2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "system/filesys.h"
60 #include "lib/param/loadparm.h"
61 #include "lib/param/param.h"
63 #include "lib/smbconf/smbconf.h"
64 #include "lib/smbconf/smbconf_init.h"
67 #include "../librpc/gen_ndr/svcctl.h"
69 #include "../libcli/smb/smb_signing.h"
70 #include "dbwrap/dbwrap.h"
71 #include "dbwrap/dbwrap_rbt.h"
72 #include "../lib/util/bitmap.h"
73 #include "librpc/gen_ndr/nbt.h"
74 #include "source4/lib/tls/tls.h"
75 #include "libcli/auth/ntlm_check.h"
76 #include "lib/crypto/gnutls_helpers.h"
78 #ifdef HAVE_SYS_SYSCTL_H
79 #include <sys/sysctl.h>
84 extern userdom_struct current_user_info;
86 /* the special value for the include parameter
87 * to be interpreted not as a file name but to
88 * trigger loading of the global smb.conf options
90 #ifndef INCLUDE_REGISTRY_NAME
91 #define INCLUDE_REGISTRY_NAME "registry"
94 static bool in_client = false; /* Not in the client by default */
95 static struct smbconf_csn conf_last_csn;
97 static int config_backend = CONFIG_BACKEND_FILE;
99 /* some helpful bits */
100 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
101 (ServicePtrs != NULL) && \
102 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
103 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
104 ServicePtrs[i]->valid)
106 #define USERSHARE_VALID 1
107 #define USERSHARE_PENDING_DELETE 2
109 static bool defaults_saved = false;
111 #include "lib/param/param_global.h"
113 static struct loadparm_global Globals;
115 /* This is a default service used to prime a services structure */
116 static const struct loadparm_service _sDefault =
121 .usershare_last_mod = {0, 0},
124 .invalid_users = NULL,
131 .root_preexec = NULL,
132 .root_postexec = NULL,
133 .cups_options = NULL,
134 .print_command = NULL,
136 .lprm_command = NULL,
137 .lppause_command = NULL,
138 .lpresume_command = NULL,
139 .queuepause_command = NULL,
140 .queueresume_command = NULL,
141 ._printername = NULL,
142 .printjob_username = NULL,
143 .dont_descend = NULL,
146 .magic_script = NULL,
147 .magic_output = NULL,
150 .veto_oplock_files = NULL,
160 .aio_write_behind = NULL,
161 .dfree_command = NULL,
162 .min_print_space = 0,
163 .max_print_jobs = 1000,
164 .max_reported_print_jobs = 0,
166 .force_create_mode = 0,
167 .directory_mask = 0755,
168 .force_directory_mode = 0,
169 .max_connections = 0,
170 .default_case = CASE_LOWER,
171 .printing = DEFAULT_PRINTING,
174 .dfree_cache_time = 0,
175 .preexec_close = false,
176 .root_preexec_close = false,
177 .case_sensitive = Auto,
178 .preserve_case = true,
179 .short_preserve_case = true,
180 .hide_dot_files = true,
181 .hide_special_files = false,
182 .hide_unreadable = false,
183 .hide_unwriteable_files = false,
185 .access_based_share_enum = false,
190 .administrative_share = false,
193 .print_notify_backchannel = false,
197 .store_dos_attributes = true,
198 .dmapi_support = false,
200 .strict_locking = Auto,
201 .posix_locking = true,
203 .kernel_oplocks = false,
204 .level2_oplocks = true,
205 .mangled_names = MANGLED_NAMES_ILLEGAL,
207 .follow_symlinks = true,
208 .sync_always = false,
209 .strict_allocate = false,
210 .strict_rename = false,
212 .mangling_char = '~',
214 .delete_readonly = false,
215 .fake_oplocks = false,
216 .delete_veto_files = false,
217 .dos_filemode = false,
218 .dos_filetimes = true,
219 .dos_filetime_resolution = false,
220 .fake_directory_create_times = false,
221 .blocking_locks = true,
222 .inherit_permissions = false,
223 .inherit_acls = false,
224 .inherit_owner = false,
226 .msdfs_shuffle_referrals = false,
227 .use_client_driver = false,
228 .default_devmode = true,
229 .force_printername = false,
230 .nt_acl_support = true,
231 .force_unknown_acl_user = false,
232 ._use_sendfile = false,
233 .map_acl_inherit = false,
236 .acl_check_permissions = true,
237 .acl_map_full_control = true,
238 .acl_group_control = false,
239 .acl_allow_execute_always = false,
242 .map_readonly = MAP_READONLY_NO,
243 .directory_name_cache_size = 100,
244 .smb_encrypt = SMB_SIGNING_DEFAULT,
245 .kernel_share_modes = true,
246 .durable_handles = true,
247 .check_parent_directory_delete_on_close = false,
249 .smbd_search_ask_sharemode = true,
250 .smbd_getinfo_ask_sharemode = true,
251 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
256 * This is a copy of the default service structure. Service options in the
257 * global section would otherwise overwrite the initial default values.
259 static struct loadparm_service sDefault;
261 /* local variables */
262 static struct loadparm_service **ServicePtrs = NULL;
263 static int iNumServices = 0;
264 static int iServiceIndex = 0;
265 static struct db_context *ServiceHash;
266 static bool bInGlobalSection = true;
267 static bool bGlobalOnly = false;
268 static struct file_lists *file_lists = NULL;
269 static unsigned int *flags_list = NULL;
271 static void set_allowed_client_auth(void);
273 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
274 static void free_param_opts(struct parmlist_entry **popts);
277 * Function to return the default value for the maximum number of open
278 * file descriptors permitted. This function tries to consult the
279 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
280 * the smaller of those.
282 static int max_open_files(void)
284 int sysctl_max = MAX_OPEN_FILES;
285 int rlimit_max = MAX_OPEN_FILES;
287 #ifdef HAVE_SYSCTLBYNAME
289 size_t size = sizeof(sysctl_max);
290 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
295 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
301 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
302 rlimit_max = rl.rlim_cur;
304 #if defined(RLIM_INFINITY)
305 if(rl.rlim_cur == RLIM_INFINITY)
306 rlimit_max = MAX_OPEN_FILES;
311 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
312 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
313 "minimum Windows limit (%d)\n",
315 MIN_OPEN_FILES_WINDOWS));
316 sysctl_max = MIN_OPEN_FILES_WINDOWS;
319 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
320 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
321 "minimum Windows limit (%d)\n",
323 MIN_OPEN_FILES_WINDOWS));
324 rlimit_max = MIN_OPEN_FILES_WINDOWS;
327 return MIN(sysctl_max, rlimit_max);
331 * Common part of freeing allocated data for one parameter.
333 static void free_one_parameter_common(void *parm_ptr,
334 struct parm_struct parm)
336 if ((parm.type == P_STRING) ||
337 (parm.type == P_USTRING))
339 lpcfg_string_free((char**)parm_ptr);
340 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
341 TALLOC_FREE(*((char***)parm_ptr));
346 * Free the allocated data for one parameter for a share
347 * given as a service struct.
349 static void free_one_parameter(struct loadparm_service *service,
350 struct parm_struct parm)
354 if (parm.p_class != P_LOCAL) {
358 parm_ptr = lp_parm_ptr(service, &parm);
360 free_one_parameter_common(parm_ptr, parm);
364 * Free the allocated parameter data of a share given
365 * as a service struct.
367 static void free_parameters(struct loadparm_service *service)
371 for (i=0; parm_table[i].label; i++) {
372 free_one_parameter(service, parm_table[i]);
377 * Free the allocated data for one parameter for a given share
378 * specified by an snum.
380 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
385 parm_ptr = lp_parm_ptr(NULL, &parm);
386 } else if (parm.p_class != P_LOCAL) {
389 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
392 free_one_parameter_common(parm_ptr, parm);
396 * Free the allocated parameter data for a share specified
399 static void free_parameters_by_snum(int snum)
403 for (i=0; parm_table[i].label; i++) {
404 free_one_parameter_by_snum(snum, parm_table[i]);
409 * Free the allocated global parameters.
411 static void free_global_parameters(void)
414 struct parm_struct *parm;
416 free_param_opts(&Globals.param_opt);
417 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
419 /* Reset references in the defaults because the context is going to be freed */
420 for (i=0; parm_table[i].label; i++) {
421 parm = &parm_table[i];
422 if ((parm->type == P_STRING) ||
423 (parm->type == P_USTRING)) {
424 if ((parm->def.svalue != NULL) &&
425 (*(parm->def.svalue) != '\0')) {
426 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
427 parm->def.svalue = NULL;
432 TALLOC_FREE(Globals.ctx);
435 struct lp_stored_option {
436 struct lp_stored_option *prev, *next;
441 static struct lp_stored_option *stored_options;
444 save options set by lp_set_cmdline() into a list. This list is
445 re-applied when we do a globals reset, so that cmdline set options
446 are sticky across reloads of smb.conf
448 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
450 struct lp_stored_option *entry, *entry_next;
451 for (entry = stored_options; entry != NULL; entry = entry_next) {
452 entry_next = entry->next;
453 if (strcmp(pszParmName, entry->label) == 0) {
454 DLIST_REMOVE(stored_options, entry);
460 entry = talloc(NULL, struct lp_stored_option);
465 entry->label = talloc_strdup(entry, pszParmName);
471 entry->value = talloc_strdup(entry, pszParmValue);
477 DLIST_ADD_END(stored_options, entry);
482 static bool apply_lp_set_cmdline(void)
484 struct lp_stored_option *entry = NULL;
485 for (entry = stored_options; entry != NULL; entry = entry->next) {
486 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
487 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
488 entry->label, entry->value));
495 /***************************************************************************
496 Initialise the global parameter structure.
497 ***************************************************************************/
499 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
501 static bool done_init = false;
505 /* If requested to initialize only once and we've already done it... */
506 if (!reinit_globals && done_init) {
507 /* ... then we have nothing more to do */
512 /* The logfile can be set before this is invoked. Free it if so. */
513 lpcfg_string_free(&Globals.logfile);
516 free_global_parameters();
519 /* This memset and the free_global_parameters() above will
520 * wipe out smb.conf options set with lp_set_cmdline(). The
521 * apply_lp_set_cmdline() call puts these values back in the
522 * table once the defaults are set */
523 ZERO_STRUCT(Globals);
525 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
527 /* Initialize the flags list if necessary */
528 if (flags_list == NULL) {
532 for (i = 0; parm_table[i].label; i++) {
533 if ((parm_table[i].type == P_STRING ||
534 parm_table[i].type == P_USTRING))
538 (char **)lp_parm_ptr(NULL, &parm_table[i]),
544 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
545 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
547 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
549 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
551 DEBUG(3, ("Initialising global parameters\n"));
553 /* Must manually force to upper case here, as this does not go via the handler */
554 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
557 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
558 get_dyn_SMB_PASSWD_FILE());
559 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
560 get_dyn_PRIVATE_DIR());
561 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
562 get_dyn_BINDDNS_DIR());
564 /* use the new 'hash2' method by default, with a prefix of 1 */
565 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
566 Globals.mangle_prefix = 1;
568 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
570 /* using UTF8 by default allows us to support all chars */
571 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
572 DEFAULT_UNIX_CHARSET);
574 /* Use codepage 850 as a default for the dos character set */
575 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
576 DEFAULT_DOS_CHARSET);
579 * Allow the default PASSWD_CHAT to be overridden in local.h.
