2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "system/filesys.h"
60 #include "lib/param/loadparm.h"
61 #include "lib/param/param.h"
63 #include "lib/smbconf/smbconf.h"
64 #include "lib/smbconf/smbconf_init.h"
67 #include "../librpc/gen_ndr/svcctl.h"
69 #include "../libcli/smb/smb_signing.h"
70 #include "dbwrap/dbwrap.h"
71 #include "dbwrap/dbwrap_rbt.h"
72 #include "../lib/util/bitmap.h"
73 #include "librpc/gen_ndr/nbt.h"
74 #include "source4/lib/tls/tls.h"
75 #include "libcli/auth/ntlm_check.h"
76 #include "lib/crypto/gnutls_helpers.h"
78 #ifdef HAVE_SYS_SYSCTL_H
79 #include <sys/sysctl.h>
84 extern userdom_struct current_user_info;
86 /* the special value for the include parameter
87 * to be interpreted not as a file name but to
88 * trigger loading of the global smb.conf options
90 #ifndef INCLUDE_REGISTRY_NAME
91 #define INCLUDE_REGISTRY_NAME "registry"
94 static bool in_client = false; /* Not in the client by default */
95 static struct smbconf_csn conf_last_csn;
97 static int config_backend = CONFIG_BACKEND_FILE;
99 /* some helpful bits */
100 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
101 (ServicePtrs != NULL) && \
102 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
103 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
104 ServicePtrs[i]->valid)
106 #define USERSHARE_VALID 1
107 #define USERSHARE_PENDING_DELETE 2
109 static bool defaults_saved = false;
111 #include "lib/param/param_global.h"
113 static struct loadparm_global Globals;
115 /* This is a default service used to prime a services structure */
116 static const struct loadparm_service _sDefault =
121 .usershare_last_mod = {0, 0},
124 .invalid_users = NULL,
131 .root_preexec = NULL,
132 .root_postexec = NULL,
133 .cups_options = NULL,
134 .print_command = NULL,
136 .lprm_command = NULL,
137 .lppause_command = NULL,
138 .lpresume_command = NULL,
139 .queuepause_command = NULL,
140 .queueresume_command = NULL,
141 ._printername = NULL,
142 .printjob_username = NULL,
143 .dont_descend = NULL,
146 .magic_script = NULL,
147 .magic_output = NULL,
150 .veto_oplock_files = NULL,
160 .aio_write_behind = NULL,
161 .dfree_command = NULL,
162 .min_print_space = 0,
163 .max_print_jobs = 1000,
164 .max_reported_print_jobs = 0,
166 .force_create_mode = 0,
167 .directory_mask = 0755,
168 .force_directory_mode = 0,
169 .max_connections = 0,
170 .default_case = CASE_LOWER,
171 .printing = DEFAULT_PRINTING,
174 .dfree_cache_time = 0,
175 .preexec_close = false,
176 .root_preexec_close = false,
177 .case_sensitive = Auto,
178 .preserve_case = true,
179 .short_preserve_case = true,
180 .hide_dot_files = true,
181 .hide_special_files = false,
182 .hide_unreadable = false,
183 .hide_unwriteable_files = false,
185 .access_based_share_enum = false,
190 .administrative_share = false,
193 .print_notify_backchannel = false,
197 .store_dos_attributes = true,
198 .dmapi_support = false,
200 .strict_locking = Auto,
201 .posix_locking = true,
203 .kernel_oplocks = false,
204 .level2_oplocks = true,
205 .mangled_names = MANGLED_NAMES_ILLEGAL,
207 .follow_symlinks = true,
208 .sync_always = false,
209 .strict_allocate = false,
210 .strict_rename = false,
212 .mangling_char = '~',
214 .delete_readonly = false,
215 .fake_oplocks = false,
216 .delete_veto_files = false,
217 .dos_filemode = false,
218 .dos_filetimes = true,
219 .dos_filetime_resolution = false,
220 .fake_directory_create_times = false,
221 .blocking_locks = true,
222 .inherit_permissions = false,
223 .inherit_acls = false,
224 .inherit_owner = false,
226 .msdfs_shuffle_referrals = false,
227 .use_client_driver = false,
228 .default_devmode = true,
229 .force_printername = false,
230 .nt_acl_support = true,
231 .force_unknown_acl_user = false,
232 ._use_sendfile = false,
233 .map_acl_inherit = false,
236 .acl_check_permissions = true,
237 .acl_map_full_control = true,
238 .acl_group_control = false,
239 .acl_allow_execute_always = false,
242 .map_readonly = MAP_READONLY_NO,
243 .directory_name_cache_size = 100,
244 .smb_encrypt = SMB_SIGNING_DEFAULT,
245 .kernel_share_modes = true,
246 .durable_handles = true,
247 .check_parent_directory_delete_on_close = false,
249 .smbd_search_ask_sharemode = true,
250 .smbd_getinfo_ask_sharemode = true,
251 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
256 * This is a copy of the default service structure. Service options in the
257 * global section would otherwise overwrite the initial default values.
259 static struct loadparm_service sDefault;
261 /* local variables */
262 static struct loadparm_service **ServicePtrs = NULL;
263 static int iNumServices = 0;
264 static int iServiceIndex = 0;
265 static struct db_context *ServiceHash;
266 static bool bInGlobalSection = true;
267 static bool bGlobalOnly = false;
268 static struct file_lists *file_lists = NULL;
269 static unsigned int *flags_list = NULL;
271 static void set_allowed_client_auth(void);
273 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
274 static void free_param_opts(struct parmlist_entry **popts);
277 * Function to return the default value for the maximum number of open
278 * file descriptors permitted. This function tries to consult the
279 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
280 * the smaller of those.
282 static int max_open_files(void)
284 int sysctl_max = MAX_OPEN_FILES;
285 int rlimit_max = MAX_OPEN_FILES;
287 #ifdef HAVE_SYSCTLBYNAME
289 size_t size = sizeof(sysctl_max);
290 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
295 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
301 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
302 rlimit_max = rl.rlim_cur;
304 #if defined(RLIM_INFINITY)
305 if(rl.rlim_cur == RLIM_INFINITY)
306 rlimit_max = MAX_OPEN_FILES;
311 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
312 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
313 "minimum Windows limit (%d)\n",
315 MIN_OPEN_FILES_WINDOWS));
316 sysctl_max = MIN_OPEN_FILES_WINDOWS;
319 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
320 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
321 "minimum Windows limit (%d)\n",
323 MIN_OPEN_FILES_WINDOWS));
324 rlimit_max = MIN_OPEN_FILES_WINDOWS;
327 return MIN(sysctl_max, rlimit_max);
331 * Common part of freeing allocated data for one parameter.
333 static void free_one_parameter_common(void *parm_ptr,
334 struct parm_struct parm)
336 if ((parm.type == P_STRING) ||
337 (parm.type == P_USTRING))
339 lpcfg_string_free((char**)parm_ptr);
340 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
341 TALLOC_FREE(*((char***)parm_ptr));
346 * Free the allocated data for one parameter for a share
347 * given as a service struct.
349 static void free_one_parameter(struct loadparm_service *service,
350 struct parm_struct parm)
354 if (parm.p_class != P_LOCAL) {
358 parm_ptr = lp_parm_ptr(service, &parm);
360 free_one_parameter_common(parm_ptr, parm);
364 * Free the allocated parameter data of a share given
365 * as a service struct.
367 static void free_parameters(struct loadparm_service *service)
371 for (i=0; parm_table[i].label; i++) {
372 free_one_parameter(service, parm_table[i]);
377 * Free the allocated data for one parameter for a given share
378 * specified by an snum.
380 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
385 parm_ptr = lp_parm_ptr(NULL, &parm);
386 } else if (parm.p_class != P_LOCAL) {
389 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
392 free_one_parameter_common(parm_ptr, parm);
396 * Free the allocated parameter data for a share specified
399 static void free_parameters_by_snum(int snum)
403 for (i=0; parm_table[i].label; i++) {
404 free_one_parameter_by_snum(snum, parm_table[i]);
409 * Free the allocated global parameters.
411 static void free_global_parameters(void)
414 struct parm_struct *parm;
416 free_param_opts(&Globals.param_opt);
417 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
419 /* Reset references in the defaults because the context is going to be freed */
420 for (i=0; parm_table[i].label; i++) {
421 parm = &parm_table[i];
422 if ((parm->type == P_STRING) ||
423 (parm->type == P_USTRING)) {
424 if ((parm->def.svalue != NULL) &&
425 (*(parm->def.svalue) != '\0')) {
426 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
427 parm->def.svalue = NULL;
432 TALLOC_FREE(Globals.ctx);
435 struct lp_stored_option {
436 struct lp_stored_option *prev, *next;
441 static struct lp_stored_option *stored_options;
444 save options set by lp_set_cmdline() into a list. This list is
445 re-applied when we do a globals reset, so that cmdline set options
446 are sticky across reloads of smb.conf
448 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
450 struct lp_stored_option *entry, *entry_next;
451 for (entry = stored_options; entry != NULL; entry = entry_next) {
452 entry_next = entry->next;
453 if (strcmp(pszParmName, entry->label) == 0) {
454 DLIST_REMOVE(stored_options, entry);
460 entry = talloc(NULL, struct lp_stored_option);
465 entry->label = talloc_strdup(entry, pszParmName);
471 entry->value = talloc_strdup(entry, pszParmValue);
477 DLIST_ADD_END(stored_options, entry);
482 static bool apply_lp_set_cmdline(void)
484 struct lp_stored_option *entry = NULL;
485 for (entry = stored_options; entry != NULL; entry = entry->next) {
486 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
487 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
488 entry->label, entry->value));
495 /***************************************************************************
496 Initialise the global parameter structure.
497 ***************************************************************************/
499 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
501 static bool done_init = false;
505 /* If requested to initialize only once and we've already done it... */
506 if (!reinit_globals && done_init) {
507 /* ... then we have nothing more to do */
512 /* The logfile can be set before this is invoked. Free it if so. */
513 lpcfg_string_free(&Globals.logfile);
516 free_global_parameters();
519 /* This memset and the free_global_parameters() above will
520 * wipe out smb.conf options set with lp_set_cmdline(). The
521 * apply_lp_set_cmdline() call puts these values back in the
522 * table once the defaults are set */
523 ZERO_STRUCT(Globals);
525 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
527 /* Initialize the flags list if necessary */
528 if (flags_list == NULL) {
532 for (i = 0; parm_table[i].label; i++) {
533 if ((parm_table[i].type == P_STRING ||
534 parm_table[i].type == P_USTRING))
538 (char **)lp_parm_ptr(NULL, &parm_table[i]),
544 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
545 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
547 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
549 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
551 DEBUG(3, ("Initialising global parameters\n"));
553 /* Must manually force to upper case here, as this does not go via the handler */
554 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
557 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
558 get_dyn_SMB_PASSWD_FILE());
559 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
560 get_dyn_PRIVATE_DIR());
561 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
562 get_dyn_BINDDNS_DIR());
564 /* use the new 'hash2' method by default, with a prefix of 1 */
565 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
566 Globals.mangle_prefix = 1;
568 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
570 /* using UTF8 by default allows us to support all chars */
571 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
572 DEFAULT_UNIX_CHARSET);
574 /* Use codepage 850 as a default for the dos character set */
575 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
576 DEFAULT_DOS_CHARSET);
579 * Allow the default PASSWD_CHAT to be overridden in local.h.
