summaryrefslogtreecommitdiffstats
path: root/source3/param/loadparm.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--source3/param/loadparm.c4837
1 files changed, 4837 insertions, 0 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
new file mode 100644
index 0000000..1f7b6d1
--- /dev/null
+++ b/source3/param/loadparm.c
@@ -0,0 +1,4837 @@
+/*
+ Unix SMB/CIFS implementation.
+ Parameter loading functions
+ Copyright (C) Karl Auer 1993-1998
+
+ Largely re-written by Andrew Tridgell, September 1994
+
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Alexander Bokovoy 2002
+ Copyright (C) Stefan (metze) Metzmacher 2002
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ Copyright (C) Michael Adam 2008
+ Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+ Copyright (C) Andrew Bartlett 2011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Load parameters.
+ *
+ * This module provides suitable callback functions for the params
+ * module. It builds the internal table of service details which is
+ * then used by the rest of the server.
+ *
+ * To add a parameter:
+ *
+ * 1) add it to the global or service structure definition
+ * 2) add it to the parm_table
+ * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING())
+ * 4) If it's a global then initialise it in init_globals. If a local
+ * (ie. service) parameter then initialise it in the sDefault structure
+ *
+ *
+ * Notes:
+ * The configuration file is processed sequentially for speed. It is NOT
+ * accessed randomly as happens in 'real' Windows. For this reason, there
+ * is a fair bit of sequence-dependent code here - ie., code which assumes
+ * that certain things happen before others. In particular, the code which
+ * happens at the boundary between sections is delicately poised, so be
+ * careful!
+ *
+ */
+
+#define LOADPARM_SUBSTITUTION_INTERNALS 1
+#include "includes.h"
+#include "system/filesys.h"
+#include "util_tdb.h"
+#include "lib/param/loadparm.h"
+#include "lib/param/param.h"
+#include "printing.h"
+#include "lib/smbconf/smbconf.h"
+#include "lib/smbconf/smbconf_init.h"
+
+#include "include/smb_ldap.h"
+#include "../librpc/gen_ndr/svcctl.h"
+#include "intl.h"
+#include "../libcli/smb/smb_signing.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_rbt.h"
+#include "../lib/util/bitmap.h"
+#include "librpc/gen_ndr/nbt.h"
+#include "librpc/gen_ndr/dns.h"
+#include "source4/lib/tls/tls.h"
+#include "libcli/auth/ntlm_check.h"
+#include "lib/crypto/gnutls_helpers.h"
+#include "lib/util/string_wrappers.h"
+#include "auth/credentials/credentials.h"
+#include "source3/lib/substitute.h"
+
+#ifdef HAVE_SYS_SYSCTL_H
+#include <sys/sysctl.h>
+#endif
+
+bool bLoaded = false;
+
+extern userdom_struct current_user_info;
+
+/* the special value for the include parameter
+ * to be interpreted not as a file name but to
+ * trigger loading of the global smb.conf options
+ * from registry. */
+#ifndef INCLUDE_REGISTRY_NAME
+#define INCLUDE_REGISTRY_NAME "registry"
+#endif
+
+static bool in_client = false; /* Not in the client by default */
+static struct smbconf_csn conf_last_csn;
+
+static int config_backend = CONFIG_BACKEND_FILE;
+
+/* some helpful bits */
+#define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && \
+ (ServicePtrs != NULL) && \
+ (ServicePtrs[(i)] != NULL) && ServicePtrs[(i)]->valid)
+#define VALID(i) ((ServicePtrs != NULL) && (ServicePtrs[i]!= NULL) && \
+ ServicePtrs[i]->valid)
+
+#define USERSHARE_VALID 1
+#define USERSHARE_PENDING_DELETE 2
+
+static bool defaults_saved = false;
+
+#include "lib/param/param_global.h"
+
+static struct loadparm_global Globals;
+
+/* This is a default service used to prime a services structure */
+static const struct loadparm_service _sDefault =
+{
+ .valid = true,
+ .autoloaded = false,
+ .usershare = 0,
+ .usershare_last_mod = {0, 0},
+ .szService = NULL,
+ .path = NULL,
+ .invalid_users = NULL,
+ .valid_users = NULL,
+ .admin_users = NULL,
+ .copy = NULL,
+ .include = NULL,
+ .preexec = NULL,
+ .postexec = NULL,
+ .root_preexec = NULL,
+ .root_postexec = NULL,
+ .cups_options = NULL,
+ .print_command = NULL,
+ .lpq_command = NULL,
+ .lprm_command = NULL,
+ .lppause_command = NULL,
+ .lpresume_command = NULL,
+ .queuepause_command = NULL,
+ .queueresume_command = NULL,
+ ._printername = NULL,
+ .printjob_username = NULL,
+ .dont_descend = NULL,
+ .hosts_allow = NULL,
+ .hosts_deny = NULL,
+ .magic_script = NULL,
+ .magic_output = NULL,
+ .veto_files = NULL,
+ .hide_files = NULL,
+ .veto_oplock_files = NULL,
+ .comment = NULL,
+ .force_user = NULL,
+ .force_group = NULL,
+ .read_list = NULL,
+ .write_list = NULL,
+ .volume = NULL,
+ .fstype = NULL,
+ .vfs_objects = NULL,
+ .msdfs_proxy = NULL,
+ .aio_write_behind = NULL,
+ .dfree_command = NULL,
+ .min_print_space = 0,
+ .max_print_jobs = 1000,
+ .max_reported_print_jobs = 0,
+ .create_mask = 0744,
+ .force_create_mode = 0,
+ .directory_mask = 0755,
+ .force_directory_mode = 0,
+ .max_connections = 0,
+ .default_case = CASE_LOWER,
+ .printing = DEFAULT_PRINTING,
+ .csc_policy = 0,
+ .block_size = 1024,
+ .dfree_cache_time = 0,
+ .preexec_close = false,
+ .root_preexec_close = false,
+ .case_sensitive = Auto,
+ .preserve_case = true,
+ .short_preserve_case = true,
+ .hide_dot_files = true,
+ .hide_special_files = false,
+ .hide_unreadable = false,
+ .hide_unwriteable_files = false,
+ .browseable = true,
+ .access_based_share_enum = false,
+ .available = true,
+ .read_only = true,
+ .spotlight = false,
+ .guest_only = false,