581 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
582 DEFAULT_PASSWD_CHAT);
584 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
586 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
587 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
589 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
591 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
593 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
595 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
598 * By default support explicit binding to broadcast
601 Globals.nmbd_bind_explicit_broadcast = true;
603 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
605 smb_panic("init_globals: ENOMEM");
607 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
610 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
611 "/bin/sleep 999999999");
614 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
615 DEFAULT_SOCKET_OPTIONS);
617 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
618 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
619 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
620 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
621 "\\\\%N\\%U\\profile");
623 Globals.name_resolve_order =
624 str_list_make_v3_const(Globals.ctx,
625 DEFAULT_NAME_RESOLVE_ORDER,
627 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
629 Globals.algorithmic_rid_base = BASE_RID;
631 Globals.load_printers = true;
632 Globals.printcap_cache_time = 750; /* 12.5 minutes */
634 Globals.config_backend = config_backend;
635 Globals._server_role = ROLE_AUTO;
637 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
638 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
639 Globals.max_xmit = 0x4104;
640 Globals.max_mux = 50; /* This is *needed* for profile support. */
641 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
642 Globals._disable_spoolss = false;
643 Globals.max_smbd_processes = 0;/* no limit specified */
644 Globals.username_level = 0;
645 Globals.deadtime = 10080;
646 Globals.getwd_cache = true;
647 Globals.large_readwrite = true;
648 Globals.max_log_size = 5000;
649 Globals.max_open_files = max_open_files();
650 Globals.server_max_protocol = PROTOCOL_SMB3_11;
651 Globals.server_min_protocol = PROTOCOL_SMB2_02;
652 Globals._client_max_protocol = PROTOCOL_DEFAULT;
653 Globals.client_min_protocol = PROTOCOL_SMB2_02;
654 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
655 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
656 Globals._security = SEC_AUTO;
657 Globals.encrypt_passwords = true;
658 Globals.client_schannel = true;
659 Globals.winbind_sealed_pipes = true;
660 Globals.require_strong_key = true;
661 Globals.server_schannel = true;
662 Globals.read_raw = true;
663 Globals.write_raw = true;
664 Globals.null_passwords = false;
665 Globals.old_password_allowed_period = 60;
666 Globals.obey_pam_restrictions = false;
668 Globals.syslog_only = false;
669 Globals.timestamp_logs = true;
670 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
671 Globals.debug_prefix_timestamp = false;
672 Globals.debug_hires_timestamp = true;
673 Globals.debug_pid = false;
674 Globals.debug_uid = false;
675 Globals.debug_class = false;
676 Globals.enable_core_files = true;
677 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
678 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
679 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
680 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
681 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
682 Globals.lm_interval = 60;
683 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
684 Globals.nis_homedir = false;
685 #ifdef WITH_NISPLUS_HOME
686 lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
687 "auto_home.org_dir");
689 lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
692 Globals.time_server = false;
693 Globals.bind_interfaces_only = false;
694 Globals.unix_password_sync = false;
695 Globals.pam_password_change = false;
696 Globals.passwd_chat_debug = false;
697 Globals.passwd_chat_timeout = 2; /* 2 second default. */
698 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
699 Globals.nt_status_support = true; /* Use NT status by default. */
700 Globals.smbd_profiling_level = 0;
701 Globals.stat_cache = true; /* use stat cache by default */
702 Globals.max_stat_cache_size = 512; /* 512k by default */
703 Globals.restrict_anonymous = 0;
704 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
705 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
706 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
707 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
708 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
709 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
710 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
712 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
714 Globals.map_to_guest = 0; /* By Default, "Never" */
715 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
716 Globals.enhanced_browsing = true;
717 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
718 Globals.use_mmap = true;
719 Globals.unicode = true;
720 Globals.unix_extensions = true;
721 Globals.reset_on_zero_vc = false;
722 Globals.log_writeable_files_on_exit = false;
723 Globals.create_krb5_conf = true;
724 Globals.include_system_krb5_conf = true;
725 Globals._winbind_max_domain_connections = 1;
727 /* hostname lookups can be very expensive and are broken on
728 a large number of sites (tridge) */
729 Globals.hostname_lookups = false;
731 Globals.change_notify = true,
732 Globals.kernel_change_notify = true,
734 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
735 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
738 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
739 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
741 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
742 Globals.ldap_ssl = LDAP_SSL_START_TLS;
743 Globals.ldap_ssl_ads = false;
744 Globals.ldap_deref = -1;
745 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
746 Globals.ldap_delete_dn = false;
747 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
748 Globals.ldap_follow_referral = Auto;
749 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
750 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
751 Globals.ldap_page_size = LDAP_PAGE_SIZE;
753 Globals.ldap_debug_level = 0;
754 Globals.ldap_debug_threshold = 10;
756 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
758 Globals.ldap_server_require_strong_auth =
759 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
761 /* This is what we tell the afs client. in reality we set the token
762 * to never expire, though, when this runs out the afs client will
763 * forget the token. Set to 0 to get NEVERDATE.*/
764 Globals.afs_token_lifetime = 604800;
765 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
767 /* these parameters are set to defaults that are more appropriate
768 for the increasing samba install base:
770 as a member of the workgroup, that will possibly become a
771 _local_ master browser (lm = true). this is opposed to a forced
772 local master browser startup (pm = true).
774 doesn't provide WINS server service by default (wsupp = false),
775 and doesn't provide domain master browser services by default, either.
779 Globals.show_add_printer_wizard = true;
780 Globals.os_level = 20;
781 Globals.local_master = true;
782 Globals._domain_master = Auto; /* depending on _domain_logons */
783 Globals._domain_logons = false;
784 Globals.browse_list = true;
785 Globals.we_are_a_wins_server = false;
786 Globals.wins_proxy = false;
788 TALLOC_FREE(Globals.init_logon_delayed_hosts);
789 Globals.init_logon_delay = 100; /* 100 ms default delay */
791 Globals.wins_dns_proxy = true;
793 Globals.allow_trusted_domains = true;
794 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
796 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
797 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
799 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
800 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
801 dyn_WINBINDD_SOCKET_DIR);
803 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
804 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
806 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
808 Globals.cluster_addresses = NULL;
809 Globals.clustering = false;
810 Globals.ctdb_timeout = 0;
811 Globals.ctdb_locktime_warn_threshold = 0;
813 Globals.winbind_cache_time = 300; /* 5 minutes */
814 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
815 Globals.winbind_request_timeout = 60; /* 60 seconds */
816 Globals.winbind_max_clients = 200;
817 Globals.winbind_enum_users = false;
818 Globals.winbind_enum_groups = false;
819 Globals.winbind_use_default_domain = false;
820 Globals.winbind_nested_groups = true;
821 Globals.winbind_expand_groups = 0;
822 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
823 Globals.winbind_refresh_tickets = false;
824 Globals.winbind_offline_logon = false;
825 Globals.winbind_scan_trusted_domains = true;
827 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
828 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
830 Globals.passdb_expand_explicit = false;
832 Globals.name_cache_timeout = 660; /* In seconds */
834 Globals.client_use_spnego = true;
836 Globals.client_signing = SMB_SIGNING_DEFAULT;
837 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
838 Globals.server_signing = SMB_SIGNING_DEFAULT;
840 Globals.defer_sharing_violations = true;
841 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
843 Globals.enable_privileges = true;
844 Globals.host_msdfs = true;
845 Globals.enable_asu_support = false;
847 /* User defined shares. */
848 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
850 smb_panic("init_globals: ENOMEM");
852 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
854 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
855 Globals.usershare_max_shares = 0;
856 /* By default disallow sharing of directories not owned by the sharer. */
857 Globals.usershare_owner_only = true;
858 /* By default disallow guest access to usershares. */
859 Globals.usershare_allow_guests = false;
861 Globals.keepalive = DEFAULT_KEEPALIVE;
863 /* By default no shares out of the registry */
864 Globals.registry_shares = false;
866 Globals.min_receivefile_size = 0;
868 Globals.multicast_dns_register = true;
870 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
871 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
872 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
873 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
874 Globals.smb2_leases = true;
876 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
877 get_dyn_NCALRPCDIR());
879 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
881 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
883 Globals.tls_enabled = true;
884 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
886 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
887 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
888 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
889 lpcfg_string_set(Globals.ctx, &Globals.tls_priority,
890 "NORMAL:-VERS-SSL3.0");
892 lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
894 Globals._preferred_master = Auto;
896 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
897 Globals.dns_zone_scavenging = false;
899 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
900 get_dyn_NTP_SIGND_SOCKET_DIR());
902 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
904 smb_panic("init_globals: ENOMEM");
906 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
910 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
913 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
915 smb_panic("init_globals: ENOMEM");
917 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
920 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
922 smb_panic("init_globals: ENOMEM");
924 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
927 Globals.apply_group_policies = false;
929 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
931 smb_panic("init_globals: ENOMEM");
933 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
936 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
938 Globals.cldap_port = 389;
940 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
942 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
944 Globals.krb5_port = 88;
946 Globals.kpasswd_port = 464;
948 Globals.aio_max_threads = 100;
950 lpcfg_string_set(Globals.ctx,
951 &Globals.rpc_server_dynamic_port_range,
953 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
954 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
955 Globals.prefork_children = 4;
956 Globals.prefork_backoff_increment = 10;
957 Globals.prefork_maximum_backoff = 120;
959 Globals.ldap_max_anonymous_request_size = 256000;
960 Globals.ldap_max_authenticated_request_size = 16777216;
961 Globals.ldap_max_search_request_size = 256000;
963 /* Now put back the settings that were set with lp_set_cmdline() */
964 apply_lp_set_cmdline();
967 /* Convenience routine to setup an lp_context with additional s3 variables */
968 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
970 struct loadparm_context *lp_ctx;
972 lp_ctx = loadparm_init_s3(mem_ctx,
973 loadparm_s3_helpers());
974 if (lp_ctx == NULL) {
975 DEBUG(0, ("loadparm_init_s3 failed\n"));
979 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
980 if (lp_ctx->sDefault == NULL) {
981 DBG_ERR("talloc_zero failed\n");
986 *lp_ctx->sDefault = _sDefault;
987 lp_ctx->services = NULL; /* We do not want to access this directly */
988 lp_ctx->bInGlobalSection = bInGlobalSection;
989 lp_ctx->flags = flags_list;
994 /*******************************************************************
995 Convenience routine to grab string parameters into talloced memory
996 and run standard_sub_basic on them. The buffers can be written to by
997 callers without affecting the source string.
998 ********************************************************************/
1000 static char *loadparm_s3_global_substitution_fn(
1001 TALLOC_CTX *mem_ctx,
1002 const struct loadparm_substitution *lp_sub,
1008 /* The follow debug is useful for tracking down memory problems
1009 especially if you have an inner loop that is calling a lp_*()
1010 function that returns a string. Perhaps this debug should be
1011 present all the time? */
1014 DEBUG(10, ("lp_string(%s)\n", s));
1020 ret = talloc_sub_basic(mem_ctx,
1021 get_current_username(),
1022 current_user_info.domain,
1024 if (trim_char(ret, '\"', '\"')) {
1025 if (strchr(ret,'\"') != NULL) {
1027 ret = talloc_sub_basic(mem_ctx,
1028 get_current_username(),
1029 current_user_info.domain,
1036 static const struct loadparm_substitution s3_global_substitution = {
1037 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1040 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1042 return &s3_global_substitution;
1046 In this section all the functions that are used to access the
1047 parameters from the rest of the program are defined
1050 #define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
1051 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
1052 {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
1053 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1054 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1055 #define FN_GLOBAL_LIST(fn_name,ptr) \
1056 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1057 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1058 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1059 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1060 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1061 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1062 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1064 #define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
1065 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
1066 {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1067 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1068 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1069 #define FN_LOCAL_LIST(fn_name,val) \
1070 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1071 #define FN_LOCAL_BOOL(fn_name,val) \
1072 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1073 #define FN_LOCAL_INTEGER(fn_name,val) \
1074 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1076 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1077 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1078 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1079 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1080 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1081 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1083 int lp_winbind_max_domain_connections(void)
1085 if (lp_winbind_offline_logon() &&
1086 lp__winbind_max_domain_connections() > 1) {
1087 DEBUG(1, ("offline logons active, restricting max domain "
1088 "connections to 1\n"));
1091 return MAX(1, lp__winbind_max_domain_connections());
1094 /* These functions remain in source3/param for now */
1096 #include "lib/param/param_functions.c"
1098 FN_LOCAL_SUBSTITUTED_STRING(servicename, szService)
1099 FN_LOCAL_CONST_STRING(const_servicename, szService)
1101 /* These functions cannot be auto-generated */
1102 FN_LOCAL_BOOL(autoloaded, autoloaded)
1103 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1105 /* local prototypes */
1107 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1108 static const char *get_boolean(bool bool_value);
1109 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1111 static bool hash_a_service(const char *name, int number);
1112 static void free_service_byindex(int iService);
1113 static void show_parameter(int parmIndex);
1114 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1115 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1118 * This is a helper function for parametrical options support. It returns a
1119 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1120 * parametrical functions are quite simple
1122 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1125 if (snum >= iNumServices) return NULL;
1128 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1130 return get_parametric_helper(ServicePtrs[snum],
1131 type, option, Globals.param_opt);
1135 static void discard_whitespace(char *str)
1137 size_t len = strlen(str);
1141 if (isspace(str[i])) {
1142 memmove(&str[i], &str[i+1], len-i);
1151 * @brief Go through all global parametric parameters
1153 * @param regex_str A regular expression to scan param for
1154 * @param max_matches Max number of submatches the regexp expects
1155 * @param cb Function to call on match. Should return true
1156 * when it wants wi_scan_global_parametrics to stop
1158 * @param private_data Anonymous pointer passed to cb
1160 * @return 0: success, regcomp/regexec return value on error.
