#include "includes.h"
#include "printing.h"
+#ifdef HAVE_HTTPCONNECTENCRYPT
+#include <cups/http.h>
+#endif
+
bool bLoaded = False;
extern enum protocol_types Protocol;
char *szDeletePrinterCommand;
char *szOs2DriverMap;
char *szLockDir;
+ char *szStateDir;
+ char *szCacheDir;
char *szPidDir;
char *szRootdir;
char *szDefaultService;
char *szLdapIdmapSuffix;
char *szLdapGroupSuffix;
int ldap_ssl;
+ bool ldap_ssl_ads;
char *szLdapSuffix;
char *szLdapAdminDn;
int ldap_debug_level;
int ldap_debug_threshold;
int iAclCompat;
char *szCupsServer;
+ int CupsEncrypt;
char *szIPrintServer;
char *ctdbdSocket;
char **szClusterAddresses;
bool bHostnameLookups;
bool bUnixExtensions;
bool bDisableNetbios;
- bool bUseKerberosKeytab;
+ char * szDedicatedKeytabFile;
+ int iKerberosMethod;
bool bDeferSharingViolations;
bool bEnablePrivileges;
bool bASUSupport;
int iminreceivefile;
struct param_opt_struct *param_opt;
int cups_connection_timeout;
+ char *szSMBPerfcountModule;
+ bool bMapUntrustedToDomain;
};
static struct global Globals;
{-1, NULL}
};
+
+
static const struct enum_list enum_bool_auto[] = {
{False, "No"},
{False, "False"},
{-1, NULL}
};
+/* ADS kerberos ticket verification options */
+
+static const struct enum_list enum_kerberos_method[] = {
+ {KERBEROS_VERIFY_SECRETS, "default"},
+ {KERBEROS_VERIFY_SECRETS, "secrets only"},
+ {KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"},
+ {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"},
+ {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"},
+ {-1, NULL}
+};
+
/* Note: We do not initialise the defaults union - it is not allowed in ANSI C
*
- * The FLAG_HIDE is explicit. Paramters set this way do NOT appear in any edit
+ * The FLAG_HIDE is explicit. Parameters set this way do NOT appear in any edit
* screen in SWAT. This is used to exclude parameters as well as to squash all
* parameters that have been duplicated by pseudonyms.
*
* Set FLAG_SHARE and FLAG_PRINT to specifically display parameters in
* respective views.
*
- * NOTE2: Handling of duplicated (synonym) paramters:
+ * NOTE2: Handling of duplicated (synonym) parameters:
* Only the first occurance of a parameter should be enabled by FLAG_BASIC
* and/or FLAG_ADVANCED. All duplicates following the first mention should be
* set to FLAG_HIDE. ie: Make you must place the parameter that has the preferred
.flags = FLAG_ADVANCED | FLAG_GLOBAL,
},
{
- .label = "use kerberos keytab",
- .type = P_BOOL,
+ .label = "dedicated keytab file",
+ .type = P_STRING,
.p_class = P_GLOBAL,
- .ptr = &Globals.bUseKerberosKeytab,
+ .ptr = &Globals.szDedicatedKeytabFile,
.special = NULL,
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "kerberos method",
+ .type = P_ENUM,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.iKerberosMethod,
+ .special = NULL,
+ .enum_list = enum_kerberos_method,
+ .flags = FLAG_ADVANCED,
+ },
+ {
+ .label = "map untrusted to domain",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.bMapUntrustedToDomain,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED | FLAG_GLOBAL,
+ },
+
{N_("Logging Options"), P_SEP, P_SEPARATOR},
.flags = FLAG_ADVANCED | FLAG_PRINT | FLAG_GLOBAL,
},
{
+ .label = "cups encrypt",
+ .type = P_ENUM,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.CupsEncrypt,
+ .special = NULL,
+ .enum_list = enum_bool_auto,
+ .flags = FLAG_ADVANCED | FLAG_PRINT | FLAG_GLOBAL,
+ },
+ {
+
.label = "cups connection timeout",
.type = P_INTEGER,
.p_class = P_GLOBAL,
.ptr = &sDefault.bShareModes,
.special = NULL,
.enum_list = NULL,
- .flags = FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL,
+ .flags = FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL | FLAG_DEPRECATED,
},
{N_("Ldap Options"), P_SEP, P_SEPARATOR},
.enum_list = enum_ldap_ssl,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "ldap ssl ads",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.ldap_ssl_ads,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{
.label = "ldap timeout",
.type = P_INTEGER,
.enum_list = NULL,
.flags = FLAG_HIDE,
},
+ {
+ .label = "state directory",
+ .type = P_STRING,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.szStateDir,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
+ {
+ .label = "cache directory",
+ .type = P_STRING,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.szCacheDir,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{
.label = "pid directory",
.type = P_STRING,
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "perfcount module",
+ .type = P_STRING,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.szSMBPerfcountModule,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{N_("VFS module options"), P_SEP, P_SEPARATOR},
}
}
+/**
+ * Function to return the default value for the maximum number of open
+ * file descriptors permitted. This function tries to consult the
+ * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
+ * the smaller of those.
