2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "system/filesys.h"
60 #include "lib/param/loadparm.h"
61 #include "lib/param/param.h"
63 #include "lib/smbconf/smbconf.h"
64 #include "lib/smbconf/smbconf_init.h"
67 #include "../librpc/gen_ndr/svcctl.h"
69 #include "../libcli/smb/smb_signing.h"
70 #include "dbwrap/dbwrap.h"
71 #include "dbwrap/dbwrap_rbt.h"
72 #include "../lib/util/bitmap.h"
73 #include "librpc/gen_ndr/nbt.h"
74 #include "source4/lib/tls/tls.h"
75 #include "libcli/auth/ntlm_check.h"
77 #ifdef HAVE_SYS_SYSCTL_H
78 #include <sys/sysctl.h>
83 extern userdom_struct current_user_info;
85 /* the special value for the include parameter
86 * to be interpreted not as a file name but to
87 * trigger loading of the global smb.conf options
89 #ifndef INCLUDE_REGISTRY_NAME
90 #define INCLUDE_REGISTRY_NAME "registry"
93 static bool in_client = false; /* Not in the client by default */
94 static struct smbconf_csn conf_last_csn;
96 static int config_backend = CONFIG_BACKEND_FILE;
98 /* some helpful bits */
99 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
100 (ServicePtrs != NULL) && \
101 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
102 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
103 ServicePtrs[i]->valid)
105 #define USERSHARE_VALID 1
106 #define USERSHARE_PENDING_DELETE 2
108 static bool defaults_saved = false;
110 #include "lib/param/param_global.h"
112 static struct loadparm_global Globals;
114 /* This is a default service used to prime a services structure */
115 static const struct loadparm_service _sDefault =
120 .usershare_last_mod = {0, 0},
123 .invalid_users = NULL,
130 .root_preexec = NULL,
131 .root_postexec = NULL,
132 .cups_options = NULL,
133 .print_command = NULL,
135 .lprm_command = NULL,
136 .lppause_command = NULL,
137 .lpresume_command = NULL,
138 .queuepause_command = NULL,
139 .queueresume_command = NULL,
140 ._printername = NULL,
141 .printjob_username = NULL,
142 .dont_descend = NULL,
145 .magic_script = NULL,
146 .magic_output = NULL,
149 .veto_oplock_files = NULL,
159 .aio_write_behind = NULL,
160 .dfree_command = NULL,
161 .min_print_space = 0,
162 .max_print_jobs = 1000,
163 .max_reported_print_jobs = 0,
165 .force_create_mode = 0,
166 .directory_mask = 0755,
167 .force_directory_mode = 0,
168 .max_connections = 0,
169 .default_case = CASE_LOWER,
170 .printing = DEFAULT_PRINTING,
173 .dfree_cache_time = 0,
174 .preexec_close = false,
175 .root_preexec_close = false,
176 .case_sensitive = Auto,
177 .preserve_case = true,
178 .short_preserve_case = true,
179 .hide_dot_files = true,
180 .hide_special_files = false,
181 .hide_unreadable = false,
182 .hide_unwriteable_files = false,
184 .access_based_share_enum = false,
189 .administrative_share = false,
192 .print_notify_backchannel = false,
196 .store_dos_attributes = true,
197 .dmapi_support = false,
199 .strict_locking = Auto,
200 .posix_locking = true,
202 .kernel_oplocks = false,
203 .level2_oplocks = true,
204 .mangled_names = MANGLED_NAMES_ILLEGAL,
206 .follow_symlinks = true,
207 .sync_always = false,
208 .strict_allocate = false,
209 .strict_rename = false,
211 .mangling_char = '~',
213 .delete_readonly = false,
214 .fake_oplocks = false,
215 .delete_veto_files = false,
216 .dos_filemode = false,
217 .dos_filetimes = true,
218 .dos_filetime_resolution = false,
219 .fake_directory_create_times = false,
220 .blocking_locks = true,
221 .inherit_permissions = false,
222 .inherit_acls = false,
223 .inherit_owner = false,
225 .msdfs_shuffle_referrals = false,
226 .use_client_driver = false,
227 .default_devmode = true,
228 .force_printername = false,
229 .nt_acl_support = true,
230 .force_unknown_acl_user = false,
231 ._use_sendfile = false,
232 .map_acl_inherit = false,
235 .acl_check_permissions = true,
236 .acl_map_full_control = true,
237 .acl_group_control = false,
238 .acl_allow_execute_always = false,
241 .map_readonly = MAP_READONLY_NO,
242 .directory_name_cache_size = 100,
243 .smb_encrypt = SMB_SIGNING_DEFAULT,
244 .kernel_share_modes = true,
245 .durable_handles = true,
246 .check_parent_directory_delete_on_close = false,
248 .smbd_search_ask_sharemode = true,
249 .smbd_getinfo_ask_sharemode = true,
250 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
255 * This is a copy of the default service structure. Service options in the
256 * global section would otherwise overwrite the initial default values.
258 static struct loadparm_service sDefault;
260 /* local variables */
261 static struct loadparm_service **ServicePtrs = NULL;
262 static int iNumServices = 0;
263 static int iServiceIndex = 0;
264 static struct db_context *ServiceHash;
265 static bool bInGlobalSection = true;
266 static bool bGlobalOnly = false;
267 static struct file_lists *file_lists = NULL;
268 static unsigned int *flags_list = NULL;
270 static void set_allowed_client_auth(void);
272 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
273 static void free_param_opts(struct parmlist_entry **popts);
276 * Function to return the default value for the maximum number of open
277 * file descriptors permitted. This function tries to consult the
278 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
279 * the smaller of those.
281 static int max_open_files(void)
283 int sysctl_max = MAX_OPEN_FILES;
284 int rlimit_max = MAX_OPEN_FILES;
286 #ifdef HAVE_SYSCTLBYNAME
288 size_t size = sizeof(sysctl_max);
289 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
294 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
300 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
301 rlimit_max = rl.rlim_cur;
303 #if defined(RLIM_INFINITY)
304 if(rl.rlim_cur == RLIM_INFINITY)
305 rlimit_max = MAX_OPEN_FILES;
310 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
311 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
312 "minimum Windows limit (%d)\n",
314 MIN_OPEN_FILES_WINDOWS));
315 sysctl_max = MIN_OPEN_FILES_WINDOWS;
318 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
319 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
320 "minimum Windows limit (%d)\n",
322 MIN_OPEN_FILES_WINDOWS));
323 rlimit_max = MIN_OPEN_FILES_WINDOWS;
326 return MIN(sysctl_max, rlimit_max);
330 * Common part of freeing allocated data for one parameter.
332 static void free_one_parameter_common(void *parm_ptr,
333 struct parm_struct parm)
335 if ((parm.type == P_STRING) ||
336 (parm.type == P_USTRING))
338 lpcfg_string_free((char**)parm_ptr);
339 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
340 TALLOC_FREE(*((char***)parm_ptr));
345 * Free the allocated data for one parameter for a share
346 * given as a service struct.
348 static void free_one_parameter(struct loadparm_service *service,
349 struct parm_struct parm)
353 if (parm.p_class != P_LOCAL) {
357 parm_ptr = lp_parm_ptr(service, &parm);
359 free_one_parameter_common(parm_ptr, parm);
363 * Free the allocated parameter data of a share given
364 * as a service struct.
366 static void free_parameters(struct loadparm_service *service)
370 for (i=0; parm_table[i].label; i++) {
371 free_one_parameter(service, parm_table[i]);
376 * Free the allocated data for one parameter for a given share
377 * specified by an snum.
379 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
384 parm_ptr = lp_parm_ptr(NULL, &parm);
385 } else if (parm.p_class != P_LOCAL) {
388 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
391 free_one_parameter_common(parm_ptr, parm);
395 * Free the allocated parameter data for a share specified
398 static void free_parameters_by_snum(int snum)
402 for (i=0; parm_table[i].label; i++) {
403 free_one_parameter_by_snum(snum, parm_table[i]);
408 * Free the allocated global parameters.
410 static void free_global_parameters(void)
413 struct parm_struct *parm;
415 free_param_opts(&Globals.param_opt);
416 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
418 /* Reset references in the defaults because the context is going to be freed */
419 for (i=0; parm_table[i].label; i++) {
420 parm = &parm_table[i];
421 if ((parm->type == P_STRING) ||
422 (parm->type == P_USTRING)) {
423 if ((parm->def.svalue != NULL) &&
424 (*(parm->def.svalue) != '\0')) {
425 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
426 parm->def.svalue = NULL;
431 TALLOC_FREE(Globals.ctx);
434 struct lp_stored_option {
435 struct lp_stored_option *prev, *next;
440 static struct lp_stored_option *stored_options;
443 save options set by lp_set_cmdline() into a list. This list is
444 re-applied when we do a globals reset, so that cmdline set options
445 are sticky across reloads of smb.conf
447 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
449 struct lp_stored_option *entry, *entry_next;
450 for (entry = stored_options; entry != NULL; entry = entry_next) {
451 entry_next = entry->next;
452 if (strcmp(pszParmName, entry->label) == 0) {
453 DLIST_REMOVE(stored_options, entry);
459 entry = talloc(NULL, struct lp_stored_option);
464 entry->label = talloc_strdup(entry, pszParmName);
470 entry->value = talloc_strdup(entry, pszParmValue);
476 DLIST_ADD_END(stored_options, entry);
481 static bool apply_lp_set_cmdline(void)
483 struct lp_stored_option *entry = NULL;
484 for (entry = stored_options; entry != NULL; entry = entry->next) {
485 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
486 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
487 entry->label, entry->value));
494 /***************************************************************************
495 Initialise the global parameter structure.
496 ***************************************************************************/
498 static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
500 static bool done_init = false;
504 /* If requested to initialize only once and we've already done it... */
505 if (!reinit_globals && done_init) {
506 /* ... then we have nothing more to do */
511 /* The logfile can be set before this is invoked. Free it if so. */
512 lpcfg_string_free(&Globals.logfile);
515 free_global_parameters();
518 /* This memset and the free_global_parameters() above will
519 * wipe out smb.conf options set with lp_set_cmdline(). The
520 * apply_lp_set_cmdline() call puts these values back in the
521 * table once the defaults are set */
522 ZERO_STRUCT(Globals);
524 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
526 /* Initialize the flags list if necessary */
527 if (flags_list == NULL) {
531 for (i = 0; parm_table[i].label; i++) {
532 if ((parm_table[i].type == P_STRING ||
533 parm_table[i].type == P_USTRING))
537 (char **)lp_parm_ptr(NULL, &parm_table[i]),
543 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
544 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
546 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
548 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
550 DEBUG(3, ("Initialising global parameters\n"));
552 /* Must manually force to upper case here, as this does not go via the handler */
553 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
556 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
557 get_dyn_SMB_PASSWD_FILE());
558 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
559 get_dyn_PRIVATE_DIR());
560 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
561 get_dyn_BINDDNS_DIR());
563 /* use the new 'hash2' method by default, with a prefix of 1 */
564 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
565 Globals.mangle_prefix = 1;
567 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
569 /* using UTF8 by default allows us to support all chars */
570 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
571 DEFAULT_UNIX_CHARSET);
573 /* Use codepage 850 as a default for the dos character set */
574 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
575 DEFAULT_DOS_CHARSET);
578 * Allow the default PASSWD_CHAT to be overridden in local.h.