1161 * See "man regexec" for possible errors
1164 int lp_wi_scan_global_parametrics(
1165 const char *regex_str, size_t max_matches,
1166 bool (*cb)(const char *string, regmatch_t matches[],
1167 void *private_data),
1170 struct parmlist_entry *data;
1174 ret = regcomp(®ex, regex_str, REG_ICASE);
1179 for (data = Globals.param_opt; data != NULL; data = data->next) {
1180 size_t keylen = strlen(data->key);
1182 regmatch_t matches[max_matches];
1185 memcpy(key, data->key, sizeof(key));
1186 discard_whitespace(key);
1188 ret = regexec(®ex, key, max_matches, matches, 0);
1189 if (ret == REG_NOMATCH) {
1196 stop = cb(key, matches, private_data);
1209 #define MISSING_PARAMETER(name) \
1210 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1212 /*******************************************************************
1213 convenience routine to return enum parameters.
1214 ********************************************************************/
1215 static int lp_enum(const char *s,const struct enum_list *_enum)
1219 if (!s || !*s || !_enum) {
1220 MISSING_PARAMETER(lp_enum);
1224 for (i=0; _enum[i].name; i++) {
1225 if (strequal(_enum[i].name,s))
1226 return _enum[i].value;
1229 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1233 #undef MISSING_PARAMETER
1235 /* Return parametric option from a given service. Type is a part of option before ':' */
1236 /* Parametric option has following syntax: 'Type: option = value' */
1237 char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
1238 const struct loadparm_substitution *lp_sub,
1244 struct parmlist_entry *data = get_parametrics(snum, type, option);
1246 SMB_ASSERT(lp_sub != NULL);
1248 if (data == NULL||data->value==NULL) {
1250 return lpcfg_substituted_string(mem_ctx, lp_sub, def);
1256 return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
1259 /* Return parametric option from a given service. Type is a part of option before ':' */
1260 /* Parametric option has following syntax: 'Type: option = value' */
1261 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1263 struct parmlist_entry *data = get_parametrics(snum, type, option);
1265 if (data == NULL||data->value==NULL)
1272 /* Return parametric option from a given service. Type is a part of option before ':' */
1273 /* Parametric option has following syntax: 'Type: option = value' */
1275 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1277 struct parmlist_entry *data = get_parametrics(snum, type, option);
1279 if (data == NULL||data->value==NULL)
1280 return (const char **)def;
1282 if (data->list==NULL) {
1283 data->list = str_list_make_v3(NULL, data->value, NULL);
1286 return discard_const_p(const char *, data->list);
1289 /* Return parametric option from a given service. Type is a part of option before ':' */
1290 /* Parametric option has following syntax: 'Type: option = value' */
1292 int lp_parm_int(int snum, const char *type, const char *option, int def)
1294 struct parmlist_entry *data = get_parametrics(snum, type, option);
1296 if (data && data->value && *data->value)
1297 return lp_int(data->value);
1302 /* Return parametric option from a given service. Type is a part of option before ':' */
1303 /* Parametric option has following syntax: 'Type: option = value' */
1305 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1307 struct parmlist_entry *data = get_parametrics(snum, type, option);
1309 if (data && data->value && *data->value)
1310 return lp_ulong(data->value);
1315 /* Return parametric option from a given service. Type is a part of option before ':' */
1316 /* Parametric option has following syntax: 'Type: option = value' */
1318 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1319 const char *option, unsigned long long def)
1321 struct parmlist_entry *data = get_parametrics(snum, type, option);
1323 if (data && data->value && *data->value) {
1324 return lp_ulonglong(data->value);
1330 /* Return parametric option from a given service. Type is a part of option
1332 /* Parametric option has following syntax: 'Type: option = value' */
1334 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1336 struct parmlist_entry *data = get_parametrics(snum, type, option);
1338 if (data && data->value && *data->value)
1339 return lp_bool(data->value);
1344 /* Return parametric option from a given service. Type is a part of option before ':' */
1345 /* Parametric option has following syntax: 'Type: option = value' */
1347 int lp_parm_enum(int snum, const char *type, const char *option,
1348 const struct enum_list *_enum, int def)
1350 struct parmlist_entry *data = get_parametrics(snum, type, option);
1352 if (data && data->value && *data->value && _enum)
1353 return lp_enum(data->value, _enum);
1359 * free a param_opts structure.
1360 * param_opts handling should be moved to talloc;
1361 * then this whole functions reduces to a TALLOC_FREE().
1364 static void free_param_opts(struct parmlist_entry **popts)
1366 struct parmlist_entry *opt, *next_opt;
1368 if (*popts != NULL) {
1369 DEBUG(5, ("Freeing parametrics:\n"));
1372 while (opt != NULL) {
1373 lpcfg_string_free(&opt->key);
1374 lpcfg_string_free(&opt->value);
1375 TALLOC_FREE(opt->list);
1376 next_opt = opt->next;
1383 /***************************************************************************
1384 Free the dynamically allocated parts of a service struct.
1385 ***************************************************************************/
1387 static void free_service(struct loadparm_service *pservice)
1392 if (pservice->szService)
1393 DEBUG(5, ("free_service: Freeing service %s\n",
1394 pservice->szService));
1396 free_parameters(pservice);
1398 lpcfg_string_free(&pservice->szService);
1399 TALLOC_FREE(pservice->copymap);
1401 free_param_opts(&pservice->param_opt);
1403 ZERO_STRUCTP(pservice);
1407 /***************************************************************************
1408 remove a service indexed in the ServicePtrs array from the ServiceHash
1409 and free the dynamically allocated parts
1410 ***************************************************************************/
1412 static void free_service_byindex(int idx)
1414 if ( !LP_SNUM_OK(idx) )
1417 ServicePtrs[idx]->valid = false;
1419 /* we have to cleanup the hash record */
1421 if (ServicePtrs[idx]->szService) {
1422 char *canon_name = canonicalize_servicename(
1424 ServicePtrs[idx]->szService );
1426 dbwrap_delete_bystring(ServiceHash, canon_name );
1427 TALLOC_FREE(canon_name);
1430 free_service(ServicePtrs[idx]);
1431 TALLOC_FREE(ServicePtrs[idx]);
1434 /***************************************************************************
1435 Add a new service to the services array initialising it with the given
1437 ***************************************************************************/
1439 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1442 struct loadparm_service **tsp = NULL;
1444 /* it might already exist */
1446 i = getservicebyname(name, NULL);
1452 /* Re use empty slots if any before allocating new one.*/
1453 for (i=0; i < iNumServices; i++) {
1454 if (ServicePtrs[i] == NULL) {
1458 if (i == iNumServices) {
1459 /* if not, then create one */
1460 tsp = talloc_realloc(NULL, ServicePtrs,
1461 struct loadparm_service *,
1464 DEBUG(0, ("add_a_service: failed to enlarge "
1471 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1472 if (!ServicePtrs[i]) {
1473 DEBUG(0,("add_a_service: out of memory!\n"));
1477 ServicePtrs[i]->valid = true;
1479 copy_service(ServicePtrs[i], pservice, NULL);
1481 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1484 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1485 i, ServicePtrs[i]->szService));
1487 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1494 /***************************************************************************
1495 Convert a string to uppercase and remove whitespaces.
1496 ***************************************************************************/
1498 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1503 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1507 result = talloc_strdup(ctx, src);
1508 SMB_ASSERT(result != NULL);
1510 if (!strlower_m(result)) {
1511 TALLOC_FREE(result);
1517 /***************************************************************************
1518 Add a name/index pair for the services array to the hash table.
1519 ***************************************************************************/
1521 static bool hash_a_service(const char *name, int idx)
1525 if ( !ServiceHash ) {
1526 DEBUG(10,("hash_a_service: creating servicehash\n"));
1527 ServiceHash = db_open_rbt(NULL);
1528 if ( !ServiceHash ) {
1529 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1534 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1537 canon_name = canonicalize_servicename(talloc_tos(), name );
1539 dbwrap_store_bystring(ServiceHash, canon_name,
1540 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1543 TALLOC_FREE(canon_name);
1548 /***************************************************************************
1549 Add a new home service, with the specified home directory, defaults coming
1551 ***************************************************************************/
1553 bool lp_add_home(const char *pszHomename, int iDefaultService,
1554 const char *user, const char *pszHomedir)
1556 const struct loadparm_substitution *lp_sub =
1557 loadparm_s3_global_substitution();
1561 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1562 pszHomedir[0] == '\0') {
1566 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1571 global_path = lp_path(talloc_tos(), lp_sub, GLOBAL_SECTION_SNUM);
1572 if (!(*(ServicePtrs[iDefaultService]->path))
1573 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1574 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1577 TALLOC_FREE(global_path);
1579 if (!(*(ServicePtrs[i]->comment))) {
1580 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1581 if (comment == NULL) {
1584 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1586 TALLOC_FREE(comment);
1589 /* set the browseable flag from the global default */
1591 ServicePtrs[i]->browseable = sDefault.browseable;
1592 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1594 ServicePtrs[i]->autoloaded = true;
1596 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1597 user, ServicePtrs[i]->path ));
1602 /***************************************************************************
1603 Add a new service, based on an old one.
1604 ***************************************************************************/
1606 int lp_add_service(const char *pszService, int iDefaultService)
1608 if (iDefaultService < 0) {
1609 return add_a_service(&sDefault, pszService);
1612 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1615 /***************************************************************************
1616 Add the IPC service.
1617 ***************************************************************************/
1619 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1621 char *comment = NULL;
1622 int i = add_a_service(&sDefault, ipc_name);
1627 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1628 Globals.server_string);
1629 if (comment == NULL) {
1633 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1634 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1635 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1636 ServicePtrs[i]->max_connections = 0;
1637 ServicePtrs[i]->available = true;
1638 ServicePtrs[i]->read_only = true;
1639 ServicePtrs[i]->guest_only = false;
1640 ServicePtrs[i]->administrative_share = true;
1641 ServicePtrs[i]->guest_ok = guest_ok;
1642 ServicePtrs[i]->printable = false;
1643 ServicePtrs[i]->browseable = sDefault.browseable;
1644 ServicePtrs[i]->autoloaded = false;
1646 DEBUG(3, ("adding IPC service\n"));
1648 TALLOC_FREE(comment);
1652 /***************************************************************************
1653 Add a new printer service, with defaults coming from service iFrom.
1654 ***************************************************************************/
1656 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1658 const char *comment = "From Printcap";
1659 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1664 /* note that we do NOT default the availability flag to true - */
1665 /* we take it from the default service passed. This allows all */
1666 /* dynamic printers to be disabled by disabling the [printers] */
1667 /* entry (if/when the 'available' keyword is implemented!). */
1669 /* the printer name is set to the service name. */
1670 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1672 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1674 /* set the browseable flag from the gloabl default */
1675 ServicePtrs[i]->browseable = sDefault.browseable;
1677 /* Printers cannot be read_only. */
1678 ServicePtrs[i]->read_only = false;
1679 /* No oplocks on printer services. */
1680 ServicePtrs[i]->oplocks = false;
1681 /* Printer services must be printable. */
1682 ServicePtrs[i]->printable = true;
1684 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1690 /***************************************************************************
1691 Check whether the given parameter name is valid.
1692 Parametric options (names containing a colon) are considered valid.
1693 ***************************************************************************/
1695 bool lp_parameter_is_valid(const char *pszParmName)
1697 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1698 (strchr(pszParmName, ':') != NULL));
1701 /***************************************************************************
1702 Check whether the given name is the name of a global parameter.
1703 Returns true for strings belonging to parameters of class
1704 P_GLOBAL, false for all other strings, also for parametric options
1705 and strings not belonging to any option.
