2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "system/filesys.h"
60 #include "lib/param/loadparm.h"
61 #include "lib/param/param.h"
63 #include "lib/smbconf/smbconf.h"
64 #include "lib/smbconf/smbconf_init.h"
66 #include "include/smb_ldap.h"
67 #include "../librpc/gen_ndr/svcctl.h"
69 #include "../libcli/smb/smb_signing.h"
70 #include "dbwrap/dbwrap.h"
71 #include "dbwrap/dbwrap_rbt.h"
72 #include "../lib/util/bitmap.h"
73 #include "librpc/gen_ndr/nbt.h"
74 #include "librpc/gen_ndr/dns.h"
75 #include "source4/lib/tls/tls.h"
76 #include "libcli/auth/ntlm_check.h"
77 #include "lib/crypto/gnutls_helpers.h"
78 #include "lib/util/string_wrappers.h"
79 #include "auth/credentials/credentials.h"
80 #include "source3/lib/substitute.h"
81 #include "source3/librpc/gen_ndr/ads.h"
83 #ifdef HAVE_SYS_SYSCTL_H
84 #include <sys/sysctl.h>
89 /* the special value for the include parameter
90 * to be interpreted not as a file name but to
91 * trigger loading of the global smb.conf options
93 #ifndef INCLUDE_REGISTRY_NAME
94 #define INCLUDE_REGISTRY_NAME "registry"
97 static bool in_client = false; /* Not in the client by default */
98 static struct smbconf_csn conf_last_csn;
100 static int config_backend = CONFIG_BACKEND_FILE;
102 /* some helpful bits */
103 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
104 (ServicePtrs != NULL) && \
105 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
106 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
107 ServicePtrs[i]->valid)
109 #define USERSHARE_VALID 1
110 #define USERSHARE_PENDING_DELETE 2
112 static bool defaults_saved = false;
114 #include "lib/param/param_global.h"
116 static struct loadparm_global Globals;
118 /* This is a default service used to prime a services structure */
119 static const struct loadparm_service _sDefault =
124 .usershare_last_mod = {0, 0},
127 .invalid_users = NULL,
134 .root_preexec = NULL,
135 .root_postexec = NULL,
136 .cups_options = NULL,
137 .print_command = NULL,
139 .lprm_command = NULL,
140 .lppause_command = NULL,
141 .lpresume_command = NULL,
142 .queuepause_command = NULL,
143 .queueresume_command = NULL,
144 ._printername = NULL,
145 .printjob_username = NULL,
146 .dont_descend = NULL,
149 .magic_script = NULL,
150 .magic_output = NULL,
153 .veto_oplock_files = NULL,
163 .aio_write_behind = NULL,
164 .dfree_command = NULL,
165 .min_print_space = 0,
166 .max_print_jobs = 1000,
167 .max_reported_print_jobs = 0,
169 .force_create_mode = 0,
170 .directory_mask = 0755,
171 .force_directory_mode = 0,
172 .max_connections = 0,
173 .default_case = CASE_LOWER,
174 .printing = DEFAULT_PRINTING,
177 .dfree_cache_time = 0,
178 .preexec_close = false,
179 .root_preexec_close = false,
180 .case_sensitive = Auto,
181 .preserve_case = true,
182 .short_preserve_case = true,
183 .hide_dot_files = true,
184 .hide_special_files = false,
185 .hide_unreadable = false,
186 .hide_unwriteable_files = false,
188 .access_based_share_enum = false,
193 .administrative_share = false,
196 .print_notify_backchannel = false,
200 .store_dos_attributes = true,
201 .smbd_max_xattr_size = 65536,
202 .dmapi_support = false,
204 .strict_locking = Auto,
205 .posix_locking = true,
207 .kernel_oplocks = false,
208 .level2_oplocks = true,
209 .mangled_names = MANGLED_NAMES_ILLEGAL,
211 .follow_symlinks = true,
212 .sync_always = false,
213 .strict_allocate = false,
214 .strict_rename = false,
216 .mangling_char = '~',
218 .delete_readonly = false,
219 .fake_oplocks = false,
220 .delete_veto_files = false,
221 .dos_filemode = false,
222 .dos_filetimes = true,
223 .dos_filetime_resolution = false,
224 .fake_directory_create_times = false,
225 .blocking_locks = true,
226 .inherit_permissions = false,
227 .inherit_acls = false,
228 .inherit_owner = false,
230 .msdfs_shuffle_referrals = false,
231 .use_client_driver = false,
232 .default_devmode = true,
233 .force_printername = false,
234 .nt_acl_support = true,
235 .force_unknown_acl_user = false,
236 ._use_sendfile = false,
237 .map_acl_inherit = false,
240 .acl_check_permissions = true,
241 .acl_map_full_control = true,
242 .acl_group_control = false,
243 .acl_allow_execute_always = false,
244 .acl_flag_inherited_canonicalization = true,
247 .map_readonly = MAP_READONLY_NO,
248 .directory_name_cache_size = 100,
249 .server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
250 .kernel_share_modes = false,
251 .durable_handles = true,
252 .check_parent_directory_delete_on_close = false,
254 .smbd_search_ask_sharemode = true,
255 .smbd_getinfo_ask_sharemode = true,
256 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
257 .honor_change_notify_privilege = false,
258 .volume_serial_number = -1,
263 * This is a copy of the default service structure. Service options in the
264 * global section would otherwise overwrite the initial default values.
266 static struct loadparm_service sDefault;
268 /* local variables */
269 static struct loadparm_service **ServicePtrs = NULL;
270 static int iNumServices = 0;
271 static int iServiceIndex = 0;
272 static struct db_context *ServiceHash;
273 static bool bInGlobalSection = true;
274 static bool bGlobalOnly = false;
275 static struct file_lists *file_lists = NULL;
276 static unsigned int *flags_list = NULL;
278 static void set_allowed_client_auth(void);
280 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
281 static void free_param_opts(struct parmlist_entry **popts);
284 * Function to return the default value for the maximum number of open
285 * file descriptors permitted. This function tries to consult the
286 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
287 * the smaller of those.
289 static int max_open_files(void)
291 int sysctl_max = MAX_OPEN_FILES;
292 int rlimit_max = MAX_OPEN_FILES;
294 #ifdef HAVE_SYSCTLBYNAME
296 size_t size = sizeof(sysctl_max);
297 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
302 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
308 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
309 rlimit_max = rl.rlim_cur;
311 #if defined(RLIM_INFINITY)
312 if(rl.rlim_cur == RLIM_INFINITY)
313 rlimit_max = MAX_OPEN_FILES;
318 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
319 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
320 "minimum Windows limit (%d)\n",
322 MIN_OPEN_FILES_WINDOWS));
323 sysctl_max = MIN_OPEN_FILES_WINDOWS;
326 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
327 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
328 "minimum Windows limit (%d)\n",
330 MIN_OPEN_FILES_WINDOWS));
331 rlimit_max = MIN_OPEN_FILES_WINDOWS;
334 return MIN(sysctl_max, rlimit_max);
338 * Common part of freeing allocated data for one parameter.
340 static void free_one_parameter_common(void *parm_ptr,
341 struct parm_struct parm)
343 if ((parm.type == P_STRING) ||
344 (parm.type == P_USTRING))
346 lpcfg_string_free((char**)parm_ptr);
347 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
348 TALLOC_FREE(*((char***)parm_ptr));
353 * Free the allocated data for one parameter for a share
354 * given as a service struct.
356 static void free_one_parameter(struct loadparm_service *service,
357 struct parm_struct parm)
361 if (parm.p_class != P_LOCAL) {
365 parm_ptr = lp_parm_ptr(service, &parm);
367 free_one_parameter_common(parm_ptr, parm);
371 * Free the allocated parameter data of a share given
372 * as a service struct.
374 static void free_parameters(struct loadparm_service *service)
378 for (i=0; parm_table[i].label; i++) {
379 free_one_parameter(service, parm_table[i]);
384 * Free the allocated data for one parameter for a given share
385 * specified by an snum.
387 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
392 parm_ptr = lp_parm_ptr(NULL, &parm);
393 } else if (parm.p_class != P_LOCAL) {
396 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
399 free_one_parameter_common(parm_ptr, parm);
403 * Free the allocated parameter data for a share specified
406 static void free_parameters_by_snum(int snum)
410 for (i=0; parm_table[i].label; i++) {
411 free_one_parameter_by_snum(snum, parm_table[i]);
416 * Free the allocated global parameters.
418 static void free_global_parameters(void)
421 struct parm_struct *parm;
423 free_param_opts(&Globals.param_opt);
424 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
426 /* Reset references in the defaults because the context is going to be freed */
427 for (i=0; parm_table[i].label; i++) {
428 parm = &parm_table[i];
429 if ((parm->type == P_STRING) ||
430 (parm->type == P_USTRING)) {
431 if ((parm->def.svalue != NULL) &&
432 (*(parm->def.svalue) != '\0')) {
433 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
434 parm->def.svalue = NULL;
439 TALLOC_FREE(Globals.ctx);
442 struct lp_stored_option {
443 struct lp_stored_option *prev, *next;
448 static struct lp_stored_option *stored_options;
451 save options set by lp_set_cmdline() into a list. This list is
452 re-applied when we do a globals reset, so that cmdline set options
453 are sticky across reloads of smb.conf
455 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
457 struct lp_stored_option *entry, *entry_next;
458 for (entry = stored_options; entry != NULL; entry = entry_next) {
459 entry_next = entry->next;
460 if (strcmp(pszParmName, entry->label) == 0) {
461 DLIST_REMOVE(stored_options, entry);
467 entry = talloc(NULL, struct lp_stored_option);
472 entry->label = talloc_strdup(entry, pszParmName);
478 entry->value = talloc_strdup(entry, pszParmValue);
484 DLIST_ADD_END(stored_options, entry);
489 static bool apply_lp_set_cmdline(void)
491 struct lp_stored_option *entry = NULL;
492 for (entry = stored_options; entry != NULL; entry = entry->next) {
493 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
494 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
495 entry->label, entry->value));
502 /***************************************************************************
503 Initialise the global parameter structure.
504 ***************************************************************************/
506 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
508 static bool done_init = false;
512 /* If requested to initialize only once and we've already done it... */
513 if (!reinit_globals && done_init) {
514 /* ... then we have nothing more to do */
519 /* The logfile can be set before this is invoked. Free it if so. */
520 lpcfg_string_free(&Globals.logfile);
523 free_global_parameters();
526 /* This memset and the free_global_parameters() above will
527 * wipe out smb.conf options set with lp_set_cmdline(). The
528 * apply_lp_set_cmdline() call puts these values back in the
529 * table once the defaults are set */
530 ZERO_STRUCT(Globals);
532 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
534 /* Initialize the flags list if necessary */
535 if (flags_list == NULL) {
539 for (i = 0; parm_table[i].label; i++) {
540 if ((parm_table[i].type == P_STRING ||
541 parm_table[i].type == P_USTRING))
545 (char **)lp_parm_ptr(NULL, &parm_table[i]),
551 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
552 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
554 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
556 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
558 DEBUG(3, ("Initialising global parameters\n"));
560 /* Must manually force to upper case here, as this does not go via the handler */
561 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
564 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
565 get_dyn_SMB_PASSWD_FILE());
566 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
567 get_dyn_PRIVATE_DIR());
568 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
569 get_dyn_BINDDNS_DIR());
571 /* use the new 'hash2' method by default, with a prefix of 1 */
572 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
573 Globals.mangle_prefix = 1;
575 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
577 /* using UTF8 by default allows us to support all chars */
578 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
579 DEFAULT_UNIX_CHARSET);
581 /* Use codepage 850 as a default for the dos character set */
582 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
583 DEFAULT_DOS_CHARSET);
586 * Allow the default PASSWD_CHAT to be overridden in local.h.
