2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "system/filesys.h"
60 #include "lib/param/loadparm.h"
61 #include "lib/param/param.h"
63 #include "lib/smbconf/smbconf.h"
64 #include "lib/smbconf/smbconf_init.h"
67 #include "../librpc/gen_ndr/svcctl.h"
69 #include "../libcli/smb/smb_signing.h"
70 #include "dbwrap/dbwrap.h"
71 #include "dbwrap/dbwrap_rbt.h"
72 #include "../lib/util/bitmap.h"
73 #include "librpc/gen_ndr/nbt.h"
74 #include "source4/lib/tls/tls.h"
75 #include "libcli/auth/ntlm_check.h"
76 #include "lib/crypto/gnutls_helpers.h"
77 #include "lib/util/string_wrappers.h"
78 #include "auth/credentials/credentials.h"
80 #ifdef HAVE_SYS_SYSCTL_H
81 #include <sys/sysctl.h>
86 extern userdom_struct current_user_info;
88 /* the special value for the include parameter
89 * to be interpreted not as a file name but to
90 * trigger loading of the global smb.conf options
92 #ifndef INCLUDE_REGISTRY_NAME
93 #define INCLUDE_REGISTRY_NAME "registry"
96 static bool in_client = false; /* Not in the client by default */
97 static struct smbconf_csn conf_last_csn;
99 static int config_backend = CONFIG_BACKEND_FILE;
101 /* some helpful bits */
102 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
103 (ServicePtrs != NULL) && \
104 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
105 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
106 ServicePtrs[i]->valid)
108 #define USERSHARE_VALID 1
109 #define USERSHARE_PENDING_DELETE 2
111 static bool defaults_saved = false;
113 #include "lib/param/param_global.h"
115 static struct loadparm_global Globals;
117 /* This is a default service used to prime a services structure */
118 static const struct loadparm_service _sDefault =
123 .usershare_last_mod = {0, 0},
126 .invalid_users = NULL,
133 .root_preexec = NULL,
134 .root_postexec = NULL,
135 .cups_options = NULL,
136 .print_command = NULL,
138 .lprm_command = NULL,
139 .lppause_command = NULL,
140 .lpresume_command = NULL,
141 .queuepause_command = NULL,
142 .queueresume_command = NULL,
143 ._printername = NULL,
144 .printjob_username = NULL,
145 .dont_descend = NULL,
148 .magic_script = NULL,
149 .magic_output = NULL,
152 .veto_oplock_files = NULL,
162 .aio_write_behind = NULL,
163 .dfree_command = NULL,
164 .min_print_space = 0,
165 .max_print_jobs = 1000,
166 .max_reported_print_jobs = 0,
168 .force_create_mode = 0,
169 .directory_mask = 0755,
170 .force_directory_mode = 0,
171 .max_connections = 0,
172 .default_case = CASE_LOWER,
173 .printing = DEFAULT_PRINTING,
176 .dfree_cache_time = 0,
177 .preexec_close = false,
178 .root_preexec_close = false,
179 .case_sensitive = Auto,
180 .preserve_case = true,
181 .short_preserve_case = true,
182 .hide_dot_files = true,
183 .hide_special_files = false,
184 .hide_unreadable = false,
185 .hide_unwriteable_files = false,
187 .access_based_share_enum = false,
192 .administrative_share = false,
195 .print_notify_backchannel = false,
199 .store_dos_attributes = true,
200 .smbd_max_xattr_size = 65536,
201 .dmapi_support = false,
203 .strict_locking = Auto,
204 .posix_locking = true,
206 .kernel_oplocks = false,
207 .level2_oplocks = true,
208 .mangled_names = MANGLED_NAMES_ILLEGAL,
210 .follow_symlinks = true,
211 .sync_always = false,
212 .strict_allocate = false,
213 .strict_rename = false,
215 .mangling_char = '~',
217 .delete_readonly = false,
218 .fake_oplocks = false,
219 .delete_veto_files = false,
220 .dos_filemode = false,
221 .dos_filetimes = true,
222 .dos_filetime_resolution = false,
223 .fake_directory_create_times = false,
224 .blocking_locks = true,
225 .inherit_permissions = false,
226 .inherit_acls = false,
227 .inherit_owner = false,
229 .msdfs_shuffle_referrals = false,
230 .use_client_driver = false,
231 .default_devmode = true,
232 .force_printername = false,
233 .nt_acl_support = true,
234 .force_unknown_acl_user = false,
235 ._use_sendfile = false,
236 .map_acl_inherit = false,
239 .acl_check_permissions = true,
240 .acl_map_full_control = true,
241 .acl_group_control = false,
242 .acl_allow_execute_always = false,
243 .acl_flag_inherited_canonicalization = true,
246 .map_readonly = MAP_READONLY_NO,
247 .directory_name_cache_size = 100,
248 .server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
249 .kernel_share_modes = true,
250 .durable_handles = true,
251 .check_parent_directory_delete_on_close = false,
253 .smbd_search_ask_sharemode = true,
254 .smbd_getinfo_ask_sharemode = true,
255 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
256 .honor_change_notify_privilege = false,
261 * This is a copy of the default service structure. Service options in the
262 * global section would otherwise overwrite the initial default values.
264 static struct loadparm_service sDefault;
266 /* local variables */
267 static struct loadparm_service **ServicePtrs = NULL;
268 static int iNumServices = 0;
269 static int iServiceIndex = 0;
270 static struct db_context *ServiceHash;
271 static bool bInGlobalSection = true;
272 static bool bGlobalOnly = false;
273 static struct file_lists *file_lists = NULL;
274 static unsigned int *flags_list = NULL;
276 static void set_allowed_client_auth(void);
278 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
279 static void free_param_opts(struct parmlist_entry **popts);
282 * Function to return the default value for the maximum number of open
283 * file descriptors permitted. This function tries to consult the
284 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
285 * the smaller of those.
287 static int max_open_files(void)
289 int sysctl_max = MAX_OPEN_FILES;
290 int rlimit_max = MAX_OPEN_FILES;
292 #ifdef HAVE_SYSCTLBYNAME
294 size_t size = sizeof(sysctl_max);
295 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
300 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
306 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
307 rlimit_max = rl.rlim_cur;
309 #if defined(RLIM_INFINITY)
310 if(rl.rlim_cur == RLIM_INFINITY)
311 rlimit_max = MAX_OPEN_FILES;
316 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
317 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
318 "minimum Windows limit (%d)\n",
320 MIN_OPEN_FILES_WINDOWS));
321 sysctl_max = MIN_OPEN_FILES_WINDOWS;
324 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
325 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
326 "minimum Windows limit (%d)\n",
328 MIN_OPEN_FILES_WINDOWS));
329 rlimit_max = MIN_OPEN_FILES_WINDOWS;
332 return MIN(sysctl_max, rlimit_max);
336 * Common part of freeing allocated data for one parameter.
338 static void free_one_parameter_common(void *parm_ptr,
339 struct parm_struct parm)
341 if ((parm.type == P_STRING) ||
342 (parm.type == P_USTRING))
344 lpcfg_string_free((char**)parm_ptr);
345 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
346 TALLOC_FREE(*((char***)parm_ptr));
351 * Free the allocated data for one parameter for a share
352 * given as a service struct.
354 static void free_one_parameter(struct loadparm_service *service,
355 struct parm_struct parm)
359 if (parm.p_class != P_LOCAL) {
363 parm_ptr = lp_parm_ptr(service, &parm);
365 free_one_parameter_common(parm_ptr, parm);
369 * Free the allocated parameter data of a share given
370 * as a service struct.
372 static void free_parameters(struct loadparm_service *service)
376 for (i=0; parm_table[i].label; i++) {
377 free_one_parameter(service, parm_table[i]);
382 * Free the allocated data for one parameter for a given share
383 * specified by an snum.
385 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
390 parm_ptr = lp_parm_ptr(NULL, &parm);
391 } else if (parm.p_class != P_LOCAL) {
394 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
397 free_one_parameter_common(parm_ptr, parm);
401 * Free the allocated parameter data for a share specified
404 static void free_parameters_by_snum(int snum)
408 for (i=0; parm_table[i].label; i++) {
409 free_one_parameter_by_snum(snum, parm_table[i]);
414 * Free the allocated global parameters.
416 static void free_global_parameters(void)
419 struct parm_struct *parm;
421 free_param_opts(&Globals.param_opt);
422 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
424 /* Reset references in the defaults because the context is going to be freed */
425 for (i=0; parm_table[i].label; i++) {
426 parm = &parm_table[i];
427 if ((parm->type == P_STRING) ||
428 (parm->type == P_USTRING)) {
429 if ((parm->def.svalue != NULL) &&
430 (*(parm->def.svalue) != '\0')) {
431 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
432 parm->def.svalue = NULL;
437 TALLOC_FREE(Globals.ctx);
440 struct lp_stored_option {
441 struct lp_stored_option *prev, *next;
446 static struct lp_stored_option *stored_options;
449 save options set by lp_set_cmdline() into a list. This list is
450 re-applied when we do a globals reset, so that cmdline set options
451 are sticky across reloads of smb.conf
453 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
455 struct lp_stored_option *entry, *entry_next;
456 for (entry = stored_options; entry != NULL; entry = entry_next) {
457 entry_next = entry->next;
458 if (strcmp(pszParmName, entry->label) == 0) {
459 DLIST_REMOVE(stored_options, entry);
465 entry = talloc(NULL, struct lp_stored_option);
470 entry->label = talloc_strdup(entry, pszParmName);
476 entry->value = talloc_strdup(entry, pszParmValue);
482 DLIST_ADD_END(stored_options, entry);
487 static bool apply_lp_set_cmdline(void)
489 struct lp_stored_option *entry = NULL;
490 for (entry = stored_options; entry != NULL; entry = entry->next) {
491 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
492 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
493 entry->label, entry->value));
500 /***************************************************************************
501 Initialise the global parameter structure.
502 ***************************************************************************/
504 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
506 static bool done_init = false;
510 /* If requested to initialize only once and we've already done it... */
511 if (!reinit_globals && done_init) {
512 /* ... then we have nothing more to do */
517 /* The logfile can be set before this is invoked. Free it if so. */
518 lpcfg_string_free(&Globals.logfile);
521 free_global_parameters();
524 /* This memset and the free_global_parameters() above will
525 * wipe out smb.conf options set with lp_set_cmdline(). The
526 * apply_lp_set_cmdline() call puts these values back in the
527 * table once the defaults are set */
528 ZERO_STRUCT(Globals);
530 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
532 /* Initialize the flags list if necessary */
533 if (flags_list == NULL) {
537 for (i = 0; parm_table[i].label; i++) {
538 if ((parm_table[i].type == P_STRING ||
539 parm_table[i].type == P_USTRING))
543 (char **)lp_parm_ptr(NULL, &parm_table[i]),
549 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
550 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
552 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
554 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
556 DEBUG(3, ("Initialising global parameters\n"));
558 /* Must manually force to upper case here, as this does not go via the handler */
559 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
562 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
563 get_dyn_SMB_PASSWD_FILE());
564 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
565 get_dyn_PRIVATE_DIR());
566 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
567 get_dyn_BINDDNS_DIR());
569 /* use the new 'hash2' method by default, with a prefix of 1 */
570 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
571 Globals.mangle_prefix = 1;
573 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
575 /* using UTF8 by default allows us to support all chars */
576 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
577 DEFAULT_UNIX_CHARSET);
579 /* Use codepage 850 as a default for the dos character set */
580 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
581 DEFAULT_DOS_CHARSET);
584 * Allow the default PASSWD_CHAT to be overridden in local.h.