1706 ***************************************************************************/
1708 bool lp_parameter_is_global(const char *pszParmName)
1710 int num = lpcfg_map_parameter(pszParmName);
1713 return (parm_table[num].p_class == P_GLOBAL);
1719 /**************************************************************************
1720 Determine the canonical name for a parameter.
1721 Indicate when it is an inverse (boolean) synonym instead of a
1723 **************************************************************************/
1725 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1730 if (!lp_parameter_is_valid(parm_name)) {
1735 num = map_parameter_canonical(parm_name, inverse);
1737 /* parametric option */
1738 *canon_parm = parm_name;
1740 *canon_parm = parm_table[num].label;
1747 /**************************************************************************
1748 Determine the canonical name for a parameter.
1749 Turn the value given into the inverse boolean expression when
1750 the synonym is an invers boolean synonym.
1753 - parm_name is a valid parameter name and
1754 - val is a valid value for this parameter and
1755 - in case the parameter is an inverse boolean synonym, if the val
1756 string could successfully be converted to the reverse bool.
1757 Return false in all other cases.
1758 **************************************************************************/
1760 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1762 const char **canon_parm,
1763 const char **canon_val)
1769 if (!lp_parameter_is_valid(parm_name)) {
1775 num = map_parameter_canonical(parm_name, &inverse);
1777 /* parametric option */
1778 *canon_parm = parm_name;
1783 *canon_parm = parm_table[num].label;
1785 if (!lp_invert_boolean(val, canon_val)) {
1793 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1798 /***************************************************************************
1799 Map a parameter's string representation to the index of the canonical
1800 form of the parameter (it might be a synonym).
1801 Returns -1 if the parameter string is not recognised.
1802 ***************************************************************************/
1804 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1806 int parm_num, canon_num;
1807 bool loc_inverse = false;
1809 parm_num = lpcfg_map_parameter(pszParmName);
1810 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1811 /* invalid, parametric or no canidate for synonyms ... */
1815 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1816 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1817 parm_num = canon_num;
1823 if (inverse != NULL) {
1824 *inverse = loc_inverse;
1829 /***************************************************************************
1830 return true if parameter number parm1 is a synonym of parameter
1831 number parm2 (parm2 being the principal name).
1832 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1834 ***************************************************************************/
1836 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1838 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1839 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1840 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1841 !(parm_table[parm2].flags & FLAG_SYNONYM))
1843 if (inverse != NULL) {
1844 if ((parm_table[parm1].type == P_BOOLREV) &&
1845 (parm_table[parm2].type == P_BOOL))
1857 /***************************************************************************
1858 Show one parameter's name, type, [values,] and flags.
1859 (helper functions for show_parameter_list)
1860 ***************************************************************************/
1862 static void show_parameter(int parmIndex)
1864 size_t enumIndex, flagIndex;
1869 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1870 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1871 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1872 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1873 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1875 printf("%s=%s", parm_table[parmIndex].label,
1876 type[parm_table[parmIndex].type]);
1877 if (parm_table[parmIndex].type == P_ENUM) {
1880 parm_table[parmIndex].enum_list[enumIndex].name;
1884 enumIndex ? "|" : "",
1885 parm_table[parmIndex].enum_list[enumIndex].name);
1890 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1891 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1894 flag_names[flagIndex]);
1899 /* output synonyms */
1901 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1902 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1903 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1904 parm_table[parmIndex2].label);
1905 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1907 printf(" (synonyms: ");
1912 printf("%s%s", parm_table[parmIndex2].label,
1913 inverse ? "[i]" : "");
1924 * Check the value for a P_ENUM
1926 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1930 for (i = 0; parm->enum_list[i].name; i++) {
1931 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1938 /**************************************************************************
1939 Check whether the given value is valid for the given parameter name.
1940 **************************************************************************/
1942 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1944 bool ret = false, tmp_bool;
1945 int num = lpcfg_map_parameter(parm_name), tmp_int;
1946 uint64_t tmp_int64 = 0;
1947 struct parm_struct *parm;
1949 /* parametric options (parameter names containing a colon) cannot
1950 be checked and are therefore considered valid. */
1951 if (strchr(parm_name, ':') != NULL) {
1956 parm = &parm_table[num];
1957 switch (parm->type) {
1960 ret = set_boolean(val, &tmp_bool);
1964 ret = (sscanf(val, "%d", &tmp_int) == 1);
1968 ret = (sscanf(val, "%o", &tmp_int) == 1);
1972 ret = check_enum_parameter(parm, val);
1976 if (conv_str_size_error(val, &tmp_int64) &&
1977 tmp_int64 <= INT_MAX) {
1994 /***************************************************************************
1995 Show all parameter's name, type, [values,] and flags.
1996 ***************************************************************************/
1998 void show_parameter_list(void)
2000 int classIndex, parmIndex;
2001 const char *section_names[] = { "local", "global", NULL};
2003 for (classIndex=0; section_names[classIndex]; classIndex++) {
2004 printf("[%s]\n", section_names[classIndex]);
2005 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
2006 if (parm_table[parmIndex].p_class == classIndex) {
2007 show_parameter(parmIndex);
2013 /***************************************************************************
2014 Get the standard string representation of a boolean value ("yes" or "no")
2015 ***************************************************************************/
2017 static const char *get_boolean(bool bool_value)
2019 static const char *yes_str = "yes";
2020 static const char *no_str = "no";
2022 return (bool_value ? yes_str : no_str);
2025 /***************************************************************************
2026 Provide the string of the negated boolean value associated to the boolean
2027 given as a string. Returns false if the passed string does not correctly
2028 represent a boolean.
2029 ***************************************************************************/
2031 bool lp_invert_boolean(const char *str, const char **inverse_str)
2035 if (!set_boolean(str, &val)) {
2039 *inverse_str = get_boolean(!val);
2043 /***************************************************************************
2044 Provide the canonical string representation of a boolean value given
2045 as a string. Return true on success, false if the string given does
2046 not correctly represent a boolean.
2047 ***************************************************************************/
2049 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2053 if (!set_boolean(str, &val)) {
2057 *canon_str = get_boolean(val);
2061 /***************************************************************************
2062 Find a service by name. Otherwise works like get_service.
2063 ***************************************************************************/
2065 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2072 if (ServiceHash == NULL) {
2076 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2078 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2081 if (NT_STATUS_IS_OK(status) &&
2082 (data.dptr != NULL) &&
2083 (data.dsize == sizeof(iService)))
2085 memcpy(&iService, data.dptr, sizeof(iService));
2088 TALLOC_FREE(canon_name);
2090 if ((iService != -1) && (LP_SNUM_OK(iService))
2091 && (pserviceDest != NULL)) {
2092 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2098 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2099 struct loadparm_service *lp_service(const char *pszServiceName)
2101 int iService = getservicebyname(pszServiceName, NULL);
2102 if (iService == -1 || !LP_SNUM_OK(iService)) {
2105 return ServicePtrs[iService];
2108 struct loadparm_service *lp_servicebynum(int snum)
2110 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2113 return ServicePtrs[snum];
2116 struct loadparm_service *lp_default_loadparm_service()
2121 static struct smbconf_ctx *lp_smbconf_ctx(void)
2124 static struct smbconf_ctx *conf_ctx = NULL;
2126 if (conf_ctx == NULL) {
2127 err = smbconf_init(NULL, &conf_ctx, "registry:");
2128 if (!SBC_ERROR_IS_OK(err)) {
2129 DEBUG(1, ("error initializing registry configuration: "
2130 "%s\n", sbcErrorString(err)));
2138 static bool process_smbconf_service(struct smbconf_service *service)
2143 if (service == NULL) {
2147 ret = lp_do_section(service->name, NULL);
2151 for (count = 0; count < service->num_params; count++) {
2153 if (!bInGlobalSection && bGlobalOnly) {
2156 const char *pszParmName = service->param_names[count];
2157 const char *pszParmValue = service->param_values[count];
2159 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2161 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2162 pszParmName, pszParmValue);
2169 if (iServiceIndex >= 0) {
2170 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2176 * load a service from registry and activate it
2178 bool process_registry_service(const char *service_name)
2181 struct smbconf_service *service = NULL;
2182 TALLOC_CTX *mem_ctx = talloc_stackframe();
2183 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2186 if (conf_ctx == NULL) {
2190 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2192 if (!smbconf_share_exists(conf_ctx, service_name)) {
2194 * Registry does not contain data for this service (yet),
2195 * but make sure lp_load doesn't return false.
2201 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2202 if (!SBC_ERROR_IS_OK(err)) {
2206 ret = process_smbconf_service(service);
2212 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2215 TALLOC_FREE(mem_ctx);
2220 * process_registry_globals
2222 static bool process_registry_globals(void)
2226 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2228 if (!bInGlobalSection && bGlobalOnly) {
2231 const char *pszParmName = "registry shares";
2232 const char *pszParmValue = "yes";
2234 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2236 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2237 pszParmName, pszParmValue);
2244 return process_registry_service(GLOBAL_NAME);
2247 bool process_registry_shares(void)
2251 struct smbconf_service **service = NULL;
2252 uint32_t num_shares = 0;
2253 TALLOC_CTX *mem_ctx = talloc_stackframe();
2254 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2257 if (conf_ctx == NULL) {
2261 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2262 if (!SBC_ERROR_IS_OK(err)) {
2268 for (count = 0; count < num_shares; count++) {
2269 if (strequal(service[count]->name, GLOBAL_NAME)) {
2272 ret = process_smbconf_service(service[count]);
2279 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2282 TALLOC_FREE(mem_ctx);
2287 * reload those shares from registry that are already
2288 * activated in the services array.
2290 static bool reload_registry_shares(void)
2295 for (i = 0; i < iNumServices; i++) {
2300 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2304 ret = process_registry_service(ServicePtrs[i]->szService);
2315 #define MAX_INCLUDE_DEPTH 100
2317 static uint8_t include_depth;
2320 * Free the file lists
2322 static void free_file_list(void)
2324 struct file_lists *f;
2325 struct file_lists *next;
2338 * Utility function for outsiders to check if we're running on registry.
2340 bool lp_config_backend_is_registry(void)
2342 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2346 * Utility function to check if the config backend is FILE.
2348 bool lp_config_backend_is_file(void)
2350 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2353 /*******************************************************************
2354 Check if a config file has changed date.
2355 ********************************************************************/
2357 bool lp_file_list_changed(void)
2359 struct file_lists *f = file_lists;
2361 DEBUG(6, ("lp_file_list_changed()\n"));
2364 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2365 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2367 if (conf_ctx == NULL) {
2370 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2373 DEBUGADD(6, ("registry config changed\n"));
2380 n2 = talloc_sub_basic(talloc_tos(),
2381 get_current_username(),
2382 current_user_info.domain,
2387 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2388 f->name, n2, ctime(&f->modtime)));
2390 mod_time = file_modtime(n2);
2393 ((f->modtime != mod_time) ||
2394 (f->subfname == NULL) ||
2395 (strcmp(n2, f->subfname) != 0)))
2398 ("file %s modified: %s\n", n2,
2400 f->modtime = mod_time;
2401 TALLOC_FREE(f->subfname);
2402 f->subfname = talloc_strdup(f, n2);
2403 if (f->subfname == NULL) {
2404 smb_panic("talloc_strdup failed");
2418 * Initialize iconv conversion descriptors.
