2 Unix SMB/CIFS implementation.
3 Parameter loading functions
4 Copyright (C) Karl Auer 1993-1998
6 Largely re-written by Andrew Tridgell, September 1994
8 Copyright (C) Simo Sorce 2001
9 Copyright (C) Alexander Bokovoy 2002
10 Copyright (C) Stefan (metze) Metzmacher 2002
11 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 Copyright (C) Michael Adam 2008
13 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 Copyright (C) Andrew Bartlett 2011
16 This program is free software; you can redistribute it and/or modify
17 it under the terms of the GNU General Public License as published by
18 the Free Software Foundation; either version 3 of the License, or
19 (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
33 * This module provides suitable callback functions for the params
34 * module. It builds the internal table of service details which is
35 * then used by the rest of the server.
39 * 1) add it to the global or service structure definition
40 * 2) add it to the parm_table
41 * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
42 * 4) If it's a global then initialise it in init_globals. If a local
43 * (ie. service) parameter then initialise it in the sDefault structure
47 * The configuration file is processed sequentially for speed. It is NOT
48 * accessed randomly as happens in 'real' Windows. For this reason, there
49 * is a fair bit of sequence-dependent code here - ie., code which assumes
50 * that certain things happen before others. In particular, the code which
51 * happens at the boundary between sections is delicately poised, so be
56 #define LOADPARM_SUBSTITUTION_INTERNALS 1
58 #include "lib/util/util_file.h"
59 #include "system/filesys.h"
61 #include "lib/param/loadparm.h"
62 #include "lib/param/param.h"
64 #include "lib/smbconf/smbconf.h"
65 #include "lib/smbconf/smbconf_init.h"
67 #include "include/smb_ldap.h"
68 #include "../librpc/gen_ndr/svcctl.h"
70 #include "../libcli/smb/smb_signing.h"
71 #include "dbwrap/dbwrap.h"
72 #include "dbwrap/dbwrap_rbt.h"
73 #include "../lib/util/bitmap.h"
74 #include "librpc/gen_ndr/nbt.h"
75 #include "librpc/gen_ndr/dns.h"
76 #include "source4/lib/tls/tls.h"
77 #include "libcli/auth/ntlm_check.h"
78 #include "lib/crypto/gnutls_helpers.h"
79 #include "lib/util/string_wrappers.h"
80 #include "auth/credentials/credentials.h"
81 #include "source3/lib/substitute.h"
82 #include "source3/librpc/gen_ndr/ads.h"
83 #include "lib/util/time_basic.h"
84 #include "libds/common/flags.h"
86 #ifdef HAVE_SYS_SYSCTL_H
87 #include <sys/sysctl.h>
90 bool b_loaded = false;
92 /* the special value for the include parameter
93 * to be interpreted not as a file name but to
94 * trigger loading of the global smb.conf options
96 #ifndef INCLUDE_REGISTRY_NAME
97 #define INCLUDE_REGISTRY_NAME "registry"
100 static bool in_client = false; /* Not in the client by default */
101 static struct smbconf_csn conf_last_csn;
103 static int config_backend = CONFIG_BACKEND_FILE;
105 /* some helpful bits */
106 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
107 (ServicePtrs != NULL) && \
108 (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
109 #define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
110 ServicePtrs[i]->valid)
112 #define USERSHARE_VALID 1
113 #define USERSHARE_PENDING_DELETE 2
115 static bool defaults_saved = false;
117 #include "lib/param/param_global.h"
119 static struct loadparm_global Globals;
121 /* This is a default service used to prime a services structure */
122 static const struct loadparm_service _sDefault =
127 .usershare_last_mod = {0, 0},
130 .invalid_users = NULL,
137 .root_preexec = NULL,
138 .root_postexec = NULL,
139 .cups_options = NULL,
140 .print_command = NULL,
142 .lprm_command = NULL,
143 .lppause_command = NULL,
144 .lpresume_command = NULL,
145 .queuepause_command = NULL,
146 .queueresume_command = NULL,
147 ._printername = NULL,
148 .printjob_username = NULL,
149 .dont_descend = NULL,
152 .magic_script = NULL,
153 .magic_output = NULL,
156 .veto_oplock_files = NULL,
166 .aio_write_behind = NULL,
167 .dfree_command = NULL,
168 .min_print_space = 0,
169 .max_print_jobs = 1000,
170 .max_reported_print_jobs = 0,
172 .force_create_mode = 0,
173 .directory_mask = 0755,
174 .force_directory_mode = 0,
175 .max_connections = 0,
176 .default_case = CASE_LOWER,
177 .printing = DEFAULT_PRINTING,
180 .dfree_cache_time = 0,
181 .preexec_close = false,
182 .root_preexec_close = false,
183 .case_sensitive = Auto,
184 .preserve_case = true,
185 .short_preserve_case = true,
186 .hide_dot_files = true,
187 .hide_special_files = false,
188 .hide_unreadable = false,
189 .hide_unwriteable_files = false,
191 .access_based_share_enum = false,
196 .administrative_share = false,
199 .print_notify_backchannel = false,
203 .store_dos_attributes = true,
204 .smbd_max_xattr_size = 65536,
205 .dmapi_support = false,
207 .strict_locking = Auto,
208 .posix_locking = true,
210 .kernel_oplocks = false,
211 .level2_oplocks = true,
212 .mangled_names = MANGLED_NAMES_ILLEGAL,
214 .follow_symlinks = true,
215 .sync_always = false,
216 .strict_allocate = false,
217 .strict_rename = false,
219 .mangling_char = '~',
221 .delete_readonly = false,
222 .fake_oplocks = false,
223 .delete_veto_files = false,
224 .dos_filemode = false,
225 .dos_filetimes = true,
226 .dos_filetime_resolution = false,
227 .fake_directory_create_times = false,
228 .blocking_locks = true,
229 .inherit_permissions = false,
230 .inherit_acls = false,
231 .inherit_owner = false,
233 .msdfs_shuffle_referrals = false,
234 .use_client_driver = false,
235 .default_devmode = true,
236 .force_printername = false,
237 .nt_acl_support = true,
238 .force_unknown_acl_user = false,
239 ._use_sendfile = false,
240 .map_acl_inherit = false,
243 .acl_check_permissions = true,
244 .acl_map_full_control = true,
245 .acl_group_control = false,
246 .acl_allow_execute_always = false,
247 .acl_flag_inherited_canonicalization = true,
250 .map_readonly = MAP_READONLY_NO,
251 .server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
252 .kernel_share_modes = false,
253 .durable_handles = true,
254 .check_parent_directory_delete_on_close = false,
256 .smbd_search_ask_sharemode = true,
257 .smbd_getinfo_ask_sharemode = true,
258 .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
259 .honor_change_notify_privilege = false,
260 .volume_serial_number = -1,
265 * This is a copy of the default service structure. Service options in the
266 * global section would otherwise overwrite the initial default values.
268 static struct loadparm_service sDefault;
270 /* local variables */
271 static struct loadparm_service **ServicePtrs = NULL;
272 static int iNumServices = 0;
273 static int iServiceIndex = 0;
274 static struct db_context *ServiceHash;
275 static bool bInGlobalSection = true;
276 static bool bGlobalOnly = false;
277 static struct file_lists *file_lists = NULL;
278 static unsigned int *flags_list = NULL;
280 static void set_allowed_client_auth(void);
282 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
283 static void free_param_opts(struct parmlist_entry **popts);
286 * Function to return the default value for the maximum number of open
287 * file descriptors permitted. This function tries to consult the
288 * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
289 * the smaller of those.
291 static int max_open_files(void)
293 int sysctl_max = MAX_OPEN_FILES;
294 int rlimit_max = MAX_OPEN_FILES;
296 #ifdef HAVE_SYSCTLBYNAME
298 size_t size = sizeof(sysctl_max);
299 sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
304 #if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
310 if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
311 rlimit_max = rl.rlim_cur;
313 #if defined(RLIM_INFINITY)
314 if(rl.rlim_cur == RLIM_INFINITY)
315 rlimit_max = MAX_OPEN_FILES;
320 if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
321 DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
322 "minimum Windows limit (%d)\n",
324 MIN_OPEN_FILES_WINDOWS));
325 sysctl_max = MIN_OPEN_FILES_WINDOWS;
328 if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
329 DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
330 "minimum Windows limit (%d)\n",
332 MIN_OPEN_FILES_WINDOWS));
333 rlimit_max = MIN_OPEN_FILES_WINDOWS;
336 return MIN(sysctl_max, rlimit_max);
340 * Common part of freeing allocated data for one parameter.
342 static void free_one_parameter_common(void *parm_ptr,
343 struct parm_struct parm)
345 if ((parm.type == P_STRING) ||
346 (parm.type == P_USTRING))
348 lpcfg_string_free((char**)parm_ptr);
349 } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
350 TALLOC_FREE(*((char***)parm_ptr));
355 * Free the allocated data for one parameter for a share
356 * given as a service struct.
358 static void free_one_parameter(struct loadparm_service *service,
359 struct parm_struct parm)
363 if (parm.p_class != P_LOCAL) {
367 parm_ptr = lp_parm_ptr(service, &parm);
369 free_one_parameter_common(parm_ptr, parm);
373 * Free the allocated parameter data of a share given
374 * as a service struct.
376 static void free_parameters(struct loadparm_service *service)
380 for (i=0; parm_table[i].label; i++) {
381 free_one_parameter(service, parm_table[i]);
386 * Free the allocated data for one parameter for a given share
387 * specified by an snum.
389 static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
394 parm_ptr = lp_parm_ptr(NULL, &parm);
395 } else if (parm.p_class != P_LOCAL) {
398 parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
401 free_one_parameter_common(parm_ptr, parm);
405 * Free the allocated parameter data for a share specified
408 static void free_parameters_by_snum(int snum)
412 for (i=0; parm_table[i].label; i++) {
413 free_one_parameter_by_snum(snum, parm_table[i]);
418 * Free the allocated global parameters.
420 static void free_global_parameters(void)
423 struct parm_struct *parm;
425 free_param_opts(&Globals.param_opt);
426 free_parameters_by_snum(GLOBAL_SECTION_SNUM);
428 /* Reset references in the defaults because the context is going to be freed */
429 for (i=0; parm_table[i].label; i++) {
430 parm = &parm_table[i];
431 if ((parm->type == P_STRING) ||
432 (parm->type == P_USTRING)) {
433 if ((parm->def.svalue != NULL) &&
434 (*(parm->def.svalue) != '\0')) {
435 if (talloc_parent(parm->def.svalue) == Globals.ctx) {
436 parm->def.svalue = NULL;
441 TALLOC_FREE(Globals.ctx);
444 struct lp_stored_option {
445 struct lp_stored_option *prev, *next;
450 static struct lp_stored_option *stored_options;
453 save options set by lp_set_cmdline() into a list. This list is
454 re-applied when we do a globals reset, so that cmdline set options
455 are sticky across reloads of smb.conf
457 bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
459 struct lp_stored_option *entry, *entry_next;
460 for (entry = stored_options; entry != NULL; entry = entry_next) {
461 entry_next = entry->next;
462 if (strcmp(pszParmName, entry->label) == 0) {
463 DLIST_REMOVE(stored_options, entry);
469 entry = talloc(NULL, struct lp_stored_option);
474 entry->label = talloc_strdup(entry, pszParmName);
480 entry->value = talloc_strdup(entry, pszParmValue);
486 DLIST_ADD_END(stored_options, entry);
491 static bool apply_lp_set_cmdline(void)
493 struct lp_stored_option *entry = NULL;
494 for (entry = stored_options; entry != NULL; entry = entry->next) {
495 if (!lp_set_cmdline_helper(entry->label, entry->value)) {
496 DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
497 entry->label, entry->value));
504 /***************************************************************************
505 Initialise the global parameter structure.
506 ***************************************************************************/
508 void loadparm_s3_init_globals(struct loadparm_context *lp_ctx,
511 static bool done_init = false;
515 /* If requested to initialize only once and we've already done it... */
516 if (!reinit_globals && done_init) {
517 /* ... then we have nothing more to do */
522 /* The logfile can be set before this is invoked. Free it if so. */
523 lpcfg_string_free(&Globals.logfile);
526 free_global_parameters();
529 /* This memset and the free_global_parameters() above will
530 * wipe out smb.conf options set with lp_set_cmdline(). The
531 * apply_lp_set_cmdline() call puts these values back in the
532 * table once the defaults are set */
533 ZERO_STRUCT(Globals);
535 Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
537 /* Initialize the flags list if necessary */
538 if (flags_list == NULL) {
542 for (i = 0; parm_table[i].label; i++) {
543 if ((parm_table[i].type == P_STRING ||
544 parm_table[i].type == P_USTRING))
548 (char **)lp_parm_ptr(NULL, &parm_table[i]),
554 lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
555 lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
557 init_printer_values(lp_ctx, Globals.ctx, &sDefault);
559 sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
561 DEBUG(3, ("Initialising global parameters\n"));
563 /* Must manually force to upper case here, as this does not go via the handler */
564 lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
567 lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
568 get_dyn_SMB_PASSWD_FILE());
569 lpcfg_string_set(Globals.ctx, &Globals.private_dir,
570 get_dyn_PRIVATE_DIR());
571 lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
572 get_dyn_BINDDNS_DIR());
574 /* use the new 'hash2' method by default, with a prefix of 1 */
575 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
576 Globals.mangle_prefix = 1;
578 lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
580 /* using UTF8 by default allows us to support all chars */
581 lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
582 DEFAULT_UNIX_CHARSET);
584 /* Use codepage 850 as a default for the dos character set */
585 lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
586 DEFAULT_DOS_CHARSET);
589 * Allow the default PASSWD_CHAT to be overridden in local.h.
