bool bLoaded = False;
-extern enum protocol_types Protocol;
extern userdom_struct current_user_info;
#ifndef GLOBAL_NAME
char *szRemoteAnnounce;
char *szRemoteBrowseSync;
char *szSocketAddress;
+ bool bNmbdBindExplicitBroadcast;
char *szNISHomeMapName;
char *szAnnounceVersion; /* This is initialised in init_globals */
char *szWorkgroup;
int oplock_break_wait_time;
int winbind_cache_time;
int winbind_reconnect_delay;
- int winbind_max_idle_children;
+ int winbind_max_clients;
char **szWinbindNssInfo;
int iLockSpinTime;
char *szLdapMachineSuffix;
char *szLdapGroupSuffix;
int ldap_ssl;
bool ldap_ssl_ads;
+ int ldap_deref;
int ldap_follow_referral;
char *szLdapSuffix;
char *szLdapAdminDn;
char *ctdbdSocket;
char **szClusterAddresses;
bool clustering;
+ int ctdb_timeout;
int ldap_passwd_sync;
int ldap_replication_sleep;
int ldap_timeout; /* This is initialised in init_globals */
bool bClientNTLMv2Auth;
bool bClientPlaintextAuth;
bool bClientUseSpnego;
+ bool client_use_spnego_principal;
bool bDebugPrefixTimestamp;
bool bDebugHiresTimestamp;
bool bDebugPid;
int cups_connection_timeout;
char *szSMBPerfcountModule;
bool bMapUntrustedToDomain;
- bool bFakeDirCreateTimes;
};
static struct global Globals;
bool bMap_system;
bool bMap_hidden;
bool bMap_archive;
- bool bStoreCreateTime;
bool bStoreDosAttributes;
bool bDmapiSupport;
bool bLocking;
bool bDosFilemode;
bool bDosFiletimes;
bool bDosFiletimeResolution;
+ bool bFakeDirCreateTimes;
bool bBlockingLocks;
bool bInheritPerms;
bool bInheritACLS;
False, /* bMap_system */
False, /* bMap_hidden */
True, /* bMap_archive */
- False, /* bStoreCreateTime */
False, /* bStoreDosAttributes */
False, /* bDmapiSupport */
True, /* bLocking */
True, /* bLevel2OpLocks */
False, /* bOnlyUser */
True, /* bMangledNames */
- True, /* bWidelinks */
+ false, /* bWidelinks */
True, /* bSymlinks */
False, /* bSyncAlways */
False, /* bStrictAllocate */
False, /* bDosFilemode */
True, /* bDosFiletimes */
False, /* bDosFiletimeResolution */
+ False, /* bFakeDirCreateTimes */
True, /* bBlockingLocks */
False, /* bInheritPerms */
False, /* bInheritACLS */
{-1, NULL}
};
+/* LDAP Dereferencing Alias types */
+#define SAMBA_LDAP_DEREF_NEVER 0
+#define SAMBA_LDAP_DEREF_SEARCHING 1
+#define SAMBA_LDAP_DEREF_FINDING 2
+#define SAMBA_LDAP_DEREF_ALWAYS 3
+
+static const struct enum_list enum_ldap_deref[] = {
+ {SAMBA_LDAP_DEREF_NEVER, "never"},
+ {SAMBA_LDAP_DEREF_SEARCHING, "searching"},
+ {SAMBA_LDAP_DEREF_FINDING, "finding"},
+ {SAMBA_LDAP_DEREF_ALWAYS, "always"},
+ {-1, "auto"}
+};
+
static const struct enum_list enum_ldap_passwd_sync[] = {
{LDAP_PASSWD_SYNC_OFF, "no"},
{LDAP_PASSWD_SYNC_OFF, "off"},
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "client use spnego principal",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.client_use_spnego_principal,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{
.label = "username",
.type = P_STRING,
.ptr = &sDefault.iWriteCacheSize,
.special = NULL,
.enum_list = NULL,
- .flags = FLAG_ADVANCED | FLAG_SHARE | FLAG_DEPRECATED,
+ .flags = FLAG_ADVANCED | FLAG_SHARE,
},
{
.label = "name cache timeout",
.enum_list = NULL,
.flags = FLAG_ADVANCED | FLAG_GLOBAL,
},
+ {
+ .label = "ctdb timeout",
+ .type = P_INTEGER,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.ctdb_timeout,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED | FLAG_GLOBAL,
+ },
{N_("Printing Options"), P_SEP, P_SEPARATOR},
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
- {
- .label = "store create time",
- .type = P_BOOL,
- .p_class = P_LOCAL,
- .ptr = &sDefault.bStoreCreateTime,
- .special = NULL,
- .enum_list = NULL,
- .flags = FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL,