+ .administrative_share = false,
+ .guest_ok = false,
+ .printable = false,
+ .print_notify_backchannel = false,
+ .map_system = false,
+ .map_hidden = false,
+ .map_archive = true,
+ .store_dos_attributes = true,
+ .smbd_max_xattr_size = 65536,
+ .dmapi_support = false,
+ .locking = true,
+ .strict_locking = Auto,
+ .posix_locking = true,
+ .oplocks = true,
+ .kernel_oplocks = false,
+ .level2_oplocks = true,
+ .mangled_names = MANGLED_NAMES_ILLEGAL,
+ .wide_links = false,
+ .follow_symlinks = true,
+ .sync_always = false,
+ .strict_allocate = false,
+ .strict_rename = false,
+ .strict_sync = true,
+ .mangling_char = '~',
+ .copymap = NULL,
+ .delete_readonly = false,
+ .fake_oplocks = false,
+ .delete_veto_files = false,
+ .dos_filemode = false,
+ .dos_filetimes = true,
+ .dos_filetime_resolution = false,
+ .fake_directory_create_times = false,
+ .blocking_locks = true,
+ .inherit_permissions = false,
+ .inherit_acls = false,
+ .inherit_owner = false,
+ .msdfs_root = false,
+ .msdfs_shuffle_referrals = false,
+ .use_client_driver = false,
+ .default_devmode = true,
+ .force_printername = false,
+ .nt_acl_support = true,
+ .force_unknown_acl_user = false,
+ ._use_sendfile = false,
+ .map_acl_inherit = false,
+ .afs_share = false,
+ .ea_support = true,
+ .acl_check_permissions = true,
+ .acl_map_full_control = true,
+ .acl_group_control = false,
+ .acl_allow_execute_always = false,
+ .acl_flag_inherited_canonicalization = true,
+ .aio_read_size = 1,
+ .aio_write_size = 1,
+ .map_readonly = MAP_READONLY_NO,
+ .directory_name_cache_size = 100,
+ .server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
+ .kernel_share_modes = false,
+ .durable_handles = true,
+ .check_parent_directory_delete_on_close = false,
+ .param_opt = NULL,
+ .smbd_search_ask_sharemode = true,
+ .smbd_getinfo_ask_sharemode = true,
+ .spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
+ .honor_change_notify_privilege = false,
+ .volume_serial_number = -1,
+ .dummy = ""
+};
+
+/*
+ * This is a copy of the default service structure. Service options in the
+ * global section would otherwise overwrite the initial default values.
+ */
+static struct loadparm_service sDefault;
+
+/* local variables */
+static struct loadparm_service **ServicePtrs = NULL;
+static int iNumServices = 0;
+static int iServiceIndex = 0;
+static struct db_context *ServiceHash;
+static bool bInGlobalSection = true;
+static bool bGlobalOnly = false;
+static struct file_lists *file_lists = NULL;
+static unsigned int *flags_list = NULL;
+
+static void set_allowed_client_auth(void);
+
+static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue);
+static void free_param_opts(struct parmlist_entry **popts);
+
+/**
+ * Function to return the default value for the maximum number of open
+ * file descriptors permitted. This function tries to consult the
+ * kernel-level (sysctl) and ulimit (getrlimit()) values and goes
+ * the smaller of those.
+ */
+static int max_open_files(void)
+{
+ int sysctl_max = MAX_OPEN_FILES;
+ int rlimit_max = MAX_OPEN_FILES;
+
+#ifdef HAVE_SYSCTLBYNAME
+ {
+ size_t size = sizeof(sysctl_max);
+ sysctlbyname("kern.maxfilesperproc", &sysctl_max, &size, NULL,
+ 0);
+ }
+#endif
+
+#if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
+ {
+ struct rlimit rl;
+
+ ZERO_STRUCT(rl);
+
+ if (getrlimit(RLIMIT_NOFILE, &rl) == 0)
+ rlimit_max = rl.rlim_cur;
+
+#if defined(RLIM_INFINITY)
+ if(rl.rlim_cur == RLIM_INFINITY)
+ rlimit_max = MAX_OPEN_FILES;
+#endif
+ }
+#endif
+
+ if (sysctl_max < MIN_OPEN_FILES_WINDOWS) {
+ DEBUG(2,("max_open_files: increasing sysctl_max (%d) to "
+ "minimum Windows limit (%d)\n",
+ sysctl_max,
+ MIN_OPEN_FILES_WINDOWS));
+ sysctl_max = MIN_OPEN_FILES_WINDOWS;
+ }
+
+ if (rlimit_max < MIN_OPEN_FILES_WINDOWS) {
+ DEBUG(2,("rlimit_max: increasing rlimit_max (%d) to "
+ "minimum Windows limit (%d)\n",
+ rlimit_max,
+ MIN_OPEN_FILES_WINDOWS));
+ rlimit_max = MIN_OPEN_FILES_WINDOWS;
+ }
+
+ return MIN(sysctl_max, rlimit_max);
+}
+
+/**
+ * Common part of freeing allocated data for one parameter.
+ */
+static void free_one_parameter_common(void *parm_ptr,
+ struct parm_struct parm)
+{
+ if ((parm.type == P_STRING) ||
+ (parm.type == P_USTRING))
+ {
+ lpcfg_string_free((char**)parm_ptr);
+ } else if (parm.type == P_LIST || parm.type == P_CMDLIST) {
+ TALLOC_FREE(*((char***)parm_ptr));
+ }
+}
+
+/**
+ * Free the allocated data for one parameter for a share
+ * given as a service struct.
+ */
+static void free_one_parameter(struct loadparm_service *service,
+ struct parm_struct parm)
+{
+ void *parm_ptr;
+
+ if (parm.p_class != P_LOCAL) {
+ return;
+ }
+
+ parm_ptr = lp_parm_ptr(service, &parm);
+
+ free_one_parameter_common(parm_ptr, parm);
+}
+
+/**
+ * Free the allocated parameter data of a share given
+ * as a service struct.
+ */
+static void free_parameters(struct loadparm_service *service)
+{
+ uint32_t i;
+
+ for (i=0; parm_table[i].label; i++) {
+ free_one_parameter(service, parm_table[i]);
+ }
+}
+
+/**
+ * Free the allocated data for one parameter for a given share
+ * specified by an snum.
+ */
+static void free_one_parameter_by_snum(int snum, struct parm_struct parm)
+{
+ void *parm_ptr;
+
+ if (snum < 0) {
+ parm_ptr = lp_parm_ptr(NULL, &parm);
+ } else if (parm.p_class != P_LOCAL) {
+ return;
+ } else {
+ parm_ptr = lp_parm_ptr(ServicePtrs[snum], &parm);
+ }
+
+ free_one_parameter_common(parm_ptr, parm);
+}
+
+/**
+ * Free the allocated parameter data for a share specified
+ * by an snum.