591 lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
592 DEFAULT_PASSWD_CHAT);
594 lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
596 lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
597 lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
599 lpcfg_string_set(Globals.ctx, &Globals.state_directory,
601 lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
603 lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
605 lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
608 * By default support explicit binding to broadcast
611 Globals.nmbd_bind_explicit_broadcast = true;
613 s = talloc_asprintf(Globals.ctx, "Samba %s", samba_version_string());
615 smb_panic("init_globals: ENOMEM");
617 lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
620 lpcfg_string_set(Globals.ctx, &Globals.panic_action,
621 "/bin/sleep 999999999");
624 lpcfg_string_set(Globals.ctx, &Globals.socket_options,
625 DEFAULT_SOCKET_OPTIONS);
627 lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
628 /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
629 lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
630 lpcfg_string_set(Globals.ctx, &Globals.logon_path,
631 "\\\\%N\\%U\\profile");
633 Globals.name_resolve_order =
634 str_list_make_v3_const(Globals.ctx,
635 DEFAULT_NAME_RESOLVE_ORDER,
637 lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
639 Globals.algorithmic_rid_base = BASE_RID;
641 Globals.load_printers = true;
642 Globals.printcap_cache_time = 750; /* 12.5 minutes */
644 Globals.config_backend = config_backend;
645 Globals._server_role = ROLE_AUTO;
647 /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
648 /* Discovered by 2 days of pain by Don McCall @ HP :-). */
649 Globals.max_xmit = 0x4104;
650 Globals.max_mux = 50; /* This is *needed* for profile support. */
651 Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
652 Globals._disable_spoolss = false;
653 Globals.max_smbd_processes = 0;/* no limit specified */
654 Globals.username_level = 0;
655 Globals.deadtime = 10080;
656 Globals.getwd_cache = true;
657 Globals.large_readwrite = true;
658 Globals.max_log_size = 5000;
659 Globals.max_open_files = max_open_files();
660 Globals.server_max_protocol = PROTOCOL_SMB3_11;
661 Globals.server_min_protocol = PROTOCOL_SMB2_02;
662 Globals._client_max_protocol = PROTOCOL_DEFAULT;
663 Globals.client_min_protocol = PROTOCOL_SMB2_02;
664 Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
665 Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
666 Globals._security = SEC_AUTO;
667 Globals.encrypt_passwords = true;
668 Globals.client_schannel = true;
669 Globals.winbind_sealed_pipes = true;
670 Globals.require_strong_key = true;
671 Globals.reject_md5_servers = true;
672 Globals.server_schannel = true;
673 Globals.server_schannel_require_seal = true;
674 Globals.reject_md5_clients = true;
675 Globals.read_raw = true;
676 Globals.write_raw = true;
677 Globals.null_passwords = false;
678 Globals.old_password_allowed_period = 60;
679 Globals.obey_pam_restrictions = false;
681 Globals.syslog_only = false;
682 Globals.timestamp_logs = true;
683 lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
684 Globals.debug_prefix_timestamp = false;
685 Globals.debug_hires_timestamp = true;
686 Globals.debug_syslog_format = false;
687 Globals.debug_pid = false;
688 Globals.debug_uid = false;
689 Globals.debug_class = false;
690 Globals.enable_core_files = true;
691 Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
692 Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
693 Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
694 Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
695 Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
696 Globals.lm_interval = 60;
697 Globals.time_server = false;
698 Globals.bind_interfaces_only = false;
699 Globals.unix_password_sync = false;
700 Globals.pam_password_change = false;
701 Globals.passwd_chat_debug = false;
702 Globals.passwd_chat_timeout = 2; /* 2 second default. */
703 Globals.nt_pipe_support = true; /* Do NT pipes by default. */
704 Globals.nt_status_support = true; /* Use NT status by default. */
705 Globals.smbd_profiling_level = 0;
706 Globals.stat_cache = true; /* use stat cache by default */
707 Globals.max_stat_cache_size = 512; /* 512k by default */
708 Globals.restrict_anonymous = 0;
709 Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
710 Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
711 Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
712 Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
713 Globals.nt_hash_store = NT_HASH_STORE_ALWAYS; /* Fill in NT hash when setting password */
714 Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
715 Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
716 /* Note, that we will also use NTLM2 session security (which is different), if it is available */
718 Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
720 Globals.map_to_guest = 0; /* By Default, "Never" */
721 Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
722 Globals.enhanced_browsing = true;
723 Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
724 Globals.use_mmap = true;
725 Globals.unicode = true;
726 Globals.smb1_unix_extensions = true;
727 Globals.reset_on_zero_vc = false;
728 Globals.log_writeable_files_on_exit = false;
729 Globals.create_krb5_conf = true;
730 Globals.include_system_krb5_conf = true;
731 Globals._winbind_max_domain_connections = 1;
733 /* hostname lookups can be very expensive and are broken on
734 a large number of sites (tridge) */
735 Globals.hostname_lookups = false;
737 Globals.change_notify = true,
738 Globals.kernel_change_notify = true,
740 lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
741 lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
742 lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
743 lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
744 lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
745 lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
747 lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
748 Globals.ldap_ssl = LDAP_SSL_START_TLS;
749 Globals.ldap_deref = -1;
750 Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
751 Globals.ldap_delete_dn = false;
752 Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
753 Globals.ldap_follow_referral = Auto;
754 Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
755 Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
756 Globals.ldap_page_size = LDAP_PAGE_SIZE;
758 Globals.ldap_debug_level = 0;
759 Globals.ldap_debug_threshold = 10;
761 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SEAL;
763 Globals.ldap_server_require_strong_auth =
764 LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
766 /* This is what we tell the afs client. in reality we set the token
767 * to never expire, though, when this runs out the afs client will
768 * forget the token. Set to 0 to get NEVERDATE.*/
769 Globals.afs_token_lifetime = 604800;
770 Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
772 /* these parameters are set to defaults that are more appropriate
773 for the increasing samba install base:
775 as a member of the workgroup, that will possibly become a
776 _local_ master browser (lm = true). this is opposed to a forced
777 local master browser startup (pm = true).
779 doesn't provide WINS server service by default (wsupp = false),
780 and doesn't provide domain master browser services by default, either.
784 Globals.show_add_printer_wizard = true;
785 Globals.os_level = 20;
786 Globals.local_master = true;
787 Globals._domain_master = Auto; /* depending on _domain_logons */
788 Globals._domain_logons = false;
789 Globals.browse_list = true;
790 Globals.we_are_a_wins_server = false;
791 Globals.wins_proxy = false;
793 TALLOC_FREE(Globals.init_logon_delayed_hosts);
794 Globals.init_logon_delay = 100; /* 100 ms default delay */
796 Globals.wins_dns_proxy = true;
797 Globals.dns_port = DNS_SERVICE_PORT;
799 Globals.allow_trusted_domains = true;
800 lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
802 lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
803 lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
805 lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
806 lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
807 dyn_WINBINDD_SOCKET_DIR);
809 lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
810 lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
812 lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
814 Globals.cluster_addresses = NULL;
815 Globals.clustering = false;
816 Globals.ctdb_timeout = 0;
817 Globals.ctdb_locktime_warn_threshold = 0;
819 Globals.winbind_cache_time = 300; /* 5 minutes */
820 Globals.winbind_reconnect_delay = 30; /* 30 seconds */
821 Globals.winbind_request_timeout = 60; /* 60 seconds */
822 Globals.winbind_max_clients = 200;
823 Globals.winbind_enum_users = false;
824 Globals.winbind_enum_groups = false;
825 Globals.winbind_use_default_domain = false;
826 Globals.winbind_nested_groups = true;
827 Globals.winbind_expand_groups = 0;
828 Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
829 Globals.winbind_refresh_tickets = false;
830 Globals.winbind_offline_logon = false;
831 Globals.winbind_scan_trusted_domains = false;
833 Globals.idmap_cache_time = 86400 * 7; /* a week by default */
834 Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
836 Globals.passdb_expand_explicit = false;
838 Globals.name_cache_timeout = 660; /* In seconds */
840 Globals.client_use_spnego = true;
842 Globals.client_signing = SMB_SIGNING_DEFAULT;
843 Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
844 Globals.server_signing = SMB_SIGNING_DEFAULT;
846 Globals.defer_sharing_violations = true;
847 Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
849 Globals.enable_privileges = true;
850 Globals.host_msdfs = true;
851 Globals.enable_asu_support = false;
853 /* User defined shares. */
854 s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
856 smb_panic("init_globals: ENOMEM");
858 lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
860 lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
861 Globals.usershare_max_shares = 0;
862 /* By default disallow sharing of directories not owned by the sharer. */
863 Globals.usershare_owner_only = true;
864 /* By default disallow guest access to usershares. */
865 Globals.usershare_allow_guests = false;
867 Globals.keepalive = DEFAULT_KEEPALIVE;
869 /* By default no shares out of the registry */
870 Globals.registry_shares = false;
872 Globals.min_receivefile_size = 0;
874 Globals.multicast_dns_register = true;
876 Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
877 Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
878 Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
879 Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
880 Globals.smb2_leases = true;
881 Globals.server_multi_channel_support = true;
883 lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
884 get_dyn_NCALRPCDIR());
886 Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
888 Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
890 Globals.tls_enabled = true;
891 Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
893 lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
894 lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
895 lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
896 lpcfg_string_set(Globals.ctx,
897 &Globals.tls_priority,
898 "NORMAL:-VERS-SSL3.0");
900 Globals._preferred_master = Auto;
902 Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
903 Globals.dns_zone_scavenging = false;
905 lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
906 get_dyn_NTP_SIGND_SOCKET_DIR());
908 s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
910 smb_panic("init_globals: ENOMEM");
912 Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
916 Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
919 s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
921 smb_panic("init_globals: ENOMEM");
923 Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
926 s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
928 smb_panic("init_globals: ENOMEM");
930 Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
933 Globals.apply_group_policies = false;
935 s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
937 smb_panic("init_globals: ENOMEM");
939 Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
942 Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
944 Globals.cldap_port = 389;
946 Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
948 Globals.nbt_port = NBT_NAME_SERVICE_PORT;
950 Globals.krb5_port = 88;
952 Globals.kpasswd_port = 464;
954 Globals.kdc_enable_fast = true;
956 Globals.winbind_debug_traceid = true;
958 Globals.aio_max_threads = 100;
960 lpcfg_string_set(Globals.ctx,
961 &Globals.rpc_server_dynamic_port_range,
963 Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
964 Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
965 Globals.prefork_children = 4;
966 Globals.prefork_backoff_increment = 10;
967 Globals.prefork_maximum_backoff = 120;
969 Globals.ldap_max_anonymous_request_size = 256000;
970 Globals.ldap_max_authenticated_request_size = 16777216;
971 Globals.ldap_max_search_request_size = 256000;
973 /* Async DNS query timeout (in seconds). */
974 Globals.async_dns_timeout = 10;
976 Globals.client_smb_encrypt = SMB_ENCRYPTION_DEFAULT;
978 Globals._client_use_kerberos = CRED_USE_KERBEROS_DESIRED;
980 Globals.client_protection = CRED_CLIENT_PROTECTION_DEFAULT;
982 Globals.winbind_use_krb5_enterprise_principals = true;
984 Globals.client_smb3_signing_algorithms =
985 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
986 Globals.server_smb3_signing_algorithms =
987 str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
989 Globals.client_smb3_encryption_algorithms =
990 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
991 Globals.server_smb3_encryption_algorithms =
992 str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
994 Globals.min_domain_uid = 1000;
997 * By default allow smbd and winbindd to start samba-dcerpcd as
998 * a named-pipe helper.
1000 Globals.rpc_start_on_demand_helpers = true;
1002 Globals.ad_dc_functional_level = DS_DOMAIN_FUNCTION_2008_R2,
1004 Globals.acl_claims_evaluation = ACL_CLAIMS_EVALUATION_AD_DC_ONLY;
1006 /* Now put back the settings that were set with lp_set_cmdline() */
1007 apply_lp_set_cmdline();
1010 /* Convenience routine to setup an lp_context with additional s3 variables */
1011 static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
1013 struct loadparm_context *lp_ctx;
1015 lp_ctx = loadparm_init_s3(mem_ctx,
1016 loadparm_s3_helpers());
1017 if (lp_ctx == NULL) {
1018 DEBUG(0, ("loadparm_init_s3 failed\n"));
1022 lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
1023 if (lp_ctx->sDefault == NULL) {
1024 DBG_ERR("talloc_zero failed\n");
1025 TALLOC_FREE(lp_ctx);
1029 *lp_ctx->sDefault = _sDefault;
1030 lp_ctx->services = NULL; /* We do not want to access this directly */
1031 lp_ctx->bInGlobalSection = bInGlobalSection;
1032 lp_ctx->flags = flags_list;
1037 /*******************************************************************
1038 Convenience routine to grab string parameters into talloced memory
1039 and run standard_sub_basic on them. The buffers can be written to by
1040 callers without affecting the source string.