580 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
581 DEFAULT_PASSWD_CHAT);
583 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
585 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
586 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
588 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
590 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
592 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
594 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
597 * By default support explicit binding to broadcast
600 Globals.nmbd_bind_explicit_broadcast = true;
602 s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
604 smb_panic("init_globals: ENOMEM");
606 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
609 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
610 "/bin/sleep 999999999");
613 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
614 DEFAULT_SOCKET_OPTIONS);
616 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
617 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
618 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
619 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
620 "\\\\%N\\%U\\profile");
622 Globals.name_resolve_order =
623 str_list_make_v3_const(Globals.ctx,
624 DEFAULT_NAME_RESOLVE_ORDER,
626 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
628 Globals.algorithmic_rid_base = BASE_RID;
630 Globals.load_printers = true;
631 Globals.printcap_cache_time = 750; /* 12.5 minutes */
633 Globals.config_backend = config_backend;
634 Globals._server_role = ROLE_AUTO;
636 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
637 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
638 Globals.max_xmit = 0x4104;
639 Globals.max_mux = 50; /* This is *needed* for profile support. */
640 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
641 Globals._disable_spoolss = false;
642 Globals.max_smbd_processes = 0;/* no limit specified */
643 Globals.username_level = 0;
644 Globals.deadtime = 10080;
645 Globals.getwd_cache = true;
646 Globals.large_readwrite = true;
647 Globals.max_log_size = 5000;
648 Globals.max_open_files = max_open_files();
649 Globals.server_max_protocol = PROTOCOL_SMB3_11;
650 Globals.server_min_protocol = PROTOCOL_SMB2_02;
651 Globals._client_max_protocol = PROTOCOL_DEFAULT;
652 Globals.client_min_protocol = PROTOCOL_SMB2_02;
653 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
654 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
655 Globals._security = SEC_AUTO;
656 Globals.encrypt_passwords = true;
657 Globals.client_schannel = true;
658 Globals.winbind_sealed_pipes = true;
659 Globals.require_strong_key = true;
660 Globals.server_schannel = true;
661 Globals.read_raw = true;
662 Globals.write_raw = true;
663 Globals.null_passwords = false;
664 Globals.old_password_allowed_period = 60;
665 Globals.obey_pam_restrictions = false;
667 Globals.syslog_only = false;
668 Globals.timestamp_logs = true;
669 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
670 Globals.debug_prefix_timestamp = false;
671 Globals.debug_hires_timestamp = true;
672 Globals.debug_pid = false;
673 Globals.debug_uid = false;
674 Globals.debug_class = false;
675 Globals.enable_core_files = true;
676 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
677 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
678 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
679 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
680 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
681 Globals.lm_interval = 60;
682 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
683 Globals.nis_homedir = false;
684 #ifdef WITH_NISPLUS_HOME
685 lpcfg_string_set(Globals.ctx, &Globals.homedir_map,
686 "auto_home.org_dir");
688 lpcfg_string_set(Globals.ctx, &Globals.homedir_map, "auto.home");
691 Globals.time_server = false;
692 Globals.bind_interfaces_only = false;
693 Globals.unix_password_sync = false;
694 Globals.pam_password_change = false;
695 Globals.passwd_chat_debug = false;
696 Globals.passwd_chat_timeout = 2; /* 2 second default. */
697 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
698 Globals.nt_status_support = true; /* Use NT status by default. */
699 Globals.smbd_profiling_level = 0;
700 Globals.stat_cache = true; /* use stat cache by default */
701 Globals.max_stat_cache_size = 512; /* 512k by default */
702 Globals.restrict_anonymous = 0;
703 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
704 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
705 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
706 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
707 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
708 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
709 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
711 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
713 Globals.map_to_guest = 0; /* By Default, "Never" */
714 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
715 Globals.enhanced_browsing = true;
716 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
717 Globals.use_mmap = true;
718 Globals.unicode = true;
719 Globals.unix_extensions = true;
720 Globals.reset_on_zero_vc = false;
721 Globals.log_writeable_files_on_exit = false;
722 Globals.create_krb5_conf = true;
723 Globals.include_system_krb5_conf = true;
724 Globals._winbind_max_domain_connections = 1;
726 /* hostname lookups can be very expensive and are broken on
727 a large number of sites (tridge) */
728 Globals.hostname_lookups = false;
730 Globals.change_notify = true,
731 Globals.kernel_change_notify = true,
733 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
734 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
735 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
736 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
737 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
738 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
740 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
741 Globals.ldap_ssl = LDAP_SSL_START_TLS;
742 Globals.ldap_ssl_ads = false;
743 Globals.ldap_deref = -1;
744 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
745 Globals.ldap_delete_dn = false;
746 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
747 Globals.ldap_follow_referral = Auto;
748 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
749 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
750 Globals.ldap_page_size = LDAP_PAGE_SIZE;
752 Globals.ldap_debug_level = 0;
753 Globals.ldap_debug_threshold = 10;
755 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
757 Globals.ldap_server_require_strong_auth =
758 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
760 /* This is what we tell the afs client. in reality we set the token
761 * to never expire, though, when this runs out the afs client will
762 * forget the token. Set to 0 to get NEVERDATE.*/
763 Globals.afs_token_lifetime = 604800;
764 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
766 /* these parameters are set to defaults that are more appropriate
767 for the increasing samba install base:
769 as a member of the workgroup, that will possibly become a
770 _local_ master browser (lm = true). this is opposed to a forced
771 local master browser startup (pm = true).
773 doesn't provide WINS server service by default (wsupp = false),
774 and doesn't provide domain master browser services by default, either.
778 Globals.show_add_printer_wizard = true;
779 Globals.os_level = 20;
780 Globals.local_master = true;
781 Globals._domain_master = Auto; /* depending on _domain_logons */
782 Globals._domain_logons = false;
783 Globals.browse_list = true;
784 Globals.we_are_a_wins_server = false;
785 Globals.wins_proxy = false;
787 TALLOC_FREE(Globals.init_logon_delayed_hosts);
788 Globals.init_logon_delay = 100; /* 100 ms default delay */
790 Globals.wins_dns_proxy = true;
792 Globals.allow_trusted_domains = true;
793 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
795 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
796 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
798 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
799 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
800 dyn_WINBINDD_SOCKET_DIR);
802 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
803 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
805 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
807 Globals.cluster_addresses = NULL;
808 Globals.clustering = false;
809 Globals.ctdb_timeout = 0;
810 Globals.ctdb_locktime_warn_threshold = 0;
812 Globals.winbind_cache_time = 300; /* 5 minutes */
813 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
814 Globals.winbind_request_timeout = 60; /* 60 seconds */
815 Globals.winbind_max_clients = 200;
816 Globals.winbind_enum_users = false;
817 Globals.winbind_enum_groups = false;
818 Globals.winbind_use_default_domain = false;
819 Globals.winbind_nested_groups = true;
820 Globals.winbind_expand_groups = 0;
821 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
822 Globals.winbind_refresh_tickets = false;
823 Globals.winbind_offline_logon = false;
824 Globals.winbind_scan_trusted_domains = true;
826 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
827 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
829 Globals.passdb_expand_explicit = false;
831 Globals.name_cache_timeout = 660; /* In seconds */
833 Globals.client_use_spnego = true;
835 Globals.client_signing = SMB_SIGNING_DEFAULT;
836 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
837 Globals.server_signing = SMB_SIGNING_DEFAULT;
839 Globals.defer_sharing_violations = true;
840 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
842 Globals.enable_privileges = true;
843 Globals.host_msdfs = true;
844 Globals.enable_asu_support = false;
846 /* User defined shares. */
847 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
849 smb_panic("init_globals: ENOMEM");
851 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
853 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
854 Globals.usershare_max_shares = 0;
855 /* By default disallow sharing of directories not owned by the sharer. */
856 Globals.usershare_owner_only = true;
857 /* By default disallow guest access to usershares. */
858 Globals.usershare_allow_guests = false;
860 Globals.keepalive = DEFAULT_KEEPALIVE;
862 /* By default no shares out of the registry */
863 Globals.registry_shares = false;
865 Globals.min_receivefile_size = 0;
867 Globals.multicast_dns_register = true;
869 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
870 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
871 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
872 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
873 Globals.smb2_leases = true;
875 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
876 get_dyn_NCALRPCDIR());
878 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
880 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
882 Globals.tls_enabled = true;
883 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
885 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
886 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
887 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
888 lpcfg_string_set(Globals.ctx, &Globals.tls_priority,
889 "NORMAL:-VERS-SSL3.0");
891 lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");
893 Globals._preferred_master = Auto;
895 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
896 Globals.dns_zone_scavenging = false;
898 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
899 get_dyn_NTP_SIGND_SOCKET_DIR());
901 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
903 smb_panic("init_globals: ENOMEM");
905 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
909 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
912 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
914 smb_panic("init_globals: ENOMEM");
916 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
919 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
921 smb_panic("init_globals: ENOMEM");
923 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
926 Globals.apply_group_policies = false;
928 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
930 smb_panic("init_globals: ENOMEM");
932 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
935 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
937 Globals.cldap_port = 389;
939 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
941 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
943 Globals.krb5_port = 88;
945 Globals.kpasswd_port = 464;
947 Globals.aio_max_threads = 100;
949 lpcfg_string_set(Globals.ctx,
950 &Globals.rpc_server_dynamic_port_range,
952 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
953 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
954 Globals.prefork_children = 4;
955 Globals.prefork_backoff_increment = 10;
956 Globals.prefork_maximum_backoff = 120;
958 /* Now put back the settings that were set with lp_set_cmdline() */
959 apply_lp_set_cmdline();
962 /* Convenience routine to setup an lp_context with additional s3 variables */
963 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
965 struct loadparm_context *lp_ctx;
967 lp_ctx = loadparm_init_s3(mem_ctx,
968 loadparm_s3_helpers());
969 if (lp_ctx == NULL) {
970 DEBUG(0, ("loadparm_init_s3 failed\n"));
974 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
975 if (lp_ctx->sDefault == NULL) {
976 DBG_ERR("talloc_zero failed\n");
981 *lp_ctx->sDefault = _sDefault;
982 lp_ctx->services = NULL; /* We do not want to access this directly */
983 lp_ctx->bInGlobalSection = bInGlobalSection;
984 lp_ctx->flags = flags_list;
989 /*******************************************************************
990 Convenience routine to grab string parameters into talloced memory
991 and run standard_sub_basic on them. The buffers can be written to by
992 callers without affecting the source string.
993 ********************************************************************/
995 static char *loadparm_s3_global_substitution_fn(
997 const struct loadparm_substitution *lp_sub,
1003 /* The follow debug is useful for tracking down memory problems
1004 especially if you have an inner loop that is calling a lp_*()
1005 function that returns a string. Perhaps this debug should be
1006 present all the time? */
1009 DEBUG(10, ("lp_string(%s)\n", s));
1015 ret = talloc_sub_basic(mem_ctx,
1016 get_current_username(),
1017 current_user_info.domain,
1019 if (trim_char(ret, '\"', '\"')) {
1020 if (strchr(ret,'\"') != NULL) {
1022 ret = talloc_sub_basic(mem_ctx,
1023 get_current_username(),
1024 current_user_info.domain,
1031 static const struct loadparm_substitution s3_global_substitution = {
1032 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1035 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1037 return &s3_global_substitution;
1040 char *lp_string(TALLOC_CTX *ctx, const char *s)
1042 return lpcfg_substituted_string(ctx, &s3_global_substitution, s);
1046 In this section all the functions that are used to access the
1047 parameters from the rest of the program are defined
1050 #define FN_GLOBAL_STRING(fn_name,ptr) \
1051 char *lp_ ## fn_name(TALLOC_CTX *ctx) {return(lp_string((ctx), *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : ""));}
1052 #define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
1053 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
1054 {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
1055 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1056 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1057 #define FN_GLOBAL_LIST(fn_name,ptr) \
1058 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1059 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1060 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1061 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1062 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1063 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1064 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1066 #define FN_LOCAL_STRING(fn_name,val) \
1067 char *lp_ ## fn_name(TALLOC_CTX *ctx,int i) {return(lp_string((ctx), (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));}
1068 #define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
1069 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
1070 {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1071 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1072 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1073 #define FN_LOCAL_LIST(fn_name,val) \
1074 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1075 #define FN_LOCAL_BOOL(fn_name,val) \
1076 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1077 #define FN_LOCAL_INTEGER(fn_name,val) \
1078 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1080 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1081 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1082 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1083 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1084 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1085 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1087 int lp_winbind_max_domain_connections(void)
1089 if (lp_winbind_offline_logon() &&
1090 lp__winbind_max_domain_connections() > 1) {
1091 DEBUG(1, ("offline logons active, restricting max domain "
1092 "connections to 1\n"));
1095 return MAX(1, lp__winbind_max_domain_connections());
1098 /* These functions remain in source3/param for now */
1100 #include "lib/param/param_functions.c"
1102 FN_LOCAL_STRING(servicename, szService)
1103 FN_LOCAL_CONST_STRING(const_servicename, szService)
1105 /* These functions cannot be auto-generated */
1106 FN_LOCAL_BOOL(autoloaded, autoloaded)
1107 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1109 /* local prototypes */
1111 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1112 static const char *get_boolean(bool bool_value);
1113 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1115 static bool hash_a_service(const char *name, int number);
1116 static void free_service_byindex(int iService);
1117 static void show_parameter(int parmIndex);
1118 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1119 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1122 * This is a helper function for parametrical options support. It returns a
1123 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1124 * parametrical functions are quite simple
1126 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1129 if (snum >= iNumServices) return NULL;
1132 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1134 return get_parametric_helper(ServicePtrs[snum],
1135 type, option, Globals.param_opt);
1139 static void discard_whitespace(char *str)
1141 size_t len = strlen(str);
1145 if (isspace(str[i])) {
1146 memmove(&str[i], &str[i+1], len-i);
1155 * @brief Go through all global parametric parameters
1157 * @param regex_str A regular expression to scan param for
1158 * @param max_matches Max number of submatches the regexp expects
1159 * @param cb Function to call on match. Should return true
1160 * when it wants wi_scan_global_parametrics to stop
1162 * @param private_data Anonymous pointer passed to cb
1164 * @return 0: success, regcomp/regexec return value on error.