2420 * This is called the first time it is needed, and also called again
2421 * every time the configuration is reloaded, because the charset or
2422 * codepage might have changed.
2424 static void init_iconv(void)
2426 struct smb_iconv_handle *ret = NULL;
2428 ret = reinit_iconv_handle(NULL,
2432 smb_panic("reinit_iconv_handle failed");
2436 /***************************************************************************
2437 Handle the include operation.
2438 ***************************************************************************/
2439 static bool bAllowIncludeRegistry = true;
2441 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2442 const char *pszParmValue, char **ptr)
2446 if (include_depth >= MAX_INCLUDE_DEPTH) {
2447 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2452 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2453 if (!bAllowIncludeRegistry) {
2456 if (lp_ctx->bInGlobalSection) {
2459 ret = process_registry_globals();
2463 DEBUG(1, ("\"include = registry\" only effective "
2464 "in %s section\n", GLOBAL_NAME));
2469 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2470 current_user_info.domain,
2473 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2475 if (service == NULL) {
2476 lpcfg_string_set(Globals.ctx, ptr, fname);
2478 lpcfg_string_set(service, ptr, fname);
2481 if (file_exist(fname)) {
2484 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2490 DEBUG(2, ("Can't find include file %s\n", fname));
2495 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2497 char *config_option = NULL;
2498 const char *range = NULL;
2501 SMB_ASSERT(low != NULL);
2502 SMB_ASSERT(high != NULL);
2504 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2508 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2510 if (config_option == NULL) {
2511 DEBUG(0, ("out of memory\n"));
2515 range = lp_parm_const_string(-1, config_option, "range", NULL);
2516 if (range == NULL) {
2517 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2521 if (sscanf(range, "%u - %u", low, high) != 2) {
2522 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2523 range, domain_name));
2530 talloc_free(config_option);
2535 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2537 return lp_idmap_range("*", low, high);
2540 const char *lp_idmap_backend(const char *domain_name)
2542 char *config_option = NULL;
2543 const char *backend = NULL;
2545 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2549 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2551 if (config_option == NULL) {
2552 DEBUG(0, ("out of memory\n"));
2556 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2557 if (backend == NULL) {
2558 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2563 talloc_free(config_option);
2567 const char *lp_idmap_default_backend(void)
2569 return lp_idmap_backend("*");
2572 /***************************************************************************
2573 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2574 ***************************************************************************/
2576 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2578 const char *suffix_string;
2580 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2581 Globals.ldap_suffix );
2582 if ( !suffix_string ) {
2583 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2587 return suffix_string;
2590 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2592 if (Globals._ldap_machine_suffix[0])
2593 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2595 return talloc_strdup(ctx, Globals.ldap_suffix);
2598 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2600 if (Globals._ldap_user_suffix[0])
2601 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2603 return talloc_strdup(ctx, Globals.ldap_suffix);
2606 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2608 if (Globals._ldap_group_suffix[0])
2609 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2611 return talloc_strdup(ctx, Globals.ldap_suffix);
2614 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2616 if (Globals._ldap_idmap_suffix[0])
2617 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2619 return talloc_strdup(ctx, Globals.ldap_suffix);
2623 return the parameter pointer for a parameter
2625 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2627 if (service == NULL) {
2628 if (parm->p_class == P_LOCAL)
2629 return (void *)(((char *)&sDefault)+parm->offset);
2630 else if (parm->p_class == P_GLOBAL)
2631 return (void *)(((char *)&Globals)+parm->offset);
2634 return (void *)(((char *)service) + parm->offset);
2638 /***************************************************************************
2639 Process a parameter for a particular service number. If snum < 0
2640 then assume we are in the globals.
2641 ***************************************************************************/
2643 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2645 TALLOC_CTX *frame = talloc_stackframe();
2646 struct loadparm_context *lp_ctx;
2649 lp_ctx = setup_lp_context(frame);
2650 if (lp_ctx == NULL) {
2656 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2658 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2659 pszParmName, pszParmValue);
2667 /***************************************************************************
2668 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2669 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2670 ***************************************************************************/
2672 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2675 parmnum = lpcfg_map_parameter(pszParmName);
2677 flags_list[parmnum] &= ~FLAG_CMDLINE;
2678 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2681 flags_list[parmnum] |= FLAG_CMDLINE;
2683 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2684 * be grouped in the table, so we don't have to search the
2687 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2688 && parm_table[i].p_class == parm_table[parmnum].p_class;
2690 flags_list[i] |= FLAG_CMDLINE;
2692 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2693 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2694 flags_list[i] |= FLAG_CMDLINE;
2700 /* it might be parametric */
2701 if (strchr(pszParmName, ':') != NULL) {
2702 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2706 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2710 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2713 TALLOC_CTX *frame = talloc_stackframe();
2714 struct loadparm_context *lp_ctx;
2716 lp_ctx = setup_lp_context(frame);
2717 if (lp_ctx == NULL) {
2722 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2728 /***************************************************************************
2729 Process a parameter.
2730 ***************************************************************************/
2732 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2735 if (!bInGlobalSection && bGlobalOnly)
2738 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2740 if (bInGlobalSection) {
2741 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2743 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2744 pszParmName, pszParmValue);
2749 static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
2752 * check that @vfs_objects includes all vfs modules required by an AD DC.
2754 static bool check_ad_dc_required_mods(const char **vfs_objects)
2760 for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
2762 for (j = 0; vfs_objects[j] != NULL; j++) {
2763 if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
2769 DEBUG(0, ("vfs objects specified without required AD "
2770 "DC module: %s\n", ad_dc_req_vfs_mods[i]));
2775 DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
2780 /***************************************************************************
2781 Initialize any local variables in the sDefault table, after parsing a
2783 ***************************************************************************/
2785 static void init_locals(void)
2788 * We run this check once the [globals] is parsed, to force
2789 * the VFS objects and other per-share settings we need for
2790 * the standard way a AD DC is operated. We may change these
2791 * as our code evolves, which is why we force these settings.
2793 * We can't do this at the end of lp_load_ex(), as by that
2794 * point the services have been loaded and they will already
2795 * have "" as their vfs objects.
2797 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2798 const char **vfs_objects = lp_vfs_objects(-1);
2799 if (vfs_objects != NULL) {
2800 /* ignore return, only warn if modules are missing */
2801 check_ad_dc_required_mods(vfs_objects);
2803 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2804 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2805 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2806 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2808 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2812 lp_do_parameter(-1, "map hidden", "no");
2813 lp_do_parameter(-1, "map system", "no");
2814 lp_do_parameter(-1, "map readonly", "no");
2815 lp_do_parameter(-1, "map archive", "no");
2816 lp_do_parameter(-1, "store dos attributes", "yes");
2820 /***************************************************************************
2821 Process a new section (service). At this stage all sections are services.
2822 Later we'll have special sections that permit server parameters to be set.
2823 Returns true on success, false on failure.
2824 ***************************************************************************/
2826 bool lp_do_section(const char *pszSectionName, void *userdata)
2828 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2830 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2831 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2833 /* if we were in a global section then do the local inits */
2834 if (bInGlobalSection && !isglobal)
2837 /* if we've just struck a global section, note the fact. */
2838 bInGlobalSection = isglobal;
2839 if (lp_ctx != NULL) {
2840 lp_ctx->bInGlobalSection = isglobal;
2843 /* check for multiple global sections */
2844 if (bInGlobalSection) {
2845 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2849 if (!bInGlobalSection && bGlobalOnly)
2852 /* if we have a current service, tidy it up before moving on */
2855 if (iServiceIndex >= 0)
2856 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2858 /* if all is still well, move to the next record in the services array */
2860 /* We put this here to avoid an odd message order if messages are */
2861 /* issued by the post-processing of a previous section. */
2862 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2864 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2865 if (iServiceIndex < 0) {
2866 DEBUG(0, ("Failed to add a new service\n"));
2869 /* Clean all parametric options for service */
2870 /* They will be added during parsing again */
2871 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2877 /***************************************************************************
2878 Display the contents of a parameter of a single services record.
2879 ***************************************************************************/
2881 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2883 bool result = false;
2884 struct loadparm_context *lp_ctx;
2886 lp_ctx = setup_lp_context(talloc_tos());
2887 if (lp_ctx == NULL) {
2892 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2894 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2896 TALLOC_FREE(lp_ctx);
2901 /***************************************************************************
2902 Display the contents of a single copy structure.
2903 ***************************************************************************/
2904 static void dump_copy_map(bool *pcopymap)
2910 printf("\n\tNon-Copied parameters:\n");
2912 for (i = 0; parm_table[i].label; i++)
2913 if (parm_table[i].p_class == P_LOCAL &&
2914 parm_table[i].ptr && !pcopymap[i] &&
2915 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2917 printf("\t\t%s\n", parm_table[i].label);
2922 /***************************************************************************
2923 Return TRUE if the passed service number is within range.
2924 ***************************************************************************/
2926 bool lp_snum_ok(int iService)
2928 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2931 /***************************************************************************
2932 Auto-load some home services.
2933 ***************************************************************************/
2935 static void lp_add_auto_services(const char *str)
2945 s = talloc_strdup(talloc_tos(), str);
2947 smb_panic("talloc_strdup failed");
2951 homes = lp_servicenumber(HOMES_NAME);
2953 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2954 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2957 if (lp_servicenumber(p) >= 0)
2960 home = get_user_home_dir(talloc_tos(), p);
2962 if (home && home[0] && homes >= 0)
2963 lp_add_home(p, homes, p, home);
2970 /***************************************************************************
2971 Auto-load one printer.
2972 ***************************************************************************/
2974 void lp_add_one_printer(const char *name, const char *comment,
2975 const char *location, void *pdata)
2977 int printers = lp_servicenumber(PRINTERS_NAME);
2980 if (lp_servicenumber(name) < 0) {
2981 lp_add_printer(name, printers);
2982 if ((i = lp_servicenumber(name)) >= 0) {
2983 lpcfg_string_set(ServicePtrs[i],
2984 &ServicePtrs[i]->comment, comment);
2985 ServicePtrs[i]->autoloaded = true;
2990 /***************************************************************************
2991 Have we loaded a services file yet?
2992 ***************************************************************************/
2994 bool lp_loaded(void)
2999 /***************************************************************************
3000 Unload unused services.
3001 ***************************************************************************/
3003 void lp_killunused(struct smbd_server_connection *sconn,
3004 bool (*snumused) (struct smbd_server_connection *, int))
3007 for (i = 0; i < iNumServices; i++) {
3011 /* don't kill autoloaded or usershare services */
3012 if ( ServicePtrs[i]->autoloaded ||
3013 ServicePtrs[i]->usershare == USERSHARE_VALID) {
3017 if (!snumused || !snumused(sconn, i)) {
3018 free_service_byindex(i);
3024 * Kill all except autoloaded and usershare services - convenience wrapper
3026 void lp_kill_all_services(void)
3028 lp_killunused(NULL, NULL);
3031 /***************************************************************************
3033 ***************************************************************************/
3035 void lp_killservice(int iServiceIn)
3037 if (VALID(iServiceIn)) {
3038 free_service_byindex(iServiceIn);
3042 /***************************************************************************
3043 Save the curent values of all global and sDefault parameters into the
3044 defaults union. This allows testparm to show only the
3045 changed (ie. non-default) parameters.