1041 ********************************************************************/
1043 static char *loadparm_s3_global_substitution_fn(
1044 TALLOC_CTX *mem_ctx,
1045 const struct loadparm_substitution *lp_sub,
1051 /* The follow debug is useful for tracking down memory problems
1052 especially if you have an inner loop that is calling a lp_*()
1053 function that returns a string. Perhaps this debug should be
1054 present all the time? */
1057 DEBUG(10, ("lp_string(%s)\n", s));
1063 ret = talloc_sub_basic(mem_ctx,
1064 get_current_username(),
1065 get_current_user_info_domain(),
1067 if (trim_char(ret, '\"', '\"')) {
1068 if (strchr(ret,'\"') != NULL) {
1070 ret = talloc_sub_basic(mem_ctx,
1071 get_current_username(),
1072 get_current_user_info_domain(),
1079 static const struct loadparm_substitution s3_global_substitution = {
1080 .substituted_string_fn = loadparm_s3_global_substitution_fn,
1083 const struct loadparm_substitution *loadparm_s3_global_substitution(void)
1085 return &s3_global_substitution;
1089 In this section all the functions that are used to access the
1090 parameters from the rest of the program are defined
1093 #define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
1094 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
1095 {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
1096 #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
1097 const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
1098 #define FN_GLOBAL_LIST(fn_name,ptr) \
1099 const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
1100 #define FN_GLOBAL_BOOL(fn_name,ptr) \
1101 bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
1102 #define FN_GLOBAL_CHAR(fn_name,ptr) \
1103 char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
1104 #define FN_GLOBAL_INTEGER(fn_name,ptr) \
1105 int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
1107 #define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
1108 char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
1109 {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1110 #define FN_LOCAL_CONST_STRING(fn_name,val) \
1111 const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
1112 #define FN_LOCAL_LIST(fn_name,val) \
1113 const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1114 #define FN_LOCAL_BOOL(fn_name,val) \
1115 bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1116 #define FN_LOCAL_INTEGER(fn_name,val) \
1117 int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
1119 #define FN_LOCAL_PARM_BOOL(fn_name,val) \
1120 bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1121 #define FN_LOCAL_PARM_INTEGER(fn_name,val) \
1122 int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1123 #define FN_LOCAL_PARM_CHAR(fn_name,val) \
1124 char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
1126 int lp_winbind_max_domain_connections(void)
1128 if (lp_winbind_offline_logon() &&
1129 lp__winbind_max_domain_connections() > 1) {
1130 DEBUG(1, ("offline logons active, restricting max domain "
1131 "connections to 1\n"));
1134 return MAX(1, lp__winbind_max_domain_connections());
1137 /* These functions remain in source3/param for now */
1139 #include "lib/param/param_functions.c"
1141 FN_LOCAL_SUBSTITUTED_STRING(servicename, szService)
1142 FN_LOCAL_CONST_STRING(const_servicename, szService)
1144 /* These functions cannot be auto-generated */
1145 FN_LOCAL_BOOL(autoloaded, autoloaded)
1146 FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
1148 /* local prototypes */
1150 static int map_parameter_canonical(const char *pszParmName, bool *inverse);
1151 static const char *get_boolean(bool bool_value);
1152 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
1154 static bool hash_a_service(const char *name, int number);
1155 static void free_service_byindex(int iService);
1156 static void show_parameter(int parmIndex);
1157 static bool is_synonym_of(int parm1, int parm2, bool *inverse);
1158 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
1161 * This is a helper function for parametrical options support. It returns a
1162 * pointer to parametrical option value if it exists or NULL otherwise. Actual
1163 * parametrical functions are quite simple
1165 static struct parmlist_entry *get_parametrics(int snum, const char *type,
1168 if (snum >= iNumServices) return NULL;
1171 return get_parametric_helper(NULL, type, option, Globals.param_opt);
1173 return get_parametric_helper(ServicePtrs[snum],
1174 type, option, Globals.param_opt);
1178 static void discard_whitespace(char *str)
1180 size_t len = strlen(str);
1184 if (isspace(str[i])) {
1185 memmove(&str[i], &str[i+1], len-i);
1194 * @brief Go through all global parametric parameters
1196 * @param regex_str A regular expression to scan param for
1197 * @param max_matches Max number of submatches the regexp expects
1198 * @param cb Function to call on match. Should return true
1199 * when it wants wi_scan_global_parametrics to stop
1201 * @param private_data Anonymous pointer passed to cb
1203 * @return 0: success, regcomp/regexec return value on error.
1204 * See "man regexec" for possible errors
1207 int lp_wi_scan_global_parametrics(
1208 const char *regex_str, size_t max_matches,
1209 bool (*cb)(const char *string, regmatch_t matches[],
1210 void *private_data),
1213 struct parmlist_entry *data;
1217 ret = regcomp(®ex, regex_str, REG_ICASE);
1222 for (data = Globals.param_opt; data != NULL; data = data->next) {
1223 size_t keylen = strlen(data->key);
1225 regmatch_t matches[max_matches];
1228 memcpy(key, data->key, sizeof(key));
1229 discard_whitespace(key);
1231 ret = regexec(®ex, key, max_matches, matches, 0);
1232 if (ret == REG_NOMATCH) {
1239 stop = cb(key, matches, private_data);
1252 #define MISSING_PARAMETER(name) \
1253 DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
1255 /*******************************************************************
1256 convenience routine to return enum parameters.
1257 ********************************************************************/
1258 static int lp_enum(const char *s,const struct enum_list *_enum)
1262 if (!s || !*s || !_enum) {
1263 MISSING_PARAMETER(lp_enum);
1267 for (i=0; _enum[i].name; i++) {
1268 if (strequal(_enum[i].name,s))
1269 return _enum[i].value;
1272 DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
1276 #undef MISSING_PARAMETER
1278 /* Return parametric option from a given service. Type is a part of option before ':' */
1279 /* Parametric option has following syntax: 'Type: option = value' */
1280 char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
1281 const struct loadparm_substitution *lp_sub,
1287 struct parmlist_entry *data = get_parametrics(snum, type, option);
1289 SMB_ASSERT(lp_sub != NULL);
1291 if (data == NULL||data->value==NULL) {
1293 return lpcfg_substituted_string(mem_ctx, lp_sub, def);
1299 return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
1302 /* Return parametric option from a given service. Type is a part of option before ':' */
1303 /* Parametric option has following syntax: 'Type: option = value' */
1304 const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
1306 struct parmlist_entry *data = get_parametrics(snum, type, option);
1308 if (data == NULL||data->value==NULL)
1315 /* Return parametric option from a given service. Type is a part of option before ':' */
1316 /* Parametric option has following syntax: 'Type: option = value' */
1318 const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
1320 struct parmlist_entry *data = get_parametrics(snum, type, option);
1322 if (data == NULL||data->value==NULL)
1323 return (const char **)def;
1325 if (data->list==NULL) {
1326 data->list = str_list_make_v3(NULL, data->value, NULL);
1329 return discard_const_p(const char *, data->list);
1332 /* Return parametric option from a given service. Type is a part of option before ':' */
1333 /* Parametric option has following syntax: 'Type: option = value' */
1335 int lp_parm_int(int snum, const char *type, const char *option, int def)
1337 struct parmlist_entry *data = get_parametrics(snum, type, option);
1339 if (data && data->value && *data->value)
1340 return lp_int(data->value);
1345 /* Return parametric option from a given service. Type is a part of option before ':' */
1346 /* Parametric option has following syntax: 'Type: option = value' */
1348 unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
1350 struct parmlist_entry *data = get_parametrics(snum, type, option);
1352 if (data && data->value && *data->value)
1353 return lp_ulong(data->value);
1358 /* Return parametric option from a given service. Type is a part of option before ':' */
1359 /* Parametric option has following syntax: 'Type: option = value' */
1361 unsigned long long lp_parm_ulonglong(int snum, const char *type,
1362 const char *option, unsigned long long def)
1364 struct parmlist_entry *data = get_parametrics(snum, type, option);
1366 if (data && data->value && *data->value) {
1367 return lp_ulonglong(data->value);
1373 /* Return parametric option from a given service. Type is a part of option
1375 /* Parametric option has following syntax: 'Type: option = value' */
1377 bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
1379 struct parmlist_entry *data = get_parametrics(snum, type, option);
1381 if (data && data->value && *data->value)
1382 return lp_bool(data->value);
1387 /* Return parametric option from a given service. Type is a part of option before ':' */
1388 /* Parametric option has following syntax: 'Type: option = value' */
1390 int lp_parm_enum(int snum, const char *type, const char *option,
1391 const struct enum_list *_enum, int def)
1393 struct parmlist_entry *data = get_parametrics(snum, type, option);
1395 if (data && data->value && *data->value && _enum)
1396 return lp_enum(data->value, _enum);
1402 * free a param_opts structure.
1403 * param_opts handling should be moved to talloc;
1404 * then this whole functions reduces to a TALLOC_FREE().
1407 static void free_param_opts(struct parmlist_entry **popts)
1409 struct parmlist_entry *opt, *next_opt;
1411 if (*popts != NULL) {
1412 DEBUG(5, ("Freeing parametrics:\n"));
1415 while (opt != NULL) {
1416 lpcfg_string_free(&opt->key);
1417 lpcfg_string_free(&opt->value);
1418 TALLOC_FREE(opt->list);
1419 next_opt = opt->next;
1426 /***************************************************************************
1427 Free the dynamically allocated parts of a service struct.
1428 ***************************************************************************/
1430 static void free_service(struct loadparm_service *pservice)
1435 if (pservice->szService)
1436 DEBUG(5, ("free_service: Freeing service %s\n",
1437 pservice->szService));
1439 free_parameters(pservice);
1441 lpcfg_string_free(&pservice->szService);
1442 TALLOC_FREE(pservice->copymap);
1444 free_param_opts(&pservice->param_opt);
1446 ZERO_STRUCTP(pservice);
1450 /***************************************************************************
1451 remove a service indexed in the ServicePtrs array from the ServiceHash
1452 and free the dynamically allocated parts
1453 ***************************************************************************/
1455 static void free_service_byindex(int idx)
1457 if ( !LP_SNUM_OK(idx) )
1460 ServicePtrs[idx]->valid = false;
1462 /* we have to cleanup the hash record */
1464 if (ServicePtrs[idx]->szService) {
1465 char *canon_name = canonicalize_servicename(
1467 ServicePtrs[idx]->szService );
1469 dbwrap_delete_bystring(ServiceHash, canon_name );
1470 TALLOC_FREE(canon_name);
1473 free_service(ServicePtrs[idx]);
1474 TALLOC_FREE(ServicePtrs[idx]);
1477 /***************************************************************************
1478 Add a new service to the services array initialising it with the given
1480 ***************************************************************************/
1482 static int add_a_service(const struct loadparm_service *pservice, const char *name)
1485 struct loadparm_service **tsp = NULL;
1487 /* it might already exist */
1489 i = getservicebyname(name, NULL);
1495 /* Re use empty slots if any before allocating new one.*/
1496 for (i=0; i < iNumServices; i++) {
1497 if (ServicePtrs[i] == NULL) {
1501 if (i == iNumServices) {
1502 /* if not, then create one */
1503 tsp = talloc_realloc(NULL, ServicePtrs,
1504 struct loadparm_service *,
1507 DEBUG(0, ("add_a_service: failed to enlarge "
1514 ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
1515 if (!ServicePtrs[i]) {
1516 DEBUG(0,("add_a_service: out of memory!\n"));
1520 ServicePtrs[i]->valid = true;
1522 copy_service(ServicePtrs[i], pservice, NULL);
1524 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
1527 DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
1528 i, ServicePtrs[i]->szService));
1530 if (!hash_a_service(ServicePtrs[i]->szService, i)) {
1537 /***************************************************************************
1538 Convert a string to uppercase and remove whitespaces.
1539 ***************************************************************************/
1541 char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
1546 DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
1550 result = talloc_strdup(ctx, src);
1551 SMB_ASSERT(result != NULL);
1553 if (!strlower_m(result)) {
1554 TALLOC_FREE(result);
1560 /***************************************************************************
1561 Add a name/index pair for the services array to the hash table.
1562 ***************************************************************************/
1564 static bool hash_a_service(const char *name, int idx)
1568 if ( !ServiceHash ) {
1569 DEBUG(10,("hash_a_service: creating servicehash\n"));
1570 ServiceHash = db_open_rbt(NULL);
1571 if ( !ServiceHash ) {
1572 DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
1577 DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
1580 canon_name = canonicalize_servicename(talloc_tos(), name );
1582 dbwrap_store_bystring(ServiceHash, canon_name,
1583 make_tdb_data((uint8_t *)&idx, sizeof(idx)),
1586 TALLOC_FREE(canon_name);
1591 /***************************************************************************
1592 Add a new home service, with the specified home directory, defaults coming
1594 ***************************************************************************/
1596 bool lp_add_home(const char *pszHomename, int iDefaultService,
1597 const char *user, const char *pszHomedir)
1599 const struct loadparm_substitution *lp_sub =
1600 loadparm_s3_global_substitution();
1604 if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
1605 pszHomedir[0] == '\0') {
1609 i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
1614 global_path = lp_path(talloc_tos(), lp_sub, GLOBAL_SECTION_SNUM);
1615 if (!(*(ServicePtrs[iDefaultService]->path))
1616 || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
1617 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
1620 TALLOC_FREE(global_path);
1622 if (!(*(ServicePtrs[i]->comment))) {
1623 char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
1624 if (comment == NULL) {
1627 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
1629 TALLOC_FREE(comment);
1632 /* set the browseable flag from the global default */
1634 ServicePtrs[i]->browseable = sDefault.browseable;
1635 ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
1637 ServicePtrs[i]->autoloaded = true;
1639 DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
1640 user, ServicePtrs[i]->path ));
1645 /***************************************************************************
1646 Add a new service, based on an old one.
1647 ***************************************************************************/
1649 int lp_add_service(const char *pszService, int iDefaultService)
1651 if (iDefaultService < 0) {
1652 return add_a_service(&sDefault, pszService);
1655 return (add_a_service(ServicePtrs[iDefaultService], pszService));
1658 /***************************************************************************