+ */
+static void free_parameters_by_snum(int snum)
+{
+ uint32_t i;
+
+ for (i=0; parm_table[i].label; i++) {
+ free_one_parameter_by_snum(snum, parm_table[i]);
+ }
+}
+
+/**
+ * Free the allocated global parameters.
+ */
+static void free_global_parameters(void)
+{
+ uint32_t i;
+ struct parm_struct *parm;
+
+ free_param_opts(&Globals.param_opt);
+ free_parameters_by_snum(GLOBAL_SECTION_SNUM);
+
+ /* Reset references in the defaults because the context is going to be freed */
+ for (i=0; parm_table[i].label; i++) {
+ parm = &parm_table[i];
+ if ((parm->type == P_STRING) ||
+ (parm->type == P_USTRING)) {
+ if ((parm->def.svalue != NULL) &&
+ (*(parm->def.svalue) != '\0')) {
+ if (talloc_parent(parm->def.svalue) == Globals.ctx) {
+ parm->def.svalue = NULL;
+ }
+ }
+ }
+ }
+ TALLOC_FREE(Globals.ctx);
+}
+
+struct lp_stored_option {
+ struct lp_stored_option *prev, *next;
+ const char *label;
+ const char *value;
+};
+
+static struct lp_stored_option *stored_options;
+
+/*
+ save options set by lp_set_cmdline() into a list. This list is
+ re-applied when we do a globals reset, so that cmdline set options
+ are sticky across reloads of smb.conf
+ */
+bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
+{
+ struct lp_stored_option *entry, *entry_next;
+ for (entry = stored_options; entry != NULL; entry = entry_next) {
+ entry_next = entry->next;
+ if (strcmp(pszParmName, entry->label) == 0) {
+ DLIST_REMOVE(stored_options, entry);
+ talloc_free(entry);
+ break;
+ }
+ }
+
+ entry = talloc(NULL, struct lp_stored_option);
+ if (!entry) {
+ return false;
+ }
+
+ entry->label = talloc_strdup(entry, pszParmName);
+ if (!entry->label) {
+ talloc_free(entry);
+ return false;
+ }
+
+ entry->value = talloc_strdup(entry, pszParmValue);
+ if (!entry->value) {
+ talloc_free(entry);
+ return false;
+ }
+
+ DLIST_ADD_END(stored_options, entry);
+
+ return true;
+}
+
+static bool apply_lp_set_cmdline(void)
+{
+ struct lp_stored_option *entry = NULL;
+ for (entry = stored_options; entry != NULL; entry = entry->next) {
+ if (!lp_set_cmdline_helper(entry->label, entry->value)) {
+ DEBUG(0, ("Failed to re-apply cmdline parameter %s = %s\n",
+ entry->label, entry->value));
+ return false;
+ }
+ }
+ return true;
+}
+
+/***************************************************************************
+ Initialise the global parameter structure.
+***************************************************************************/
+
+static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
+{
+ static bool done_init = false;
+ char *s = NULL;
+ int i;
+
+ /* If requested to initialize only once and we've already done it... */
+ if (!reinit_globals && done_init) {
+ /* ... then we have nothing more to do */
+ return;
+ }
+
+ if (!done_init) {
+ /* The logfile can be set before this is invoked. Free it if so. */
+ lpcfg_string_free(&Globals.logfile);
+ done_init = true;
+ } else {
+ free_global_parameters();
+ }
+
+ /* This memset and the free_global_parameters() above will
+ * wipe out smb.conf options set with lp_set_cmdline(). The
+ * apply_lp_set_cmdline() call puts these values back in the
+ * table once the defaults are set */
+ ZERO_STRUCT(Globals);
+
+ Globals.ctx = talloc_pooled_object(NULL, char, 272, 2048);
+
+ /* Initialize the flags list if necessary */
+ if (flags_list == NULL) {
+ get_flags();
+ }
+
+ for (i = 0; parm_table[i].label; i++) {
+ if ((parm_table[i].type == P_STRING ||
+ parm_table[i].type == P_USTRING))
+ {
+ lpcfg_string_set(
+ Globals.ctx,
+ (char **)lp_parm_ptr(NULL, &parm_table[i]),
+ "");
+ }
+ }
+
+
+ lpcfg_string_set(Globals.ctx, &sDefault.fstype, FSTYPE_STRING);
+ lpcfg_string_set(Globals.ctx, &sDefault.printjob_username, "%U");
+
+ init_printer_values(lp_ctx, Globals.ctx, &sDefault);
+
+ sDefault.ntvfs_handler = str_list_make_v3_const(Globals.ctx, "unixuid default", NULL);
+
+ DEBUG(3, ("Initialising global parameters\n"));
+
+ /* Must manually force to upper case here, as this does not go via the handler */
+ lpcfg_string_set(Globals.ctx, &Globals.netbios_name,
+ myhostname_upper());
+
+ lpcfg_string_set(Globals.ctx, &Globals.smb_passwd_file,
+ get_dyn_SMB_PASSWD_FILE());
+ lpcfg_string_set(Globals.ctx, &Globals.private_dir,
+ get_dyn_PRIVATE_DIR());
+ lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
+ get_dyn_BINDDNS_DIR());
+
+ /* use the new 'hash2' method by default, with a prefix of 1 */
+ lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
+ Globals.mangle_prefix = 1;
+
+ lpcfg_string_set(Globals.ctx, &Globals.guest_account, GUEST_ACCOUNT);
+
+ /* using UTF8 by default allows us to support all chars */
+ lpcfg_string_set(Globals.ctx, &Globals.unix_charset,
+ DEFAULT_UNIX_CHARSET);
+
+ /* Use codepage 850 as a default for the dos character set */
+ lpcfg_string_set(Globals.ctx, &Globals.dos_charset,
+ DEFAULT_DOS_CHARSET);
+
+ /*
+ * Allow the default PASSWD_CHAT to be overridden in local.h.
+ */
+ lpcfg_string_set(Globals.ctx, &Globals.passwd_chat,
+ DEFAULT_PASSWD_CHAT);
+
+ lpcfg_string_set(Globals.ctx, &Globals.workgroup, DEFAULT_WORKGROUP);
+
+ lpcfg_string_set(Globals.ctx, &Globals.passwd_program, "");
+ lpcfg_string_set(Globals.ctx, &Globals.lock_directory,
+ get_dyn_LOCKDIR());
+ lpcfg_string_set(Globals.ctx, &Globals.state_directory,
+ get_dyn_STATEDIR());
+ lpcfg_string_set(Globals.ctx, &Globals.cache_directory,
+ get_dyn_CACHEDIR());
+ lpcfg_string_set(Globals.ctx, &Globals.pid_directory,
+ get_dyn_PIDDIR());
+ lpcfg_string_set(Globals.ctx, &Globals.nbt_client_socket_address,
+ "0.0.0.0");
+ /*
+ * By default support explicit binding to broadcast
+ * addresses.
