184 .hide_dot_files = true,
185 .hide_special_files = false,
186 .hide_unreadable = false,
187 .hide_unwriteable_files = false,
189 .access_based_share_enum = false,
194 .administrative_share = false,
197 .print_notify_backchannel = false,
201 .store_dos_attributes = true,
202 .smbd_max_xattr_size = 65536,
203 .dmapi_support = false,
205 .strict_locking = Auto,
206 .posix_locking = true,
208 .kernel_oplocks = false,
209 .level2_oplocks = true,
210 .mangled_names = MANGLED_NAMES_ILLEGAL,
212 .follow_symlinks = true,
213 .sync_always = false,
214 .strict_allocate = false,
215 .strict_rename = false,
217 .mangling_char = '~',
219 .delete_readonly = false,
220 .fake_oplocks = false,
221 .delete_veto_files = false,
222 .dos_filemode = false,
223 .dos_filetimes = true,
224 .dos_filetime_resolution = false,
225 .fake_directory_create_times = false,
226 .blocking_locks = true,
227 .inherit_permissions = false,
228 .inherit_acls = false,
229 .inherit_owner = false,
231 .msdfs_shuffle_referrals = false,
232 .use_client_driver = false,
233 .default_devmode = true,
234 .force_printername = false,
235 .nt_acl_support = true,
236 .force_unknown_acl_user = false,
237 ._use_sendfile = false,
238 .map_acl_inherit = false,
241 .acl_check_permissions = true,
242 .acl_map_full_control = true,
243 .acl_group_control = false,
244 .acl_allow_execute_always = false,
245 .acl_flag_inherited_canonicalization = true,
248 .map_readonly = MAP_READONLY_NO,
249 .directory_name_cache_size = 100,
250 .server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
251 .kernel_share_modes = false,
252 .durable_handles = true,
253 .check_parent_directory_delete_on_close = false,
255 .smbd_search_ask_sharemode = true,
256 .smbd_getinfo_ask_sharemode = true,
257 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
258 .honor_change_notify_privilege = false,
259 .volume_serial_number = -1,
264 * This is a copy of the default service structure. Service options in the
265 * global section would otherwise overwrite the initial default values.
267 static struct loadparm_service sDefault;
269 /* local variables */
270 static struct loadparm_service **ServicePtrs = NULL;
271 static int iNumServices = 0;
272 static int iServiceIndex = 0;
273 static struct db_context *ServiceHash;
274 static bool bInGlobalSection = true;
275 static bool bGlobalOnly = false;
276 static struct file_lists *file_lists = NULL;
277 static unsigned int *flags_list = NULL;
279 static void set_allowed_client_auth(void);
281 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
282 static void free_param_opts(struct parmlist_entry **popts);
285 * Function to return the default value for the maximum number of open
286 * file descriptors permitted. This function tries to consult the
287 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
288 * the smaller of those.
290 static int max_open_files(void)
292 int sysctl_max = MAX_OPEN_FILES;
293 int rlimit_max = MAX_OPEN_FILES;
295 #ifdef HAVE_SYSCTLBYNAME
297 size_t size = sizeof(sysctl_max);
298 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
303 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
309 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
310 rlimit_max = rl.rlim_cur;
312 #if defined(RLIM_INFINITY)
313 if(rl.rlim_cur == RLIM_INFINITY)
314 rlimit_max = MAX_OPEN_FILES;
319 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
320 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
321 "minimum Windows limit (%d)\n",
323 MIN_OPEN_FILES_WINDOWS));
324 sysctl_max = MIN_OPEN_FILES_WINDOWS;
327 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
328 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
329 "minimum Windows limit (%d)\n",
331 MIN_OPEN_FILES_WINDOWS));
332 rlimit_max = MIN_OPEN_FILES_WINDOWS;
335 return MIN(sysctl_max, rlimit_max);
339 * Common part of freeing allocated data for one parameter.
341 static void free_one_parameter_common(void *parm_ptr,
342 struct parm_struct parm)
344 if ((parm.type == P_STRING) ||
345 (parm.type == P_USTRING))
347 lpcfg_string_free((char**)parm_ptr);
348 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
349 TALLOC_FREE(*((char***)parm_ptr));
354 * Free the allocated data for one parameter for a share
355 * given as a service struct.
357 static void free_one_parameter(struct loadparm_service *service,
358 struct parm_struct parm)
362 if (parm.p_class != P_LOCAL) {
366 parm_ptr = lp_parm_ptr(service, &parm);
368 free_one_parameter_common(parm_ptr, parm);
372 * Free the allocated parameter data of a share given
373 * as a service struct.
375 static void free_parameters(struct loadparm_service *service)
379 for (i=0; parm_table[i].label; i++) {
380 free_one_parameter(service, parm_table[i]);
385 * Free the allocated data for one parameter for a given share
386 * specified by an snum.
388 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
393 parm_ptr = lp_parm_ptr(NULL, &parm);
394 } else if (parm.p_class != P_LOCAL) {
397 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
400 free_one_parameter_common(parm_ptr, parm);
404 * Free the allocated parameter data for a share specified
407 static void free_parameters_by_snum(int snum)
411 for (i=0; parm_table[i].label; i++) {
412 free_one_parameter_by_snum(snum, parm_table[i]);
417 * Free the allocated global parameters.
419 static void free_global_parameters(void)
422 struct parm_struct *parm;
424 free_param_opts(&Globals.param_opt);
425 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
427 /* Reset references in the defaults because the context is going to be freed */
428 for (i=0; parm_table[i].label; i++) {
429 parm = &parm_table[i];
430 if ((parm->type == P_STRING) ||
431 (parm->type == P_USTRING)) {
432 if ((parm->def.svalue != NULL) &&
433 (*(parm->def.svalue) != '\0')) {
434 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
435 parm->def.svalue = NULL;
440 TALLOC_FREE(Globals.ctx);
443 struct lp_stored_option {
444 struct lp_stored_option *prev, *next;
449 static struct lp_stored_option *stored_options;
452 save options set by lp_set_cmdline() into a list. This list is
453 re-applied when we do a globals reset, so that cmdline set options
454 are sticky across reloads of smb.conf
456 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
458 struct lp_stored_option *entry, *entry_next;
459 for (entry = stored_options; entry != NULL; entry = entry_next) {
460 entry_next = entry->next;
461 if (strcmp(pszParmName, entry->label) == 0) {
462 DLIST_REMOVE(stored_options, entry);
468 entry = talloc(NULL, struct lp_stored_option);
473 entry->label = talloc_strdup(entry, pszParmName);
479 entry->value = talloc_strdup(entry, pszParmValue);
485 DLIST_ADD_END(stored_options, entry);
490 static bool apply_lp_set_cmdline(void)
492 struct lp_stored_option *entry = NULL;
493 for (entry = stored_options; entry != NULL; entry = entry->next) {
494 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
495 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
496 entry->label, entry->value));
503 /***************************************************************************
504 Initialise the global parameter structure.
505 ***************************************************************************/
507 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
509 static bool done_init = false;
513 /* If requested to initialize only once and we've already done it... */
514 if (!reinit_globals && done_init) {
515 /* ... then we have nothing more to do */
520 /* The logfile can be set before this is invoked. Free it if so. */
521 lpcfg_string_free(&Globals.logfile);
524 free_global_parameters();
527 /* This memset and the free_global_parameters() above will
528 * wipe out smb.conf options set with lp_set_cmdline(). The
529 * apply_lp_set_cmdline() call puts these values back in the
530 * table once the defaults are set */
531 ZERO_STRUCT(Globals);
533 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
535 /* Initialize the flags list if necessary */
536 if (flags_list == NULL) {
540 for (i = 0; parm_table[i].label; i++) {
541 if ((parm_table[i].type == P_STRING ||
542 parm_table[i].type == P_USTRING))
546 (char **)lp_parm_ptr(NULL, &parm_table[i]),
552 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
553 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
555 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
557 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
559 DEBUG(3, ("Initialising global parameters\n"));
561 /* Must manually force to upper case here, as this does not go via the handler */
562 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
565 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
566 get_dyn_SMB_PASSWD_FILE());
567 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
568 get_dyn_PRIVATE_DIR());
569 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
570 get_dyn_BINDDNS_DIR());
572 /* use the new 'hash2' method by default, with a prefix of 1 */
573 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
574 Globals.mangle_prefix = 1;
576 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
578 /* using UTF8 by default allows us to support all chars */
579 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
580 DEFAULT_UNIX_CHARSET);
582 /* Use codepage 850 as a default for the dos character set */
583 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
584 DEFAULT_DOS_CHARSET);
587 * Allow the default PASSWD_CHAT to be overridden in local.h.
589 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
590 DEFAULT_PASSWD_CHAT);
592 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
594 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
595 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
597 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
599 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
601 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
603 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
606 * By default support explicit binding to broadcast
609 Globals.nmbd_bind_explicit_broadcast = true;
611 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
613 smb_panic("init_globals: ENOMEM");
615 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
618 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
619 "/bin/sleep 999999999");
622 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
623 DEFAULT_SOCKET_OPTIONS);
625 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
626 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
627 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
628 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
629 "\\\\%N\\%U\\profile");
631 Globals.name_resolve_order =
632 str_list_make_v3_const(Globals.ctx,
633 DEFAULT_NAME_RESOLVE_ORDER,
635 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
637 Globals.algorithmic_rid_base = BASE_RID;
639 Globals.load_printers = true;
640 Globals.printcap_cache_time = 750; /* 12.5 minutes */
642 Globals.config_backend = config_backend;
643 Globals._server_role = ROLE_AUTO;
645 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
646 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
647 Globals.max_xmit = 0x4104;
648 Globals.max_mux = 50; /* This is *needed* for profile support. */
649 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
650 Globals._disable_spoolss = false;
651 Globals.max_smbd_processes = 0;/* no limit specified */
652 Globals.username_level = 0;
653 Globals.deadtime = 10080;
654 Globals.getwd_cache = true;
655 Globals.large_readwrite = true;
656 Globals.max_log_size = 5000;
657 Globals.max_open_files = max_open_files();
658 Globals.server_max_protocol = PROTOCOL_SMB3_11;
659 Globals.server_min_protocol = PROTOCOL_SMB2_02;
660 Globals._client_max_protocol = PROTOCOL_DEFAULT;
661 Globals.client_min_protocol = PROTOCOL_SMB2_02;
662 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
663 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
664 Globals._security = SEC_AUTO;
665 Globals.encrypt_passwords = true;
666 Globals.client_schannel = true;
667 Globals.winbind_sealed_pipes = true;
668 Globals.require_strong_key = true;
669 Globals.reject_md5_servers = true;
670 Globals.server_schannel = true;
671 Globals.server_schannel_require_seal = true;
672 Globals.reject_md5_clients = true;
673 Globals.read_raw = true;
674 Globals.write_raw = true;
675 Globals.null_passwords = false;
676 Globals.old_password_allowed_period = 60;
677 Globals.obey_pam_restrictions = false;
679 Globals.syslog_only = false;
680 Globals.timestamp_logs = true;
681 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
682 Globals.debug_prefix_timestamp = false;
683 Globals.debug_hires_timestamp = true;
684 Globals.debug_syslog_format = false;
685 Globals.debug_pid = false;
686 Globals.debug_uid = false;
687 Globals.debug_class = false;
688 Globals.enable_core_files = true;
689 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
690 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
691 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
692 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
693 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
694 Globals.lm_interval = 60;
695 Globals.time_server = false;
696 Globals.bind_interfaces_only = false;
697 Globals.unix_password_sync = false;
698 Globals.pam_password_change = false;
699 Globals.passwd_chat_debug = false;
700 Globals.passwd_chat_timeout = 2; /* 2 second default. */
701 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
702 Globals.nt_status_support = true; /* Use NT status by default. */
703 Globals.smbd_profiling_level = 0;
704 Globals.stat_cache = true; /* use stat cache by default */
705 Globals.max_stat_cache_size = 512; /* 512k by default */
706 Globals.restrict_anonymous = 0;
707 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
708 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
709 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
710 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
711 Globals.nt_hash_store = NT_HASH_STORE_ALWAYS; /* Fill in NT hash when setting password */
712 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
713 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
714 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
716 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
718 Globals.map_to_guest = 0; /* By Default, "Never" */
719 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
720 Globals.enhanced_browsing = true;
721 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
722 Globals.use_mmap = true;
723 Globals.unicode = true;
724 Globals.smb1_unix_extensions = true;
725 Globals.reset_on_zero_vc = false;
726 Globals.log_writeable_files_on_exit = false;
727 Globals.create_krb5_conf = true;
728 Globals.include_system_krb5_conf = true;
729 Globals._winbind_max_domain_connections = 1;
731 /* hostname lookups can be very expensive and are broken on
732 a large number of sites (tridge) */
733 Globals.hostname_lookups = false;
735 Globals.change_notify = true,
736 Globals.kernel_change_notify = true,
738 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
739 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
740 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
741 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
742 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
743 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
745 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
746 Globals.ldap_ssl = LDAP_SSL_START_TLS;
747 Globals.ldap_deref = -1;
748 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
749 Globals.ldap_delete_dn = false;
750 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
751 Globals.ldap_follow_referral = Auto;
752 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
753 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
754 Globals.ldap_page_size = LDAP_PAGE_SIZE;
756 Globals.ldap_debug_level = 0;
757 Globals.ldap_debug_threshold = 10;
759 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SEAL;
761 Globals.ldap_server_require_strong_auth =
762 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
764 /* This is what we tell the afs client. in reality we set the token
765 * to never expire, though, when this runs out the afs client will
766 * forget the token. Set to 0 to get NEVERDATE.*/
767 Globals.afs_token_lifetime = 604800;
768 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
770 /* these parameters are set to defaults that are more appropriate
771 for the increasing samba install base:
773 as a member of the workgroup, that will possibly become a
774 _local_ master browser (lm = true). this is opposed to a forced
775 local master browser startup (pm = true).