1659 Add the IPC service.
1660 ***************************************************************************/
1662 static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1664 char *comment = NULL;
1665 int i = add_a_service(&sDefault, ipc_name);
1670 comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
1671 Globals.server_string);
1672 if (comment == NULL) {
1676 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
1677 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1678 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
1679 ServicePtrs[i]->max_connections = 0;
1680 ServicePtrs[i]->available = true;
1681 ServicePtrs[i]->read_only = true;
1682 ServicePtrs[i]->guest_only = false;
1683 ServicePtrs[i]->administrative_share = true;
1684 ServicePtrs[i]->guest_ok = guest_ok;
1685 ServicePtrs[i]->printable = false;
1686 ServicePtrs[i]->browseable = sDefault.browseable;
1687 ServicePtrs[i]->autoloaded = false;
1689 DEBUG(3, ("adding IPC service\n"));
1691 TALLOC_FREE(comment);
1695 /***************************************************************************
1696 Add a new printer service, with defaults coming from service iFrom.
1697 ***************************************************************************/
1699 bool lp_add_printer(const char *pszPrintername, int iDefaultService)
1701 const char *comment = "From Printcap";
1702 int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
1707 /* note that we do NOT default the availability flag to true - */
1708 /* we take it from the default service passed. This allows all */
1709 /* dynamic printers to be disabled by disabling the [printers] */
1710 /* entry (if/when the 'available' keyword is implemented!). */
1712 /* the printer name is set to the service name. */
1713 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
1715 lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
1717 /* set the browseable flag from the global default */
1718 ServicePtrs[i]->browseable = sDefault.browseable;
1720 /* Printers cannot be read_only. */
1721 ServicePtrs[i]->read_only = false;
1722 /* No oplocks on printer services. */
1723 ServicePtrs[i]->oplocks = false;
1724 /* Printer services must be printable. */
1725 ServicePtrs[i]->printable = true;
1727 DEBUG(3, ("adding printer service %s\n", pszPrintername));
1733 /***************************************************************************
1734 Check whether the given parameter name is valid.
1735 Parametric options (names containing a colon) are considered valid.
1736 ***************************************************************************/
1738 bool lp_parameter_is_valid(const char *pszParmName)
1740 return ((lpcfg_map_parameter(pszParmName) != -1) ||
1741 (strchr(pszParmName, ':') != NULL));
1744 /***************************************************************************
1745 Check whether the given name is the name of a global parameter.
1746 Returns true for strings belonging to parameters of class
1747 P_GLOBAL, false for all other strings, also for parametric options
1748 and strings not belonging to any option.
1749 ***************************************************************************/
1751 bool lp_parameter_is_global(const char *pszParmName)
1753 int num = lpcfg_map_parameter(pszParmName);
1756 return (parm_table[num].p_class == P_GLOBAL);
1762 /**************************************************************************
1763 Determine the canonical name for a parameter.
1764 Indicate when it is an inverse (boolean) synonym instead of a
1766 **************************************************************************/
1768 bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
1773 if (!lp_parameter_is_valid(parm_name)) {
1778 num = map_parameter_canonical(parm_name, inverse);
1780 /* parametric option */
1781 *canon_parm = parm_name;
1783 *canon_parm = parm_table[num].label;
1790 /**************************************************************************
1791 Determine the canonical name for a parameter.
1792 Turn the value given into the inverse boolean expression when
1793 the synonym is an inverse boolean synonym.
1796 - parm_name is a valid parameter name and
1797 - val is a valid value for this parameter and
1798 - in case the parameter is an inverse boolean synonym, if the val
1799 string could successfully be converted to the reverse bool.
1800 Return false in all other cases.
1801 **************************************************************************/
1803 bool lp_canonicalize_parameter_with_value(const char *parm_name,
1805 const char **canon_parm,
1806 const char **canon_val)
1812 if (!lp_parameter_is_valid(parm_name)) {
1818 num = map_parameter_canonical(parm_name, &inverse);
1820 /* parametric option */
1821 *canon_parm = parm_name;
1826 *canon_parm = parm_table[num].label;
1828 if (!lp_invert_boolean(val, canon_val)) {
1836 ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
1841 /***************************************************************************
1842 Map a parameter's string representation to the index of the canonical
1843 form of the parameter (it might be a synonym).
1844 Returns -1 if the parameter string is not recognised.
1845 ***************************************************************************/
1847 static int map_parameter_canonical(const char *pszParmName, bool *inverse)
1849 int parm_num, canon_num;
1850 bool loc_inverse = false;
1852 parm_num = lpcfg_map_parameter(pszParmName);
1853 if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
1854 /* invalid, parametric or no candidate for synonyms ... */
1858 for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
1859 if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
1860 parm_num = canon_num;
1866 if (inverse != NULL) {
1867 *inverse = loc_inverse;
1872 /***************************************************************************
1873 return true if parameter number parm1 is a synonym of parameter
1874 number parm2 (parm2 being the principal name).
1875 set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
1877 ***************************************************************************/
1879 static bool is_synonym_of(int parm1, int parm2, bool *inverse)
1881 if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
1882 (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
1883 (parm_table[parm1].flags & FLAG_SYNONYM) &&
1884 !(parm_table[parm2].flags & FLAG_SYNONYM))
1886 if (inverse != NULL) {
1887 if ((parm_table[parm1].type == P_BOOLREV) &&
1888 (parm_table[parm2].type == P_BOOL))
1900 /***************************************************************************
1901 Show one parameter's name, type, [values,] and flags.
1902 (helper functions for show_parameter_list)
1903 ***************************************************************************/
1905 static void show_parameter(int parmIndex)
1907 size_t enumIndex, flagIndex;
1912 const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
1913 "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
1914 "P_ENUM", "P_BYTES", "P_CMDLIST" };
1915 unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
1916 const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
1918 printf("%s=%s", parm_table[parmIndex].label,
1919 type[parm_table[parmIndex].type]);
1920 if (parm_table[parmIndex].type == P_ENUM) {
1923 parm_table[parmIndex].enum_list[enumIndex].name;
1927 enumIndex ? "|" : "",
1928 parm_table[parmIndex].enum_list[enumIndex].name);
1933 for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
1934 if (parm_table[parmIndex].flags & flags[flagIndex]) {
1937 flag_names[flagIndex]);
1942 /* output synonyms */
1944 for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
1945 if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
1946 printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
1947 parm_table[parmIndex2].label);
1948 } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
1950 printf(" (synonyms: ");
1955 printf("%s%s", parm_table[parmIndex2].label,
1956 inverse ? "[i]" : "");
1967 * Check the value for a P_ENUM
1969 static bool check_enum_parameter(struct parm_struct *parm, const char *value)
1973 for (i = 0; parm->enum_list[i].name; i++) {
1974 if (strwicmp(value, parm->enum_list[i].name) == 0) {
1981 /**************************************************************************
1982 Check whether the given value is valid for the given parameter name.
1983 **************************************************************************/
1985 static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
1987 bool ret = false, tmp_bool;
1988 int num = lpcfg_map_parameter(parm_name), tmp_int;
1989 uint64_t tmp_int64 = 0;
1990 struct parm_struct *parm;
1992 /* parametric options (parameter names containing a colon) cannot
1993 be checked and are therefore considered valid. */
1994 if (strchr(parm_name, ':') != NULL) {
1999 parm = &parm_table[num];
2000 switch (parm->type) {
2003 ret = set_boolean(val, &tmp_bool);
2007 ret = (sscanf(val, "%d", &tmp_int) == 1);
2011 ret = (sscanf(val, "%o", &tmp_int) == 1);
2015 ret = check_enum_parameter(parm, val);
2019 if (conv_str_size_error(val, &tmp_int64) &&
2020 tmp_int64 <= INT_MAX) {
2037 /***************************************************************************
2038 Show all parameter's name, type, [values,] and flags.
2039 ***************************************************************************/
2041 void show_parameter_list(void)
2043 int classIndex, parmIndex;
2044 const char *section_names[] = { "local", "global", NULL};
2046 for (classIndex=0; section_names[classIndex]; classIndex++) {
2047 printf("[%s]\n", section_names[classIndex]);
2048 for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
2049 if (parm_table[parmIndex].p_class == classIndex) {
2050 show_parameter(parmIndex);
2056 /***************************************************************************
2057 Get the standard string representation of a boolean value ("yes" or "no")
2058 ***************************************************************************/
2060 static const char *get_boolean(bool bool_value)
2062 static const char *yes_str = "yes";
2063 static const char *no_str = "no";
2065 return (bool_value ? yes_str : no_str);
2068 /***************************************************************************
2069 Provide the string of the negated boolean value associated to the boolean
2070 given as a string. Returns false if the passed string does not correctly
2071 represent a boolean.
2072 ***************************************************************************/
2074 bool lp_invert_boolean(const char *str, const char **inverse_str)
2078 if (!set_boolean(str, &val)) {
2082 *inverse_str = get_boolean(!val);
2086 /***************************************************************************
2087 Provide the canonical string representation of a boolean value given
2088 as a string. Return true on success, false if the string given does
2089 not correctly represent a boolean.
2090 ***************************************************************************/
2092 bool lp_canonicalize_boolean(const char *str, const char**canon_str)
2096 if (!set_boolean(str, &val)) {
2100 *canon_str = get_boolean(val);
2104 /***************************************************************************
2105 Find a service by name. Otherwise works like get_service.
2106 ***************************************************************************/
2108 int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
2115 if (ServiceHash == NULL) {
2119 canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
2121 status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
2124 if (NT_STATUS_IS_OK(status) &&
2125 (data.dptr != NULL) &&
2126 (data.dsize == sizeof(iService)))
2128 memcpy(&iService, data.dptr, sizeof(iService));
2131 TALLOC_FREE(canon_name);
2133 if ((iService != -1) && (LP_SNUM_OK(iService))
2134 && (pserviceDest != NULL)) {
2135 copy_service(pserviceDest, ServicePtrs[iService], NULL);
2141 /* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
2142 struct loadparm_service *lp_service(const char *pszServiceName)
2144 int iService = getservicebyname(pszServiceName, NULL);
2145 if (iService == -1 || !LP_SNUM_OK(iService)) {
2148 return ServicePtrs[iService];
2151 struct loadparm_service *lp_servicebynum(int snum)
2153 if ((snum == -1) || !LP_SNUM_OK(snum)) {
2156 return ServicePtrs[snum];
2159 struct loadparm_service *lp_default_loadparm_service(void)
2164 static struct smbconf_ctx *lp_smbconf_ctx(void)
2167 static struct smbconf_ctx *conf_ctx = NULL;
2169 if (conf_ctx == NULL) {
2170 err = smbconf_init(NULL, &conf_ctx, "registry:");
2171 if (!SBC_ERROR_IS_OK(err)) {
2172 DEBUG(1, ("error initializing registry configuration: "
2173 "%s\n", sbcErrorString(err)));
2181 static bool process_smbconf_service(struct smbconf_service *service)
2186 if (service == NULL) {
2190 ret = lp_do_section(service->name, NULL);
2194 for (count = 0; count < service->num_params; count++) {
2196 if (!bInGlobalSection && bGlobalOnly) {
2199 const char *pszParmName = service->param_names[count];
2200 const char *pszParmValue = service->param_values[count];
2202 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2204 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2205 pszParmName, pszParmValue);
2212 if (iServiceIndex >= 0) {
2213 return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2219 * load a service from registry and activate it
2221 bool process_registry_service(const char *service_name)
2224 struct smbconf_service *service = NULL;
2225 TALLOC_CTX *mem_ctx = talloc_stackframe();
2226 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2229 if (conf_ctx == NULL) {
2233 DEBUG(5, ("process_registry_service: service name %s\n", service_name));
2235 if (!smbconf_share_exists(conf_ctx, service_name)) {
2237 * Registry does not contain data for this service (yet),
2238 * but make sure lp_load doesn't return false.
2244 err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
2245 if (!SBC_ERROR_IS_OK(err)) {
2249 ret = process_smbconf_service(service);
2255 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2258 TALLOC_FREE(mem_ctx);
2263 * process_registry_globals
2265 static bool process_registry_globals(void)
2269 add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
2271 if (!bInGlobalSection && bGlobalOnly) {
2274 const char *pszParmName = "registry shares";
2275 const char *pszParmValue = "yes";
2277 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2279 ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
2280 pszParmName, pszParmValue);
2287 return process_registry_service(GLOBAL_NAME);
2290 bool process_registry_shares(void)
2294 struct smbconf_service **service = NULL;
2295 uint32_t num_shares = 0;
2296 TALLOC_CTX *mem_ctx = talloc_stackframe();
2297 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2300 if (conf_ctx == NULL) {
2304 err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
2305 if (!SBC_ERROR_IS_OK(err)) {
2311 for (count = 0; count < num_shares; count++) {
2312 if (strequal(service[count]->name, GLOBAL_NAME)) {
2315 ret = process_smbconf_service(service[count]);
2322 smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
2325 TALLOC_FREE(mem_ctx);
2330 * reload those shares from registry that are already
2331 * activated in the services array.
2333 static bool reload_registry_shares(void)
2338 for (i = 0; i < iNumServices; i++) {
2343 if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
2347 ret = process_registry_service(ServicePtrs[i]->szService);
2358 #define MAX_INCLUDE_DEPTH 100
2360 static uint8_t include_depth;
2363 * Free the file lists
2365 static void free_file_list(void)
2367 struct file_lists *f;
2368 struct file_lists *next;
2381 * Utility function for outsiders to check if we're running on registry.