1165 * See "man regexec" for possible errors
1168 int lp_wi_scan_global_parametrics(
1169 const char *regex_str, size_t max_matches,
1170 bool (*cb)(const char *string, regmatch_t matches[],
1171 void *private_data),
1174 struct parmlist_entry *data;
1178 ret = regcomp(®ex, regex_str, REG_ICASE);
1183 for (data = Globals.param_opt; data != NULL; data = data->next) {
1184 size_t keylen = strlen(data->key);
1186 regmatch_t matches[max_matches];
1189 memcpy(key, data->key, sizeof(key));
1190 discard_whitespace(key);
1192 ret = regexec(®ex, key, max_matches, matches, 0);
1193 if (ret == REG_NOMATCH) {
1200 stop = cb(key, matches, private_data);
1213 #define MISSING_PARAMETER(name) \
1214 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1216 /*******************************************************************
1217 convenience routine to return enum parameters.
1218 ********************************************************************/
1219 static int lp_enum(const char *s,const struct enum_list *_enum)
1223 if (!s || !*s || !_enum) {
1224 MISSING_PARAMETER(lp_enum);
1228 for (i=0; _enum[i].name; i++) {
1229 if (strequal(_enum[i].name,s))
1230 return _enum[i].value;
1233 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1237 #undef MISSING_PARAMETER
1239 /* Return parametric option from a given service. Type is a part of option before ':' */
1240 /* Parametric option has following syntax: 'Type: option = value' */
1241 char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
1242 const struct loadparm_substitution *lp_sub,
1248 struct parmlist_entry *data = get_parametrics(snum, type, option);
1250 SMB_ASSERT(lp_sub != NULL);
1252 if (data == NULL||data->value==NULL) {
1254 return lpcfg_substituted_string(mem_ctx, lp_sub, def);
1260 return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
1263 /* Return parametric option from a given service. Type is a part of option before ':' */
1264 /* Parametric option has following syntax: 'Type: option = value' */
1265 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1267 struct parmlist_entry *data = get_parametrics(snum, type, option);
1269 if (data == NULL||data->value==NULL)
1276 /* Return parametric option from a given service. Type is a part of option before ':' */
1277 /* Parametric option has following syntax: 'Type: option = value' */
1279 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1281 struct parmlist_entry *data = get_parametrics(snum, type, option);
1283 if (data == NULL||data->value==NULL)
1284 return (const char **)def;
1286 if (data->list==NULL) {
1287 data->list = str_list_make_v3(NULL, data->value, NULL);
1290 return discard_const_p(const char *, data->list);
1293 /* Return parametric option from a given service. Type is a part of option before ':' */
1294 /* Parametric option has following syntax: 'Type: option = value' */
1296 int lp_parm_int(int snum, const char *type, const char *option, int def)
1298 struct parmlist_entry *data = get_parametrics(snum, type, option);
1300 if (data && data->value && *data->value)
1301 return lp_int(data->value);
1306 /* Return parametric option from a given service. Type is a part of option before ':' */
1307 /* Parametric option has following syntax: 'Type: option = value' */
1309 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1311 struct parmlist_entry *data = get_parametrics(snum, type, option);
1313 if (data && data->value && *data->value)
1314 return lp_ulong(data->value);
1319 /* Return parametric option from a given service. Type is a part of option before ':' */
1320 /* Parametric option has following syntax: 'Type: option = value' */
1322 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1323 const char *option, unsigned long long def)
1325 struct parmlist_entry *data = get_parametrics(snum, type, option);
1327 if (data && data->value && *data->value) {
1328 return lp_ulonglong(data->value);
1334 /* Return parametric option from a given service. Type is a part of option
1336 /* Parametric option has following syntax: 'Type: option = value' */
1338 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1340 struct parmlist_entry *data = get_parametrics(snum, type, option);
1342 if (data && data->value && *data->value)
1343 return lp_bool(data->value);
1348 /* Return parametric option from a given service. Type is a part of option before ':' */
1349 /* Parametric option has following syntax: 'Type: option = value' */
1351 int lp_parm_enum(int snum, const char *type, const char *option,
1352 const struct enum_list *_enum, int def)
1354 struct parmlist_entry *data = get_parametrics(snum, type, option);
1356 if (data && data->value && *data->value && _enum)
1357 return lp_enum(data->value, _enum);
1363 * free a param_opts structure.
1364 * param_opts handling should be moved to talloc;
1365 * then this whole functions reduces to a TALLOC_FREE().
1368 static void free_param_opts(struct parmlist_entry **popts)
1370 struct parmlist_entry *opt, *next_opt;
1372 if (*popts != NULL) {
1373 DEBUG(5, ("Freeing parametrics:\n"));
1376 while (opt != NULL) {
1377 lpcfg_string_free(&opt->key);
1378 lpcfg_string_free(&opt->value);
1379 TALLOC_FREE(opt->list);
1380 next_opt = opt->next;
1387 /***************************************************************************
1388 Free the dynamically allocated parts of a service struct.
1389 ***************************************************************************/
1391 static void free_service(struct loadparm_service *pservice)
1396 if (pservice->szService)
1397 DEBUG(5, ("free_service: Freeing service %s\n",
1398 pservice->szService));
1400 free_parameters(pservice);
1402 lpcfg_string_free(&pservice->szService);
1403 TALLOC_FREE(pservice->copymap);
1405 free_param_opts(&pservice->param_opt);
1407 ZERO_STRUCTP(pservice);
1411 /***************************************************************************
1412 remove a service indexed in the ServicePtrs array from the ServiceHash
1413 and free the dynamically allocated parts
1414 ***************************************************************************/
1416 static void free_service_byindex(int idx)
1418 if ( !LP_SNUM_OK(idx) )
1421 ServicePtrs[idx]->valid = false;
1423 /* we have to cleanup the hash record */
1425 if (ServicePtrs[idx]->szService) {
1426 char *canon_name = canonicalize_servicename(
1428 ServicePtrs[idx]->szService );
1430 dbwrap_delete_bystring(ServiceHash, canon_name );
1431 TALLOC_FREE(canon_name);
1434 free_service(ServicePtrs[idx]);
1435 TALLOC_FREE(ServicePtrs[idx]);
1438 /***************************************************************************
1439 Add a new service to the services array initialising it with the given
1441 ***************************************************************************/
1443 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1446 struct loadparm_service **tsp = NULL;
1448 /* it might already exist */
1450 i = getservicebyname(name, NULL);
1456 /* Re use empty slots if any before allocating new one.*/
1457 for (i=0; i < iNumServices; i++) {
1458 if (ServicePtrs[i] == NULL) {
1462 if (i == iNumServices) {
1463 /* if not, then create one */
1464 tsp = talloc_realloc(NULL, ServicePtrs,
1465 struct loadparm_service *,
1468 DEBUG(0, ("add_a_service: failed to enlarge "
1475 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1476 if (!ServicePtrs[i]) {
1477 DEBUG(0,("add_a_service: out of memory!\n"));
1481 ServicePtrs[i]->valid = true;
1483 copy_service(ServicePtrs[i], pservice, NULL);
1485 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1488 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1489 i, ServicePtrs[i]->szService));
1491 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1498 /***************************************************************************
1499 Convert a string to uppercase and remove whitespaces.
1500 ***************************************************************************/
1502 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1507 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1511 result = talloc_strdup(ctx, src);
1512 SMB_ASSERT(result != NULL);
1514 if (!strlower_m(result)) {
1515 TALLOC_FREE(result);
1521 /***************************************************************************
1522 Add a name/index pair for the services array to the hash table.
1523 ***************************************************************************/
1525 static bool hash_a_service(const char *name, int idx)
1529 if ( !ServiceHash ) {
1530 DEBUG(10,("hash_a_service: creating servicehash\n"));
1531 ServiceHash = db_open_rbt(NULL);
1532 if ( !ServiceHash ) {
1533 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1538 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1541 canon_name = canonicalize_servicename(talloc_tos(), name );
1543 dbwrap_store_bystring(ServiceHash, canon_name,
1544 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1547 TALLOC_FREE(canon_name);
1552 /***************************************************************************
1553 Add a new home service, with the specified home directory, defaults coming
1555 ***************************************************************************/
1557 bool lp_add_home(const char *pszHomename, int iDefaultService,
1558 const char *user, const char *pszHomedir)
1563 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1564 pszHomedir[0] == '\0') {
1568 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1573 global_path = lp_path(talloc_tos(), GLOBAL_SECTION_SNUM);
1574 if (!(*(ServicePtrs[iDefaultService]->path))
1575 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1576 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1579 TALLOC_FREE(global_path);
1581 if (!(*(ServicePtrs[i]->comment))) {
1582 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1583 if (comment == NULL) {
1586 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1588 TALLOC_FREE(comment);
1591 /* set the browseable flag from the global default */
1593 ServicePtrs[i]->browseable = sDefault.browseable;
1594 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1596 ServicePtrs[i]->autoloaded = true;
1598 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1599 user, ServicePtrs[i]->path ));
1604 /***************************************************************************
1605 Add a new service, based on an old one.
1606 ***************************************************************************/
1608 int lp_add_service(const char *pszService, int iDefaultService)
1610 if (iDefaultService < 0) {
1611 return add_a_service(&sDefault, pszService);
1614 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1617 /***************************************************************************
1618 Add the IPC service.
1619 ***************************************************************************/
1621 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1623 char *comment = NULL;
1624 int i = add_a_service(&sDefault, ipc_name);
1629 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1630 Globals.server_string);
1631 if (comment == NULL) {
1635 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1636 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1637 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1638 ServicePtrs[i]->max_connections = 0;
1639 ServicePtrs[i]->available = true;
1640 ServicePtrs[i]->read_only = true;
1641 ServicePtrs[i]->guest_only = false;
1642 ServicePtrs[i]->administrative_share = true;
1643 ServicePtrs[i]->guest_ok = guest_ok;
1644 ServicePtrs[i]->printable = false;
1645 ServicePtrs[i]->browseable = sDefault.browseable;
1646 ServicePtrs[i]->autoloaded = false;
1648 DEBUG(3, ("adding IPC service\n"));
1650 TALLOC_FREE(comment);
1654 /***************************************************************************
1655 Add a new printer service, with defaults coming from service iFrom.
1656 ***************************************************************************/
1658 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1660 const char *comment = "From Printcap";
1661 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1666 /* note that we do NOT default the availability flag to true - */
1667 /* we take it from the default service passed. This allows all */
1668 /* dynamic printers to be disabled by disabling the [printers] */
1669 /* entry (if/when the 'available' keyword is implemented!). */
1671 /* the printer name is set to the service name. */
1672 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1674 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1676 /* set the browseable flag from the gloabl default */
1677 ServicePtrs[i]->browseable = sDefault.browseable;
1679 /* Printers cannot be read_only. */
1680 ServicePtrs[i]->read_only = false;
1681 /* No oplocks on printer services. */
1682 ServicePtrs[i]->oplocks = false;
1683 /* Printer services must be printable. */
1684 ServicePtrs[i]->printable = true;
1686 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1692 /***************************************************************************
1693 Check whether the given parameter name is valid.
1694 Parametric options (names containing a colon) are considered valid.
1695 ***************************************************************************/
1697 bool lp_parameter_is_valid(const char *pszParmName)
1699 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1700 (strchr(pszParmName, ':') != NULL));
1703 /***************************************************************************
1704 Check whether the given name is the name of a global parameter.
1705 Returns true for strings belonging to parameters of class
1706 P_GLOBAL, false for all other strings, also for parametric options
1707 and strings not belonging to any option.
