#define LOADPARM_SUBSTITUTION_INTERNALS 1
#include "includes.h"
+#include "lib/util/util_file.h"
#include "system/filesys.h"
#include "util_tdb.h"
#include "lib/param/loadparm.h"
#include "lib/util/string_wrappers.h"
#include "auth/credentials/credentials.h"
#include "source3/lib/substitute.h"
+#include "source3/librpc/gen_ndr/ads.h"
+#include "lib/util/time_basic.h"
+#include "libds/common/flags.h"
#ifdef HAVE_SYS_SYSCTL_H
#include <sys/sysctl.h>
#endif
-bool bLoaded = false;
-
-extern userdom_struct current_user_info;
+bool b_loaded = false;
/* the special value for the include parameter
* to be interpreted not as a file name but to
.aio_read_size = 1,
.aio_write_size = 1,
.map_readonly = MAP_READONLY_NO,
- .directory_name_cache_size = 100,
.server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
.kernel_share_modes = false,
.durable_handles = true,
Initialise the global parameter structure.
***************************************************************************/
-static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
+void loadparm_s3_init_globals(struct loadparm_context *lp_ctx,
+ bool reinit_globals)
{
static bool done_init = false;
char *s = NULL;
*/
Globals.nmbd_bind_explicit_broadcast = true;
- s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
+ s = talloc_asprintf(Globals.ctx, "Samba %s", samba_version_string());
if (s == NULL) {
smb_panic("init_globals: ENOMEM");
}
Globals.client_schannel = true;
Globals.winbind_sealed_pipes = true;
Globals.require_strong_key = true;
+ Globals.reject_md5_servers = true;
Globals.server_schannel = true;
+ Globals.server_schannel_require_seal = true;
+ Globals.reject_md5_clients = true;
Globals.read_raw = true;
Globals.write_raw = true;
Globals.null_passwords = false;
Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
+ Globals.nt_hash_store = NT_HASH_STORE_ALWAYS; /* Fill in NT hash when setting password */
Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
/* Note, that we will also use NTLM2 session security (which is different), if it is available */
Globals.ldap_debug_level = 0;
Globals.ldap_debug_threshold = 10;
- Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
+ Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SEAL;
Globals.ldap_server_require_strong_auth =
LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
- Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
+ Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
Globals.tls_enabled = true;
Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
Globals.kdc_enable_fast = true;
+ Globals.winbind_debug_traceid = true;
+
Globals.aio_max_threads = 100;
lpcfg_string_set(Globals.ctx,
*/
Globals.rpc_start_on_demand_helpers = true;
+ Globals.ad_dc_functional_level = DS_DOMAIN_FUNCTION_2008_R2,
+
+ Globals.acl_claims_evaluation = ACL_CLAIMS_EVALUATION_AD_DC_ONLY;
+
/* Now put back the settings that were set with lp_set_cmdline() */
apply_lp_set_cmdline();
}
ret = talloc_sub_basic(mem_ctx,
get_current_username(),
- current_user_info.domain,
+ get_current_user_info_domain(),
s);
if (trim_char(ret, '\"', '\"')) {
if (strchr(ret,'\"') != NULL) {
TALLOC_FREE(ret);
ret = talloc_sub_basic(mem_ctx,
get_current_username(),
- current_user_info.domain,
+ get_current_user_info_domain(),
s);
}
}
pszPrintername);
lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
- /* set the browseable flag from the gloabl default */
+ /* set the browseable flag from the global default */
ServicePtrs[i]->browseable = sDefault.browseable;
/* Printers cannot be read_only. */
/**************************************************************************
Determine the canonical name for a parameter.
Turn the value given into the inverse boolean expression when
- the synonym is an invers boolean synonym.
+ the synonym is an inverse boolean synonym.