2383 bool lp_config_backend_is_registry(void)
2385 return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
2389 * Utility function to check if the config backend is FILE.
2391 bool lp_config_backend_is_file(void)
2393 return (lp_config_backend() == CONFIG_BACKEND_FILE);
2396 /*******************************************************************
2397 Check if a config file has changed date.
2398 ********************************************************************/
2400 bool lp_file_list_changed(void)
2402 struct file_lists *f = file_lists;
2404 DEBUG(6, ("lp_file_list_changed()\n"));
2407 if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
2408 struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
2410 if (conf_ctx == NULL) {
2413 if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
2416 DEBUGADD(6, ("registry config changed\n"));
2420 struct timespec mod_time = {
2423 struct timeval_buf tbuf = {
2427 struct stat sb = {0};
2430 n2 = talloc_sub_basic(talloc_tos(),
2431 get_current_username(),
2432 get_current_user_info_domain(),
2437 DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
2439 timespec_string_buf(&f->modtime,
2445 mod_time = get_mtimespec(&sb);
2448 if (mod_time.tv_sec > 0 &&
2449 ((timespec_compare(&mod_time, &f->modtime) != 0) ||
2450 (f->subfname == NULL) ||
2451 (strcmp(n2, f->subfname) != 0)))
2453 f->modtime = mod_time;
2456 ("file %s modified: %s\n", n2,
2457 timespec_string_buf(&f->modtime,
2461 TALLOC_FREE(f->subfname);
2462 f->subfname = talloc_strdup(f, n2);
2463 if (f->subfname == NULL) {
2464 smb_panic("talloc_strdup failed");
2478 * Initialize iconv conversion descriptors.
2480 * This is called the first time it is needed, and also called again
2481 * every time the configuration is reloaded, because the charset or
2482 * codepage might have changed.
2484 static void init_iconv(void)
2486 struct smb_iconv_handle *ret = NULL;
2488 ret = reinit_iconv_handle(NULL,
2492 smb_panic("reinit_iconv_handle failed");
2496 /***************************************************************************
2497 Handle the include operation.
2498 ***************************************************************************/
2499 static bool bAllowIncludeRegistry = true;
2501 bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
2502 const char *pszParmValue, char **ptr)
2506 if (include_depth >= MAX_INCLUDE_DEPTH) {
2507 DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
2512 if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
2513 if (!bAllowIncludeRegistry) {
2516 if (lp_ctx->bInGlobalSection) {
2519 ret = process_registry_globals();
2523 DEBUG(1, ("\"include = registry\" only effective "
2524 "in %s section\n", GLOBAL_NAME));
2529 fname = talloc_sub_basic(talloc_tos(), get_current_username(),
2530 get_current_user_info_domain(),
2533 add_to_file_list(NULL, &file_lists, pszParmValue, fname);
2535 if (service == NULL) {
2536 lpcfg_string_set(Globals.ctx, ptr, fname);
2538 lpcfg_string_set(service, ptr, fname);
2541 if (file_exist(fname)) {
2544 ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
2550 DEBUG(2, ("Can't find include file %s\n", fname));
2555 bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
2557 char *config_option = NULL;
2558 const char *range = NULL;
2561 SMB_ASSERT(low != NULL);
2562 SMB_ASSERT(high != NULL);
2564 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2568 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2570 if (config_option == NULL) {
2571 DEBUG(0, ("out of memory\n"));
2575 range = lp_parm_const_string(-1, config_option, "range", NULL);
2576 if (range == NULL) {
2577 DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
2581 if (sscanf(range, "%u - %u", low, high) != 2) {
2582 DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
2583 range, domain_name));
2590 talloc_free(config_option);
2595 bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
2597 return lp_idmap_range("*", low, high);
2600 const char *lp_idmap_backend(const char *domain_name)
2602 char *config_option = NULL;
2603 const char *backend = NULL;
2605 if ((domain_name == NULL) || (domain_name[0] == '\0')) {
2609 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
2611 if (config_option == NULL) {
2612 DEBUG(0, ("out of memory\n"));
2616 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
2617 if (backend == NULL) {
2618 DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
2623 talloc_free(config_option);
2627 const char *lp_idmap_default_backend(void)
2629 return lp_idmap_backend("*");
2632 /***************************************************************************
2633 Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
2634 ***************************************************************************/
2636 static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
2638 const char *suffix_string;
2640 suffix_string = talloc_asprintf(ctx, "%s,%s", str,
2641 Globals.ldap_suffix );
2642 if ( !suffix_string ) {
2643 DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
2647 return suffix_string;
2650 const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
2652 if (Globals._ldap_machine_suffix[0])
2653 return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
2655 return talloc_strdup(ctx, Globals.ldap_suffix);
2658 const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
2660 if (Globals._ldap_user_suffix[0])
2661 return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
2663 return talloc_strdup(ctx, Globals.ldap_suffix);
2666 const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
2668 if (Globals._ldap_group_suffix[0])
2669 return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
2671 return talloc_strdup(ctx, Globals.ldap_suffix);
2674 const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
2676 if (Globals._ldap_idmap_suffix[0])
2677 return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
2679 return talloc_strdup(ctx, Globals.ldap_suffix);
2683 return the parameter pointer for a parameter
2685 void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
2687 if (service == NULL) {
2688 if (parm->p_class == P_LOCAL)
2689 return (void *)(((char *)&sDefault)+parm->offset);
2690 else if (parm->p_class == P_GLOBAL)
2691 return (void *)(((char *)&Globals)+parm->offset);
2694 return (void *)(((char *)service) + parm->offset);
2698 /***************************************************************************
2699 Process a parameter for a particular service number. If snum < 0
2700 then assume we are in the globals.
2701 ***************************************************************************/
2703 bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
2705 TALLOC_CTX *frame = talloc_stackframe();
2706 struct loadparm_context *lp_ctx;
2709 lp_ctx = setup_lp_context(frame);
2710 if (lp_ctx == NULL) {
2716 ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
2718 ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
2719 pszParmName, pszParmValue);
2727 /***************************************************************************
2728 set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
2729 FLAG_CMDLINE won't be overridden by loads from smb.conf.
2730 ***************************************************************************/
2732 static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
2735 parmnum = lpcfg_map_parameter(pszParmName);
2737 flags_list[parmnum] &= ~FLAG_CMDLINE;
2738 if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
2741 flags_list[parmnum] |= FLAG_CMDLINE;
2743 /* we have to also set FLAG_CMDLINE on aliases. Aliases must
2744 * be grouped in the table, so we don't have to search the
2747 i>=0 && parm_table[i].offset == parm_table[parmnum].offset
2748 && parm_table[i].p_class == parm_table[parmnum].p_class;
2750 flags_list[i] |= FLAG_CMDLINE;
2752 for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
2753 && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
2754 flags_list[i] |= FLAG_CMDLINE;
2760 /* it might be parametric */
2761 if (strchr(pszParmName, ':') != NULL) {
2762 set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
2766 DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
2770 /***************************************************************************
2771 Process a parameter.
2772 ***************************************************************************/
2774 static bool do_parameter(const char *pszParmName, const char *pszParmValue,
2777 if (!bInGlobalSection && bGlobalOnly)
2780 DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
2782 if (bInGlobalSection) {
2783 return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
2785 return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
2786 pszParmName, pszParmValue);
2791 static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
2794 * check that @vfs_objects includes all vfs modules required by an AD DC.
2796 static bool check_ad_dc_required_mods(const char **vfs_objects)
2802 for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
2804 for (j = 0; vfs_objects[j] != NULL; j++) {
2805 if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
2811 DEBUG(0, ("vfs objects specified without required AD "
2812 "DC module: %s\n", ad_dc_req_vfs_mods[i]));
2817 DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
2822 /***************************************************************************
2823 Initialize any local variables in the sDefault table, after parsing a
2825 ***************************************************************************/
2827 static void init_locals(void)
2830 * We run this check once the [globals] is parsed, to force
2831 * the VFS objects and other per-share settings we need for
2832 * the standard way a AD DC is operated. We may change these
2833 * as our code evolves, which is why we force these settings.
2835 * We can't do this at the end of lp_load_ex(), as by that
2836 * point the services have been loaded and they will already
2837 * have "" as their vfs objects.
2839 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
2840 const char **vfs_objects = lp_vfs_objects(-1);
2841 if (vfs_objects != NULL) {
2842 /* ignore return, only warn if modules are missing */
2843 check_ad_dc_required_mods(vfs_objects);
2845 if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
2846 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
2847 } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
2848 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
2850 lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
2854 lp_do_parameter(-1, "map hidden", "no");
2855 lp_do_parameter(-1, "map system", "no");
2856 lp_do_parameter(-1, "map readonly", "no");
2857 lp_do_parameter(-1, "map archive", "no");
2858 lp_do_parameter(-1, "store dos attributes", "yes");
2862 /***************************************************************************
2863 Process a new section (service). At this stage all sections are services.
2864 Later we'll have special sections that permit server parameters to be set.
2865 Returns true on success, false on failure.
2866 ***************************************************************************/
2868 bool lp_do_section(const char *pszSectionName, void *userdata)
2870 struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
2872 bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
2873 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
2875 /* if we were in a global section then do the local inits */
2876 if (bInGlobalSection && !isglobal)
2879 /* if we've just struck a global section, note the fact. */
2880 bInGlobalSection = isglobal;
2881 if (lp_ctx != NULL) {
2882 lp_ctx->bInGlobalSection = isglobal;
2885 /* check for multiple global sections */
2886 if (bInGlobalSection) {
2887 DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
2891 if (!bInGlobalSection && bGlobalOnly)
2894 /* if we have a current service, tidy it up before moving on */
2897 if ((iServiceIndex >= 0) && (ServicePtrs[iServiceIndex] != NULL))
2898 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
2900 /* if all is still well, move to the next record in the services array */
2902 /* We put this here to avoid an odd message order if messages are */
2903 /* issued by the post-processing of a previous section. */
2904 DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
2906 iServiceIndex = add_a_service(&sDefault, pszSectionName);
2907 if (iServiceIndex < 0) {
2908 DEBUG(0, ("Failed to add a new service\n"));
2911 /* Clean all parametric options for service */
2912 /* They will be added during parsing again */
2913 free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
2919 /***************************************************************************
2920 Display the contents of a parameter of a single services record.
2921 ***************************************************************************/
2923 bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
2925 bool result = false;
2926 struct loadparm_context *lp_ctx;
2928 lp_ctx = setup_lp_context(talloc_tos());
2929 if (lp_ctx == NULL) {
2934 result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
2936 result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
2938 TALLOC_FREE(lp_ctx);
2943 /***************************************************************************
2944 Display the contents of a single copy structure.
2945 ***************************************************************************/
2946 static void dump_copy_map(bool *pcopymap)
2952 printf("\n\tNon-Copied parameters:\n");
2954 for (i = 0; parm_table[i].label; i++)
2955 if (parm_table[i].p_class == P_LOCAL &&
2956 parm_table[i].ptr && !pcopymap[i] &&
2957 (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
2959 printf("\t\t%s\n", parm_table[i].label);
2964 /***************************************************************************
2965 Return TRUE if the passed service number is within range.
2966 ***************************************************************************/
2968 bool lp_snum_ok(int iService)
2970 return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
2973 /***************************************************************************
2974 Auto-load some home services.
2975 ***************************************************************************/
2977 static void lp_add_auto_services(const char *str)
2987 s = talloc_strdup(talloc_tos(), str);
2989 smb_panic("talloc_strdup failed");
2993 homes = lp_servicenumber(HOMES_NAME);
2995 for (p = strtok_r(s, LIST_SEP, &saveptr); p;
2996 p = strtok_r(NULL, LIST_SEP, &saveptr)) {
2999 if (lp_servicenumber(p) >= 0)
3002 home = get_user_home_dir(talloc_tos(), p);
3004 if (home && home[0] && homes >= 0)
3005 lp_add_home(p, homes, p, home);
3012 /***************************************************************************
3013 Auto-load one printer.
3014 ***************************************************************************/
3016 void lp_add_one_printer(const char *name, const char *comment,
3017 const char *location, void *pdata)
3019 int printers = lp_servicenumber(PRINTERS_NAME);
3022 if (lp_servicenumber(name) < 0) {
3023 lp_add_printer(name, printers);
3024 if ((i = lp_servicenumber(name)) >= 0) {
3025 lpcfg_string_set(ServicePtrs[i],
3026 &ServicePtrs[i]->comment, comment);
3027 ServicePtrs[i]->autoloaded = true;
3032 /***************************************************************************
3033 Have we loaded a services file yet?
3034 ***************************************************************************/
3036 bool lp_loaded(void)
3041 /***************************************************************************
3042 Unload unused services.
3043 ***************************************************************************/
3045 void lp_killunused(struct smbd_server_connection *sconn,
3046 bool (*snumused) (struct smbd_server_connection *, int))
3049 for (i = 0; i < iNumServices; i++) {
3053 /* don't kill autoloaded or usershare services */
3054 if ( ServicePtrs[i]->autoloaded ||
3055 ServicePtrs[i]->usershare == USERSHARE_VALID) {
3059 if (!snumused || !snumused(sconn, i)) {
3060 free_service_byindex(i);
3066 * Kill all except autoloaded and usershare services - convenience wrapper
3068 void lp_kill_all_services(void)
3070 lp_killunused(NULL, NULL);
3073 /***************************************************************************
3075 ***************************************************************************/
3077 void lp_killservice(int iServiceIn)
3079 if (VALID(iServiceIn)) {
3080 free_service_byindex(iServiceIn);
3084 /***************************************************************************
3085 Save the current values of all global and sDefault parameters into the
3086 defaults union. This allows testparm to show only the
3087 changed (ie. non-default) parameters.