+ */
+ Globals.nmbd_bind_explicit_broadcast = true;
+
+ s = talloc_asprintf(talloc_tos(), "Samba %s", samba_version_string());
+ if (s == NULL) {
+ smb_panic("init_globals: ENOMEM");
+ }
+ lpcfg_string_set(Globals.ctx, &Globals.server_string, s);
+ TALLOC_FREE(s);
+#ifdef DEVELOPER
+ lpcfg_string_set(Globals.ctx, &Globals.panic_action,
+ "/bin/sleep 999999999");
+#endif
+
+ lpcfg_string_set(Globals.ctx, &Globals.socket_options,
+ DEFAULT_SOCKET_OPTIONS);
+
+ lpcfg_string_set(Globals.ctx, &Globals.logon_drive, "");
+ /* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
+ lpcfg_string_set(Globals.ctx, &Globals.logon_home, "\\\\%N\\%U");
+ lpcfg_string_set(Globals.ctx, &Globals.logon_path,
+ "\\\\%N\\%U\\profile");
+
+ Globals.name_resolve_order =
+ str_list_make_v3_const(Globals.ctx,
+ DEFAULT_NAME_RESOLVE_ORDER,
+ NULL);
+ lpcfg_string_set(Globals.ctx, &Globals.password_server, "*");
+
+ Globals.algorithmic_rid_base = BASE_RID;
+
+ Globals.load_printers = true;
+ Globals.printcap_cache_time = 750; /* 12.5 minutes */
+
+ Globals.config_backend = config_backend;
+ Globals._server_role = ROLE_AUTO;
+
+ /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
+ /* Discovered by 2 days of pain by Don McCall @ HP :-). */
+ Globals.max_xmit = 0x4104;
+ Globals.max_mux = 50; /* This is *needed* for profile support. */
+ Globals.lpq_cache_time = 30; /* changed to handle large print servers better -- jerry */
+ Globals._disable_spoolss = false;
+ Globals.max_smbd_processes = 0;/* no limit specified */
+ Globals.username_level = 0;
+ Globals.deadtime = 10080;
+ Globals.getwd_cache = true;
+ Globals.large_readwrite = true;
+ Globals.max_log_size = 5000;
+ Globals.max_open_files = max_open_files();
+ Globals.server_max_protocol = PROTOCOL_SMB3_11;
+ Globals.server_min_protocol = PROTOCOL_SMB2_02;
+ Globals._client_max_protocol = PROTOCOL_DEFAULT;
+ Globals.client_min_protocol = PROTOCOL_SMB2_02;
+ Globals._client_ipc_max_protocol = PROTOCOL_DEFAULT;
+ Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
+ Globals._security = SEC_AUTO;
+ Globals.encrypt_passwords = true;
+ Globals.client_schannel = true;
+ Globals.winbind_sealed_pipes = true;
+ Globals.require_strong_key = true;
+ Globals.reject_md5_servers = true;
+ Globals.server_schannel = true;
+ Globals.server_schannel_require_seal = true;
+ Globals.reject_md5_clients = true;
+ Globals.read_raw = true;
+ Globals.write_raw = true;
+ Globals.null_passwords = false;
+ Globals.old_password_allowed_period = 60;
+ Globals.obey_pam_restrictions = false;
+ Globals.syslog = 1;
+ Globals.syslog_only = false;
+ Globals.timestamp_logs = true;
+ lpcfg_string_set(Globals.ctx, &Globals.log_level, "0");
+ Globals.debug_prefix_timestamp = false;
+ Globals.debug_hires_timestamp = true;
+ Globals.debug_syslog_format = false;
+ Globals.debug_pid = false;
+ Globals.debug_uid = false;
+ Globals.debug_class = false;
+ Globals.enable_core_files = true;
+ Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
+ Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
+ Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
+ Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
+ Globals.lm_announce = Auto; /* = Auto: send only if LM clients found */
+ Globals.lm_interval = 60;
+ Globals.time_server = false;
+ Globals.bind_interfaces_only = false;
+ Globals.unix_password_sync = false;
+ Globals.pam_password_change = false;
+ Globals.passwd_chat_debug = false;
+ Globals.passwd_chat_timeout = 2; /* 2 second default. */
+ Globals.nt_pipe_support = true; /* Do NT pipes by default. */
+ Globals.nt_status_support = true; /* Use NT status by default. */
+ Globals.smbd_profiling_level = 0;
+ Globals.stat_cache = true; /* use stat cache by default */
+ Globals.max_stat_cache_size = 512; /* 512k by default */
+ Globals.restrict_anonymous = 0;
+ Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */
+ Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */
+ Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */
+ Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
+ Globals.nt_hash_store = NT_HASH_STORE_ALWAYS; /* Fill in NT hash when setting password */
+ Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */
+ Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
+ /* Note, that we will also use NTLM2 session security (which is different), if it is available */
+
+ Globals.allow_dcerpc_auth_level_connect = false; /* we don't allow this by default */
+
+ Globals.map_to_guest = 0; /* By Default, "Never" */
+ Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
+ Globals.enhanced_browsing = true;
+ Globals.lock_spin_time = WINDOWS_MINIMUM_LOCK_TIMEOUT_MS; /* msec. */
+ Globals.use_mmap = true;
+ Globals.unicode = true;
+ Globals.smb1_unix_extensions = true;
+ Globals.reset_on_zero_vc = false;
+ Globals.log_writeable_files_on_exit = false;
+ Globals.create_krb5_conf = true;
+ Globals.include_system_krb5_conf = true;
+ Globals._winbind_max_domain_connections = 1;
+
+ /* hostname lookups can be very expensive and are broken on
+ a large number of sites (tridge) */
+ Globals.hostname_lookups = false;
+
+ Globals.change_notify = true,
+ Globals.kernel_change_notify = true,
+
+ lpcfg_string_set(Globals.ctx, &Globals.passdb_backend, "tdbsam");
+ lpcfg_string_set(Globals.ctx, &Globals.ldap_suffix, "");
+ lpcfg_string_set(Globals.ctx, &Globals._ldap_machine_suffix, "");
+ lpcfg_string_set(Globals.ctx, &Globals._ldap_user_suffix, "");
+ lpcfg_string_set(Globals.ctx, &Globals._ldap_group_suffix, "");
+ lpcfg_string_set(Globals.ctx, &Globals._ldap_idmap_suffix, "");
+
+ lpcfg_string_set(Globals.ctx, &Globals.ldap_admin_dn, "");
+ Globals.ldap_ssl = LDAP_SSL_START_TLS;
+ Globals.ldap_deref = -1;
+ Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
+ Globals.ldap_delete_dn = false;
+ Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
+ Globals.ldap_follow_referral = Auto;
+ Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
+ Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
+ Globals.ldap_page_size = LDAP_PAGE_SIZE;
+
+ Globals.ldap_debug_level = 0;
+ Globals.ldap_debug_threshold = 10;
+
+ Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SEAL;
+
+ Globals.ldap_server_require_strong_auth =
+ LDAP_SERVER_REQUIRE_STRONG_AUTH_YES;
+
+ /* This is what we tell the afs client. in reality we set the token
+ * to never expire, though, when this runs out the afs client will
+ * forget the token. Set to 0 to get NEVERDATE.*/
+ Globals.afs_token_lifetime = 604800;
+ Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT;
+
+/* these parameters are set to defaults that are more appropriate
+ for the increasing samba install base:
+
+ as a member of the workgroup, that will possibly become a
+ _local_ master browser (lm = true). this is opposed to a forced
+ local master browser startup (pm = true).