1708 ***************************************************************************/
1710 bool lp_parameter_is_global(const char *pszParmName)
1712 int num = lpcfg_map_parameter(pszParmName);
1715 return (parm_table[num].p_class == P_GLOBAL);
1721 /**************************************************************************
1722 Determine the canonical name for a parameter.
1723 Indicate when it is an inverse (boolean) synonym instead of a
1725 **************************************************************************/
1727 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1732 if (!lp_parameter_is_valid(parm_name)) {
1737 num = map_parameter_canonical(parm_name, inverse);
1739 /* parametric option */
1740 *canon_parm = parm_name;
1742 *canon_parm = parm_table[num].label;
1749 /**************************************************************************
1750 Determine the canonical name for a parameter.
1751 Turn the value given into the inverse boolean expression when
1752 the synonym is an invers boolean synonym.
1755 - parm_name is a valid parameter name and
1756 - val is a valid value for this parameter and
1757 - in case the parameter is an inverse boolean synonym, if the val
1758 string could successfully be converted to the reverse bool.
1759 Return false in all other cases.
1760 **************************************************************************/
1762 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1764 const char **canon_parm,
1765 const char **canon_val)
1771 if (!lp_parameter_is_valid(parm_name)) {
1777 num = map_parameter_canonical(parm_name, &inverse);
1779 /* parametric option */
1780 *canon_parm = parm_name;
1785 *canon_parm = parm_table[num].label;
1787 if (!lp_invert_boolean(val, canon_val)) {
1795 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1800 /***************************************************************************
1801 Map a parameter's string representation to the index of the canonical
1802 form of the parameter (it might be a synonym).
1803 Returns -1 if the parameter string is not recognised.
1804 ***************************************************************************/
1806 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1808 int parm_num, canon_num;
1809 bool loc_inverse = false;
1811 parm_num = lpcfg_map_parameter(pszParmName);
1812 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1813 /* invalid, parametric or no canidate for synonyms ... */
1817 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1818 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1819 parm_num = canon_num;
1825 if (inverse != NULL) {
1826 *inverse = loc_inverse;
1831 /***************************************************************************
1832 return true if parameter number parm1 is a synonym of parameter
1833 number parm2 (parm2 being the principal name).
1834 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1836 ***************************************************************************/
1838 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1840 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1841 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1842 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1843 !(parm_table[parm2].flags & FLAG_SYNONYM))
1845 if (inverse != NULL) {
1846 if ((parm_table[parm1].type == P_BOOLREV) &&
1847 (parm_table[parm2].type == P_BOOL))
1859 /***************************************************************************
1860 Show one parameter's name, type, [values,] and flags.
1861 (helper functions for show_parameter_list)
1862 ***************************************************************************/
1864 static void show_parameter(int parmIndex)
1866 size_t enumIndex, flagIndex;
1871 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1872 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1873 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1874 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1875 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1877 printf("%s=%s", parm_table[parmIndex].label,
1878 type[parm_table[parmIndex].type]);
1879 if (parm_table[parmIndex].type == P_ENUM) {
1882 parm_table[parmIndex].enum_list[enumIndex].name;
1886 enumIndex ? "|" : "",
1887 parm_table[parmIndex].enum_list[enumIndex].name);
1892 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1893 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1896 flag_names[flagIndex]);
1901 /* output synonyms */
1903 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1904 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1905 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1906 parm_table[parmIndex2].label);
1907 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1909 printf(" (synonyms: ");
1914 printf("%s%s", parm_table[parmIndex2].label,
1915 inverse ? "[i]" : "");
1926 * Check the value for a P_ENUM
1928 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1932 for (i = 0; parm->enum_list[i].name; i++) {
1933 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1940 /**************************************************************************
1941 Check whether the given value is valid for the given parameter name.
1942 **************************************************************************/
1944 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1946 bool ret = false, tmp_bool;
1947 int num = lpcfg_map_parameter(parm_name), tmp_int;
1948 uint64_t tmp_int64 = 0;
1949 struct parm_struct *parm;
1951 /* parametric options (parameter names containing a colon) cannot
1952 be checked and are therefore considered valid. */
1953 if (strchr(parm_name, ':') != NULL) {
1958 parm = &parm_table[num];
1959 switch (parm->type) {
1962 ret = set_boolean(val, &tmp_bool);
1966 ret = (sscanf(val, "%d", &tmp_int) == 1);
1970 ret = (sscanf(val, "%o", &tmp_int) == 1);
1974 ret = check_enum_parameter(parm, val);
1978 if (conv_str_size_error(val, &tmp_int64) &&
1979 tmp_int64 <= INT_MAX) {
1996 /***************************************************************************
1997 Show all parameter's name, type, [values,] and flags.
1998 ***************************************************************************/
2000 void show_parameter_list(void)
2002 int classIndex, parmIndex;
2003 const char *section_names[] = { "local", "global", NULL};
2005 for (classIndex=0; section_names[classIndex]; classIndex++) {
2006 printf("[%s]\n", section_names[classIndex]);
2007 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
2008 if (parm_table[parmIndex].p_class == classIndex) {
2009 show_parameter(parmIndex);
2015 /***************************************************************************
2016 Get the standard string representation of a boolean value ("yes" or "no")
2017 ***************************************************************************/
2019 static const char *get_boolean(bool bool_value)
2021 static const char *yes_str = "yes";
2022 static const char *no_str = "no";
2024 return (bool_value ? yes_str : no_str);
2027 /***************************************************************************
2028 Provide the string of the negated boolean value associated to the boolean
2029 given as a string. Returns false if the passed string does not correctly
2030 represent a boolean.
2031 ***************************************************************************/
2033 bool lp_invert_boolean(const char *str, const char **inverse_str)
2037 if (!set_boolean(str, &val)) {
2041 *inverse_str = get_boolean(!val);
2045 /***************************************************************************
2046 Provide the canonical string representation of a boolean value given
2047 as a string. Return true on success, false if the string given does
2048 not correctly represent a boolean.
2049 ***************************************************************************/
2051 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2055 if (!set_boolean(str, &val)) {
2059 *canon_str = get_boolean(val);
2063 /***************************************************************************
2064 Find a service by name. Otherwise works like get_service.
2065 ***************************************************************************/
2067 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2074 if (ServiceHash == NULL) {
2078 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2080 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2083 if (NT_STATUS_IS_OK(status) &&
2084 (data.dptr != NULL) &&
2085 (data.dsize == sizeof(iService)))
2087 memcpy(&iService, data.dptr, sizeof(iService));
2090 TALLOC_FREE(canon_name);
2092 if ((iService != -1) && (LP_SNUM_OK(iService))
2093 && (pserviceDest != NULL)) {
2094 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2100 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2101 struct loadparm_service *lp_service(const char *pszServiceName)
2103 int iService = getservicebyname(pszServiceName, NULL);
2104 if (iService == -1 || !LP_SNUM_OK(iService)) {
2107 return ServicePtrs[iService];
2110 struct loadparm_service *lp_servicebynum(int snum)
2112 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2115 return ServicePtrs[snum];
2118 struct loadparm_service *lp_default_loadparm_service()
2123 static struct smbconf_ctx *lp_smbconf_ctx(void)
2126 static struct smbconf_ctx *conf_ctx = NULL;
2128 if (conf_ctx == NULL) {
2129 err = smbconf_init(NULL, &conf_ctx, "registry:");
2130 if (!SBC_ERROR_IS_OK(err)) {
2131 DEBUG(1, ("error initializing registry configuration: "
2132 "%s\n", sbcErrorString(err)));
2140 static bool process_smbconf_service(struct smbconf_service *service)
2145 if (service == NULL) {
2149 ret = lp_do_section(service->name, NULL);
2153 for (count = 0; count < service->num_params; count++) {
2155 if (!bInGlobalSection && bGlobalOnly) {
2158 const char *pszParmName = service->param_names[count];
2159 const char *pszParmValue = service->param_values[count];
2161 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2163 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2164 pszParmName, pszParmValue);
2171 if (iServiceIndex >= 0) {
2172 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2178 * load a service from registry and activate it
2180 bool process_registry_service(const char *service_name)
2183 struct smbconf_service *service = NULL;
2184 TALLOC_CTX *mem_ctx = talloc_stackframe();
2185 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2188 if (conf_ctx == NULL) {
2192 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2194 if (!smbconf_share_exists(conf_ctx, service_name)) {
2196 * Registry does not contain data for this service (yet),
2197 * but make sure lp_load doesn't return false.
2203 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2204 if (!SBC_ERROR_IS_OK(err)) {
2208 ret = process_smbconf_service(service);
2214 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2217 TALLOC_FREE(mem_ctx);
2222 * process_registry_globals
2224 static bool process_registry_globals(void)
2228 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2230 if (!bInGlobalSection && bGlobalOnly) {
2233 const char *pszParmName = "registry shares";
2234 const char *pszParmValue = "yes";
2236 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2238 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2239 pszParmName, pszParmValue);
2246 return process_registry_service(GLOBAL_NAME);
2249 bool process_registry_shares(void)
2253 struct smbconf_service **service = NULL;
2254 uint32_t num_shares = 0;
2255 TALLOC_CTX *mem_ctx = talloc_stackframe();
2256 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2259 if (conf_ctx == NULL) {
2263 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2264 if (!SBC_ERROR_IS_OK(err)) {
2270 for (count = 0; count < num_shares; count++) {
2271 if (strequal(service[count]->name, GLOBAL_NAME)) {
2274 ret = process_smbconf_service(service[count]);
2281 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2284 TALLOC_FREE(mem_ctx);
2289 * reload those shares from registry that are already
2290 * activated in the services array.
2292 static bool reload_registry_shares(void)
2297 for (i = 0; i < iNumServices; i++) {
2302 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2306 ret = process_registry_service(ServicePtrs[i]->szService);
2317 #define MAX_INCLUDE_DEPTH 100
2319 static uint8_t include_depth;
2322 * Free the file lists
2324 static void free_file_list(void)
2326 struct file_lists *f;
2327 struct file_lists *next;
2340 * Utility function for outsiders to check if we're running on registry.
2342 bool lp_config_backend_is_registry(void)
2344 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2348 * Utility function to check if the config backend is FILE.
2350 bool lp_config_backend_is_file(void)
2352 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2355 /*******************************************************************
2356 Check if a config file has changed date.
2357 ********************************************************************/
2359 bool lp_file_list_changed(void)
2361 struct file_lists *f = file_lists;
2363 DEBUG(6, ("lp_file_list_changed()\n"));
2366 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2367 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2369 if (conf_ctx == NULL) {
2372 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2375 DEBUGADD(6, ("registry config changed\n"));
2382 n2 = talloc_sub_basic(talloc_tos(),
2383 get_current_username(),
2384 current_user_info.domain,
2389 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2390 f->name, n2, ctime(&f->modtime)));
2392 mod_time = file_modtime(n2);
2395 ((f->modtime != mod_time) ||
2396 (f->subfname == NULL) ||
2397 (strcmp(n2, f->subfname) != 0)))
2400 ("file %s modified: %s\n", n2,
2402 f->modtime = mod_time;
2403 TALLOC_FREE(f->subfname);
2404 f->subfname = talloc_strdup(f, n2);
2405 if (f->subfname == NULL) {
2406 smb_panic("talloc_strdup failed");
2420 * Initialize iconv conversion descriptors.