581 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
582 DEFAULT_PASSWD_CHAT);
584 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
586 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
587 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
589 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
591 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
593 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
595 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
598 * By default support explicit binding to broadcast
601 Globals.nmbd_bind_explicit_broadcast = true;
603 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
605 smb_panic("init_globals: ENOMEM");
607 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
610 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
611 "/bin/sleep 999999999");
614 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
615 DEFAULT_SOCKET_OPTIONS);
617 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
618 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
619 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
620 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
621 "\\\\%N\\%U\\profile");
623 Globals.name_resolve_order =
624 str_list_make_v3_const(Globals.ctx,
625 DEFAULT_NAME_RESOLVE_ORDER,
627 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
629 Globals.algorithmic_rid_base = BASE_RID;
631 Globals.load_printers = true;
632 Globals.printcap_cache_time = 750; /* 12.5 minutes */
634 Globals.config_backend = config_backend;
635 Globals._server_role = ROLE_AUTO;
637 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
638 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
639 Globals.max_xmit = 0x4104;
640 Globals.max_mux = 50; /* This is *needed* for profile support. */
641 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
642 Globals._disable_spoolss = false;
643 Globals.max_smbd_processes = 0;/* no limit specified */
644 Globals.username_level = 0;
645 Globals.deadtime = 10080;
646 Globals.getwd_cache = true;
647 Globals.large_readwrite = true;
648 Globals.max_log_size = 5000;
649 Globals.max_open_files = max_open_files();
650 Globals.server_max_protocol = PROTOCOL_SMB3_11;
651 Globals.server_min_protocol = PROTOCOL_SMB2_02;
652 Globals._client_max_protocol = PROTOCOL_DEFAULT;
653 Globals.client_min_protocol = PROTOCOL_SMB2_02;
654 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
655 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
656 Globals._security = SEC_AUTO;
657 Globals.encrypt_passwords = true;
658 Globals.client_schannel = true;
659 Globals.winbind_sealed_pipes = true;
660 Globals.require_strong_key = true;
661 Globals.server_schannel = true;
662 Globals.read_raw = true;
663 Globals.write_raw = true;
664 Globals.null_passwords = false;
665 Globals.old_password_allowed_period = 60;
666 Globals.obey_pam_restrictions = false;
668 Globals.syslog_only = false;
669 Globals.timestamp_logs = true;
670 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
671 Globals.debug_prefix_timestamp = false;
672 Globals.debug_hires_timestamp = true;
673 Globals.debug_pid = false;
674 Globals.debug_uid = false;
675 Globals.debug_class = false;
676 Globals.enable_core_files = true;
677 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
678 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
679 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
680 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
681 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
682 Globals.lm_interval = 60;
683 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
684 Globals.nis_homedir = false;
685 #ifdef WITH_NISPLUS_HOME
686 lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
687 "auto_home.org_dir");
689 lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
692 Globals.time_server = false;
693 Globals.bind_interfaces_only = false;
694 Globals.unix_password_sync = false;
695 Globals.pam_password_change = false;
696 Globals.passwd_chat_debug = false;
697 Globals.passwd_chat_timeout = 2; /* 2 second default. */
698 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
699 Globals.nt_status_support = true; /* Use NT status by default. */
700 Globals.smbd_profiling_level = 0;
701 Globals.stat_cache = true; /* use stat cache by default */
702 Globals.max_stat_cache_size = 512; /* 512k by default */
703 Globals.restrict_anonymous = 0;
704 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
705 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
706 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
707 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
708 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
709 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
710 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
712 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
714 Globals.map_to_guest = 0; /* By Default, "Never" */
715 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
716 Globals.enhanced_browsing = true;
717 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
718 Globals.use_mmap = true;
719 Globals.unicode = true;
720 Globals.unix_extensions = true;
721 Globals.reset_on_zero_vc = false;
722 Globals.log_writeable_files_on_exit = false;
723 Globals.create_krb5_conf = true;
724 Globals.include_system_krb5_conf = true;
725 Globals._winbind_max_domain_connections = 1;
727 /* hostname lookups can be very expensive and are broken on
728 a large number of sites (tridge) */
729 Globals.hostname_lookups = false;
731 Globals.change_notify = true,
732 Globals.kernel_change_notify = true,
734 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
735 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
738 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
739 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
741 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
742 Globals.ldap_ssl = LDAP_SSL_START_TLS;
743 Globals.ldap_ssl_ads = false;
744 Globals.ldap_deref = -1;
745 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
746 Globals.ldap_delete_dn = false;
747 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
748 Globals.ldap_follow_referral = Auto;
749 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
750 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
751 Globals.ldap_page_size = LDAP_PAGE_SIZE;
753 Globals.ldap_debug_level = 0;
754 Globals.ldap_debug_threshold = 10;
756 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
758 Globals.ldap_server_require_strong_auth =
759 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
761 /* This is what we tell the afs client. in reality we set the token
762 * to never expire, though, when this runs out the afs client will
763 * forget the token. Set to 0 to get NEVERDATE.*/
764 Globals.afs_token_lifetime = 604800;
765 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
767 /* these parameters are set to defaults that are more appropriate
768 for the increasing samba install base:
770 as a member of the workgroup, that will possibly become a
771 _local_ master browser (lm = true). this is opposed to a forced
772 local master browser startup (pm = true).
774 doesn't provide WINS server service by default (wsupp = false),
775 and doesn't provide domain master browser services by default, either.
779 Globals.show_add_printer_wizard = true;
780 Globals.os_level = 20;
781 Globals.local_master = true;
782 Globals._domain_master = Auto; /* depending on _domain_logons */
783 Globals._domain_logons = false;
784 Globals.browse_list = true;
785 Globals.we_are_a_wins_server = false;
786 Globals.wins_proxy = false;
788 TALLOC_FREE(Globals.init_logon_delayed_hosts);
789 Globals.init_logon_delay = 100; /* 100 ms default delay */
791 Globals.wins_dns_proxy = true;
793 Globals.allow_trusted_domains = true;
794 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
796 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
797 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
799 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
800 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
801 dyn_WINBINDD_SOCKET_DIR);
803 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
804 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
806 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
808 Globals.cluster_addresses = NULL;
809 Globals.clustering = false;
810 Globals.ctdb_timeout = 0;
811 Globals.ctdb_locktime_warn_threshold = 0;
813 Globals.winbind_cache_time = 300; /* 5 minutes */
814 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
815 Globals.winbind_request_timeout = 60; /* 60 seconds */
816 Globals.winbind_max_clients = 200;
817 Globals.winbind_enum_users = false;
818 Globals.winbind_enum_groups = false;
819 Globals.winbind_use_default_domain = false;
820 Globals.winbind_nested_groups = true;
821 Globals.winbind_expand_groups = 0;
822 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
823 Globals.winbind_refresh_tickets = false;
824 Globals.winbind_offline_logon = false;
825 Globals.winbind_scan_trusted_domains = true;
827 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
828 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
830 Globals.passdb_expand_explicit = false;
832 Globals.name_cache_timeout = 660; /* In seconds */
834 Globals.client_use_spnego = true;
836 Globals.client_signing = SMB_SIGNING_DEFAULT;
837 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
838 Globals.server_signing = SMB_SIGNING_DEFAULT;
840 Globals.defer_sharing_violations = true;
841 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
843 Globals.enable_privileges = true;
844 Globals.host_msdfs = true;
845 Globals.enable_asu_support = false;
847 /* User defined shares. */
848 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
850 smb_panic("init_globals: ENOMEM");
852 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
854 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
855 Globals.usershare_max_shares = 0;
856 /* By default disallow sharing of directories not owned by the sharer. */
857 Globals.usershare_owner_only = true;
858 /* By default disallow guest access to usershares. */
859 Globals.usershare_allow_guests = false;
861 Globals.keepalive = DEFAULT_KEEPALIVE;
863 /* By default no shares out of the registry */
864 Globals.registry_shares = false;
866 Globals.min_receivefile_size = 0;
868 Globals.multicast_dns_register = true;
870 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
871 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
872 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
873 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
874 Globals.smb2_leases = true;
876 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
877 get_dyn_NCALRPCDIR());
879 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
881 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
883 Globals.tls_enabled = true;
884 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
886 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
887 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
888 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
889 lpcfg_string_set(Globals.ctx, &Globals.tls_priority,
890 "NORMAL:-VERS-SSL3.0");
892 lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
894 Globals._preferred_master = Auto;
896 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
897 Globals.dns_zone_scavenging = false;
899 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
900 get_dyn_NTP_SIGND_SOCKET_DIR());
902 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
904 smb_panic("init_globals: ENOMEM");
906 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
910 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
913 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
915 smb_panic("init_globals: ENOMEM");
917 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
920 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
922 smb_panic("init_globals: ENOMEM");
924 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
927 Globals.apply_group_policies = false;
929 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
931 smb_panic("init_globals: ENOMEM");
933 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
936 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
938 Globals.cldap_port = 389;
940 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
942 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
944 Globals.krb5_port = 88;
946 Globals.kpasswd_port = 464;
948 Globals.aio_max_threads = 100;
950 lpcfg_string_set(Globals.ctx,
951 &Globals.rpc_server_dynamic_port_range,
953 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
954 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
955 Globals.prefork_children = 4;
956 Globals.prefork_backoff_increment = 10;
957 Globals.prefork_maximum_backoff = 120;
959 Globals.ldap_max_anonymous_request_size = 256000;
960 Globals.ldap_max_authenticated_request_size = 16777216;
962 /* Now put back the settings that were set with lp_set_cmdline() */
963 apply_lp_set_cmdline();
966 /* Convenience routine to setup an lp_context with additional s3 variables */
967 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
969 struct loadparm_context *lp_ctx;
971 lp_ctx = loadparm_init_s3(mem_ctx,
972 loadparm_s3_helpers());
973 if (lp_ctx == NULL) {
974 DEBUG(0, ("loadparm_init_s3 failed\n"));
978 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
979 if (lp_ctx->sDefault == NULL) {
980 DBG_ERR("talloc_zero failed\n");
985 *lp_ctx->sDefault = _sDefault;
986 lp_ctx->services = NULL; /* We do not want to access this directly */
987 lp_ctx->bInGlobalSection = bInGlobalSection;
988 lp_ctx->flags = flags_list;
993 /*******************************************************************
994 Convenience routine to grab string parameters into talloced memory
995 and run standard_sub_basic on them. The buffers can be written to by
996 callers without affecting the source string.
997 ********************************************************************/
999 static char *loadparm_s3_global_substitution_fn(
1000 TALLOC_CTX *mem_ctx,
1001 const struct loadparm_substitution *lp_sub,
1007 /* The follow debug is useful for tracking down memory problems
1008 especially if you have an inner loop that is calling a lp_*()
1009 function that returns a string. Perhaps this debug should be
1010 present all the time? */
1013 DEBUG(10, ("lp_string(%s)\n", s));
1019 ret = talloc_sub_basic(mem_ctx,
1020 get_current_username(),
1021 current_user_info.domain,
1023 if (trim_char(ret, '\"', '\"')) {
1024 if (strchr(ret,'\"') != NULL) {
1026 ret = talloc_sub_basic(mem_ctx,
1027 get_current_username(),
1028 current_user_info.domain,
1035 static const struct loadparm_substitution s3_global_substitution = {
1036 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1039 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1041 return &s3_global_substitution;
1045 In this section all the functions that are used to access the
1046 parameters from the rest of the program are defined
1049 #define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
1050 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
1051 {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
1052 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1053 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1054 #define FN_GLOBAL_LIST(fn_name,ptr) \
1055 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1056 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1057 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1058 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1059 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1060 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1061 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1063 #define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
1064 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
1065 {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1066 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1067 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1068 #define FN_LOCAL_LIST(fn_name,val) \
1069 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1070 #define FN_LOCAL_BOOL(fn_name,val) \
1071 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1072 #define FN_LOCAL_INTEGER(fn_name,val) \
1073 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1075 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1076 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1077 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1078 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1079 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1080 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1082 int lp_winbind_max_domain_connections(void)
1084 if (lp_winbind_offline_logon() &&
1085 lp__winbind_max_domain_connections() > 1) {
1086 DEBUG(1, ("offline logons active, restricting max domain "
1087 "connections to 1\n"));
1090 return MAX(1, lp__winbind_max_domain_connections());
1093 /* These functions remain in source3/param for now */
1095 #include "lib/param/param_functions.c"
1097 FN_LOCAL_SUBSTITUTED_STRING(servicename, szService)
1098 FN_LOCAL_CONST_STRING(const_servicename, szService)
1100 /* These functions cannot be auto-generated */
1101 FN_LOCAL_BOOL(autoloaded, autoloaded)
1102 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1104 /* local prototypes */
1106 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1107 static const char *get_boolean(bool bool_value);
1108 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1110 static bool hash_a_service(const char *name, int number);
1111 static void free_service_byindex(int iService);
1112 static void show_parameter(int parmIndex);
1113 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1114 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1117 * This is a helper function for parametrical options support. It returns a
1118 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1119 * parametrical functions are quite simple
1121 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1124 if (snum >= iNumServices) return NULL;
1127 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1129 return get_parametric_helper(ServicePtrs[snum],
1130 type, option, Globals.param_opt);
1134 static void discard_whitespace(char *str)
1136 size_t len = strlen(str);
1140 if (isspace(str[i])) {
1141 memmove(&str[i], &str[i+1], len-i);
1150 * @brief Go through all global parametric parameters
1152 * @param regex_str A regular expression to scan param for
1153 * @param max_matches Max number of submatches the regexp expects
1154 * @param cb Function to call on match. Should return true
1155 * when it wants wi_scan_global_parametrics to stop
1157 * @param private_data Anonymous pointer passed to cb
1159 * @return 0: success, regcomp/regexec return value on error.