+
+ doesn't provide WINS server service by default (wsupp = false),
+ and doesn't provide domain master browser services by default, either.
+
+*/
+
+ Globals.show_add_printer_wizard = true;
+ Globals.os_level = 20;
+ Globals.local_master = true;
+ Globals._domain_master = Auto; /* depending on _domain_logons */
+ Globals._domain_logons = false;
+ Globals.browse_list = true;
+ Globals.we_are_a_wins_server = false;
+ Globals.wins_proxy = false;
+
+ TALLOC_FREE(Globals.init_logon_delayed_hosts);
+ Globals.init_logon_delay = 100; /* 100 ms default delay */
+
+ Globals.wins_dns_proxy = true;
+ Globals.dns_port = DNS_SERVICE_PORT;
+
+ Globals.allow_trusted_domains = true;
+ lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
+
+ lpcfg_string_set(Globals.ctx, &Globals.template_shell, "/bin/false");
+ lpcfg_string_set(Globals.ctx, &Globals.template_homedir,
+ "/home/%D/%U");
+ lpcfg_string_set(Globals.ctx, &Globals.winbind_separator, "\\");
+ lpcfg_string_set(Globals.ctx, &Globals.winbindd_socket_directory,
+ dyn_WINBINDD_SOCKET_DIR);
+
+ lpcfg_string_set(Globals.ctx, &Globals.cups_server, "");
+ lpcfg_string_set(Globals.ctx, &Globals.iprint_server, "");
+
+ lpcfg_string_set(Globals.ctx, &Globals._ctdbd_socket, "");
+
+ Globals.cluster_addresses = NULL;
+ Globals.clustering = false;
+ Globals.ctdb_timeout = 0;
+ Globals.ctdb_locktime_warn_threshold = 0;
+
+ Globals.winbind_cache_time = 300; /* 5 minutes */
+ Globals.winbind_reconnect_delay = 30; /* 30 seconds */
+ Globals.winbind_request_timeout = 60; /* 60 seconds */
+ Globals.winbind_max_clients = 200;
+ Globals.winbind_enum_users = false;
+ Globals.winbind_enum_groups = false;
+ Globals.winbind_use_default_domain = false;
+ Globals.winbind_nested_groups = true;
+ Globals.winbind_expand_groups = 0;
+ Globals.winbind_nss_info = str_list_make_v3_const(NULL, "template", NULL);
+ Globals.winbind_refresh_tickets = false;
+ Globals.winbind_offline_logon = false;
+ Globals.winbind_scan_trusted_domains = false;
+
+ Globals.idmap_cache_time = 86400 * 7; /* a week by default */
+ Globals.idmap_negative_cache_time = 120; /* 2 minutes by default */
+
+ Globals.passdb_expand_explicit = false;
+
+ Globals.name_cache_timeout = 660; /* In seconds */
+
+ Globals.client_use_spnego = true;
+
+ Globals.client_signing = SMB_SIGNING_DEFAULT;
+ Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
+ Globals.server_signing = SMB_SIGNING_DEFAULT;
+
+ Globals.defer_sharing_violations = true;
+ Globals.smb_ports = str_list_make_v3_const(NULL, SMB_PORTS, NULL);
+
+ Globals.enable_privileges = true;
+ Globals.host_msdfs = true;
+ Globals.enable_asu_support = false;
+
+ /* User defined shares. */
+ s = talloc_asprintf(talloc_tos(), "%s/usershares", get_dyn_STATEDIR());
+ if (s == NULL) {
+ smb_panic("init_globals: ENOMEM");
+ }
+ lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
+ TALLOC_FREE(s);
+ lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
+ Globals.usershare_max_shares = 0;
+ /* By default disallow sharing of directories not owned by the sharer. */
+ Globals.usershare_owner_only = true;
+ /* By default disallow guest access to usershares. */
+ Globals.usershare_allow_guests = false;
+
+ Globals.keepalive = DEFAULT_KEEPALIVE;
+
+ /* By default no shares out of the registry */
+ Globals.registry_shares = false;
+
+ Globals.min_receivefile_size = 0;
+
+ Globals.multicast_dns_register = true;
+
+ Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;
+ Globals.smb2_max_write = DEFAULT_SMB2_MAX_WRITE;
+ Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
+ Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
+ Globals.smb2_leases = true;
+ Globals.server_multi_channel_support = true;
+
+ lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
+ get_dyn_NCALRPCDIR());
+
+ Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
+
+ Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
+
+ Globals.tls_enabled = true;
+ Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
+
+ lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
+ lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
+ lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
+ lpcfg_string_set(Globals.ctx,
+ &Globals.tls_priority,
+ "NORMAL:-VERS-SSL3.0");
+
+ Globals._preferred_master = Auto;
+
+ Globals.allow_dns_updates = DNS_UPDATE_SIGNED;
+ Globals.dns_zone_scavenging = false;
+
+ lpcfg_string_set(Globals.ctx, &Globals.ntp_signd_socket_directory,
+ get_dyn_NTP_SIGND_SOCKET_DIR());
+
+ s = talloc_asprintf(talloc_tos(), "%s/samba_kcc", get_dyn_SCRIPTSBINDIR());
+ if (s == NULL) {
+ smb_panic("init_globals: ENOMEM");
+ }
+ Globals.samba_kcc_command = str_list_make_v3_const(NULL, s, NULL);
+ TALLOC_FREE(s);
+
+#ifdef MIT_KDC_PATH
+ Globals.mit_kdc_command = str_list_make_v3_const(NULL, MIT_KDC_PATH, NULL);
+#endif
+
+ s = talloc_asprintf(talloc_tos(), "%s/samba_dnsupdate", get_dyn_SCRIPTSBINDIR());
+ if (s == NULL) {
+ smb_panic("init_globals: ENOMEM");
+ }
+ Globals.dns_update_command = str_list_make_v3_const(NULL, s, NULL);
+ TALLOC_FREE(s);
+
+ s = talloc_asprintf(talloc_tos(), "%s/samba-gpupdate", get_dyn_SCRIPTSBINDIR());