+ */
+static int max_open_files(void)
+{
+ int sysctl_max = MAX_OPEN_FILES;
+ int rlimit_max = MAX_OPEN_FILES;
+
+#ifdef HAVE_SYSCTLBYNAME
+ {
+ size_t size = sizeof(sysctl_max);
+ sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
+ 0);
+ }
+#endif
+
+#if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
+ {
+ struct rlimit rl;
+
+ ZERO_STRUCT(rl);
+
+ if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
+ rlimit_max = rl.rlim_cur;
+
+#if defined(RLIM_INFINITY)
+ if(rl.rlim_cur == RLIM_INFINITY)
+ rlimit_max = MAX_OPEN_FILES;
+ }
+#endif
+#endif
+
+ return MIN(sysctl_max, rlimit_max);
+}
/**
* Common part of freeing allocated data for one parameter.
{
void *parm_ptr;
- if (parm.ptr == NULL); {
+ if (parm.ptr == NULL) {
return;
}
string_set(&Globals.szWorkgroup, lp_workgroup());
string_set(&Globals.szPasswdProgram, "");
- string_set(&Globals.szPidDir, get_dyn_PIDDIR());
string_set(&Globals.szLockDir, get_dyn_LOCKDIR());
+ string_set(&Globals.szStateDir, get_dyn_STATEDIR());
+ string_set(&Globals.szCacheDir, get_dyn_CACHEDIR());
+ string_set(&Globals.szPidDir, get_dyn_PIDDIR());
string_set(&Globals.szSocketAddress, "0.0.0.0");
- if (asprintf(&s, "Samba %s", SAMBA_VERSION_STRING) < 0) {
+ if (asprintf(&s, "Samba %s", samba_version_string()) < 0) {
smb_panic("init_globals: ENOMEM");
}
string_set(&Globals.szServerString, s);
Globals.getwd_cache = true;
Globals.bLargeReadwrite = True;
Globals.max_log_size = 5000;
- Globals.max_open_files = MAX_OPEN_FILES;
+ Globals.max_open_files = max_open_files();
Globals.open_files_db_hash_size = SMB_OPEN_DATABASE_TDB_HASH_SIZE;
Globals.maxprotocol = PROTOCOL_NT1;
Globals.minprotocol = PROTOCOL_CORE;
string_set(&Globals.szLdapAdminDn, "");
Globals.ldap_ssl = LDAP_SSL_START_TLS;
+ Globals.ldap_ssl_ads = False;
Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
Globals.ldap_delete_dn = False;
Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
Globals.bRegistryShares = False;
Globals.iminreceivefile = 0;
+
+ Globals.bMapUntrustedToDomain = false;
}
/*******************************************************************
}
/*
- In this section all the functions that are used to access the
- parameters from the rest of the program are defined
+ In this section all the functions that are used to access the
+ parameters from the rest of the program are defined
*/
#define FN_GLOBAL_STRING(fn_name,ptr) \
FN_GLOBAL_STRING(lp_deleteprinter_cmd, &Globals.szDeletePrinterCommand)
FN_GLOBAL_STRING(lp_os2_driver_map, &Globals.szOs2DriverMap)
FN_GLOBAL_STRING(lp_lockdir, &Globals.szLockDir)
+/* If lp_statedir() and lp_cachedir() are explicitely set during the
+ * build process or in smb.conf, we use that value. Otherwise they
+ * default to the value of lp_lockdir(). */
+char *lp_statedir(void) {
+ if ((strcmp(get_dyn_STATEDIR(), get_dyn_LOCKDIR()) != 0) ||
+ (strcmp(get_dyn_STATEDIR(), Globals.szStateDir) != 0))
+ return(lp_string(*(char **)(&Globals.szStateDir) ?
+ *(char **)(&Globals.szStateDir) : ""));
+ else
+ return(lp_string(*(char **)(&Globals.szLockDir) ?
+ *(char **)(&Globals.szLockDir) : ""));
+}
+char *lp_cachedir(void) {
+ if ((strcmp(get_dyn_CACHEDIR(), get_dyn_LOCKDIR()) != 0) ||
+ (strcmp(get_dyn_CACHEDIR(), Globals.szCacheDir) != 0))
+ return(lp_string(*(char **)(&Globals.szCacheDir) ?
+ *(char **)(&Globals.szCacheDir) : ""));
+ else
+ return(lp_string(*(char **)(&Globals.szLockDir) ?