3046 ***************************************************************************/
3048 static void lp_save_defaults(void)
3051 struct parmlist_entry * parm;
3052 for (i = 0; parm_table[i].label; i++) {
3053 if (!(flags_list[i] & FLAG_CMDLINE)) {
3054 flags_list[i] |= FLAG_DEFAULT;
3057 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3058 && parm_table[i].p_class == parm_table[i - 1].p_class)
3060 switch (parm_table[i].type) {
3063 parm_table[i].def.lvalue = str_list_copy(
3064 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3070 &parm_table[i].def.svalue,
3071 *(char **)lp_parm_ptr(
3072 NULL, &parm_table[i]));
3073 if (parm_table[i].def.svalue == NULL) {
3074 smb_panic("lpcfg_string_set() failed");
3079 parm_table[i].def.bvalue =
3080 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3083 parm_table[i].def.cvalue =
3084 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3090 parm_table[i].def.ivalue =
3091 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3096 for (parm=Globals.param_opt; parm; parm=parm->next) {
3097 if (!(parm->priority & FLAG_CMDLINE)) {
3098 parm->priority |= FLAG_DEFAULT;
3102 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3103 if (!(parm->priority & FLAG_CMDLINE)) {
3104 parm->priority |= FLAG_DEFAULT;
3108 defaults_saved = true;
3111 /***********************************************************
3112 If we should send plaintext/LANMAN passwords in the clinet
3113 ************************************************************/
3115 static void set_allowed_client_auth(void)
3117 if (Globals.client_ntlmv2_auth) {
3118 Globals.client_lanman_auth = false;
3120 if (!Globals.client_lanman_auth) {
3121 Globals.client_plaintext_auth = false;
3125 /***************************************************************************
3127 The following code allows smbd to read a user defined share file.
3128 Yes, this is my intent. Yes, I'm comfortable with that...
3130 THE FOLLOWING IS SECURITY CRITICAL CODE.
3132 It washes your clothes, it cleans your house, it guards you while you sleep...
3133 Do not f%^k with it....
3134 ***************************************************************************/
3136 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3138 /***************************************************************************
3139 Check allowed stat state of a usershare file.
3140 Ensure we print out who is dicking with us so the admin can
3141 get their sorry ass fired.
3142 ***************************************************************************/
3144 static bool check_usershare_stat(const char *fname,
3145 const SMB_STRUCT_STAT *psbuf)
3147 if (!S_ISREG(psbuf->st_ex_mode)) {
3148 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3149 "not a regular file\n",
3150 fname, (unsigned int)psbuf->st_ex_uid ));
3154 /* Ensure this doesn't have the other write bit set. */
3155 if (psbuf->st_ex_mode & S_IWOTH) {
3156 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3157 "public write. Refusing to allow as a usershare file.\n",
3158 fname, (unsigned int)psbuf->st_ex_uid ));
3162 /* Should be 10k or less. */
3163 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3164 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3165 "too large (%u) to be a user share file.\n",
3166 fname, (unsigned int)psbuf->st_ex_uid,
3167 (unsigned int)psbuf->st_ex_size ));
3174 /***************************************************************************
3175 Parse the contents of a usershare file.
3176 ***************************************************************************/
3178 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3179 SMB_STRUCT_STAT *psbuf,
3180 const char *servicename,
3184 char **pp_sharepath,
3186 char **pp_cp_servicename,
3187 struct security_descriptor **ppsd,
3190 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3191 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3194 SMB_STRUCT_STAT sbuf;
3195 char *sharepath = NULL;
3196 char *comment = NULL;
3198 *pp_sharepath = NULL;
3201 *pallow_guest = false;
3204 return USERSHARE_MALFORMED_FILE;
3207 if (strcmp(lines[0], "#VERSION 1") == 0) {
3209 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3212 return USERSHARE_MALFORMED_FILE;
3215 return USERSHARE_BAD_VERSION;
3218 if (strncmp(lines[1], "path=", 5) != 0) {
3219 return USERSHARE_MALFORMED_PATH;
3222 sharepath = talloc_strdup(ctx, &lines[1][5]);
3224 return USERSHARE_POSIX_ERR;
3226 trim_string(sharepath, " ", " ");
3228 if (strncmp(lines[2], "comment=", 8) != 0) {
3229 return USERSHARE_MALFORMED_COMMENT_DEF;
3232 comment = talloc_strdup(ctx, &lines[2][8]);
3234 return USERSHARE_POSIX_ERR;
3236 trim_string(comment, " ", " ");
3237 trim_char(comment, '"', '"');
3239 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3240 return USERSHARE_MALFORMED_ACL_DEF;
3243 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3244 return USERSHARE_ACL_ERR;
3248 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3249 return USERSHARE_MALFORMED_ACL_DEF;
3251 if (lines[4][9] == 'y') {
3252 *pallow_guest = true;
3255 /* Backwards compatible extension to file version #2. */
3257 if (strncmp(lines[5], "sharename=", 10) != 0) {
3258 return USERSHARE_MALFORMED_SHARENAME_DEF;
3260 if (!strequal(&lines[5][10], servicename)) {
3261 return USERSHARE_BAD_SHARENAME;
3263 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3264 if (!*pp_cp_servicename) {
3265 return USERSHARE_POSIX_ERR;
3270 if (*pp_cp_servicename == NULL) {
3271 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3272 if (!*pp_cp_servicename) {
3273 return USERSHARE_POSIX_ERR;
3277 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3278 /* Path didn't change, no checks needed. */
3279 *pp_sharepath = sharepath;
3280 *pp_comment = comment;
3281 return USERSHARE_OK;
3284 /* The path *must* be absolute. */
3285 if (sharepath[0] != '/') {
3286 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3287 servicename, sharepath));
3288 return USERSHARE_PATH_NOT_ABSOLUTE;
3291 /* If there is a usershare prefix deny list ensure one of these paths
3292 doesn't match the start of the user given path. */
3293 if (prefixdenylist) {
3295 for ( i=0; prefixdenylist[i]; i++ ) {
3296 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3297 servicename, i, prefixdenylist[i], sharepath ));
3298 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3299 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3300 "usershare prefix deny list entries.\n",
3301 servicename, sharepath));
3302 return USERSHARE_PATH_IS_DENIED;
3307 /* If there is a usershare prefix allow list ensure one of these paths
3308 does match the start of the user given path. */
3310 if (prefixallowlist) {
3312 for ( i=0; prefixallowlist[i]; i++ ) {
3313 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3314 servicename, i, prefixallowlist[i], sharepath ));
3315 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3319 if (prefixallowlist[i] == NULL) {
3320 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3321 "usershare prefix allow list entries.\n",
3322 servicename, sharepath));
3323 return USERSHARE_PATH_NOT_ALLOWED;
3327 /* Ensure this is pointing to a directory. */
3328 dp = opendir(sharepath);
3331 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3332 servicename, sharepath));
3333 return USERSHARE_PATH_NOT_DIRECTORY;
3336 /* Ensure the owner of the usershare file has permission to share
3339 if (sys_stat(sharepath, &sbuf, false) == -1) {
3340 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3341 servicename, sharepath, strerror(errno) ));
3343 return USERSHARE_POSIX_ERR;
3348 if (!S_ISDIR(sbuf.st_ex_mode)) {
3349 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3350 servicename, sharepath ));
3351 return USERSHARE_PATH_NOT_DIRECTORY;
3354 /* Check if sharing is restricted to owner-only. */
3355 /* psbuf is the stat of the usershare definition file,
3356 sbuf is the stat of the target directory to be shared. */
3358 if (lp_usershare_owner_only()) {
3359 /* root can share anything. */
3360 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3361 return USERSHARE_PATH_NOT_ALLOWED;
3365 *pp_sharepath = sharepath;
3366 *pp_comment = comment;
3367 return USERSHARE_OK;
3370 /***************************************************************************
3371 Deal with a usershare file.
3374 -1 - Bad name, invalid contents.
3375 - service name already existed and not a usershare, problem
3376 with permissions to share directory etc.
3377 ***************************************************************************/
3379 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3381 SMB_STRUCT_STAT sbuf;
3382 SMB_STRUCT_STAT lsbuf;
3384 char *sharepath = NULL;
3385 char *comment = NULL;
3386 char *cp_service_name = NULL;
3387 char **lines = NULL;
3391 TALLOC_CTX *ctx = talloc_stackframe();
3392 struct security_descriptor *psd = NULL;
3393 bool guest_ok = false;
3394 char *canon_name = NULL;
3395 bool added_service = false;
3399 /* Ensure share name doesn't contain invalid characters. */
3400 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3401 DEBUG(0,("process_usershare_file: share name %s contains "
3402 "invalid characters (any of %s)\n",
3403 file_name, INVALID_SHARENAME_CHARS ));
3407 canon_name = canonicalize_servicename(ctx, file_name);
3412 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3417 /* Minimize the race condition by doing an lstat before we
3418 open and fstat. Ensure this isn't a symlink link. */
3420 if (sys_lstat(fname, &lsbuf, false) != 0) {
3421 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3422 fname, strerror(errno) ));
3426 /* This must be a regular file, not a symlink, directory or
3427 other strange filetype. */
3428 if (!check_usershare_stat(fname, &lsbuf)) {
3435 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3440 if (NT_STATUS_IS_OK(status) &&
3441 (data.dptr != NULL) &&
3442 (data.dsize == sizeof(iService))) {
3443 memcpy(&iService, data.dptr, sizeof(iService));
3447 if (iService != -1 &&
3448 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3449 &lsbuf.st_ex_mtime) == 0) {
3450 /* Nothing changed - Mark valid and return. */
3451 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3453 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3458 /* Try and open the file read only - no symlinks allowed. */
3460 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3462 fd = open(fname, O_RDONLY, 0);
3466 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3467 fname, strerror(errno) ));
3471 /* Now fstat to be *SURE* it's a regular file. */
3472 if (sys_fstat(fd, &sbuf, false) != 0) {
3474 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3475 fname, strerror(errno) ));
3479 /* Is it the same dev/inode as was lstated ? */
3480 if (!check_same_stat(&lsbuf, &sbuf)) {
3482 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3483 "Symlink spoofing going on ?\n", fname ));
3487 /* This must be a regular file, not a symlink, directory or
3488 other strange filetype. */
3489 if (!check_usershare_stat(fname, &sbuf)) {
3494 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3497 if (lines == NULL) {
3498 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3499 fname, (unsigned int)sbuf.st_ex_uid ));
3503 if (parse_usershare_file(ctx, &sbuf, file_name,
3504 iService, lines, numlines, &sharepath,
3505 &comment, &cp_service_name,
3506 &psd, &guest_ok) != USERSHARE_OK) {
3510 /* Everything ok - add the service possibly using a template. */
3512 const struct loadparm_service *sp = &sDefault;
3513 if (snum_template != -1) {
3514 sp = ServicePtrs[snum_template];
3517 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3518 DEBUG(0, ("process_usershare_file: Failed to add "
3519 "new service %s\n", cp_service_name));
3523 added_service = true;
3525 /* Read only is controlled by usershare ACL below. */
3526 ServicePtrs[iService]->read_only = false;
3529 /* Write the ACL of the new/modified share. */
3530 status = set_share_security(canon_name, psd);
3531 if (!NT_STATUS_IS_OK(status)) {
3532 DEBUG(0, ("process_usershare_file: Failed to set share "
3533 "security for user share %s\n",
3538 /* If from a template it may be marked invalid. */
3539 ServicePtrs[iService]->valid = true;
3541 /* Set the service as a valid usershare. */
3542 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3544 /* Set guest access. */
3545 if (lp_usershare_allow_guests()) {
3546 ServicePtrs[iService]->guest_ok = guest_ok;
3549 /* And note when it was loaded. */
3550 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3551 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3553 lpcfg_string_set(ServicePtrs[iService],
3554 &ServicePtrs[iService]->comment, comment);
3560 if (ret == -1 && iService != -1 && added_service) {
3561 lp_remove_service(iService);
3569 /***************************************************************************
3570 Checks if a usershare entry has been modified since last load.
3571 ***************************************************************************/
3573 static bool usershare_exists(int iService, struct timespec *last_mod)
3575 SMB_STRUCT_STAT lsbuf;
3576 const char *usersharepath = Globals.usershare_path;
3579 fname = talloc_asprintf(talloc_tos(),
3582 ServicePtrs[iService]->szService);
3583 if (fname == NULL) {
3587 if (sys_lstat(fname, &lsbuf, false) != 0) {
3592 if (!S_ISREG(lsbuf.st_ex_mode)) {
3598 *last_mod = lsbuf.st_ex_mtime;
3602 static bool usershare_directory_is_root(uid_t uid)
3608 if (uid_wrapper_enabled()) {
3615 /***************************************************************************
3616 Load a usershare service by name. Returns a valid servicenumber or -1.
3617 ***************************************************************************/
3619 int load_usershare_service(const char *servicename)
3621 SMB_STRUCT_STAT sbuf;
3622 const char *usersharepath = Globals.usershare_path;
3623 int max_user_shares = Globals.usershare_max_shares;
3624 int snum_template = -1;
3626 if (*usersharepath == 0 || max_user_shares == 0) {
3630 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3631 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3632 usersharepath, strerror(errno) ));
3636 if (!S_ISDIR(sbuf.st_ex_mode)) {
3637 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3643 * This directory must be owned by root, and have the 't' bit set.