588 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
589 DEFAULT_PASSWD_CHAT);
591 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
593 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
594 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
596 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
598 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
600 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
602 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
605 * By default support explicit binding to broadcast
608 Globals.nmbd_bind_explicit_broadcast = true;
610 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
612 smb_panic("init_globals: ENOMEM");
614 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
617 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
618 "/bin/sleep 999999999");
621 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
622 DEFAULT_SOCKET_OPTIONS);
624 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
625 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
626 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
627 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
628 "\\\\%N\\%U\\profile");
630 Globals.name_resolve_order =
631 str_list_make_v3_const(Globals.ctx,
632 DEFAULT_NAME_RESOLVE_ORDER,
634 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
636 Globals.algorithmic_rid_base = BASE_RID;
638 Globals.load_printers = true;
639 Globals.printcap_cache_time = 750; /* 12.5 minutes */
641 Globals.config_backend = config_backend;
642 Globals._server_role = ROLE_AUTO;
644 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
645 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
646 Globals.max_xmit = 0x4104;
647 Globals.max_mux = 50; /* This is *needed* for profile support. */
648 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
649 Globals._disable_spoolss = false;
650 Globals.max_smbd_processes = 0;/* no limit specified */
651 Globals.username_level = 0;
652 Globals.deadtime = 10080;
653 Globals.getwd_cache = true;
654 Globals.large_readwrite = true;
655 Globals.max_log_size = 5000;
656 Globals.max_open_files = max_open_files();
657 Globals.server_max_protocol = PROTOCOL_SMB3_11;
658 Globals.server_min_protocol = PROTOCOL_SMB2_02;
659 Globals._client_max_protocol = PROTOCOL_DEFAULT;
660 Globals.client_min_protocol = PROTOCOL_SMB2_02;
661 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
662 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
663 Globals._security = SEC_AUTO;
664 Globals.encrypt_passwords = true;
665 Globals.client_schannel = true;
666 Globals.winbind_sealed_pipes = true;
667 Globals.require_strong_key = true;
668 Globals.reject_md5_servers = true;
669 Globals.server_schannel = true;
670 Globals.server_schannel_require_seal = true;
671 Globals.reject_md5_clients = true;
672 Globals.read_raw = true;
673 Globals.write_raw = true;
674 Globals.null_passwords = false;
675 Globals.old_password_allowed_period = 60;
676 Globals.obey_pam_restrictions = false;
678 Globals.syslog_only = false;
679 Globals.timestamp_logs = true;
680 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
681 Globals.debug_prefix_timestamp = false;
682 Globals.debug_hires_timestamp = true;
683 Globals.debug_syslog_format = false;
684 Globals.debug_pid = false;
685 Globals.debug_uid = false;
686 Globals.debug_class = false;
687 Globals.enable_core_files = true;
688 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
689 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
690 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
691 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
692 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
693 Globals.lm_interval = 60;
694 Globals.time_server = false;
695 Globals.bind_interfaces_only = false;
696 Globals.unix_password_sync = false;
697 Globals.pam_password_change = false;
698 Globals.passwd_chat_debug = false;
699 Globals.passwd_chat_timeout = 2; /* 2 second default. */
700 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
701 Globals.nt_status_support = true; /* Use NT status by default. */
702 Globals.smbd_profiling_level = 0;
703 Globals.stat_cache = true; /* use stat cache by default */
704 Globals.max_stat_cache_size = 512; /* 512k by default */
705 Globals.restrict_anonymous = 0;
706 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
707 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
708 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
709 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
710 Globals.nt_hash_store = NT_HASH_STORE_ALWAYS; /* Fill in NT hash when setting password */
711 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
712 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
713 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
715 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
717 Globals.map_to_guest = 0; /* By Default, "Never" */
718 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
719 Globals.enhanced_browsing = true;
720 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
721 Globals.use_mmap = true;
722 Globals.unicode = true;
723 Globals.smb1_unix_extensions = true;
724 Globals.reset_on_zero_vc = false;
725 Globals.log_writeable_files_on_exit = false;
726 Globals.create_krb5_conf = true;
727 Globals.include_system_krb5_conf = true;
728 Globals._winbind_max_domain_connections = 1;
730 /* hostname lookups can be very expensive and are broken on
731 a large number of sites (tridge) */
732 Globals.hostname_lookups = false;
734 Globals.change_notify = true,
735 Globals.kernel_change_notify = true,
737 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
738 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
739 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
740 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
741 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
742 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
744 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
745 Globals.ldap_ssl = LDAP_SSL_START_TLS;
746 Globals.ldap_deref = -1;
747 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
748 Globals.ldap_delete_dn = false;
749 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
750 Globals.ldap_follow_referral = Auto;
751 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
752 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
753 Globals.ldap_page_size = LDAP_PAGE_SIZE;
755 Globals.ldap_debug_level = 0;
756 Globals.ldap_debug_threshold = 10;
758 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
760 Globals.ldap_server_require_strong_auth =
761 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
763 /* This is what we tell the afs client. in reality we set the token
764 * to never expire, though, when this runs out the afs client will
765 * forget the token. Set to 0 to get NEVERDATE.*/
766 Globals.afs_token_lifetime = 604800;
767 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
769 /* these parameters are set to defaults that are more appropriate
770 for the increasing samba install base:
772 as a member of the workgroup, that will possibly become a
773 _local_ master browser (lm = true). this is opposed to a forced
774 local master browser startup (pm = true).
776 doesn't provide WINS server service by default (wsupp = false),
777 and doesn't provide domain master browser services by default, either.
781 Globals.show_add_printer_wizard = true;
782 Globals.os_level = 20;
783 Globals.local_master = true;
784 Globals._domain_master = Auto; /* depending on _domain_logons */
785 Globals._domain_logons = false;
786 Globals.browse_list = true;
787 Globals.we_are_a_wins_server = false;
788 Globals.wins_proxy = false;
790 TALLOC_FREE(Globals.init_logon_delayed_hosts);
791 Globals.init_logon_delay = 100; /* 100 ms default delay */
793 Globals.wins_dns_proxy = true;
794 Globals.dns_port = DNS_SERVICE_PORT;
796 Globals.allow_trusted_domains = true;
797 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
799 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
800 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
802 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
803 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
804 dyn_WINBINDD_SOCKET_DIR);
806 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
807 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
809 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
811 Globals.cluster_addresses = NULL;
812 Globals.clustering = false;
813 Globals.ctdb_timeout = 0;
814 Globals.ctdb_locktime_warn_threshold = 0;
816 Globals.winbind_cache_time = 300; /* 5 minutes */
817 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
818 Globals.winbind_request_timeout = 60; /* 60 seconds */
819 Globals.winbind_max_clients = 200;
820 Globals.winbind_enum_users = false;
821 Globals.winbind_enum_groups = false;
822 Globals.winbind_use_default_domain = false;
823 Globals.winbind_nested_groups = true;
824 Globals.winbind_expand_groups = 0;
825 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
826 Globals.winbind_refresh_tickets = false;
827 Globals.winbind_offline_logon = false;
828 Globals.winbind_scan_trusted_domains = false;
830 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
831 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
833 Globals.passdb_expand_explicit = false;
835 Globals.name_cache_timeout = 660; /* In seconds */
837 Globals.client_use_spnego = true;
839 Globals.client_signing = SMB_SIGNING_DEFAULT;
840 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
841 Globals.server_signing = SMB_SIGNING_DEFAULT;
843 Globals.defer_sharing_violations = true;
844 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
846 Globals.enable_privileges = true;
847 Globals.host_msdfs = true;
848 Globals.enable_asu_support = false;
850 /* User defined shares. */
851 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
853 smb_panic("init_globals: ENOMEM");
855 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
857 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
858 Globals.usershare_max_shares = 0;
859 /* By default disallow sharing of directories not owned by the sharer. */
860 Globals.usershare_owner_only = true;
861 /* By default disallow guest access to usershares. */
862 Globals.usershare_allow_guests = false;
864 Globals.keepalive = DEFAULT_KEEPALIVE;
866 /* By default no shares out of the registry */
867 Globals.registry_shares = false;
869 Globals.min_receivefile_size = 0;
871 Globals.multicast_dns_register = true;
873 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
874 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
875 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
876 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
877 Globals.smb2_leases = true;
878 Globals.server_multi_channel_support = true;
880 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
881 get_dyn_NCALRPCDIR());
883 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
885 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
887 Globals.tls_enabled = true;
888 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
890 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
891 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
892 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
893 lpcfg_string_set(Globals.ctx,
894 &Globals.tls_priority,
895 "NORMAL:-VERS-SSL3.0");
897 Globals._preferred_master = Auto;
899 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
900 Globals.dns_zone_scavenging = false;
902 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
903 get_dyn_NTP_SIGND_SOCKET_DIR());
905 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
907 smb_panic("init_globals: ENOMEM");
909 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
913 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
916 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
918 smb_panic("init_globals: ENOMEM");
920 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
923 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
925 smb_panic("init_globals: ENOMEM");
927 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
930 Globals.apply_group_policies = false;
932 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
934 smb_panic("init_globals: ENOMEM");
936 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
939 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
941 Globals.cldap_port = 389;
943 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
945 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
947 Globals.krb5_port = 88;
949 Globals.kpasswd_port = 464;
951 Globals.kdc_enable_fast = true;
953 Globals.aio_max_threads = 100;
955 lpcfg_string_set(Globals.ctx,
956 &Globals.rpc_server_dynamic_port_range,
958 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
959 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
960 Globals.prefork_children = 4;
961 Globals.prefork_backoff_increment = 10;
962 Globals.prefork_maximum_backoff = 120;
964 Globals.ldap_max_anonymous_request_size = 256000;
965 Globals.ldap_max_authenticated_request_size = 16777216;
966 Globals.ldap_max_search_request_size = 256000;
968 /* Async DNS query timeout (in seconds). */
969 Globals.async_dns_timeout = 10;
971 Globals.client_smb_encrypt = SMB_ENCRYPTION_DEFAULT;
973 Globals._client_use_kerberos = CRED_USE_KERBEROS_DESIRED;
975 Globals.client_protection = CRED_CLIENT_PROTECTION_DEFAULT;
977 Globals.winbind_use_krb5_enterprise_principals = true;
979 Globals.client_smb3_signing_algorithms =
980 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
981 Globals.server_smb3_signing_algorithms =
982 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
984 Globals.client_smb3_encryption_algorithms =
985 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
986 Globals.server_smb3_encryption_algorithms =
987 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
989 Globals.min_domain_uid = 1000;
992 * By default allow smbd and winbindd to start samba-dcerpcd as
993 * a named-pipe helper.
995 Globals.rpc_start_on_demand_helpers = true;
997 /* Now put back the settings that were set with lp_set_cmdline() */
998 apply_lp_set_cmdline();
1001 /* Convenience routine to setup an lp_context with additional s3 variables */
1002 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
1004 struct loadparm_context *lp_ctx;
1006 lp_ctx = loadparm_init_s3(mem_ctx,
1007 loadparm_s3_helpers());
1008 if (lp_ctx == NULL) {
1009 DEBUG(0, ("loadparm_init_s3 failed\n"));
1013 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
1014 if (lp_ctx->sDefault == NULL) {
1015 DBG_ERR("talloc_zero failed\n");
1016 TALLOC_FREE(lp_ctx);
1020 *lp_ctx->sDefault = _sDefault;
1021 lp_ctx->services = NULL; /* We do not want to access this directly */
1022 lp_ctx->bInGlobalSection = bInGlobalSection;
1023 lp_ctx->flags = flags_list;
1028 /*******************************************************************
1029 Convenience routine to grab string parameters into talloced memory
1030 and run standard_sub_basic on them. The buffers can be written to by
1031 callers without affecting the source string.