777 doesn't provide WINS server service by default (wsupp = false),
778 and doesn't provide domain master browser services by default, either.
782 Globals.show_add_printer_wizard = true;
783 Globals.os_level = 20;
784 Globals.local_master = true;
785 Globals._domain_master = Auto; /* depending on _domain_logons */
786 Globals._domain_logons = false;
787 Globals.browse_list = true;
788 Globals.we_are_a_wins_server = false;
789 Globals.wins_proxy = false;
791 TALLOC_FREE(Globals.init_logon_delayed_hosts);
792 Globals.init_logon_delay = 100; /* 100 ms default delay */
794 Globals.wins_dns_proxy = true;
795 Globals.dns_port = DNS_SERVICE_PORT;
797 Globals.allow_trusted_domains = true;
798 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
800 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
801 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
803 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
804 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
805 dyn_WINBINDD_SOCKET_DIR);
807 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
808 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
810 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
812 Globals.cluster_addresses = NULL;
813 Globals.clustering = false;
814 Globals.ctdb_timeout = 0;
815 Globals.ctdb_locktime_warn_threshold = 0;
817 Globals.winbind_cache_time = 300; /* 5 minutes */
818 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
819 Globals.winbind_request_timeout = 60; /* 60 seconds */
820 Globals.winbind_max_clients = 200;
821 Globals.winbind_enum_users = false;
822 Globals.winbind_enum_groups = false;
823 Globals.winbind_use_default_domain = false;
824 Globals.winbind_nested_groups = true;
825 Globals.winbind_expand_groups = 0;
826 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
827 Globals.winbind_refresh_tickets = false;
828 Globals.winbind_offline_logon = false;
829 Globals.winbind_scan_trusted_domains = false;
831 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
832 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
834 Globals.passdb_expand_explicit = false;
836 Globals.name_cache_timeout = 660; /* In seconds */
838 Globals.client_use_spnego = true;
840 Globals.client_signing = SMB_SIGNING_DEFAULT;
841 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
842 Globals.server_signing = SMB_SIGNING_DEFAULT;
844 Globals.defer_sharing_violations = true;
845 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
847 Globals.enable_privileges = true;
848 Globals.host_msdfs = true;
849 Globals.enable_asu_support = false;
851 /* User defined shares. */
852 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
854 smb_panic("init_globals: ENOMEM");
856 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
858 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
859 Globals.usershare_max_shares = 0;
860 /* By default disallow sharing of directories not owned by the sharer. */
861 Globals.usershare_owner_only = true;
862 /* By default disallow guest access to usershares. */
863 Globals.usershare_allow_guests = false;
865 Globals.keepalive = DEFAULT_KEEPALIVE;
867 /* By default no shares out of the registry */
868 Globals.registry_shares = false;
870 Globals.min_receivefile_size = 0;
872 Globals.multicast_dns_register = true;
874 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
875 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
876 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
877 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
878 Globals.smb2_leases = true;
879 Globals.server_multi_channel_support = true;
881 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
882 get_dyn_NCALRPCDIR());
884 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
886 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
888 Globals.tls_enabled = true;
889 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
891 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
892 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
893 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
894 lpcfg_string_set(Globals.ctx,
895 &Globals.tls_priority,
896 "NORMAL:-VERS-SSL3.0");
898 Globals._preferred_master = Auto;
900 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
901 Globals.dns_zone_scavenging = false;
903 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
904 get_dyn_NTP_SIGND_SOCKET_DIR());
906 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
908 smb_panic("init_globals: ENOMEM");
910 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
914 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
917 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
919 smb_panic("init_globals: ENOMEM");
921 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
924 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
926 smb_panic("init_globals: ENOMEM");
928 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
931 Globals.apply_group_policies = false;
933 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
935 smb_panic("init_globals: ENOMEM");
937 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
940 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
942 Globals.cldap_port = 389;
944 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
946 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
948 Globals.krb5_port = 88;
950 Globals.kpasswd_port = 464;
952 Globals.kdc_enable_fast = true;
954 Globals.aio_max_threads = 100;
956 lpcfg_string_set(Globals.ctx,
957 &Globals.rpc_server_dynamic_port_range,
959 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
960 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
961 Globals.prefork_children = 4;
962 Globals.prefork_backoff_increment = 10;
963 Globals.prefork_maximum_backoff = 120;
965 Globals.ldap_max_anonymous_request_size = 256000;
966 Globals.ldap_max_authenticated_request_size = 16777216;
967 Globals.ldap_max_search_request_size = 256000;
969 /* Async DNS query timeout (in seconds). */
970 Globals.async_dns_timeout = 10;
972 Globals.client_smb_encrypt = SMB_ENCRYPTION_DEFAULT;
974 Globals._client_use_kerberos = CRED_USE_KERBEROS_DESIRED;
976 Globals.client_protection = CRED_CLIENT_PROTECTION_DEFAULT;
978 Globals.winbind_use_krb5_enterprise_principals = true;
980 Globals.client_smb3_signing_algorithms =
981 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
982 Globals.server_smb3_signing_algorithms =
983 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
985 Globals.client_smb3_encryption_algorithms =
986 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
987 Globals.server_smb3_encryption_algorithms =
988 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
990 Globals.min_domain_uid = 1000;
993 * By default allow smbd and winbindd to start samba-dcerpcd as
994 * a named-pipe helper.
996 Globals.rpc_start_on_demand_helpers = true;
998 /* Now put back the settings that were set with lp_set_cmdline() */
999 apply_lp_set_cmdline();
1002 /* Convenience routine to setup an lp_context with additional s3 variables */
1003 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
1005 struct loadparm_context *lp_ctx;
1007 lp_ctx = loadparm_init_s3(mem_ctx,
1008 loadparm_s3_helpers());
1009 if (lp_ctx == NULL) {
1010 DEBUG(0, ("loadparm_init_s3 failed\n"));
1014 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
1015 if (lp_ctx->sDefault == NULL) {
1016 DBG_ERR("talloc_zero failed\n");
1017 TALLOC_FREE(lp_ctx);
1021 *lp_ctx->sDefault = _sDefault;
1022 lp_ctx->services = NULL; /* We do not want to access this directly */
1023 lp_ctx->bInGlobalSection = bInGlobalSection;
1024 lp_ctx->flags = flags_list;
1029 /*******************************************************************
1030 Convenience routine to grab string parameters into talloced memory
1031 and run standard_sub_basic on them. The buffers can be written to by
1032 callers without affecting the source string.
1033 ********************************************************************/
1035 static char *loadparm_s3_global_substitution_fn(
1036 TALLOC_CTX *mem_ctx,
1037 const struct loadparm_substitution *lp_sub,
1043 /* The follow debug is useful for tracking down memory problems
1044 especially if you have an inner loop that is calling a lp_*()
1045 function that returns a string. Perhaps this debug should be
1046 present all the time? */
1049 DEBUG(10, ("lp_string(%s)\n", s));
1055 ret = talloc_sub_basic(mem_ctx,
1056 get_current_username(),
1057 get_current_user_info_domain(),
1059 if (trim_char(ret, '\"', '\"')) {
1060 if (strchr(ret,'\"') != NULL) {
1062 ret = talloc_sub_basic(mem_ctx,
1063 get_current_username(),
1064 get_current_user_info_domain(),
1071 static const struct loadparm_substitution s3_global_substitution = {
1072 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1075 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1077 return &s3_global_substitution;
1081 In this section all the functions that are used to access the
1082 parameters from the rest of the program are defined
1085 #define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
1086 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
1087 {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
1088 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1089 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1090 #define FN_GLOBAL_LIST(fn_name,ptr) \
1091 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1092 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1093 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1094 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1095 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1096 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1097 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1099 #define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
1100 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
1101 {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1102 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1103 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1104 #define FN_LOCAL_LIST(fn_name,val) \
1105 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1106 #define FN_LOCAL_BOOL(fn_name,val) \
1107 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1108 #define FN_LOCAL_INTEGER(fn_name,val) \
1109 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1111 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1112 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1113 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1114 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1115 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1116 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1118 int lp_winbind_max_domain_connections(void)
1120 if (lp_winbind_offline_logon() &&
1121 lp__winbind_max_domain_connections() > 1) {
1122 DEBUG(1, ("offline logons active, restricting max domain "
1123 "connections to 1\n"));
1126 return MAX(1, lp__winbind_max_domain_connections());
1129 /* These functions remain in source3/param for now */
1131 #include "lib/param/param_functions.c"
1133 FN_LOCAL_SUBSTITUTED_STRING(servicename, szService)
1134 FN_LOCAL_CONST_STRING(const_servicename, szService)
1136 /* These functions cannot be auto-generated */
1137 FN_LOCAL_BOOL(autoloaded, autoloaded)
1138 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1140 /* local prototypes */
1142 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1143 static const char *get_boolean(bool bool_value);
1144 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1146 static bool hash_a_service(const char *name, int number);
1147 static void free_service_byindex(int iService);
1148 static void show_parameter(int parmIndex);
1149 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1150 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1153 * This is a helper function for parametrical options support. It returns a
1154 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1155 * parametrical functions are quite simple
1157 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1160 if (snum >= iNumServices) return NULL;
1163 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1165 return get_parametric_helper(ServicePtrs[snum],
1166 type, option, Globals.param_opt);
1170 static void discard_whitespace(char *str)
1172 size_t len = strlen(str);
1176 if (isspace(str[i])) {
1177 memmove(&str[i], &str[i+1], len-i);
1186 * @brief Go through all global parametric parameters
1188 * @param regex_str A regular expression to scan param for
1189 * @param max_matches Max number of submatches the regexp expects
1190 * @param cb Function to call on match. Should return true
1191 * when it wants wi_scan_global_parametrics to stop
1193 * @param private_data Anonymous pointer passed to cb
1195 * @return 0: success, regcomp/regexec return value on error.