1160 * See "man regexec" for possible errors
1163 int lp_wi_scan_global_parametrics(
1164 const char *regex_str, size_t max_matches,
1165 bool (*cb)(const char *string, regmatch_t matches[],
1166 void *private_data),
1169 struct parmlist_entry *data;
1173 ret = regcomp(®ex, regex_str, REG_ICASE);
1178 for (data = Globals.param_opt; data != NULL; data = data->next) {
1179 size_t keylen = strlen(data->key);
1181 regmatch_t matches[max_matches];
1184 memcpy(key, data->key, sizeof(key));
1185 discard_whitespace(key);
1187 ret = regexec(®ex, key, max_matches, matches, 0);
1188 if (ret == REG_NOMATCH) {
1195 stop = cb(key, matches, private_data);
1208 #define MISSING_PARAMETER(name) \
1209 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1211 /*******************************************************************
1212 convenience routine to return enum parameters.
1213 ********************************************************************/
1214 static int lp_enum(const char *s,const struct enum_list *_enum)
1218 if (!s || !*s || !_enum) {
1219 MISSING_PARAMETER(lp_enum);
1223 for (i=0; _enum[i].name; i++) {
1224 if (strequal(_enum[i].name,s))
1225 return _enum[i].value;
1228 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1232 #undef MISSING_PARAMETER
1234 /* Return parametric option from a given service. Type is a part of option before ':' */
1235 /* Parametric option has following syntax: 'Type: option = value' */
1236 char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
1237 const struct loadparm_substitution *lp_sub,
1243 struct parmlist_entry *data = get_parametrics(snum, type, option);
1245 SMB_ASSERT(lp_sub != NULL);
1247 if (data == NULL||data->value==NULL) {
1249 return lpcfg_substituted_string(mem_ctx, lp_sub, def);
1255 return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
1258 /* Return parametric option from a given service. Type is a part of option before ':' */
1259 /* Parametric option has following syntax: 'Type: option = value' */
1260 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1262 struct parmlist_entry *data = get_parametrics(snum, type, option);
1264 if (data == NULL||data->value==NULL)
1271 /* Return parametric option from a given service. Type is a part of option before ':' */
1272 /* Parametric option has following syntax: 'Type: option = value' */
1274 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1276 struct parmlist_entry *data = get_parametrics(snum, type, option);
1278 if (data == NULL||data->value==NULL)
1279 return (const char **)def;
1281 if (data->list==NULL) {
1282 data->list = str_list_make_v3(NULL, data->value, NULL);
1285 return discard_const_p(const char *, data->list);
1288 /* Return parametric option from a given service. Type is a part of option before ':' */
1289 /* Parametric option has following syntax: 'Type: option = value' */
1291 int lp_parm_int(int snum, const char *type, const char *option, int def)
1293 struct parmlist_entry *data = get_parametrics(snum, type, option);
1295 if (data && data->value && *data->value)
1296 return lp_int(data->value);
1301 /* Return parametric option from a given service. Type is a part of option before ':' */
1302 /* Parametric option has following syntax: 'Type: option = value' */
1304 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1306 struct parmlist_entry *data = get_parametrics(snum, type, option);
1308 if (data && data->value && *data->value)
1309 return lp_ulong(data->value);
1314 /* Return parametric option from a given service. Type is a part of option before ':' */
1315 /* Parametric option has following syntax: 'Type: option = value' */
1317 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1318 const char *option, unsigned long long def)
1320 struct parmlist_entry *data = get_parametrics(snum, type, option);
1322 if (data && data->value && *data->value) {
1323 return lp_ulonglong(data->value);
1329 /* Return parametric option from a given service. Type is a part of option
1331 /* Parametric option has following syntax: 'Type: option = value' */
1333 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1335 struct parmlist_entry *data = get_parametrics(snum, type, option);
1337 if (data && data->value && *data->value)
1338 return lp_bool(data->value);
1343 /* Return parametric option from a given service. Type is a part of option before ':' */
1344 /* Parametric option has following syntax: 'Type: option = value' */
1346 int lp_parm_enum(int snum, const char *type, const char *option,
1347 const struct enum_list *_enum, int def)
1349 struct parmlist_entry *data = get_parametrics(snum, type, option);
1351 if (data && data->value && *data->value && _enum)
1352 return lp_enum(data->value, _enum);
1358 * free a param_opts structure.
1359 * param_opts handling should be moved to talloc;
1360 * then this whole functions reduces to a TALLOC_FREE().
1363 static void free_param_opts(struct parmlist_entry **popts)
1365 struct parmlist_entry *opt, *next_opt;
1367 if (*popts != NULL) {
1368 DEBUG(5, ("Freeing parametrics:\n"));
1371 while (opt != NULL) {
1372 lpcfg_string_free(&opt->key);
1373 lpcfg_string_free(&opt->value);
1374 TALLOC_FREE(opt->list);
1375 next_opt = opt->next;
1382 /***************************************************************************
1383 Free the dynamically allocated parts of a service struct.
1384 ***************************************************************************/
1386 static void free_service(struct loadparm_service *pservice)
1391 if (pservice->szService)
1392 DEBUG(5, ("free_service: Freeing service %s\n",
1393 pservice->szService));
1395 free_parameters(pservice);
1397 lpcfg_string_free(&pservice->szService);
1398 TALLOC_FREE(pservice->copymap);
1400 free_param_opts(&pservice->param_opt);
1402 ZERO_STRUCTP(pservice);
1406 /***************************************************************************
1407 remove a service indexed in the ServicePtrs array from the ServiceHash
1408 and free the dynamically allocated parts
1409 ***************************************************************************/
1411 static void free_service_byindex(int idx)
1413 if ( !LP_SNUM_OK(idx) )
1416 ServicePtrs[idx]->valid = false;
1418 /* we have to cleanup the hash record */
1420 if (ServicePtrs[idx]->szService) {
1421 char *canon_name = canonicalize_servicename(
1423 ServicePtrs[idx]->szService );
1425 dbwrap_delete_bystring(ServiceHash, canon_name );
1426 TALLOC_FREE(canon_name);
1429 free_service(ServicePtrs[idx]);
1430 TALLOC_FREE(ServicePtrs[idx]);
1433 /***************************************************************************
1434 Add a new service to the services array initialising it with the given
1436 ***************************************************************************/
1438 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1441 struct loadparm_service **tsp = NULL;
1443 /* it might already exist */
1445 i = getservicebyname(name, NULL);
1451 /* Re use empty slots if any before allocating new one.*/
1452 for (i=0; i < iNumServices; i++) {
1453 if (ServicePtrs[i] == NULL) {
1457 if (i == iNumServices) {
1458 /* if not, then create one */
1459 tsp = talloc_realloc(NULL, ServicePtrs,
1460 struct loadparm_service *,
1463 DEBUG(0, ("add_a_service: failed to enlarge "
1470 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1471 if (!ServicePtrs[i]) {
1472 DEBUG(0,("add_a_service: out of memory!\n"));
1476 ServicePtrs[i]->valid = true;
1478 copy_service(ServicePtrs[i], pservice, NULL);
1480 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1483 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1484 i, ServicePtrs[i]->szService));
1486 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1493 /***************************************************************************
1494 Convert a string to uppercase and remove whitespaces.
1495 ***************************************************************************/
1497 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1502 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1506 result = talloc_strdup(ctx, src);
1507 SMB_ASSERT(result != NULL);
1509 if (!strlower_m(result)) {
1510 TALLOC_FREE(result);
1516 /***************************************************************************
1517 Add a name/index pair for the services array to the hash table.
1518 ***************************************************************************/
1520 static bool hash_a_service(const char *name, int idx)
1524 if ( !ServiceHash ) {
1525 DEBUG(10,("hash_a_service: creating servicehash\n"));
1526 ServiceHash = db_open_rbt(NULL);
1527 if ( !ServiceHash ) {
1528 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1533 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1536 canon_name = canonicalize_servicename(talloc_tos(), name );
1538 dbwrap_store_bystring(ServiceHash, canon_name,
1539 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1542 TALLOC_FREE(canon_name);
1547 /***************************************************************************
1548 Add a new home service, with the specified home directory, defaults coming
1550 ***************************************************************************/
1552 bool lp_add_home(const char *pszHomename, int iDefaultService,
1553 const char *user, const char *pszHomedir)
1555 const struct loadparm_substitution *lp_sub =
1556 loadparm_s3_global_substitution();
1560 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1561 pszHomedir[0] == '\0') {
1565 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1570 global_path = lp_path(talloc_tos(), lp_sub, GLOBAL_SECTION_SNUM);
1571 if (!(*(ServicePtrs[iDefaultService]->path))
1572 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1573 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1576 TALLOC_FREE(global_path);
1578 if (!(*(ServicePtrs[i]->comment))) {
1579 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1580 if (comment == NULL) {
1583 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1585 TALLOC_FREE(comment);
1588 /* set the browseable flag from the global default */
1590 ServicePtrs[i]->browseable = sDefault.browseable;
1591 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1593 ServicePtrs[i]->autoloaded = true;
1595 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1596 user, ServicePtrs[i]->path ));
1601 /***************************************************************************
1602 Add a new service, based on an old one.
1603 ***************************************************************************/
1605 int lp_add_service(const char *pszService, int iDefaultService)
1607 if (iDefaultService < 0) {
1608 return add_a_service(&sDefault, pszService);
1611 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1614 /***************************************************************************
1615 Add the IPC service.
1616 ***************************************************************************/
1618 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1620 char *comment = NULL;
1621 int i = add_a_service(&sDefault, ipc_name);
1626 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1627 Globals.server_string);
1628 if (comment == NULL) {
1632 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1633 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1634 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1635 ServicePtrs[i]->max_connections = 0;
1636 ServicePtrs[i]->available = true;
1637 ServicePtrs[i]->read_only = true;
1638 ServicePtrs[i]->guest_only = false;
1639 ServicePtrs[i]->administrative_share = true;
1640 ServicePtrs[i]->guest_ok = guest_ok;
1641 ServicePtrs[i]->printable = false;
1642 ServicePtrs[i]->browseable = sDefault.browseable;
1643 ServicePtrs[i]->autoloaded = false;
1645 DEBUG(3, ("adding IPC service\n"));
1647 TALLOC_FREE(comment);
1651 /***************************************************************************
1652 Add a new printer service, with defaults coming from service iFrom.
1653 ***************************************************************************/
1655 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1657 const char *comment = "From Printcap";
1658 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1663 /* note that we do NOT default the availability flag to true - */
1664 /* we take it from the default service passed. This allows all */
1665 /* dynamic printers to be disabled by disabling the [printers] */
1666 /* entry (if/when the 'available' keyword is implemented!). */
1668 /* the printer name is set to the service name. */
1669 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1671 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1673 /* set the browseable flag from the gloabl default */
1674 ServicePtrs[i]->browseable = sDefault.browseable;
1676 /* Printers cannot be read_only. */
1677 ServicePtrs[i]->read_only = false;
1678 /* No oplocks on printer services. */
1679 ServicePtrs[i]->oplocks = false;
1680 /* Printer services must be printable. */
1681 ServicePtrs[i]->printable = true;
1683 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1689 /***************************************************************************
1690 Check whether the given parameter name is valid.
1691 Parametric options (names containing a colon) are considered valid.
1692 ***************************************************************************/
1694 bool lp_parameter_is_valid(const char *pszParmName)
1696 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1697 (strchr(pszParmName, ':') != NULL));
1700 /***************************************************************************
1701 Check whether the given name is the name of a global parameter.
1702 Returns true for strings belonging to parameters of class
1703 P_GLOBAL, false for all other strings, also for parametric options
1704 and strings not belonging to any option.