3088 ***************************************************************************/
3090 static void lp_save_defaults(void)
3093 struct parmlist_entry * parm;
3094 for (i = 0; parm_table[i].label; i++) {
3095 if (!(flags_list[i] & FLAG_CMDLINE)) {
3096 flags_list[i] |= FLAG_DEFAULT;
3099 if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
3100 && parm_table[i].p_class == parm_table[i - 1].p_class)
3102 switch (parm_table[i].type) {
3105 parm_table[i].def.lvalue = str_list_copy(
3106 NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
3112 &parm_table[i].def.svalue,
3113 *(char **)lp_parm_ptr(
3114 NULL, &parm_table[i]));
3115 if (parm_table[i].def.svalue == NULL) {
3116 smb_panic("lpcfg_string_set() failed");
3121 parm_table[i].def.bvalue =
3122 *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
3125 parm_table[i].def.cvalue =
3126 *(char *)lp_parm_ptr(NULL, &parm_table[i]);
3132 parm_table[i].def.ivalue =
3133 *(int *)lp_parm_ptr(NULL, &parm_table[i]);
3138 for (parm=Globals.param_opt; parm; parm=parm->next) {
3139 if (!(parm->priority & FLAG_CMDLINE)) {
3140 parm->priority |= FLAG_DEFAULT;
3144 for (parm=sDefault.param_opt; parm; parm=parm->next) {
3145 if (!(parm->priority & FLAG_CMDLINE)) {
3146 parm->priority |= FLAG_DEFAULT;
3150 defaults_saved = true;
3153 /***********************************************************
3154 If we should send plaintext/LANMAN passwords in the client
3155 ************************************************************/
3157 static void set_allowed_client_auth(void)
3159 if (Globals.client_ntlmv2_auth) {
3160 Globals.client_lanman_auth = false;
3162 if (!Globals.client_lanman_auth) {
3163 Globals.client_plaintext_auth = false;
3167 /***************************************************************************
3169 The following code allows smbd to read a user defined share file.
3170 Yes, this is my intent. Yes, I'm comfortable with that...
3172 THE FOLLOWING IS SECURITY CRITICAL CODE.
3174 It washes your clothes, it cleans your house, it guards you while you sleep...
3175 Do not f%^k with it....
3176 ***************************************************************************/
3178 #define MAX_USERSHARE_FILE_SIZE (10*1024)
3180 /***************************************************************************
3181 Check allowed stat state of a usershare file.
3182 Ensure we print out who is dicking with us so the admin can
3183 get their sorry ass fired.
3184 ***************************************************************************/
3186 static bool check_usershare_stat(const char *fname,
3187 const SMB_STRUCT_STAT *psbuf)
3189 if (!S_ISREG(psbuf->st_ex_mode)) {
3190 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3191 "not a regular file\n",
3192 fname, (unsigned int)psbuf->st_ex_uid ));
3196 /* Ensure this doesn't have the other write bit set. */
3197 if (psbuf->st_ex_mode & S_IWOTH) {
3198 DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
3199 "public write. Refusing to allow as a usershare file.\n",
3200 fname, (unsigned int)psbuf->st_ex_uid ));
3204 /* Should be 10k or less. */
3205 if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
3206 DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
3207 "too large (%u) to be a user share file.\n",
3208 fname, (unsigned int)psbuf->st_ex_uid,
3209 (unsigned int)psbuf->st_ex_size ));
3216 /***************************************************************************
3217 Parse the contents of a usershare file.
3218 ***************************************************************************/
3220 enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
3221 SMB_STRUCT_STAT *psbuf,
3222 const char *servicename,
3226 char **pp_sharepath,
3228 char **pp_cp_servicename,
3229 struct security_descriptor **ppsd,
3232 const char **prefixallowlist = lp_usershare_prefix_allow_list();
3233 const char **prefixdenylist = lp_usershare_prefix_deny_list();
3236 SMB_STRUCT_STAT sbuf;
3237 char *sharepath = NULL;
3238 char *comment = NULL;
3240 *pp_sharepath = NULL;
3243 *pallow_guest = false;
3246 return USERSHARE_MALFORMED_FILE;
3249 if (strcmp(lines[0], "#VERSION 1") == 0) {
3251 } else if (strcmp(lines[0], "#VERSION 2") == 0) {
3254 return USERSHARE_MALFORMED_FILE;
3257 return USERSHARE_BAD_VERSION;
3260 if (strncmp(lines[1], "path=", 5) != 0) {
3261 return USERSHARE_MALFORMED_PATH;
3264 sharepath = talloc_strdup(ctx, &lines[1][5]);
3266 return USERSHARE_POSIX_ERR;
3268 trim_string(sharepath, " ", " ");
3270 if (strncmp(lines[2], "comment=", 8) != 0) {
3271 return USERSHARE_MALFORMED_COMMENT_DEF;
3274 comment = talloc_strdup(ctx, &lines[2][8]);
3276 return USERSHARE_POSIX_ERR;
3278 trim_string(comment, " ", " ");
3279 trim_char(comment, '"', '"');
3281 if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
3282 return USERSHARE_MALFORMED_ACL_DEF;
3285 if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
3286 return USERSHARE_ACL_ERR;
3290 if (strncmp(lines[4], "guest_ok=", 9) != 0) {
3291 return USERSHARE_MALFORMED_ACL_DEF;
3293 if (lines[4][9] == 'y') {
3294 *pallow_guest = true;
3297 /* Backwards compatible extension to file version #2. */
3299 if (strncmp(lines[5], "sharename=", 10) != 0) {
3300 return USERSHARE_MALFORMED_SHARENAME_DEF;
3302 if (!strequal(&lines[5][10], servicename)) {
3303 return USERSHARE_BAD_SHARENAME;
3305 *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
3306 if (!*pp_cp_servicename) {
3307 return USERSHARE_POSIX_ERR;
3312 if (*pp_cp_servicename == NULL) {
3313 *pp_cp_servicename = talloc_strdup(ctx, servicename);
3314 if (!*pp_cp_servicename) {
3315 return USERSHARE_POSIX_ERR;
3319 if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
3320 /* Path didn't change, no checks needed. */
3321 *pp_sharepath = sharepath;
3322 *pp_comment = comment;
3323 return USERSHARE_OK;
3326 /* The path *must* be absolute. */
3327 if (sharepath[0] != '/') {
3328 DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
3329 servicename, sharepath));
3330 return USERSHARE_PATH_NOT_ABSOLUTE;
3333 /* If there is a usershare prefix deny list ensure one of these paths
3334 doesn't match the start of the user given path. */
3335 if (prefixdenylist) {
3337 for ( i=0; prefixdenylist[i]; i++ ) {
3338 DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
3339 servicename, i, prefixdenylist[i], sharepath ));
3340 if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
3341 DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
3342 "usershare prefix deny list entries.\n",
3343 servicename, sharepath));
3344 return USERSHARE_PATH_IS_DENIED;
3349 /* If there is a usershare prefix allow list ensure one of these paths
3350 does match the start of the user given path. */
3352 if (prefixallowlist) {
3354 for ( i=0; prefixallowlist[i]; i++ ) {
3355 DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
3356 servicename, i, prefixallowlist[i], sharepath ));
3357 if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
3361 if (prefixallowlist[i] == NULL) {
3362 DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
3363 "usershare prefix allow list entries.\n",
3364 servicename, sharepath));
3365 return USERSHARE_PATH_NOT_ALLOWED;
3369 /* Ensure this is pointing to a directory. */
3370 dp = opendir(sharepath);
3373 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3374 servicename, sharepath));
3375 return USERSHARE_PATH_NOT_DIRECTORY;
3378 /* Ensure the owner of the usershare file has permission to share
3381 if (sys_stat(sharepath, &sbuf, false) == -1) {
3382 DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
3383 servicename, sharepath, strerror(errno) ));
3385 return USERSHARE_POSIX_ERR;
3390 if (!S_ISDIR(sbuf.st_ex_mode)) {
3391 DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
3392 servicename, sharepath ));
3393 return USERSHARE_PATH_NOT_DIRECTORY;
3396 /* Check if sharing is restricted to owner-only. */
3397 /* psbuf is the stat of the usershare definition file,
3398 sbuf is the stat of the target directory to be shared. */
3400 if (lp_usershare_owner_only()) {
3401 /* root can share anything. */
3402 if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
3403 return USERSHARE_PATH_NOT_ALLOWED;
3407 *pp_sharepath = sharepath;
3408 *pp_comment = comment;
3409 return USERSHARE_OK;
3412 /***************************************************************************
3413 Deal with a usershare file.
3416 -1 - Bad name, invalid contents.
3417 - service name already existed and not a usershare, problem
3418 with permissions to share directory etc.
3419 ***************************************************************************/
3421 static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
3423 SMB_STRUCT_STAT sbuf;
3424 SMB_STRUCT_STAT lsbuf;
3426 char *sharepath = NULL;
3427 char *comment = NULL;
3428 char *cp_service_name = NULL;
3429 char **lines = NULL;
3433 TALLOC_CTX *ctx = talloc_stackframe();
3434 struct security_descriptor *psd = NULL;
3435 bool guest_ok = false;
3436 char *canon_name = NULL;
3437 bool added_service = false;
3441 /* Ensure share name doesn't contain invalid characters. */
3442 if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
3443 DEBUG(0,("process_usershare_file: share name %s contains "
3444 "invalid characters (any of %s)\n",
3445 file_name, INVALID_SHARENAME_CHARS ));
3449 canon_name = canonicalize_servicename(ctx, file_name);
3454 fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
3459 /* Minimize the race condition by doing an lstat before we
3460 open and fstat. Ensure this isn't a symlink link. */
3462 if (sys_lstat(fname, &lsbuf, false) != 0) {
3463 if (errno == ENOENT) {
3464 /* Unknown share requested. Just ignore. */
3467 /* Only log messages for meaningful problems. */
3468 DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
3469 fname, strerror(errno) ));
3473 /* This must be a regular file, not a symlink, directory or
3474 other strange filetype. */
3475 if (!check_usershare_stat(fname, &lsbuf)) {
3482 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
3487 if (NT_STATUS_IS_OK(status) &&
3488 (data.dptr != NULL) &&
3489 (data.dsize == sizeof(iService))) {
3490 memcpy(&iService, data.dptr, sizeof(iService));
3494 if (iService != -1 &&
3495 timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
3496 &lsbuf.st_ex_mtime) == 0) {
3497 /* Nothing changed - Mark valid and return. */
3498 DEBUG(10,("process_usershare_file: service %s not changed.\n",
3500 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3505 /* Try and open the file read only - no symlinks allowed. */
3507 fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
3509 fd = open(fname, O_RDONLY, 0);
3513 DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
3514 fname, strerror(errno) ));
3518 /* Now fstat to be *SURE* it's a regular file. */
3519 if (sys_fstat(fd, &sbuf, false) != 0) {
3521 DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
3522 fname, strerror(errno) ));
3526 /* Is it the same dev/inode as was lstated ? */
3527 if (!check_same_stat(&lsbuf, &sbuf)) {
3529 DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
3530 "Symlink spoofing going on ?\n", fname ));
3534 /* This must be a regular file, not a symlink, directory or
3535 other strange filetype. */
3536 if (!check_usershare_stat(fname, &sbuf)) {
3541 lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
3544 if (lines == NULL) {
3545 DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
3546 fname, (unsigned int)sbuf.st_ex_uid ));
3550 if (parse_usershare_file(ctx, &sbuf, file_name,
3551 iService, lines, numlines, &sharepath,
3552 &comment, &cp_service_name,
3553 &psd, &guest_ok) != USERSHARE_OK) {
3557 /* Everything ok - add the service possibly using a template. */
3559 const struct loadparm_service *sp = &sDefault;
3560 if (snum_template != -1) {
3561 sp = ServicePtrs[snum_template];
3564 if ((iService = add_a_service(sp, cp_service_name)) < 0) {
3565 DEBUG(0, ("process_usershare_file: Failed to add "
3566 "new service %s\n", cp_service_name));
3570 added_service = true;
3572 /* Read only is controlled by usershare ACL below. */
3573 ServicePtrs[iService]->read_only = false;
3576 /* Write the ACL of the new/modified share. */
3577 status = set_share_security(canon_name, psd);
3578 if (!NT_STATUS_IS_OK(status)) {
3579 DEBUG(0, ("process_usershare_file: Failed to set share "
3580 "security for user share %s\n",
3585 /* If from a template it may be marked invalid. */
3586 ServicePtrs[iService]->valid = true;
3588 /* Set the service as a valid usershare. */
3589 ServicePtrs[iService]->usershare = USERSHARE_VALID;
3591 /* Set guest access. */
3592 if (lp_usershare_allow_guests()) {
3593 ServicePtrs[iService]->guest_ok = guest_ok;
3596 /* And note when it was loaded. */
3597 ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
3598 lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
3600 lpcfg_string_set(ServicePtrs[iService],
3601 &ServicePtrs[iService]->comment, comment);
3607 if (ret == -1 && iService != -1 && added_service) {
3608 lp_remove_service(iService);
3616 /***************************************************************************
3617 Checks if a usershare entry has been modified since last load.
3618 ***************************************************************************/
3620 static bool usershare_exists(int iService, struct timespec *last_mod)
3622 SMB_STRUCT_STAT lsbuf;
3623 const char *usersharepath = Globals.usershare_path;
3626 fname = talloc_asprintf(talloc_tos(),
3629 ServicePtrs[iService]->szService);
3630 if (fname == NULL) {
3634 if (sys_lstat(fname, &lsbuf, false) != 0) {
3639 if (!S_ISREG(lsbuf.st_ex_mode)) {
3645 *last_mod = lsbuf.st_ex_mtime;
3649 static bool usershare_directory_is_root(uid_t uid)
3655 if (uid_wrapper_enabled()) {
3662 /***************************************************************************
3663 Load a usershare service by name. Returns a valid servicenumber or -1.
3664 ***************************************************************************/
3666 int load_usershare_service(const char *servicename)
3668 SMB_STRUCT_STAT sbuf;
3669 const char *usersharepath = Globals.usershare_path;
3670 int max_user_shares = Globals.usershare_max_shares;
3671 int snum_template = -1;
3673 if (servicename[0] == '\0') {
3674 /* Invalid service name. */
3678 if (*usersharepath == 0 || max_user_shares == 0) {
3682 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3683 DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
3684 usersharepath, strerror(errno) ));
3688 if (!S_ISDIR(sbuf.st_ex_mode)) {
3689 DEBUG(0,("load_usershare_service: %s is not a directory.\n",
3695 * This directory must be owned by root, and have the 't' bit set.