3644 * It also must not be writable by "other".
3648 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3649 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3651 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3652 (sbuf.st_ex_mode & S_IWOTH)) {
3654 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3655 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3660 /* Ensure the template share exists if it's set. */
3661 if (Globals.usershare_template_share[0]) {
3662 /* We can't use lp_servicenumber here as we are recommending that
3663 template shares have -valid=false set. */
3664 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3665 if (ServicePtrs[snum_template]->szService &&
3666 strequal(ServicePtrs[snum_template]->szService,
3667 Globals.usershare_template_share)) {
3672 if (snum_template == -1) {
3673 DEBUG(0,("load_usershare_service: usershare template share %s "
3674 "does not exist.\n",
3675 Globals.usershare_template_share ));
3680 return process_usershare_file(usersharepath, servicename, snum_template);
3683 /***************************************************************************
3684 Load all user defined shares from the user share directory.
3685 We only do this if we're enumerating the share list.
3686 This is the function that can delete usershares that have
3688 ***************************************************************************/
3690 int load_usershare_shares(struct smbd_server_connection *sconn,
3691 bool (*snumused) (struct smbd_server_connection *, int))
3694 SMB_STRUCT_STAT sbuf;
3696 int num_usershares = 0;
3697 int max_user_shares = Globals.usershare_max_shares;
3698 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3699 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3700 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3702 int snum_template = -1;
3703 const char *usersharepath = Globals.usershare_path;
3704 int ret = lp_numservices();
3705 TALLOC_CTX *tmp_ctx;
3707 if (max_user_shares == 0 || *usersharepath == '\0') {
3708 return lp_numservices();
3711 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3712 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3713 usersharepath, strerror(errno) ));
3718 * This directory must be owned by root, and have the 't' bit set.
3719 * It also must not be writable by "other".
3723 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3725 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3727 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3728 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3733 /* Ensure the template share exists if it's set. */
3734 if (Globals.usershare_template_share[0]) {
3735 /* We can't use lp_servicenumber here as we are recommending that
3736 template shares have -valid=false set. */
3737 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3738 if (ServicePtrs[snum_template]->szService &&
3739 strequal(ServicePtrs[snum_template]->szService,
3740 Globals.usershare_template_share)) {
3745 if (snum_template == -1) {
3746 DEBUG(0,("load_usershare_shares: usershare template share %s "
3747 "does not exist.\n",
3748 Globals.usershare_template_share ));
3753 /* Mark all existing usershares as pending delete. */
3754 for (iService = iNumServices - 1; iService >= 0; iService--) {
3755 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3756 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3760 dp = opendir(usersharepath);
3762 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3763 usersharepath, strerror(errno) ));
3767 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3769 num_dir_entries++ ) {
3771 const char *n = de->d_name;
3773 /* Ignore . and .. */
3775 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3781 /* Temporary file used when creating a share. */
3782 num_tmp_dir_entries++;
3785 /* Allow 20% tmp entries. */
3786 if (num_tmp_dir_entries > allowed_tmp_entries) {
3787 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3788 "in directory %s\n",
3789 num_tmp_dir_entries, usersharepath));
3793 r = process_usershare_file(usersharepath, n, snum_template);
3795 /* Update the services count. */
3797 if (num_usershares >= max_user_shares) {
3798 DEBUG(0,("load_usershare_shares: max user shares reached "
3799 "on file %s in directory %s\n",
3800 n, usersharepath ));
3803 } else if (r == -1) {
3804 num_bad_dir_entries++;
3807 /* Allow 20% bad entries. */
3808 if (num_bad_dir_entries > allowed_bad_entries) {
3809 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3810 "in directory %s\n",
3811 num_bad_dir_entries, usersharepath));
3815 /* Allow 20% bad entries. */
3816 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3817 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3818 "in directory %s\n",
3819 num_dir_entries, usersharepath));
3826 /* Sweep through and delete any non-refreshed usershares that are
3827 not currently in use. */
3828 tmp_ctx = talloc_stackframe();
3829 for (iService = iNumServices - 1; iService >= 0; iService--) {
3830 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3831 const struct loadparm_substitution *lp_sub =
3832 loadparm_s3_global_substitution();
3835 if (snumused && snumused(sconn, iService)) {
3839 servname = lp_servicename(tmp_ctx, lp_sub, iService);
3841 /* Remove from the share ACL db. */
3842 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3844 delete_share_security(servname);
3845 free_service_byindex(iService);
3848 talloc_free(tmp_ctx);
3850 return lp_numservices();
3853 /********************************************************
3854 Destroy global resources allocated in this file
3855 ********************************************************/
3857 void gfree_loadparm(void)
3863 /* Free resources allocated to services */
3865 for ( i = 0; i < iNumServices; i++ ) {
3867 free_service_byindex(i);
3871 TALLOC_FREE( ServicePtrs );
3874 /* Now release all resources allocated to global
3875 parameters and the default service */
3877 free_global_parameters();
3881 /***************************************************************************
3882 Allow client apps to specify that they are a client
3883 ***************************************************************************/
3884 static void lp_set_in_client(bool b)
3890 /***************************************************************************
3891 Determine if we're running in a client app
3892 ***************************************************************************/
3893 static bool lp_is_in_client(void)
3898 static void lp_enforce_ad_dc_settings(void)
3900 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3901 lp_do_parameter(GLOBAL_SECTION_SNUM,
3902 "winbindd:use external pipes", "true");
3903 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3904 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3905 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3906 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3907 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3908 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3909 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3910 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3911 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3914 /***************************************************************************
3915 Load the services array from the services file. Return true on success,
3917 ***************************************************************************/
3919 static bool lp_load_ex(const char *pszFname,
3923 bool reinit_globals,
3924 bool allow_include_registry,
3925 bool load_all_shares)
3929 TALLOC_CTX *frame = talloc_stackframe();
3930 struct loadparm_context *lp_ctx;
3931 int max_protocol, min_protocol;
3933 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3935 bInGlobalSection = true;
3936 bGlobalOnly = global_only;
3937 bAllowIncludeRegistry = allow_include_registry;
3938 sDefault = _sDefault;
3940 lp_ctx = setup_lp_context(talloc_tos());
3942 init_globals(lp_ctx, reinit_globals);
3946 if (save_defaults) {
3951 if (!reinit_globals) {
3952 free_param_opts(&Globals.param_opt);
3953 apply_lp_set_cmdline();
3956 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3958 /* We get sections first, so have to start 'behind' to make up */
3961 if (lp_config_backend_is_file()) {
3962 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3963 current_user_info.domain,
3966 smb_panic("lp_load_ex: out of memory");
3969 add_to_file_list(NULL, &file_lists, pszFname, n2);
3971 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3974 /* finish up the last section */
3975 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3977 if (iServiceIndex >= 0) {
3978 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3982 if (lp_config_backend_is_registry()) {
3984 /* config backend changed to registry in config file */
3986 * We need to use this extra global variable here to
3987 * survive restart: init_globals uses this as a default
3988 * for config_backend. Otherwise, init_globals would
3989 * send us into an endless loop here.
3992 config_backend = CONFIG_BACKEND_REGISTRY;
3994 DEBUG(1, ("lp_load_ex: changing to config backend "
3996 init_globals(lp_ctx, true);
3998 TALLOC_FREE(lp_ctx);
4000 lp_kill_all_services();
4001 ok = lp_load_ex(pszFname, global_only, save_defaults,
4002 add_ipc, reinit_globals,
4003 allow_include_registry,
4008 } else if (lp_config_backend_is_registry()) {
4009 bRetval = process_registry_globals();
4011 DEBUG(0, ("Illegal config backend given: %d\n",
4012 lp_config_backend()));
4016 if (bRetval && lp_registry_shares()) {
4017 if (load_all_shares) {
4018 bRetval = process_registry_shares();
4020 bRetval = reload_registry_shares();
4025 const struct loadparm_substitution *lp_sub =
4026 loadparm_s3_global_substitution();
4027 char *serv = lp_auto_services(talloc_tos(), lp_sub);
4028 lp_add_auto_services(serv);
4033 /* When 'restrict anonymous = 2' guest connections to ipc$
4035 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
4036 if ( lp_enable_asu_support() ) {
4037 lp_add_ipc("ADMIN$", false);
4041 set_allowed_client_auth();
4043 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
4044 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
4045 lp_password_server()));
4050 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4051 /* if we_are_a_wins_server is true and we are in the client */
4052 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4053 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4058 fault_configure(smb_panic_s3);
4061 * We run this check once the whole smb.conf is parsed, to
4062 * force some settings for the standard way a AD DC is
4063 * operated. We may change these as our code evolves, which
4064 * is why we force these settings.
4066 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4067 lp_enforce_ad_dc_settings();
4070 bAllowIncludeRegistry = true;
4072 /* Check if command line max protocol < min protocol, if so
4073 * report a warning to the user.
4075 max_protocol = lp_client_max_protocol();
4076 min_protocol = lp_client_min_protocol();
4077 if (max_protocol < min_protocol) {
4078 const char *max_protocolp, *min_protocolp;
4079 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4080 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4081 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4082 max_protocolp, min_protocolp);
4089 static bool lp_load(const char *pszFname,
4093 bool reinit_globals)
4095 return lp_load_ex(pszFname,
4100 true, /* allow_include_registry */
4101 false); /* load_all_shares*/
4104 bool lp_load_initial_only(const char *pszFname)
4106 return lp_load_ex(pszFname,
4107 true, /* global only */
4108 true, /* save_defaults */
4109 false, /* add_ipc */
4110 true, /* reinit_globals */
4111 false, /* allow_include_registry */
4112 false); /* load_all_shares*/
4116 * most common lp_load wrapper, loading only the globals
4118 * If this is used in a daemon or client utility it should be called
4119 * after processing popt.
4121 bool lp_load_global(const char *file_name)
4123 return lp_load(file_name,
4124 true, /* global_only */
4125 false, /* save_defaults */
4126 false, /* add_ipc */
4127 true); /* reinit_globals */
4131 * The typical lp_load wrapper with shares, loads global and
4132 * shares, including IPC, but does not force immediate
4133 * loading of all shares from registry.
4135 bool lp_load_with_shares(const char *file_name)
4137 return lp_load(file_name,
4138 false, /* global_only */
4139 false, /* save_defaults */
4141 true); /* reinit_globals */
4145 * lp_load wrapper, especially for clients
4147 bool lp_load_client(const char *file_name)
4149 lp_set_in_client(true);
4151 return lp_load_global(file_name);
4155 * lp_load wrapper, loading only globals, but intended
4156 * for subsequent calls, not reinitializing the globals
4159 bool lp_load_global_no_reinit(const char *file_name)
4161 return lp_load(file_name,
4162 true, /* global_only */
4163 false, /* save_defaults */
4164 false, /* add_ipc */
4165 false); /* reinit_globals */
4169 * lp_load wrapper, loading globals and shares,
4170 * intended for subsequent calls, i.e. not reinitializing
4171 * the globals to default values.