1705 ***************************************************************************/
1707 bool lp_parameter_is_global(const char *pszParmName)
1709 int num = lpcfg_map_parameter(pszParmName);
1712 return (parm_table[num].p_class == P_GLOBAL);
1718 /**************************************************************************
1719 Determine the canonical name for a parameter.
1720 Indicate when it is an inverse (boolean) synonym instead of a
1722 **************************************************************************/
1724 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1729 if (!lp_parameter_is_valid(parm_name)) {
1734 num = map_parameter_canonical(parm_name, inverse);
1736 /* parametric option */
1737 *canon_parm = parm_name;
1739 *canon_parm = parm_table[num].label;
1746 /**************************************************************************
1747 Determine the canonical name for a parameter.
1748 Turn the value given into the inverse boolean expression when
1749 the synonym is an invers boolean synonym.
1752 - parm_name is a valid parameter name and
1753 - val is a valid value for this parameter and
1754 - in case the parameter is an inverse boolean synonym, if the val
1755 string could successfully be converted to the reverse bool.
1756 Return false in all other cases.
1757 **************************************************************************/
1759 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1761 const char **canon_parm,
1762 const char **canon_val)
1768 if (!lp_parameter_is_valid(parm_name)) {
1774 num = map_parameter_canonical(parm_name, &inverse);
1776 /* parametric option */
1777 *canon_parm = parm_name;
1782 *canon_parm = parm_table[num].label;
1784 if (!lp_invert_boolean(val, canon_val)) {
1792 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1797 /***************************************************************************
1798 Map a parameter's string representation to the index of the canonical
1799 form of the parameter (it might be a synonym).
1800 Returns -1 if the parameter string is not recognised.
1801 ***************************************************************************/
1803 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1805 int parm_num, canon_num;
1806 bool loc_inverse = false;
1808 parm_num = lpcfg_map_parameter(pszParmName);
1809 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1810 /* invalid, parametric or no canidate for synonyms ... */
1814 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1815 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1816 parm_num = canon_num;
1822 if (inverse != NULL) {
1823 *inverse = loc_inverse;
1828 /***************************************************************************
1829 return true if parameter number parm1 is a synonym of parameter
1830 number parm2 (parm2 being the principal name).
1831 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1833 ***************************************************************************/
1835 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1837 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1838 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1839 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1840 !(parm_table[parm2].flags & FLAG_SYNONYM))
1842 if (inverse != NULL) {
1843 if ((parm_table[parm1].type == P_BOOLREV) &&
1844 (parm_table[parm2].type == P_BOOL))
1856 /***************************************************************************
1857 Show one parameter's name, type, [values,] and flags.
1858 (helper functions for show_parameter_list)
1859 ***************************************************************************/
1861 static void show_parameter(int parmIndex)
1863 size_t enumIndex, flagIndex;
1868 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1869 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1870 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1871 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1872 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1874 printf("%s=%s", parm_table[parmIndex].label,
1875 type[parm_table[parmIndex].type]);
1876 if (parm_table[parmIndex].type == P_ENUM) {
1879 parm_table[parmIndex].enum_list[enumIndex].name;
1883 enumIndex ? "|" : "",
1884 parm_table[parmIndex].enum_list[enumIndex].name);
1889 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1890 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1893 flag_names[flagIndex]);
1898 /* output synonyms */
1900 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1901 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1902 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1903 parm_table[parmIndex2].label);
1904 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1906 printf(" (synonyms: ");
1911 printf("%s%s", parm_table[parmIndex2].label,
1912 inverse ? "[i]" : "");
1923 * Check the value for a P_ENUM
1925 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1929 for (i = 0; parm->enum_list[i].name; i++) {
1930 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1937 /**************************************************************************
1938 Check whether the given value is valid for the given parameter name.
1939 **************************************************************************/
1941 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1943 bool ret = false, tmp_bool;
1944 int num = lpcfg_map_parameter(parm_name), tmp_int;
1945 uint64_t tmp_int64 = 0;
1946 struct parm_struct *parm;
1948 /* parametric options (parameter names containing a colon) cannot
1949 be checked and are therefore considered valid. */
1950 if (strchr(parm_name, ':') != NULL) {
1955 parm = &parm_table[num];
1956 switch (parm->type) {
1959 ret = set_boolean(val, &tmp_bool);
1963 ret = (sscanf(val, "%d", &tmp_int) == 1);
1967 ret = (sscanf(val, "%o", &tmp_int) == 1);
1971 ret = check_enum_parameter(parm, val);
1975 if (conv_str_size_error(val, &tmp_int64) &&
1976 tmp_int64 <= INT_MAX) {
1993 /***************************************************************************
1994 Show all parameter's name, type, [values,] and flags.
1995 ***************************************************************************/
1997 void show_parameter_list(void)
1999 int classIndex, parmIndex;
2000 const char *section_names[] = { "local", "global", NULL};
2002 for (classIndex=0; section_names[classIndex]; classIndex++) {
2003 printf("[%s]\n", section_names[classIndex]);
2004 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
2005 if (parm_table[parmIndex].p_class == classIndex) {
2006 show_parameter(parmIndex);
2012 /***************************************************************************
2013 Get the standard string representation of a boolean value ("yes" or "no")
2014 ***************************************************************************/
2016 static const char *get_boolean(bool bool_value)
2018 static const char *yes_str = "yes";
2019 static const char *no_str = "no";
2021 return (bool_value ? yes_str : no_str);
2024 /***************************************************************************
2025 Provide the string of the negated boolean value associated to the boolean
2026 given as a string. Returns false if the passed string does not correctly
2027 represent a boolean.
2028 ***************************************************************************/
2030 bool lp_invert_boolean(const char *str, const char **inverse_str)
2034 if (!set_boolean(str, &val)) {
2038 *inverse_str = get_boolean(!val);
2042 /***************************************************************************
2043 Provide the canonical string representation of a boolean value given
2044 as a string. Return true on success, false if the string given does
2045 not correctly represent a boolean.
2046 ***************************************************************************/
2048 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2052 if (!set_boolean(str, &val)) {
2056 *canon_str = get_boolean(val);
2060 /***************************************************************************
2061 Find a service by name. Otherwise works like get_service.
2062 ***************************************************************************/
2064 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2071 if (ServiceHash == NULL) {
2075 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2077 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2080 if (NT_STATUS_IS_OK(status) &&
2081 (data.dptr != NULL) &&
2082 (data.dsize == sizeof(iService)))
2084 memcpy(&iService, data.dptr, sizeof(iService));
2087 TALLOC_FREE(canon_name);
2089 if ((iService != -1) && (LP_SNUM_OK(iService))
2090 && (pserviceDest != NULL)) {
2091 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2097 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2098 struct loadparm_service *lp_service(const char *pszServiceName)
2100 int iService = getservicebyname(pszServiceName, NULL);
2101 if (iService == -1 || !LP_SNUM_OK(iService)) {
2104 return ServicePtrs[iService];
2107 struct loadparm_service *lp_servicebynum(int snum)
2109 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2112 return ServicePtrs[snum];
2115 struct loadparm_service *lp_default_loadparm_service()
2120 static struct smbconf_ctx *lp_smbconf_ctx(void)
2123 static struct smbconf_ctx *conf_ctx = NULL;
2125 if (conf_ctx == NULL) {
2126 err = smbconf_init(NULL, &conf_ctx, "registry:");
2127 if (!SBC_ERROR_IS_OK(err)) {
2128 DEBUG(1, ("error initializing registry configuration: "
2129 "%s\n", sbcErrorString(err)));
2137 static bool process_smbconf_service(struct smbconf_service *service)
2142 if (service == NULL) {
2146 ret = lp_do_section(service->name, NULL);
2150 for (count = 0; count < service->num_params; count++) {
2152 if (!bInGlobalSection && bGlobalOnly) {
2155 const char *pszParmName = service->param_names[count];
2156 const char *pszParmValue = service->param_values[count];
2158 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2160 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2161 pszParmName, pszParmValue);
2168 if (iServiceIndex >= 0) {
2169 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2175 * load a service from registry and activate it
2177 bool process_registry_service(const char *service_name)
2180 struct smbconf_service *service = NULL;
2181 TALLOC_CTX *mem_ctx = talloc_stackframe();
2182 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2185 if (conf_ctx == NULL) {
2189 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2191 if (!smbconf_share_exists(conf_ctx, service_name)) {
2193 * Registry does not contain data for this service (yet),
2194 * but make sure lp_load doesn't return false.
2200 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2201 if (!SBC_ERROR_IS_OK(err)) {
2205 ret = process_smbconf_service(service);
2211 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2214 TALLOC_FREE(mem_ctx);
2219 * process_registry_globals
2221 static bool process_registry_globals(void)
2225 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2227 if (!bInGlobalSection && bGlobalOnly) {
2230 const char *pszParmName = "registry shares";
2231 const char *pszParmValue = "yes";
2233 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2235 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2236 pszParmName, pszParmValue);
2243 return process_registry_service(GLOBAL_NAME);
2246 bool process_registry_shares(void)
2250 struct smbconf_service **service = NULL;
2251 uint32_t num_shares = 0;
2252 TALLOC_CTX *mem_ctx = talloc_stackframe();
2253 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2256 if (conf_ctx == NULL) {
2260 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2261 if (!SBC_ERROR_IS_OK(err)) {
2267 for (count = 0; count < num_shares; count++) {
2268 if (strequal(service[count]->name, GLOBAL_NAME)) {
2271 ret = process_smbconf_service(service[count]);
2278 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2281 TALLOC_FREE(mem_ctx);
2286 * reload those shares from registry that are already
2287 * activated in the services array.
2289 static bool reload_registry_shares(void)
2294 for (i = 0; i < iNumServices; i++) {
2299 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2303 ret = process_registry_service(ServicePtrs[i]->szService);
2314 #define MAX_INCLUDE_DEPTH 100
2316 static uint8_t include_depth;
2319 * Free the file lists
2321 static void free_file_list(void)
2323 struct file_lists *f;
2324 struct file_lists *next;
2337 * Utility function for outsiders to check if we're running on registry.
2339 bool lp_config_backend_is_registry(void)
2341 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2345 * Utility function to check if the config backend is FILE.
2347 bool lp_config_backend_is_file(void)
2349 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2352 /*******************************************************************
2353 Check if a config file has changed date.
2354 ********************************************************************/
2356 bool lp_file_list_changed(void)
2358 struct file_lists *f = file_lists;
2360 DEBUG(6, ("lp_file_list_changed()\n"));
2363 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2364 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2366 if (conf_ctx == NULL) {
2369 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2372 DEBUGADD(6, ("registry config changed\n"));
2379 n2 = talloc_sub_basic(talloc_tos(),
2380 get_current_username(),
2381 current_user_info.domain,
2386 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2387 f->name, n2, ctime(&f->modtime)));
2389 mod_time = file_modtime(n2);
2392 ((f->modtime != mod_time) ||
2393 (f->subfname == NULL) ||
2394 (strcmp(n2, f->subfname) != 0)))
2397 ("file %s modified: %s\n", n2,
2399 f->modtime = mod_time;
2400 TALLOC_FREE(f->subfname);
2401 f->subfname = talloc_strdup(f, n2);
2402 if (f->subfname == NULL) {
2403 smb_panic("talloc_strdup failed");
2417 * Initialize iconv conversion descriptors.