3696 * It also must not be writable by "other".
3700 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3701 !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3703 if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
3704 (sbuf.st_ex_mode & S_IWOTH)) {
3706 DEBUG(0,("load_usershare_service: directory %s is not owned by root "
3707 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3712 /* Ensure the template share exists if it's set. */
3713 if (Globals.usershare_template_share[0]) {
3714 /* We can't use lp_servicenumber here as we are recommending that
3715 template shares have -valid=false set. */
3716 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3717 if (ServicePtrs[snum_template]->szService &&
3718 strequal(ServicePtrs[snum_template]->szService,
3719 Globals.usershare_template_share)) {
3724 if (snum_template == -1) {
3725 DEBUG(0,("load_usershare_service: usershare template share %s "
3726 "does not exist.\n",
3727 Globals.usershare_template_share ));
3732 return process_usershare_file(usersharepath, servicename, snum_template);
3735 /***************************************************************************
3736 Load all user defined shares from the user share directory.
3737 We only do this if we're enumerating the share list.
3738 This is the function that can delete usershares that have
3740 ***************************************************************************/
3742 int load_usershare_shares(struct smbd_server_connection *sconn,
3743 bool (*snumused) (struct smbd_server_connection *, int))
3746 SMB_STRUCT_STAT sbuf;
3748 int num_usershares = 0;
3749 int max_user_shares = Globals.usershare_max_shares;
3750 unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
3751 unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
3752 unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
3754 int snum_template = -1;
3755 const char *usersharepath = Globals.usershare_path;
3756 int ret = lp_numservices();
3757 TALLOC_CTX *tmp_ctx;
3759 if (max_user_shares == 0 || *usersharepath == '\0') {
3760 return lp_numservices();
3763 if (sys_stat(usersharepath, &sbuf, false) != 0) {
3764 DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
3765 usersharepath, strerror(errno) ));
3770 * This directory must be owned by root, and have the 't' bit set.
3771 * It also must not be writable by "other".
3775 if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
3777 if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
3779 DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
3780 "or does not have the sticky bit 't' set or is writable by anyone.\n",
3785 /* Ensure the template share exists if it's set. */
3786 if (Globals.usershare_template_share[0]) {
3787 /* We can't use lp_servicenumber here as we are recommending that
3788 template shares have -valid=false set. */
3789 for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
3790 if (ServicePtrs[snum_template]->szService &&
3791 strequal(ServicePtrs[snum_template]->szService,
3792 Globals.usershare_template_share)) {
3797 if (snum_template == -1) {
3798 DEBUG(0,("load_usershare_shares: usershare template share %s "
3799 "does not exist.\n",
3800 Globals.usershare_template_share ));
3805 /* Mark all existing usershares as pending delete. */
3806 for (iService = iNumServices - 1; iService >= 0; iService--) {
3807 if (VALID(iService) && ServicePtrs[iService]->usershare) {
3808 ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
3812 dp = opendir(usersharepath);
3814 DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
3815 usersharepath, strerror(errno) ));
3819 for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
3821 num_dir_entries++ ) {
3823 const char *n = de->d_name;
3825 /* Ignore . and .. */
3827 if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
3833 /* Temporary file used when creating a share. */
3834 num_tmp_dir_entries++;
3837 /* Allow 20% tmp entries. */
3838 if (num_tmp_dir_entries > allowed_tmp_entries) {
3839 DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
3840 "in directory %s\n",
3841 num_tmp_dir_entries, usersharepath));
3845 r = process_usershare_file(usersharepath, n, snum_template);
3847 /* Update the services count. */
3849 if (num_usershares >= max_user_shares) {
3850 DEBUG(0,("load_usershare_shares: max user shares reached "
3851 "on file %s in directory %s\n",
3852 n, usersharepath ));
3855 } else if (r == -1) {
3856 num_bad_dir_entries++;
3859 /* Allow 20% bad entries. */
3860 if (num_bad_dir_entries > allowed_bad_entries) {
3861 DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
3862 "in directory %s\n",
3863 num_bad_dir_entries, usersharepath));
3867 /* Allow 20% bad entries. */
3868 if (num_dir_entries > max_user_shares + allowed_bad_entries) {
3869 DEBUG(0,("load_usershare_shares: too many total entries (%u) "
3870 "in directory %s\n",
3871 num_dir_entries, usersharepath));
3878 /* Sweep through and delete any non-refreshed usershares that are
3879 not currently in use. */
3880 tmp_ctx = talloc_stackframe();
3881 for (iService = iNumServices - 1; iService >= 0; iService--) {
3882 if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
3883 const struct loadparm_substitution *lp_sub =
3884 loadparm_s3_global_substitution();
3887 if (snumused && snumused(sconn, iService)) {
3891 servname = lp_servicename(tmp_ctx, lp_sub, iService);
3893 /* Remove from the share ACL db. */
3894 DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
3896 delete_share_security(servname);
3897 free_service_byindex(iService);
3900 talloc_free(tmp_ctx);
3902 return lp_numservices();
3905 /********************************************************
3906 Destroy global resources allocated in this file
3907 ********************************************************/
3909 void gfree_loadparm(void)
3915 /* Free resources allocated to services */
3917 for ( i = 0; i < iNumServices; i++ ) {
3919 free_service_byindex(i);
3923 TALLOC_FREE( ServicePtrs );
3926 /* Now release all resources allocated to global
3927 parameters and the default service */
3929 free_global_parameters();
3933 /***************************************************************************
3934 Allow client apps to specify that they are a client
3935 ***************************************************************************/
3936 static void lp_set_in_client(bool b)
3942 /***************************************************************************
3943 Determine if we're running in a client app
3944 ***************************************************************************/
3945 static bool lp_is_in_client(void)
3950 static void lp_enforce_ad_dc_settings(void)
3952 lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
3953 lp_do_parameter(GLOBAL_SECTION_SNUM,
3954 "winbindd:use external pipes", "true");
3955 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
3956 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
3957 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
3958 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
3959 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
3960 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
3961 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
3962 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
3963 lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
3966 /***************************************************************************
3967 Load the services array from the services file. Return true on success,
3969 ***************************************************************************/
3971 static bool lp_load_ex(const char *pszFname,
3975 bool reinit_globals,
3976 bool allow_include_registry,
3977 bool load_all_shares)
3981 TALLOC_CTX *frame = talloc_stackframe();
3982 struct loadparm_context *lp_ctx;
3983 int max_protocol, min_protocol;
3985 DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
3987 bInGlobalSection = true;
3988 bGlobalOnly = global_only;
3989 bAllowIncludeRegistry = allow_include_registry;
3990 sDefault = _sDefault;
3992 lp_ctx = setup_lp_context(talloc_tos());
3994 loadparm_s3_init_globals(lp_ctx, reinit_globals);
3998 if (save_defaults) {
4003 if (!reinit_globals) {
4004 free_param_opts(&Globals.param_opt);
4005 apply_lp_set_cmdline();
4008 lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
4010 /* We get sections first, so have to start 'behind' to make up */
4013 if (lp_config_backend_is_file()) {
4014 n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
4015 get_current_user_info_domain(),
4018 smb_panic("lp_load_ex: out of memory");
4021 add_to_file_list(NULL, &file_lists, pszFname, n2);
4023 bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
4026 /* finish up the last section */
4027 DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
4029 if (iServiceIndex >= 0) {
4030 bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
4034 if (lp_config_backend_is_registry()) {
4036 /* config backend changed to registry in config file */
4038 * We need to use this extra global variable here to
4039 * survive restart: init_globals uses this as a default
4040 * for config_backend. Otherwise, init_globals would
4041 * send us into an endless loop here.
4044 config_backend = CONFIG_BACKEND_REGISTRY;
4046 DEBUG(1, ("lp_load_ex: changing to config backend "
4048 loadparm_s3_init_globals(lp_ctx, true);
4050 TALLOC_FREE(lp_ctx);
4052 lp_kill_all_services();
4053 ok = lp_load_ex(pszFname, global_only, save_defaults,
4054 add_ipc, reinit_globals,
4055 allow_include_registry,
4060 } else if (lp_config_backend_is_registry()) {
4061 bRetval = process_registry_globals();
4063 DEBUG(0, ("Illegal config backend given: %d\n",
4064 lp_config_backend()));
4068 if (bRetval && lp_registry_shares()) {
4069 if (load_all_shares) {
4070 bRetval = process_registry_shares();
4072 bRetval = reload_registry_shares();
4077 const struct loadparm_substitution *lp_sub =
4078 loadparm_s3_global_substitution();
4079 char *serv = lp_auto_services(talloc_tos(), lp_sub);
4080 lp_add_auto_services(serv);
4085 /* When 'restrict anonymous = 2' guest connections to ipc$
4087 lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
4088 if ( lp_enable_asu_support() ) {
4089 lp_add_ipc("ADMIN$", false);
4093 set_allowed_client_auth();
4095 if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
4096 DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
4097 lp_password_server()));
4102 /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
4103 /* if we_are_a_wins_server is true and we are in the client */
4104 if (lp_is_in_client() && Globals.we_are_a_wins_server) {
4105 lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
4110 fault_configure(smb_panic_s3);
4113 * We run this check once the whole smb.conf is parsed, to
4114 * force some settings for the standard way a AD DC is
4115 * operated. We may change these as our code evolves, which
4116 * is why we force these settings.
4118 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
4119 lp_enforce_ad_dc_settings();
4122 bAllowIncludeRegistry = true;
4124 /* Check if command line max protocol < min protocol, if so
4125 * report a warning to the user.
4127 max_protocol = lp_client_max_protocol();
4128 min_protocol = lp_client_min_protocol();
4129 if (max_protocol < min_protocol) {
4130 const char *max_protocolp, *min_protocolp;
4131 max_protocolp = lpcfg_get_smb_protocol(max_protocol);
4132 min_protocolp = lpcfg_get_smb_protocol(min_protocol);
4133 DBG_ERR("Max protocol %s is less than min protocol %s.\n",
4134 max_protocolp, min_protocolp);
4141 static bool lp_load(const char *pszFname,
4145 bool reinit_globals)
4147 return lp_load_ex(pszFname,
4152 true, /* allow_include_registry */
4153 false); /* load_all_shares*/
4156 bool lp_load_initial_only(const char *pszFname)
4158 return lp_load_ex(pszFname,
4159 true, /* global only */
4160 true, /* save_defaults */
4161 false, /* add_ipc */
4162 true, /* reinit_globals */
4163 false, /* allow_include_registry */
4164 false); /* load_all_shares*/
4168 * most common lp_load wrapper, loading only the globals
4170 * If this is used in a daemon or client utility it should be called
4171 * after processing popt.
4173 bool lp_load_global(const char *file_name)
4175 return lp_load(file_name,
4176 true, /* global_only */
4177 false, /* save_defaults */
4178 false, /* add_ipc */
4179 true); /* reinit_globals */
4183 * The typical lp_load wrapper with shares, loads global and
4184 * shares, including IPC, but does not force immediate
4185 * loading of all shares from registry.
4187 bool lp_load_with_shares(const char *file_name)
4189 return lp_load(file_name,
4190 false, /* global_only */
4191 false, /* save_defaults */
4193 true); /* reinit_globals */
4197 * lp_load wrapper, especially for clients
4199 bool lp_load_client(const char *file_name)
4201 lp_set_in_client(true);
4203 return lp_load_global(file_name);
4207 * lp_load wrapper, loading only globals, but intended
4208 * for subsequent calls, not reinitializing the globals
4211 bool lp_load_global_no_reinit(const char *file_name)
4213 return lp_load(file_name,
4214 true, /* global_only */
4215 false, /* save_defaults */
4216 false, /* add_ipc */
4217 false); /* reinit_globals */
4221 * lp_load wrapper, loading globals and shares,
4222 * intended for subsequent calls, i.e. not reinitializing
4223 * the globals to default values.