- },
{
.label = "store dos attributes",
.type = P_BOOL,
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "ldap deref",
+ .type = P_ENUM,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.ldap_deref,
+ .special = NULL,
+ .enum_list = enum_ldap_deref,
+ .flags = FLAG_ADVANCED,
+ },
{
.label = "ldap follow referral",
.type = P_ENUM,
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "nmbd bind explicit broadcast",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.bNmbdBindExplicitBroadcast,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{
.label = "homedir map",
.type = P_STRING,
{
.label = "fake directory create times",
.type = P_BOOL,
- .p_class = P_GLOBAL,
- .ptr = &Globals.bFakeDirCreateTimes,
+ .p_class = P_LOCAL,
+ .ptr = &sDefault.bFakeDirCreateTimes,
.special = NULL,
.enum_list = NULL,
.flags = FLAG_ADVANCED | FLAG_GLOBAL,
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "winbind max clients",
+ .type = P_INTEGER,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.winbind_max_clients,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{
.label = "winbind enum users",
.type = P_BOOL,
#endif
#endif
+ if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
+ DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
+ "minimum Windows limit (%d)\n",
+ sysctl_max,
+ MIN_OPEN_FILES_WINDOWS));
+ sysctl_max = MIN_OPEN_FILES_WINDOWS;
+ }
+
+ if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
+ DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
+ "minimum Windows limit (%d)\n",
+ rlimit_max,
+ MIN_OPEN_FILES_WINDOWS));
+ rlimit_max = MIN_OPEN_FILES_WINDOWS;
+ }
+
return MIN(sysctl_max, rlimit_max);
}
string_set(&Globals.szCacheDir, get_dyn_CACHEDIR());
string_set(&Globals.szPidDir, get_dyn_PIDDIR());
string_set(&Globals.szSocketAddress, "0.0.0.0");
+ /*
+ * By default support explicit binding to broadcast
+ * addresses.
+ */
+ Globals.bNmbdBindExplicitBroadcast = true;
if (asprintf(&s, "Samba %s", samba_version_string()) < 0) {
smb_panic("init_globals: ENOMEM");
Globals.bTimestampLogs = True;
string_set(&Globals.szLogLevel, "0");
Globals.bDebugPrefixTimestamp = False;
- Globals.bDebugHiresTimestamp = False;
+ Globals.bDebugHiresTimestamp = true;
Globals.bDebugPid = False;
Globals.bDebugUid = False;
Globals.bDebugClass = False;
string_set(&Globals.szLdapAdminDn, "");
Globals.ldap_ssl = LDAP_SSL_START_TLS;
Globals.ldap_ssl_ads = False;
+ Globals.ldap_deref = -1;
Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
Globals.ldap_delete_dn = False;
Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
string_set(&Globals.ctdbdSocket, "");
Globals.szClusterAddresses = NULL;
Globals.clustering = False;
+ Globals.ctdb_timeout = 0;
Globals.winbind_cache_time = 300; /* 5 minutes */
Globals.winbind_reconnect_delay = 30; /* 30 seconds */
+ Globals.winbind_max_clients = 200;
Globals.bWinbindEnumUsers = False;
Globals.bWinbindEnumGroups = False;
Globals.bWinbindUseDefaultDomain = False;
char fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
FN_GLOBAL_STRING(lp_smb_ports, &Globals.smb_ports)
-FN_GLOBAL_STRING(lp_dos_charset, &Globals.dos_charset)
-FN_GLOBAL_STRING(lp_unix_charset, &Globals.unix_charset)
-FN_GLOBAL_STRING(lp_display_charset, &Globals.display_charset)
+FN_GLOBAL_CONST_STRING(lp_dos_charset, &Globals.dos_charset)
+FN_GLOBAL_CONST_STRING(lp_unix_charset, &Globals.unix_charset)
+FN_GLOBAL_CONST_STRING(lp_display_charset, &Globals.display_charset)
FN_GLOBAL_STRING(lp_logfile, &Globals.szLogFile)
FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile)
FN_GLOBAL_STRING(lp_smb_passwd_file, &Globals.szSMBPasswdFile)
FN_GLOBAL_CONST_STRING(lp_logon_home, &Globals.szLogonHome)