2422 * This is called the first time it is needed, and also called again
2423 * every time the configuration is reloaded, because the charset or
2424 * codepage might have changed.
2426 static void init_iconv(void)
2428 struct smb_iconv_handle *ret = NULL;
2430 ret = reinit_iconv_handle(NULL,
2434 smb_panic("reinit_iconv_handle failed");
2438 /***************************************************************************
2439 Handle the include operation.
2440 ***************************************************************************/
2441 static bool bAllowIncludeRegistry = true;
2443 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2444 const char *pszParmValue, char **ptr)
2448 if (include_depth >= MAX_INCLUDE_DEPTH) {
2449 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2454 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2455 if (!bAllowIncludeRegistry) {
2458 if (lp_ctx->bInGlobalSection) {
2461 ret = process_registry_globals();
2465 DEBUG(1, ("\"include = registry\" only effective "
2466 "in %s section\n", GLOBAL_NAME));
2471 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2472 current_user_info.domain,
2475 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2477 if (service == NULL) {
2478 lpcfg_string_set(Globals.ctx, ptr, fname);
2480 lpcfg_string_set(service, ptr, fname);
2483 if (file_exist(fname)) {
2486 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2492 DEBUG(2, ("Can't find include file %s\n", fname));
2497 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2499 char *config_option = NULL;
2500 const char *range = NULL;
2503 SMB_ASSERT(low != NULL);
2504 SMB_ASSERT(high != NULL);
2506 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2510 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2512 if (config_option == NULL) {
2513 DEBUG(0, ("out of memory\n"));
2517 range = lp_parm_const_string(-1, config_option, "range", NULL);
2518 if (range == NULL) {
2519 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2523 if (sscanf(range, "%u - %u", low, high) != 2) {
2524 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2525 range, domain_name));
2532 talloc_free(config_option);
2537 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2539 return lp_idmap_range("*", low, high);
2542 const char *lp_idmap_backend(const char *domain_name)
2544 char *config_option = NULL;
2545 const char *backend = NULL;
2547 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2551 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2553 if (config_option == NULL) {
2554 DEBUG(0, ("out of memory\n"));
2558 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2559 if (backend == NULL) {
2560 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2565 talloc_free(config_option);
2569 const char *lp_idmap_default_backend(void)
2571 return lp_idmap_backend("*");
2574 /***************************************************************************
2575 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2576 ***************************************************************************/
2578 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2580 const char *suffix_string;
2582 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2583 Globals.ldap_suffix );
2584 if ( !suffix_string ) {
2585 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2589 return suffix_string;
2592 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2594 if (Globals._ldap_machine_suffix[0])
2595 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2597 return lp_string(ctx, Globals.ldap_suffix);
2600 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2602 if (Globals._ldap_user_suffix[0])
2603 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2605 return lp_string(ctx, Globals.ldap_suffix);
2608 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2610 if (Globals._ldap_group_suffix[0])
2611 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2613 return lp_string(ctx, Globals.ldap_suffix);
2616 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2618 if (Globals._ldap_idmap_suffix[0])
2619 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2621 return lp_string(ctx, Globals.ldap_suffix);
2625 return the parameter pointer for a parameter
2627 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2629 if (service == NULL) {
2630 if (parm->p_class == P_LOCAL)
2631 return (void *)(((char *)&sDefault)+parm->offset);
2632 else if (parm->p_class == P_GLOBAL)
2633 return (void *)(((char *)&Globals)+parm->offset);
2636 return (void *)(((char *)service) + parm->offset);
2640 /***************************************************************************
2641 Process a parameter for a particular service number. If snum < 0
2642 then assume we are in the globals.
2643 ***************************************************************************/
2645 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2647 TALLOC_CTX *frame = talloc_stackframe();
2648 struct loadparm_context *lp_ctx;
2651 lp_ctx = setup_lp_context(frame);
2652 if (lp_ctx == NULL) {
2658 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2660 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2661 pszParmName, pszParmValue);
2669 /***************************************************************************
2670 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2671 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2672 ***************************************************************************/
2674 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2677 parmnum = lpcfg_map_parameter(pszParmName);
2679 flags_list[parmnum] &= ~FLAG_CMDLINE;
2680 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2683 flags_list[parmnum] |= FLAG_CMDLINE;
2685 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2686 * be grouped in the table, so we don't have to search the
2689 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2690 && parm_table[i].p_class == parm_table[parmnum].p_class;
2692 flags_list[i] |= FLAG_CMDLINE;
2694 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2695 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2696 flags_list[i] |= FLAG_CMDLINE;
2702 /* it might be parametric */
2703 if (strchr(pszParmName, ':') != NULL) {
2704 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2708 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2712 bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
2715 TALLOC_CTX *frame = talloc_stackframe();
2716 struct loadparm_context *lp_ctx;
2718 lp_ctx = setup_lp_context(frame);
2719 if (lp_ctx == NULL) {
2724 ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
2730 /***************************************************************************
2731 Process a parameter.
2732 ***************************************************************************/
2734 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2737 if (!bInGlobalSection && bGlobalOnly)
2740 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2742 if (bInGlobalSection) {
2743 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2745 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2746 pszParmName, pszParmValue);
2750 /***************************************************************************
2751 Initialize any local variables in the sDefault table, after parsing a
2753 ***************************************************************************/
2755 static void init_locals(void)
2758 * We run this check once the [globals] is parsed, to force
2759 * the VFS objects and other per-share settings we need for
2760 * the standard way a AD DC is operated. We may change these
2761 * as our code evolves, which is why we force these settings.
2763 * We can't do this at the end of lp_load_ex(), as by that
2764 * point the services have been loaded and they will already
2765 * have "" as their vfs objects.
2767 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2768 const char **vfs_objects = lp_vfs_objects(-1);
2769 if (!vfs_objects || !vfs_objects[0]) {
2770 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2771 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2772 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2773 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2775 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2779 lp_do_parameter(-1, "map hidden", "no");
2780 lp_do_parameter(-1, "map system", "no");
2781 lp_do_parameter(-1, "map readonly", "no");
2782 lp_do_parameter(-1, "map archive", "no");
2783 lp_do_parameter(-1, "store dos attributes", "yes");
2787 /***************************************************************************
2788 Process a new section (service). At this stage all sections are services.
2789 Later we'll have special sections that permit server parameters to be set.
2790 Returns true on success, false on failure.
2791 ***************************************************************************/
2793 bool lp_do_section(const char *pszSectionName, void *userdata)
2795 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2797 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2798 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2800 /* if we were in a global section then do the local inits */
2801 if (bInGlobalSection && !isglobal)
2804 /* if we've just struck a global section, note the fact. */
2805 bInGlobalSection = isglobal;
2806 if (lp_ctx != NULL) {
2807 lp_ctx->bInGlobalSection = isglobal;
2810 /* check for multiple global sections */
2811 if (bInGlobalSection) {
2812 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2816 if (!bInGlobalSection && bGlobalOnly)
2819 /* if we have a current service, tidy it up before moving on */
2822 if (iServiceIndex >= 0)
2823 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2825 /* if all is still well, move to the next record in the services array */
2827 /* We put this here to avoid an odd message order if messages are */
2828 /* issued by the post-processing of a previous section. */
2829 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2831 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2832 if (iServiceIndex < 0) {
2833 DEBUG(0, ("Failed to add a new service\n"));
2836 /* Clean all parametric options for service */
2837 /* They will be added during parsing again */
2838 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2844 /***************************************************************************
2845 Display the contents of a parameter of a single services record.
2846 ***************************************************************************/
2848 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2850 bool result = false;
2851 struct loadparm_context *lp_ctx;
2853 lp_ctx = setup_lp_context(talloc_tos());
2854 if (lp_ctx == NULL) {
2859 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2861 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2863 TALLOC_FREE(lp_ctx);
2868 /***************************************************************************
2869 Display the contents of a single copy structure.
2870 ***************************************************************************/
2871 static void dump_copy_map(bool *pcopymap)
2877 printf("\n\tNon-Copied parameters:\n");
2879 for (i = 0; parm_table[i].label; i++)
2880 if (parm_table[i].p_class == P_LOCAL &&
2881 parm_table[i].ptr && !pcopymap[i] &&
2882 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2884 printf("\t\t%s\n", parm_table[i].label);
2889 /***************************************************************************
2890 Return TRUE if the passed service number is within range.
2891 ***************************************************************************/
2893 bool lp_snum_ok(int iService)
2895 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2898 /***************************************************************************
2899 Auto-load some home services.
2900 ***************************************************************************/
2902 static void lp_add_auto_services(char *str)
2912 s = talloc_strdup(talloc_tos(), str);
2914 smb_panic("talloc_strdup failed");
2918 homes = lp_servicenumber(HOMES_NAME);
2920 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2921 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2924 if (lp_servicenumber(p) >= 0)
2927 home = get_user_home_dir(talloc_tos(), p);
2929 if (home && home[0] && homes >= 0)
2930 lp_add_home(p, homes, p, home);
2937 /***************************************************************************
2938 Auto-load one printer.
2939 ***************************************************************************/
2941 void lp_add_one_printer(const char *name, const char *comment,
2942 const char *location, void *pdata)
2944 int printers = lp_servicenumber(PRINTERS_NAME);
2947 if (lp_servicenumber(name) < 0) {
2948 lp_add_printer(name, printers);
2949 if ((i = lp_servicenumber(name)) >= 0) {
2950 lpcfg_string_set(ServicePtrs[i],
2951 &ServicePtrs[i]->comment, comment);
2952 ServicePtrs[i]->autoloaded = true;
2957 /***************************************************************************
2958 Have we loaded a services file yet?
2959 ***************************************************************************/
2961 bool lp_loaded(void)
2966 /***************************************************************************
2967 Unload unused services.
2968 ***************************************************************************/
2970 void lp_killunused(struct smbd_server_connection *sconn,
2971 bool (*snumused) (struct smbd_server_connection *, int))
2974 for (i = 0; i < iNumServices; i++) {
2978 /* don't kill autoloaded or usershare services */
2979 if ( ServicePtrs[i]->autoloaded ||
2980 ServicePtrs[i]->usershare == USERSHARE_VALID) {
2984 if (!snumused || !snumused(sconn, i)) {
2985 free_service_byindex(i);
2991 * Kill all except autoloaded and usershare services - convenience wrapper
2993 void lp_kill_all_services(void)
2995 lp_killunused(NULL, NULL);
2998 /***************************************************************************
3000 ***************************************************************************/
3002 void lp_killservice(int iServiceIn)
3004 if (VALID(iServiceIn)) {
3005 free_service_byindex(iServiceIn);
3009 /***************************************************************************
3010 Save the curent values of all global and sDefault parameters into the
3011 defaults union. This allows testparm to show only the
3012 changed (ie. non-default) parameters.