4225 bool lp_load_no_reinit(const char *file_name)
4227 return lp_load(file_name,
4228 false, /* global_only */
4229 false, /* save_defaults */
4230 false, /* add_ipc */
4231 false); /* reinit_globals */
4236 * lp_load wrapper, especially for clients, no reinitialization
4238 bool lp_load_client_no_reinit(const char *file_name)
4240 lp_set_in_client(true);
4242 return lp_load_global_no_reinit(file_name);
4245 bool lp_load_with_registry_shares(const char *pszFname)
4247 return lp_load_ex(pszFname,
4248 false, /* global_only */
4249 true, /* save_defaults */
4250 false, /* add_ipc */
4251 true, /* reinit_globals */
4252 true, /* allow_include_registry */
4253 true); /* load_all_shares*/
4256 /***************************************************************************
4257 Return the max number of services.
4258 ***************************************************************************/
4260 int lp_numservices(void)
4262 return (iNumServices);
4265 /***************************************************************************
4266 Display the contents of the services array in human-readable form.
4267 ***************************************************************************/
4269 void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
4272 struct loadparm_context *lp_ctx;
4275 defaults_saved = false;
4277 lp_ctx = setup_lp_context(talloc_tos());
4278 if (lp_ctx == NULL) {
4282 lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
4284 lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
4286 for (iService = 0; iService < maxtoprint; iService++) {
4288 lp_dump_one(f, show_defaults, iService);
4290 TALLOC_FREE(lp_ctx);
4293 /***************************************************************************
4294 Display the contents of one service in human-readable form.
4295 ***************************************************************************/
4297 void lp_dump_one(FILE * f, bool show_defaults, int snum)
4300 if (ServicePtrs[snum]->szService[0] == '\0')
4302 lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
4303 flags_list, show_defaults);
4307 /***************************************************************************
4308 Return the number of the service with the given name, or -1 if it doesn't
4309 exist. Note that this is a DIFFERENT ANIMAL from the internal function
4310 getservicebyname()! This works ONLY if all services have been loaded, and
4311 does not copy the found service.
4312 ***************************************************************************/
4314 int lp_servicenumber(const char *pszServiceName)
4317 fstring serviceName;
4319 if (!pszServiceName) {
4320 return GLOBAL_SECTION_SNUM;
4323 for (iService = iNumServices - 1; iService >= 0; iService--) {
4324 if (VALID(iService) && ServicePtrs[iService]->szService) {
4326 * The substitution here is used to support %U in
4329 fstrcpy(serviceName, ServicePtrs[iService]->szService);
4330 standard_sub_basic(get_current_username(),
4331 get_current_user_info_domain(),
4332 serviceName,sizeof(serviceName));
4333 if (strequal(serviceName, pszServiceName)) {
4339 if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
4340 struct timespec last_mod;
4342 if (!usershare_exists(iService, &last_mod)) {
4343 /* Remove the share security tdb entry for it. */
4344 delete_share_security(lp_const_servicename(iService));
4345 /* Remove it from the array. */
4346 free_service_byindex(iService);
4347 /* Doesn't exist anymore. */
4348 return GLOBAL_SECTION_SNUM;
4351 /* Has it been modified ? If so delete and reload. */
4352 if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
4354 /* Remove it from the array. */
4355 free_service_byindex(iService);
4356 /* and now reload it. */
4357 iService = load_usershare_service(pszServiceName);
4362 DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
4363 return GLOBAL_SECTION_SNUM;
4369 /*******************************************************************
4370 A useful volume label function.
4371 ********************************************************************/
4373 const char *volume_label(TALLOC_CTX *ctx, int snum)
4375 const struct loadparm_substitution *lp_sub =
4376 loadparm_s3_global_substitution();
4378 const char *label = lp_volume(ctx, lp_sub, snum);
4382 label = lp_servicename(ctx, lp_sub, snum);
4386 * Volume label can be a max of 32 bytes. Make sure to truncate
4387 * it at a codepoint boundary if it's longer than 32 and contains
4388 * multibyte characters. Windows insists on a volume label being
4389 * a valid mb sequence, and errors out if not.
4391 if (strlen(label) > 32) {
4393 * A MB char can be a max of 5 bytes, thus
4394 * we should have a valid mb character at a
4395 * minimum position of (32-5) = 27.
4399 * Check if a codepoint starting from next byte
4400 * is valid. If yes, then the current byte is the
4401 * end of a MB or ascii sequence and the label can
4402 * be safely truncated here. If not, keep going
4403 * backwards till a valid codepoint is found.
4406 const char *s = &label[end];
4407 codepoint_t c = next_codepoint(s, &len);
4408 if (c != INVALID_CODEPOINT) {
4415 /* This returns a max of 33 byte guaranteed null terminated string. */
4416 ret = talloc_strndup(ctx, label, end);
4423 /*******************************************************************
4424 Get the default server type we will announce as via nmbd.
4425 ********************************************************************/
4427 int lp_default_server_announce(void)
4429 int default_server_announce = 0;
4430 default_server_announce |= SV_TYPE_WORKSTATION;
4431 default_server_announce |= SV_TYPE_SERVER;
4432 default_server_announce |= SV_TYPE_SERVER_UNIX;
4434 /* note that the flag should be set only if we have a
4435 printer service but nmbd doesn't actually load the
4436 services so we can't tell --jerry */
4438 default_server_announce |= SV_TYPE_PRINTQ_SERVER;
4440 default_server_announce |= SV_TYPE_SERVER_NT;
4441 default_server_announce |= SV_TYPE_NT;
4443 switch (lp_server_role()) {
4444 case ROLE_DOMAIN_MEMBER:
4445 default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
4447 case ROLE_DOMAIN_PDC:
4449 default_server_announce |= SV_TYPE_DOMAIN_CTRL;
4451 case ROLE_DOMAIN_BDC:
4452 default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
4454 case ROLE_STANDALONE:
4458 if (lp_time_server())
4459 default_server_announce |= SV_TYPE_TIME_SOURCE;
4461 if (lp_host_msdfs())
4462 default_server_announce |= SV_TYPE_DFS_SERVER;
4464 return default_server_announce;
4467 /***********************************************************
4468 If we are PDC then prefer us as DMB
4469 ************************************************************/
4471 bool lp_domain_master(void)
4473 if (Globals._domain_master == Auto)
4474 return (lp_server_role() == ROLE_DOMAIN_PDC ||
4475 lp_server_role() == ROLE_IPA_DC);
4477 return (bool)Globals._domain_master;
4480 /***********************************************************
4481 If we are PDC then prefer us as DMB
4482 ************************************************************/
4484 static bool lp_domain_master_true_or_auto(void)
4486 if (Globals._domain_master) /* auto or yes */
4492 /***********************************************************
4493 If we are DMB then prefer us as LMB
4494 ************************************************************/
4496 bool lp_preferred_master(void)
4498 int preferred_master = lp__preferred_master();
4500 if (preferred_master == Auto)
4501 return (lp_local_master() && lp_domain_master());
4503 return (bool)preferred_master;
4506 /*******************************************************************
4508 ********************************************************************/
4510 void lp_remove_service(int snum)
4512 ServicePtrs[snum]->valid = false;
4515 const char *lp_printername(TALLOC_CTX *ctx,
4516 const struct loadparm_substitution *lp_sub,
4519 const char *ret = lp__printername(ctx, lp_sub, snum);
4521 if (ret == NULL || *ret == '\0') {
4522 ret = lp_const_servicename(snum);
4529 /***********************************************************
4530 Allow daemons such as winbindd to fix their logfile name.
4531 ************************************************************/
4533 void lp_set_logfile(const char *name)
4535 lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
4536 debug_set_logfile(name);
4539 /*******************************************************************
4540 Return the max print jobs per queue.
4541 ********************************************************************/
4543 int lp_maxprintjobs(int snum)
4545 int maxjobs = lp_max_print_jobs(snum);
4547 if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
4548 maxjobs = PRINT_MAX_JOBID - 1;
4553 const char *lp_printcapname(void)
4555 const char *printcap_name = lp_printcap_name();
4557 if ((printcap_name != NULL) &&
4558 (printcap_name[0] != '\0'))
4559 return printcap_name;
4561 if (sDefault.printing == PRINT_CUPS) {
4565 if (sDefault.printing == PRINT_BSD)
4566 return "/etc/printcap";
4568 return PRINTCAP_NAME;
4571 static uint32_t spoolss_state;
4573 bool lp_disable_spoolss( void )
4575 if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
4576 spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4578 return spoolss_state == SVCCTL_STOPPED ? true : false;
4581 void lp_set_spoolss_state( uint32_t state )
4583 SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
4585 spoolss_state = state;
4588 uint32_t lp_get_spoolss_state( void )
4590 return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
4593 /*******************************************************************
4594 Turn off sendfile if we find the underlying OS doesn't support it.
4595 ********************************************************************/
4597 void set_use_sendfile(int snum, bool val)
4599 if (LP_SNUM_OK(snum))
4600 ServicePtrs[snum]->_use_sendfile = val;
4602 sDefault._use_sendfile = val;
4605 void lp_set_mangling_method(const char *new_method)
4607 lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
4610 /*******************************************************************
4611 Global state for POSIX pathname processing.
4612 ********************************************************************/
4614 static bool posix_pathnames;
4616 bool lp_posix_pathnames(void)
4618 return posix_pathnames;
4621 /*******************************************************************
4622 Change everything needed to ensure POSIX pathname processing (currently
4624 ********************************************************************/
4626 void lp_set_posix_pathnames(void)
4628 posix_pathnames = true;
4631 /*******************************************************************
4632 Global state for POSIX lock processing - CIFS unix extensions.
4633 ********************************************************************/
4635 bool posix_default_lock_was_set;
4636 static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
4638 enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
4640 if (posix_default_lock_was_set) {
4641 return posix_cifsx_locktype;
4643 return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
4644 POSIX_LOCK : WINDOWS_LOCK;
4648 /*******************************************************************
4649 ********************************************************************/
4651 void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
4653 posix_default_lock_was_set = true;
4654 posix_cifsx_locktype = val;
4657 int lp_min_receive_file_size(void)
4659 int min_receivefile_size = lp_min_receivefile_size();
4661 if (min_receivefile_size < 0) {
4664 return min_receivefile_size;
4667 /*******************************************************************
4668 Safe wide links checks.
4669 This helper function always verify the validity of wide links,
4670 even after a configuration file reload.
4671 ********************************************************************/
4673 void widelinks_warning(int snum)
4675 if (lp_allow_insecure_wide_links()) {
4679 if (lp_wide_links(snum)) {
4680 if (lp_smb1_unix_extensions()) {
4681 DBG_ERR("Share '%s' has wide links and SMB1 unix "
4682 "extensions enabled. "
4683 "These parameters are incompatible. "
4684 "Wide links will be disabled for this share.\n",
4685 lp_const_servicename(snum));
4686 } else if (lp_smb3_unix_extensions(snum)) {
4687 DBG_ERR("Share '%s' has wide links and SMB3 Unix "
4688 "extensions enabled. "
4689 "These parameters are incompatible. "
4690 "Wide links will be disabled for this share.\n",
4691 lp_const_servicename(snum));
4696 bool lp_widelinks(int snum)
4698 /* wide links is always incompatible with unix extensions */
4699 if (lp_smb1_unix_extensions() || lp_smb3_unix_extensions(snum)) {
4701 * Unless we have "allow insecure widelinks"
4704 if (!lp_allow_insecure_wide_links()) {
4709 return lp_wide_links(snum);
4712 int lp_server_role(void)
4714 return lp_find_server_role(lp__server_role(),
4716 lp__domain_logons(),
4717 lp_domain_master_true_or_auto());
4720 int lp_security(void)
4722 return lp_find_security(lp__server_role(),
4726 int lp_client_max_protocol(void)
4728 int client_max_protocol = lp__client_max_protocol();
4729 if (client_max_protocol == PROTOCOL_DEFAULT) {
4730 return PROTOCOL_LATEST;
4732 return client_max_protocol;
4735 int lp_client_ipc_min_protocol(void)
4737 int client_ipc_min_protocol = lp__client_ipc_min_protocol();
4738 if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
4739 client_ipc_min_protocol = lp_client_min_protocol();
4741 if (client_ipc_min_protocol < PROTOCOL_NT1) {
4742 return PROTOCOL_NT1;
4744 return client_ipc_min_protocol;
4747 int lp_client_ipc_max_protocol(void)
4749 int client_ipc_max_protocol = lp__client_ipc_max_protocol();
4750 if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
4751 return PROTOCOL_LATEST;
4753 if (client_ipc_max_protocol < PROTOCOL_NT1) {
4754 return PROTOCOL_NT1;
4756 return client_ipc_max_protocol;
4759 int lp_client_ipc_signing(void)
4761 int client_ipc_signing = lp__client_ipc_signing();
4762 if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
4763 return SMB_SIGNING_REQUIRED;
4765 return client_ipc_signing;
4768 enum credentials_use_kerberos lp_client_use_kerberos(void)
4770 if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
4771 return CRED_USE_KERBEROS_REQUIRED;
4774 return lp__client_use_kerberos();
4778 int lp_rpc_low_port(void)
4780 return Globals.rpc_low_port;
4783 int lp_rpc_high_port(void)
4785 return Globals.rpc_high_port;
4789 * Do not allow LanMan auth if unless NTLMv1 is also allowed
4791 * This also ensures it is disabled if NTLM is totally disabled
4793 bool lp_lanman_auth(void)
4795 enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
4797 if (ntlm_auth_level == NTLM_AUTH_ON) {
4798 return lp__lanman_auth();
4804 struct loadparm_global * get_globals(void)
4809 unsigned int * get_flags(void)
4811 if (flags_list == NULL) {
4812 flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
4818 enum samba_weak_crypto lp_weak_crypto(void)
4820 if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
4821 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
4823 if (samba_gnutls_weak_crypto_allowed()) {
4824 Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
4828 return Globals.weak_crypto;
4831 uint32_t lp_get_async_dns_timeout(void)
4834 * Clamp minimum async dns timeout to 1 second
4835 * as per the man page.
4837 return MAX(Globals.async_dns_timeout, 1);
git.samba.org / samba.git / blob