1032 ********************************************************************/
1034 static char *loadparm_s3_global_substitution_fn(
1035 TALLOC_CTX *mem_ctx,
1036 const struct loadparm_substitution *lp_sub,
1042 /* The follow debug is useful for tracking down memory problems
1043 especially if you have an inner loop that is calling a lp_*()
1044 function that returns a string. Perhaps this debug should be
1045 present all the time? */
1048 DEBUG(10, ("lp_string(%s)\n", s));
1054 ret = talloc_sub_basic(mem_ctx,
1055 get_current_username(),
1056 get_current_user_info_domain(),
1058 if (trim_char(ret, '\"', '\"')) {
1059 if (strchr(ret,'\"') != NULL) {
1061 ret = talloc_sub_basic(mem_ctx,
1062 get_current_username(),
1063 get_current_user_info_domain(),
1070 static const struct loadparm_substitution s3_global_substitution = {
1071 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1074 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1076 return &s3_global_substitution;
1080 In this section all the functions that are used to access the
1081 parameters from the rest of the program are defined
1084 #define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
1085 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
1086 {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
1087 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1088 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1089 #define FN_GLOBAL_LIST(fn_name,ptr) \
1090 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1091 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1092 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1093 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1094 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1095 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1096 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1098 #define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
1099 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
1100 {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1101 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1102 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1103 #define FN_LOCAL_LIST(fn_name,val) \
1104 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1105 #define FN_LOCAL_BOOL(fn_name,val) \
1106 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1107 #define FN_LOCAL_INTEGER(fn_name,val) \
1108 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1110 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1111 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1112 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1113 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1114 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1115 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1117 int lp_winbind_max_domain_connections(void)
1119 if (lp_winbind_offline_logon() &&
1120 lp__winbind_max_domain_connections() > 1) {
1121 DEBUG(1, ("offline logons active, restricting max domain "
1122 "connections to 1\n"));
1125 return MAX(1, lp__winbind_max_domain_connections());
1128 /* These functions remain in source3/param for now */
1130 #include "lib/param/param_functions.c"
1132 FN_LOCAL_SUBSTITUTED_STRING(servicename, szService)
1133 FN_LOCAL_CONST_STRING(const_servicename, szService)
1135 /* These functions cannot be auto-generated */
1136 FN_LOCAL_BOOL(autoloaded, autoloaded)
1137 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1139 /* local prototypes */
1141 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1142 static const char *get_boolean(bool bool_value);
1143 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1145 static bool hash_a_service(const char *name, int number);
1146 static void free_service_byindex(int iService);
1147 static void show_parameter(int parmIndex);
1148 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1149 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1152 * This is a helper function for parametrical options support. It returns a
1153 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1154 * parametrical functions are quite simple
1156 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1159 if (snum >= iNumServices) return NULL;
1162 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1164 return get_parametric_helper(ServicePtrs[snum],
1165 type, option, Globals.param_opt);
1169 static void discard_whitespace(char *str)
1171 size_t len = strlen(str);
1175 if (isspace(str[i])) {
1176 memmove(&str[i], &str[i+1], len-i);
1185 * @brief Go through all global parametric parameters
1187 * @param regex_str A regular expression to scan param for
1188 * @param max_matches Max number of submatches the regexp expects
1189 * @param cb Function to call on match. Should return true
1190 * when it wants wi_scan_global_parametrics to stop
1192 * @param private_data Anonymous pointer passed to cb
1194 * @return 0: success, regcomp/regexec return value on error.
1195 * See "man regexec" for possible errors
1198 int lp_wi_scan_global_parametrics(
1199 const char *regex_str, size_t max_matches,
1200 bool (*cb)(const char *string, regmatch_t matches[],
1201 void *private_data),
1204 struct parmlist_entry *data;
1208 ret = regcomp(®ex, regex_str, REG_ICASE);
1213 for (data = Globals.param_opt; data != NULL; data = data->next) {
1214 size_t keylen = strlen(data->key);
1216 regmatch_t matches[max_matches];
1219 memcpy(key, data->key, sizeof(key));
1220 discard_whitespace(key);
1222 ret = regexec(®ex, key, max_matches, matches, 0);
1223 if (ret == REG_NOMATCH) {
1230 stop = cb(key, matches, private_data);
1243 #define MISSING_PARAMETER(name) \
1244 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1246 /*******************************************************************
1247 convenience routine to return enum parameters.
1248 ********************************************************************/
1249 static int lp_enum(const char *s,const struct enum_list *_enum)
1253 if (!s || !*s || !_enum) {
1254 MISSING_PARAMETER(lp_enum);
1258 for (i=0; _enum[i].name; i++) {
1259 if (strequal(_enum[i].name,s))
1260 return _enum[i].value;
1263 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1267 #undef MISSING_PARAMETER
1269 /* Return parametric option from a given service. Type is a part of option before ':' */
1270 /* Parametric option has following syntax: 'Type: option = value' */
1271 char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
1272 const struct loadparm_substitution *lp_sub,
1278 struct parmlist_entry *data = get_parametrics(snum, type, option);
1280 SMB_ASSERT(lp_sub != NULL);
1282 if (data == NULL||data->value==NULL) {
1284 return lpcfg_substituted_string(mem_ctx, lp_sub, def);
1290 return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
1293 /* Return parametric option from a given service. Type is a part of option before ':' */
1294 /* Parametric option has following syntax: 'Type: option = value' */
1295 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1297 struct parmlist_entry *data = get_parametrics(snum, type, option);
1299 if (data == NULL||data->value==NULL)
1306 /* Return parametric option from a given service. Type is a part of option before ':' */
1307 /* Parametric option has following syntax: 'Type: option = value' */
1309 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1311 struct parmlist_entry *data = get_parametrics(snum, type, option);
1313 if (data == NULL||data->value==NULL)
1314 return (const char **)def;
1316 if (data->list==NULL) {
1317 data->list = str_list_make_v3(NULL, data->value, NULL);
1320 return discard_const_p(const char *, data->list);
1323 /* Return parametric option from a given service. Type is a part of option before ':' */
1324 /* Parametric option has following syntax: 'Type: option = value' */
1326 int lp_parm_int(int snum, const char *type, const char *option, int def)
1328 struct parmlist_entry *data = get_parametrics(snum, type, option);
1330 if (data && data->value && *data->value)
1331 return lp_int(data->value);
1336 /* Return parametric option from a given service. Type is a part of option before ':' */
1337 /* Parametric option has following syntax: 'Type: option = value' */
1339 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1341 struct parmlist_entry *data = get_parametrics(snum, type, option);
1343 if (data && data->value && *data->value)
1344 return lp_ulong(data->value);
1349 /* Return parametric option from a given service. Type is a part of option before ':' */
1350 /* Parametric option has following syntax: 'Type: option = value' */
1352 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1353 const char *option, unsigned long long def)
1355 struct parmlist_entry *data = get_parametrics(snum, type, option);
1357 if (data && data->value && *data->value) {
1358 return lp_ulonglong(data->value);
1364 /* Return parametric option from a given service. Type is a part of option
1366 /* Parametric option has following syntax: 'Type: option = value' */
1368 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1370 struct parmlist_entry *data = get_parametrics(snum, type, option);
1372 if (data && data->value && *data->value)
1373 return lp_bool(data->value);
1378 /* Return parametric option from a given service. Type is a part of option before ':' */
1379 /* Parametric option has following syntax: 'Type: option = value' */
1381 int lp_parm_enum(int snum, const char *type, const char *option,
1382 const struct enum_list *_enum, int def)
1384 struct parmlist_entry *data = get_parametrics(snum, type, option);
1386 if (data && data->value && *data->value && _enum)
1387 return lp_enum(data->value, _enum);
1393 * free a param_opts structure.
1394 * param_opts handling should be moved to talloc;
1395 * then this whole functions reduces to a TALLOC_FREE().
1398 static void free_param_opts(struct parmlist_entry **popts)
1400 struct parmlist_entry *opt, *next_opt;
1402 if (*popts != NULL) {
1403 DEBUG(5, ("Freeing parametrics:\n"));
1406 while (opt != NULL) {
1407 lpcfg_string_free(&opt->key);
1408 lpcfg_string_free(&opt->value);
1409 TALLOC_FREE(opt->list);
1410 next_opt = opt->next;
1417 /***************************************************************************
1418 Free the dynamically allocated parts of a service struct.
1419 ***************************************************************************/
1421 static void free_service(struct loadparm_service *pservice)
1426 if (pservice->szService)
1427 DEBUG(5, ("free_service: Freeing service %s\n",
1428 pservice->szService));
1430 free_parameters(pservice);
1432 lpcfg_string_free(&pservice->szService);
1433 TALLOC_FREE(pservice->copymap);
1435 free_param_opts(&pservice->param_opt);
1437 ZERO_STRUCTP(pservice);
1441 /***************************************************************************
1442 remove a service indexed in the ServicePtrs array from the ServiceHash
1443 and free the dynamically allocated parts
1444 ***************************************************************************/
1446 static void free_service_byindex(int idx)
1448 if ( !LP_SNUM_OK(idx) )
1451 ServicePtrs[idx]->valid = false;
1453 /* we have to cleanup the hash record */
1455 if (ServicePtrs[idx]->szService) {
1456 char *canon_name = canonicalize_servicename(
1458 ServicePtrs[idx]->szService );
1460 dbwrap_delete_bystring(ServiceHash, canon_name );
1461 TALLOC_FREE(canon_name);
1464 free_service(ServicePtrs[idx]);
1465 TALLOC_FREE(ServicePtrs[idx]);
1468 /***************************************************************************
1469 Add a new service to the services array initialising it with the given
1471 ***************************************************************************/
1473 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1476 struct loadparm_service **tsp = NULL;
1478 /* it might already exist */
1480 i = getservicebyname(name, NULL);
1486 /* Re use empty slots if any before allocating new one.*/
1487 for (i=0; i < iNumServices; i++) {
1488 if (ServicePtrs[i] == NULL) {
1492 if (i == iNumServices) {
1493 /* if not, then create one */
1494 tsp = talloc_realloc(NULL, ServicePtrs,
1495 struct loadparm_service *,
1498 DEBUG(0, ("add_a_service: failed to enlarge "
1505 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1506 if (!ServicePtrs[i]) {
1507 DEBUG(0,("add_a_service: out of memory!\n"));
1511 ServicePtrs[i]->valid = true;
1513 copy_service(ServicePtrs[i], pservice, NULL);
1515 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1518 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1519 i, ServicePtrs[i]->szService));
1521 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1528 /***************************************************************************
1529 Convert a string to uppercase and remove whitespaces.
1530 ***************************************************************************/
1532 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1537 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1541 result = talloc_strdup(ctx, src);
1542 SMB_ASSERT(result != NULL);
1544 if (!strlower_m(result)) {
1545 TALLOC_FREE(result);
1551 /***************************************************************************
1552 Add a name/index pair for the services array to the hash table.
1553 ***************************************************************************/
1555 static bool hash_a_service(const char *name, int idx)
1559 if ( !ServiceHash ) {
1560 DEBUG(10,("hash_a_service: creating servicehash\n"));
1561 ServiceHash = db_open_rbt(NULL);
1562 if ( !ServiceHash ) {
1563 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1568 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1571 canon_name = canonicalize_servicename(talloc_tos(), name );
1573 dbwrap_store_bystring(ServiceHash, canon_name,
1574 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1577 TALLOC_FREE(canon_name);
1582 /***************************************************************************
1583 Add a new home service, with the specified home directory, defaults coming
1585 ***************************************************************************/
1587 bool lp_add_home(const char *pszHomename, int iDefaultService,
1588 const char *user, const char *pszHomedir)
1590 const struct loadparm_substitution *lp_sub =
1591 loadparm_s3_global_substitution();
1595 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1596 pszHomedir[0] == '\0') {
1600 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1605 global_path = lp_path(talloc_tos(), lp_sub, GLOBAL_SECTION_SNUM);
1606 if (!(*(ServicePtrs[iDefaultService]->path))
1607 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1608 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1611 TALLOC_FREE(global_path);
1613 if (!(*(ServicePtrs[i]->comment))) {
1614 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1615 if (comment == NULL) {
1618 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1620 TALLOC_FREE(comment);
1623 /* set the browseable flag from the global default */
1625 ServicePtrs[i]->browseable = sDefault.browseable;
1626 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1628 ServicePtrs[i]->autoloaded = true;
1630 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1631 user, ServicePtrs[i]->path ));
1636 /***************************************************************************
1637 Add a new service, based on an old one.
1638 ***************************************************************************/
1640 int lp_add_service(const char *pszService, int iDefaultService)
1642 if (iDefaultService < 0) {
1643 return add_a_service(&sDefault, pszService);
1646 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1649 /***************************************************************************
1650 Add the IPC service.
1651 ***************************************************************************/
1653 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1655 char *comment = NULL;
1656 int i = add_a_service(&sDefault, ipc_name);
1661 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1662 Globals.server_string);
1663 if (comment == NULL) {
1667 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1668 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1669 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1670 ServicePtrs[i]->max_connections = 0;
1671 ServicePtrs[i]->available = true;
1672 ServicePtrs[i]->read_only = true;
1673 ServicePtrs[i]->guest_only = false;
1674 ServicePtrs[i]->administrative_share = true;
1675 ServicePtrs[i]->guest_ok = guest_ok;
1676 ServicePtrs[i]->printable = false;
1677 ServicePtrs[i]->browseable = sDefault.browseable;
1678 ServicePtrs[i]->autoloaded = false;
1680 DEBUG(3, ("adding IPC service\n"));
1682 TALLOC_FREE(comment);
1686 /***************************************************************************
1687 Add a new printer service, with defaults coming from service iFrom.
1688 ***************************************************************************/
1690 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1692 const char *comment = "From Printcap";
1693 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1698 /* note that we do NOT default the availability flag to true - */
1699 /* we take it from the default service passed. This allows all */
1700 /* dynamic printers to be disabled by disabling the [printers] */
1701 /* entry (if/when the 'available' keyword is implemented!). */
1703 /* the printer name is set to the service name. */
1704 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1706 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1708 /* set the browseable flag from the gloabl default */
1709 ServicePtrs[i]->browseable = sDefault.browseable;
1711 /* Printers cannot be read_only. */
1712 ServicePtrs[i]->read_only = false;
1713 /* No oplocks on printer services. */
1714 ServicePtrs[i]->oplocks = false;
1715 /* Printer services must be printable. */
1716 ServicePtrs[i]->printable = true;
1718 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1724 /***************************************************************************
1725 Check whether the given parameter name is valid.
1726 Parametric options (names containing a colon) are considered valid.
1727 ***************************************************************************/
1729 bool lp_parameter_is_valid(const char *pszParmName)
1731 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1732 (strchr(pszParmName, ':') != NULL));
1735 /***************************************************************************
1736 Check whether the given name is the name of a global parameter.
1737 Returns true for strings belonging to parameters of class
1738 P_GLOBAL, false for all other strings, also for parametric options
1739 and strings not belonging to any option.