586 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
587 DEFAULT_PASSWD_CHAT);
589 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
591 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
592 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
594 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
596 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
598 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
600 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
603 * By default support explicit binding to broadcast
606 Globals.nmbd_bind_explicit_broadcast = true;
608 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
610 smb_panic("init_globals: ENOMEM");
612 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
615 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
616 "/bin/sleep 999999999");
619 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
620 DEFAULT_SOCKET_OPTIONS);
622 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
623 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
624 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
625 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
626 "\\\\%N\\%U\\profile");
628 Globals.name_resolve_order =
629 str_list_make_v3_const(Globals.ctx,
630 DEFAULT_NAME_RESOLVE_ORDER,
632 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
634 Globals.algorithmic_rid_base = BASE_RID;
636 Globals.load_printers = true;
637 Globals.printcap_cache_time = 750; /* 12.5 minutes */
639 Globals.config_backend = config_backend;
640 Globals._server_role = ROLE_AUTO;
642 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
643 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
644 Globals.max_xmit = 0x4104;
645 Globals.max_mux = 50; /* This is *needed* for profile support. */
646 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
647 Globals._disable_spoolss = false;
648 Globals.max_smbd_processes = 0;/* no limit specified */
649 Globals.username_level = 0;
650 Globals.deadtime = 10080;
651 Globals.getwd_cache = true;
652 Globals.large_readwrite = true;
653 Globals.max_log_size = 5000;
654 Globals.max_open_files = max_open_files();
655 Globals.server_max_protocol = PROTOCOL_SMB3_11;
656 Globals.server_min_protocol = PROTOCOL_SMB2_02;
657 Globals._client_max_protocol = PROTOCOL_DEFAULT;
658 Globals.client_min_protocol = PROTOCOL_SMB2_02;
659 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
660 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
661 Globals._security = SEC_AUTO;
662 Globals.encrypt_passwords = true;
663 Globals.client_schannel = true;
664 Globals.winbind_sealed_pipes = true;
665 Globals.require_strong_key = true;
666 Globals.server_schannel = true;
667 Globals.read_raw = true;
668 Globals.write_raw = true;
669 Globals.null_passwords = false;
670 Globals.old_password_allowed_period = 60;
671 Globals.obey_pam_restrictions = false;
673 Globals.syslog_only = false;
674 Globals.timestamp_logs = true;
675 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
676 Globals.debug_prefix_timestamp = false;
677 Globals.debug_hires_timestamp = true;
678 Globals.debug_pid = false;
679 Globals.debug_uid = false;
680 Globals.debug_class = false;
681 Globals.enable_core_files = true;
682 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
683 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
684 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
685 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
686 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
687 Globals.lm_interval = 60;
688 Globals.time_server = false;
689 Globals.bind_interfaces_only = false;
690 Globals.unix_password_sync = false;
691 Globals.pam_password_change = false;
692 Globals.passwd_chat_debug = false;
693 Globals.passwd_chat_timeout = 2; /* 2 second default. */
694 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
695 Globals.nt_status_support = true; /* Use NT status by default. */
696 Globals.smbd_profiling_level = 0;
697 Globals.stat_cache = true; /* use stat cache by default */
698 Globals.max_stat_cache_size = 512; /* 512k by default */
699 Globals.restrict_anonymous = 0;
700 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
701 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
702 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
703 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
704 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
705 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
706 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
708 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
710 Globals.map_to_guest = 0; /* By Default, "Never" */
711 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
712 Globals.enhanced_browsing = true;
713 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
714 Globals.use_mmap = true;
715 Globals.unicode = true;
716 Globals.unix_extensions = true;
717 Globals.reset_on_zero_vc = false;
718 Globals.log_writeable_files_on_exit = false;
719 Globals.create_krb5_conf = true;
720 Globals.include_system_krb5_conf = true;
721 Globals._winbind_max_domain_connections = 1;
723 /* hostname lookups can be very expensive and are broken on
724 a large number of sites (tridge) */
725 Globals.hostname_lookups = false;
727 Globals.change_notify = true,
728 Globals.kernel_change_notify = true,
730 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
731 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
732 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
733 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
734 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
735 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
738 Globals.ldap_ssl = LDAP_SSL_START_TLS;
739 Globals.ldap_deref = -1;
740 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
741 Globals.ldap_delete_dn = false;
742 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
743 Globals.ldap_follow_referral = Auto;
744 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
745 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
746 Globals.ldap_page_size = LDAP_PAGE_SIZE;
748 Globals.ldap_debug_level = 0;
749 Globals.ldap_debug_threshold = 10;
751 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
753 Globals.ldap_server_require_strong_auth =
754 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
756 /* This is what we tell the afs client. in reality we set the token
757 * to never expire, though, when this runs out the afs client will
758 * forget the token. Set to 0 to get NEVERDATE.*/
759 Globals.afs_token_lifetime = 604800;
760 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
762 /* these parameters are set to defaults that are more appropriate
763 for the increasing samba install base:
765 as a member of the workgroup, that will possibly become a
766 _local_ master browser (lm = true). this is opposed to a forced
767 local master browser startup (pm = true).
769 doesn't provide WINS server service by default (wsupp = false),
770 and doesn't provide domain master browser services by default, either.
774 Globals.show_add_printer_wizard = true;
775 Globals.os_level = 20;
776 Globals.local_master = true;
777 Globals._domain_master = Auto; /* depending on _domain_logons */
778 Globals._domain_logons = false;
779 Globals.browse_list = true;
780 Globals.we_are_a_wins_server = false;
781 Globals.wins_proxy = false;
783 TALLOC_FREE(Globals.init_logon_delayed_hosts);
784 Globals.init_logon_delay = 100; /* 100 ms default delay */
786 Globals.wins_dns_proxy = true;
788 Globals.allow_trusted_domains = true;
789 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
791 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
792 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
794 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
795 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
796 dyn_WINBINDD_SOCKET_DIR);
798 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
799 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
801 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
803 Globals.cluster_addresses = NULL;
804 Globals.clustering = false;
805 Globals.ctdb_timeout = 0;
806 Globals.ctdb_locktime_warn_threshold = 0;
808 Globals.winbind_cache_time = 300; /* 5 minutes */
809 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
810 Globals.winbind_request_timeout = 60; /* 60 seconds */
811 Globals.winbind_max_clients = 200;
812 Globals.winbind_enum_users = false;
813 Globals.winbind_enum_groups = false;
814 Globals.winbind_use_default_domain = false;
815 Globals.winbind_nested_groups = true;
816 Globals.winbind_expand_groups = 0;
817 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
818 Globals.winbind_refresh_tickets = false;
819 Globals.winbind_offline_logon = false;
820 Globals.winbind_scan_trusted_domains = false;
822 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
823 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
825 Globals.passdb_expand_explicit = false;
827 Globals.name_cache_timeout = 660; /* In seconds */
829 Globals.client_use_spnego = true;
831 Globals.client_signing = SMB_SIGNING_DEFAULT;
832 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
833 Globals.server_signing = SMB_SIGNING_DEFAULT;
835 Globals.defer_sharing_violations = true;
836 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
838 Globals.enable_privileges = true;
839 Globals.host_msdfs = true;
840 Globals.enable_asu_support = false;
842 /* User defined shares. */
843 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
845 smb_panic("init_globals: ENOMEM");
847 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
849 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
850 Globals.usershare_max_shares = 0;
851 /* By default disallow sharing of directories not owned by the sharer. */
852 Globals.usershare_owner_only = true;
853 /* By default disallow guest access to usershares. */
854 Globals.usershare_allow_guests = false;
856 Globals.keepalive = DEFAULT_KEEPALIVE;
858 /* By default no shares out of the registry */
859 Globals.registry_shares = false;
861 Globals.min_receivefile_size = 0;
863 Globals.multicast_dns_register = true;
865 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
866 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
867 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
868 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
869 Globals.smb2_leases = true;
871 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
872 get_dyn_NCALRPCDIR());
874 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
876 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
878 Globals.tls_enabled = true;
879 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
881 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
882 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
883 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
884 lpcfg_string_set(Globals.ctx,
885 &Globals.tls_priority,
886 "NORMAL:-VERS-SSL3.0");
888 Globals._preferred_master = Auto;
890 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
891 Globals.dns_zone_scavenging = false;
893 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
894 get_dyn_NTP_SIGND_SOCKET_DIR());
896 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
898 smb_panic("init_globals: ENOMEM");
900 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
904 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
907 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
909 smb_panic("init_globals: ENOMEM");
911 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
914 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
916 smb_panic("init_globals: ENOMEM");
918 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
921 Globals.apply_group_policies = false;
923 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
925 smb_panic("init_globals: ENOMEM");
927 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
930 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
932 Globals.cldap_port = 389;
934 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
936 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
938 Globals.krb5_port = 88;
940 Globals.kpasswd_port = 464;
942 Globals.aio_max_threads = 100;
944 lpcfg_string_set(Globals.ctx,
945 &Globals.rpc_server_dynamic_port_range,
947 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
948 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
949 Globals.prefork_children = 4;
950 Globals.prefork_backoff_increment = 10;
951 Globals.prefork_maximum_backoff = 120;
953 Globals.ldap_max_anonymous_request_size = 256000;
954 Globals.ldap_max_authenticated_request_size = 16777216;
955 Globals.ldap_max_search_request_size = 256000;
957 /* Async DNS query timeout (in seconds). */
958 Globals.async_dns_timeout = 10;
960 Globals.client_smb_encrypt = SMB_ENCRYPTION_DEFAULT;
962 Globals._client_use_kerberos = CRED_USE_KERBEROS_DESIRED;
964 Globals.client_protection = CRED_CLIENT_PROTECTION_DEFAULT;
966 Globals.winbind_use_krb5_enterprise_principals = true;
968 /* Now put back the settings that were set with lp_set_cmdline() */
969 apply_lp_set_cmdline();
972 /* Convenience routine to setup an lp_context with additional s3 variables */
973 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
975 struct loadparm_context *lp_ctx;
977 lp_ctx = loadparm_init_s3(mem_ctx,
978 loadparm_s3_helpers());
979 if (lp_ctx == NULL) {
980 DEBUG(0, ("loadparm_init_s3 failed\n"));
984 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
985 if (lp_ctx->sDefault == NULL) {
986 DBG_ERR("talloc_zero failed\n");
991 *lp_ctx->sDefault = _sDefault;
992 lp_ctx->services = NULL; /* We do not want to access this directly */
993 lp_ctx->bInGlobalSection = bInGlobalSection;
994 lp_ctx->flags = flags_list;
999 /*******************************************************************
1000 Convenience routine to grab string parameters into talloced memory
1001 and run standard_sub_basic on them. The buffers can be written to by
1002 callers without affecting the source string.
1003 ********************************************************************/
1005 static char *loadparm_s3_global_substitution_fn(
1006 TALLOC_CTX *mem_ctx,
1007 const struct loadparm_substitution *lp_sub,
1013 /* The follow debug is useful for tracking down memory problems
1014 especially if you have an inner loop that is calling a lp_*()
1015 function that returns a string. Perhaps this debug should be
1016 present all the time? */
1019 DEBUG(10, ("lp_string(%s)\n", s));
1025 ret = talloc_sub_basic(mem_ctx,
1026 get_current_username(),
1027 current_user_info.domain,
1029 if (trim_char(ret, '\"', '\"')) {
1030 if (strchr(ret,'\"') != NULL) {
1032 ret = talloc_sub_basic(mem_ctx,
1033 get_current_username(),
1034 current_user_info.domain,
1041 static const struct loadparm_substitution s3_global_substitution = {
1042 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1045 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1047 return &s3_global_substitution;
1051 In this section all the functions that are used to access the
1052 parameters from the rest of the program are defined
1055 #define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
1056 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
1057 {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
1058 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1059 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1060 #define FN_GLOBAL_LIST(fn_name,ptr) \
1061 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1062 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1063 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1064 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1065 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1066 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1067 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1069 #define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
1070 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
1071 {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1072 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1073 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1074 #define FN_LOCAL_LIST(fn_name,val) \
1075 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1076 #define FN_LOCAL_BOOL(fn_name,val) \
1077 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1078 #define FN_LOCAL_INTEGER(fn_name,val) \
1079 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1081 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1082 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1083 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1084 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1085 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1086 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1088 int lp_winbind_max_domain_connections(void)
1090 if (lp_winbind_offline_logon() &&
1091 lp__winbind_max_domain_connections() > 1) {
1092 DEBUG(1, ("offline logons active, restricting max domain "
1093 "connections to 1\n"));
1096 return MAX(1, lp__winbind_max_domain_connections());
1099 /* These functions remain in source3/param for now */
1101 #include "lib/param/param_functions.c"
1103 FN_LOCAL_SUBSTITUTED_STRING(servicename, szService)
1104 FN_LOCAL_CONST_STRING(const_servicename, szService)
1106 /* These functions cannot be auto-generated */
1107 FN_LOCAL_BOOL(autoloaded, autoloaded)
1108 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1110 /* local prototypes */
1112 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1113 static const char *get_boolean(bool bool_value);
1114 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1116 static bool hash_a_service(const char *name, int number);
1117 static void free_service_byindex(int iService);
1118 static void show_parameter(int parmIndex);
1119 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1120 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1123 * This is a helper function for parametrical options support. It returns a
1124 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1125 * parametrical functions are quite simple
1127 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1130 if (snum >= iNumServices) return NULL;
1133 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1135 return get_parametric_helper(ServicePtrs[snum],
1136 type, option, Globals.param_opt);
1140 static void discard_whitespace(char *str)
1142 size_t len = strlen(str);
1146 if (isspace(str[i])) {
1147 memmove(&str[i], &str[i+1], len-i);
1156 * @brief Go through all global parametric parameters
1158 * @param regex_str A regular expression to scan param for
1159 * @param max_matches Max number of submatches the regexp expects
1160 * @param cb Function to call on match. Should return true
1161 * when it wants wi_scan_global_parametrics to stop
1163 * @param private_data Anonymous pointer passed to cb
1165 * @return 0: success, regcomp/regexec return value on error.