3013 ***************************************************************************/
3015 static void lp_save_defaults(void)
3018 struct parmlist_entry * parm;
3019 for (i = 0; parm_table[i].label; i++) {
3020 if (!(flags_list[i] & FLAG_CMDLINE)) {
3021 flags_list[i] |= FLAG_DEFAULT;
3024 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3025 && parm_table[i].p_class == parm_table[i - 1].p_class)
3027 switch (parm_table[i].type) {
3030 parm_table[i].def.lvalue = str_list_copy(
3031 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3037 &parm_table[i].def.svalue,
3038 *(char **)lp_parm_ptr(
3039 NULL, &parm_table[i]));
3040 if (parm_table[i].def.svalue == NULL) {
3041 smb_panic("lpcfg_string_set() failed");
3046 parm_table[i].def.bvalue =
3047 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3050 parm_table[i].def.cvalue =
3051 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3057 parm_table[i].def.ivalue =
3058 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3063 for (parm=Globals.param_opt; parm; parm=parm->next) {
3064 if (!(parm->priority & FLAG_CMDLINE)) {
3065 parm->priority |= FLAG_DEFAULT;
3069 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3070 if (!(parm->priority & FLAG_CMDLINE)) {
3071 parm->priority |= FLAG_DEFAULT;
3075 defaults_saved = true;
3078 /***********************************************************
3079 If we should send plaintext/LANMAN passwords in the clinet
3080 ************************************************************/
3082 static void set_allowed_client_auth(void)
3084 if (Globals.client_ntlmv2_auth) {
3085 Globals.client_lanman_auth = false;
3087 if (!Globals.client_lanman_auth) {
3088 Globals.client_plaintext_auth = false;
3092 /***************************************************************************
3094 The following code allows smbd to read a user defined share file.
3095 Yes, this is my intent. Yes, I'm comfortable with that...
3097 THE FOLLOWING IS SECURITY CRITICAL CODE.
3099 It washes your clothes, it cleans your house, it guards you while you sleep...
3100 Do not f%^k with it....
3101 ***************************************************************************/
3103 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3105 /***************************************************************************
3106 Check allowed stat state of a usershare file.
3107 Ensure we print out who is dicking with us so the admin can
3108 get their sorry ass fired.
3109 ***************************************************************************/
3111 static bool check_usershare_stat(const char *fname,
3112 const SMB_STRUCT_STAT *psbuf)
3114 if (!S_ISREG(psbuf->st_ex_mode)) {
3115 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3116 "not a regular file\n",
3117 fname, (unsigned int)psbuf->st_ex_uid ));
3121 /* Ensure this doesn't have the other write bit set. */
3122 if (psbuf->st_ex_mode & S_IWOTH) {
3123 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3124 "public write. Refusing to allow as a usershare file.\n",
3125 fname, (unsigned int)psbuf->st_ex_uid ));
3129 /* Should be 10k or less. */
3130 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3131 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3132 "too large (%u) to be a user share file.\n",
3133 fname, (unsigned int)psbuf->st_ex_uid,
3134 (unsigned int)psbuf->st_ex_size ));
3141 /***************************************************************************
3142 Parse the contents of a usershare file.
3143 ***************************************************************************/
3145 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3146 SMB_STRUCT_STAT *psbuf,
3147 const char *servicename,
3151 char **pp_sharepath,
3153 char **pp_cp_servicename,
3154 struct security_descriptor **ppsd,
3157 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3158 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3161 SMB_STRUCT_STAT sbuf;
3162 char *sharepath = NULL;
3163 char *comment = NULL;
3165 *pp_sharepath = NULL;
3168 *pallow_guest = false;
3171 return USERSHARE_MALFORMED_FILE;
3174 if (strcmp(lines[0], "#VERSION 1") == 0) {
3176 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3179 return USERSHARE_MALFORMED_FILE;
3182 return USERSHARE_BAD_VERSION;
3185 if (strncmp(lines[1], "path=", 5) != 0) {
3186 return USERSHARE_MALFORMED_PATH;
3189 sharepath = talloc_strdup(ctx, &lines[1][5]);
3191 return USERSHARE_POSIX_ERR;
3193 trim_string(sharepath, " ", " ");
3195 if (strncmp(lines[2], "comment=", 8) != 0) {
3196 return USERSHARE_MALFORMED_COMMENT_DEF;
3199 comment = talloc_strdup(ctx, &lines[2][8]);
3201 return USERSHARE_POSIX_ERR;
3203 trim_string(comment, " ", " ");
3204 trim_char(comment, '"', '"');
3206 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3207 return USERSHARE_MALFORMED_ACL_DEF;
3210 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3211 return USERSHARE_ACL_ERR;
3215 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3216 return USERSHARE_MALFORMED_ACL_DEF;
3218 if (lines[4][9] == 'y') {
3219 *pallow_guest = true;
3222 /* Backwards compatible extension to file version #2. */
3224 if (strncmp(lines[5], "sharename=", 10) != 0) {
3225 return USERSHARE_MALFORMED_SHARENAME_DEF;
3227 if (!strequal(&lines[5][10], servicename)) {
3228 return USERSHARE_BAD_SHARENAME;
3230 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3231 if (!*pp_cp_servicename) {
3232 return USERSHARE_POSIX_ERR;
3237 if (*pp_cp_servicename == NULL) {
3238 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3239 if (!*pp_cp_servicename) {
3240 return USERSHARE_POSIX_ERR;
3244 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3245 /* Path didn't change, no checks needed. */
3246 *pp_sharepath = sharepath;
3247 *pp_comment = comment;
3248 return USERSHARE_OK;
3251 /* The path *must* be absolute. */
3252 if (sharepath[0] != '/') {
3253 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3254 servicename, sharepath));
3255 return USERSHARE_PATH_NOT_ABSOLUTE;
3258 /* If there is a usershare prefix deny list ensure one of these paths
3259 doesn't match the start of the user given path. */
3260 if (prefixdenylist) {
3262 for ( i=0; prefixdenylist[i]; i++ ) {
3263 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3264 servicename, i, prefixdenylist[i], sharepath ));
3265 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3266 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3267 "usershare prefix deny list entries.\n",
3268 servicename, sharepath));
3269 return USERSHARE_PATH_IS_DENIED;
3274 /* If there is a usershare prefix allow list ensure one of these paths
3275 does match the start of the user given path. */
3277 if (prefixallowlist) {
3279 for ( i=0; prefixallowlist[i]; i++ ) {
3280 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3281 servicename, i, prefixallowlist[i], sharepath ));
3282 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3286 if (prefixallowlist[i] == NULL) {
3287 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3288 "usershare prefix allow list entries.\n",
3289 servicename, sharepath));
3290 return USERSHARE_PATH_NOT_ALLOWED;
3294 /* Ensure this is pointing to a directory. */
3295 dp = opendir(sharepath);
3298 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3299 servicename, sharepath));
3300 return USERSHARE_PATH_NOT_DIRECTORY;
3303 /* Ensure the owner of the usershare file has permission to share
3306 if (sys_stat(sharepath, &sbuf, false) == -1) {
3307 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3308 servicename, sharepath, strerror(errno) ));
3310 return USERSHARE_POSIX_ERR;
3315 if (!S_ISDIR(sbuf.st_ex_mode)) {
3316 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3317 servicename, sharepath ));
3318 return USERSHARE_PATH_NOT_DIRECTORY;
3321 /* Check if sharing is restricted to owner-only. */
3322 /* psbuf is the stat of the usershare definition file,
3323 sbuf is the stat of the target directory to be shared. */
3325 if (lp_usershare_owner_only()) {
3326 /* root can share anything. */
3327 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3328 return USERSHARE_PATH_NOT_ALLOWED;
3332 *pp_sharepath = sharepath;
3333 *pp_comment = comment;
3334 return USERSHARE_OK;
3337 /***************************************************************************
3338 Deal with a usershare file.
3341 -1 - Bad name, invalid contents.
3342 - service name already existed and not a usershare, problem
3343 with permissions to share directory etc.
3344 ***************************************************************************/
3346 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3348 SMB_STRUCT_STAT sbuf;
3349 SMB_STRUCT_STAT lsbuf;
3351 char *sharepath = NULL;
3352 char *comment = NULL;
3353 char *cp_service_name = NULL;
3354 char **lines = NULL;
3358 TALLOC_CTX *ctx = talloc_stackframe();
3359 struct security_descriptor *psd = NULL;
3360 bool guest_ok = false;
3361 char *canon_name = NULL;
3362 bool added_service = false;
3366 /* Ensure share name doesn't contain invalid characters. */
3367 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3368 DEBUG(0,("process_usershare_file: share name %s contains "
3369 "invalid characters (any of %s)\n",
3370 file_name, INVALID_SHARENAME_CHARS ));
3374 canon_name = canonicalize_servicename(ctx, file_name);
3379 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3384 /* Minimize the race condition by doing an lstat before we
3385 open and fstat. Ensure this isn't a symlink link. */
3387 if (sys_lstat(fname, &lsbuf, false) != 0) {
3388 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3389 fname, strerror(errno) ));
3393 /* This must be a regular file, not a symlink, directory or
3394 other strange filetype. */
3395 if (!check_usershare_stat(fname, &lsbuf)) {
3402 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3407 if (NT_STATUS_IS_OK(status) &&
3408 (data.dptr != NULL) &&
3409 (data.dsize == sizeof(iService))) {
3410 memcpy(&iService, data.dptr, sizeof(iService));
3414 if (iService != -1 &&
3415 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3416 &lsbuf.st_ex_mtime) == 0) {
3417 /* Nothing changed - Mark valid and return. */
3418 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3420 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3425 /* Try and open the file read only - no symlinks allowed. */
3427 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3429 fd = open(fname, O_RDONLY, 0);
3433 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3434 fname, strerror(errno) ));
3438 /* Now fstat to be *SURE* it's a regular file. */
3439 if (sys_fstat(fd, &sbuf, false) != 0) {
3441 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3442 fname, strerror(errno) ));
3446 /* Is it the same dev/inode as was lstated ? */
3447 if (!check_same_stat(&lsbuf, &sbuf)) {
3449 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3450 "Symlink spoofing going on ?\n", fname ));
3454 /* This must be a regular file, not a symlink, directory or
3455 other strange filetype. */
3456 if (!check_usershare_stat(fname, &sbuf)) {
3461 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3464 if (lines == NULL) {
3465 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3466 fname, (unsigned int)sbuf.st_ex_uid ));
3470 if (parse_usershare_file(ctx, &sbuf, file_name,
3471 iService, lines, numlines, &sharepath,
3472 &comment, &cp_service_name,
3473 &psd, &guest_ok) != USERSHARE_OK) {
3477 /* Everything ok - add the service possibly using a template. */
3479 const struct loadparm_service *sp = &sDefault;
3480 if (snum_template != -1) {
3481 sp = ServicePtrs[snum_template];
3484 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3485 DEBUG(0, ("process_usershare_file: Failed to add "
3486 "new service %s\n", cp_service_name));
3490 added_service = true;
3492 /* Read only is controlled by usershare ACL below. */
3493 ServicePtrs[iService]->read_only = false;
3496 /* Write the ACL of the new/modified share. */
3497 status = set_share_security(canon_name, psd);
3498 if (!NT_STATUS_IS_OK(status)) {
3499 DEBUG(0, ("process_usershare_file: Failed to set share "
3500 "security for user share %s\n",
3505 /* If from a template it may be marked invalid. */
3506 ServicePtrs[iService]->valid = true;
3508 /* Set the service as a valid usershare. */
3509 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3511 /* Set guest access. */
3512 if (lp_usershare_allow_guests()) {
3513 ServicePtrs[iService]->guest_ok = guest_ok;
3516 /* And note when it was loaded. */
3517 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3518 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3520 lpcfg_string_set(ServicePtrs[iService],
3521 &ServicePtrs[iService]->comment, comment);
3527 if (ret == -1 && iService != -1 && added_service) {
3528 lp_remove_service(iService);
3536 /***************************************************************************
3537 Checks if a usershare entry has been modified since last load.
3538 ***************************************************************************/
3540 static bool usershare_exists(int iService, struct timespec *last_mod)
3542 SMB_STRUCT_STAT lsbuf;
3543 const char *usersharepath = Globals.usershare_path;
3546 fname = talloc_asprintf(talloc_tos(),
3549 ServicePtrs[iService]->szService);
3550 if (fname == NULL) {
3554 if (sys_lstat(fname, &lsbuf, false) != 0) {
3559 if (!S_ISREG(lsbuf.st_ex_mode)) {
3565 *last_mod = lsbuf.st_ex_mtime;
3569 static bool usershare_directory_is_root(uid_t uid)
3575 if (uid_wrapper_enabled()) {
3582 /***************************************************************************
3583 Load a usershare service by name. Returns a valid servicenumber or -1.
3584 ***************************************************************************/
3586 int load_usershare_service(const char *servicename)
3588 SMB_STRUCT_STAT sbuf;
3589 const char *usersharepath = Globals.usershare_path;
3590 int max_user_shares = Globals.usershare_max_shares;
3591 int snum_template = -1;
3593 if (*usersharepath == 0 || max_user_shares == 0) {
3597 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3598 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3599 usersharepath, strerror(errno) ));
3603 if (!S_ISDIR(sbuf.st_ex_mode)) {
3604 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3610 * This directory must be owned by root, and have the 't' bit set.