+ if (s == NULL) {
+ smb_panic("init_globals: ENOMEM");
+ }
+ Globals.gpo_update_command = str_list_make_v3_const(NULL, s, NULL);
+ TALLOC_FREE(s);
+
+ Globals.apply_group_policies = false;
+
+ s = talloc_asprintf(talloc_tos(), "%s/samba_spnupdate", get_dyn_SCRIPTSBINDIR());
+ if (s == NULL) {
+ smb_panic("init_globals: ENOMEM");
+ }
+ Globals.spn_update_command = str_list_make_v3_const(NULL, s, NULL);
+ TALLOC_FREE(s);
+
+ Globals.nsupdate_command = str_list_make_v3_const(NULL, "/usr/bin/nsupdate -g", NULL);
+
+ Globals.cldap_port = 389;
+
+ Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
+
+ Globals.nbt_port = NBT_NAME_SERVICE_PORT;
+
+ Globals.krb5_port = 88;
+
+ Globals.kpasswd_port = 464;
+
+ Globals.kdc_enable_fast = true;
+
+ Globals.aio_max_threads = 100;
+
+ lpcfg_string_set(Globals.ctx,
+ &Globals.rpc_server_dynamic_port_range,
+ "49152-65535");
+ Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
+ Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
+ Globals.prefork_children = 4;
+ Globals.prefork_backoff_increment = 10;
+ Globals.prefork_maximum_backoff = 120;
+
+ Globals.ldap_max_anonymous_request_size = 256000;
+ Globals.ldap_max_authenticated_request_size = 16777216;
+ Globals.ldap_max_search_request_size = 256000;
+
+ /* Async DNS query timeout (in seconds). */
+ Globals.async_dns_timeout = 10;
+
+ Globals.client_smb_encrypt = SMB_ENCRYPTION_DEFAULT;
+
+ Globals._client_use_kerberos = CRED_USE_KERBEROS_DESIRED;
+
+ Globals.client_protection = CRED_CLIENT_PROTECTION_DEFAULT;
+
+ Globals.winbind_use_krb5_enterprise_principals = true;
+
+ Globals.client_smb3_signing_algorithms =
+ str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
+ Globals.server_smb3_signing_algorithms =
+ str_list_make_v3_const(NULL, DEFAULT_SMB3_SIGNING_ALGORITHMS, NULL);
+
+ Globals.client_smb3_encryption_algorithms =
+ str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
+ Globals.server_smb3_encryption_algorithms =
+ str_list_make_v3_const(NULL, DEFAULT_SMB3_ENCRYPTION_ALGORITHMS, NULL);
+
+ Globals.min_domain_uid = 1000;
+
+ /*
+ * By default allow smbd and winbindd to start samba-dcerpcd as
+ * a named-pipe helper.
+ */
+ Globals.rpc_start_on_demand_helpers = true;
+
+ /* Now put back the settings that were set with lp_set_cmdline() */
+ apply_lp_set_cmdline();
+}
+
+/* Convenience routine to setup an lp_context with additional s3 variables */
+static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx)
+{
+ struct loadparm_context *lp_ctx;
+
+ lp_ctx = loadparm_init_s3(mem_ctx,
+ loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NULL;
+ }
+
+ lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
+ if (lp_ctx->sDefault == NULL) {
+ DBG_ERR("talloc_zero failed\n");
+ TALLOC_FREE(lp_ctx);
+ return NULL;
+ }
+
+ *lp_ctx->sDefault = _sDefault;
+ lp_ctx->services = NULL; /* We do not want to access this directly */
+ lp_ctx->bInGlobalSection = bInGlobalSection;
+ lp_ctx->flags = flags_list;
+
+ return lp_ctx;
+}
+
+/*******************************************************************
+ Convenience routine to grab string parameters into talloced memory
+ and run standard_sub_basic on them. The buffers can be written to by
+ callers without affecting the source string.
+********************************************************************/
+
+static char *loadparm_s3_global_substitution_fn(
+ TALLOC_CTX *mem_ctx,
+ const struct loadparm_substitution *lp_sub,
+ const char *s,
+ void *private_data)
+{
+ char *ret;
+
+ /* The follow debug is useful for tracking down memory problems
+ especially if you have an inner loop that is calling a lp_*()
+ function that returns a string. Perhaps this debug should be
+ present all the time? */
+
+#if 0
+ DEBUG(10, ("lp_string(%s)\n", s));
+#endif
+ if (!s) {
+ return NULL;
+ }
+
+ ret = talloc_sub_basic(mem_ctx,
+ get_current_username(),
+ current_user_info.domain,
+ s);
+ if (trim_char(ret, '\"', '\"')) {
+ if (strchr(ret,'\"') != NULL) {
+ TALLOC_FREE(ret);
+ ret = talloc_sub_basic(mem_ctx,
+ get_current_username(),
+ current_user_info.domain,
+ s);
+ }
+ }
+ return ret;
+}
+
+static const struct loadparm_substitution s3_global_substitution = {
+ .substituted_string_fn = loadparm_s3_global_substitution_fn,
+};
+
+const struct loadparm_substitution *loadparm_s3_global_substitution(void)
+{
+ return &s3_global_substitution;
+}
+
+/*
+ In this section all the functions that are used to access the
+ parameters from the rest of the program are defined
+*/
+
+#define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,ptr) \
+char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub) \
+ {return lpcfg_substituted_string(ctx, lp_sub, *(char **)(&Globals.ptr) ? *(char **)(&Globals.ptr) : "");}
+#define FN_GLOBAL_CONST_STRING(fn_name,ptr) \
+ const char *lp_ ## fn_name(void) {return(*(const char * const *)(&Globals.ptr) ? *(const char * const *)(&Globals.ptr) : "");}
+#define FN_GLOBAL_LIST(fn_name,ptr) \
+ const char **lp_ ## fn_name(void) {return(*(const char ***)(&Globals.ptr));}