1740 ***************************************************************************/
1742 bool lp_parameter_is_global(const char *pszParmName)
1744 int num = lpcfg_map_parameter(pszParmName);
1747 return (parm_table[num].p_class == P_GLOBAL);
1753 /**************************************************************************
1754 Determine the canonical name for a parameter.
1755 Indicate when it is an inverse (boolean) synonym instead of a
1757 **************************************************************************/
1759 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1764 if (!lp_parameter_is_valid(parm_name)) {
1769 num = map_parameter_canonical(parm_name, inverse);
1771 /* parametric option */
1772 *canon_parm = parm_name;
1774 *canon_parm = parm_table[num].label;
1781 /**************************************************************************
1782 Determine the canonical name for a parameter.
1783 Turn the value given into the inverse boolean expression when
1784 the synonym is an invers boolean synonym.
1787 - parm_name is a valid parameter name and
1788 - val is a valid value for this parameter and
1789 - in case the parameter is an inverse boolean synonym, if the val
1790 string could successfully be converted to the reverse bool.
1791 Return false in all other cases.
1792 **************************************************************************/
1794 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1796 const char **canon_parm,
1797 const char **canon_val)
1803 if (!lp_parameter_is_valid(parm_name)) {
1809 num = map_parameter_canonical(parm_name, &inverse);
1811 /* parametric option */
1812 *canon_parm = parm_name;
1817 *canon_parm = parm_table[num].label;
1819 if (!lp_invert_boolean(val, canon_val)) {
1827 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1832 /***************************************************************************
1833 Map a parameter's string representation to the index of the canonical
1834 form of the parameter (it might be a synonym).
1835 Returns -1 if the parameter string is not recognised.
1836 ***************************************************************************/
1838 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1840 int parm_num, canon_num;
1841 bool loc_inverse = false;
1843 parm_num = lpcfg_map_parameter(pszParmName);
1844 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1845 /* invalid, parametric or no canidate for synonyms ... */
1849 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1850 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1851 parm_num = canon_num;
1857 if (inverse != NULL) {
1858 *inverse = loc_inverse;
1863 /***************************************************************************
1864 return true if parameter number parm1 is a synonym of parameter
1865 number parm2 (parm2 being the principal name).
1866 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1868 ***************************************************************************/
1870 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1872 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1873 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1874 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1875 !(parm_table[parm2].flags & FLAG_SYNONYM))
1877 if (inverse != NULL) {
1878 if ((parm_table[parm1].type == P_BOOLREV) &&
1879 (parm_table[parm2].type == P_BOOL))
1891 /***************************************************************************
1892 Show one parameter's name, type, [values,] and flags.
1893 (helper functions for show_parameter_list)
1894 ***************************************************************************/
1896 static void show_parameter(int parmIndex)
1898 size_t enumIndex, flagIndex;
1903 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1904 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1905 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1906 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1907 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1909 printf("%s=%s", parm_table[parmIndex].label,
1910 type[parm_table[parmIndex].type]);
1911 if (parm_table[parmIndex].type == P_ENUM) {
1914 parm_table[parmIndex].enum_list[enumIndex].name;
1918 enumIndex ? "|" : "",
1919 parm_table[parmIndex].enum_list[enumIndex].name);
1924 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1925 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1928 flag_names[flagIndex]);
1933 /* output synonyms */
1935 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1936 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1937 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1938 parm_table[parmIndex2].label);
1939 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1941 printf(" (synonyms: ");
1946 printf("%s%s", parm_table[parmIndex2].label,
1947 inverse ? "[i]" : "");
1958 * Check the value for a P_ENUM
1960 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1964 for (i = 0; parm->enum_list[i].name; i++) {
1965 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1972 /**************************************************************************
1973 Check whether the given value is valid for the given parameter name.
1974 **************************************************************************/
1976 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1978 bool ret = false, tmp_bool;
1979 int num = lpcfg_map_parameter(parm_name), tmp_int;
1980 uint64_t tmp_int64 = 0;
1981 struct parm_struct *parm;
1983 /* parametric options (parameter names containing a colon) cannot
1984 be checked and are therefore considered valid. */
1985 if (strchr(parm_name, ':') != NULL) {
1990 parm = &parm_table[num];
1991 switch (parm->type) {
1994 ret = set_boolean(val, &tmp_bool);
1998 ret = (sscanf(val, "%d", &tmp_int) == 1);
2002 ret = (sscanf(val, "%o", &tmp_int) == 1);
2006 ret = check_enum_parameter(parm, val);
2010 if (conv_str_size_error(val, &tmp_int64) &&
2011 tmp_int64 <= INT_MAX) {
2028 /***************************************************************************
2029 Show all parameter's name, type, [values,] and flags.
2030 ***************************************************************************/
2032 void show_parameter_list(void)
2034 int classIndex, parmIndex;
2035 const char *section_names[] = { "local", "global", NULL};
2037 for (classIndex=0; section_names[classIndex]; classIndex++) {
2038 printf("[%s]\n", section_names[classIndex]);
2039 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
2040 if (parm_table[parmIndex].p_class == classIndex) {
2041 show_parameter(parmIndex);
2047 /***************************************************************************
2048 Get the standard string representation of a boolean value ("yes" or "no")
2049 ***************************************************************************/
2051 static const char *get_boolean(bool bool_value)
2053 static const char *yes_str = "yes";
2054 static const char *no_str = "no";
2056 return (bool_value ? yes_str : no_str);
2059 /***************************************************************************
2060 Provide the string of the negated boolean value associated to the boolean
2061 given as a string. Returns false if the passed string does not correctly
2062 represent a boolean.
2063 ***************************************************************************/
2065 bool lp_invert_boolean(const char *str, const char **inverse_str)
2069 if (!set_boolean(str, &val)) {
2073 *inverse_str = get_boolean(!val);
2077 /***************************************************************************
2078 Provide the canonical string representation of a boolean value given
2079 as a string. Return true on success, false if the string given does
2080 not correctly represent a boolean.
2081 ***************************************************************************/
2083 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2087 if (!set_boolean(str, &val)) {
2091 *canon_str = get_boolean(val);
2095 /***************************************************************************
2096 Find a service by name. Otherwise works like get_service.
2097 ***************************************************************************/
2099 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2106 if (ServiceHash == NULL) {
2110 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2112 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2115 if (NT_STATUS_IS_OK(status) &&
2116 (data.dptr != NULL) &&
2117 (data.dsize == sizeof(iService)))
2119 memcpy(&iService, data.dptr, sizeof(iService));
2122 TALLOC_FREE(canon_name);
2124 if ((iService != -1) && (LP_SNUM_OK(iService))
2125 && (pserviceDest != NULL)) {
2126 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2132 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2133 struct loadparm_service *lp_service(const char *pszServiceName)
2135 int iService = getservicebyname(pszServiceName, NULL);
2136 if (iService == -1 || !LP_SNUM_OK(iService)) {
2139 return ServicePtrs[iService];
2142 struct loadparm_service *lp_servicebynum(int snum)
2144 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2147 return ServicePtrs[snum];
2150 struct loadparm_service *lp_default_loadparm_service(void)
2155 static struct smbconf_ctx *lp_smbconf_ctx(void)
2158 static struct smbconf_ctx *conf_ctx = NULL;
2160 if (conf_ctx == NULL) {
2161 err = smbconf_init(NULL, &conf_ctx, "registry:");
2162 if (!SBC_ERROR_IS_OK(err)) {
2163 DEBUG(1, ("error initializing registry configuration: "
2164 "%s\n", sbcErrorString(err)));
2172 static bool process_smbconf_service(struct smbconf_service *service)
2177 if (service == NULL) {
2181 ret = lp_do_section(service->name, NULL);
2185 for (count = 0; count < service->num_params; count++) {
2187 if (!bInGlobalSection && bGlobalOnly) {
2190 const char *pszParmName = service->param_names[count];
2191 const char *pszParmValue = service->param_values[count];
2193 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2195 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2196 pszParmName, pszParmValue);
2203 if (iServiceIndex >= 0) {
2204 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2210 * load a service from registry and activate it
2212 bool process_registry_service(const char *service_name)
2215 struct smbconf_service *service = NULL;
2216 TALLOC_CTX *mem_ctx = talloc_stackframe();
2217 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2220 if (conf_ctx == NULL) {
2224 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2226 if (!smbconf_share_exists(conf_ctx, service_name)) {
2228 * Registry does not contain data for this service (yet),
2229 * but make sure lp_load doesn't return false.
2235 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2236 if (!SBC_ERROR_IS_OK(err)) {
2240 ret = process_smbconf_service(service);
2246 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2249 TALLOC_FREE(mem_ctx);
2254 * process_registry_globals
2256 static bool process_registry_globals(void)
2260 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2262 if (!bInGlobalSection && bGlobalOnly) {
2265 const char *pszParmName = "registry shares";
2266 const char *pszParmValue = "yes";
2268 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2270 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2271 pszParmName, pszParmValue);
2278 return process_registry_service(GLOBAL_NAME);
2281 bool process_registry_shares(void)
2285 struct smbconf_service **service = NULL;
2286 uint32_t num_shares = 0;
2287 TALLOC_CTX *mem_ctx = talloc_stackframe();
2288 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2291 if (conf_ctx == NULL) {
2295 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2296 if (!SBC_ERROR_IS_OK(err)) {
2302 for (count = 0; count < num_shares; count++) {
2303 if (strequal(service[count]->name, GLOBAL_NAME)) {
2306 ret = process_smbconf_service(service[count]);
2313 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2316 TALLOC_FREE(mem_ctx);
2321 * reload those shares from registry that are already
2322 * activated in the services array.
2324 static bool reload_registry_shares(void)
2329 for (i = 0; i < iNumServices; i++) {
2334 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2338 ret = process_registry_service(ServicePtrs[i]->szService);
2349 #define MAX_INCLUDE_DEPTH 100
2351 static uint8_t include_depth;
2354 * Free the file lists
2356 static void free_file_list(void)
2358 struct file_lists *f;
2359 struct file_lists *next;
2372 * Utility function for outsiders to check if we're running on registry.
2374 bool lp_config_backend_is_registry(void)
2376 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2380 * Utility function to check if the config backend is FILE.
2382 bool lp_config_backend_is_file(void)
2384 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2387 /*******************************************************************
2388 Check if a config file has changed date.
2389 ********************************************************************/
2391 bool lp_file_list_changed(void)
2393 struct file_lists *f = file_lists;
2395 DEBUG(6, ("lp_file_list_changed()\n"));
2398 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2399 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2401 if (conf_ctx == NULL) {
2404 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2407 DEBUGADD(6, ("registry config changed\n"));
2414 n2 = talloc_sub_basic(talloc_tos(),
2415 get_current_username(),
2416 get_current_user_info_domain(),
2421 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2422 f->name, n2, ctime(&f->modtime)));
2424 mod_time = file_modtime(n2);
2427 ((f->modtime != mod_time) ||
2428 (f->subfname == NULL) ||
2429 (strcmp(n2, f->subfname) != 0)))
2432 ("file %s modified: %s\n", n2,
2434 f->modtime = mod_time;
2435 TALLOC_FREE(f->subfname);
2436 f->subfname = talloc_strdup(f, n2);
2437 if (f->subfname == NULL) {
2438 smb_panic("talloc_strdup failed");
2452 * Initialize iconv conversion descriptors.