1166 * See "man regexec" for possible errors
1169 int lp_wi_scan_global_parametrics(
1170 const char *regex_str, size_t max_matches,
1171 bool (*cb)(const char *string, regmatch_t matches[],
1172 void *private_data),
1175 struct parmlist_entry *data;
1179 ret = regcomp(®ex, regex_str, REG_ICASE);
1184 for (data = Globals.param_opt; data != NULL; data = data->next) {
1185 size_t keylen = strlen(data->key);
1187 regmatch_t matches[max_matches];
1190 memcpy(key, data->key, sizeof(key));
1191 discard_whitespace(key);
1193 ret = regexec(®ex, key, max_matches, matches, 0);
1194 if (ret == REG_NOMATCH) {
1201 stop = cb(key, matches, private_data);
1214 #define MISSING_PARAMETER(name) \
1215 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1217 /*******************************************************************
1218 convenience routine to return enum parameters.
1219 ********************************************************************/
1220 static int lp_enum(const char *s,const struct enum_list *_enum)
1224 if (!s || !*s || !_enum) {
1225 MISSING_PARAMETER(lp_enum);
1229 for (i=0; _enum[i].name; i++) {
1230 if (strequal(_enum[i].name,s))
1231 return _enum[i].value;
1234 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1238 #undef MISSING_PARAMETER
1240 /* Return parametric option from a given service. Type is a part of option before ':' */
1241 /* Parametric option has following syntax: 'Type: option = value' */
1242 char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
1243 const struct loadparm_substitution *lp_sub,
1249 struct parmlist_entry *data = get_parametrics(snum, type, option);
1251 SMB_ASSERT(lp_sub != NULL);
1253 if (data == NULL||data->value==NULL) {
1255 return lpcfg_substituted_string(mem_ctx, lp_sub, def);
1261 return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
1264 /* Return parametric option from a given service. Type is a part of option before ':' */
1265 /* Parametric option has following syntax: 'Type: option = value' */
1266 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1268 struct parmlist_entry *data = get_parametrics(snum, type, option);
1270 if (data == NULL||data->value==NULL)
1277 /* Return parametric option from a given service. Type is a part of option before ':' */
1278 /* Parametric option has following syntax: 'Type: option = value' */
1280 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1282 struct parmlist_entry *data = get_parametrics(snum, type, option);
1284 if (data == NULL||data->value==NULL)
1285 return (const char **)def;
1287 if (data->list==NULL) {
1288 data->list = str_list_make_v3(NULL, data->value, NULL);
1291 return discard_const_p(const char *, data->list);
1294 /* Return parametric option from a given service. Type is a part of option before ':' */
1295 /* Parametric option has following syntax: 'Type: option = value' */
1297 int lp_parm_int(int snum, const char *type, const char *option, int def)
1299 struct parmlist_entry *data = get_parametrics(snum, type, option);
1301 if (data && data->value && *data->value)
1302 return lp_int(data->value);
1307 /* Return parametric option from a given service. Type is a part of option before ':' */
1308 /* Parametric option has following syntax: 'Type: option = value' */
1310 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1312 struct parmlist_entry *data = get_parametrics(snum, type, option);
1314 if (data && data->value && *data->value)
1315 return lp_ulong(data->value);
1320 /* Return parametric option from a given service. Type is a part of option before ':' */
1321 /* Parametric option has following syntax: 'Type: option = value' */
1323 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1324 const char *option, unsigned long long def)
1326 struct parmlist_entry *data = get_parametrics(snum, type, option);
1328 if (data && data->value && *data->value) {
1329 return lp_ulonglong(data->value);
1335 /* Return parametric option from a given service. Type is a part of option
1337 /* Parametric option has following syntax: 'Type: option = value' */
1339 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1341 struct parmlist_entry *data = get_parametrics(snum, type, option);
1343 if (data && data->value && *data->value)
1344 return lp_bool(data->value);
1349 /* Return parametric option from a given service. Type is a part of option before ':' */
1350 /* Parametric option has following syntax: 'Type: option = value' */
1352 int lp_parm_enum(int snum, const char *type, const char *option,
1353 const struct enum_list *_enum, int def)
1355 struct parmlist_entry *data = get_parametrics(snum, type, option);
1357 if (data && data->value && *data->value && _enum)
1358 return lp_enum(data->value, _enum);
1364 * free a param_opts structure.
1365 * param_opts handling should be moved to talloc;
1366 * then this whole functions reduces to a TALLOC_FREE().
1369 static void free_param_opts(struct parmlist_entry **popts)
1371 struct parmlist_entry *opt, *next_opt;
1373 if (*popts != NULL) {
1374 DEBUG(5, ("Freeing parametrics:\n"));
1377 while (opt != NULL) {
1378 lpcfg_string_free(&opt->key);
1379 lpcfg_string_free(&opt->value);
1380 TALLOC_FREE(opt->list);
1381 next_opt = opt->next;
1388 /***************************************************************************
1389 Free the dynamically allocated parts of a service struct.
1390 ***************************************************************************/
1392 static void free_service(struct loadparm_service *pservice)
1397 if (pservice->szService)
1398 DEBUG(5, ("free_service: Freeing service %s\n",
1399 pservice->szService));
1401 free_parameters(pservice);
1403 lpcfg_string_free(&pservice->szService);
1404 TALLOC_FREE(pservice->copymap);
1406 free_param_opts(&pservice->param_opt);
1408 ZERO_STRUCTP(pservice);
1412 /***************************************************************************
1413 remove a service indexed in the ServicePtrs array from the ServiceHash
1414 and free the dynamically allocated parts
1415 ***************************************************************************/
1417 static void free_service_byindex(int idx)
1419 if ( !LP_SNUM_OK(idx) )
1422 ServicePtrs[idx]->valid = false;
1424 /* we have to cleanup the hash record */
1426 if (ServicePtrs[idx]->szService) {
1427 char *canon_name = canonicalize_servicename(
1429 ServicePtrs[idx]->szService );
1431 dbwrap_delete_bystring(ServiceHash, canon_name );
1432 TALLOC_FREE(canon_name);
1435 free_service(ServicePtrs[idx]);
1436 TALLOC_FREE(ServicePtrs[idx]);
1439 /***************************************************************************
1440 Add a new service to the services array initialising it with the given
1442 ***************************************************************************/
1444 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1447 struct loadparm_service **tsp = NULL;
1449 /* it might already exist */
1451 i = getservicebyname(name, NULL);
1457 /* Re use empty slots if any before allocating new one.*/
1458 for (i=0; i < iNumServices; i++) {
1459 if (ServicePtrs[i] == NULL) {
1463 if (i == iNumServices) {
1464 /* if not, then create one */
1465 tsp = talloc_realloc(NULL, ServicePtrs,
1466 struct loadparm_service *,
1469 DEBUG(0, ("add_a_service: failed to enlarge "
1476 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1477 if (!ServicePtrs[i]) {
1478 DEBUG(0,("add_a_service: out of memory!\n"));
1482 ServicePtrs[i]->valid = true;
1484 copy_service(ServicePtrs[i], pservice, NULL);
1486 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1489 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1490 i, ServicePtrs[i]->szService));
1492 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1499 /***************************************************************************
1500 Convert a string to uppercase and remove whitespaces.
1501 ***************************************************************************/
1503 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1508 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1512 result = talloc_strdup(ctx, src);
1513 SMB_ASSERT(result != NULL);
1515 if (!strlower_m(result)) {
1516 TALLOC_FREE(result);
1522 /***************************************************************************
1523 Add a name/index pair for the services array to the hash table.
1524 ***************************************************************************/
1526 static bool hash_a_service(const char *name, int idx)
1530 if ( !ServiceHash ) {
1531 DEBUG(10,("hash_a_service: creating servicehash\n"));
1532 ServiceHash = db_open_rbt(NULL);
1533 if ( !ServiceHash ) {
1534 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1539 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1542 canon_name = canonicalize_servicename(talloc_tos(), name );
1544 dbwrap_store_bystring(ServiceHash, canon_name,
1545 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1548 TALLOC_FREE(canon_name);
1553 /***************************************************************************
1554 Add a new home service, with the specified home directory, defaults coming
1556 ***************************************************************************/
1558 bool lp_add_home(const char *pszHomename, int iDefaultService,
1559 const char *user, const char *pszHomedir)
1561 const struct loadparm_substitution *lp_sub =
1562 loadparm_s3_global_substitution();
1566 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1567 pszHomedir[0] == '\0') {
1571 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1576 global_path = lp_path(talloc_tos(), lp_sub, GLOBAL_SECTION_SNUM);
1577 if (!(*(ServicePtrs[iDefaultService]->path))
1578 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1579 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1582 TALLOC_FREE(global_path);
1584 if (!(*(ServicePtrs[i]->comment))) {
1585 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1586 if (comment == NULL) {
1589 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1591 TALLOC_FREE(comment);
1594 /* set the browseable flag from the global default */
1596 ServicePtrs[i]->browseable = sDefault.browseable;
1597 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1599 ServicePtrs[i]->autoloaded = true;
1601 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1602 user, ServicePtrs[i]->path ));
1607 /***************************************************************************
1608 Add a new service, based on an old one.
1609 ***************************************************************************/
1611 int lp_add_service(const char *pszService, int iDefaultService)
1613 if (iDefaultService < 0) {
1614 return add_a_service(&sDefault, pszService);
1617 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1620 /***************************************************************************
1621 Add the IPC service.
1622 ***************************************************************************/
1624 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1626 char *comment = NULL;
1627 int i = add_a_service(&sDefault, ipc_name);
1632 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1633 Globals.server_string);
1634 if (comment == NULL) {
1638 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1639 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1640 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1641 ServicePtrs[i]->max_connections = 0;
1642 ServicePtrs[i]->available = true;
1643 ServicePtrs[i]->read_only = true;
1644 ServicePtrs[i]->guest_only = false;
1645 ServicePtrs[i]->administrative_share = true;
1646 ServicePtrs[i]->guest_ok = guest_ok;
1647 ServicePtrs[i]->printable = false;
1648 ServicePtrs[i]->browseable = sDefault.browseable;
1649 ServicePtrs[i]->autoloaded = false;
1651 DEBUG(3, ("adding IPC service\n"));
1653 TALLOC_FREE(comment);
1657 /***************************************************************************
1658 Add a new printer service, with defaults coming from service iFrom.
1659 ***************************************************************************/
1661 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1663 const char *comment = "From Printcap";
1664 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1669 /* note that we do NOT default the availability flag to true - */
1670 /* we take it from the default service passed. This allows all */
1671 /* dynamic printers to be disabled by disabling the [printers] */
1672 /* entry (if/when the 'available' keyword is implemented!). */
1674 /* the printer name is set to the service name. */
1675 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1677 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1679 /* set the browseable flag from the gloabl default */
1680 ServicePtrs[i]->browseable = sDefault.browseable;
1682 /* Printers cannot be read_only. */
1683 ServicePtrs[i]->read_only = false;
1684 /* No oplocks on printer services. */
1685 ServicePtrs[i]->oplocks = false;
1686 /* Printer services must be printable. */
1687 ServicePtrs[i]->printable = true;
1689 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1695 /***************************************************************************
1696 Check whether the given parameter name is valid.
1697 Parametric options (names containing a colon) are considered valid.
1698 ***************************************************************************/
1700 bool lp_parameter_is_valid(const char *pszParmName)
1702 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1703 (strchr(pszParmName, ':') != NULL));
1706 /***************************************************************************
1707 Check whether the given name is the name of a global parameter.
1708 Returns true for strings belonging to parameters of class
1709 P_GLOBAL, false for all other strings, also for parametric options
1710 and strings not belonging to any option.