1196 * See "man regexec" for possible errors
1199 int lp_wi_scan_global_parametrics(
1200 const char *regex_str, size_t max_matches,
1201 bool (*cb)(const char *string, regmatch_t matches[],
1202 void *private_data),
1205 struct parmlist_entry *data;
1209 ret = regcomp(®ex, regex_str, REG_ICASE);
1214 for (data = Globals.param_opt; data != NULL; data = data->next) {
1215 size_t keylen = strlen(data->key);
1217 regmatch_t matches[max_matches];
1220 memcpy(key, data->key, sizeof(key));
1221 discard_whitespace(key);
1223 ret = regexec(®ex, key, max_matches, matches, 0);
1224 if (ret == REG_NOMATCH) {
1231 stop = cb(key, matches, private_data);
1244 #define MISSING_PARAMETER(name) \
1245 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1247 /*******************************************************************
1248 convenience routine to return enum parameters.
1249 ********************************************************************/
1250 static int lp_enum(const char *s,const struct enum_list *_enum)
1254 if (!s || !*s || !_enum) {
1255 MISSING_PARAMETER(lp_enum);
1259 for (i=0; _enum[i].name; i++) {
1260 if (strequal(_enum[i].name,s))
1261 return _enum[i].value;
1264 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1268 #undef MISSING_PARAMETER
1270 /* Return parametric option from a given service. Type is a part of option before ':' */
1271 /* Parametric option has following syntax: 'Type: option = value' */
1272 char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
1273 const struct loadparm_substitution *lp_sub,
1279 struct parmlist_entry *data = get_parametrics(snum, type, option);
1281 SMB_ASSERT(lp_sub != NULL);
1283 if (data == NULL||data->value==NULL) {
1285 return lpcfg_substituted_string(mem_ctx, lp_sub, def);
1291 return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
1294 /* Return parametric option from a given service. Type is a part of option before ':' */
1295 /* Parametric option has following syntax: 'Type: option = value' */
1296 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1298 struct parmlist_entry *data = get_parametrics(snum, type, option);
1300 if (data == NULL||data->value==NULL)
1307 /* Return parametric option from a given service. Type is a part of option before ':' */
1308 /* Parametric option has following syntax: 'Type: option = value' */
1310 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1312 struct parmlist_entry *data = get_parametrics(snum, type, option);
1314 if (data == NULL||data->value==NULL)
1315 return (const char **)def;
1317 if (data->list==NULL) {
1318 data->list = str_list_make_v3(NULL, data->value, NULL);
1321 return discard_const_p(const char *, data->list);
1324 /* Return parametric option from a given service. Type is a part of option before ':' */
1325 /* Parametric option has following syntax: 'Type: option = value' */
1327 int lp_parm_int(int snum, const char *type, const char *option, int def)
1329 struct parmlist_entry *data = get_parametrics(snum, type, option);
1331 if (data && data->value && *data->value)
1332 return lp_int(data->value);
1337 /* Return parametric option from a given service. Type is a part of option before ':' */
1338 /* Parametric option has following syntax: 'Type: option = value' */
1340 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1342 struct parmlist_entry *data = get_parametrics(snum, type, option);
1344 if (data && data->value && *data->value)
1345 return lp_ulong(data->value);
1350 /* Return parametric option from a given service. Type is a part of option before ':' */
1351 /* Parametric option has following syntax: 'Type: option = value' */
1353 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1354 const char *option, unsigned long long def)
1356 struct parmlist_entry *data = get_parametrics(snum, type, option);
1358 if (data && data->value && *data->value) {
1359 return lp_ulonglong(data->value);
1365 /* Return parametric option from a given service. Type is a part of option
1367 /* Parametric option has following syntax: 'Type: option = value' */
1369 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1371 struct parmlist_entry *data = get_parametrics(snum, type, option);
1373 if (data && data->value && *data->value)
1374 return lp_bool(data->value);
1379 /* Return parametric option from a given service. Type is a part of option before ':' */
1380 /* Parametric option has following syntax: 'Type: option = value' */
1382 int lp_parm_enum(int snum, const char *type, const char *option,
1383 const struct enum_list *_enum, int def)
1385 struct parmlist_entry *data = get_parametrics(snum, type, option);
1387 if (data && data->value && *data->value && _enum)
1388 return lp_enum(data->value, _enum);
1394 * free a param_opts structure.
1395 * param_opts handling should be moved to talloc;
1396 * then this whole functions reduces to a TALLOC_FREE().
1399 static void free_param_opts(struct parmlist_entry **popts)
1401 struct parmlist_entry *opt, *next_opt;
1403 if (*popts != NULL) {
1404 DEBUG(5, ("Freeing parametrics:\n"));
1407 while (opt != NULL) {
1408 lpcfg_string_free(&opt->key);
1409 lpcfg_string_free(&opt->value);
1410 TALLOC_FREE(opt->list);
1411 next_opt = opt->next;
1418 /***************************************************************************
1419 Free the dynamically allocated parts of a service struct.
1420 ***************************************************************************/
1422 static void free_service(struct loadparm_service *pservice)
1427 if (pservice->szService)
1428 DEBUG(5, ("free_service: Freeing service %s\n",
1429 pservice->szService));
1431 free_parameters(pservice);
1433 lpcfg_string_free(&pservice->szService);
1434 TALLOC_FREE(pservice->copymap);
1436 free_param_opts(&pservice->param_opt);
1438 ZERO_STRUCTP(pservice);
1442 /***************************************************************************
1443 remove a service indexed in the ServicePtrs array from the ServiceHash
1444 and free the dynamically allocated parts
1445 ***************************************************************************/
1447 static void free_service_byindex(int idx)
1449 if ( !LP_SNUM_OK(idx) )
1452 ServicePtrs[idx]->valid = false;
1454 /* we have to cleanup the hash record */
1456 if (ServicePtrs[idx]->szService) {
1457 char *canon_name = canonicalize_servicename(
1459 ServicePtrs[idx]->szService );
1461 dbwrap_delete_bystring(ServiceHash, canon_name );
1462 TALLOC_FREE(canon_name);
1465 free_service(ServicePtrs[idx]);
1466 TALLOC_FREE(ServicePtrs[idx]);
1469 /***************************************************************************
1470 Add a new service to the services array initialising it with the given
1472 ***************************************************************************/
1474 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1477 struct loadparm_service **tsp = NULL;
1479 /* it might already exist */
1481 i = getservicebyname(name, NULL);
1487 /* Re use empty slots if any before allocating new one.*/
1488 for (i=0; i < iNumServices; i++) {
1489 if (ServicePtrs[i] == NULL) {
1493 if (i == iNumServices) {
1494 /* if not, then create one */
1495 tsp = talloc_realloc(NULL, ServicePtrs,
1496 struct loadparm_service *,
1499 DEBUG(0, ("add_a_service: failed to enlarge "
1506 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1507 if (!ServicePtrs[i]) {
1508 DEBUG(0,("add_a_service: out of memory!\n"));
1512 ServicePtrs[i]->valid = true;
1514 copy_service(ServicePtrs[i], pservice, NULL);
1516 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1519 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1520 i, ServicePtrs[i]->szService));
1522 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1529 /***************************************************************************
1530 Convert a string to uppercase and remove whitespaces.
1531 ***************************************************************************/
1533 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1538 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1542 result = talloc_strdup(ctx, src);
1543 SMB_ASSERT(result != NULL);
1545 if (!strlower_m(result)) {
1546 TALLOC_FREE(result);
1552 /***************************************************************************
1553 Add a name/index pair for the services array to the hash table.
1554 ***************************************************************************/
1556 static bool hash_a_service(const char *name, int idx)
1560 if ( !ServiceHash ) {
1561 DEBUG(10,("hash_a_service: creating servicehash\n"));
1562 ServiceHash = db_open_rbt(NULL);
1563 if ( !ServiceHash ) {
1564 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1569 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1572 canon_name = canonicalize_servicename(talloc_tos(), name );
1574 dbwrap_store_bystring(ServiceHash, canon_name,
1575 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1578 TALLOC_FREE(canon_name);
1583 /***************************************************************************
1584 Add a new home service, with the specified home directory, defaults coming
1586 ***************************************************************************/
1588 bool lp_add_home(const char *pszHomename, int iDefaultService,
1589 const char *user, const char *pszHomedir)
1591 const struct loadparm_substitution *lp_sub =
1592 loadparm_s3_global_substitution();
1596 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1597 pszHomedir[0] == '\0') {
1601 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1606 global_path = lp_path(talloc_tos(), lp_sub, GLOBAL_SECTION_SNUM);
1607 if (!(*(ServicePtrs[iDefaultService]->path))
1608 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1609 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1612 TALLOC_FREE(global_path);
1614 if (!(*(ServicePtrs[i]->comment))) {
1615 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1616 if (comment == NULL) {
1619 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1621 TALLOC_FREE(comment);
1624 /* set the browseable flag from the global default */
1626 ServicePtrs[i]->browseable = sDefault.browseable;
1627 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1629 ServicePtrs[i]->autoloaded = true;
1631 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1632 user, ServicePtrs[i]->path ));
1637 /***************************************************************************
1638 Add a new service, based on an old one.
1639 ***************************************************************************/
1641 int lp_add_service(const char *pszService, int iDefaultService)
1643 if (iDefaultService < 0) {
1644 return add_a_service(&sDefault, pszService);
1647 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1650 /***************************************************************************
1651 Add the IPC service.
1652 ***************************************************************************/
1654 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1656 char *comment = NULL;
1657 int i = add_a_service(&sDefault, ipc_name);
1662 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1663 Globals.server_string);
1664 if (comment == NULL) {
1668 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1669 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1670 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1671 ServicePtrs[i]->max_connections = 0;
1672 ServicePtrs[i]->available = true;
1673 ServicePtrs[i]->read_only = true;
1674 ServicePtrs[i]->guest_only = false;
1675 ServicePtrs[i]->administrative_share = true;
1676 ServicePtrs[i]->guest_ok = guest_ok;
1677 ServicePtrs[i]->printable = false;
1678 ServicePtrs[i]->browseable = sDefault.browseable;
1679 ServicePtrs[i]->autoloaded = false;
1681 DEBUG(3, ("adding IPC service\n"));
1683 TALLOC_FREE(comment);
1687 /***************************************************************************
1688 Add a new printer service, with defaults coming from service iFrom.
1689 ***************************************************************************/
1691 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1693 const char *comment = "From Printcap";
1694 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1699 /* note that we do NOT default the availability flag to true - */
1700 /* we take it from the default service passed. This allows all */
1701 /* dynamic printers to be disabled by disabling the [printers] */
1702 /* entry (if/when the 'available' keyword is implemented!). */
1704 /* the printer name is set to the service name. */
1705 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1707 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1709 /* set the browseable flag from the gloabl default */
1710 ServicePtrs[i]->browseable = sDefault.browseable;
1712 /* Printers cannot be read_only. */
1713 ServicePtrs[i]->read_only = false;
1714 /* No oplocks on printer services. */
1715 ServicePtrs[i]->oplocks = false;
1716 /* Printer services must be printable. */
1717 ServicePtrs[i]->printable = true;
1719 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1725 /***************************************************************************
1726 Check whether the given parameter name is valid.
1727 Parametric options (names containing a colon) are considered valid.
1728 ***************************************************************************/
1730 bool lp_parameter_is_valid(const char *pszParmName)
1732 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1733 (strchr(pszParmName, ':') != NULL));
1736 /***************************************************************************
1737 Check whether the given name is the name of a global parameter.
1738 Returns true for strings belonging to parameters of class
1739 P_GLOBAL, false for all other strings, also for parametric options
1740 and strings not belonging to any option.
1741 ***************************************************************************/
1743 bool lp_parameter_is_global(const char *pszParmName)
1745 int num = lpcfg_map_parameter(pszParmName);
1748 return (parm_table[num].p_class == P_GLOBAL);
1754 /**************************************************************************
1755 Determine the canonical name for a parameter.
1756 Indicate when it is an inverse (boolean) synonym instead of a
1758 **************************************************************************/
1760 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1765 if (!lp_parameter_is_valid(parm_name)) {
1770 num = map_parameter_canonical(parm_name, inverse);
1772 /* parametric option */
1773 *canon_parm = parm_name;
1775 *canon_parm = parm_table[num].label;
1782 /**************************************************************************
1783 Determine the canonical name for a parameter.
1784 Turn the value given into the inverse boolean expression when
1785 the synonym is an invers boolean synonym.