2454 * This is called the first time it is needed, and also called again
2455 * every time the configuration is reloaded, because the charset or
2456 * codepage might have changed.
2458 static void init_iconv(void)
2460 struct smb_iconv_handle *ret = NULL;
2462 ret = reinit_iconv_handle(NULL,
2466 smb_panic("reinit_iconv_handle failed");
2470 /***************************************************************************
2471 Handle the include operation.
2472 ***************************************************************************/
2473 static bool bAllowIncludeRegistry = true;
2475 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2476 const char *pszParmValue, char **ptr)
2480 if (include_depth >= MAX_INCLUDE_DEPTH) {
2481 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2486 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2487 if (!bAllowIncludeRegistry) {
2490 if (lp_ctx->bInGlobalSection) {
2493 ret = process_registry_globals();
2497 DEBUG(1, ("\"include = registry\" only effective "
2498 "in %s section\n", GLOBAL_NAME));
2503 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2504 get_current_user_info_domain(),
2507 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2509 if (service == NULL) {
2510 lpcfg_string_set(Globals.ctx, ptr, fname);
2512 lpcfg_string_set(service, ptr, fname);
2515 if (file_exist(fname)) {
2518 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2524 DEBUG(2, ("Can't find include file %s\n", fname));
2529 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2531 char *config_option = NULL;
2532 const char *range = NULL;
2535 SMB_ASSERT(low != NULL);
2536 SMB_ASSERT(high != NULL);
2538 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2542 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2544 if (config_option == NULL) {
2545 DEBUG(0, ("out of memory\n"));
2549 range = lp_parm_const_string(-1, config_option, "range", NULL);
2550 if (range == NULL) {
2551 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2555 if (sscanf(range, "%u - %u", low, high) != 2) {
2556 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2557 range, domain_name));
2564 talloc_free(config_option);
2569 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2571 return lp_idmap_range("*", low, high);
2574 const char *lp_idmap_backend(const char *domain_name)
2576 char *config_option = NULL;
2577 const char *backend = NULL;
2579 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2583 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2585 if (config_option == NULL) {
2586 DEBUG(0, ("out of memory\n"));
2590 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2591 if (backend == NULL) {
2592 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2597 talloc_free(config_option);
2601 const char *lp_idmap_default_backend(void)
2603 return lp_idmap_backend("*");
2606 /***************************************************************************
2607 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2608 ***************************************************************************/
2610 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2612 const char *suffix_string;
2614 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2615 Globals.ldap_suffix );
2616 if ( !suffix_string ) {
2617 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2621 return suffix_string;
2624 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2626 if (Globals._ldap_machine_suffix[0])
2627 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2629 return talloc_strdup(ctx, Globals.ldap_suffix);
2632 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2634 if (Globals._ldap_user_suffix[0])
2635 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2637 return talloc_strdup(ctx, Globals.ldap_suffix);
2640 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2642 if (Globals._ldap_group_suffix[0])
2643 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2645 return talloc_strdup(ctx, Globals.ldap_suffix);
2648 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2650 if (Globals._ldap_idmap_suffix[0])
2651 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2653 return talloc_strdup(ctx, Globals.ldap_suffix);
2657 return the parameter pointer for a parameter
2659 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2661 if (service == NULL) {
2662 if (parm->p_class == P_LOCAL)
2663 return (void *)(((char *)&sDefault)+parm->offset);
2664 else if (parm->p_class == P_GLOBAL)
2665 return (void *)(((char *)&Globals)+parm->offset);
2668 return (void *)(((char *)service) + parm->offset);
2672 /***************************************************************************
2673 Process a parameter for a particular service number. If snum < 0
2674 then assume we are in the globals.
2675 ***************************************************************************/
2677 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2679 TALLOC_CTX *frame = talloc_stackframe();
2680 struct loadparm_context *lp_ctx;
2683 lp_ctx = setup_lp_context(frame);
2684 if (lp_ctx == NULL) {
2690 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2692 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2693 pszParmName, pszParmValue);
2701 /***************************************************************************
2702 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2703 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2704 ***************************************************************************/
2706 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2709 parmnum = lpcfg_map_parameter(pszParmName);
2711 flags_list[parmnum] &= ~FLAG_CMDLINE;
2712 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2715 flags_list[parmnum] |= FLAG_CMDLINE;
2717 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2718 * be grouped in the table, so we don't have to search the
2721 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2722 && parm_table[i].p_class == parm_table[parmnum].p_class;
2724 flags_list[i] |= FLAG_CMDLINE;
2726 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2727 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2728 flags_list[i] |= FLAG_CMDLINE;
2734 /* it might be parametric */
2735 if (strchr(pszParmName, ':') != NULL) {
2736 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2740 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2744 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2747 TALLOC_CTX *frame = talloc_stackframe();
2748 struct loadparm_context *lp_ctx;
2750 lp_ctx = setup_lp_context(frame);
2751 if (lp_ctx == NULL) {
2756 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2762 /***************************************************************************
2763 Process a parameter.
2764 ***************************************************************************/
2766 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2769 if (!bInGlobalSection && bGlobalOnly)
2772 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2774 if (bInGlobalSection) {
2775 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2777 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2778 pszParmName, pszParmValue);
2783 static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
2786 * check that @vfs_objects includes all vfs modules required by an AD DC.
2788 static bool check_ad_dc_required_mods(const char **vfs_objects)
2794 for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
2796 for (j = 0; vfs_objects[j] != NULL; j++) {
2797 if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
2803 DEBUG(0, ("vfs objects specified without required AD "
2804 "DC module: %s\n", ad_dc_req_vfs_mods[i]));
2809 DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
2814 /***************************************************************************
2815 Initialize any local variables in the sDefault table, after parsing a
2817 ***************************************************************************/
2819 static void init_locals(void)
2822 * We run this check once the [globals] is parsed, to force
2823 * the VFS objects and other per-share settings we need for
2824 * the standard way a AD DC is operated. We may change these
2825 * as our code evolves, which is why we force these settings.
2827 * We can't do this at the end of lp_load_ex(), as by that
2828 * point the services have been loaded and they will already
2829 * have "" as their vfs objects.
2831 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2832 const char **vfs_objects = lp_vfs_objects(-1);
2833 if (vfs_objects != NULL) {
2834 /* ignore return, only warn if modules are missing */
2835 check_ad_dc_required_mods(vfs_objects);
2837 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2838 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2839 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2840 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2842 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2846 lp_do_parameter(-1, "map hidden", "no");
2847 lp_do_parameter(-1, "map system", "no");
2848 lp_do_parameter(-1, "map readonly", "no");
2849 lp_do_parameter(-1, "map archive", "no");
2850 lp_do_parameter(-1, "store dos attributes", "yes");
2854 /***************************************************************************
2855 Process a new section (service). At this stage all sections are services.
2856 Later we'll have special sections that permit server parameters to be set.
2857 Returns true on success, false on failure.
2858 ***************************************************************************/
2860 bool lp_do_section(const char *pszSectionName, void *userdata)
2862 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2864 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2865 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2867 /* if we were in a global section then do the local inits */
2868 if (bInGlobalSection && !isglobal)
2871 /* if we've just struck a global section, note the fact. */
2872 bInGlobalSection = isglobal;
2873 if (lp_ctx != NULL) {
2874 lp_ctx->bInGlobalSection = isglobal;
2877 /* check for multiple global sections */
2878 if (bInGlobalSection) {
2879 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2883 if (!bInGlobalSection && bGlobalOnly)
2886 /* if we have a current service, tidy it up before moving on */
2889 if (iServiceIndex >= 0)
2890 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2892 /* if all is still well, move to the next record in the services array */
2894 /* We put this here to avoid an odd message order if messages are */
2895 /* issued by the post-processing of a previous section. */
2896 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2898 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2899 if (iServiceIndex < 0) {
2900 DEBUG(0, ("Failed to add a new service\n"));
2903 /* Clean all parametric options for service */
2904 /* They will be added during parsing again */
2905 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2911 /***************************************************************************
2912 Display the contents of a parameter of a single services record.
2913 ***************************************************************************/
2915 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2917 bool result = false;
2918 struct loadparm_context *lp_ctx;
2920 lp_ctx = setup_lp_context(talloc_tos());
2921 if (lp_ctx == NULL) {
2926 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2928 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2930 TALLOC_FREE(lp_ctx);
2935 /***************************************************************************
2936 Display the contents of a single copy structure.
2937 ***************************************************************************/
2938 static void dump_copy_map(bool *pcopymap)
2944 printf("\n\tNon-Copied parameters:\n");
2946 for (i = 0; parm_table[i].label; i++)
2947 if (parm_table[i].p_class == P_LOCAL &&
2948 parm_table[i].ptr && !pcopymap[i] &&
2949 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2951 printf("\t\t%s\n", parm_table[i].label);
2956 /***************************************************************************
2957 Return TRUE if the passed service number is within range.
2958 ***************************************************************************/
2960 bool lp_snum_ok(int iService)
2962 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2965 /***************************************************************************
2966 Auto-load some home services.
2967 ***************************************************************************/
2969 static void lp_add_auto_services(const char *str)
2979 s = talloc_strdup(talloc_tos(), str);
2981 smb_panic("talloc_strdup failed");
2985 homes = lp_servicenumber(HOMES_NAME);
2987 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2988 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2991 if (lp_servicenumber(p) >= 0)
2994 home = get_user_home_dir(talloc_tos(), p);
2996 if (home && home[0] && homes >= 0)
2997 lp_add_home(p, homes, p, home);
3004 /***************************************************************************
3005 Auto-load one printer.
3006 ***************************************************************************/
3008 void lp_add_one_printer(const char *name, const char *comment,
3009 const char *location, void *pdata)
3011 int printers = lp_servicenumber(PRINTERS_NAME);
3014 if (lp_servicenumber(name) < 0) {
3015 lp_add_printer(name, printers);
3016 if ((i = lp_servicenumber(name)) >= 0) {
3017 lpcfg_string_set(ServicePtrs[i],
3018 &ServicePtrs[i]->comment, comment);
3019 ServicePtrs[i]->autoloaded = true;
3024 /***************************************************************************
3025 Have we loaded a services file yet?
3026 ***************************************************************************/
3028 bool lp_loaded(void)
3033 /***************************************************************************
3034 Unload unused services.
3035 ***************************************************************************/
3037 void lp_killunused(struct smbd_server_connection *sconn,
3038 bool (*snumused) (struct smbd_server_connection *, int))
3041 for (i = 0; i < iNumServices; i++) {
3045 /* don't kill autoloaded or usershare services */
3046 if ( ServicePtrs[i]->autoloaded ||
3047 ServicePtrs[i]->usershare == USERSHARE_VALID) {
3051 if (!snumused || !snumused(sconn, i)) {
3052 free_service_byindex(i);
3058 * Kill all except autoloaded and usershare services - convenience wrapper
3060 void lp_kill_all_services(void)
3062 lp_killunused(NULL, NULL);
3065 /***************************************************************************
3067 ***************************************************************************/
3069 void lp_killservice(int iServiceIn)
3071 if (VALID(iServiceIn)) {
3072 free_service_byindex(iServiceIn);
3076 /***************************************************************************
3077 Save the curent values of all global and sDefault parameters into the
3078 defaults union. This allows testparm to show only the
3079 changed (ie. non-default) parameters.