FN_GLOBAL_STRING(lp_remote_announce, &Globals.szRemoteAnnounce)
FN_GLOBAL_STRING(lp_remote_browse_sync, &Globals.szRemoteBrowseSync)
+FN_GLOBAL_BOOL(lp_nmbd_bind_explicit_broadcast, &Globals.bNmbdBindExplicitBroadcast)
FN_GLOBAL_LIST(lp_wins_server_list, &Globals.szWINSservers)
FN_GLOBAL_LIST(lp_interfaces, &Globals.szInterfaces)
FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName)
FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
FN_GLOBAL_BOOL(lp_ldap_ssl_ads, &Globals.ldap_ssl_ads)
+FN_GLOBAL_INTEGER(lp_ldap_deref, &Globals.ldap_deref)
FN_GLOBAL_INTEGER(lp_ldap_follow_referral, &Globals.ldap_follow_referral)
FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)
FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions)
FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego)
FN_GLOBAL_BOOL(lp_client_use_spnego, &Globals.bClientUseSpnego)
+FN_GLOBAL_BOOL(lp_client_use_spnego_principal, &Globals.client_use_spnego_principal)
FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups)
FN_LOCAL_PARM_BOOL(lp_change_notify, bChangeNotify)
FN_LOCAL_PARM_BOOL(lp_kernel_change_notify, bKernelChangeNotify)
FN_GLOBAL_STRING(lp_cups_server, &Globals.szCupsServer)
int lp_cups_encrypt(void)
{
+ int result = 0;
#ifdef HAVE_HTTPCONNECTENCRYPT
switch (Globals.CupsEncrypt) {
case Auto:
- Globals.CupsEncrypt = HTTP_ENCRYPT_REQUIRED;
+ result = HTTP_ENCRYPT_REQUIRED;
break;
case True:
- Globals.CupsEncrypt = HTTP_ENCRYPT_ALWAYS;
+ result = HTTP_ENCRYPT_ALWAYS;
break;
case False:
- Globals.CupsEncrypt = HTTP_ENCRYPT_NEVER;
+ result = HTTP_ENCRYPT_NEVER;
break;
}
#endif
- return Globals.CupsEncrypt;
+ return result;
}
FN_GLOBAL_STRING(lp_iprint_server, &Globals.szIPrintServer)
FN_GLOBAL_INTEGER(lp_cups_connection_timeout, &Globals.cups_connection_timeout)
FN_GLOBAL_CONST_STRING(lp_ctdbd_socket, &Globals.ctdbdSocket)
FN_GLOBAL_LIST(lp_cluster_addresses, &Globals.szClusterAddresses)
FN_GLOBAL_BOOL(lp_clustering, &Globals.clustering)
+FN_GLOBAL_INTEGER(lp_ctdb_timeout, &Globals.ctdb_timeout)
FN_LOCAL_STRING(lp_printcommand, szPrintcommand)
FN_LOCAL_STRING(lp_lpqcommand, szLpqcommand)
FN_LOCAL_STRING(lp_lprmcommand, szLprmcommand)
FN_LOCAL_BOOL(lp_print_ok, bPrint_ok)
FN_LOCAL_BOOL(lp_map_hidden, bMap_hidden)
FN_LOCAL_BOOL(lp_map_archive, bMap_archive)
-FN_LOCAL_BOOL(lp_store_create_time, bStoreCreateTime)
FN_LOCAL_BOOL(lp_store_dos_attributes, bStoreDosAttributes)
FN_LOCAL_BOOL(lp_dmapi_support, bDmapiSupport)
FN_LOCAL_PARM_BOOL(lp_locking, bLocking)
FN_LOCAL_BOOL(lp_level2_oplocks, bLevel2OpLocks)
FN_LOCAL_BOOL(lp_onlyuser, bOnlyUser)
FN_LOCAL_PARM_BOOL(lp_manglednames, bMangledNames)
-FN_LOCAL_BOOL(lp_widelinks, bWidelinks)
FN_LOCAL_BOOL(lp_symlinks, bSymlinks)
FN_LOCAL_BOOL(lp_syncalways, bSyncAlways)
FN_LOCAL_BOOL(lp_strict_allocate, bStrictAllocate)
FN_LOCAL_BOOL(lp_dos_filemode, bDosFilemode)
FN_LOCAL_BOOL(lp_dos_filetimes, bDosFiletimes)
FN_LOCAL_BOOL(lp_dos_filetime_resolution, bDosFiletimeResolution)
-FN_GLOBAL_BOOL(lp_fake_dir_create_times, &Globals.bFakeDirCreateTimes)
+FN_LOCAL_BOOL(lp_fake_dir_create_times, bFakeDirCreateTimes)
FN_LOCAL_BOOL(lp_blocking_locks, bBlockingLocks)
FN_LOCAL_BOOL(lp_inherit_perms, bInheritPerms)
FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS)
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
FN_GLOBAL_INTEGER(lp_winbind_reconnect_delay, &Globals.winbind_reconnect_delay)
+FN_GLOBAL_INTEGER(lp_winbind_max_clients, &Globals.winbind_max_clients)
FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo)
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
return ret;
}
+/**
+ * reload those shares from registry that are already
+ * activated in the services array.