3611 * It also must not be writable by "other".
3615 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3616 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3618 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3619 (sbuf.st_ex_mode & S_IWOTH)) {
3621 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3622 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3627 /* Ensure the template share exists if it's set. */
3628 if (Globals.usershare_template_share[0]) {
3629 /* We can't use lp_servicenumber here as we are recommending that
3630 template shares have -valid=false set. */
3631 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3632 if (ServicePtrs[snum_template]->szService &&
3633 strequal(ServicePtrs[snum_template]->szService,
3634 Globals.usershare_template_share)) {
3639 if (snum_template == -1) {
3640 DEBUG(0,("load_usershare_service: usershare template share %s "
3641 "does not exist.\n",
3642 Globals.usershare_template_share ));
3647 return process_usershare_file(usersharepath, servicename, snum_template);
3650 /***************************************************************************
3651 Load all user defined shares from the user share directory.
3652 We only do this if we're enumerating the share list.
3653 This is the function that can delete usershares that have
3655 ***************************************************************************/
3657 int load_usershare_shares(struct smbd_server_connection *sconn,
3658 bool (*snumused) (struct smbd_server_connection *, int))
3661 SMB_STRUCT_STAT sbuf;
3663 int num_usershares = 0;
3664 int max_user_shares = Globals.usershare_max_shares;
3665 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3666 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3667 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3669 int snum_template = -1;
3670 const char *usersharepath = Globals.usershare_path;
3671 int ret = lp_numservices();
3672 TALLOC_CTX *tmp_ctx;
3674 if (max_user_shares == 0 || *usersharepath == '\0') {
3675 return lp_numservices();
3678 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3679 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3680 usersharepath, strerror(errno) ));
3685 * This directory must be owned by root, and have the 't' bit set.
3686 * It also must not be writable by "other".
3690 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3692 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3694 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3695 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3700 /* Ensure the template share exists if it's set. */
3701 if (Globals.usershare_template_share[0]) {
3702 /* We can't use lp_servicenumber here as we are recommending that
3703 template shares have -valid=false set. */
3704 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3705 if (ServicePtrs[snum_template]->szService &&
3706 strequal(ServicePtrs[snum_template]->szService,
3707 Globals.usershare_template_share)) {
3712 if (snum_template == -1) {
3713 DEBUG(0,("load_usershare_shares: usershare template share %s "
3714 "does not exist.\n",
3715 Globals.usershare_template_share ));
3720 /* Mark all existing usershares as pending delete. */
3721 for (iService = iNumServices - 1; iService >= 0; iService--) {
3722 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3723 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3727 dp = opendir(usersharepath);
3729 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3730 usersharepath, strerror(errno) ));
3734 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3736 num_dir_entries++ ) {
3738 const char *n = de->d_name;
3740 /* Ignore . and .. */
3742 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3748 /* Temporary file used when creating a share. */
3749 num_tmp_dir_entries++;
3752 /* Allow 20% tmp entries. */
3753 if (num_tmp_dir_entries > allowed_tmp_entries) {
3754 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3755 "in directory %s\n",
3756 num_tmp_dir_entries, usersharepath));
3760 r = process_usershare_file(usersharepath, n, snum_template);
3762 /* Update the services count. */
3764 if (num_usershares >= max_user_shares) {
3765 DEBUG(0,("load_usershare_shares: max user shares reached "
3766 "on file %s in directory %s\n",
3767 n, usersharepath ));
3770 } else if (r == -1) {
3771 num_bad_dir_entries++;
3774 /* Allow 20% bad entries. */
3775 if (num_bad_dir_entries > allowed_bad_entries) {
3776 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3777 "in directory %s\n",
3778 num_bad_dir_entries, usersharepath));
3782 /* Allow 20% bad entries. */
3783 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3784 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3785 "in directory %s\n",
3786 num_dir_entries, usersharepath));
3793 /* Sweep through and delete any non-refreshed usershares that are
3794 not currently in use. */
3795 tmp_ctx = talloc_stackframe();
3796 for (iService = iNumServices - 1; iService >= 0; iService--) {
3797 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3800 if (snumused && snumused(sconn, iService)) {
3804 servname = lp_servicename(tmp_ctx, iService);
3806 /* Remove from the share ACL db. */
3807 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3809 delete_share_security(servname);
3810 free_service_byindex(iService);
3813 talloc_free(tmp_ctx);
3815 return lp_numservices();
3818 /********************************************************
3819 Destroy global resources allocated in this file
3820 ********************************************************/
3822 void gfree_loadparm(void)
3828 /* Free resources allocated to services */
3830 for ( i = 0; i < iNumServices; i++ ) {
3832 free_service_byindex(i);
3836 TALLOC_FREE( ServicePtrs );
3839 /* Now release all resources allocated to global
3840 parameters and the default service */
3842 free_global_parameters();
3846 /***************************************************************************
3847 Allow client apps to specify that they are a client
3848 ***************************************************************************/
3849 static void lp_set_in_client(bool b)
3855 /***************************************************************************
3856 Determine if we're running in a client app
3857 ***************************************************************************/
3858 static bool lp_is_in_client(void)
3863 static void lp_enforce_ad_dc_settings(void)
3865 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3866 lp_do_parameter(GLOBAL_SECTION_SNUM,
3867 "winbindd:use external pipes", "true");
3868 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3869 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3870 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3871 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3872 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3873 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3874 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3875 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3876 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3879 /***************************************************************************
3880 Load the services array from the services file. Return true on success,
3882 ***************************************************************************/
3884 static bool lp_load_ex(const char *pszFname,
3888 bool reinit_globals,
3889 bool allow_include_registry,
3890 bool load_all_shares)
3894 TALLOC_CTX *frame = talloc_stackframe();
3895 struct loadparm_context *lp_ctx;
3896 int max_protocol, min_protocol;
3898 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3900 bInGlobalSection = true;
3901 bGlobalOnly = global_only;
3902 bAllowIncludeRegistry = allow_include_registry;
3903 sDefault = _sDefault;
3905 lp_ctx = setup_lp_context(talloc_tos());
3907 init_globals(lp_ctx, reinit_globals);
3911 if (save_defaults) {
3916 if (!reinit_globals) {
3917 free_param_opts(&Globals.param_opt);
3918 apply_lp_set_cmdline();
3921 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
3923 /* We get sections first, so have to start 'behind' to make up */
3926 if (lp_config_backend_is_file()) {
3927 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
3928 current_user_info.domain,
3931 smb_panic("lp_load_ex: out of memory");
3934 add_to_file_list(NULL, &file_lists, pszFname, n2);
3936 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
3939 /* finish up the last section */
3940 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
3942 if (iServiceIndex >= 0) {
3943 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
3947 if (lp_config_backend_is_registry()) {
3949 /* config backend changed to registry in config file */
3951 * We need to use this extra global variable here to
3952 * survive restart: init_globals uses this as a default
3953 * for config_backend. Otherwise, init_globals would
3954 * send us into an endless loop here.
3957 config_backend = CONFIG_BACKEND_REGISTRY;
3959 DEBUG(1, ("lp_load_ex: changing to config backend "
3961 init_globals(lp_ctx, true);
3963 TALLOC_FREE(lp_ctx);
3965 lp_kill_all_services();
3966 ok = lp_load_ex(pszFname, global_only, save_defaults,
3967 add_ipc, reinit_globals,
3968 allow_include_registry,
3973 } else if (lp_config_backend_is_registry()) {
3974 bRetval = process_registry_globals();
3976 DEBUG(0, ("Illegal config backend given: %d\n",
3977 lp_config_backend()));
3981 if (bRetval && lp_registry_shares()) {
3982 if (load_all_shares) {
3983 bRetval = process_registry_shares();
3985 bRetval = reload_registry_shares();
3990 char *serv = lp_auto_services(talloc_tos());
3991 lp_add_auto_services(serv);
3996 /* When 'restrict anonymous = 2' guest connections to ipc$
3998 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
3999 if ( lp_enable_asu_support() ) {
4000 lp_add_ipc("ADMIN$", false);
4004 set_allowed_client_auth();
4006 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
4007 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
4008 lp_password_server()));
4013 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4014 /* if we_are_a_wins_server is true and we are in the client */
4015 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4016 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4021 fault_configure(smb_panic_s3);
4024 * We run this check once the whole smb.conf is parsed, to
4025 * force some settings for the standard way a AD DC is
4026 * operated. We may change these as our code evolves, which
4027 * is why we force these settings.
4029 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4030 lp_enforce_ad_dc_settings();
4033 bAllowIncludeRegistry = true;
4035 /* Check if command line max protocol < min protocol, if so
4036 * report a warning to the user.
4038 max_protocol = lp_client_max_protocol();
4039 min_protocol = lp_client_min_protocol();
4040 if (max_protocol < min_protocol) {
4041 const char *max_protocolp, *min_protocolp;
4042 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4043 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4044 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4045 max_protocolp, min_protocolp);
4052 static bool lp_load(const char *pszFname,
4056 bool reinit_globals)
4058 return lp_load_ex(pszFname,
4063 true, /* allow_include_registry */
4064 false); /* load_all_shares*/
4067 bool lp_load_initial_only(const char *pszFname)
4069 return lp_load_ex(pszFname,
4070 true, /* global only */
4071 true, /* save_defaults */
4072 false, /* add_ipc */
4073 true, /* reinit_globals */
4074 false, /* allow_include_registry */
4075 false); /* load_all_shares*/
4079 * most common lp_load wrapper, loading only the globals
4081 * If this is used in a daemon or client utility it should be called
4082 * after processing popt.
4084 bool lp_load_global(const char *file_name)
4086 return lp_load(file_name,
4087 true, /* global_only */
4088 false, /* save_defaults */
4089 false, /* add_ipc */
4090 true); /* reinit_globals */
4094 * The typical lp_load wrapper with shares, loads global and
4095 * shares, including IPC, but does not force immediate
4096 * loading of all shares from registry.
4098 bool lp_load_with_shares(const char *file_name)
4100 return lp_load(file_name,
4101 false, /* global_only */
4102 false, /* save_defaults */
4104 true); /* reinit_globals */
4108 * lp_load wrapper, especially for clients
4110 bool lp_load_client(const char *file_name)
4112 lp_set_in_client(true);
4114 return lp_load_global(file_name);
4118 * lp_load wrapper, loading only globals, but intended
4119 * for subsequent calls, not reinitializing the globals
4122 bool lp_load_global_no_reinit(const char *file_name)
4124 return lp_load(file_name,
4125 true, /* global_only */
4126 false, /* save_defaults */
4127 false, /* add_ipc */
4128 false); /* reinit_globals */
4132 * lp_load wrapper, loading globals and shares,
4133 * intended for subsequent calls, i.e. not reinitializing
4134 * the globals to default values.