2419 * This is called the first time it is needed, and also called again
2420 * every time the configuration is reloaded, because the charset or
2421 * codepage might have changed.
2423 static void init_iconv(void)
2425 struct smb_iconv_handle *ret = NULL;
2427 ret = reinit_iconv_handle(NULL,
2431 smb_panic("reinit_iconv_handle failed");
2435 /***************************************************************************
2436 Handle the include operation.
2437 ***************************************************************************/
2438 static bool bAllowIncludeRegistry = true;
2440 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2441 const char *pszParmValue, char **ptr)
2445 if (include_depth >= MAX_INCLUDE_DEPTH) {
2446 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2451 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2452 if (!bAllowIncludeRegistry) {
2455 if (lp_ctx->bInGlobalSection) {
2458 ret = process_registry_globals();
2462 DEBUG(1, ("\"include = registry\" only effective "
2463 "in %s section\n", GLOBAL_NAME));
2468 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2469 current_user_info.domain,
2472 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2474 if (service == NULL) {
2475 lpcfg_string_set(Globals.ctx, ptr, fname);
2477 lpcfg_string_set(service, ptr, fname);
2480 if (file_exist(fname)) {
2483 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2489 DEBUG(2, ("Can't find include file %s\n", fname));
2494 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2496 char *config_option = NULL;
2497 const char *range = NULL;
2500 SMB_ASSERT(low != NULL);
2501 SMB_ASSERT(high != NULL);
2503 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2507 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2509 if (config_option == NULL) {
2510 DEBUG(0, ("out of memory\n"));
2514 range = lp_parm_const_string(-1, config_option, "range", NULL);
2515 if (range == NULL) {
2516 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2520 if (sscanf(range, "%u - %u", low, high) != 2) {
2521 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2522 range, domain_name));
2529 talloc_free(config_option);
2534 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2536 return lp_idmap_range("*", low, high);
2539 const char *lp_idmap_backend(const char *domain_name)
2541 char *config_option = NULL;
2542 const char *backend = NULL;
2544 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2548 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2550 if (config_option == NULL) {
2551 DEBUG(0, ("out of memory\n"));
2555 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2556 if (backend == NULL) {
2557 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2562 talloc_free(config_option);
2566 const char *lp_idmap_default_backend(void)
2568 return lp_idmap_backend("*");
2571 /***************************************************************************
2572 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2573 ***************************************************************************/
2575 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2577 const char *suffix_string;
2579 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2580 Globals.ldap_suffix );
2581 if ( !suffix_string ) {
2582 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2586 return suffix_string;
2589 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2591 if (Globals._ldap_machine_suffix[0])
2592 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2594 return talloc_strdup(ctx, Globals.ldap_suffix);
2597 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2599 if (Globals._ldap_user_suffix[0])
2600 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2602 return talloc_strdup(ctx, Globals.ldap_suffix);
2605 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2607 if (Globals._ldap_group_suffix[0])
2608 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2610 return talloc_strdup(ctx, Globals.ldap_suffix);
2613 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2615 if (Globals._ldap_idmap_suffix[0])
2616 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2618 return talloc_strdup(ctx, Globals.ldap_suffix);
2622 return the parameter pointer for a parameter
2624 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2626 if (service == NULL) {
2627 if (parm->p_class == P_LOCAL)
2628 return (void *)(((char *)&sDefault)+parm->offset);
2629 else if (parm->p_class == P_GLOBAL)
2630 return (void *)(((char *)&Globals)+parm->offset);
2633 return (void *)(((char *)service) + parm->offset);
2637 /***************************************************************************
2638 Process a parameter for a particular service number. If snum < 0
2639 then assume we are in the globals.
2640 ***************************************************************************/
2642 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2644 TALLOC_CTX *frame = talloc_stackframe();
2645 struct loadparm_context *lp_ctx;
2648 lp_ctx = setup_lp_context(frame);
2649 if (lp_ctx == NULL) {
2655 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2657 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2658 pszParmName, pszParmValue);
2666 /***************************************************************************
2667 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2668 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2669 ***************************************************************************/
2671 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2674 parmnum = lpcfg_map_parameter(pszParmName);
2676 flags_list[parmnum] &= ~FLAG_CMDLINE;
2677 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2680 flags_list[parmnum] |= FLAG_CMDLINE;
2682 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2683 * be grouped in the table, so we don't have to search the
2686 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2687 && parm_table[i].p_class == parm_table[parmnum].p_class;
2689 flags_list[i] |= FLAG_CMDLINE;
2691 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2692 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2693 flags_list[i] |= FLAG_CMDLINE;
2699 /* it might be parametric */
2700 if (strchr(pszParmName, ':') != NULL) {
2701 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2705 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2709 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2712 TALLOC_CTX *frame = talloc_stackframe();
2713 struct loadparm_context *lp_ctx;
2715 lp_ctx = setup_lp_context(frame);
2716 if (lp_ctx == NULL) {
2721 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2727 /***************************************************************************
2728 Process a parameter.
2729 ***************************************************************************/
2731 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2734 if (!bInGlobalSection && bGlobalOnly)
2737 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2739 if (bInGlobalSection) {
2740 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2742 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2743 pszParmName, pszParmValue);
2748 static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
2751 * check that @vfs_objects includes all vfs modules required by an AD DC.
2753 static bool check_ad_dc_required_mods(const char **vfs_objects)
2759 for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
2761 for (j = 0; vfs_objects[j] != NULL; j++) {
2762 if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
2768 DEBUG(0, ("vfs objects specified without required AD "
2769 "DC module: %s\n", ad_dc_req_vfs_mods[i]));
2774 DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
2779 /***************************************************************************
2780 Initialize any local variables in the sDefault table, after parsing a
2782 ***************************************************************************/
2784 static void init_locals(void)
2787 * We run this check once the [globals] is parsed, to force
2788 * the VFS objects and other per-share settings we need for
2789 * the standard way a AD DC is operated. We may change these
2790 * as our code evolves, which is why we force these settings.
2792 * We can't do this at the end of lp_load_ex(), as by that
2793 * point the services have been loaded and they will already
2794 * have "" as their vfs objects.
2796 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2797 const char **vfs_objects = lp_vfs_objects(-1);
2798 if (vfs_objects != NULL) {
2799 /* ignore return, only warn if modules are missing */
2800 check_ad_dc_required_mods(vfs_objects);
2802 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2803 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2804 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2805 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2807 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2811 lp_do_parameter(-1, "map hidden", "no");
2812 lp_do_parameter(-1, "map system", "no");
2813 lp_do_parameter(-1, "map readonly", "no");
2814 lp_do_parameter(-1, "map archive", "no");
2815 lp_do_parameter(-1, "store dos attributes", "yes");
2819 /***************************************************************************
2820 Process a new section (service). At this stage all sections are services.
2821 Later we'll have special sections that permit server parameters to be set.
2822 Returns true on success, false on failure.
2823 ***************************************************************************/
2825 bool lp_do_section(const char *pszSectionName, void *userdata)
2827 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2829 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2830 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2832 /* if we were in a global section then do the local inits */
2833 if (bInGlobalSection && !isglobal)
2836 /* if we've just struck a global section, note the fact. */
2837 bInGlobalSection = isglobal;
2838 if (lp_ctx != NULL) {
2839 lp_ctx->bInGlobalSection = isglobal;
2842 /* check for multiple global sections */
2843 if (bInGlobalSection) {
2844 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2848 if (!bInGlobalSection && bGlobalOnly)
2851 /* if we have a current service, tidy it up before moving on */
2854 if (iServiceIndex >= 0)
2855 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2857 /* if all is still well, move to the next record in the services array */
2859 /* We put this here to avoid an odd message order if messages are */
2860 /* issued by the post-processing of a previous section. */
2861 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2863 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2864 if (iServiceIndex < 0) {
2865 DEBUG(0, ("Failed to add a new service\n"));
2868 /* Clean all parametric options for service */
2869 /* They will be added during parsing again */
2870 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2876 /***************************************************************************
2877 Display the contents of a parameter of a single services record.
2878 ***************************************************************************/
2880 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2882 bool result = false;
2883 struct loadparm_context *lp_ctx;
2885 lp_ctx = setup_lp_context(talloc_tos());
2886 if (lp_ctx == NULL) {
2891 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2893 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2895 TALLOC_FREE(lp_ctx);
2900 /***************************************************************************
2901 Display the contents of a single copy structure.
2902 ***************************************************************************/
2903 static void dump_copy_map(bool *pcopymap)
2909 printf("\n\tNon-Copied parameters:\n");
2911 for (i = 0; parm_table[i].label; i++)
2912 if (parm_table[i].p_class == P_LOCAL &&
2913 parm_table[i].ptr && !pcopymap[i] &&
2914 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2916 printf("\t\t%s\n", parm_table[i].label);
2921 /***************************************************************************
2922 Return TRUE if the passed service number is within range.
2923 ***************************************************************************/
2925 bool lp_snum_ok(int iService)
2927 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2930 /***************************************************************************
2931 Auto-load some home services.
2932 ***************************************************************************/
2934 static void lp_add_auto_services(const char *str)
2944 s = talloc_strdup(talloc_tos(), str);
2946 smb_panic("talloc_strdup failed");
2950 homes = lp_servicenumber(HOMES_NAME);
2952 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2953 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2956 if (lp_servicenumber(p) >= 0)
2959 home = get_user_home_dir(talloc_tos(), p);
2961 if (home && home[0] && homes >= 0)
2962 lp_add_home(p, homes, p, home);
2969 /***************************************************************************
2970 Auto-load one printer.
2971 ***************************************************************************/
2973 void lp_add_one_printer(const char *name, const char *comment,
2974 const char *location, void *pdata)
2976 int printers = lp_servicenumber(PRINTERS_NAME);
2979 if (lp_servicenumber(name) < 0) {
2980 lp_add_printer(name, printers);
2981 if ((i = lp_servicenumber(name)) >= 0) {
2982 lpcfg_string_set(ServicePtrs[i],
2983 &ServicePtrs[i]->comment, comment);
2984 ServicePtrs[i]->autoloaded = true;
2989 /***************************************************************************
2990 Have we loaded a services file yet?
2991 ***************************************************************************/
2993 bool lp_loaded(void)
2998 /***************************************************************************
2999 Unload unused services.
3000 ***************************************************************************/
3002 void lp_killunused(struct smbd_server_connection *sconn,
3003 bool (*snumused) (struct smbd_server_connection *, int))
3006 for (i = 0; i < iNumServices; i++) {
3010 /* don't kill autoloaded or usershare services */
3011 if ( ServicePtrs[i]->autoloaded ||
3012 ServicePtrs[i]->usershare == USERSHARE_VALID) {
3016 if (!snumused || !snumused(sconn, i)) {
3017 free_service_byindex(i);
3023 * Kill all except autoloaded and usershare services - convenience wrapper
3025 void lp_kill_all_services(void)
3027 lp_killunused(NULL, NULL);
3030 /***************************************************************************
3032 ***************************************************************************/
3034 void lp_killservice(int iServiceIn)
3036 if (VALID(iServiceIn)) {
3037 free_service_byindex(iServiceIn);
3041 /***************************************************************************
3042 Save the curent values of all global and sDefault parameters into the
3043 defaults union. This allows testparm to show only the
3044 changed (ie. non-default) parameters.