1788 - parm_name is a valid parameter name and
1789 - val is a valid value for this parameter and
1790 - in case the parameter is an inverse boolean synonym, if the val
1791 string could successfully be converted to the reverse bool.
1792 Return false in all other cases.
1793 **************************************************************************/
1795 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1797 const char **canon_parm,
1798 const char **canon_val)
1804 if (!lp_parameter_is_valid(parm_name)) {
1810 num = map_parameter_canonical(parm_name, &inverse);
1812 /* parametric option */
1813 *canon_parm = parm_name;
1818 *canon_parm = parm_table[num].label;
1820 if (!lp_invert_boolean(val, canon_val)) {
1828 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1833 /***************************************************************************
1834 Map a parameter's string representation to the index of the canonical
1835 form of the parameter (it might be a synonym).
1836 Returns -1 if the parameter string is not recognised.
1837 ***************************************************************************/
1839 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1841 int parm_num, canon_num;
1842 bool loc_inverse = false;
1844 parm_num = lpcfg_map_parameter(pszParmName);
1845 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1846 /* invalid, parametric or no canidate for synonyms ... */
1850 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1851 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1852 parm_num = canon_num;
1858 if (inverse != NULL) {
1859 *inverse = loc_inverse;
1864 /***************************************************************************
1865 return true if parameter number parm1 is a synonym of parameter
1866 number parm2 (parm2 being the principal name).
1867 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1869 ***************************************************************************/
1871 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1873 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1874 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1875 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1876 !(parm_table[parm2].flags & FLAG_SYNONYM))
1878 if (inverse != NULL) {
1879 if ((parm_table[parm1].type == P_BOOLREV) &&
1880 (parm_table[parm2].type == P_BOOL))
1892 /***************************************************************************
1893 Show one parameter's name, type, [values,] and flags.
1894 (helper functions for show_parameter_list)
1895 ***************************************************************************/
1897 static void show_parameter(int parmIndex)
1899 size_t enumIndex, flagIndex;
1904 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1905 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1906 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1907 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1908 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1910 printf("%s=%s", parm_table[parmIndex].label,
1911 type[parm_table[parmIndex].type]);
1912 if (parm_table[parmIndex].type == P_ENUM) {
1915 parm_table[parmIndex].enum_list[enumIndex].name;
1919 enumIndex ? "|" : "",
1920 parm_table[parmIndex].enum_list[enumIndex].name);
1925 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1926 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1929 flag_names[flagIndex]);
1934 /* output synonyms */
1936 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1937 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1938 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1939 parm_table[parmIndex2].label);
1940 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1942 printf(" (synonyms: ");
1947 printf("%s%s", parm_table[parmIndex2].label,
1948 inverse ? "[i]" : "");
1959 * Check the value for a P_ENUM
1961 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1965 for (i = 0; parm->enum_list[i].name; i++) {
1966 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1973 /**************************************************************************
1974 Check whether the given value is valid for the given parameter name.
1975 **************************************************************************/
1977 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1979 bool ret = false, tmp_bool;
1980 int num = lpcfg_map_parameter(parm_name), tmp_int;
1981 uint64_t tmp_int64 = 0;
1982 struct parm_struct *parm;
1984 /* parametric options (parameter names containing a colon) cannot
1985 be checked and are therefore considered valid. */
1986 if (strchr(parm_name, ':') != NULL) {
1991 parm = &parm_table[num];
1992 switch (parm->type) {
1995 ret = set_boolean(val, &tmp_bool);
1999 ret = (sscanf(val, "%d", &tmp_int) == 1);
2003 ret = (sscanf(val, "%o", &tmp_int) == 1);
2007 ret = check_enum_parameter(parm, val);
2011 if (conv_str_size_error(val, &tmp_int64) &&
2012 tmp_int64 <= INT_MAX) {
2029 /***************************************************************************
2030 Show all parameter's name, type, [values,] and flags.
2031 ***************************************************************************/
2033 void show_parameter_list(void)
2035 int classIndex, parmIndex;
2036 const char *section_names[] = { "local", "global", NULL};
2038 for (classIndex=0; section_names[classIndex]; classIndex++) {
2039 printf("[%s]\n", section_names[classIndex]);
2040 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
2041 if (parm_table[parmIndex].p_class == classIndex) {
2042 show_parameter(parmIndex);
2048 /***************************************************************************
2049 Get the standard string representation of a boolean value ("yes" or "no")
2050 ***************************************************************************/
2052 static const char *get_boolean(bool bool_value)
2054 static const char *yes_str = "yes";
2055 static const char *no_str = "no";
2057 return (bool_value ? yes_str : no_str);
2060 /***************************************************************************
2061 Provide the string of the negated boolean value associated to the boolean
2062 given as a string. Returns false if the passed string does not correctly
2063 represent a boolean.
2064 ***************************************************************************/
2066 bool lp_invert_boolean(const char *str, const char **inverse_str)
2070 if (!set_boolean(str, &val)) {
2074 *inverse_str = get_boolean(!val);
2078 /***************************************************************************
2079 Provide the canonical string representation of a boolean value given
2080 as a string. Return true on success, false if the string given does
2081 not correctly represent a boolean.
2082 ***************************************************************************/
2084 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2088 if (!set_boolean(str, &val)) {
2092 *canon_str = get_boolean(val);
2096 /***************************************************************************
2097 Find a service by name. Otherwise works like get_service.
2098 ***************************************************************************/
2100 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2107 if (ServiceHash == NULL) {
2111 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2113 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2116 if (NT_STATUS_IS_OK(status) &&
2117 (data.dptr != NULL) &&
2118 (data.dsize == sizeof(iService)))
2120 memcpy(&iService, data.dptr, sizeof(iService));
2123 TALLOC_FREE(canon_name);
2125 if ((iService != -1) && (LP_SNUM_OK(iService))
2126 && (pserviceDest != NULL)) {
2127 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2133 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2134 struct loadparm_service *lp_service(const char *pszServiceName)
2136 int iService = getservicebyname(pszServiceName, NULL);
2137 if (iService == -1 || !LP_SNUM_OK(iService)) {
2140 return ServicePtrs[iService];
2143 struct loadparm_service *lp_servicebynum(int snum)
2145 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2148 return ServicePtrs[snum];
2151 struct loadparm_service *lp_default_loadparm_service(void)
2156 static struct smbconf_ctx *lp_smbconf_ctx(void)
2159 static struct smbconf_ctx *conf_ctx = NULL;
2161 if (conf_ctx == NULL) {
2162 err = smbconf_init(NULL, &conf_ctx, "registry:");
2163 if (!SBC_ERROR_IS_OK(err)) {
2164 DEBUG(1, ("error initializing registry configuration: "
2165 "%s\n", sbcErrorString(err)));
2173 static bool process_smbconf_service(struct smbconf_service *service)
2178 if (service == NULL) {
2182 ret = lp_do_section(service->name, NULL);
2186 for (count = 0; count < service->num_params; count++) {
2188 if (!bInGlobalSection && bGlobalOnly) {
2191 const char *pszParmName = service->param_names[count];
2192 const char *pszParmValue = service->param_values[count];
2194 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2196 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2197 pszParmName, pszParmValue);
2204 if (iServiceIndex >= 0) {
2205 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2211 * load a service from registry and activate it
2213 bool process_registry_service(const char *service_name)
2216 struct smbconf_service *service = NULL;
2217 TALLOC_CTX *mem_ctx = talloc_stackframe();
2218 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2221 if (conf_ctx == NULL) {
2225 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2227 if (!smbconf_share_exists(conf_ctx, service_name)) {
2229 * Registry does not contain data for this service (yet),
2230 * but make sure lp_load doesn't return false.
2236 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2237 if (!SBC_ERROR_IS_OK(err)) {
2241 ret = process_smbconf_service(service);
2247 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2250 TALLOC_FREE(mem_ctx);
2255 * process_registry_globals
2257 static bool process_registry_globals(void)
2261 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2263 if (!bInGlobalSection && bGlobalOnly) {
2266 const char *pszParmName = "registry shares";
2267 const char *pszParmValue = "yes";
2269 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2271 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2272 pszParmName, pszParmValue);
2279 return process_registry_service(GLOBAL_NAME);
2282 bool process_registry_shares(void)
2286 struct smbconf_service **service = NULL;
2287 uint32_t num_shares = 0;
2288 TALLOC_CTX *mem_ctx = talloc_stackframe();
2289 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2292 if (conf_ctx == NULL) {
2296 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2297 if (!SBC_ERROR_IS_OK(err)) {
2303 for (count = 0; count < num_shares; count++) {
2304 if (strequal(service[count]->name, GLOBAL_NAME)) {
2307 ret = process_smbconf_service(service[count]);
2314 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2317 TALLOC_FREE(mem_ctx);
2322 * reload those shares from registry that are already
2323 * activated in the services array.
2325 static bool reload_registry_shares(void)
2330 for (i = 0; i < iNumServices; i++) {
2335 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2339 ret = process_registry_service(ServicePtrs[i]->szService);
2350 #define MAX_INCLUDE_DEPTH 100
2352 static uint8_t include_depth;
2355 * Free the file lists
2357 static void free_file_list(void)
2359 struct file_lists *f;
2360 struct file_lists *next;
2373 * Utility function for outsiders to check if we're running on registry.
2375 bool lp_config_backend_is_registry(void)
2377 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2381 * Utility function to check if the config backend is FILE.
2383 bool lp_config_backend_is_file(void)
2385 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2388 /*******************************************************************
2389 Check if a config file has changed date.
2390 ********************************************************************/
2392 bool lp_file_list_changed(void)
2394 struct file_lists *f = file_lists;
2396 DEBUG(6, ("lp_file_list_changed()\n"));
2399 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2400 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2402 if (conf_ctx == NULL) {
2405 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2408 DEBUGADD(6, ("registry config changed\n"));
2412 struct timespec mod_time = {
2415 struct timeval_buf tbuf = {
2419 struct stat sb = {0};
2422 n2 = talloc_sub_basic(talloc_tos(),
2423 get_current_username(),
2424 get_current_user_info_domain(),
2429 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2431 timespec_string_buf(&f->modtime,
2437 mod_time = get_mtimespec(&sb);
2440 if (mod_time.tv_sec > 0 &&
2441 ((timespec_compare(&mod_time, &f->modtime) != 0) ||
2442 (f->subfname == NULL) ||
2443 (strcmp(n2, f->subfname) != 0)))
2445 f->modtime = mod_time;
2448 ("file %s modified: %s\n", n2,
2449 timespec_string_buf(&f->modtime,
2453 TALLOC_FREE(f->subfname);
2454 f->subfname = talloc_strdup(f, n2);
2455 if (f->subfname == NULL) {
2456 smb_panic("talloc_strdup failed");
2470 * Initialize iconv conversion descriptors.
2472 * This is called the first time it is needed, and also called again
2473 * every time the configuration is reloaded, because the charset or
2474 * codepage might have changed.