1711 ***************************************************************************/
1713 bool lp_parameter_is_global(const char *pszParmName)
1715 int num = lpcfg_map_parameter(pszParmName);
1718 return (parm_table[num].p_class == P_GLOBAL);
1724 /**************************************************************************
1725 Determine the canonical name for a parameter.
1726 Indicate when it is an inverse (boolean) synonym instead of a
1728 **************************************************************************/
1730 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1735 if (!lp_parameter_is_valid(parm_name)) {
1740 num = map_parameter_canonical(parm_name, inverse);
1742 /* parametric option */
1743 *canon_parm = parm_name;
1745 *canon_parm = parm_table[num].label;
1752 /**************************************************************************
1753 Determine the canonical name for a parameter.
1754 Turn the value given into the inverse boolean expression when
1755 the synonym is an invers boolean synonym.
1758 - parm_name is a valid parameter name and
1759 - val is a valid value for this parameter and
1760 - in case the parameter is an inverse boolean synonym, if the val
1761 string could successfully be converted to the reverse bool.
1762 Return false in all other cases.
1763 **************************************************************************/
1765 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1767 const char **canon_parm,
1768 const char **canon_val)
1774 if (!lp_parameter_is_valid(parm_name)) {
1780 num = map_parameter_canonical(parm_name, &inverse);
1782 /* parametric option */
1783 *canon_parm = parm_name;
1788 *canon_parm = parm_table[num].label;
1790 if (!lp_invert_boolean(val, canon_val)) {
1798 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1803 /***************************************************************************
1804 Map a parameter's string representation to the index of the canonical
1805 form of the parameter (it might be a synonym).
1806 Returns -1 if the parameter string is not recognised.
1807 ***************************************************************************/
1809 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1811 int parm_num, canon_num;
1812 bool loc_inverse = false;
1814 parm_num = lpcfg_map_parameter(pszParmName);
1815 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1816 /* invalid, parametric or no canidate for synonyms ... */
1820 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1821 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1822 parm_num = canon_num;
1828 if (inverse != NULL) {
1829 *inverse = loc_inverse;
1834 /***************************************************************************
1835 return true if parameter number parm1 is a synonym of parameter
1836 number parm2 (parm2 being the principal name).
1837 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1839 ***************************************************************************/
1841 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1843 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1844 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1845 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1846 !(parm_table[parm2].flags & FLAG_SYNONYM))
1848 if (inverse != NULL) {
1849 if ((parm_table[parm1].type == P_BOOLREV) &&
1850 (parm_table[parm2].type == P_BOOL))
1862 /***************************************************************************
1863 Show one parameter's name, type, [values,] and flags.
1864 (helper functions for show_parameter_list)
1865 ***************************************************************************/
1867 static void show_parameter(int parmIndex)
1869 size_t enumIndex, flagIndex;
1874 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1875 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1876 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1877 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1878 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1880 printf("%s=%s", parm_table[parmIndex].label,
1881 type[parm_table[parmIndex].type]);
1882 if (parm_table[parmIndex].type == P_ENUM) {
1885 parm_table[parmIndex].enum_list[enumIndex].name;
1889 enumIndex ? "|" : "",
1890 parm_table[parmIndex].enum_list[enumIndex].name);
1895 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1896 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1899 flag_names[flagIndex]);
1904 /* output synonyms */
1906 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1907 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1908 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1909 parm_table[parmIndex2].label);
1910 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1912 printf(" (synonyms: ");
1917 printf("%s%s", parm_table[parmIndex2].label,
1918 inverse ? "[i]" : "");
1929 * Check the value for a P_ENUM
1931 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1935 for (i = 0; parm->enum_list[i].name; i++) {
1936 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1943 /**************************************************************************
1944 Check whether the given value is valid for the given parameter name.
1945 **************************************************************************/
1947 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1949 bool ret = false, tmp_bool;
1950 int num = lpcfg_map_parameter(parm_name), tmp_int;
1951 uint64_t tmp_int64 = 0;
1952 struct parm_struct *parm;
1954 /* parametric options (parameter names containing a colon) cannot
1955 be checked and are therefore considered valid. */
1956 if (strchr(parm_name, ':') != NULL) {
1961 parm = &parm_table[num];
1962 switch (parm->type) {
1965 ret = set_boolean(val, &tmp_bool);
1969 ret = (sscanf(val, "%d", &tmp_int) == 1);
1973 ret = (sscanf(val, "%o", &tmp_int) == 1);
1977 ret = check_enum_parameter(parm, val);
1981 if (conv_str_size_error(val, &tmp_int64) &&
1982 tmp_int64 <= INT_MAX) {
1999 /***************************************************************************
2000 Show all parameter's name, type, [values,] and flags.
2001 ***************************************************************************/
2003 void show_parameter_list(void)
2005 int classIndex, parmIndex;
2006 const char *section_names[] = { "local", "global", NULL};
2008 for (classIndex=0; section_names[classIndex]; classIndex++) {
2009 printf("[%s]\n", section_names[classIndex]);
2010 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
2011 if (parm_table[parmIndex].p_class == classIndex) {
2012 show_parameter(parmIndex);
2018 /***************************************************************************
2019 Get the standard string representation of a boolean value ("yes" or "no")
2020 ***************************************************************************/
2022 static const char *get_boolean(bool bool_value)
2024 static const char *yes_str = "yes";
2025 static const char *no_str = "no";
2027 return (bool_value ? yes_str : no_str);
2030 /***************************************************************************
2031 Provide the string of the negated boolean value associated to the boolean
2032 given as a string. Returns false if the passed string does not correctly
2033 represent a boolean.
2034 ***************************************************************************/
2036 bool lp_invert_boolean(const char *str, const char **inverse_str)
2040 if (!set_boolean(str, &val)) {
2044 *inverse_str = get_boolean(!val);
2048 /***************************************************************************
2049 Provide the canonical string representation of a boolean value given
2050 as a string. Return true on success, false if the string given does
2051 not correctly represent a boolean.
2052 ***************************************************************************/
2054 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2058 if (!set_boolean(str, &val)) {
2062 *canon_str = get_boolean(val);
2066 /***************************************************************************
2067 Find a service by name. Otherwise works like get_service.
2068 ***************************************************************************/
2070 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2077 if (ServiceHash == NULL) {
2081 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2083 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2086 if (NT_STATUS_IS_OK(status) &&
2087 (data.dptr != NULL) &&
2088 (data.dsize == sizeof(iService)))
2090 memcpy(&iService, data.dptr, sizeof(iService));
2093 TALLOC_FREE(canon_name);
2095 if ((iService != -1) && (LP_SNUM_OK(iService))
2096 && (pserviceDest != NULL)) {
2097 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2103 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2104 struct loadparm_service *lp_service(const char *pszServiceName)
2106 int iService = getservicebyname(pszServiceName, NULL);
2107 if (iService == -1 || !LP_SNUM_OK(iService)) {
2110 return ServicePtrs[iService];
2113 struct loadparm_service *lp_servicebynum(int snum)
2115 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2118 return ServicePtrs[snum];
2121 struct loadparm_service *lp_default_loadparm_service()
2126 static struct smbconf_ctx *lp_smbconf_ctx(void)
2129 static struct smbconf_ctx *conf_ctx = NULL;
2131 if (conf_ctx == NULL) {
2132 err = smbconf_init(NULL, &conf_ctx, "registry:");
2133 if (!SBC_ERROR_IS_OK(err)) {
2134 DEBUG(1, ("error initializing registry configuration: "
2135 "%s\n", sbcErrorString(err)));
2143 static bool process_smbconf_service(struct smbconf_service *service)
2148 if (service == NULL) {
2152 ret = lp_do_section(service->name, NULL);
2156 for (count = 0; count < service->num_params; count++) {
2158 if (!bInGlobalSection && bGlobalOnly) {
2161 const char *pszParmName = service->param_names[count];
2162 const char *pszParmValue = service->param_values[count];
2164 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2166 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2167 pszParmName, pszParmValue);
2174 if (iServiceIndex >= 0) {
2175 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2181 * load a service from registry and activate it
2183 bool process_registry_service(const char *service_name)
2186 struct smbconf_service *service = NULL;
2187 TALLOC_CTX *mem_ctx = talloc_stackframe();
2188 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2191 if (conf_ctx == NULL) {
2195 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2197 if (!smbconf_share_exists(conf_ctx, service_name)) {
2199 * Registry does not contain data for this service (yet),
2200 * but make sure lp_load doesn't return false.
2206 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2207 if (!SBC_ERROR_IS_OK(err)) {
2211 ret = process_smbconf_service(service);
2217 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2220 TALLOC_FREE(mem_ctx);
2225 * process_registry_globals
2227 static bool process_registry_globals(void)
2231 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2233 if (!bInGlobalSection && bGlobalOnly) {
2236 const char *pszParmName = "registry shares";
2237 const char *pszParmValue = "yes";
2239 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2241 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2242 pszParmName, pszParmValue);
2249 return process_registry_service(GLOBAL_NAME);
2252 bool process_registry_shares(void)
2256 struct smbconf_service **service = NULL;
2257 uint32_t num_shares = 0;
2258 TALLOC_CTX *mem_ctx = talloc_stackframe();
2259 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2262 if (conf_ctx == NULL) {
2266 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2267 if (!SBC_ERROR_IS_OK(err)) {
2273 for (count = 0; count < num_shares; count++) {
2274 if (strequal(service[count]->name, GLOBAL_NAME)) {
2277 ret = process_smbconf_service(service[count]);
2284 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2287 TALLOC_FREE(mem_ctx);
2292 * reload those shares from registry that are already
2293 * activated in the services array.
2295 static bool reload_registry_shares(void)
2300 for (i = 0; i < iNumServices; i++) {
2305 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2309 ret = process_registry_service(ServicePtrs[i]->szService);
2320 #define MAX_INCLUDE_DEPTH 100
2322 static uint8_t include_depth;
2325 * Free the file lists
2327 static void free_file_list(void)
2329 struct file_lists *f;
2330 struct file_lists *next;
2343 * Utility function for outsiders to check if we're running on registry.
2345 bool lp_config_backend_is_registry(void)
2347 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2351 * Utility function to check if the config backend is FILE.
2353 bool lp_config_backend_is_file(void)
2355 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2358 /*******************************************************************
2359 Check if a config file has changed date.
2360 ********************************************************************/
2362 bool lp_file_list_changed(void)
2364 struct file_lists *f = file_lists;
2366 DEBUG(6, ("lp_file_list_changed()\n"));
2369 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2370 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2372 if (conf_ctx == NULL) {
2375 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2378 DEBUGADD(6, ("registry config changed\n"));
2385 n2 = talloc_sub_basic(talloc_tos(),
2386 get_current_username(),
2387 current_user_info.domain,
2392 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2393 f->name, n2, ctime(&f->modtime)));
2395 mod_time = file_modtime(n2);
2398 ((f->modtime != mod_time) ||
2399 (f->subfname == NULL) ||
2400 (strcmp(n2, f->subfname) != 0)))
2403 ("file %s modified: %s\n", n2,
2405 f->modtime = mod_time;
2406 TALLOC_FREE(f->subfname);
2407 f->subfname = talloc_strdup(f, n2);
2408 if (f->subfname == NULL) {
2409 smb_panic("talloc_strdup failed");
2423 * Initialize iconv conversion descriptors.