+ */
+static bool reload_registry_shares(void)
+{
+ int i;
+ bool ret = true;
+
+ for (i = 0; i < iNumServices; i++) {
+ if (!VALID(i)) {
+ continue;
+ }
+
+ if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
+ continue;
+ }
+
+ ret = process_registry_service(ServicePtrs[i]->szService);
+ if (!ret) {
+ goto done;
+ }
+ }
+
+done:
+ return ret;
+}
+
+
#define MAX_INCLUDE_DEPTH 100
static uint8_t include_depth;
/* Ensure the owner of the usershare file has permission to share
this directory. */
- if (sys_stat(sharepath, &sbuf) == -1) {
+ if (sys_stat(sharepath, &sbuf, false) == -1) {
DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
servicename, sharepath, strerror(errno) ));
sys_closedir(dp);
/* Minimize the race condition by doing an lstat before we
open and fstat. Ensure this isn't a symlink link. */
- if (sys_lstat(fname, &lsbuf) != 0) {
+ if (sys_lstat(fname, &lsbuf, false) != 0) {
DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
fname, strerror(errno) ));
SAFE_FREE(fname);
}
/* Now fstat to be *SURE* it's a regular file. */
- if (sys_fstat(fd, &sbuf) != 0) {
+ if (sys_fstat(fd, &sbuf, false) != 0) {
close(fd);
DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
fname, strerror(errno) ));
return false;
}
- if (sys_lstat(fname, &lsbuf) != 0) {
+ if (sys_lstat(fname, &lsbuf, false) != 0) {
SAFE_FREE(fname);
return false;
}
return -1;
}
- if (sys_stat(usersharepath, &sbuf) != 0) {
+ if (sys_stat(usersharepath, &sbuf, false) != 0) {
DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
usersharepath, strerror(errno) ));
return -1;
return lp_numservices();
}
- if (sys_stat(usersharepath, &sbuf) != 0) {
+ if (sys_stat(usersharepath, &sbuf, false) != 0) {
DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
usersharepath, strerror(errno) ));
return ret;
bRetval = false;
}
- if (bRetval && lp_registry_shares() && allow_registry_shares) {
- bRetval = process_registry_shares();
+ if (bRetval && lp_registry_shares()) {
+ if (allow_registry_shares) {
+ bRetval = process_registry_shares();
+ } else {
+ bRetval = reload_registry_shares();
+ }
}
- lp_add_auto_services(lp_auto_services());
+ {
+ char *serv = lp_auto_services();
+ lp_add_auto_services(serv);
+ TALLOC_FREE(serv);
+ }
if (add_ipc) {
/* When 'restrict anonymous = 2' guest connections to ipc$
bool sign_active = false;
/* Using sendfile blows the brains out of any DOS or Win9x TCP stack... JRA. */
- if (Protocol < PROTOCOL_NT1) {
+ if (get_Protocol() < PROTOCOL_NT1) {
return false;
}
if (signing_state) {
{
string_set(&Globals.szPassdbBackend, backend);
}
+
+/*******************************************************************
+ Safe wide links checks.
+ This helper function always verify the validity of wide links,
+ even after a configuration file reload.
+********************************************************************/
+
+static bool lp_widelinks_internal(int snum)
+{
+ return (bool)(LP_SNUM_OK(snum)? ServicePtrs[(snum)]->bWidelinks :
+ sDefault.bWidelinks);
+}
+
+void widelinks_warning(int snum)
+{
+ if (lp_unix_extensions() && lp_widelinks_internal(snum)) {
+ DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
+ "These parameters are incompatible. "
+ "Wide links will be disabled for this share.\n",
+ lp_servicename(snum) ));
+ }
+}
+
+bool lp_widelinks(int snum)
+{
+ /* wide links is always incompatible with unix extensions */
+ if (lp_unix_extensions()) {
+ return false;
+ }
+
+ return lp_widelinks_internal(snum);
+}