2476 static void init_iconv(void)
2478 struct smb_iconv_handle *ret = NULL;
2480 ret = reinit_iconv_handle(NULL,
2484 smb_panic("reinit_iconv_handle failed");
2488 /***************************************************************************
2489 Handle the include operation.
2490 ***************************************************************************/
2491 static bool bAllowIncludeRegistry = true;
2493 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2494 const char *pszParmValue, char **ptr)
2498 if (include_depth >= MAX_INCLUDE_DEPTH) {
2499 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2504 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2505 if (!bAllowIncludeRegistry) {
2508 if (lp_ctx->bInGlobalSection) {
2511 ret = process_registry_globals();
2515 DEBUG(1, ("\"include = registry\" only effective "
2516 "in %s section\n", GLOBAL_NAME));
2521 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2522 get_current_user_info_domain(),
2525 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2527 if (service == NULL) {
2528 lpcfg_string_set(Globals.ctx, ptr, fname);
2530 lpcfg_string_set(service, ptr, fname);
2533 if (file_exist(fname)) {
2536 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2542 DEBUG(2, ("Can't find include file %s\n", fname));
2547 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2549 char *config_option = NULL;
2550 const char *range = NULL;
2553 SMB_ASSERT(low != NULL);
2554 SMB_ASSERT(high != NULL);
2556 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2560 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2562 if (config_option == NULL) {
2563 DEBUG(0, ("out of memory\n"));
2567 range = lp_parm_const_string(-1, config_option, "range", NULL);
2568 if (range == NULL) {
2569 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2573 if (sscanf(range, "%u - %u", low, high) != 2) {
2574 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2575 range, domain_name));
2582 talloc_free(config_option);
2587 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2589 return lp_idmap_range("*", low, high);
2592 const char *lp_idmap_backend(const char *domain_name)
2594 char *config_option = NULL;
2595 const char *backend = NULL;
2597 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2601 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2603 if (config_option == NULL) {
2604 DEBUG(0, ("out of memory\n"));
2608 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2609 if (backend == NULL) {
2610 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2615 talloc_free(config_option);
2619 const char *lp_idmap_default_backend(void)
2621 return lp_idmap_backend("*");
2624 /***************************************************************************
2625 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2626 ***************************************************************************/
2628 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2630 const char *suffix_string;
2632 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2633 Globals.ldap_suffix );
2634 if ( !suffix_string ) {
2635 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2639 return suffix_string;
2642 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2644 if (Globals._ldap_machine_suffix[0])
2645 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2647 return talloc_strdup(ctx, Globals.ldap_suffix);
2650 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2652 if (Globals._ldap_user_suffix[0])
2653 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2655 return talloc_strdup(ctx, Globals.ldap_suffix);
2658 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2660 if (Globals._ldap_group_suffix[0])
2661 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2663 return talloc_strdup(ctx, Globals.ldap_suffix);
2666 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2668 if (Globals._ldap_idmap_suffix[0])
2669 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2671 return talloc_strdup(ctx, Globals.ldap_suffix);
2675 return the parameter pointer for a parameter
2677 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2679 if (service == NULL) {
2680 if (parm->p_class == P_LOCAL)
2681 return (void *)(((char *)&sDefault)+parm->offset);
2682 else if (parm->p_class == P_GLOBAL)
2683 return (void *)(((char *)&Globals)+parm->offset);
2686 return (void *)(((char *)service) + parm->offset);
2690 /***************************************************************************
2691 Process a parameter for a particular service number. If snum < 0
2692 then assume we are in the globals.
2693 ***************************************************************************/
2695 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2697 TALLOC_CTX *frame = talloc_stackframe();
2698 struct loadparm_context *lp_ctx;
2701 lp_ctx = setup_lp_context(frame);
2702 if (lp_ctx == NULL) {
2708 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2710 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2711 pszParmName, pszParmValue);
2719 /***************************************************************************
2720 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2721 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2722 ***************************************************************************/
2724 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2727 parmnum = lpcfg_map_parameter(pszParmName);
2729 flags_list[parmnum] &= ~FLAG_CMDLINE;
2730 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2733 flags_list[parmnum] |= FLAG_CMDLINE;
2735 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2736 * be grouped in the table, so we don't have to search the
2739 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2740 && parm_table[i].p_class == parm_table[parmnum].p_class;
2742 flags_list[i] |= FLAG_CMDLINE;
2744 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2745 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2746 flags_list[i] |= FLAG_CMDLINE;
2752 /* it might be parametric */
2753 if (strchr(pszParmName, ':') != NULL) {
2754 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2758 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2762 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2765 TALLOC_CTX *frame = talloc_stackframe();
2766 struct loadparm_context *lp_ctx;
2768 lp_ctx = setup_lp_context(frame);
2769 if (lp_ctx == NULL) {
2774 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2780 /***************************************************************************
2781 Process a parameter.
2782 ***************************************************************************/
2784 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2787 if (!bInGlobalSection && bGlobalOnly)
2790 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2792 if (bInGlobalSection) {
2793 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2795 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2796 pszParmName, pszParmValue);
2801 static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
2804 * check that @vfs_objects includes all vfs modules required by an AD DC.
2806 static bool check_ad_dc_required_mods(const char **vfs_objects)
2812 for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
2814 for (j = 0; vfs_objects[j] != NULL; j++) {
2815 if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
2821 DEBUG(0, ("vfs objects specified without required AD "
2822 "DC module: %s\n", ad_dc_req_vfs_mods[i]));
2827 DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
2832 /***************************************************************************
2833 Initialize any local variables in the sDefault table, after parsing a
2835 ***************************************************************************/
2837 static void init_locals(void)
2840 * We run this check once the [globals] is parsed, to force
2841 * the VFS objects and other per-share settings we need for
2842 * the standard way a AD DC is operated. We may change these
2843 * as our code evolves, which is why we force these settings.
2845 * We can't do this at the end of lp_load_ex(), as by that
2846 * point the services have been loaded and they will already
2847 * have "" as their vfs objects.
2849 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2850 const char **vfs_objects = lp_vfs_objects(-1);
2851 if (vfs_objects != NULL) {
2852 /* ignore return, only warn if modules are missing */
2853 check_ad_dc_required_mods(vfs_objects);
2855 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2856 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2857 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2858 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2860 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2864 lp_do_parameter(-1, "map hidden", "no");
2865 lp_do_parameter(-1, "map system", "no");
2866 lp_do_parameter(-1, "map readonly", "no");
2867 lp_do_parameter(-1, "map archive", "no");
2868 lp_do_parameter(-1, "store dos attributes", "yes");
2872 /***************************************************************************
2873 Process a new section (service). At this stage all sections are services.
2874 Later we'll have special sections that permit server parameters to be set.
2875 Returns true on success, false on failure.
2876 ***************************************************************************/
2878 bool lp_do_section(const char *pszSectionName, void *userdata)
2880 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2882 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2883 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2885 /* if we were in a global section then do the local inits */
2886 if (bInGlobalSection && !isglobal)
2889 /* if we've just struck a global section, note the fact. */
2890 bInGlobalSection = isglobal;
2891 if (lp_ctx != NULL) {
2892 lp_ctx->bInGlobalSection = isglobal;
2895 /* check for multiple global sections */
2896 if (bInGlobalSection) {
2897 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2901 if (!bInGlobalSection && bGlobalOnly)
2904 /* if we have a current service, tidy it up before moving on */
2907 if ((iServiceIndex >= 0) && (ServicePtrs[iServiceIndex] != NULL))
2908 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2910 /* if all is still well, move to the next record in the services array */
2912 /* We put this here to avoid an odd message order if messages are */
2913 /* issued by the post-processing of a previous section. */
2914 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2916 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2917 if (iServiceIndex < 0) {
2918 DEBUG(0, ("Failed to add a new service\n"));
2921 /* Clean all parametric options for service */
2922 /* They will be added during parsing again */
2923 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2929 /***************************************************************************
2930 Display the contents of a parameter of a single services record.
2931 ***************************************************************************/
2933 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2935 bool result = false;
2936 struct loadparm_context *lp_ctx;
2938 lp_ctx = setup_lp_context(talloc_tos());
2939 if (lp_ctx == NULL) {
2944 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2946 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2948 TALLOC_FREE(lp_ctx);
2953 /***************************************************************************
2954 Display the contents of a single copy structure.
2955 ***************************************************************************/
2956 static void dump_copy_map(bool *pcopymap)
2962 printf("\n\tNon-Copied parameters:\n");
2964 for (i = 0; parm_table[i].label; i++)
2965 if (parm_table[i].p_class == P_LOCAL &&
2966 parm_table[i].ptr && !pcopymap[i] &&
2967 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2969 printf("\t\t%s\n", parm_table[i].label);
2974 /***************************************************************************
2975 Return TRUE if the passed service number is within range.
2976 ***************************************************************************/
2978 bool lp_snum_ok(int iService)
2980 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2983 /***************************************************************************
2984 Auto-load some home services.
2985 ***************************************************************************/
2987 static void lp_add_auto_services(const char *str)
2997 s = talloc_strdup(talloc_tos(), str);
2999 smb_panic("talloc_strdup failed");
3003 homes = lp_servicenumber(HOMES_NAME);
3005 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
3006 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
3009 if (lp_servicenumber(p) >= 0)
3012 home = get_user_home_dir(talloc_tos(), p);
3014 if (home && home[0] && homes >= 0)
3015 lp_add_home(p, homes, p, home);
3022 /***************************************************************************
3023 Auto-load one printer.
3024 ***************************************************************************/
3026 void lp_add_one_printer(const char *name, const char *comment,
3027 const char *location, void *pdata)
3029 int printers = lp_servicenumber(PRINTERS_NAME);
3032 if (lp_servicenumber(name) < 0) {
3033 lp_add_printer(name, printers);
3034 if ((i = lp_servicenumber(name)) >= 0) {
3035 lpcfg_string_set(ServicePtrs[i],
3036 &ServicePtrs[i]->comment, comment);
3037 ServicePtrs[i]->autoloaded = true;
3042 /***************************************************************************
3043 Have we loaded a services file yet?
3044 ***************************************************************************/
3046 bool lp_loaded(void)
3051 /***************************************************************************
3052 Unload unused services.
3053 ***************************************************************************/
3055 void lp_killunused(struct smbd_server_connection *sconn,
3056 bool (*snumused) (struct smbd_server_connection *, int))
3059 for (i = 0; i < iNumServices; i++) {
3063 /* don't kill autoloaded or usershare services */
3064 if ( ServicePtrs[i]->autoloaded ||
3065 ServicePtrs[i]->usershare == USERSHARE_VALID) {
3069 if (!snumused || !snumused(sconn, i)) {
3070 free_service_byindex(i);
3076 * Kill all except autoloaded and usershare services - convenience wrapper
3078 void lp_kill_all_services(void)
3080 lp_killunused(NULL, NULL);
3083 /***************************************************************************
3085 ***************************************************************************/
3087 void lp_killservice(int iServiceIn)
3089 if (VALID(iServiceIn)) {
3090 free_service_byindex(iServiceIn);
3094 /***************************************************************************
3095 Save the curent values of all global and sDefault parameters into the
3096 defaults union. This allows testparm to show only the
3097 changed (ie. non-default) parameters.
3098 ***************************************************************************/
3100 static void lp_save_defaults(void)
3103 struct parmlist_entry * parm;
3104 for (i = 0; parm_table[i].label; i++) {
3105 if (!(flags_list[i] & FLAG_CMDLINE)) {
3106 flags_list[i] |= FLAG_DEFAULT;
3109 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3110 && parm_table[i].p_class == parm_table[i - 1].p_class)
3112 switch (parm_table[i].type) {
3115 parm_table[i].def.lvalue = str_list_copy(
3116 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3122 &parm_table[i].def.svalue,
3123 *(char **)lp_parm_ptr(
3124 NULL, &parm_table[i]));
3125 if (parm_table[i].def.svalue == NULL) {
3126 smb_panic("lpcfg_string_set() failed");
3131 parm_table[i].def.bvalue =
3132 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3135 parm_table[i].def.cvalue =
3136 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3142 parm_table[i].def.ivalue =
3143 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3148 for (parm=Globals.param_opt; parm; parm=parm->next) {
3149 if (!(parm->priority & FLAG_CMDLINE)) {
3150 parm->priority |= FLAG_DEFAULT;
3154 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3155 if (!(parm->priority & FLAG_CMDLINE)) {
3156 parm->priority |= FLAG_DEFAULT;
3160 defaults_saved = true;
3163 /***********************************************************
3164 If we should send plaintext/LANMAN passwords in the clinet
3165 ************************************************************/
3167 static void set_allowed_client_auth(void)
3169 if (Globals.client_ntlmv2_auth) {
3170 Globals.client_lanman_auth = false;
3172 if (!Globals.client_lanman_auth) {
3173 Globals.client_plaintext_auth = false;
3177 /***************************************************************************
3179 The following code allows smbd to read a user defined share file.
3180 Yes, this is my intent. Yes, I'm comfortable with that...
3182 THE FOLLOWING IS SECURITY CRITICAL CODE.
3184 It washes your clothes, it cleans your house, it guards you while you sleep...
3185 Do not f%^k with it....
3186 ***************************************************************************/
3188 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3190 /***************************************************************************
3191 Check allowed stat state of a usershare file.
3192 Ensure we print out who is dicking with us so the admin can
3193 get their sorry ass fired.