2425 * This is called the first time it is needed, and also called again
2426 * every time the configuration is reloaded, because the charset or
2427 * codepage might have changed.
2429 static void init_iconv(void)
2431 struct smb_iconv_handle *ret = NULL;
2433 ret = reinit_iconv_handle(NULL,
2437 smb_panic("reinit_iconv_handle failed");
2441 /***************************************************************************
2442 Handle the include operation.
2443 ***************************************************************************/
2444 static bool bAllowIncludeRegistry = true;
2446 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2447 const char *pszParmValue, char **ptr)
2451 if (include_depth >= MAX_INCLUDE_DEPTH) {
2452 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2457 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2458 if (!bAllowIncludeRegistry) {
2461 if (lp_ctx->bInGlobalSection) {
2464 ret = process_registry_globals();
2468 DEBUG(1, ("\"include = registry\" only effective "
2469 "in %s section\n", GLOBAL_NAME));
2474 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2475 current_user_info.domain,
2478 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2480 if (service == NULL) {
2481 lpcfg_string_set(Globals.ctx, ptr, fname);
2483 lpcfg_string_set(service, ptr, fname);
2486 if (file_exist(fname)) {
2489 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2495 DEBUG(2, ("Can't find include file %s\n", fname));
2500 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2502 char *config_option = NULL;
2503 const char *range = NULL;
2506 SMB_ASSERT(low != NULL);
2507 SMB_ASSERT(high != NULL);
2509 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2513 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2515 if (config_option == NULL) {
2516 DEBUG(0, ("out of memory\n"));
2520 range = lp_parm_const_string(-1, config_option, "range", NULL);
2521 if (range == NULL) {
2522 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2526 if (sscanf(range, "%u - %u", low, high) != 2) {
2527 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2528 range, domain_name));
2535 talloc_free(config_option);
2540 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2542 return lp_idmap_range("*", low, high);
2545 const char *lp_idmap_backend(const char *domain_name)
2547 char *config_option = NULL;
2548 const char *backend = NULL;
2550 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2554 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2556 if (config_option == NULL) {
2557 DEBUG(0, ("out of memory\n"));
2561 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2562 if (backend == NULL) {
2563 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2568 talloc_free(config_option);
2572 const char *lp_idmap_default_backend(void)
2574 return lp_idmap_backend("*");
2577 /***************************************************************************
2578 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2579 ***************************************************************************/
2581 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2583 const char *suffix_string;
2585 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2586 Globals.ldap_suffix );
2587 if ( !suffix_string ) {
2588 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2592 return suffix_string;
2595 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2597 if (Globals._ldap_machine_suffix[0])
2598 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2600 return talloc_strdup(ctx, Globals.ldap_suffix);
2603 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2605 if (Globals._ldap_user_suffix[0])
2606 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2608 return talloc_strdup(ctx, Globals.ldap_suffix);
2611 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2613 if (Globals._ldap_group_suffix[0])
2614 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2616 return talloc_strdup(ctx, Globals.ldap_suffix);
2619 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2621 if (Globals._ldap_idmap_suffix[0])
2622 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2624 return talloc_strdup(ctx, Globals.ldap_suffix);
2628 return the parameter pointer for a parameter
2630 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2632 if (service == NULL) {
2633 if (parm->p_class == P_LOCAL)
2634 return (void *)(((char *)&sDefault)+parm->offset);
2635 else if (parm->p_class == P_GLOBAL)
2636 return (void *)(((char *)&Globals)+parm->offset);
2639 return (void *)(((char *)service) + parm->offset);
2643 /***************************************************************************
2644 Process a parameter for a particular service number. If snum < 0
2645 then assume we are in the globals.
2646 ***************************************************************************/
2648 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2650 TALLOC_CTX *frame = talloc_stackframe();
2651 struct loadparm_context *lp_ctx;
2654 lp_ctx = setup_lp_context(frame);
2655 if (lp_ctx == NULL) {
2661 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2663 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2664 pszParmName, pszParmValue);
2672 /***************************************************************************
2673 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2674 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2675 ***************************************************************************/
2677 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2680 parmnum = lpcfg_map_parameter(pszParmName);
2682 flags_list[parmnum] &= ~FLAG_CMDLINE;
2683 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2686 flags_list[parmnum] |= FLAG_CMDLINE;
2688 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2689 * be grouped in the table, so we don't have to search the
2692 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2693 && parm_table[i].p_class == parm_table[parmnum].p_class;
2695 flags_list[i] |= FLAG_CMDLINE;
2697 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2698 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2699 flags_list[i] |= FLAG_CMDLINE;
2705 /* it might be parametric */
2706 if (strchr(pszParmName, ':') != NULL) {
2707 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2711 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2715 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2718 TALLOC_CTX *frame = talloc_stackframe();
2719 struct loadparm_context *lp_ctx;
2721 lp_ctx = setup_lp_context(frame);
2722 if (lp_ctx == NULL) {
2727 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2733 /***************************************************************************
2734 Process a parameter.
2735 ***************************************************************************/
2737 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2740 if (!bInGlobalSection && bGlobalOnly)
2743 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2745 if (bInGlobalSection) {
2746 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2748 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2749 pszParmName, pszParmValue);
2754 static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
2757 * check that @vfs_objects includes all vfs modules required by an AD DC.
2759 static bool check_ad_dc_required_mods(const char **vfs_objects)
2765 for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
2767 for (j = 0; vfs_objects[j] != NULL; j++) {
2768 if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
2774 DEBUG(0, ("vfs objects specified without required AD "
2775 "DC module: %s\n", ad_dc_req_vfs_mods[i]));
2780 DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
2785 /***************************************************************************
2786 Initialize any local variables in the sDefault table, after parsing a
2788 ***************************************************************************/
2790 static void init_locals(void)
2793 * We run this check once the [globals] is parsed, to force
2794 * the VFS objects and other per-share settings we need for
2795 * the standard way a AD DC is operated. We may change these
2796 * as our code evolves, which is why we force these settings.
2798 * We can't do this at the end of lp_load_ex(), as by that
2799 * point the services have been loaded and they will already
2800 * have "" as their vfs objects.
2802 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2803 const char **vfs_objects = lp_vfs_objects(-1);
2804 if (vfs_objects != NULL) {
2805 /* ignore return, only warn if modules are missing */
2806 check_ad_dc_required_mods(vfs_objects);
2808 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2809 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2810 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2811 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2813 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2817 lp_do_parameter(-1, "map hidden", "no");
2818 lp_do_parameter(-1, "map system", "no");
2819 lp_do_parameter(-1, "map readonly", "no");
2820 lp_do_parameter(-1, "map archive", "no");
2821 lp_do_parameter(-1, "store dos attributes", "yes");
2825 /***************************************************************************
2826 Process a new section (service). At this stage all sections are services.
2827 Later we'll have special sections that permit server parameters to be set.
2828 Returns true on success, false on failure.
2829 ***************************************************************************/
2831 bool lp_do_section(const char *pszSectionName, void *userdata)
2833 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2835 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2836 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2838 /* if we were in a global section then do the local inits */
2839 if (bInGlobalSection && !isglobal)
2842 /* if we've just struck a global section, note the fact. */
2843 bInGlobalSection = isglobal;
2844 if (lp_ctx != NULL) {
2845 lp_ctx->bInGlobalSection = isglobal;
2848 /* check for multiple global sections */
2849 if (bInGlobalSection) {
2850 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2854 if (!bInGlobalSection && bGlobalOnly)
2857 /* if we have a current service, tidy it up before moving on */
2860 if (iServiceIndex >= 0)
2861 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2863 /* if all is still well, move to the next record in the services array */
2865 /* We put this here to avoid an odd message order if messages are */
2866 /* issued by the post-processing of a previous section. */
2867 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2869 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2870 if (iServiceIndex < 0) {
2871 DEBUG(0, ("Failed to add a new service\n"));
2874 /* Clean all parametric options for service */
2875 /* They will be added during parsing again */
2876 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2882 /***************************************************************************
2883 Display the contents of a parameter of a single services record.
2884 ***************************************************************************/
2886 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2888 bool result = false;
2889 struct loadparm_context *lp_ctx;
2891 lp_ctx = setup_lp_context(talloc_tos());
2892 if (lp_ctx == NULL) {
2897 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2899 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2901 TALLOC_FREE(lp_ctx);
2906 /***************************************************************************
2907 Display the contents of a single copy structure.
2908 ***************************************************************************/
2909 static void dump_copy_map(bool *pcopymap)
2915 printf("\n\tNon-Copied parameters:\n");
2917 for (i = 0; parm_table[i].label; i++)
2918 if (parm_table[i].p_class == P_LOCAL &&
2919 parm_table[i].ptr && !pcopymap[i] &&
2920 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2922 printf("\t\t%s\n", parm_table[i].label);
2927 /***************************************************************************
2928 Return TRUE if the passed service number is within range.
2929 ***************************************************************************/
2931 bool lp_snum_ok(int iService)
2933 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2936 /***************************************************************************
2937 Auto-load some home services.
2938 ***************************************************************************/
2940 static void lp_add_auto_services(const char *str)
2950 s = talloc_strdup(talloc_tos(), str);
2952 smb_panic("talloc_strdup failed");
2956 homes = lp_servicenumber(HOMES_NAME);
2958 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2959 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2962 if (lp_servicenumber(p) >= 0)
2965 home = get_user_home_dir(talloc_tos(), p);
2967 if (home && home[0] && homes >= 0)
2968 lp_add_home(p, homes, p, home);
2975 /***************************************************************************
2976 Auto-load one printer.
2977 ***************************************************************************/
2979 void lp_add_one_printer(const char *name, const char *comment,
2980 const char *location, void *pdata)
2982 int printers = lp_servicenumber(PRINTERS_NAME);
2985 if (lp_servicenumber(name) < 0) {
2986 lp_add_printer(name, printers);
2987 if ((i = lp_servicenumber(name)) >= 0) {
2988 lpcfg_string_set(ServicePtrs[i],
2989 &ServicePtrs[i]->comment, comment);
2990 ServicePtrs[i]->autoloaded = true;
2995 /***************************************************************************
2996 Have we loaded a services file yet?
2997 ***************************************************************************/
2999 bool lp_loaded(void)
3004 /***************************************************************************
3005 Unload unused services.
3006 ***************************************************************************/
3008 void lp_killunused(struct smbd_server_connection *sconn,
3009 bool (*snumused) (struct smbd_server_connection *, int))
3012 for (i = 0; i < iNumServices; i++) {
3016 /* don't kill autoloaded or usershare services */
3017 if ( ServicePtrs[i]->autoloaded ||
3018 ServicePtrs[i]->usershare == USERSHARE_VALID) {
3022 if (!snumused || !snumused(sconn, i)) {
3023 free_service_byindex(i);
3029 * Kill all except autoloaded and usershare services - convenience wrapper
3031 void lp_kill_all_services(void)
3033 lp_killunused(NULL, NULL);
3036 /***************************************************************************
3038 ***************************************************************************/
3040 void lp_killservice(int iServiceIn)
3042 if (VALID(iServiceIn)) {
3043 free_service_byindex(iServiceIn);
3047 /***************************************************************************
3048 Save the curent values of all global and sDefault parameters into the
3049 defaults union. This allows testparm to show only the
3050 changed (ie. non-default) parameters.