Return true if
- parm_name is a valid parameter name and
parm_num = lpcfg_map_parameter(pszParmName);
if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
- /* invalid, parametric or no canidate for synonyms ... */
+ /* invalid, parametric or no candidate for synonyms ... */
goto done;
}
return ServicePtrs[snum];
}
-struct loadparm_service *lp_default_loadparm_service()
+struct loadparm_service *lp_default_loadparm_service(void)
{
return &sDefault;
}
return true;
}
} else {
- time_t mod_time;
+ struct timespec mod_time = {
+ .tv_sec = 0,
+ };
+ struct timeval_buf tbuf = {
+ .buf = {0},
+ };
char *n2 = NULL;
+ struct stat sb = {0};
+ int rc;
n2 = talloc_sub_basic(talloc_tos(),
get_current_username(),
- current_user_info.domain,
+ get_current_user_info_domain(),
f->name);
if (!n2) {
return false;
}
DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
- f->name, n2, ctime(&f->modtime)));
-
- mod_time = file_modtime(n2);
+ f->name, n2,
+ timespec_string_buf(&f->modtime,
+ true,
+ &tbuf)));
+
+ rc = stat(n2, &sb);
+ if (rc == 0) {
+ mod_time = get_mtimespec(&sb);
+ }
- if (mod_time &&
- ((f->modtime != mod_time) ||
+ if (mod_time.tv_sec > 0 &&
+ ((timespec_compare(&mod_time, &f->modtime) != 0) ||
(f->subfname == NULL) ||
(strcmp(n2, f->subfname) != 0)))
{
+ f->modtime = mod_time;
+
DEBUGADD(6,
("file %s modified: %s\n", n2,
- ctime(&mod_time)));
- f->modtime = mod_time;
+ timespec_string_buf(&f->modtime,
+ true,
+ &tbuf)));
+
TALLOC_FREE(f->subfname);
f->subfname = talloc_strdup(f, n2);
if (f->subfname == NULL) {
}
fname = talloc_sub_basic(talloc_tos(), get_current_username(),
- current_user_info.domain,
+ get_current_user_info_domain(),
pszParmValue);
add_to_file_list(NULL, &file_lists, pszParmValue, fname);
return false;
}
-bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
-{
- bool ret;
- TALLOC_CTX *frame = talloc_stackframe();
- struct loadparm_context *lp_ctx;
-
- lp_ctx = setup_lp_context(frame);
- if (lp_ctx == NULL) {
- TALLOC_FREE(frame);
- return false;
- }
-
- ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
-
- TALLOC_FREE(frame);
- return ret;
-}
-
/***************************************************************************
Process a parameter.
***************************************************************************/
/* if we have a current service, tidy it up before moving on */
bRetval = true;
- if (iServiceIndex >= 0)
+ if ((iServiceIndex >= 0) && (ServicePtrs[iServiceIndex] != NULL))
bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
/* if all is still well, move to the next record in the services array */
bool lp_loaded(void)
{
- return (bLoaded);
+ return (b_loaded);
}
/***************************************************************************
}
/***************************************************************************
- Save the curent values of all global and sDefault parameters into the
+ Save the current values of all global and sDefault parameters into the
defaults union. This allows testparm to show only the
changed (ie. non-default) parameters.
***************************************************************************/
}
/***********************************************************
- If we should send plaintext/LANMAN passwords in the clinet
+ If we should send plaintext/LANMAN passwords in the client
************************************************************/
static void set_allowed_client_auth(void)
lp_ctx = setup_lp_context(talloc_tos());
- init_globals(lp_ctx, reinit_globals);
+ loadparm_s3_init_globals(lp_ctx, reinit_globals);
free_file_list();
if (lp_config_backend_is_file()) {
n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
- current_user_info.domain,
+ get_current_user_info_domain(),
pszFname);
if (!n2) {
smb_panic("lp_load_ex: out of memory");
/* start over */
DEBUG(1, ("lp_load_ex: changing to config backend "
"registry\n"));
- init_globals(lp_ctx, true);
+ loadparm_s3_init_globals(lp_ctx, true);
TALLOC_FREE(lp_ctx);
lp_password_server()));
}
- bLoaded = true;
+ b_loaded = true;
/* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
/* if we_are_a_wins_server is true and we are in the client */
*/
fstrcpy(serviceName, ServicePtrs[iService]->szService);
standard_sub_basic(get_current_username(),
- current_user_info.domain,
+ get_current_user_info_domain(),
serviceName,sizeof(serviceName));
if (strequal(serviceName, pszServiceName)) {
break;
}
}
- /* This returns a max of 33 byte guarenteed null terminated string. */
+ /* This returns a max of 33 byte guaranteed null terminated string. */
ret = talloc_strndup(ctx, label, end);
if (!ret) {
return "";
"These parameters are incompatible. "
"Wide links will be disabled for this share.\n",
lp_const_servicename(snum));
- } else if (lp_smb2_unix_extensions()) {
- DBG_ERR("Share '%s' has wide links and SMB2 unix "
- "extensions enabled. "
- "These parameters are incompatible. "
- "Wide links will be disabled for this share.\n",
- lp_const_servicename(snum));
+ } else if (lp_smb3_unix_extensions(snum)) {
+ DBG_ERR("Share '%s' has wide links and SMB3 Unix "
+ "extensions enabled. "
+ "These parameters are incompatible. "
+ "Wide links will be disabled for this share.\n",
+ lp_const_servicename(snum));
}
}
}
bool lp_widelinks(int snum)
{
/* wide links is always incompatible with unix extensions */
- if (lp_smb1_unix_extensions() || lp_smb2_unix_extensions()) {
+ if (lp_smb1_unix_extensions() || lp_smb3_unix_extensions(snum)) {
/*
* Unless we have "allow insecure widelinks"
* turned on.
return flags_list;
}
-enum samba_weak_crypto lp_weak_crypto()
+enum samba_weak_crypto lp_weak_crypto(void)
{
if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
*/
return MAX(Globals.async_dns_timeout, 1);
}
-
-/* SMB2 POSIX extensions. For now, *always* disabled. */
-bool lp_smb2_unix_extensions(void)
-{
- return false;
-}