+#define FN_GLOBAL_BOOL(fn_name,ptr) \
+ bool lp_ ## fn_name(void) {return(*(bool *)(&Globals.ptr));}
+#define FN_GLOBAL_CHAR(fn_name,ptr) \
+ char lp_ ## fn_name(void) {return(*(char *)(&Globals.ptr));}
+#define FN_GLOBAL_INTEGER(fn_name,ptr) \
+ int lp_ ## fn_name(void) {return(*(int *)(&Globals.ptr));}
+
+#define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \
+char *lp_ ## fn_name(TALLOC_CTX *ctx, const struct loadparm_substitution *lp_sub, int i) \
+ {return lpcfg_substituted_string((ctx), lp_sub, (LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
+#define FN_LOCAL_CONST_STRING(fn_name,val) \
+ const char *lp_ ## fn_name(int i) {return (const char *)((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val);}
+#define FN_LOCAL_LIST(fn_name,val) \
+ const char **lp_ ## fn_name(int i) {return(const char **)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
+#define FN_LOCAL_BOOL(fn_name,val) \
+ bool lp_ ## fn_name(int i) {return(bool)(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
+#define FN_LOCAL_INTEGER(fn_name,val) \
+ int lp_ ## fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
+
+#define FN_LOCAL_PARM_BOOL(fn_name,val) \
+ bool lp_ ## fn_name(const struct share_params *p) {return(bool)(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
+#define FN_LOCAL_PARM_INTEGER(fn_name,val) \
+ int lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
+#define FN_LOCAL_PARM_CHAR(fn_name,val) \
+ char lp_ ## fn_name(const struct share_params *p) {return(LP_SNUM_OK(p->service)? ServicePtrs[(p->service)]->val : sDefault.val);}
+
+int lp_winbind_max_domain_connections(void)
+{
+ if (lp_winbind_offline_logon() &&
+ lp__winbind_max_domain_connections() > 1) {
+ DEBUG(1, ("offline logons active, restricting max domain "
+ "connections to 1\n"));
+ return 1;
+ }
+ return MAX(1, lp__winbind_max_domain_connections());
+}
+
+/* These functions remain in source3/param for now */
+
+#include "lib/param/param_functions.c"
+
+FN_LOCAL_SUBSTITUTED_STRING(servicename, szService)
+FN_LOCAL_CONST_STRING(const_servicename, szService)
+
+/* These functions cannot be auto-generated */
+FN_LOCAL_BOOL(autoloaded, autoloaded)
+FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain)
+
+/* local prototypes */
+
+static int map_parameter_canonical(const char *pszParmName, bool *inverse);
+static const char *get_boolean(bool bool_value);
+static bool do_parameter(const char *pszParmName, const char *pszParmValue,
+ void *userdata);
+static bool hash_a_service(const char *name, int number);
+static void free_service_byindex(int iService);
+static void show_parameter(int parmIndex);
+static bool is_synonym_of(int parm1, int parm2, bool *inverse);
+static bool lp_parameter_value_is_valid(const char *parm_name, const char *val);
+
+/*
+ * This is a helper function for parametrical options support. It returns a
+ * pointer to parametrical option value if it exists or NULL otherwise. Actual
+ * parametrical functions are quite simple
+ */
+static struct parmlist_entry *get_parametrics(int snum, const char *type,
+ const char *option)
+{
+ if (snum >= iNumServices) return NULL;
+
+ if (snum < 0) {
+ return get_parametric_helper(NULL, type, option, Globals.param_opt);
+ } else {
+ return get_parametric_helper(ServicePtrs[snum],
+ type, option, Globals.param_opt);
+ }
+}
+
+static void discard_whitespace(char *str)
+{
+ size_t len = strlen(str);
+ size_t i = 0;
+
+ while (i < len) {
+ if (isspace(str[i])) {
+ memmove(&str[i], &str[i+1], len-i);
+ len -= 1;
+ continue;
+ }
+ i += 1;
+ }
+}
+
+/**
+ * @brief Go through all global parametric parameters
+ *
+ * @param regex_str A regular expression to scan param for
+ * @param max_matches Max number of submatches the regexp expects
+ * @param cb Function to call on match. Should return true
+ * when it wants wi_scan_global_parametrics to stop
+ * scanning
+ * @param private_data Anonymous pointer passed to cb
+ *
+ * @return 0: success, regcomp/regexec return value on error.
+ * See "man regexec" for possible errors
+ */
+
+int lp_wi_scan_global_parametrics(
+ const char *regex_str, size_t max_matches,
+ bool (*cb)(const char *string, regmatch_t matches[],
+ void *private_data),
+ void *private_data)
+{
+ struct parmlist_entry *data;
+ regex_t regex;
+ int ret;
+
+ ret = regcomp(&regex, regex_str, REG_ICASE);
+ if (ret != 0) {
+ return ret;
+ }
+
+ for (data = Globals.param_opt; data != NULL; data = data->next) {
+ size_t keylen = strlen(data->key);
+ char key[keylen+1];
+ regmatch_t matches[max_matches];
+ bool stop;
+
+ memcpy(key, data->key, sizeof(key));
+ discard_whitespace(key);
+
+ ret = regexec(&regex, key, max_matches, matches, 0);
+ if (ret == REG_NOMATCH) {
+ continue;
+ }
+ if (ret != 0) {
+ goto fail;
+ }
+
+ stop = cb(key, matches, private_data);
+ if (stop) {
+ break;
+ }
+ }
+
+ ret = 0;
+fail:
+ regfree(&regex);
+ return ret;
+}
+
+
+#define MISSING_PARAMETER(name) \
+ DEBUG(0, ("%s(): value is NULL or empty!\n", #name))
+
+/*******************************************************************
+convenience routine to return enum parameters.