3051 ***************************************************************************/
3053 static void lp_save_defaults(void)
3056 struct parmlist_entry * parm;
3057 for (i = 0; parm_table[i].label; i++) {
3058 if (!(flags_list[i] & FLAG_CMDLINE)) {
3059 flags_list[i] |= FLAG_DEFAULT;
3062 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3063 && parm_table[i].p_class == parm_table[i - 1].p_class)
3065 switch (parm_table[i].type) {
3068 parm_table[i].def.lvalue = str_list_copy(
3069 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3075 &parm_table[i].def.svalue,
3076 *(char **)lp_parm_ptr(
3077 NULL, &parm_table[i]));
3078 if (parm_table[i].def.svalue == NULL) {
3079 smb_panic("lpcfg_string_set() failed");
3084 parm_table[i].def.bvalue =
3085 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3088 parm_table[i].def.cvalue =
3089 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3095 parm_table[i].def.ivalue =
3096 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3101 for (parm=Globals.param_opt; parm; parm=parm->next) {
3102 if (!(parm->priority & FLAG_CMDLINE)) {
3103 parm->priority |= FLAG_DEFAULT;
3107 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3108 if (!(parm->priority & FLAG_CMDLINE)) {
3109 parm->priority |= FLAG_DEFAULT;
3113 defaults_saved = true;
3116 /***********************************************************
3117 If we should send plaintext/LANMAN passwords in the clinet
3118 ************************************************************/
3120 static void set_allowed_client_auth(void)
3122 if (Globals.client_ntlmv2_auth) {
3123 Globals.client_lanman_auth = false;
3125 if (!Globals.client_lanman_auth) {
3126 Globals.client_plaintext_auth = false;
3130 /***************************************************************************
3132 The following code allows smbd to read a user defined share file.
3133 Yes, this is my intent. Yes, I'm comfortable with that...
3135 THE FOLLOWING IS SECURITY CRITICAL CODE.
3137 It washes your clothes, it cleans your house, it guards you while you sleep...
3138 Do not f%^k with it....
3139 ***************************************************************************/
3141 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3143 /***************************************************************************
3144 Check allowed stat state of a usershare file.
3145 Ensure we print out who is dicking with us so the admin can
3146 get their sorry ass fired.
3147 ***************************************************************************/
3149 static bool check_usershare_stat(const char *fname,
3150 const SMB_STRUCT_STAT *psbuf)
3152 if (!S_ISREG(psbuf->st_ex_mode)) {
3153 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3154 "not a regular file\n",
3155 fname, (unsigned int)psbuf->st_ex_uid ));
3159 /* Ensure this doesn't have the other write bit set. */
3160 if (psbuf->st_ex_mode & S_IWOTH) {
3161 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3162 "public write. Refusing to allow as a usershare file.\n",
3163 fname, (unsigned int)psbuf->st_ex_uid ));
3167 /* Should be 10k or less. */
3168 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3169 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3170 "too large (%u) to be a user share file.\n",
3171 fname, (unsigned int)psbuf->st_ex_uid,
3172 (unsigned int)psbuf->st_ex_size ));
3179 /***************************************************************************
3180 Parse the contents of a usershare file.
3181 ***************************************************************************/
3183 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3184 SMB_STRUCT_STAT *psbuf,
3185 const char *servicename,
3189 char **pp_sharepath,
3191 char **pp_cp_servicename,
3192 struct security_descriptor **ppsd,
3195 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3196 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3199 SMB_STRUCT_STAT sbuf;
3200 char *sharepath = NULL;
3201 char *comment = NULL;
3203 *pp_sharepath = NULL;
3206 *pallow_guest = false;
3209 return USERSHARE_MALFORMED_FILE;
3212 if (strcmp(lines[0], "#VERSION 1") == 0) {
3214 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3217 return USERSHARE_MALFORMED_FILE;
3220 return USERSHARE_BAD_VERSION;
3223 if (strncmp(lines[1], "path=", 5) != 0) {
3224 return USERSHARE_MALFORMED_PATH;
3227 sharepath = talloc_strdup(ctx, &lines[1][5]);
3229 return USERSHARE_POSIX_ERR;
3231 trim_string(sharepath, " ", " ");
3233 if (strncmp(lines[2], "comment=", 8) != 0) {
3234 return USERSHARE_MALFORMED_COMMENT_DEF;
3237 comment = talloc_strdup(ctx, &lines[2][8]);
3239 return USERSHARE_POSIX_ERR;
3241 trim_string(comment, " ", " ");
3242 trim_char(comment, '"', '"');
3244 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3245 return USERSHARE_MALFORMED_ACL_DEF;
3248 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3249 return USERSHARE_ACL_ERR;
3253 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3254 return USERSHARE_MALFORMED_ACL_DEF;
3256 if (lines[4][9] == 'y') {
3257 *pallow_guest = true;
3260 /* Backwards compatible extension to file version #2. */
3262 if (strncmp(lines[5], "sharename=", 10) != 0) {
3263 return USERSHARE_MALFORMED_SHARENAME_DEF;
3265 if (!strequal(&lines[5][10], servicename)) {
3266 return USERSHARE_BAD_SHARENAME;
3268 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3269 if (!*pp_cp_servicename) {
3270 return USERSHARE_POSIX_ERR;
3275 if (*pp_cp_servicename == NULL) {
3276 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3277 if (!*pp_cp_servicename) {
3278 return USERSHARE_POSIX_ERR;
3282 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3283 /* Path didn't change, no checks needed. */
3284 *pp_sharepath = sharepath;
3285 *pp_comment = comment;
3286 return USERSHARE_OK;
3289 /* The path *must* be absolute. */
3290 if (sharepath[0] != '/') {
3291 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3292 servicename, sharepath));
3293 return USERSHARE_PATH_NOT_ABSOLUTE;
3296 /* If there is a usershare prefix deny list ensure one of these paths
3297 doesn't match the start of the user given path. */
3298 if (prefixdenylist) {
3300 for ( i=0; prefixdenylist[i]; i++ ) {
3301 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3302 servicename, i, prefixdenylist[i], sharepath ));
3303 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3304 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3305 "usershare prefix deny list entries.\n",
3306 servicename, sharepath));
3307 return USERSHARE_PATH_IS_DENIED;
3312 /* If there is a usershare prefix allow list ensure one of these paths
3313 does match the start of the user given path. */
3315 if (prefixallowlist) {
3317 for ( i=0; prefixallowlist[i]; i++ ) {
3318 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3319 servicename, i, prefixallowlist[i], sharepath ));
3320 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3324 if (prefixallowlist[i] == NULL) {
3325 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3326 "usershare prefix allow list entries.\n",
3327 servicename, sharepath));
3328 return USERSHARE_PATH_NOT_ALLOWED;
3332 /* Ensure this is pointing to a directory. */
3333 dp = opendir(sharepath);
3336 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3337 servicename, sharepath));
3338 return USERSHARE_PATH_NOT_DIRECTORY;
3341 /* Ensure the owner of the usershare file has permission to share
3344 if (sys_stat(sharepath, &sbuf, false) == -1) {
3345 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3346 servicename, sharepath, strerror(errno) ));
3348 return USERSHARE_POSIX_ERR;
3353 if (!S_ISDIR(sbuf.st_ex_mode)) {
3354 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3355 servicename, sharepath ));
3356 return USERSHARE_PATH_NOT_DIRECTORY;
3359 /* Check if sharing is restricted to owner-only. */
3360 /* psbuf is the stat of the usershare definition file,
3361 sbuf is the stat of the target directory to be shared. */
3363 if (lp_usershare_owner_only()) {
3364 /* root can share anything. */
3365 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3366 return USERSHARE_PATH_NOT_ALLOWED;
3370 *pp_sharepath = sharepath;
3371 *pp_comment = comment;
3372 return USERSHARE_OK;
3375 /***************************************************************************
3376 Deal with a usershare file.
3379 -1 - Bad name, invalid contents.
3380 - service name already existed and not a usershare, problem
3381 with permissions to share directory etc.
3382 ***************************************************************************/
3384 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3386 SMB_STRUCT_STAT sbuf;
3387 SMB_STRUCT_STAT lsbuf;
3389 char *sharepath = NULL;
3390 char *comment = NULL;
3391 char *cp_service_name = NULL;
3392 char **lines = NULL;
3396 TALLOC_CTX *ctx = talloc_stackframe();
3397 struct security_descriptor *psd = NULL;
3398 bool guest_ok = false;
3399 char *canon_name = NULL;
3400 bool added_service = false;
3404 /* Ensure share name doesn't contain invalid characters. */
3405 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3406 DEBUG(0,("process_usershare_file: share name %s contains "
3407 "invalid characters (any of %s)\n",
3408 file_name, INVALID_SHARENAME_CHARS ));
3412 canon_name = canonicalize_servicename(ctx, file_name);
3417 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3422 /* Minimize the race condition by doing an lstat before we
3423 open and fstat. Ensure this isn't a symlink link. */
3425 if (sys_lstat(fname, &lsbuf, false) != 0) {
3426 if (errno == ENOENT) {
3427 /* Unknown share requested. Just ignore. */
3430 /* Only log messages for meaningful problems. */
3431 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3432 fname, strerror(errno) ));
3436 /* This must be a regular file, not a symlink, directory or
3437 other strange filetype. */
3438 if (!check_usershare_stat(fname, &lsbuf)) {
3445 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3450 if (NT_STATUS_IS_OK(status) &&
3451 (data.dptr != NULL) &&
3452 (data.dsize == sizeof(iService))) {
3453 memcpy(&iService, data.dptr, sizeof(iService));
3457 if (iService != -1 &&
3458 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3459 &lsbuf.st_ex_mtime) == 0) {
3460 /* Nothing changed - Mark valid and return. */
3461 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3463 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3468 /* Try and open the file read only - no symlinks allowed. */
3470 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3472 fd = open(fname, O_RDONLY, 0);
3476 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3477 fname, strerror(errno) ));
3481 /* Now fstat to be *SURE* it's a regular file. */
3482 if (sys_fstat(fd, &sbuf, false) != 0) {
3484 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3485 fname, strerror(errno) ));
3489 /* Is it the same dev/inode as was lstated ? */
3490 if (!check_same_stat(&lsbuf, &sbuf)) {
3492 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3493 "Symlink spoofing going on ?\n", fname ));
3497 /* This must be a regular file, not a symlink, directory or
3498 other strange filetype. */
3499 if (!check_usershare_stat(fname, &sbuf)) {
3504 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3507 if (lines == NULL) {
3508 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3509 fname, (unsigned int)sbuf.st_ex_uid ));
3513 if (parse_usershare_file(ctx, &sbuf, file_name,
3514 iService, lines, numlines, &sharepath,
3515 &comment, &cp_service_name,
3516 &psd, &guest_ok) != USERSHARE_OK) {
3520 /* Everything ok - add the service possibly using a template. */
3522 const struct loadparm_service *sp = &sDefault;
3523 if (snum_template != -1) {
3524 sp = ServicePtrs[snum_template];
3527 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3528 DEBUG(0, ("process_usershare_file: Failed to add "
3529 "new service %s\n", cp_service_name));
3533 added_service = true;
3535 /* Read only is controlled by usershare ACL below. */
3536 ServicePtrs[iService]->read_only = false;
3539 /* Write the ACL of the new/modified share. */
3540 status = set_share_security(canon_name, psd);
3541 if (!NT_STATUS_IS_OK(status)) {
3542 DEBUG(0, ("process_usershare_file: Failed to set share "
3543 "security for user share %s\n",
3548 /* If from a template it may be marked invalid. */
3549 ServicePtrs[iService]->valid = true;
3551 /* Set the service as a valid usershare. */
3552 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3554 /* Set guest access. */
3555 if (lp_usershare_allow_guests()) {
3556 ServicePtrs[iService]->guest_ok = guest_ok;
3559 /* And note when it was loaded. */
3560 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3561 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3563 lpcfg_string_set(ServicePtrs[iService],
3564 &ServicePtrs[iService]->comment, comment);
3570 if (ret == -1 && iService != -1 && added_service) {
3571 lp_remove_service(iService);
3579 /***************************************************************************
3580 Checks if a usershare entry has been modified since last load.
3581 ***************************************************************************/
3583 static bool usershare_exists(int iService, struct timespec *last_mod)
3585 SMB_STRUCT_STAT lsbuf;
3586 const char *usersharepath = Globals.usershare_path;
3589 fname = talloc_asprintf(talloc_tos(),
3592 ServicePtrs[iService]->szService);
3593 if (fname == NULL) {
3597 if (sys_lstat(fname, &lsbuf, false) != 0) {
3602 if (!S_ISREG(lsbuf.st_ex_mode)) {
3608 *last_mod = lsbuf.st_ex_mtime;
3612 static bool usershare_directory_is_root(uid_t uid)
3618 if (uid_wrapper_enabled()) {
3625 /***************************************************************************
3626 Load a usershare service by name. Returns a valid servicenumber or -1.
3627 ***************************************************************************/
3629 int load_usershare_service(const char *servicename)
3631 SMB_STRUCT_STAT sbuf;
3632 const char *usersharepath = Globals.usershare_path;
3633 int max_user_shares = Globals.usershare_max_shares;
3634 int snum_template = -1;
3636 if (servicename[0] == '\0') {
3637 /* Invalid service name. */
3641 if (*usersharepath == 0 || max_user_shares == 0) {
3645 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3646 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3647 usersharepath, strerror(errno) ));
3651 if (!S_ISDIR(sbuf.st_ex_mode)) {
3652 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3658 * This directory must be owned by root, and have the 't' bit set.