3194 ***************************************************************************/
3196 static bool check_usershare_stat(const char *fname,
3197 const SMB_STRUCT_STAT *psbuf)
3199 if (!S_ISREG(psbuf->st_ex_mode)) {
3200 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3201 "not a regular file\n",
3202 fname, (unsigned int)psbuf->st_ex_uid ));
3206 /* Ensure this doesn't have the other write bit set. */
3207 if (psbuf->st_ex_mode & S_IWOTH) {
3208 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3209 "public write. Refusing to allow as a usershare file.\n",
3210 fname, (unsigned int)psbuf->st_ex_uid ));
3214 /* Should be 10k or less. */
3215 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3216 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3217 "too large (%u) to be a user share file.\n",
3218 fname, (unsigned int)psbuf->st_ex_uid,
3219 (unsigned int)psbuf->st_ex_size ));
3226 /***************************************************************************
3227 Parse the contents of a usershare file.
3228 ***************************************************************************/
3230 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3231 SMB_STRUCT_STAT *psbuf,
3232 const char *servicename,
3236 char **pp_sharepath,
3238 char **pp_cp_servicename,
3239 struct security_descriptor **ppsd,
3242 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3243 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3246 SMB_STRUCT_STAT sbuf;
3247 char *sharepath = NULL;
3248 char *comment = NULL;
3250 *pp_sharepath = NULL;
3253 *pallow_guest = false;
3256 return USERSHARE_MALFORMED_FILE;
3259 if (strcmp(lines[0], "#VERSION 1") == 0) {
3261 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3264 return USERSHARE_MALFORMED_FILE;
3267 return USERSHARE_BAD_VERSION;
3270 if (strncmp(lines[1], "path=", 5) != 0) {
3271 return USERSHARE_MALFORMED_PATH;
3274 sharepath = talloc_strdup(ctx, &lines[1][5]);
3276 return USERSHARE_POSIX_ERR;
3278 trim_string(sharepath, " ", " ");
3280 if (strncmp(lines[2], "comment=", 8) != 0) {
3281 return USERSHARE_MALFORMED_COMMENT_DEF;
3284 comment = talloc_strdup(ctx, &lines[2][8]);
3286 return USERSHARE_POSIX_ERR;
3288 trim_string(comment, " ", " ");
3289 trim_char(comment, '"', '"');
3291 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3292 return USERSHARE_MALFORMED_ACL_DEF;
3295 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3296 return USERSHARE_ACL_ERR;
3300 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3301 return USERSHARE_MALFORMED_ACL_DEF;
3303 if (lines[4][9] == 'y') {
3304 *pallow_guest = true;
3307 /* Backwards compatible extension to file version #2. */
3309 if (strncmp(lines[5], "sharename=", 10) != 0) {
3310 return USERSHARE_MALFORMED_SHARENAME_DEF;
3312 if (!strequal(&lines[5][10], servicename)) {
3313 return USERSHARE_BAD_SHARENAME;
3315 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3316 if (!*pp_cp_servicename) {
3317 return USERSHARE_POSIX_ERR;
3322 if (*pp_cp_servicename == NULL) {
3323 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3324 if (!*pp_cp_servicename) {
3325 return USERSHARE_POSIX_ERR;
3329 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3330 /* Path didn't change, no checks needed. */
3331 *pp_sharepath = sharepath;
3332 *pp_comment = comment;
3333 return USERSHARE_OK;
3336 /* The path *must* be absolute. */
3337 if (sharepath[0] != '/') {
3338 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3339 servicename, sharepath));
3340 return USERSHARE_PATH_NOT_ABSOLUTE;
3343 /* If there is a usershare prefix deny list ensure one of these paths
3344 doesn't match the start of the user given path. */
3345 if (prefixdenylist) {
3347 for ( i=0; prefixdenylist[i]; i++ ) {
3348 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3349 servicename, i, prefixdenylist[i], sharepath ));
3350 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3351 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3352 "usershare prefix deny list entries.\n",
3353 servicename, sharepath));
3354 return USERSHARE_PATH_IS_DENIED;
3359 /* If there is a usershare prefix allow list ensure one of these paths
3360 does match the start of the user given path. */
3362 if (prefixallowlist) {
3364 for ( i=0; prefixallowlist[i]; i++ ) {
3365 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3366 servicename, i, prefixallowlist[i], sharepath ));
3367 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3371 if (prefixallowlist[i] == NULL) {
3372 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3373 "usershare prefix allow list entries.\n",
3374 servicename, sharepath));
3375 return USERSHARE_PATH_NOT_ALLOWED;
3379 /* Ensure this is pointing to a directory. */
3380 dp = opendir(sharepath);
3383 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3384 servicename, sharepath));
3385 return USERSHARE_PATH_NOT_DIRECTORY;
3388 /* Ensure the owner of the usershare file has permission to share
3391 if (sys_stat(sharepath, &sbuf, false) == -1) {
3392 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3393 servicename, sharepath, strerror(errno) ));
3395 return USERSHARE_POSIX_ERR;
3400 if (!S_ISDIR(sbuf.st_ex_mode)) {
3401 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3402 servicename, sharepath ));
3403 return USERSHARE_PATH_NOT_DIRECTORY;
3406 /* Check if sharing is restricted to owner-only. */
3407 /* psbuf is the stat of the usershare definition file,
3408 sbuf is the stat of the target directory to be shared. */
3410 if (lp_usershare_owner_only()) {
3411 /* root can share anything. */
3412 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3413 return USERSHARE_PATH_NOT_ALLOWED;
3417 *pp_sharepath = sharepath;
3418 *pp_comment = comment;
3419 return USERSHARE_OK;
3422 /***************************************************************************
3423 Deal with a usershare file.
3426 -1 - Bad name, invalid contents.
3427 - service name already existed and not a usershare, problem
3428 with permissions to share directory etc.
3429 ***************************************************************************/
3431 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3433 SMB_STRUCT_STAT sbuf;
3434 SMB_STRUCT_STAT lsbuf;
3436 char *sharepath = NULL;
3437 char *comment = NULL;
3438 char *cp_service_name = NULL;
3439 char **lines = NULL;
3443 TALLOC_CTX *ctx = talloc_stackframe();
3444 struct security_descriptor *psd = NULL;
3445 bool guest_ok = false;
3446 char *canon_name = NULL;
3447 bool added_service = false;
3451 /* Ensure share name doesn't contain invalid characters. */
3452 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3453 DEBUG(0,("process_usershare_file: share name %s contains "
3454 "invalid characters (any of %s)\n",
3455 file_name, INVALID_SHARENAME_CHARS ));
3459 canon_name = canonicalize_servicename(ctx, file_name);
3464 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3469 /* Minimize the race condition by doing an lstat before we
3470 open and fstat. Ensure this isn't a symlink link. */
3472 if (sys_lstat(fname, &lsbuf, false) != 0) {
3473 if (errno == ENOENT) {
3474 /* Unknown share requested. Just ignore. */
3477 /* Only log messages for meaningful problems. */
3478 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3479 fname, strerror(errno) ));
3483 /* This must be a regular file, not a symlink, directory or
3484 other strange filetype. */
3485 if (!check_usershare_stat(fname, &lsbuf)) {
3492 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3497 if (NT_STATUS_IS_OK(status) &&
3498 (data.dptr != NULL) &&
3499 (data.dsize == sizeof(iService))) {
3500 memcpy(&iService, data.dptr, sizeof(iService));
3504 if (iService != -1 &&
3505 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3506 &lsbuf.st_ex_mtime) == 0) {
3507 /* Nothing changed - Mark valid and return. */
3508 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3510 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3515 /* Try and open the file read only - no symlinks allowed. */
3517 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3519 fd = open(fname, O_RDONLY, 0);
3523 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3524 fname, strerror(errno) ));
3528 /* Now fstat to be *SURE* it's a regular file. */
3529 if (sys_fstat(fd, &sbuf, false) != 0) {
3531 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3532 fname, strerror(errno) ));
3536 /* Is it the same dev/inode as was lstated ? */
3537 if (!check_same_stat(&lsbuf, &sbuf)) {
3539 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3540 "Symlink spoofing going on ?\n", fname ));
3544 /* This must be a regular file, not a symlink, directory or
3545 other strange filetype. */
3546 if (!check_usershare_stat(fname, &sbuf)) {
3551 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3554 if (lines == NULL) {
3555 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3556 fname, (unsigned int)sbuf.st_ex_uid ));
3560 if (parse_usershare_file(ctx, &sbuf, file_name,
3561 iService, lines, numlines, &sharepath,
3562 &comment, &cp_service_name,
3563 &psd, &guest_ok) != USERSHARE_OK) {
3567 /* Everything ok - add the service possibly using a template. */
3569 const struct loadparm_service *sp = &sDefault;
3570 if (snum_template != -1) {
3571 sp = ServicePtrs[snum_template];
3574 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3575 DEBUG(0, ("process_usershare_file: Failed to add "
3576 "new service %s\n", cp_service_name));
3580 added_service = true;
3582 /* Read only is controlled by usershare ACL below. */
3583 ServicePtrs[iService]->read_only = false;
3586 /* Write the ACL of the new/modified share. */
3587 status = set_share_security(canon_name, psd);
3588 if (!NT_STATUS_IS_OK(status)) {
3589 DEBUG(0, ("process_usershare_file: Failed to set share "
3590 "security for user share %s\n",
3595 /* If from a template it may be marked invalid. */
3596 ServicePtrs[iService]->valid = true;
3598 /* Set the service as a valid usershare. */
3599 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3601 /* Set guest access. */
3602 if (lp_usershare_allow_guests()) {
3603 ServicePtrs[iService]->guest_ok = guest_ok;
3606 /* And note when it was loaded. */
3607 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3608 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3610 lpcfg_string_set(ServicePtrs[iService],
3611 &ServicePtrs[iService]->comment, comment);
3617 if (ret == -1 && iService != -1 && added_service) {
3618 lp_remove_service(iService);
3626 /***************************************************************************
3627 Checks if a usershare entry has been modified since last load.
3628 ***************************************************************************/
3630 static bool usershare_exists(int iService, struct timespec *last_mod)
3632 SMB_STRUCT_STAT lsbuf;
3633 const char *usersharepath = Globals.usershare_path;
3636 fname = talloc_asprintf(talloc_tos(),
3639 ServicePtrs[iService]->szService);
3640 if (fname == NULL) {
3644 if (sys_lstat(fname, &lsbuf, false) != 0) {
3649 if (!S_ISREG(lsbuf.st_ex_mode)) {
3655 *last_mod = lsbuf.st_ex_mtime;
3659 static bool usershare_directory_is_root(uid_t uid)
3665 if (uid_wrapper_enabled()) {
3672 /***************************************************************************
3673 Load a usershare service by name. Returns a valid servicenumber or -1.
3674 ***************************************************************************/
3676 int load_usershare_service(const char *servicename)
3678 SMB_STRUCT_STAT sbuf;
3679 const char *usersharepath = Globals.usershare_path;
3680 int max_user_shares = Globals.usershare_max_shares;
3681 int snum_template = -1;
3683 if (servicename[0] == '\0') {
3684 /* Invalid service name. */
3688 if (*usersharepath == 0 || max_user_shares == 0) {
3692 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3693 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3694 usersharepath, strerror(errno) ));
3698 if (!S_ISDIR(sbuf.st_ex_mode)) {
3699 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3705 * This directory must be owned by root, and have the 't' bit set.
3706 * It also must not be writable by "other".