4173 bool lp_load_no_reinit(const char *file_name)
4175 return lp_load(file_name,
4176 false, /* global_only */
4177 false, /* save_defaults */
4178 false, /* add_ipc */
4179 false); /* reinit_globals */
4184 * lp_load wrapper, especially for clients, no reinitialization
4186 bool lp_load_client_no_reinit(const char *file_name)
4188 lp_set_in_client(true);
4190 return lp_load_global_no_reinit(file_name);
4193 bool lp_load_with_registry_shares(const char *pszFname)
4195 return lp_load_ex(pszFname,
4196 false, /* global_only */
4197 true, /* save_defaults */
4198 false, /* add_ipc */
4199 true, /* reinit_globals */
4200 true, /* allow_include_registry */
4201 true); /* load_all_shares*/
4204 /***************************************************************************
4205 Return the max number of services.
4206 ***************************************************************************/
4208 int lp_numservices(void)
4210 return (iNumServices);
4213 /***************************************************************************
4214 Display the contents of the services array in human-readable form.
4215 ***************************************************************************/
4217 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4220 struct loadparm_context *lp_ctx;
4223 defaults_saved = false;
4225 lp_ctx = setup_lp_context(talloc_tos());
4226 if (lp_ctx == NULL) {
4230 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4232 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4234 for (iService = 0; iService < maxtoprint; iService++) {
4236 lp_dump_one(f, show_defaults, iService);
4238 TALLOC_FREE(lp_ctx);
4241 /***************************************************************************
4242 Display the contents of one service in human-readable form.
4243 ***************************************************************************/
4245 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4248 if (ServicePtrs[snum]->szService[0] == '\0')
4250 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4251 flags_list, show_defaults);
4255 /***************************************************************************
4256 Return the number of the service with the given name, or -1 if it doesn't
4257 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4258 getservicebyname()! This works ONLY if all services have been loaded, and
4259 does not copy the found service.
4260 ***************************************************************************/
4262 int lp_servicenumber(const char *pszServiceName)
4265 fstring serviceName;
4267 if (!pszServiceName) {
4268 return GLOBAL_SECTION_SNUM;
4271 for (iService = iNumServices - 1; iService >= 0; iService--) {
4272 if (VALID(iService) && ServicePtrs[iService]->szService) {
4274 * The substitution here is used to support %U in
4277 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4278 standard_sub_basic(get_current_username(),
4279 current_user_info.domain,
4280 serviceName,sizeof(serviceName));
4281 if (strequal(serviceName, pszServiceName)) {
4287 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4288 struct timespec last_mod;
4290 if (!usershare_exists(iService, &last_mod)) {
4291 /* Remove the share security tdb entry for it. */
4292 delete_share_security(lp_const_servicename(iService));
4293 /* Remove it from the array. */
4294 free_service_byindex(iService);
4295 /* Doesn't exist anymore. */
4296 return GLOBAL_SECTION_SNUM;
4299 /* Has it been modified ? If so delete and reload. */
4300 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4302 /* Remove it from the array. */
4303 free_service_byindex(iService);
4304 /* and now reload it. */
4305 iService = load_usershare_service(pszServiceName);
4310 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4311 return GLOBAL_SECTION_SNUM;
4317 /*******************************************************************
4318 A useful volume label function.
4319 ********************************************************************/
4321 const char *volume_label(TALLOC_CTX *ctx, int snum)
4323 const struct loadparm_substitution *lp_sub =
4324 loadparm_s3_global_substitution();
4326 const char *label = lp_volume(ctx, lp_sub, snum);
4330 label = lp_servicename(ctx, lp_sub, snum);
4334 * Volume label can be a max of 32 bytes. Make sure to truncate
4335 * it at a codepoint boundary if it's longer than 32 and contains
4336 * multibyte characters. Windows insists on a volume label being
4337 * a valid mb sequence, and errors out if not.
4339 if (strlen(label) > 32) {
4341 * A MB char can be a max of 5 bytes, thus
4342 * we should have a valid mb character at a
4343 * minimum position of (32-5) = 27.
4347 * Check if a codepoint starting from next byte
4348 * is valid. If yes, then the current byte is the
4349 * end of a MB or ascii sequence and the label can
4350 * be safely truncated here. If not, keep going
4351 * backwards till a valid codepoint is found.
4354 const char *s = &label[end];
4355 codepoint_t c = next_codepoint(s, &len);
4356 if (c != INVALID_CODEPOINT) {
4363 /* This returns a max of 33 byte guarenteed null terminated string. */
4364 ret = talloc_strndup(ctx, label, end);
4371 /*******************************************************************
4372 Get the default server type we will announce as via nmbd.
4373 ********************************************************************/
4375 int lp_default_server_announce(void)
4377 int default_server_announce = 0;
4378 default_server_announce |= SV_TYPE_WORKSTATION;
4379 default_server_announce |= SV_TYPE_SERVER;
4380 default_server_announce |= SV_TYPE_SERVER_UNIX;
4382 /* note that the flag should be set only if we have a
4383 printer service but nmbd doesn't actually load the
4384 services so we can't tell --jerry */
4386 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4388 default_server_announce |= SV_TYPE_SERVER_NT;
4389 default_server_announce |= SV_TYPE_NT;
4391 switch (lp_server_role()) {
4392 case ROLE_DOMAIN_MEMBER:
4393 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4395 case ROLE_DOMAIN_PDC:
4396 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4398 case ROLE_DOMAIN_BDC:
4399 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4401 case ROLE_STANDALONE:
4405 if (lp_time_server())
4406 default_server_announce |= SV_TYPE_TIME_SOURCE;
4408 if (lp_host_msdfs())
4409 default_server_announce |= SV_TYPE_DFS_SERVER;
4411 return default_server_announce;
4414 /***********************************************************
4415 If we are PDC then prefer us as DMB
4416 ************************************************************/
4418 bool lp_domain_master(void)
4420 if (Globals._domain_master == Auto)
4421 return (lp_server_role() == ROLE_DOMAIN_PDC);
4423 return (bool)Globals._domain_master;
4426 /***********************************************************
4427 If we are PDC then prefer us as DMB
4428 ************************************************************/
4430 static bool lp_domain_master_true_or_auto(void)
4432 if (Globals._domain_master) /* auto or yes */
4438 /***********************************************************
4439 If we are DMB then prefer us as LMB
4440 ************************************************************/
4442 bool lp_preferred_master(void)
4444 int preferred_master = lp__preferred_master();
4446 if (preferred_master == Auto)
4447 return (lp_local_master() && lp_domain_master());
4449 return (bool)preferred_master;
4452 /*******************************************************************
4454 ********************************************************************/
4456 void lp_remove_service(int snum)
4458 ServicePtrs[snum]->valid = false;
4461 const char *lp_printername(TALLOC_CTX *ctx,
4462 const struct loadparm_substitution *lp_sub,
4465 const char *ret = lp__printername(ctx, lp_sub, snum);
4467 if (ret == NULL || *ret == '\0') {
4468 ret = lp_const_servicename(snum);
4475 /***********************************************************
4476 Allow daemons such as winbindd to fix their logfile name.
4477 ************************************************************/
4479 void lp_set_logfile(const char *name)
4481 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4482 debug_set_logfile(name);
4485 /*******************************************************************
4486 Return the max print jobs per queue.
4487 ********************************************************************/
4489 int lp_maxprintjobs(int snum)
4491 int maxjobs = lp_max_print_jobs(snum);
4493 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4494 maxjobs = PRINT_MAX_JOBID - 1;
4499 const char *lp_printcapname(void)
4501 const char *printcap_name = lp_printcap_name();
4503 if ((printcap_name != NULL) &&
4504 (printcap_name[0] != '\0'))
4505 return printcap_name;
4507 if (sDefault.printing == PRINT_CUPS) {
4511 if (sDefault.printing == PRINT_BSD)
4512 return "/etc/printcap";
4514 return PRINTCAP_NAME;
4517 static uint32_t spoolss_state;
4519 bool lp_disable_spoolss( void )
4521 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4522 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4524 return spoolss_state == SVCCTL_STOPPED ? true : false;
4527 void lp_set_spoolss_state( uint32_t state )
4529 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4531 spoolss_state = state;
4534 uint32_t lp_get_spoolss_state( void )
4536 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4539 /*******************************************************************
4540 Turn off sendfile if we find the underlying OS doesn't support it.
4541 ********************************************************************/
4543 void set_use_sendfile(int snum, bool val)
4545 if (LP_SNUM_OK(snum))
4546 ServicePtrs[snum]->_use_sendfile = val;
4548 sDefault._use_sendfile = val;
4551 void lp_set_mangling_method(const char *new_method)
4553 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4556 /*******************************************************************
4557 Global state for POSIX pathname processing.
4558 ********************************************************************/
4560 static bool posix_pathnames;
4562 bool lp_posix_pathnames(void)
4564 return posix_pathnames;
4567 /*******************************************************************
4568 Change everything needed to ensure POSIX pathname processing (currently
4570 ********************************************************************/
4572 void lp_set_posix_pathnames(void)
4574 posix_pathnames = true;
4577 /*******************************************************************
4578 Global state for POSIX lock processing - CIFS unix extensions.
4579 ********************************************************************/
4581 bool posix_default_lock_was_set;
4582 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4584 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4586 if (posix_default_lock_was_set) {
4587 return posix_cifsx_locktype;
4589 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4590 POSIX_LOCK : WINDOWS_LOCK;
4594 /*******************************************************************
4595 ********************************************************************/
4597 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4599 posix_default_lock_was_set = true;
4600 posix_cifsx_locktype = val;
4603 int lp_min_receive_file_size(void)
4605 int min_receivefile_size = lp_min_receivefile_size();
4607 if (min_receivefile_size < 0) {
4610 return min_receivefile_size;
4613 /*******************************************************************
4614 Safe wide links checks.
4615 This helper function always verify the validity of wide links,
4616 even after a configuration file reload.
4617 ********************************************************************/
4619 void widelinks_warning(int snum)
4621 if (lp_allow_insecure_wide_links()) {
4625 if (lp_unix_extensions() && lp_wide_links(snum)) {
4626 DBG_ERR("Share '%s' has wide links and unix extensions enabled. "
4627 "These parameters are incompatible. "
4628 "Wide links will be disabled for this share.\n",
4629 lp_const_servicename(snum));
4633 bool lp_widelinks(int snum)
4635 /* wide links is always incompatible with unix extensions */
4636 if (lp_unix_extensions()) {
4638 * Unless we have "allow insecure widelinks"
4641 if (!lp_allow_insecure_wide_links()) {
4646 return lp_wide_links(snum);
4649 int lp_server_role(void)
4651 return lp_find_server_role(lp__server_role(),
4653 lp__domain_logons(),
4654 lp_domain_master_true_or_auto());
4657 int lp_security(void)
4659 return lp_find_security(lp__server_role(),
4663 int lp_client_max_protocol(void)
4665 int client_max_protocol = lp__client_max_protocol();
4666 if (client_max_protocol == PROTOCOL_DEFAULT) {
4667 return PROTOCOL_LATEST;
4669 return client_max_protocol;
4672 int lp_client_ipc_min_protocol(void)
4674 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4675 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4676 client_ipc_min_protocol = lp_client_min_protocol();
4678 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4679 return PROTOCOL_NT1;
4681 return client_ipc_min_protocol;
4684 int lp_client_ipc_max_protocol(void)
4686 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4687 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4688 return PROTOCOL_LATEST;
4690 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4691 return PROTOCOL_NT1;
4693 return client_ipc_max_protocol;
4696 int lp_client_ipc_signing(void)
4698 int client_ipc_signing = lp__client_ipc_signing();
4699 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4700 return SMB_SIGNING_REQUIRED;
4702 return client_ipc_signing;
4705 int lp_rpc_low_port(void)
4707 return Globals.rpc_low_port;
4710 int lp_rpc_high_port(void)
4712 return Globals.rpc_high_port;
4716 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4718 * This also ensures it is disabled if NTLM is totally disabled
4720 bool lp_lanman_auth(void)
4722 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4724 if (ntlm_auth_level == NTLM_AUTH_ON) {
4725 return lp__lanman_auth();
4731 struct loadparm_global * get_globals(void)
4736 unsigned int * get_flags(void)
4738 if (flags_list == NULL) {
4739 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
4745 enum samba_weak_crypto lp_weak_crypto()
4747 if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
4748 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
4750 if (samba_gnutls_weak_crypto_allowed()) {
4751 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
4755 return Globals.weak_crypto;