3659 * It also must not be writable by "other".
3663 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3664 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3666 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3667 (sbuf.st_ex_mode & S_IWOTH)) {
3669 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3670 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3675 /* Ensure the template share exists if it's set. */
3676 if (Globals.usershare_template_share[0]) {
3677 /* We can't use lp_servicenumber here as we are recommending that
3678 template shares have -valid=false set. */
3679 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3680 if (ServicePtrs[snum_template]->szService &&
3681 strequal(ServicePtrs[snum_template]->szService,
3682 Globals.usershare_template_share)) {
3687 if (snum_template == -1) {
3688 DEBUG(0,("load_usershare_service: usershare template share %s "
3689 "does not exist.\n",
3690 Globals.usershare_template_share ));
3695 return process_usershare_file(usersharepath, servicename, snum_template);
3698 /***************************************************************************
3699 Load all user defined shares from the user share directory.
3700 We only do this if we're enumerating the share list.
3701 This is the function that can delete usershares that have
3703 ***************************************************************************/
3705 int load_usershare_shares(struct smbd_server_connection *sconn,
3706 bool (*snumused) (struct smbd_server_connection *, int))
3709 SMB_STRUCT_STAT sbuf;
3711 int num_usershares = 0;
3712 int max_user_shares = Globals.usershare_max_shares;
3713 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3714 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3715 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3717 int snum_template = -1;
3718 const char *usersharepath = Globals.usershare_path;
3719 int ret = lp_numservices();
3720 TALLOC_CTX *tmp_ctx;
3722 if (max_user_shares == 0 || *usersharepath == '\0') {
3723 return lp_numservices();
3726 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3727 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3728 usersharepath, strerror(errno) ));
3733 * This directory must be owned by root, and have the 't' bit set.
3734 * It also must not be writable by "other".
3738 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3740 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3742 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3743 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3748 /* Ensure the template share exists if it's set. */
3749 if (Globals.usershare_template_share[0]) {
3750 /* We can't use lp_servicenumber here as we are recommending that
3751 template shares have -valid=false set. */
3752 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3753 if (ServicePtrs[snum_template]->szService &&
3754 strequal(ServicePtrs[snum_template]->szService,
3755 Globals.usershare_template_share)) {
3760 if (snum_template == -1) {
3761 DEBUG(0,("load_usershare_shares: usershare template share %s "
3762 "does not exist.\n",
3763 Globals.usershare_template_share ));
3768 /* Mark all existing usershares as pending delete. */
3769 for (iService = iNumServices - 1; iService >= 0; iService--) {
3770 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3771 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3775 dp = opendir(usersharepath);
3777 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3778 usersharepath, strerror(errno) ));
3782 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3784 num_dir_entries++ ) {
3786 const char *n = de->d_name;
3788 /* Ignore . and .. */
3790 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3796 /* Temporary file used when creating a share. */
3797 num_tmp_dir_entries++;
3800 /* Allow 20% tmp entries. */
3801 if (num_tmp_dir_entries > allowed_tmp_entries) {
3802 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3803 "in directory %s\n",
3804 num_tmp_dir_entries, usersharepath));
3808 r = process_usershare_file(usersharepath, n, snum_template);
3810 /* Update the services count. */
3812 if (num_usershares >= max_user_shares) {
3813 DEBUG(0,("load_usershare_shares: max user shares reached "
3814 "on file %s in directory %s\n",
3815 n, usersharepath ));
3818 } else if (r == -1) {
3819 num_bad_dir_entries++;
3822 /* Allow 20% bad entries. */
3823 if (num_bad_dir_entries > allowed_bad_entries) {
3824 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3825 "in directory %s\n",
3826 num_bad_dir_entries, usersharepath));
3830 /* Allow 20% bad entries. */
3831 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3832 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3833 "in directory %s\n",
3834 num_dir_entries, usersharepath));
3841 /* Sweep through and delete any non-refreshed usershares that are
3842 not currently in use. */
3843 tmp_ctx = talloc_stackframe();
3844 for (iService = iNumServices - 1; iService >= 0; iService--) {
3845 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3846 const struct loadparm_substitution *lp_sub =
3847 loadparm_s3_global_substitution();
3850 if (snumused && snumused(sconn, iService)) {
3854 servname = lp_servicename(tmp_ctx, lp_sub, iService);
3856 /* Remove from the share ACL db. */
3857 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3859 delete_share_security(servname);
3860 free_service_byindex(iService);
3863 talloc_free(tmp_ctx);
3865 return lp_numservices();
3868 /********************************************************
3869 Destroy global resources allocated in this file
3870 ********************************************************/
3872 void gfree_loadparm(void)
3878 /* Free resources allocated to services */
3880 for ( i = 0; i < iNumServices; i++ ) {
3882 free_service_byindex(i);
3886 TALLOC_FREE( ServicePtrs );
3889 /* Now release all resources allocated to global
3890 parameters and the default service */
3892 free_global_parameters();
3896 /***************************************************************************
3897 Allow client apps to specify that they are a client
3898 ***************************************************************************/
3899 static void lp_set_in_client(bool b)
3905 /***************************************************************************
3906 Determine if we're running in a client app
3907 ***************************************************************************/
3908 static bool lp_is_in_client(void)
3913 static void lp_enforce_ad_dc_settings(void)
3915 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3916 lp_do_parameter(GLOBAL_SECTION_SNUM,
3917 "winbindd:use external pipes", "true");
3918 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3919 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3920 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3921 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3922 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3923 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3924 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3925 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3926 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3929 /***************************************************************************
3930 Load the services array from the services file. Return true on success,
3932 ***************************************************************************/
3934 static bool lp_load_ex(const char *pszFname,
3938 bool reinit_globals,
3939 bool allow_include_registry,
3940 bool load_all_shares)
3944 TALLOC_CTX *frame = talloc_stackframe();
3945 struct loadparm_context *lp_ctx;
3946 int max_protocol, min_protocol;
3948 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3950 bInGlobalSection = true;
3951 bGlobalOnly = global_only;
3952 bAllowIncludeRegistry = allow_include_registry;
3953 sDefault = _sDefault;
3955 lp_ctx = setup_lp_context(talloc_tos());
3957 init_globals(lp_ctx, reinit_globals);
3961 if (save_defaults) {
3966 if (!reinit_globals) {
3967 free_param_opts(&Globals.param_opt);
3968 apply_lp_set_cmdline();
3971 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3973 /* We get sections first, so have to start 'behind' to make up */
3976 if (lp_config_backend_is_file()) {
3977 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3978 current_user_info.domain,
3981 smb_panic("lp_load_ex: out of memory");
3984 add_to_file_list(NULL, &file_lists, pszFname, n2);
3986 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3989 /* finish up the last section */
3990 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3992 if (iServiceIndex >= 0) {
3993 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3997 if (lp_config_backend_is_registry()) {
3999 /* config backend changed to registry in config file */
4001 * We need to use this extra global variable here to
4002 * survive restart: init_globals uses this as a default
4003 * for config_backend. Otherwise, init_globals would
4004 * send us into an endless loop here.
4007 config_backend = CONFIG_BACKEND_REGISTRY;
4009 DEBUG(1, ("lp_load_ex: changing to config backend "
4011 init_globals(lp_ctx, true);
4013 TALLOC_FREE(lp_ctx);
4015 lp_kill_all_services();
4016 ok = lp_load_ex(pszFname, global_only, save_defaults,
4017 add_ipc, reinit_globals,
4018 allow_include_registry,
4023 } else if (lp_config_backend_is_registry()) {
4024 bRetval = process_registry_globals();
4026 DEBUG(0, ("Illegal config backend given: %d\n",
4027 lp_config_backend()));
4031 if (bRetval && lp_registry_shares()) {
4032 if (load_all_shares) {
4033 bRetval = process_registry_shares();
4035 bRetval = reload_registry_shares();
4040 const struct loadparm_substitution *lp_sub =
4041 loadparm_s3_global_substitution();
4042 char *serv = lp_auto_services(talloc_tos(), lp_sub);
4043 lp_add_auto_services(serv);
4048 /* When 'restrict anonymous = 2' guest connections to ipc$
4050 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
4051 if ( lp_enable_asu_support() ) {
4052 lp_add_ipc("ADMIN$", false);
4056 set_allowed_client_auth();
4058 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
4059 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
4060 lp_password_server()));
4065 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4066 /* if we_are_a_wins_server is true and we are in the client */
4067 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4068 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4073 fault_configure(smb_panic_s3);
4076 * We run this check once the whole smb.conf is parsed, to
4077 * force some settings for the standard way a AD DC is
4078 * operated. We may change these as our code evolves, which
4079 * is why we force these settings.
4081 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4082 lp_enforce_ad_dc_settings();
4085 bAllowIncludeRegistry = true;
4087 /* Check if command line max protocol < min protocol, if so
4088 * report a warning to the user.
4090 max_protocol = lp_client_max_protocol();
4091 min_protocol = lp_client_min_protocol();
4092 if (max_protocol < min_protocol) {
4093 const char *max_protocolp, *min_protocolp;
4094 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4095 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4096 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4097 max_protocolp, min_protocolp);
4104 static bool lp_load(const char *pszFname,
4108 bool reinit_globals)
4110 return lp_load_ex(pszFname,
4115 true, /* allow_include_registry */
4116 false); /* load_all_shares*/
4119 bool lp_load_initial_only(const char *pszFname)
4121 return lp_load_ex(pszFname,
4122 true, /* global only */
4123 true, /* save_defaults */
4124 false, /* add_ipc */
4125 true, /* reinit_globals */
4126 false, /* allow_include_registry */
4127 false); /* load_all_shares*/
4131 * most common lp_load wrapper, loading only the globals
4133 * If this is used in a daemon or client utility it should be called
4134 * after processing popt.
4136 bool lp_load_global(const char *file_name)
4138 return lp_load(file_name,
4139 true, /* global_only */
4140 false, /* save_defaults */
4141 false, /* add_ipc */
4142 true); /* reinit_globals */
4146 * The typical lp_load wrapper with shares, loads global and
4147 * shares, including IPC, but does not force immediate
4148 * loading of all shares from registry.
4150 bool lp_load_with_shares(const char *file_name)
4152 return lp_load(file_name,
4153 false, /* global_only */
4154 false, /* save_defaults */
4156 true); /* reinit_globals */
4160 * lp_load wrapper, especially for clients
4162 bool lp_load_client(const char *file_name)
4164 lp_set_in_client(true);
4166 return lp_load_global(file_name);
4170 * lp_load wrapper, loading only globals, but intended
4171 * for subsequent calls, not reinitializing the globals
4174 bool lp_load_global_no_reinit(const char *file_name)
4176 return lp_load(file_name,
4177 true, /* global_only */
4178 false, /* save_defaults */
4179 false, /* add_ipc */
4180 false); /* reinit_globals */
4184 * lp_load wrapper, loading globals and shares,
4185 * intended for subsequent calls, i.e. not reinitializing
4186 * the globals to default values.