3045 ***************************************************************************/
3047 static void lp_save_defaults(void)
3050 struct parmlist_entry * parm;
3051 for (i = 0; parm_table[i].label; i++) {
3052 if (!(flags_list[i] & FLAG_CMDLINE)) {
3053 flags_list[i] |= FLAG_DEFAULT;
3056 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3057 && parm_table[i].p_class == parm_table[i - 1].p_class)
3059 switch (parm_table[i].type) {
3062 parm_table[i].def.lvalue = str_list_copy(
3063 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3069 &parm_table[i].def.svalue,
3070 *(char **)lp_parm_ptr(
3071 NULL, &parm_table[i]));
3072 if (parm_table[i].def.svalue == NULL) {
3073 smb_panic("lpcfg_string_set() failed");
3078 parm_table[i].def.bvalue =
3079 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3082 parm_table[i].def.cvalue =
3083 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3089 parm_table[i].def.ivalue =
3090 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3095 for (parm=Globals.param_opt; parm; parm=parm->next) {
3096 if (!(parm->priority & FLAG_CMDLINE)) {
3097 parm->priority |= FLAG_DEFAULT;
3101 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3102 if (!(parm->priority & FLAG_CMDLINE)) {
3103 parm->priority |= FLAG_DEFAULT;
3107 defaults_saved = true;
3110 /***********************************************************
3111 If we should send plaintext/LANMAN passwords in the clinet
3112 ************************************************************/
3114 static void set_allowed_client_auth(void)
3116 if (Globals.client_ntlmv2_auth) {
3117 Globals.client_lanman_auth = false;
3119 if (!Globals.client_lanman_auth) {
3120 Globals.client_plaintext_auth = false;
3124 /***************************************************************************
3126 The following code allows smbd to read a user defined share file.
3127 Yes, this is my intent. Yes, I'm comfortable with that...
3129 THE FOLLOWING IS SECURITY CRITICAL CODE.
3131 It washes your clothes, it cleans your house, it guards you while you sleep...
3132 Do not f%^k with it....
3133 ***************************************************************************/
3135 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3137 /***************************************************************************
3138 Check allowed stat state of a usershare file.
3139 Ensure we print out who is dicking with us so the admin can
3140 get their sorry ass fired.
3141 ***************************************************************************/
3143 static bool check_usershare_stat(const char *fname,
3144 const SMB_STRUCT_STAT *psbuf)
3146 if (!S_ISREG(psbuf->st_ex_mode)) {
3147 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3148 "not a regular file\n",
3149 fname, (unsigned int)psbuf->st_ex_uid ));
3153 /* Ensure this doesn't have the other write bit set. */
3154 if (psbuf->st_ex_mode & S_IWOTH) {
3155 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3156 "public write. Refusing to allow as a usershare file.\n",
3157 fname, (unsigned int)psbuf->st_ex_uid ));
3161 /* Should be 10k or less. */
3162 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3163 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3164 "too large (%u) to be a user share file.\n",
3165 fname, (unsigned int)psbuf->st_ex_uid,
3166 (unsigned int)psbuf->st_ex_size ));
3173 /***************************************************************************
3174 Parse the contents of a usershare file.
3175 ***************************************************************************/
3177 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3178 SMB_STRUCT_STAT *psbuf,
3179 const char *servicename,
3183 char **pp_sharepath,
3185 char **pp_cp_servicename,
3186 struct security_descriptor **ppsd,
3189 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3190 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3193 SMB_STRUCT_STAT sbuf;
3194 char *sharepath = NULL;
3195 char *comment = NULL;
3197 *pp_sharepath = NULL;
3200 *pallow_guest = false;
3203 return USERSHARE_MALFORMED_FILE;
3206 if (strcmp(lines[0], "#VERSION 1") == 0) {
3208 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3211 return USERSHARE_MALFORMED_FILE;
3214 return USERSHARE_BAD_VERSION;
3217 if (strncmp(lines[1], "path=", 5) != 0) {
3218 return USERSHARE_MALFORMED_PATH;
3221 sharepath = talloc_strdup(ctx, &lines[1][5]);
3223 return USERSHARE_POSIX_ERR;
3225 trim_string(sharepath, " ", " ");
3227 if (strncmp(lines[2], "comment=", 8) != 0) {
3228 return USERSHARE_MALFORMED_COMMENT_DEF;
3231 comment = talloc_strdup(ctx, &lines[2][8]);
3233 return USERSHARE_POSIX_ERR;
3235 trim_string(comment, " ", " ");
3236 trim_char(comment, '"', '"');
3238 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3239 return USERSHARE_MALFORMED_ACL_DEF;
3242 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3243 return USERSHARE_ACL_ERR;
3247 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3248 return USERSHARE_MALFORMED_ACL_DEF;
3250 if (lines[4][9] == 'y') {
3251 *pallow_guest = true;
3254 /* Backwards compatible extension to file version #2. */
3256 if (strncmp(lines[5], "sharename=", 10) != 0) {
3257 return USERSHARE_MALFORMED_SHARENAME_DEF;
3259 if (!strequal(&lines[5][10], servicename)) {
3260 return USERSHARE_BAD_SHARENAME;
3262 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3263 if (!*pp_cp_servicename) {
3264 return USERSHARE_POSIX_ERR;
3269 if (*pp_cp_servicename == NULL) {
3270 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3271 if (!*pp_cp_servicename) {
3272 return USERSHARE_POSIX_ERR;
3276 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3277 /* Path didn't change, no checks needed. */
3278 *pp_sharepath = sharepath;
3279 *pp_comment = comment;
3280 return USERSHARE_OK;
3283 /* The path *must* be absolute. */
3284 if (sharepath[0] != '/') {
3285 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3286 servicename, sharepath));
3287 return USERSHARE_PATH_NOT_ABSOLUTE;
3290 /* If there is a usershare prefix deny list ensure one of these paths
3291 doesn't match the start of the user given path. */
3292 if (prefixdenylist) {
3294 for ( i=0; prefixdenylist[i]; i++ ) {
3295 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3296 servicename, i, prefixdenylist[i], sharepath ));
3297 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3298 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3299 "usershare prefix deny list entries.\n",
3300 servicename, sharepath));
3301 return USERSHARE_PATH_IS_DENIED;
3306 /* If there is a usershare prefix allow list ensure one of these paths
3307 does match the start of the user given path. */
3309 if (prefixallowlist) {
3311 for ( i=0; prefixallowlist[i]; i++ ) {
3312 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3313 servicename, i, prefixallowlist[i], sharepath ));
3314 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3318 if (prefixallowlist[i] == NULL) {
3319 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3320 "usershare prefix allow list entries.\n",
3321 servicename, sharepath));
3322 return USERSHARE_PATH_NOT_ALLOWED;
3326 /* Ensure this is pointing to a directory. */
3327 dp = opendir(sharepath);
3330 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3331 servicename, sharepath));
3332 return USERSHARE_PATH_NOT_DIRECTORY;
3335 /* Ensure the owner of the usershare file has permission to share
3338 if (sys_stat(sharepath, &sbuf, false) == -1) {
3339 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3340 servicename, sharepath, strerror(errno) ));
3342 return USERSHARE_POSIX_ERR;
3347 if (!S_ISDIR(sbuf.st_ex_mode)) {
3348 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3349 servicename, sharepath ));
3350 return USERSHARE_PATH_NOT_DIRECTORY;
3353 /* Check if sharing is restricted to owner-only. */
3354 /* psbuf is the stat of the usershare definition file,
3355 sbuf is the stat of the target directory to be shared. */
3357 if (lp_usershare_owner_only()) {
3358 /* root can share anything. */
3359 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3360 return USERSHARE_PATH_NOT_ALLOWED;
3364 *pp_sharepath = sharepath;
3365 *pp_comment = comment;
3366 return USERSHARE_OK;
3369 /***************************************************************************
3370 Deal with a usershare file.
3373 -1 - Bad name, invalid contents.
3374 - service name already existed and not a usershare, problem
3375 with permissions to share directory etc.
3376 ***************************************************************************/
3378 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3380 SMB_STRUCT_STAT sbuf;
3381 SMB_STRUCT_STAT lsbuf;
3383 char *sharepath = NULL;
3384 char *comment = NULL;
3385 char *cp_service_name = NULL;
3386 char **lines = NULL;
3390 TALLOC_CTX *ctx = talloc_stackframe();
3391 struct security_descriptor *psd = NULL;
3392 bool guest_ok = false;
3393 char *canon_name = NULL;
3394 bool added_service = false;
3398 /* Ensure share name doesn't contain invalid characters. */
3399 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3400 DEBUG(0,("process_usershare_file: share name %s contains "
3401 "invalid characters (any of %s)\n",
3402 file_name, INVALID_SHARENAME_CHARS ));
3406 canon_name = canonicalize_servicename(ctx, file_name);
3411 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3416 /* Minimize the race condition by doing an lstat before we
3417 open and fstat. Ensure this isn't a symlink link. */
3419 if (sys_lstat(fname, &lsbuf, false) != 0) {
3420 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3421 fname, strerror(errno) ));
3425 /* This must be a regular file, not a symlink, directory or
3426 other strange filetype. */
3427 if (!check_usershare_stat(fname, &lsbuf)) {
3434 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3439 if (NT_STATUS_IS_OK(status) &&
3440 (data.dptr != NULL) &&
3441 (data.dsize == sizeof(iService))) {
3442 memcpy(&iService, data.dptr, sizeof(iService));
3446 if (iService != -1 &&
3447 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3448 &lsbuf.st_ex_mtime) == 0) {
3449 /* Nothing changed - Mark valid and return. */
3450 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3452 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3457 /* Try and open the file read only - no symlinks allowed. */
3459 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3461 fd = open(fname, O_RDONLY, 0);
3465 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3466 fname, strerror(errno) ));
3470 /* Now fstat to be *SURE* it's a regular file. */
3471 if (sys_fstat(fd, &sbuf, false) != 0) {
3473 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3474 fname, strerror(errno) ));
3478 /* Is it the same dev/inode as was lstated ? */
3479 if (!check_same_stat(&lsbuf, &sbuf)) {
3481 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3482 "Symlink spoofing going on ?\n", fname ));
3486 /* This must be a regular file, not a symlink, directory or
3487 other strange filetype. */
3488 if (!check_usershare_stat(fname, &sbuf)) {
3493 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3496 if (lines == NULL) {
3497 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3498 fname, (unsigned int)sbuf.st_ex_uid ));
3502 if (parse_usershare_file(ctx, &sbuf, file_name,
3503 iService, lines, numlines, &sharepath,
3504 &comment, &cp_service_name,
3505 &psd, &guest_ok) != USERSHARE_OK) {
3509 /* Everything ok - add the service possibly using a template. */
3511 const struct loadparm_service *sp = &sDefault;
3512 if (snum_template != -1) {
3513 sp = ServicePtrs[snum_template];
3516 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3517 DEBUG(0, ("process_usershare_file: Failed to add "
3518 "new service %s\n", cp_service_name));
3522 added_service = true;
3524 /* Read only is controlled by usershare ACL below. */
3525 ServicePtrs[iService]->read_only = false;
3528 /* Write the ACL of the new/modified share. */
3529 status = set_share_security(canon_name, psd);
3530 if (!NT_STATUS_IS_OK(status)) {
3531 DEBUG(0, ("process_usershare_file: Failed to set share "
3532 "security for user share %s\n",
3537 /* If from a template it may be marked invalid. */
3538 ServicePtrs[iService]->valid = true;
3540 /* Set the service as a valid usershare. */
3541 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3543 /* Set guest access. */
3544 if (lp_usershare_allow_guests()) {
3545 ServicePtrs[iService]->guest_ok = guest_ok;
3548 /* And note when it was loaded. */
3549 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3550 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3552 lpcfg_string_set(ServicePtrs[iService],
3553 &ServicePtrs[iService]->comment, comment);
3559 if (ret == -1 && iService != -1 && added_service) {
3560 lp_remove_service(iService);
3568 /***************************************************************************
3569 Checks if a usershare entry has been modified since last load.
3570 ***************************************************************************/
3572 static bool usershare_exists(int iService, struct timespec *last_mod)
3574 SMB_STRUCT_STAT lsbuf;
3575 const char *usersharepath = Globals.usershare_path;
3578 fname = talloc_asprintf(talloc_tos(),
3581 ServicePtrs[iService]->szService);
3582 if (fname == NULL) {
3586 if (sys_lstat(fname, &lsbuf, false) != 0) {
3591 if (!S_ISREG(lsbuf.st_ex_mode)) {
3597 *last_mod = lsbuf.st_ex_mtime;
3601 static bool usershare_directory_is_root(uid_t uid)
3607 if (uid_wrapper_enabled()) {
3614 /***************************************************************************
3615 Load a usershare service by name. Returns a valid servicenumber or -1.
3616 ***************************************************************************/
3618 int load_usershare_service(const char *servicename)
3620 SMB_STRUCT_STAT sbuf;
3621 const char *usersharepath = Globals.usershare_path;
3622 int max_user_shares = Globals.usershare_max_shares;
3623 int snum_template = -1;
3625 if (*usersharepath == 0 || max_user_shares == 0) {
3629 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3630 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3631 usersharepath, strerror(errno) ));
3635 if (!S_ISDIR(sbuf.st_ex_mode)) {
3636 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3642 * This directory must be owned by root, and have the 't' bit set.