3710 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3711 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3713 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3714 (sbuf.st_ex_mode & S_IWOTH)) {
3716 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3717 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3722 /* Ensure the template share exists if it's set. */
3723 if (Globals.usershare_template_share[0]) {
3724 /* We can't use lp_servicenumber here as we are recommending that
3725 template shares have -valid=false set. */
3726 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3727 if (ServicePtrs[snum_template]->szService &&
3728 strequal(ServicePtrs[snum_template]->szService,
3729 Globals.usershare_template_share)) {
3734 if (snum_template == -1) {
3735 DEBUG(0,("load_usershare_service: usershare template share %s "
3736 "does not exist.\n",
3737 Globals.usershare_template_share ));
3742 return process_usershare_file(usersharepath, servicename, snum_template);
3745 /***************************************************************************
3746 Load all user defined shares from the user share directory.
3747 We only do this if we're enumerating the share list.
3748 This is the function that can delete usershares that have
3750 ***************************************************************************/
3752 int load_usershare_shares(struct smbd_server_connection *sconn,
3753 bool (*snumused) (struct smbd_server_connection *, int))
3756 SMB_STRUCT_STAT sbuf;
3758 int num_usershares = 0;
3759 int max_user_shares = Globals.usershare_max_shares;
3760 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3761 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3762 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3764 int snum_template = -1;
3765 const char *usersharepath = Globals.usershare_path;
3766 int ret = lp_numservices();
3767 TALLOC_CTX *tmp_ctx;
3769 if (max_user_shares == 0 || *usersharepath == '\0') {
3770 return lp_numservices();
3773 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3774 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3775 usersharepath, strerror(errno) ));
3780 * This directory must be owned by root, and have the 't' bit set.
3781 * It also must not be writable by "other".
3785 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3787 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3789 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3790 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3795 /* Ensure the template share exists if it's set. */
3796 if (Globals.usershare_template_share[0]) {
3797 /* We can't use lp_servicenumber here as we are recommending that
3798 template shares have -valid=false set. */
3799 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3800 if (ServicePtrs[snum_template]->szService &&
3801 strequal(ServicePtrs[snum_template]->szService,
3802 Globals.usershare_template_share)) {
3807 if (snum_template == -1) {
3808 DEBUG(0,("load_usershare_shares: usershare template share %s "
3809 "does not exist.\n",
3810 Globals.usershare_template_share ));
3815 /* Mark all existing usershares as pending delete. */
3816 for (iService = iNumServices - 1; iService >= 0; iService--) {
3817 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3818 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3822 dp = opendir(usersharepath);
3824 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3825 usersharepath, strerror(errno) ));
3829 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3831 num_dir_entries++ ) {
3833 const char *n = de->d_name;
3835 /* Ignore . and .. */
3837 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3843 /* Temporary file used when creating a share. */
3844 num_tmp_dir_entries++;
3847 /* Allow 20% tmp entries. */
3848 if (num_tmp_dir_entries > allowed_tmp_entries) {
3849 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3850 "in directory %s\n",
3851 num_tmp_dir_entries, usersharepath));
3855 r = process_usershare_file(usersharepath, n, snum_template);
3857 /* Update the services count. */
3859 if (num_usershares >= max_user_shares) {
3860 DEBUG(0,("load_usershare_shares: max user shares reached "
3861 "on file %s in directory %s\n",
3862 n, usersharepath ));
3865 } else if (r == -1) {
3866 num_bad_dir_entries++;
3869 /* Allow 20% bad entries. */
3870 if (num_bad_dir_entries > allowed_bad_entries) {
3871 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3872 "in directory %s\n",
3873 num_bad_dir_entries, usersharepath));
3877 /* Allow 20% bad entries. */
3878 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3879 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3880 "in directory %s\n",
3881 num_dir_entries, usersharepath));
3888 /* Sweep through and delete any non-refreshed usershares that are
3889 not currently in use. */
3890 tmp_ctx = talloc_stackframe();
3891 for (iService = iNumServices - 1; iService >= 0; iService--) {
3892 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3893 const struct loadparm_substitution *lp_sub =
3894 loadparm_s3_global_substitution();
3897 if (snumused && snumused(sconn, iService)) {
3901 servname = lp_servicename(tmp_ctx, lp_sub, iService);
3903 /* Remove from the share ACL db. */
3904 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3906 delete_share_security(servname);
3907 free_service_byindex(iService);
3910 talloc_free(tmp_ctx);
3912 return lp_numservices();
3915 /********************************************************
3916 Destroy global resources allocated in this file
3917 ********************************************************/
3919 void gfree_loadparm(void)
3925 /* Free resources allocated to services */
3927 for ( i = 0; i < iNumServices; i++ ) {
3929 free_service_byindex(i);
3933 TALLOC_FREE( ServicePtrs );
3936 /* Now release all resources allocated to global
3937 parameters and the default service */
3939 free_global_parameters();
3943 /***************************************************************************
3944 Allow client apps to specify that they are a client
3945 ***************************************************************************/
3946 static void lp_set_in_client(bool b)
3952 /***************************************************************************
3953 Determine if we're running in a client app
3954 ***************************************************************************/
3955 static bool lp_is_in_client(void)
3960 static void lp_enforce_ad_dc_settings(void)
3962 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3963 lp_do_parameter(GLOBAL_SECTION_SNUM,
3964 "winbindd:use external pipes", "true");
3965 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3966 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3967 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3968 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3969 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3970 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3971 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3972 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3973 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3976 /***************************************************************************
3977 Load the services array from the services file. Return true on success,
3979 ***************************************************************************/
3981 static bool lp_load_ex(const char *pszFname,
3985 bool reinit_globals,
3986 bool allow_include_registry,
3987 bool load_all_shares)
3991 TALLOC_CTX *frame = talloc_stackframe();
3992 struct loadparm_context *lp_ctx;
3993 int max_protocol, min_protocol;
3995 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3997 bInGlobalSection = true;
3998 bGlobalOnly = global_only;
3999 bAllowIncludeRegistry = allow_include_registry;
4000 sDefault = _sDefault;
4002 lp_ctx = setup_lp_context(talloc_tos());
4004 init_globals(lp_ctx, reinit_globals);
4008 if (save_defaults) {
4013 if (!reinit_globals) {
4014 free_param_opts(&Globals.param_opt);
4015 apply_lp_set_cmdline();
4018 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
4020 /* We get sections first, so have to start 'behind' to make up */
4023 if (lp_config_backend_is_file()) {
4024 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
4025 get_current_user_info_domain(),
4028 smb_panic("lp_load_ex: out of memory");
4031 add_to_file_list(NULL, &file_lists, pszFname, n2);
4033 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
4036 /* finish up the last section */
4037 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
4039 if (iServiceIndex >= 0) {
4040 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
4044 if (lp_config_backend_is_registry()) {
4046 /* config backend changed to registry in config file */
4048 * We need to use this extra global variable here to
4049 * survive restart: init_globals uses this as a default
4050 * for config_backend. Otherwise, init_globals would
4051 * send us into an endless loop here.
4054 config_backend = CONFIG_BACKEND_REGISTRY;
4056 DEBUG(1, ("lp_load_ex: changing to config backend "
4058 init_globals(lp_ctx, true);
4060 TALLOC_FREE(lp_ctx);
4062 lp_kill_all_services();
4063 ok = lp_load_ex(pszFname, global_only, save_defaults,
4064 add_ipc, reinit_globals,
4065 allow_include_registry,
4070 } else if (lp_config_backend_is_registry()) {
4071 bRetval = process_registry_globals();
4073 DEBUG(0, ("Illegal config backend given: %d\n",
4074 lp_config_backend()));
4078 if (bRetval && lp_registry_shares()) {
4079 if (load_all_shares) {
4080 bRetval = process_registry_shares();
4082 bRetval = reload_registry_shares();
4087 const struct loadparm_substitution *lp_sub =
4088 loadparm_s3_global_substitution();
4089 char *serv = lp_auto_services(talloc_tos(), lp_sub);
4090 lp_add_auto_services(serv);
4095 /* When 'restrict anonymous = 2' guest connections to ipc$
4097 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
4098 if ( lp_enable_asu_support() ) {
4099 lp_add_ipc("ADMIN$", false);
4103 set_allowed_client_auth();
4105 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
4106 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
4107 lp_password_server()));
4112 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4113 /* if we_are_a_wins_server is true and we are in the client */
4114 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4115 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4120 fault_configure(smb_panic_s3);
4123 * We run this check once the whole smb.conf is parsed, to
4124 * force some settings for the standard way a AD DC is
4125 * operated. We may change these as our code evolves, which
4126 * is why we force these settings.
4128 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4129 lp_enforce_ad_dc_settings();
4132 bAllowIncludeRegistry = true;
4134 /* Check if command line max protocol < min protocol, if so
4135 * report a warning to the user.
4137 max_protocol = lp_client_max_protocol();
4138 min_protocol = lp_client_min_protocol();
4139 if (max_protocol < min_protocol) {
4140 const char *max_protocolp, *min_protocolp;
4141 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4142 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4143 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4144 max_protocolp, min_protocolp);
4151 static bool lp_load(const char *pszFname,
4155 bool reinit_globals)
4157 return lp_load_ex(pszFname,
4162 true, /* allow_include_registry */
4163 false); /* load_all_shares*/
4166 bool lp_load_initial_only(const char *pszFname)
4168 return lp_load_ex(pszFname,
4169 true, /* global only */
4170 true, /* save_defaults */
4171 false, /* add_ipc */
4172 true, /* reinit_globals */
4173 false, /* allow_include_registry */
4174 false); /* load_all_shares*/
4178 * most common lp_load wrapper, loading only the globals
4180 * If this is used in a daemon or client utility it should be called
4181 * after processing popt.
4183 bool lp_load_global(const char *file_name)
4185 return lp_load(file_name,
4186 true, /* global_only */
4187 false, /* save_defaults */
4188 false, /* add_ipc */
4189 true); /* reinit_globals */
4193 * The typical lp_load wrapper with shares, loads global and
4194 * shares, including IPC, but does not force immediate
4195 * loading of all shares from registry.
4197 bool lp_load_with_shares(const char *file_name)
4199 return lp_load(file_name,
4200 false, /* global_only */
4201 false, /* save_defaults */
4203 true); /* reinit_globals */
4207 * lp_load wrapper, especially for clients
4209 bool lp_load_client(const char *file_name)
4211 lp_set_in_client(true);
4213 return lp_load_global(file_name);
4217 * lp_load wrapper, loading only globals, but intended
4218 * for subsequent calls, not reinitializing the globals
4221 bool lp_load_global_no_reinit(const char *file_name)
4223 return lp_load(file_name,
4224 true, /* global_only */
4225 false, /* save_defaults */
4226 false, /* add_ipc */
4227 false); /* reinit_globals */
4231 * lp_load wrapper, loading globals and shares,
4232 * intended for subsequent calls, i.e. not reinitializing
4233 * the globals to default values.
4235 bool lp_load_no_reinit(const char *file_name)
4237 return lp_load(file_name,
4238 false, /* global_only */
4239 false, /* save_defaults */
4240 false, /* add_ipc */
4241 false); /* reinit_globals */
4246 * lp_load wrapper, especially for clients, no reinitialization
4248 bool lp_load_client_no_reinit(const char *file_name)
4250 lp_set_in_client(true);
4252 return lp_load_global_no_reinit(file_name);
4255 bool lp_load_with_registry_shares(const char *pszFname)
4257 return lp_load_ex(pszFname,
4258 false, /* global_only */
4259 true, /* save_defaults */
4260 false, /* add_ipc */
4261 true, /* reinit_globals */
4262 true, /* allow_include_registry */
4263 true); /* load_all_shares*/
4266 /***************************************************************************
4267 Return the max number of services.
4268 ***************************************************************************/
4270 int lp_numservices(void)
4272 return (iNumServices);
4275 /***************************************************************************
4276 Display the contents of the services array in human-readable form.
4277 ***************************************************************************/
4279 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4282 struct loadparm_context *lp_ctx;
4285 defaults_saved = false;
4287 lp_ctx = setup_lp_context(talloc_tos());
4288 if (lp_ctx == NULL) {
4292 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4294 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4296 for (iService = 0; iService < maxtoprint; iService++) {
4298 lp_dump_one(f, show_defaults, iService);
4300 TALLOC_FREE(lp_ctx);
4303 /***************************************************************************
4304 Display the contents of one service in human-readable form.
4305 ***************************************************************************/
4307 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4310 if (ServicePtrs[snum]->szService[0] == '\0')
4312 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4313 flags_list, show_defaults);
4317 /***************************************************************************
4318 Return the number of the service with the given name, or -1 if it doesn't
4319 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4320 getservicebyname()! This works ONLY if all services have been loaded, and
4321 does not copy the found service.