3080 ***************************************************************************/
3082 static void lp_save_defaults(void)
3085 struct parmlist_entry * parm;
3086 for (i = 0; parm_table[i].label; i++) {
3087 if (!(flags_list[i] & FLAG_CMDLINE)) {
3088 flags_list[i] |= FLAG_DEFAULT;
3091 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3092 && parm_table[i].p_class == parm_table[i - 1].p_class)
3094 switch (parm_table[i].type) {
3097 parm_table[i].def.lvalue = str_list_copy(
3098 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3104 &parm_table[i].def.svalue,
3105 *(char **)lp_parm_ptr(
3106 NULL, &parm_table[i]));
3107 if (parm_table[i].def.svalue == NULL) {
3108 smb_panic("lpcfg_string_set() failed");
3113 parm_table[i].def.bvalue =
3114 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3117 parm_table[i].def.cvalue =
3118 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3124 parm_table[i].def.ivalue =
3125 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3130 for (parm=Globals.param_opt; parm; parm=parm->next) {
3131 if (!(parm->priority & FLAG_CMDLINE)) {
3132 parm->priority |= FLAG_DEFAULT;
3136 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3137 if (!(parm->priority & FLAG_CMDLINE)) {
3138 parm->priority |= FLAG_DEFAULT;
3142 defaults_saved = true;
3145 /***********************************************************
3146 If we should send plaintext/LANMAN passwords in the clinet
3147 ************************************************************/
3149 static void set_allowed_client_auth(void)
3151 if (Globals.client_ntlmv2_auth) {
3152 Globals.client_lanman_auth = false;
3154 if (!Globals.client_lanman_auth) {
3155 Globals.client_plaintext_auth = false;
3159 /***************************************************************************
3161 The following code allows smbd to read a user defined share file.
3162 Yes, this is my intent. Yes, I'm comfortable with that...
3164 THE FOLLOWING IS SECURITY CRITICAL CODE.
3166 It washes your clothes, it cleans your house, it guards you while you sleep...
3167 Do not f%^k with it....
3168 ***************************************************************************/
3170 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3172 /***************************************************************************
3173 Check allowed stat state of a usershare file.
3174 Ensure we print out who is dicking with us so the admin can
3175 get their sorry ass fired.
3176 ***************************************************************************/
3178 static bool check_usershare_stat(const char *fname,
3179 const SMB_STRUCT_STAT *psbuf)
3181 if (!S_ISREG(psbuf->st_ex_mode)) {
3182 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3183 "not a regular file\n",
3184 fname, (unsigned int)psbuf->st_ex_uid ));
3188 /* Ensure this doesn't have the other write bit set. */
3189 if (psbuf->st_ex_mode & S_IWOTH) {
3190 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3191 "public write. Refusing to allow as a usershare file.\n",
3192 fname, (unsigned int)psbuf->st_ex_uid ));
3196 /* Should be 10k or less. */
3197 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3198 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3199 "too large (%u) to be a user share file.\n",
3200 fname, (unsigned int)psbuf->st_ex_uid,
3201 (unsigned int)psbuf->st_ex_size ));
3208 /***************************************************************************
3209 Parse the contents of a usershare file.
3210 ***************************************************************************/
3212 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3213 SMB_STRUCT_STAT *psbuf,
3214 const char *servicename,
3218 char **pp_sharepath,
3220 char **pp_cp_servicename,
3221 struct security_descriptor **ppsd,
3224 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3225 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3228 SMB_STRUCT_STAT sbuf;
3229 char *sharepath = NULL;
3230 char *comment = NULL;
3232 *pp_sharepath = NULL;
3235 *pallow_guest = false;
3238 return USERSHARE_MALFORMED_FILE;
3241 if (strcmp(lines[0], "#VERSION 1") == 0) {
3243 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3246 return USERSHARE_MALFORMED_FILE;
3249 return USERSHARE_BAD_VERSION;
3252 if (strncmp(lines[1], "path=", 5) != 0) {
3253 return USERSHARE_MALFORMED_PATH;
3256 sharepath = talloc_strdup(ctx, &lines[1][5]);
3258 return USERSHARE_POSIX_ERR;
3260 trim_string(sharepath, " ", " ");
3262 if (strncmp(lines[2], "comment=", 8) != 0) {
3263 return USERSHARE_MALFORMED_COMMENT_DEF;
3266 comment = talloc_strdup(ctx, &lines[2][8]);
3268 return USERSHARE_POSIX_ERR;
3270 trim_string(comment, " ", " ");
3271 trim_char(comment, '"', '"');
3273 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3274 return USERSHARE_MALFORMED_ACL_DEF;
3277 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3278 return USERSHARE_ACL_ERR;
3282 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3283 return USERSHARE_MALFORMED_ACL_DEF;
3285 if (lines[4][9] == 'y') {
3286 *pallow_guest = true;
3289 /* Backwards compatible extension to file version #2. */
3291 if (strncmp(lines[5], "sharename=", 10) != 0) {
3292 return USERSHARE_MALFORMED_SHARENAME_DEF;
3294 if (!strequal(&lines[5][10], servicename)) {
3295 return USERSHARE_BAD_SHARENAME;
3297 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3298 if (!*pp_cp_servicename) {
3299 return USERSHARE_POSIX_ERR;
3304 if (*pp_cp_servicename == NULL) {
3305 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3306 if (!*pp_cp_servicename) {
3307 return USERSHARE_POSIX_ERR;
3311 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3312 /* Path didn't change, no checks needed. */
3313 *pp_sharepath = sharepath;
3314 *pp_comment = comment;
3315 return USERSHARE_OK;
3318 /* The path *must* be absolute. */
3319 if (sharepath[0] != '/') {
3320 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3321 servicename, sharepath));
3322 return USERSHARE_PATH_NOT_ABSOLUTE;
3325 /* If there is a usershare prefix deny list ensure one of these paths
3326 doesn't match the start of the user given path. */
3327 if (prefixdenylist) {
3329 for ( i=0; prefixdenylist[i]; i++ ) {
3330 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3331 servicename, i, prefixdenylist[i], sharepath ));
3332 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3333 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3334 "usershare prefix deny list entries.\n",
3335 servicename, sharepath));
3336 return USERSHARE_PATH_IS_DENIED;
3341 /* If there is a usershare prefix allow list ensure one of these paths
3342 does match the start of the user given path. */
3344 if (prefixallowlist) {
3346 for ( i=0; prefixallowlist[i]; i++ ) {
3347 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3348 servicename, i, prefixallowlist[i], sharepath ));
3349 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3353 if (prefixallowlist[i] == NULL) {
3354 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3355 "usershare prefix allow list entries.\n",
3356 servicename, sharepath));
3357 return USERSHARE_PATH_NOT_ALLOWED;
3361 /* Ensure this is pointing to a directory. */
3362 dp = opendir(sharepath);
3365 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3366 servicename, sharepath));
3367 return USERSHARE_PATH_NOT_DIRECTORY;
3370 /* Ensure the owner of the usershare file has permission to share
3373 if (sys_stat(sharepath, &sbuf, false) == -1) {
3374 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3375 servicename, sharepath, strerror(errno) ));
3377 return USERSHARE_POSIX_ERR;
3382 if (!S_ISDIR(sbuf.st_ex_mode)) {
3383 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3384 servicename, sharepath ));
3385 return USERSHARE_PATH_NOT_DIRECTORY;
3388 /* Check if sharing is restricted to owner-only. */
3389 /* psbuf is the stat of the usershare definition file,
3390 sbuf is the stat of the target directory to be shared. */
3392 if (lp_usershare_owner_only()) {
3393 /* root can share anything. */
3394 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3395 return USERSHARE_PATH_NOT_ALLOWED;
3399 *pp_sharepath = sharepath;
3400 *pp_comment = comment;
3401 return USERSHARE_OK;
3404 /***************************************************************************
3405 Deal with a usershare file.
3408 -1 - Bad name, invalid contents.
3409 - service name already existed and not a usershare, problem
3410 with permissions to share directory etc.
3411 ***************************************************************************/
3413 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3415 SMB_STRUCT_STAT sbuf;
3416 SMB_STRUCT_STAT lsbuf;
3418 char *sharepath = NULL;
3419 char *comment = NULL;
3420 char *cp_service_name = NULL;
3421 char **lines = NULL;
3425 TALLOC_CTX *ctx = talloc_stackframe();
3426 struct security_descriptor *psd = NULL;
3427 bool guest_ok = false;
3428 char *canon_name = NULL;
3429 bool added_service = false;
3433 /* Ensure share name doesn't contain invalid characters. */
3434 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3435 DEBUG(0,("process_usershare_file: share name %s contains "
3436 "invalid characters (any of %s)\n",
3437 file_name, INVALID_SHARENAME_CHARS ));
3441 canon_name = canonicalize_servicename(ctx, file_name);
3446 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3451 /* Minimize the race condition by doing an lstat before we
3452 open and fstat. Ensure this isn't a symlink link. */
3454 if (sys_lstat(fname, &lsbuf, false) != 0) {
3455 if (errno == ENOENT) {
3456 /* Unknown share requested. Just ignore. */
3459 /* Only log messages for meaningful problems. */
3460 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3461 fname, strerror(errno) ));
3465 /* This must be a regular file, not a symlink, directory or
3466 other strange filetype. */
3467 if (!check_usershare_stat(fname, &lsbuf)) {
3474 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3479 if (NT_STATUS_IS_OK(status) &&
3480 (data.dptr != NULL) &&
3481 (data.dsize == sizeof(iService))) {
3482 memcpy(&iService, data.dptr, sizeof(iService));
3486 if (iService != -1 &&
3487 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3488 &lsbuf.st_ex_mtime) == 0) {
3489 /* Nothing changed - Mark valid and return. */
3490 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3492 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3497 /* Try and open the file read only - no symlinks allowed. */
3499 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3501 fd = open(fname, O_RDONLY, 0);
3505 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3506 fname, strerror(errno) ));
3510 /* Now fstat to be *SURE* it's a regular file. */
3511 if (sys_fstat(fd, &sbuf, false) != 0) {
3513 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3514 fname, strerror(errno) ));
3518 /* Is it the same dev/inode as was lstated ? */
3519 if (!check_same_stat(&lsbuf, &sbuf)) {
3521 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3522 "Symlink spoofing going on ?\n", fname ));
3526 /* This must be a regular file, not a symlink, directory or
3527 other strange filetype. */
3528 if (!check_usershare_stat(fname, &sbuf)) {
3533 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3536 if (lines == NULL) {
3537 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3538 fname, (unsigned int)sbuf.st_ex_uid ));
3542 if (parse_usershare_file(ctx, &sbuf, file_name,
3543 iService, lines, numlines, &sharepath,
3544 &comment, &cp_service_name,
3545 &psd, &guest_ok) != USERSHARE_OK) {
3549 /* Everything ok - add the service possibly using a template. */
3551 const struct loadparm_service *sp = &sDefault;
3552 if (snum_template != -1) {
3553 sp = ServicePtrs[snum_template];
3556 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3557 DEBUG(0, ("process_usershare_file: Failed to add "
3558 "new service %s\n", cp_service_name));
3562 added_service = true;
3564 /* Read only is controlled by usershare ACL below. */
3565 ServicePtrs[iService]->read_only = false;
3568 /* Write the ACL of the new/modified share. */
3569 status = set_share_security(canon_name, psd);
3570 if (!NT_STATUS_IS_OK(status)) {
3571 DEBUG(0, ("process_usershare_file: Failed to set share "
3572 "security for user share %s\n",
3577 /* If from a template it may be marked invalid. */
3578 ServicePtrs[iService]->valid = true;
3580 /* Set the service as a valid usershare. */
3581 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3583 /* Set guest access. */
3584 if (lp_usershare_allow_guests()) {
3585 ServicePtrs[iService]->guest_ok = guest_ok;
3588 /* And note when it was loaded. */
3589 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3590 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3592 lpcfg_string_set(ServicePtrs[iService],
3593 &ServicePtrs[iService]->comment, comment);
3599 if (ret == -1 && iService != -1 && added_service) {
3600 lp_remove_service(iService);
3608 /***************************************************************************
3609 Checks if a usershare entry has been modified since last load.
3610 ***************************************************************************/
3612 static bool usershare_exists(int iService, struct timespec *last_mod)
3614 SMB_STRUCT_STAT lsbuf;
3615 const char *usersharepath = Globals.usershare_path;
3618 fname = talloc_asprintf(talloc_tos(),
3621 ServicePtrs[iService]->szService);
3622 if (fname == NULL) {
3626 if (sys_lstat(fname, &lsbuf, false) != 0) {
3631 if (!S_ISREG(lsbuf.st_ex_mode)) {
3637 *last_mod = lsbuf.st_ex_mtime;
3641 static bool usershare_directory_is_root(uid_t uid)
3647 if (uid_wrapper_enabled()) {
3654 /***************************************************************************
3655 Load a usershare service by name. Returns a valid servicenumber or -1.
3656 ***************************************************************************/
3658 int load_usershare_service(const char *servicename)
3660 SMB_STRUCT_STAT sbuf;
3661 const char *usersharepath = Globals.usershare_path;
3662 int max_user_shares = Globals.usershare_max_shares;
3663 int snum_template = -1;
3665 if (servicename[0] == '\0') {
3666 /* Invalid service name. */
3670 if (*usersharepath == 0 || max_user_shares == 0) {
3674 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3675 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3676 usersharepath, strerror(errno) ));
3680 if (!S_ISDIR(sbuf.st_ex_mode)) {
3681 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3687 * This directory must be owned by root, and have the 't' bit set.