3643 * It also must not be writable by "other".
3647 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3648 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3650 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3651 (sbuf.st_ex_mode & S_IWOTH)) {
3653 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3654 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3659 /* Ensure the template share exists if it's set. */
3660 if (Globals.usershare_template_share[0]) {
3661 /* We can't use lp_servicenumber here as we are recommending that
3662 template shares have -valid=false set. */
3663 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3664 if (ServicePtrs[snum_template]->szService &&
3665 strequal(ServicePtrs[snum_template]->szService,
3666 Globals.usershare_template_share)) {
3671 if (snum_template == -1) {
3672 DEBUG(0,("load_usershare_service: usershare template share %s "
3673 "does not exist.\n",
3674 Globals.usershare_template_share ));
3679 return process_usershare_file(usersharepath, servicename, snum_template);
3682 /***************************************************************************
3683 Load all user defined shares from the user share directory.
3684 We only do this if we're enumerating the share list.
3685 This is the function that can delete usershares that have
3687 ***************************************************************************/
3689 int load_usershare_shares(struct smbd_server_connection *sconn,
3690 bool (*snumused) (struct smbd_server_connection *, int))
3693 SMB_STRUCT_STAT sbuf;
3695 int num_usershares = 0;
3696 int max_user_shares = Globals.usershare_max_shares;
3697 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3698 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3699 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3701 int snum_template = -1;
3702 const char *usersharepath = Globals.usershare_path;
3703 int ret = lp_numservices();
3704 TALLOC_CTX *tmp_ctx;
3706 if (max_user_shares == 0 || *usersharepath == '\0') {
3707 return lp_numservices();
3710 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3711 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3712 usersharepath, strerror(errno) ));
3717 * This directory must be owned by root, and have the 't' bit set.
3718 * It also must not be writable by "other".
3722 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3724 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3726 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3727 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3732 /* Ensure the template share exists if it's set. */
3733 if (Globals.usershare_template_share[0]) {
3734 /* We can't use lp_servicenumber here as we are recommending that
3735 template shares have -valid=false set. */
3736 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3737 if (ServicePtrs[snum_template]->szService &&
3738 strequal(ServicePtrs[snum_template]->szService,
3739 Globals.usershare_template_share)) {
3744 if (snum_template == -1) {
3745 DEBUG(0,("load_usershare_shares: usershare template share %s "
3746 "does not exist.\n",
3747 Globals.usershare_template_share ));
3752 /* Mark all existing usershares as pending delete. */
3753 for (iService = iNumServices - 1; iService >= 0; iService--) {
3754 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3755 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3759 dp = opendir(usersharepath);
3761 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3762 usersharepath, strerror(errno) ));
3766 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3768 num_dir_entries++ ) {
3770 const char *n = de->d_name;
3772 /* Ignore . and .. */
3774 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3780 /* Temporary file used when creating a share. */
3781 num_tmp_dir_entries++;
3784 /* Allow 20% tmp entries. */
3785 if (num_tmp_dir_entries > allowed_tmp_entries) {
3786 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3787 "in directory %s\n",
3788 num_tmp_dir_entries, usersharepath));
3792 r = process_usershare_file(usersharepath, n, snum_template);
3794 /* Update the services count. */
3796 if (num_usershares >= max_user_shares) {
3797 DEBUG(0,("load_usershare_shares: max user shares reached "
3798 "on file %s in directory %s\n",
3799 n, usersharepath ));
3802 } else if (r == -1) {
3803 num_bad_dir_entries++;
3806 /* Allow 20% bad entries. */
3807 if (num_bad_dir_entries > allowed_bad_entries) {
3808 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3809 "in directory %s\n",
3810 num_bad_dir_entries, usersharepath));
3814 /* Allow 20% bad entries. */
3815 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3816 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3817 "in directory %s\n",
3818 num_dir_entries, usersharepath));
3825 /* Sweep through and delete any non-refreshed usershares that are
3826 not currently in use. */
3827 tmp_ctx = talloc_stackframe();
3828 for (iService = iNumServices - 1; iService >= 0; iService--) {
3829 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3830 const struct loadparm_substitution *lp_sub =
3831 loadparm_s3_global_substitution();
3834 if (snumused && snumused(sconn, iService)) {
3838 servname = lp_servicename(tmp_ctx, lp_sub, iService);
3840 /* Remove from the share ACL db. */
3841 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3843 delete_share_security(servname);
3844 free_service_byindex(iService);
3847 talloc_free(tmp_ctx);
3849 return lp_numservices();
3852 /********************************************************
3853 Destroy global resources allocated in this file
3854 ********************************************************/
3856 void gfree_loadparm(void)
3862 /* Free resources allocated to services */
3864 for ( i = 0; i < iNumServices; i++ ) {
3866 free_service_byindex(i);
3870 TALLOC_FREE( ServicePtrs );
3873 /* Now release all resources allocated to global
3874 parameters and the default service */
3876 free_global_parameters();
3880 /***************************************************************************
3881 Allow client apps to specify that they are a client
3882 ***************************************************************************/
3883 static void lp_set_in_client(bool b)
3889 /***************************************************************************
3890 Determine if we're running in a client app
3891 ***************************************************************************/
3892 static bool lp_is_in_client(void)
3897 static void lp_enforce_ad_dc_settings(void)
3899 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3900 lp_do_parameter(GLOBAL_SECTION_SNUM,
3901 "winbindd:use external pipes", "true");
3902 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3903 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3904 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3905 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3906 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3907 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3908 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3909 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3910 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3913 /***************************************************************************
3914 Load the services array from the services file. Return true on success,
3916 ***************************************************************************/
3918 static bool lp_load_ex(const char *pszFname,
3922 bool reinit_globals,
3923 bool allow_include_registry,
3924 bool load_all_shares)
3928 TALLOC_CTX *frame = talloc_stackframe();
3929 struct loadparm_context *lp_ctx;
3930 int max_protocol, min_protocol;
3932 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3934 bInGlobalSection = true;
3935 bGlobalOnly = global_only;
3936 bAllowIncludeRegistry = allow_include_registry;
3937 sDefault = _sDefault;
3939 lp_ctx = setup_lp_context(talloc_tos());
3941 init_globals(lp_ctx, reinit_globals);
3945 if (save_defaults) {
3950 if (!reinit_globals) {
3951 free_param_opts(&Globals.param_opt);
3952 apply_lp_set_cmdline();
3955 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3957 /* We get sections first, so have to start 'behind' to make up */
3960 if (lp_config_backend_is_file()) {
3961 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3962 current_user_info.domain,
3965 smb_panic("lp_load_ex: out of memory");
3968 add_to_file_list(NULL, &file_lists, pszFname, n2);
3970 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3973 /* finish up the last section */
3974 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3976 if (iServiceIndex >= 0) {
3977 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3981 if (lp_config_backend_is_registry()) {
3983 /* config backend changed to registry in config file */
3985 * We need to use this extra global variable here to
3986 * survive restart: init_globals uses this as a default
3987 * for config_backend. Otherwise, init_globals would
3988 * send us into an endless loop here.
3991 config_backend = CONFIG_BACKEND_REGISTRY;
3993 DEBUG(1, ("lp_load_ex: changing to config backend "
3995 init_globals(lp_ctx, true);
3997 TALLOC_FREE(lp_ctx);
3999 lp_kill_all_services();
4000 ok = lp_load_ex(pszFname, global_only, save_defaults,
4001 add_ipc, reinit_globals,
4002 allow_include_registry,
4007 } else if (lp_config_backend_is_registry()) {
4008 bRetval = process_registry_globals();
4010 DEBUG(0, ("Illegal config backend given: %d\n",
4011 lp_config_backend()));
4015 if (bRetval && lp_registry_shares()) {
4016 if (load_all_shares) {
4017 bRetval = process_registry_shares();
4019 bRetval = reload_registry_shares();
4024 const struct loadparm_substitution *lp_sub =
4025 loadparm_s3_global_substitution();
4026 char *serv = lp_auto_services(talloc_tos(), lp_sub);
4027 lp_add_auto_services(serv);
4032 /* When 'restrict anonymous = 2' guest connections to ipc$
4034 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
4035 if ( lp_enable_asu_support() ) {
4036 lp_add_ipc("ADMIN$", false);
4040 set_allowed_client_auth();
4042 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
4043 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
4044 lp_password_server()));
4049 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4050 /* if we_are_a_wins_server is true and we are in the client */
4051 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4052 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4057 fault_configure(smb_panic_s3);
4060 * We run this check once the whole smb.conf is parsed, to
4061 * force some settings for the standard way a AD DC is
4062 * operated. We may change these as our code evolves, which
4063 * is why we force these settings.
4065 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4066 lp_enforce_ad_dc_settings();
4069 bAllowIncludeRegistry = true;
4071 /* Check if command line max protocol < min protocol, if so
4072 * report a warning to the user.
4074 max_protocol = lp_client_max_protocol();
4075 min_protocol = lp_client_min_protocol();
4076 if (max_protocol < min_protocol) {
4077 const char *max_protocolp, *min_protocolp;
4078 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4079 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4080 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4081 max_protocolp, min_protocolp);
4088 static bool lp_load(const char *pszFname,
4092 bool reinit_globals)
4094 return lp_load_ex(pszFname,
4099 true, /* allow_include_registry */
4100 false); /* load_all_shares*/
4103 bool lp_load_initial_only(const char *pszFname)
4105 return lp_load_ex(pszFname,
4106 true, /* global only */
4107 true, /* save_defaults */
4108 false, /* add_ipc */
4109 true, /* reinit_globals */
4110 false, /* allow_include_registry */
4111 false); /* load_all_shares*/
4115 * most common lp_load wrapper, loading only the globals
4117 * If this is used in a daemon or client utility it should be called
4118 * after processing popt.
4120 bool lp_load_global(const char *file_name)
4122 return lp_load(file_name,
4123 true, /* global_only */
4124 false, /* save_defaults */
4125 false, /* add_ipc */
4126 true); /* reinit_globals */
4130 * The typical lp_load wrapper with shares, loads global and
4131 * shares, including IPC, but does not force immediate
4132 * loading of all shares from registry.
4134 bool lp_load_with_shares(const char *file_name)
4136 return lp_load(file_name,
4137 false, /* global_only */
4138 false, /* save_defaults */
4140 true); /* reinit_globals */
4144 * lp_load wrapper, especially for clients
4146 bool lp_load_client(const char *file_name)
4148 lp_set_in_client(true);
4150 return lp_load_global(file_name);
4154 * lp_load wrapper, loading only globals, but intended
4155 * for subsequent calls, not reinitializing the globals
4158 bool lp_load_global_no_reinit(const char *file_name)
4160 return lp_load(file_name,
4161 true, /* global_only */
4162 false, /* save_defaults */
4163 false, /* add_ipc */
4164 false); /* reinit_globals */
4168 * lp_load wrapper, loading globals and shares,
4169 * intended for subsequent calls, i.e. not reinitializing
4170 * the globals to default values.