4322 ***************************************************************************/
4324 int lp_servicenumber(const char *pszServiceName)
4327 fstring serviceName;
4329 if (!pszServiceName) {
4330 return GLOBAL_SECTION_SNUM;
4333 for (iService = iNumServices - 1; iService >= 0; iService--) {
4334 if (VALID(iService) && ServicePtrs[iService]->szService) {
4336 * The substitution here is used to support %U in
4339 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4340 standard_sub_basic(get_current_username(),
4341 get_current_user_info_domain(),
4342 serviceName,sizeof(serviceName));
4343 if (strequal(serviceName, pszServiceName)) {
4349 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4350 struct timespec last_mod;
4352 if (!usershare_exists(iService, &last_mod)) {
4353 /* Remove the share security tdb entry for it. */
4354 delete_share_security(lp_const_servicename(iService));
4355 /* Remove it from the array. */
4356 free_service_byindex(iService);
4357 /* Doesn't exist anymore. */
4358 return GLOBAL_SECTION_SNUM;
4361 /* Has it been modified ? If so delete and reload. */
4362 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4364 /* Remove it from the array. */
4365 free_service_byindex(iService);
4366 /* and now reload it. */
4367 iService = load_usershare_service(pszServiceName);
4372 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4373 return GLOBAL_SECTION_SNUM;
4379 /*******************************************************************
4380 A useful volume label function.
4381 ********************************************************************/
4383 const char *volume_label(TALLOC_CTX *ctx, int snum)
4385 const struct loadparm_substitution *lp_sub =
4386 loadparm_s3_global_substitution();
4388 const char *label = lp_volume(ctx, lp_sub, snum);
4392 label = lp_servicename(ctx, lp_sub, snum);
4396 * Volume label can be a max of 32 bytes. Make sure to truncate
4397 * it at a codepoint boundary if it's longer than 32 and contains
4398 * multibyte characters. Windows insists on a volume label being
4399 * a valid mb sequence, and errors out if not.
4401 if (strlen(label) > 32) {
4403 * A MB char can be a max of 5 bytes, thus
4404 * we should have a valid mb character at a
4405 * minimum position of (32-5) = 27.
4409 * Check if a codepoint starting from next byte
4410 * is valid. If yes, then the current byte is the
4411 * end of a MB or ascii sequence and the label can
4412 * be safely truncated here. If not, keep going
4413 * backwards till a valid codepoint is found.
4416 const char *s = &label[end];
4417 codepoint_t c = next_codepoint(s, &len);
4418 if (c != INVALID_CODEPOINT) {
4425 /* This returns a max of 33 byte guarenteed null terminated string. */
4426 ret = talloc_strndup(ctx, label, end);
4433 /*******************************************************************
4434 Get the default server type we will announce as via nmbd.
4435 ********************************************************************/
4437 int lp_default_server_announce(void)
4439 int default_server_announce = 0;
4440 default_server_announce |= SV_TYPE_WORKSTATION;
4441 default_server_announce |= SV_TYPE_SERVER;
4442 default_server_announce |= SV_TYPE_SERVER_UNIX;
4444 /* note that the flag should be set only if we have a
4445 printer service but nmbd doesn't actually load the
4446 services so we can't tell --jerry */
4448 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4450 default_server_announce |= SV_TYPE_SERVER_NT;
4451 default_server_announce |= SV_TYPE_NT;
4453 switch (lp_server_role()) {
4454 case ROLE_DOMAIN_MEMBER:
4455 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4457 case ROLE_DOMAIN_PDC:
4459 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4461 case ROLE_DOMAIN_BDC:
4462 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4464 case ROLE_STANDALONE:
4468 if (lp_time_server())
4469 default_server_announce |= SV_TYPE_TIME_SOURCE;
4471 if (lp_host_msdfs())
4472 default_server_announce |= SV_TYPE_DFS_SERVER;
4474 return default_server_announce;
4477 /***********************************************************
4478 If we are PDC then prefer us as DMB
4479 ************************************************************/
4481 bool lp_domain_master(void)
4483 if (Globals._domain_master == Auto)
4484 return (lp_server_role() == ROLE_DOMAIN_PDC ||
4485 lp_server_role() == ROLE_IPA_DC);
4487 return (bool)Globals._domain_master;
4490 /***********************************************************
4491 If we are PDC then prefer us as DMB
4492 ************************************************************/
4494 static bool lp_domain_master_true_or_auto(void)
4496 if (Globals._domain_master) /* auto or yes */
4502 /***********************************************************
4503 If we are DMB then prefer us as LMB
4504 ************************************************************/
4506 bool lp_preferred_master(void)
4508 int preferred_master = lp__preferred_master();
4510 if (preferred_master == Auto)
4511 return (lp_local_master() && lp_domain_master());
4513 return (bool)preferred_master;
4516 /*******************************************************************
4518 ********************************************************************/
4520 void lp_remove_service(int snum)
4522 ServicePtrs[snum]->valid = false;
4525 const char *lp_printername(TALLOC_CTX *ctx,
4526 const struct loadparm_substitution *lp_sub,
4529 const char *ret = lp__printername(ctx, lp_sub, snum);
4531 if (ret == NULL || *ret == '\0') {
4532 ret = lp_const_servicename(snum);
4539 /***********************************************************
4540 Allow daemons such as winbindd to fix their logfile name.
4541 ************************************************************/
4543 void lp_set_logfile(const char *name)
4545 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4546 debug_set_logfile(name);
4549 /*******************************************************************
4550 Return the max print jobs per queue.
4551 ********************************************************************/
4553 int lp_maxprintjobs(int snum)
4555 int maxjobs = lp_max_print_jobs(snum);
4557 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4558 maxjobs = PRINT_MAX_JOBID - 1;
4563 const char *lp_printcapname(void)
4565 const char *printcap_name = lp_printcap_name();
4567 if ((printcap_name != NULL) &&
4568 (printcap_name[0] != '\0'))
4569 return printcap_name;
4571 if (sDefault.printing == PRINT_CUPS) {
4575 if (sDefault.printing == PRINT_BSD)
4576 return "/etc/printcap";
4578 return PRINTCAP_NAME;
4581 static uint32_t spoolss_state;
4583 bool lp_disable_spoolss( void )
4585 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4586 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4588 return spoolss_state == SVCCTL_STOPPED ? true : false;
4591 void lp_set_spoolss_state( uint32_t state )
4593 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4595 spoolss_state = state;
4598 uint32_t lp_get_spoolss_state( void )
4600 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4603 /*******************************************************************
4604 Turn off sendfile if we find the underlying OS doesn't support it.
4605 ********************************************************************/
4607 void set_use_sendfile(int snum, bool val)
4609 if (LP_SNUM_OK(snum))
4610 ServicePtrs[snum]->_use_sendfile = val;
4612 sDefault._use_sendfile = val;
4615 void lp_set_mangling_method(const char *new_method)
4617 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4620 /*******************************************************************
4621 Global state for POSIX pathname processing.
4622 ********************************************************************/
4624 static bool posix_pathnames;
4626 bool lp_posix_pathnames(void)
4628 return posix_pathnames;
4631 /*******************************************************************
4632 Change everything needed to ensure POSIX pathname processing (currently
4634 ********************************************************************/
4636 void lp_set_posix_pathnames(void)
4638 posix_pathnames = true;
4641 /*******************************************************************
4642 Global state for POSIX lock processing - CIFS unix extensions.
4643 ********************************************************************/
4645 bool posix_default_lock_was_set;
4646 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4648 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4650 if (posix_default_lock_was_set) {
4651 return posix_cifsx_locktype;
4653 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4654 POSIX_LOCK : WINDOWS_LOCK;
4658 /*******************************************************************
4659 ********************************************************************/
4661 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4663 posix_default_lock_was_set = true;
4664 posix_cifsx_locktype = val;
4667 int lp_min_receive_file_size(void)
4669 int min_receivefile_size = lp_min_receivefile_size();
4671 if (min_receivefile_size < 0) {
4674 return min_receivefile_size;
4677 /*******************************************************************
4678 Safe wide links checks.
4679 This helper function always verify the validity of wide links,
4680 even after a configuration file reload.
4681 ********************************************************************/
4683 void widelinks_warning(int snum)
4685 if (lp_allow_insecure_wide_links()) {
4689 if (lp_wide_links(snum)) {
4690 if (lp_smb1_unix_extensions()) {
4691 DBG_ERR("Share '%s' has wide links and SMB1 unix "
4692 "extensions enabled. "
4693 "These parameters are incompatible. "
4694 "Wide links will be disabled for this share.\n",
4695 lp_const_servicename(snum));
4696 } else if (lp_smb3_unix_extensions()) {
4697 DBG_ERR("Share '%s' has wide links and SMB3 unix "
4698 "extensions enabled. "
4699 "These parameters are incompatible. "
4700 "Wide links will be disabled for this share.\n",
4701 lp_const_servicename(snum));
4706 bool lp_widelinks(int snum)
4708 /* wide links is always incompatible with unix extensions */
4709 if (lp_smb1_unix_extensions() || lp_smb3_unix_extensions()) {
4711 * Unless we have "allow insecure widelinks"
4714 if (!lp_allow_insecure_wide_links()) {
4719 return lp_wide_links(snum);
4722 int lp_server_role(void)
4724 return lp_find_server_role(lp__server_role(),
4726 lp__domain_logons(),
4727 lp_domain_master_true_or_auto());
4730 int lp_security(void)
4732 return lp_find_security(lp__server_role(),
4736 int lp_client_max_protocol(void)
4738 int client_max_protocol = lp__client_max_protocol();
4739 if (client_max_protocol == PROTOCOL_DEFAULT) {
4740 return PROTOCOL_LATEST;
4742 return client_max_protocol;
4745 int lp_client_ipc_min_protocol(void)
4747 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4748 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4749 client_ipc_min_protocol = lp_client_min_protocol();
4751 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4752 return PROTOCOL_NT1;
4754 return client_ipc_min_protocol;
4757 int lp_client_ipc_max_protocol(void)
4759 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4760 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4761 return PROTOCOL_LATEST;
4763 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4764 return PROTOCOL_NT1;
4766 return client_ipc_max_protocol;
4769 int lp_client_ipc_signing(void)
4771 int client_ipc_signing = lp__client_ipc_signing();
4772 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4773 return SMB_SIGNING_REQUIRED;
4775 return client_ipc_signing;
4778 enum credentials_use_kerberos lp_client_use_kerberos(void)
4780 if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
4781 return CRED_USE_KERBEROS_REQUIRED;
4784 return lp__client_use_kerberos();
4788 int lp_rpc_low_port(void)
4790 return Globals.rpc_low_port;
4793 int lp_rpc_high_port(void)
4795 return Globals.rpc_high_port;
4799 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4801 * This also ensures it is disabled if NTLM is totally disabled
4803 bool lp_lanman_auth(void)
4805 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4807 if (ntlm_auth_level == NTLM_AUTH_ON) {
4808 return lp__lanman_auth();
4814 struct loadparm_global * get_globals(void)
4819 unsigned int * get_flags(void)
4821 if (flags_list == NULL) {
4822 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
4828 enum samba_weak_crypto lp_weak_crypto(void)
4830 if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
4831 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
4833 if (samba_gnutls_weak_crypto_allowed()) {
4834 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
4838 return Globals.weak_crypto;
4841 uint32_t lp_get_async_dns_timeout(void)
4844 * Clamp minimum async dns timeout to 1 second
4845 * as per the man page.
4847 return MAX(Globals.async_dns_timeout, 1);
4850 bool lp_smb3_unix_extensions(void)
4853 * FIXME: If this gets always enabled, check source3/selftest/tests.py
4854 * and source3/wscript for HAVE_SMB3_UNIX_EXTENSIONS.
4856 #if defined(DEVELOPER)
4857 return lp__smb3_unix_extensions();
git.samba.org / samba.git / blob