4136 bool lp_load_no_reinit(const char *file_name)
4138 return lp_load(file_name,
4139 false, /* global_only */
4140 false, /* save_defaults */
4141 false, /* add_ipc */
4142 false); /* reinit_globals */
4147 * lp_load wrapper, especially for clients, no reinitialization
4149 bool lp_load_client_no_reinit(const char *file_name)
4151 lp_set_in_client(true);
4153 return lp_load_global_no_reinit(file_name);
4156 bool lp_load_with_registry_shares(const char *pszFname)
4158 return lp_load_ex(pszFname,
4159 false, /* global_only */
4160 true, /* save_defaults */
4161 false, /* add_ipc */
4162 true, /* reinit_globals */
4163 true, /* allow_include_registry */
4164 true); /* load_all_shares*/
4167 /***************************************************************************
4168 Return the max number of services.
4169 ***************************************************************************/
4171 int lp_numservices(void)
4173 return (iNumServices);
4176 /***************************************************************************
4177 Display the contents of the services array in human-readable form.
4178 ***************************************************************************/
4180 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4183 struct loadparm_context *lp_ctx;
4186 defaults_saved = false;
4188 lp_ctx = setup_lp_context(talloc_tos());
4189 if (lp_ctx == NULL) {
4193 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4195 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4197 for (iService = 0; iService < maxtoprint; iService++) {
4199 lp_dump_one(f, show_defaults, iService);
4201 TALLOC_FREE(lp_ctx);
4204 /***************************************************************************
4205 Display the contents of one service in human-readable form.
4206 ***************************************************************************/
4208 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4211 if (ServicePtrs[snum]->szService[0] == '\0')
4213 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4214 flags_list, show_defaults);
4218 /***************************************************************************
4219 Return the number of the service with the given name, or -1 if it doesn't
4220 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4221 getservicebyname()! This works ONLY if all services have been loaded, and
4222 does not copy the found service.
4223 ***************************************************************************/
4225 int lp_servicenumber(const char *pszServiceName)
4228 fstring serviceName;
4230 if (!pszServiceName) {
4231 return GLOBAL_SECTION_SNUM;
4234 for (iService = iNumServices - 1; iService >= 0; iService--) {
4235 if (VALID(iService) && ServicePtrs[iService]->szService) {
4237 * The substitution here is used to support %U in
4240 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4241 standard_sub_basic(get_current_username(),
4242 current_user_info.domain,
4243 serviceName,sizeof(serviceName));
4244 if (strequal(serviceName, pszServiceName)) {
4250 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4251 struct timespec last_mod;
4253 if (!usershare_exists(iService, &last_mod)) {
4254 /* Remove the share security tdb entry for it. */
4255 delete_share_security(lp_const_servicename(iService));
4256 /* Remove it from the array. */
4257 free_service_byindex(iService);
4258 /* Doesn't exist anymore. */
4259 return GLOBAL_SECTION_SNUM;
4262 /* Has it been modified ? If so delete and reload. */
4263 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4265 /* Remove it from the array. */
4266 free_service_byindex(iService);
4267 /* and now reload it. */
4268 iService = load_usershare_service(pszServiceName);
4273 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4274 return GLOBAL_SECTION_SNUM;
4280 /*******************************************************************
4281 A useful volume label function.
4282 ********************************************************************/
4284 const char *volume_label(TALLOC_CTX *ctx, int snum)
4287 const char *label = lp_volume(ctx, snum);
4291 label = lp_servicename(ctx, snum);
4295 * Volume label can be a max of 32 bytes. Make sure to truncate
4296 * it at a codepoint boundary if it's longer than 32 and contains
4297 * multibyte characters. Windows insists on a volume label being
4298 * a valid mb sequence, and errors out if not.
4300 if (strlen(label) > 32) {
4302 * A MB char can be a max of 5 bytes, thus
4303 * we should have a valid mb character at a
4304 * minimum position of (32-5) = 27.
4308 * Check if a codepoint starting from next byte
4309 * is valid. If yes, then the current byte is the
4310 * end of a MB or ascii sequence and the label can
4311 * be safely truncated here. If not, keep going
4312 * backwards till a valid codepoint is found.
4315 const char *s = &label[end];
4316 codepoint_t c = next_codepoint(s, &len);
4317 if (c != INVALID_CODEPOINT) {
4324 /* This returns a max of 33 byte guarenteed null terminated string. */
4325 ret = talloc_strndup(ctx, label, end);
4332 /*******************************************************************
4333 Get the default server type we will announce as via nmbd.
4334 ********************************************************************/
4336 int lp_default_server_announce(void)
4338 int default_server_announce = 0;
4339 default_server_announce |= SV_TYPE_WORKSTATION;
4340 default_server_announce |= SV_TYPE_SERVER;
4341 default_server_announce |= SV_TYPE_SERVER_UNIX;
4343 /* note that the flag should be set only if we have a
4344 printer service but nmbd doesn't actually load the
4345 services so we can't tell --jerry */
4347 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4349 default_server_announce |= SV_TYPE_SERVER_NT;
4350 default_server_announce |= SV_TYPE_NT;
4352 switch (lp_server_role()) {
4353 case ROLE_DOMAIN_MEMBER:
4354 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4356 case ROLE_DOMAIN_PDC:
4357 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4359 case ROLE_DOMAIN_BDC:
4360 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4362 case ROLE_STANDALONE:
4366 if (lp_time_server())
4367 default_server_announce |= SV_TYPE_TIME_SOURCE;
4369 if (lp_host_msdfs())
4370 default_server_announce |= SV_TYPE_DFS_SERVER;
4372 return default_server_announce;
4375 /***********************************************************
4376 If we are PDC then prefer us as DMB
4377 ************************************************************/
4379 bool lp_domain_master(void)
4381 if (Globals._domain_master == Auto)
4382 return (lp_server_role() == ROLE_DOMAIN_PDC);
4384 return (bool)Globals._domain_master;
4387 /***********************************************************
4388 If we are PDC then prefer us as DMB
4389 ************************************************************/
4391 static bool lp_domain_master_true_or_auto(void)
4393 if (Globals._domain_master) /* auto or yes */
4399 /***********************************************************
4400 If we are DMB then prefer us as LMB
4401 ************************************************************/
4403 bool lp_preferred_master(void)
4405 int preferred_master = lp__preferred_master();
4407 if (preferred_master == Auto)
4408 return (lp_local_master() && lp_domain_master());
4410 return (bool)preferred_master;
4413 /*******************************************************************
4415 ********************************************************************/
4417 void lp_remove_service(int snum)
4419 ServicePtrs[snum]->valid = false;
4422 const char *lp_printername(TALLOC_CTX *ctx, int snum)
4424 const char *ret = lp__printername(ctx, snum);
4425 if (ret == NULL || *ret == '\0') {
4426 ret = lp_const_servicename(snum);
4433 /***********************************************************
4434 Allow daemons such as winbindd to fix their logfile name.
4435 ************************************************************/
4437 void lp_set_logfile(const char *name)
4439 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4440 debug_set_logfile(name);
4443 /*******************************************************************
4444 Return the max print jobs per queue.
4445 ********************************************************************/
4447 int lp_maxprintjobs(int snum)
4449 int maxjobs = lp_max_print_jobs(snum);
4451 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4452 maxjobs = PRINT_MAX_JOBID - 1;
4457 const char *lp_printcapname(void)
4459 const char *printcap_name = lp_printcap_name();
4461 if ((printcap_name != NULL) &&
4462 (printcap_name[0] != '\0'))
4463 return printcap_name;
4465 if (sDefault.printing == PRINT_CUPS) {
4469 if (sDefault.printing == PRINT_BSD)
4470 return "/etc/printcap";
4472 return PRINTCAP_NAME;
4475 static uint32_t spoolss_state;
4477 bool lp_disable_spoolss( void )
4479 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4480 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4482 return spoolss_state == SVCCTL_STOPPED ? true : false;
4485 void lp_set_spoolss_state( uint32_t state )
4487 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4489 spoolss_state = state;
4492 uint32_t lp_get_spoolss_state( void )
4494 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4497 /*******************************************************************
4498 Ensure we don't use sendfile if server smb signing is active.
4499 ********************************************************************/
4501 bool lp_use_sendfile(int snum, struct smb_signing_state *signing_state)
4503 bool sign_active = false;
4505 /* Using sendfile blows the brains out of any DOS or Win9x TCP stack... JRA. */
4506 if (get_Protocol() < PROTOCOL_NT1) {
4509 if (signing_state) {
4510 sign_active = smb_signing_is_active(signing_state);
4512 return (lp__use_sendfile(snum) &&
4513 (get_remote_arch() != RA_WIN95) &&
4517 /*******************************************************************
4518 Turn off sendfile if we find the underlying OS doesn't support it.
4519 ********************************************************************/
4521 void set_use_sendfile(int snum, bool val)
4523 if (LP_SNUM_OK(snum))
4524 ServicePtrs[snum]->_use_sendfile = val;
4526 sDefault._use_sendfile = val;
4529 void lp_set_mangling_method(const char *new_method)
4531 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4534 /*******************************************************************
4535 Global state for POSIX pathname processing.
4536 ********************************************************************/
4538 static bool posix_pathnames;
4540 bool lp_posix_pathnames(void)
4542 return posix_pathnames;
4545 /*******************************************************************
4546 Change everything needed to ensure POSIX pathname processing (currently
4548 ********************************************************************/
4550 void lp_set_posix_pathnames(void)
4552 posix_pathnames = true;
4555 /*******************************************************************
4556 Global state for POSIX lock processing - CIFS unix extensions.
4557 ********************************************************************/
4559 bool posix_default_lock_was_set;
4560 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4562 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4564 if (posix_default_lock_was_set) {
4565 return posix_cifsx_locktype;
4567 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4568 POSIX_LOCK : WINDOWS_LOCK;
4572 /*******************************************************************
4573 ********************************************************************/
4575 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4577 posix_default_lock_was_set = true;
4578 posix_cifsx_locktype = val;
4581 int lp_min_receive_file_size(void)
4583 int min_receivefile_size = lp_min_receivefile_size();
4585 if (min_receivefile_size < 0) {
4588 return min_receivefile_size;
4591 /*******************************************************************
4592 Safe wide links checks.
4593 This helper function always verify the validity of wide links,
4594 even after a configuration file reload.
4595 ********************************************************************/
4597 void widelinks_warning(int snum)
4599 if (lp_allow_insecure_wide_links()) {
4603 if (lp_unix_extensions() && lp_wide_links(snum)) {
4604 DBG_ERR("Share '%s' has wide links and unix extensions enabled. "
4605 "These parameters are incompatible. "
4606 "Wide links will be disabled for this share.\n",
4607 lp_const_servicename(snum));
4611 bool lp_widelinks(int snum)
4613 /* wide links is always incompatible with unix extensions */
4614 if (lp_unix_extensions()) {
4616 * Unless we have "allow insecure widelinks"
4619 if (!lp_allow_insecure_wide_links()) {
4624 return lp_wide_links(snum);
4627 int lp_server_role(void)
4629 return lp_find_server_role(lp__server_role(),
4631 lp__domain_logons(),
4632 lp_domain_master_true_or_auto());
4635 int lp_security(void)
4637 return lp_find_security(lp__server_role(),
4641 int lp_client_max_protocol(void)
4643 int client_max_protocol = lp__client_max_protocol();
4644 if (client_max_protocol == PROTOCOL_DEFAULT) {
4645 return PROTOCOL_LATEST;
4647 return client_max_protocol;
4650 int lp_client_ipc_min_protocol(void)
4652 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4653 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4654 client_ipc_min_protocol = lp_client_min_protocol();
4656 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4657 return PROTOCOL_NT1;
4659 return client_ipc_min_protocol;
4662 int lp_client_ipc_max_protocol(void)
4664 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4665 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4666 return PROTOCOL_LATEST;
4668 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4669 return PROTOCOL_NT1;
4671 return client_ipc_max_protocol;
4674 int lp_client_ipc_signing(void)
4676 int client_ipc_signing = lp__client_ipc_signing();
4677 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4678 return SMB_SIGNING_REQUIRED;
4680 return client_ipc_signing;
4683 int lp_rpc_low_port(void)
4685 return Globals.rpc_low_port;
4688 int lp_rpc_high_port(void)
4690 return Globals.rpc_high_port;
4694 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4696 * This also ensures it is disabled if NTLM is totally disabled
4698 bool lp_lanman_auth(void)
4700 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4702 if (ntlm_auth_level == NTLM_AUTH_ON) {
4703 return lp__lanman_auth();
4709 struct loadparm_global * get_globals(void)
4714 unsigned int * get_flags(void)
4716 if (flags_list == NULL) {
4717 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());