3688 * It also must not be writable by "other".
3692 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3693 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3695 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3696 (sbuf.st_ex_mode & S_IWOTH)) {
3698 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3699 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3704 /* Ensure the template share exists if it's set. */
3705 if (Globals.usershare_template_share[0]) {
3706 /* We can't use lp_servicenumber here as we are recommending that
3707 template shares have -valid=false set. */
3708 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3709 if (ServicePtrs[snum_template]->szService &&
3710 strequal(ServicePtrs[snum_template]->szService,
3711 Globals.usershare_template_share)) {
3716 if (snum_template == -1) {
3717 DEBUG(0,("load_usershare_service: usershare template share %s "
3718 "does not exist.\n",
3719 Globals.usershare_template_share ));
3724 return process_usershare_file(usersharepath, servicename, snum_template);
3727 /***************************************************************************
3728 Load all user defined shares from the user share directory.
3729 We only do this if we're enumerating the share list.
3730 This is the function that can delete usershares that have
3732 ***************************************************************************/
3734 int load_usershare_shares(struct smbd_server_connection *sconn,
3735 bool (*snumused) (struct smbd_server_connection *, int))
3738 SMB_STRUCT_STAT sbuf;
3740 int num_usershares = 0;
3741 int max_user_shares = Globals.usershare_max_shares;
3742 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3743 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3744 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3746 int snum_template = -1;
3747 const char *usersharepath = Globals.usershare_path;
3748 int ret = lp_numservices();
3749 TALLOC_CTX *tmp_ctx;
3751 if (max_user_shares == 0 || *usersharepath == '\0') {
3752 return lp_numservices();
3755 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3756 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3757 usersharepath, strerror(errno) ));
3762 * This directory must be owned by root, and have the 't' bit set.
3763 * It also must not be writable by "other".
3767 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3769 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3771 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3772 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3777 /* Ensure the template share exists if it's set. */
3778 if (Globals.usershare_template_share[0]) {
3779 /* We can't use lp_servicenumber here as we are recommending that
3780 template shares have -valid=false set. */
3781 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3782 if (ServicePtrs[snum_template]->szService &&
3783 strequal(ServicePtrs[snum_template]->szService,
3784 Globals.usershare_template_share)) {
3789 if (snum_template == -1) {
3790 DEBUG(0,("load_usershare_shares: usershare template share %s "
3791 "does not exist.\n",
3792 Globals.usershare_template_share ));
3797 /* Mark all existing usershares as pending delete. */
3798 for (iService = iNumServices - 1; iService >= 0; iService--) {
3799 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3800 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3804 dp = opendir(usersharepath);
3806 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3807 usersharepath, strerror(errno) ));
3811 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3813 num_dir_entries++ ) {
3815 const char *n = de->d_name;
3817 /* Ignore . and .. */
3819 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3825 /* Temporary file used when creating a share. */
3826 num_tmp_dir_entries++;
3829 /* Allow 20% tmp entries. */
3830 if (num_tmp_dir_entries > allowed_tmp_entries) {
3831 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3832 "in directory %s\n",
3833 num_tmp_dir_entries, usersharepath));
3837 r = process_usershare_file(usersharepath, n, snum_template);
3839 /* Update the services count. */
3841 if (num_usershares >= max_user_shares) {
3842 DEBUG(0,("load_usershare_shares: max user shares reached "
3843 "on file %s in directory %s\n",
3844 n, usersharepath ));
3847 } else if (r == -1) {
3848 num_bad_dir_entries++;
3851 /* Allow 20% bad entries. */
3852 if (num_bad_dir_entries > allowed_bad_entries) {
3853 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3854 "in directory %s\n",
3855 num_bad_dir_entries, usersharepath));
3859 /* Allow 20% bad entries. */
3860 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3861 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3862 "in directory %s\n",
3863 num_dir_entries, usersharepath));
3870 /* Sweep through and delete any non-refreshed usershares that are
3871 not currently in use. */
3872 tmp_ctx = talloc_stackframe();
3873 for (iService = iNumServices - 1; iService >= 0; iService--) {
3874 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3875 const struct loadparm_substitution *lp_sub =
3876 loadparm_s3_global_substitution();
3879 if (snumused && snumused(sconn, iService)) {
3883 servname = lp_servicename(tmp_ctx, lp_sub, iService);
3885 /* Remove from the share ACL db. */
3886 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3888 delete_share_security(servname);
3889 free_service_byindex(iService);
3892 talloc_free(tmp_ctx);
3894 return lp_numservices();
3897 /********************************************************
3898 Destroy global resources allocated in this file
3899 ********************************************************/
3901 void gfree_loadparm(void)
3907 /* Free resources allocated to services */
3909 for ( i = 0; i < iNumServices; i++ ) {
3911 free_service_byindex(i);
3915 TALLOC_FREE( ServicePtrs );
3918 /* Now release all resources allocated to global
3919 parameters and the default service */
3921 free_global_parameters();
3925 /***************************************************************************
3926 Allow client apps to specify that they are a client
3927 ***************************************************************************/
3928 static void lp_set_in_client(bool b)
3934 /***************************************************************************
3935 Determine if we're running in a client app
3936 ***************************************************************************/
3937 static bool lp_is_in_client(void)
3942 static void lp_enforce_ad_dc_settings(void)
3944 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3945 lp_do_parameter(GLOBAL_SECTION_SNUM,
3946 "winbindd:use external pipes", "true");
3947 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3948 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3949 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3950 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3951 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3952 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3953 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3954 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3955 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3958 /***************************************************************************
3959 Load the services array from the services file. Return true on success,
3961 ***************************************************************************/
3963 static bool lp_load_ex(const char *pszFname,
3967 bool reinit_globals,
3968 bool allow_include_registry,
3969 bool load_all_shares)
3973 TALLOC_CTX *frame = talloc_stackframe();
3974 struct loadparm_context *lp_ctx;
3975 int max_protocol, min_protocol;
3977 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3979 bInGlobalSection = true;
3980 bGlobalOnly = global_only;
3981 bAllowIncludeRegistry = allow_include_registry;
3982 sDefault = _sDefault;
3984 lp_ctx = setup_lp_context(talloc_tos());
3986 init_globals(lp_ctx, reinit_globals);
3990 if (save_defaults) {
3995 if (!reinit_globals) {
3996 free_param_opts(&Globals.param_opt);
3997 apply_lp_set_cmdline();
4000 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
4002 /* We get sections first, so have to start 'behind' to make up */
4005 if (lp_config_backend_is_file()) {
4006 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
4007 get_current_user_info_domain(),
4010 smb_panic("lp_load_ex: out of memory");
4013 add_to_file_list(NULL, &file_lists, pszFname, n2);
4015 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
4018 /* finish up the last section */
4019 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
4021 if (iServiceIndex >= 0) {
4022 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
4026 if (lp_config_backend_is_registry()) {
4028 /* config backend changed to registry in config file */
4030 * We need to use this extra global variable here to
4031 * survive restart: init_globals uses this as a default
4032 * for config_backend. Otherwise, init_globals would
4033 * send us into an endless loop here.
4036 config_backend = CONFIG_BACKEND_REGISTRY;
4038 DEBUG(1, ("lp_load_ex: changing to config backend "
4040 init_globals(lp_ctx, true);
4042 TALLOC_FREE(lp_ctx);
4044 lp_kill_all_services();
4045 ok = lp_load_ex(pszFname, global_only, save_defaults,
4046 add_ipc, reinit_globals,
4047 allow_include_registry,
4052 } else if (lp_config_backend_is_registry()) {
4053 bRetval = process_registry_globals();
4055 DEBUG(0, ("Illegal config backend given: %d\n",
4056 lp_config_backend()));
4060 if (bRetval && lp_registry_shares()) {
4061 if (load_all_shares) {
4062 bRetval = process_registry_shares();
4064 bRetval = reload_registry_shares();
4069 const struct loadparm_substitution *lp_sub =
4070 loadparm_s3_global_substitution();
4071 char *serv = lp_auto_services(talloc_tos(), lp_sub);
4072 lp_add_auto_services(serv);
4077 /* When 'restrict anonymous = 2' guest connections to ipc$
4079 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
4080 if ( lp_enable_asu_support() ) {
4081 lp_add_ipc("ADMIN$", false);
4085 set_allowed_client_auth();
4087 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
4088 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
4089 lp_password_server()));
4094 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4095 /* if we_are_a_wins_server is true and we are in the client */
4096 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4097 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4102 fault_configure(smb_panic_s3);
4105 * We run this check once the whole smb.conf is parsed, to
4106 * force some settings for the standard way a AD DC is
4107 * operated. We may change these as our code evolves, which
4108 * is why we force these settings.
4110 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4111 lp_enforce_ad_dc_settings();
4114 bAllowIncludeRegistry = true;
4116 /* Check if command line max protocol < min protocol, if so
4117 * report a warning to the user.
4119 max_protocol = lp_client_max_protocol();
4120 min_protocol = lp_client_min_protocol();
4121 if (max_protocol < min_protocol) {
4122 const char *max_protocolp, *min_protocolp;
4123 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4124 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4125 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4126 max_protocolp, min_protocolp);
4133 static bool lp_load(const char *pszFname,
4137 bool reinit_globals)
4139 return lp_load_ex(pszFname,
4144 true, /* allow_include_registry */
4145 false); /* load_all_shares*/
4148 bool lp_load_initial_only(const char *pszFname)
4150 return lp_load_ex(pszFname,
4151 true, /* global only */
4152 true, /* save_defaults */
4153 false, /* add_ipc */
4154 true, /* reinit_globals */
4155 false, /* allow_include_registry */
4156 false); /* load_all_shares*/
4160 * most common lp_load wrapper, loading only the globals
4162 * If this is used in a daemon or client utility it should be called
4163 * after processing popt.
4165 bool lp_load_global(const char *file_name)
4167 return lp_load(file_name,
4168 true, /* global_only */
4169 false, /* save_defaults */
4170 false, /* add_ipc */
4171 true); /* reinit_globals */
4175 * The typical lp_load wrapper with shares, loads global and
4176 * shares, including IPC, but does not force immediate
4177 * loading of all shares from registry.
4179 bool lp_load_with_shares(const char *file_name)
4181 return lp_load(file_name,
4182 false, /* global_only */
4183 false, /* save_defaults */
4185 true); /* reinit_globals */
4189 * lp_load wrapper, especially for clients
4191 bool lp_load_client(const char *file_name)
4193 lp_set_in_client(true);
4195 return lp_load_global(file_name);
4199 * lp_load wrapper, loading only globals, but intended
4200 * for subsequent calls, not reinitializing the globals
4203 bool lp_load_global_no_reinit(const char *file_name)
4205 return lp_load(file_name,
4206 true, /* global_only */
4207 false, /* save_defaults */
4208 false, /* add_ipc */
4209 false); /* reinit_globals */
4213 * lp_load wrapper, loading globals and shares,
4214 * intended for subsequent calls, i.e. not reinitializing
4215 * the globals to default values.
4217 bool lp_load_no_reinit(const char *file_name)
4219 return lp_load(file_name,
4220 false, /* global_only */
4221 false, /* save_defaults */
4222 false, /* add_ipc */
4223 false); /* reinit_globals */
4228 * lp_load wrapper, especially for clients, no reinitialization
4230 bool lp_load_client_no_reinit(const char *file_name)
4232 lp_set_in_client(true);
4234 return lp_load_global_no_reinit(file_name);
4237 bool lp_load_with_registry_shares(const char *pszFname)
4239 return lp_load_ex(pszFname,
4240 false, /* global_only */
4241 true, /* save_defaults */
4242 false, /* add_ipc */
4243 true, /* reinit_globals */
4244 true, /* allow_include_registry */
4245 true); /* load_all_shares*/
4248 /***************************************************************************
4249 Return the max number of services.
4250 ***************************************************************************/
4252 int lp_numservices(void)
4254 return (iNumServices);
4257 /***************************************************************************
4258 Display the contents of the services array in human-readable form.
4259 ***************************************************************************/
4261 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4264 struct loadparm_context *lp_ctx;
4267 defaults_saved = false;
4269 lp_ctx = setup_lp_context(talloc_tos());
4270 if (lp_ctx == NULL) {
4274 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4276 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4278 for (iService = 0; iService < maxtoprint; iService++) {
4280 lp_dump_one(f, show_defaults, iService);
4282 TALLOC_FREE(lp_ctx);
4285 /***************************************************************************
4286 Display the contents of one service in human-readable form.
4287 ***************************************************************************/
4289 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4292 if (ServicePtrs[snum]->szService[0] == '\0')
4294 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4295 flags_list, show_defaults);
4299 /***************************************************************************
4300 Return the number of the service with the given name, or -1 if it doesn't
4301 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4302 getservicebyname()! This works ONLY if all services have been loaded, and
4303 does not copy the found service.