4188 bool lp_load_no_reinit(const char *file_name)
4190 return lp_load(file_name,
4191 false, /* global_only */
4192 false, /* save_defaults */
4193 false, /* add_ipc */
4194 false); /* reinit_globals */
4199 * lp_load wrapper, especially for clients, no reinitialization
4201 bool lp_load_client_no_reinit(const char *file_name)
4203 lp_set_in_client(true);
4205 return lp_load_global_no_reinit(file_name);
4208 bool lp_load_with_registry_shares(const char *pszFname)
4210 return lp_load_ex(pszFname,
4211 false, /* global_only */
4212 true, /* save_defaults */
4213 false, /* add_ipc */
4214 true, /* reinit_globals */
4215 true, /* allow_include_registry */
4216 true); /* load_all_shares*/
4219 /***************************************************************************
4220 Return the max number of services.
4221 ***************************************************************************/
4223 int lp_numservices(void)
4225 return (iNumServices);
4228 /***************************************************************************
4229 Display the contents of the services array in human-readable form.
4230 ***************************************************************************/
4232 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4235 struct loadparm_context *lp_ctx;
4238 defaults_saved = false;
4240 lp_ctx = setup_lp_context(talloc_tos());
4241 if (lp_ctx == NULL) {
4245 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4247 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4249 for (iService = 0; iService < maxtoprint; iService++) {
4251 lp_dump_one(f, show_defaults, iService);
4253 TALLOC_FREE(lp_ctx);
4256 /***************************************************************************
4257 Display the contents of one service in human-readable form.
4258 ***************************************************************************/
4260 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4263 if (ServicePtrs[snum]->szService[0] == '\0')
4265 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4266 flags_list, show_defaults);
4270 /***************************************************************************
4271 Return the number of the service with the given name, or -1 if it doesn't
4272 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4273 getservicebyname()! This works ONLY if all services have been loaded, and
4274 does not copy the found service.
4275 ***************************************************************************/
4277 int lp_servicenumber(const char *pszServiceName)
4280 fstring serviceName;
4282 if (!pszServiceName) {
4283 return GLOBAL_SECTION_SNUM;
4286 for (iService = iNumServices - 1; iService >= 0; iService--) {
4287 if (VALID(iService) && ServicePtrs[iService]->szService) {
4289 * The substitution here is used to support %U in
4292 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4293 standard_sub_basic(get_current_username(),
4294 current_user_info.domain,
4295 serviceName,sizeof(serviceName));
4296 if (strequal(serviceName, pszServiceName)) {
4302 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4303 struct timespec last_mod;
4305 if (!usershare_exists(iService, &last_mod)) {
4306 /* Remove the share security tdb entry for it. */
4307 delete_share_security(lp_const_servicename(iService));
4308 /* Remove it from the array. */
4309 free_service_byindex(iService);
4310 /* Doesn't exist anymore. */
4311 return GLOBAL_SECTION_SNUM;
4314 /* Has it been modified ? If so delete and reload. */
4315 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4317 /* Remove it from the array. */
4318 free_service_byindex(iService);
4319 /* and now reload it. */
4320 iService = load_usershare_service(pszServiceName);
4325 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4326 return GLOBAL_SECTION_SNUM;
4332 /*******************************************************************
4333 A useful volume label function.
4334 ********************************************************************/
4336 const char *volume_label(TALLOC_CTX *ctx, int snum)
4338 const struct loadparm_substitution *lp_sub =
4339 loadparm_s3_global_substitution();
4341 const char *label = lp_volume(ctx, lp_sub, snum);
4345 label = lp_servicename(ctx, lp_sub, snum);
4349 * Volume label can be a max of 32 bytes. Make sure to truncate
4350 * it at a codepoint boundary if it's longer than 32 and contains
4351 * multibyte characters. Windows insists on a volume label being
4352 * a valid mb sequence, and errors out if not.
4354 if (strlen(label) > 32) {
4356 * A MB char can be a max of 5 bytes, thus
4357 * we should have a valid mb character at a
4358 * minimum position of (32-5) = 27.
4362 * Check if a codepoint starting from next byte
4363 * is valid. If yes, then the current byte is the
4364 * end of a MB or ascii sequence and the label can
4365 * be safely truncated here. If not, keep going
4366 * backwards till a valid codepoint is found.
4369 const char *s = &label[end];
4370 codepoint_t c = next_codepoint(s, &len);
4371 if (c != INVALID_CODEPOINT) {
4378 /* This returns a max of 33 byte guarenteed null terminated string. */
4379 ret = talloc_strndup(ctx, label, end);
4386 /*******************************************************************
4387 Get the default server type we will announce as via nmbd.
4388 ********************************************************************/
4390 int lp_default_server_announce(void)
4392 int default_server_announce = 0;
4393 default_server_announce |= SV_TYPE_WORKSTATION;
4394 default_server_announce |= SV_TYPE_SERVER;
4395 default_server_announce |= SV_TYPE_SERVER_UNIX;
4397 /* note that the flag should be set only if we have a
4398 printer service but nmbd doesn't actually load the
4399 services so we can't tell --jerry */
4401 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4403 default_server_announce |= SV_TYPE_SERVER_NT;
4404 default_server_announce |= SV_TYPE_NT;
4406 switch (lp_server_role()) {
4407 case ROLE_DOMAIN_MEMBER:
4408 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4410 case ROLE_DOMAIN_PDC:
4411 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4413 case ROLE_DOMAIN_BDC:
4414 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4416 case ROLE_STANDALONE:
4420 if (lp_time_server())
4421 default_server_announce |= SV_TYPE_TIME_SOURCE;
4423 if (lp_host_msdfs())
4424 default_server_announce |= SV_TYPE_DFS_SERVER;
4426 return default_server_announce;
4429 /***********************************************************
4430 If we are PDC then prefer us as DMB
4431 ************************************************************/
4433 bool lp_domain_master(void)
4435 if (Globals._domain_master == Auto)
4436 return (lp_server_role() == ROLE_DOMAIN_PDC);
4438 return (bool)Globals._domain_master;
4441 /***********************************************************
4442 If we are PDC then prefer us as DMB
4443 ************************************************************/
4445 static bool lp_domain_master_true_or_auto(void)
4447 if (Globals._domain_master) /* auto or yes */
4453 /***********************************************************
4454 If we are DMB then prefer us as LMB
4455 ************************************************************/
4457 bool lp_preferred_master(void)
4459 int preferred_master = lp__preferred_master();
4461 if (preferred_master == Auto)
4462 return (lp_local_master() && lp_domain_master());
4464 return (bool)preferred_master;
4467 /*******************************************************************
4469 ********************************************************************/
4471 void lp_remove_service(int snum)
4473 ServicePtrs[snum]->valid = false;
4476 const char *lp_printername(TALLOC_CTX *ctx,
4477 const struct loadparm_substitution *lp_sub,
4480 const char *ret = lp__printername(ctx, lp_sub, snum);
4482 if (ret == NULL || *ret == '\0') {
4483 ret = lp_const_servicename(snum);
4490 /***********************************************************
4491 Allow daemons such as winbindd to fix their logfile name.
4492 ************************************************************/
4494 void lp_set_logfile(const char *name)
4496 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4497 debug_set_logfile(name);
4500 /*******************************************************************
4501 Return the max print jobs per queue.
4502 ********************************************************************/
4504 int lp_maxprintjobs(int snum)
4506 int maxjobs = lp_max_print_jobs(snum);
4508 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4509 maxjobs = PRINT_MAX_JOBID - 1;
4514 const char *lp_printcapname(void)
4516 const char *printcap_name = lp_printcap_name();
4518 if ((printcap_name != NULL) &&
4519 (printcap_name[0] != '\0'))
4520 return printcap_name;
4522 if (sDefault.printing == PRINT_CUPS) {
4526 if (sDefault.printing == PRINT_BSD)
4527 return "/etc/printcap";
4529 return PRINTCAP_NAME;
4532 static uint32_t spoolss_state;
4534 bool lp_disable_spoolss( void )
4536 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4537 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4539 return spoolss_state == SVCCTL_STOPPED ? true : false;
4542 void lp_set_spoolss_state( uint32_t state )
4544 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4546 spoolss_state = state;
4549 uint32_t lp_get_spoolss_state( void )
4551 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4554 /*******************************************************************
4555 Turn off sendfile if we find the underlying OS doesn't support it.
4556 ********************************************************************/
4558 void set_use_sendfile(int snum, bool val)
4560 if (LP_SNUM_OK(snum))
4561 ServicePtrs[snum]->_use_sendfile = val;
4563 sDefault._use_sendfile = val;
4566 void lp_set_mangling_method(const char *new_method)
4568 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4571 /*******************************************************************
4572 Global state for POSIX pathname processing.
4573 ********************************************************************/
4575 static bool posix_pathnames;
4577 bool lp_posix_pathnames(void)
4579 return posix_pathnames;
4582 /*******************************************************************
4583 Change everything needed to ensure POSIX pathname processing (currently
4585 ********************************************************************/
4587 void lp_set_posix_pathnames(void)
4589 posix_pathnames = true;
4592 /*******************************************************************
4593 Global state for POSIX lock processing - CIFS unix extensions.
4594 ********************************************************************/
4596 bool posix_default_lock_was_set;
4597 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4599 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4601 if (posix_default_lock_was_set) {
4602 return posix_cifsx_locktype;
4604 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4605 POSIX_LOCK : WINDOWS_LOCK;
4609 /*******************************************************************
4610 ********************************************************************/
4612 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4614 posix_default_lock_was_set = true;
4615 posix_cifsx_locktype = val;
4618 int lp_min_receive_file_size(void)
4620 int min_receivefile_size = lp_min_receivefile_size();
4622 if (min_receivefile_size < 0) {
4625 return min_receivefile_size;
4628 /*******************************************************************
4629 Safe wide links checks.
4630 This helper function always verify the validity of wide links,
4631 even after a configuration file reload.
4632 ********************************************************************/
4634 void widelinks_warning(int snum)
4636 if (lp_allow_insecure_wide_links()) {
4640 if (lp_unix_extensions() && lp_wide_links(snum)) {
4641 DBG_ERR("Share '%s' has wide links and unix extensions enabled. "
4642 "These parameters are incompatible. "
4643 "Wide links will be disabled for this share.\n",
4644 lp_const_servicename(snum));
4648 bool lp_widelinks(int snum)
4650 /* wide links is always incompatible with unix extensions */
4651 if (lp_unix_extensions()) {
4653 * Unless we have "allow insecure widelinks"
4656 if (!lp_allow_insecure_wide_links()) {
4661 return lp_wide_links(snum);
4664 int lp_server_role(void)
4666 return lp_find_server_role(lp__server_role(),
4668 lp__domain_logons(),
4669 lp_domain_master_true_or_auto());
4672 int lp_security(void)
4674 return lp_find_security(lp__server_role(),
4678 int lp_client_max_protocol(void)
4680 int client_max_protocol = lp__client_max_protocol();
4681 if (client_max_protocol == PROTOCOL_DEFAULT) {
4682 return PROTOCOL_LATEST;
4684 return client_max_protocol;
4687 int lp_client_ipc_min_protocol(void)
4689 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4690 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4691 client_ipc_min_protocol = lp_client_min_protocol();
4693 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4694 return PROTOCOL_NT1;
4696 return client_ipc_min_protocol;
4699 int lp_client_ipc_max_protocol(void)
4701 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4702 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4703 return PROTOCOL_LATEST;
4705 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4706 return PROTOCOL_NT1;
4708 return client_ipc_max_protocol;
4711 int lp_client_ipc_signing(void)
4713 int client_ipc_signing = lp__client_ipc_signing();
4714 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4715 return SMB_SIGNING_REQUIRED;
4717 return client_ipc_signing;
4720 enum credentials_use_kerberos lp_client_use_kerberos(void)
4722 if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
4723 return CRED_USE_KERBEROS_REQUIRED;
4726 return lp__client_use_kerberos();
4730 int lp_rpc_low_port(void)
4732 return Globals.rpc_low_port;
4735 int lp_rpc_high_port(void)
4737 return Globals.rpc_high_port;
4741 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4743 * This also ensures it is disabled if NTLM is totally disabled
4745 bool lp_lanman_auth(void)
4747 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4749 if (ntlm_auth_level == NTLM_AUTH_ON) {
4750 return lp__lanman_auth();
4756 struct loadparm_global * get_globals(void)
4761 unsigned int * get_flags(void)
4763 if (flags_list == NULL) {
4764 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
4770 enum samba_weak_crypto lp_weak_crypto()
4772 if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
4773 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
4775 if (samba_gnutls_weak_crypto_allowed()) {
4776 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
4780 return Globals.weak_crypto;
4783 uint32_t lp_get_async_dns_timeout(void)
4786 * Clamp minimum async dns timeout to 1 second
4787 * as per the man page.
4789 return MAX(Globals.async_dns_timeout, 1);