+ *(char **)(&Globals.szLockDir) : ""));
+}
FN_GLOBAL_STRING(lp_piddir, &Globals.szPidDir)
FN_GLOBAL_STRING(lp_mangling_method, &Globals.szManglingMethod)
FN_GLOBAL_INTEGER(lp_mangle_prefix, &Globals.mangle_prefix)
FN_GLOBAL_STRING(lp_wtmpdir, &Globals.szWtmpDir)
FN_GLOBAL_BOOL(lp_utmp, &Globals.bUtmp)
FN_GLOBAL_STRING(lp_rootdir, &Globals.szRootdir)
+FN_GLOBAL_STRING(lp_perfcount_module, &Globals.szSMBPerfcountModule)
FN_GLOBAL_STRING(lp_defaultservice, &Globals.szDefaultService)
FN_GLOBAL_STRING(lp_msg_command, &Globals.szMsgCommand)
FN_GLOBAL_STRING(lp_get_quota_command, &Globals.szGetQuota)
FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
+FN_GLOBAL_BOOL(lp_ldap_ssl_ads, &Globals.ldap_ssl_ads)
FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)
FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep)
FN_GLOBAL_BOOL(lp_stat_cache, &Globals.bStatCache)
FN_GLOBAL_INTEGER(lp_max_stat_cache_size, &Globals.iMaxStatCacheSize)
FN_GLOBAL_BOOL(lp_allow_trusted_domains, &Globals.bAllowTrustedDomains)
+FN_GLOBAL_BOOL(lp_map_untrusted_to_domain, &Globals.bMapUntrustedToDomain)
FN_GLOBAL_INTEGER(lp_restrict_anonymous, &Globals.restrict_anonymous)
FN_GLOBAL_BOOL(lp_lanman_auth, &Globals.bLanmanAuth)
FN_GLOBAL_BOOL(lp_ntlm_auth, &Globals.bNTLMAuth)
FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups)
FN_LOCAL_PARM_BOOL(lp_change_notify, bChangeNotify)
FN_LOCAL_PARM_BOOL(lp_kernel_change_notify, bKernelChangeNotify)
-FN_GLOBAL_BOOL(lp_use_kerberos_keytab, &Globals.bUseKerberosKeytab)
+FN_GLOBAL_STRING(lp_dedicated_keytab_file, &Globals.szDedicatedKeytabFile)
+FN_GLOBAL_INTEGER(lp_kerberos_method, &Globals.iKerberosMethod)
FN_GLOBAL_BOOL(lp_defer_sharing_violations, &Globals.bDeferSharingViolations)
FN_GLOBAL_BOOL(lp_enable_privileges, &Globals.bEnablePrivileges)
FN_GLOBAL_BOOL(lp_enable_asu_support, &Globals.bASUSupport)
FN_GLOBAL_LIST(lp_svcctl_list, &Globals.szServicesList)
FN_LOCAL_STRING(lp_cups_options, szCupsOptions)
FN_GLOBAL_STRING(lp_cups_server, &Globals.szCupsServer)
+int lp_cups_encrypt(void)
+{
+#ifdef HAVE_HTTPCONNECTENCRYPT
+ switch (Globals.CupsEncrypt) {
+ case Auto:
+ Globals.CupsEncrypt = HTTP_ENCRYPT_REQUIRED;
+ break;
+ case True:
+ Globals.CupsEncrypt = HTTP_ENCRYPT_ALWAYS;
+ break;
+ case False:
+ Globals.CupsEncrypt = HTTP_ENCRYPT_NEVER;
+ break;
+ }
+#endif
+ return Globals.CupsEncrypt;
+}
FN_GLOBAL_STRING(lp_iprint_server, &Globals.szIPrintServer)
FN_GLOBAL_INTEGER(lp_cups_connection_timeout, &Globals.cups_connection_timeout)
FN_GLOBAL_CONST_STRING(lp_ctdbd_socket, &Globals.ctdbdSocket)
return PRINTCAP_NAME;
}
-/*******************************************************************
- Ensure we don't use sendfile if server smb signing is active.
-********************************************************************/
-
static uint32 spoolss_state;
bool lp_disable_spoolss( void )
Ensure we don't use sendfile if server smb signing is active.
********************************************************************/
-bool lp_use_sendfile(int snum)
+bool lp_use_sendfile(int snum, struct smb_signing_state *signing_state)
{
+ bool sign_active = false;
+
/* Using sendfile blows the brains out of any DOS or Win9x TCP stack... JRA. */
if (Protocol < PROTOCOL_NT1) {
- return False;
+ return false;
+ }
+ if (signing_state) {
+ sign_active = smb_signing_is_active(signing_state);
}
return (_lp_use_sendfile(snum) &&
(get_remote_arch() != RA_WIN95) &&
- !srv_is_signing_active());
+ !sign_active);
}
/*******************************************************************