4304 ***************************************************************************/
4306 int lp_servicenumber(const char *pszServiceName)
4309 fstring serviceName;
4311 if (!pszServiceName) {
4312 return GLOBAL_SECTION_SNUM;
4315 for (iService = iNumServices - 1; iService >= 0; iService--) {
4316 if (VALID(iService) && ServicePtrs[iService]->szService) {
4318 * The substitution here is used to support %U in
4321 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4322 standard_sub_basic(get_current_username(),
4323 get_current_user_info_domain(),
4324 serviceName,sizeof(serviceName));
4325 if (strequal(serviceName, pszServiceName)) {
4331 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4332 struct timespec last_mod;
4334 if (!usershare_exists(iService, &last_mod)) {
4335 /* Remove the share security tdb entry for it. */
4336 delete_share_security(lp_const_servicename(iService));
4337 /* Remove it from the array. */
4338 free_service_byindex(iService);
4339 /* Doesn't exist anymore. */
4340 return GLOBAL_SECTION_SNUM;
4343 /* Has it been modified ? If so delete and reload. */
4344 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4346 /* Remove it from the array. */
4347 free_service_byindex(iService);
4348 /* and now reload it. */
4349 iService = load_usershare_service(pszServiceName);
4354 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4355 return GLOBAL_SECTION_SNUM;
4361 /*******************************************************************
4362 A useful volume label function.
4363 ********************************************************************/
4365 const char *volume_label(TALLOC_CTX *ctx, int snum)
4367 const struct loadparm_substitution *lp_sub =
4368 loadparm_s3_global_substitution();
4370 const char *label = lp_volume(ctx, lp_sub, snum);
4374 label = lp_servicename(ctx, lp_sub, snum);
4378 * Volume label can be a max of 32 bytes. Make sure to truncate
4379 * it at a codepoint boundary if it's longer than 32 and contains
4380 * multibyte characters. Windows insists on a volume label being
4381 * a valid mb sequence, and errors out if not.
4383 if (strlen(label) > 32) {
4385 * A MB char can be a max of 5 bytes, thus
4386 * we should have a valid mb character at a
4387 * minimum position of (32-5) = 27.
4391 * Check if a codepoint starting from next byte
4392 * is valid. If yes, then the current byte is the
4393 * end of a MB or ascii sequence and the label can
4394 * be safely truncated here. If not, keep going
4395 * backwards till a valid codepoint is found.
4398 const char *s = &label[end];
4399 codepoint_t c = next_codepoint(s, &len);
4400 if (c != INVALID_CODEPOINT) {
4407 /* This returns a max of 33 byte guarenteed null terminated string. */
4408 ret = talloc_strndup(ctx, label, end);
4415 /*******************************************************************
4416 Get the default server type we will announce as via nmbd.
4417 ********************************************************************/
4419 int lp_default_server_announce(void)
4421 int default_server_announce = 0;
4422 default_server_announce |= SV_TYPE_WORKSTATION;
4423 default_server_announce |= SV_TYPE_SERVER;
4424 default_server_announce |= SV_TYPE_SERVER_UNIX;
4426 /* note that the flag should be set only if we have a
4427 printer service but nmbd doesn't actually load the
4428 services so we can't tell --jerry */
4430 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4432 default_server_announce |= SV_TYPE_SERVER_NT;
4433 default_server_announce |= SV_TYPE_NT;
4435 switch (lp_server_role()) {
4436 case ROLE_DOMAIN_MEMBER:
4437 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4439 case ROLE_DOMAIN_PDC:
4441 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4443 case ROLE_DOMAIN_BDC:
4444 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4446 case ROLE_STANDALONE:
4450 if (lp_time_server())
4451 default_server_announce |= SV_TYPE_TIME_SOURCE;
4453 if (lp_host_msdfs())
4454 default_server_announce |= SV_TYPE_DFS_SERVER;
4456 return default_server_announce;
4459 /***********************************************************
4460 If we are PDC then prefer us as DMB
4461 ************************************************************/
4463 bool lp_domain_master(void)
4465 if (Globals._domain_master == Auto)
4466 return (lp_server_role() == ROLE_DOMAIN_PDC ||
4467 lp_server_role() == ROLE_IPA_DC);
4469 return (bool)Globals._domain_master;
4472 /***********************************************************
4473 If we are PDC then prefer us as DMB
4474 ************************************************************/
4476 static bool lp_domain_master_true_or_auto(void)
4478 if (Globals._domain_master) /* auto or yes */
4484 /***********************************************************
4485 If we are DMB then prefer us as LMB
4486 ************************************************************/
4488 bool lp_preferred_master(void)
4490 int preferred_master = lp__preferred_master();
4492 if (preferred_master == Auto)
4493 return (lp_local_master() && lp_domain_master());
4495 return (bool)preferred_master;
4498 /*******************************************************************
4500 ********************************************************************/
4502 void lp_remove_service(int snum)
4504 ServicePtrs[snum]->valid = false;
4507 const char *lp_printername(TALLOC_CTX *ctx,
4508 const struct loadparm_substitution *lp_sub,
4511 const char *ret = lp__printername(ctx, lp_sub, snum);
4513 if (ret == NULL || *ret == '\0') {
4514 ret = lp_const_servicename(snum);
4521 /***********************************************************
4522 Allow daemons such as winbindd to fix their logfile name.
4523 ************************************************************/
4525 void lp_set_logfile(const char *name)
4527 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4528 debug_set_logfile(name);
4531 /*******************************************************************
4532 Return the max print jobs per queue.
4533 ********************************************************************/
4535 int lp_maxprintjobs(int snum)
4537 int maxjobs = lp_max_print_jobs(snum);
4539 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4540 maxjobs = PRINT_MAX_JOBID - 1;
4545 const char *lp_printcapname(void)
4547 const char *printcap_name = lp_printcap_name();
4549 if ((printcap_name != NULL) &&
4550 (printcap_name[0] != '\0'))
4551 return printcap_name;
4553 if (sDefault.printing == PRINT_CUPS) {
4557 if (sDefault.printing == PRINT_BSD)
4558 return "/etc/printcap";
4560 return PRINTCAP_NAME;
4563 static uint32_t spoolss_state;
4565 bool lp_disable_spoolss( void )
4567 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4568 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4570 return spoolss_state == SVCCTL_STOPPED ? true : false;
4573 void lp_set_spoolss_state( uint32_t state )
4575 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4577 spoolss_state = state;
4580 uint32_t lp_get_spoolss_state( void )
4582 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4585 /*******************************************************************
4586 Turn off sendfile if we find the underlying OS doesn't support it.
4587 ********************************************************************/
4589 void set_use_sendfile(int snum, bool val)
4591 if (LP_SNUM_OK(snum))
4592 ServicePtrs[snum]->_use_sendfile = val;
4594 sDefault._use_sendfile = val;
4597 void lp_set_mangling_method(const char *new_method)
4599 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4602 /*******************************************************************
4603 Global state for POSIX pathname processing.
4604 ********************************************************************/
4606 static bool posix_pathnames;
4608 bool lp_posix_pathnames(void)
4610 return posix_pathnames;
4613 /*******************************************************************
4614 Change everything needed to ensure POSIX pathname processing (currently
4616 ********************************************************************/
4618 void lp_set_posix_pathnames(void)
4620 posix_pathnames = true;
4623 /*******************************************************************
4624 Global state for POSIX lock processing - CIFS unix extensions.
4625 ********************************************************************/
4627 bool posix_default_lock_was_set;
4628 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4630 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4632 if (posix_default_lock_was_set) {
4633 return posix_cifsx_locktype;
4635 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4636 POSIX_LOCK : WINDOWS_LOCK;
4640 /*******************************************************************
4641 ********************************************************************/
4643 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4645 posix_default_lock_was_set = true;
4646 posix_cifsx_locktype = val;
4649 int lp_min_receive_file_size(void)
4651 int min_receivefile_size = lp_min_receivefile_size();
4653 if (min_receivefile_size < 0) {
4656 return min_receivefile_size;
4659 /*******************************************************************
4660 Safe wide links checks.
4661 This helper function always verify the validity of wide links,
4662 even after a configuration file reload.
4663 ********************************************************************/
4665 void widelinks_warning(int snum)
4667 if (lp_allow_insecure_wide_links()) {
4671 if (lp_wide_links(snum)) {
4672 if (lp_smb1_unix_extensions()) {
4673 DBG_ERR("Share '%s' has wide links and SMB1 unix "
4674 "extensions enabled. "
4675 "These parameters are incompatible. "
4676 "Wide links will be disabled for this share.\n",
4677 lp_const_servicename(snum));
4678 } else if (lp_smb3_unix_extensions()) {
4679 DBG_ERR("Share '%s' has wide links and SMB3 unix "
4680 "extensions enabled. "
4681 "These parameters are incompatible. "
4682 "Wide links will be disabled for this share.\n",
4683 lp_const_servicename(snum));
4688 bool lp_widelinks(int snum)
4690 /* wide links is always incompatible with unix extensions */
4691 if (lp_smb1_unix_extensions() || lp_smb3_unix_extensions()) {
4693 * Unless we have "allow insecure widelinks"
4696 if (!lp_allow_insecure_wide_links()) {
4701 return lp_wide_links(snum);
4704 int lp_server_role(void)
4706 return lp_find_server_role(lp__server_role(),
4708 lp__domain_logons(),
4709 lp_domain_master_true_or_auto());
4712 int lp_security(void)
4714 return lp_find_security(lp__server_role(),
4718 int lp_client_max_protocol(void)
4720 int client_max_protocol = lp__client_max_protocol();
4721 if (client_max_protocol == PROTOCOL_DEFAULT) {
4722 return PROTOCOL_LATEST;
4724 return client_max_protocol;
4727 int lp_client_ipc_min_protocol(void)
4729 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4730 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4731 client_ipc_min_protocol = lp_client_min_protocol();
4733 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4734 return PROTOCOL_NT1;
4736 return client_ipc_min_protocol;
4739 int lp_client_ipc_max_protocol(void)
4741 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4742 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4743 return PROTOCOL_LATEST;
4745 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4746 return PROTOCOL_NT1;
4748 return client_ipc_max_protocol;
4751 int lp_client_ipc_signing(void)
4753 int client_ipc_signing = lp__client_ipc_signing();
4754 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4755 return SMB_SIGNING_REQUIRED;
4757 return client_ipc_signing;
4760 enum credentials_use_kerberos lp_client_use_kerberos(void)
4762 if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
4763 return CRED_USE_KERBEROS_REQUIRED;
4766 return lp__client_use_kerberos();
4770 int lp_rpc_low_port(void)
4772 return Globals.rpc_low_port;
4775 int lp_rpc_high_port(void)
4777 return Globals.rpc_high_port;
4781 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4783 * This also ensures it is disabled if NTLM is totally disabled
4785 bool lp_lanman_auth(void)
4787 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4789 if (ntlm_auth_level == NTLM_AUTH_ON) {
4790 return lp__lanman_auth();
4796 struct loadparm_global * get_globals(void)
4801 unsigned int * get_flags(void)
4803 if (flags_list == NULL) {
4804 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
4810 enum samba_weak_crypto lp_weak_crypto(void)
4812 if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
4813 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
4815 if (samba_gnutls_weak_crypto_allowed()) {
4816 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
4820 return Globals.weak_crypto;
4823 uint32_t lp_get_async_dns_timeout(void)
4826 * Clamp minimum async dns timeout to 1 second
4827 * as per the man page.
4829 return MAX(Globals.async_dns_timeout, 1);
4832 bool lp_smb3_unix_extensions(void)
4834 #if defined(DEVELOPER)
4835 return lp__smb3_unix_extensions();