4172 bool lp_load_no_reinit(const char *file_name)
4174 return lp_load(file_name,
4175 false, /* global_only */
4176 false, /* save_defaults */
4177 false, /* add_ipc */
4178 false); /* reinit_globals */
4183 * lp_load wrapper, especially for clients, no reinitialization
4185 bool lp_load_client_no_reinit(const char *file_name)
4187 lp_set_in_client(true);
4189 return lp_load_global_no_reinit(file_name);
4192 bool lp_load_with_registry_shares(const char *pszFname)
4194 return lp_load_ex(pszFname,
4195 false, /* global_only */
4196 true, /* save_defaults */
4197 false, /* add_ipc */
4198 true, /* reinit_globals */
4199 true, /* allow_include_registry */
4200 true); /* load_all_shares*/
4203 /***************************************************************************
4204 Return the max number of services.
4205 ***************************************************************************/
4207 int lp_numservices(void)
4209 return (iNumServices);
4212 /***************************************************************************
4213 Display the contents of the services array in human-readable form.
4214 ***************************************************************************/
4216 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4219 struct loadparm_context *lp_ctx;
4222 defaults_saved = false;
4224 lp_ctx = setup_lp_context(talloc_tos());
4225 if (lp_ctx == NULL) {
4229 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4231 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4233 for (iService = 0; iService < maxtoprint; iService++) {
4235 lp_dump_one(f, show_defaults, iService);
4237 TALLOC_FREE(lp_ctx);
4240 /***************************************************************************
4241 Display the contents of one service in human-readable form.
4242 ***************************************************************************/
4244 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4247 if (ServicePtrs[snum]->szService[0] == '\0')
4249 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4250 flags_list, show_defaults);
4254 /***************************************************************************
4255 Return the number of the service with the given name, or -1 if it doesn't
4256 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4257 getservicebyname()! This works ONLY if all services have been loaded, and
4258 does not copy the found service.
4259 ***************************************************************************/
4261 int lp_servicenumber(const char *pszServiceName)
4264 fstring serviceName;
4266 if (!pszServiceName) {
4267 return GLOBAL_SECTION_SNUM;
4270 for (iService = iNumServices - 1; iService >= 0; iService--) {
4271 if (VALID(iService) && ServicePtrs[iService]->szService) {
4273 * The substitution here is used to support %U in
4276 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4277 standard_sub_basic(get_current_username(),
4278 current_user_info.domain,
4279 serviceName,sizeof(serviceName));
4280 if (strequal(serviceName, pszServiceName)) {
4286 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4287 struct timespec last_mod;
4289 if (!usershare_exists(iService, &last_mod)) {
4290 /* Remove the share security tdb entry for it. */
4291 delete_share_security(lp_const_servicename(iService));
4292 /* Remove it from the array. */
4293 free_service_byindex(iService);
4294 /* Doesn't exist anymore. */
4295 return GLOBAL_SECTION_SNUM;
4298 /* Has it been modified ? If so delete and reload. */
4299 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4301 /* Remove it from the array. */
4302 free_service_byindex(iService);
4303 /* and now reload it. */
4304 iService = load_usershare_service(pszServiceName);
4309 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4310 return GLOBAL_SECTION_SNUM;
4316 /*******************************************************************
4317 A useful volume label function.
4318 ********************************************************************/
4320 const char *volume_label(TALLOC_CTX *ctx, int snum)
4322 const struct loadparm_substitution *lp_sub =
4323 loadparm_s3_global_substitution();
4325 const char *label = lp_volume(ctx, lp_sub, snum);
4329 label = lp_servicename(ctx, lp_sub, snum);
4333 * Volume label can be a max of 32 bytes. Make sure to truncate
4334 * it at a codepoint boundary if it's longer than 32 and contains
4335 * multibyte characters. Windows insists on a volume label being
4336 * a valid mb sequence, and errors out if not.
4338 if (strlen(label) > 32) {
4340 * A MB char can be a max of 5 bytes, thus
4341 * we should have a valid mb character at a
4342 * minimum position of (32-5) = 27.
4346 * Check if a codepoint starting from next byte
4347 * is valid. If yes, then the current byte is the
4348 * end of a MB or ascii sequence and the label can
4349 * be safely truncated here. If not, keep going
4350 * backwards till a valid codepoint is found.
4353 const char *s = &label[end];
4354 codepoint_t c = next_codepoint(s, &len);
4355 if (c != INVALID_CODEPOINT) {
4362 /* This returns a max of 33 byte guarenteed null terminated string. */
4363 ret = talloc_strndup(ctx, label, end);
4370 /*******************************************************************
4371 Get the default server type we will announce as via nmbd.
4372 ********************************************************************/
4374 int lp_default_server_announce(void)
4376 int default_server_announce = 0;
4377 default_server_announce |= SV_TYPE_WORKSTATION;
4378 default_server_announce |= SV_TYPE_SERVER;
4379 default_server_announce |= SV_TYPE_SERVER_UNIX;
4381 /* note that the flag should be set only if we have a
4382 printer service but nmbd doesn't actually load the
4383 services so we can't tell --jerry */
4385 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4387 default_server_announce |= SV_TYPE_SERVER_NT;
4388 default_server_announce |= SV_TYPE_NT;
4390 switch (lp_server_role()) {
4391 case ROLE_DOMAIN_MEMBER:
4392 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4394 case ROLE_DOMAIN_PDC:
4395 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4397 case ROLE_DOMAIN_BDC:
4398 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4400 case ROLE_STANDALONE:
4404 if (lp_time_server())
4405 default_server_announce |= SV_TYPE_TIME_SOURCE;
4407 if (lp_host_msdfs())
4408 default_server_announce |= SV_TYPE_DFS_SERVER;
4410 return default_server_announce;
4413 /***********************************************************
4414 If we are PDC then prefer us as DMB
4415 ************************************************************/
4417 bool lp_domain_master(void)
4419 if (Globals._domain_master == Auto)
4420 return (lp_server_role() == ROLE_DOMAIN_PDC);
4422 return (bool)Globals._domain_master;
4425 /***********************************************************
4426 If we are PDC then prefer us as DMB
4427 ************************************************************/
4429 static bool lp_domain_master_true_or_auto(void)
4431 if (Globals._domain_master) /* auto or yes */
4437 /***********************************************************
4438 If we are DMB then prefer us as LMB
4439 ************************************************************/
4441 bool lp_preferred_master(void)
4443 int preferred_master = lp__preferred_master();
4445 if (preferred_master == Auto)
4446 return (lp_local_master() && lp_domain_master());
4448 return (bool)preferred_master;
4451 /*******************************************************************
4453 ********************************************************************/
4455 void lp_remove_service(int snum)
4457 ServicePtrs[snum]->valid = false;
4460 const char *lp_printername(TALLOC_CTX *ctx,
4461 const struct loadparm_substitution *lp_sub,
4464 const char *ret = lp__printername(ctx, lp_sub, snum);
4466 if (ret == NULL || *ret == '\0') {
4467 ret = lp_const_servicename(snum);
4474 /***********************************************************
4475 Allow daemons such as winbindd to fix their logfile name.
4476 ************************************************************/
4478 void lp_set_logfile(const char *name)
4480 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4481 debug_set_logfile(name);
4484 /*******************************************************************
4485 Return the max print jobs per queue.
4486 ********************************************************************/
4488 int lp_maxprintjobs(int snum)
4490 int maxjobs = lp_max_print_jobs(snum);
4492 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4493 maxjobs = PRINT_MAX_JOBID - 1;
4498 const char *lp_printcapname(void)
4500 const char *printcap_name = lp_printcap_name();
4502 if ((printcap_name != NULL) &&
4503 (printcap_name[0] != '\0'))
4504 return printcap_name;
4506 if (sDefault.printing == PRINT_CUPS) {
4510 if (sDefault.printing == PRINT_BSD)
4511 return "/etc/printcap";
4513 return PRINTCAP_NAME;
4516 static uint32_t spoolss_state;
4518 bool lp_disable_spoolss( void )
4520 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4521 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4523 return spoolss_state == SVCCTL_STOPPED ? true : false;
4526 void lp_set_spoolss_state( uint32_t state )
4528 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4530 spoolss_state = state;
4533 uint32_t lp_get_spoolss_state( void )
4535 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4538 /*******************************************************************
4539 Turn off sendfile if we find the underlying OS doesn't support it.
4540 ********************************************************************/
4542 void set_use_sendfile(int snum, bool val)
4544 if (LP_SNUM_OK(snum))
4545 ServicePtrs[snum]->_use_sendfile = val;
4547 sDefault._use_sendfile = val;
4550 void lp_set_mangling_method(const char *new_method)
4552 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4555 /*******************************************************************
4556 Global state for POSIX pathname processing.
4557 ********************************************************************/
4559 static bool posix_pathnames;
4561 bool lp_posix_pathnames(void)
4563 return posix_pathnames;
4566 /*******************************************************************
4567 Change everything needed to ensure POSIX pathname processing (currently
4569 ********************************************************************/
4571 void lp_set_posix_pathnames(void)
4573 posix_pathnames = true;
4576 /*******************************************************************
4577 Global state for POSIX lock processing - CIFS unix extensions.
4578 ********************************************************************/
4580 bool posix_default_lock_was_set;
4581 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4583 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4585 if (posix_default_lock_was_set) {
4586 return posix_cifsx_locktype;
4588 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4589 POSIX_LOCK : WINDOWS_LOCK;
4593 /*******************************************************************
4594 ********************************************************************/
4596 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4598 posix_default_lock_was_set = true;
4599 posix_cifsx_locktype = val;
4602 int lp_min_receive_file_size(void)
4604 int min_receivefile_size = lp_min_receivefile_size();
4606 if (min_receivefile_size < 0) {
4609 return min_receivefile_size;
4612 /*******************************************************************
4613 Safe wide links checks.
4614 This helper function always verify the validity of wide links,
4615 even after a configuration file reload.
4616 ********************************************************************/
4618 void widelinks_warning(int snum)
4620 if (lp_allow_insecure_wide_links()) {
4624 if (lp_unix_extensions() && lp_wide_links(snum)) {
4625 DBG_ERR("Share '%s' has wide links and unix extensions enabled. "
4626 "These parameters are incompatible. "
4627 "Wide links will be disabled for this share.\n",
4628 lp_const_servicename(snum));
4632 bool lp_widelinks(int snum)
4634 /* wide links is always incompatible with unix extensions */
4635 if (lp_unix_extensions()) {
4637 * Unless we have "allow insecure widelinks"
4640 if (!lp_allow_insecure_wide_links()) {
4645 return lp_wide_links(snum);
4648 int lp_server_role(void)
4650 return lp_find_server_role(lp__server_role(),
4652 lp__domain_logons(),
4653 lp_domain_master_true_or_auto());
4656 int lp_security(void)
4658 return lp_find_security(lp__server_role(),
4662 int lp_client_max_protocol(void)
4664 int client_max_protocol = lp__client_max_protocol();
4665 if (client_max_protocol == PROTOCOL_DEFAULT) {
4666 return PROTOCOL_LATEST;
4668 return client_max_protocol;
4671 int lp_client_ipc_min_protocol(void)
4673 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4674 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4675 client_ipc_min_protocol = lp_client_min_protocol();
4677 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4678 return PROTOCOL_NT1;
4680 return client_ipc_min_protocol;
4683 int lp_client_ipc_max_protocol(void)
4685 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4686 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4687 return PROTOCOL_LATEST;
4689 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4690 return PROTOCOL_NT1;
4692 return client_ipc_max_protocol;
4695 int lp_client_ipc_signing(void)
4697 int client_ipc_signing = lp__client_ipc_signing();
4698 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4699 return SMB_SIGNING_REQUIRED;
4701 return client_ipc_signing;
4704 int lp_rpc_low_port(void)
4706 return Globals.rpc_low_port;
4709 int lp_rpc_high_port(void)
4711 return Globals.rpc_high_port;
4715 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4717 * This also ensures it is disabled if NTLM is totally disabled
4719 bool lp_lanman_auth(void)
4721 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4723 if (ntlm_auth_level == NTLM_AUTH_ON) {
4724 return lp__lanman_auth();
4730 struct loadparm_global * get_globals(void)
4735 unsigned int * get_flags(void)
4737 if (flags_list == NULL) {
4738 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
4744 enum samba_weak_crypto lp_weak_crypto()
4746 if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
4747 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
4749 if (samba_gnutls_weak_crypto_allowed()) {
4750 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
4754 return Globals.weak_crypto;