+********************************************************************/
+static int lp_enum(const char *s,const struct enum_list *_enum)
+{
+ int i;
+
+ if (!s || !*s || !_enum) {
+ MISSING_PARAMETER(lp_enum);
+ return (-1);
+ }
+
+ for (i=0; _enum[i].name; i++) {
+ if (strequal(_enum[i].name,s))
+ return _enum[i].value;
+ }
+
+ DEBUG(0,("lp_enum(%s,enum): value is not in enum_list!\n",s));
+ return (-1);
+}
+
+#undef MISSING_PARAMETER
+
+/* Return parametric option from a given service. Type is a part of option before ':' */
+/* Parametric option has following syntax: 'Type: option = value' */
+char *lp_parm_substituted_string(TALLOC_CTX *mem_ctx,
+ const struct loadparm_substitution *lp_sub,
+ int snum,
+ const char *type,
+ const char *option,
+ const char *def)
+{
+ struct parmlist_entry *data = get_parametrics(snum, type, option);
+
+ SMB_ASSERT(lp_sub != NULL);
+
+ if (data == NULL||data->value==NULL) {
+ if (def) {
+ return lpcfg_substituted_string(mem_ctx, lp_sub, def);
+ } else {
+ return NULL;
+ }
+ }
+
+ return lpcfg_substituted_string(mem_ctx, lp_sub, data->value);
+}
+
+/* Return parametric option from a given service. Type is a part of option before ':' */
+/* Parametric option has following syntax: 'Type: option = value' */
+const char *lp_parm_const_string(int snum, const char *type, const char *option, const char *def)
+{
+ struct parmlist_entry *data = get_parametrics(snum, type, option);
+
+ if (data == NULL||data->value==NULL)
+ return def;
+
+ return data->value;
+}
+
+
+/* Return parametric option from a given service. Type is a part of option before ':' */
+/* Parametric option has following syntax: 'Type: option = value' */
+
+const char **lp_parm_string_list(int snum, const char *type, const char *option, const char **def)
+{
+ struct parmlist_entry *data = get_parametrics(snum, type, option);
+
+ if (data == NULL||data->value==NULL)
+ return (const char **)def;
+
+ if (data->list==NULL) {
+ data->list = str_list_make_v3(NULL, data->value, NULL);
+ }
+
+ return discard_const_p(const char *, data->list);
+}
+
+/* Return parametric option from a given service. Type is a part of option before ':' */
+/* Parametric option has following syntax: 'Type: option = value' */
+
+int lp_parm_int(int snum, const char *type, const char *option, int def)
+{
+ struct parmlist_entry *data = get_parametrics(snum, type, option);
+
+ if (data && data->value && *data->value)
+ return lp_int(data->value);
+
+ return def;
+}
+
+/* Return parametric option from a given service. Type is a part of option before ':' */
+/* Parametric option has following syntax: 'Type: option = value' */
+
+unsigned long lp_parm_ulong(int snum, const char *type, const char *option, unsigned long def)
+{
+ struct parmlist_entry *data = get_parametrics(snum, type, option);
+
+ if (data && data->value && *data->value)
+ return lp_ulong(data->value);
+
+ return def;
+}
+
+/* Return parametric option from a given service. Type is a part of option before ':' */
+/* Parametric option has following syntax: 'Type: option = value' */
+
+unsigned long long lp_parm_ulonglong(int snum, const char *type,
+ const char *option, unsigned long long def)
+{
+ struct parmlist_entry *data = get_parametrics(snum, type, option);
+
+ if (data && data->value && *data->value) {
+ return lp_ulonglong(data->value);
+ }
+
+ return def;
+}
+
+/* Return parametric option from a given service. Type is a part of option
+ * before ':' */
+/* Parametric option has following syntax: 'Type: option = value' */
+
+bool lp_parm_bool(int snum, const char *type, const char *option, bool def)
+{
+ struct parmlist_entry *data = get_parametrics(snum, type, option);
+
+ if (data && data->value && *data->value)
+ return lp_bool(data->value);
+
+ return def;
+}
+
+/* Return parametric option from a given service. Type is a part of option before ':' */
+/* Parametric option has following syntax: 'Type: option = value' */
+
+int lp_parm_enum(int snum, const char *type, const char *option,
+ const struct enum_list *_enum, int def)
+{
+ struct parmlist_entry *data = get_parametrics(snum, type, option);
+
+ if (data && data->value && *data->value && _enum)
+ return lp_enum(data->value, _enum);
+
+ return def;
+}
+
+/**
+ * free a param_opts structure.
+ * param_opts handling should be moved to talloc;
+ * then this whole functions reduces to a TALLOC_FREE().
+ */
+
+static void free_param_opts(struct parmlist_entry **popts)
+{
+ struct parmlist_entry *opt, *next_opt;
+
+ if (*popts != NULL) {
+ DEBUG(5, ("Freeing parametrics:\n"));
+ }
+ opt = *popts;
+ while (opt != NULL) {
+ lpcfg_string_free(&opt->key);
+ lpcfg_string_free(&opt->value);
+ TALLOC_FREE(opt->list);
+ next_opt = opt->next;
+ TALLOC_FREE(opt);
+ opt = next_opt;
+ }
+ *popts = NULL;
+}
+
+/***************************************************************************
+ Free the dynamically allocated parts of a service struct.
+***************************************************************************/
+
+static void free_service(struct loadparm_service *pservice)
+{
+ if (!pservice)
+ return;
+
+ if (pservice->szService)
+ DEBUG(5, ("free_service: Freeing service %s\n",
+ pservice->szService));
+
+ free_parameters(pservice);
+
+ lpcfg_string_free(&pservice->szService);
+ TALLOC_FREE(pservice->copymap);
+
+ free_param_opts(&pservice->param_opt);
+
+ ZERO_STRUCTP(pservice);
+}
+
+
+/***************************************************************************
+ remove a service indexed in the ServicePtrs array from the ServiceHash
+ and free the dynamically allocated parts
+***************************************************************************/
+
+static void free_service_byindex(int idx)
+{
+ if ( !LP_SNUM_OK(idx) )
+ return;
+
+ ServicePtrs[idx]->valid = false;
+
+ /* we have to cleanup the hash record */
+
+ if (ServicePtrs[idx]->szService) {
+ char *canon_name = canonicalize_servicename(
+ talloc_tos(),
+ ServicePtrs[idx]->szService );
+
+ dbwrap_delete_bystring(ServiceHash, canon_name );
+ TALLOC_FREE(canon_name);
+ }
+
+ free_service(ServicePtrs[idx]);
+ TALLOC_FREE(ServicePtrs[idx]);
+}
+
+/***************************************************************************
+ Add a new service to the services array initialising it with the given
+ service.
+***************************************************************************/
+
+static int add_a_service(const struct loadparm_service *pservice, const char *name)
+{
+ int i;
+ struct loadparm_service **tsp = NULL;
+
+ /* it might already exist */
+ if (name) {
+ i = getservicebyname(name, NULL);
+ if (i >= 0) {
+ return (i);
+ }
+ }
+
+ /* Re use empty slots if any before allocating new one.*/
+ for (i=0; i < iNumServices; i++) {
+ if (ServicePtrs[i] == NULL) {
+ break;
+ }
+ }
+ if (i == iNumServices) {
+ /* if not, then create one */
+ tsp = talloc_realloc(NULL, ServicePtrs,
+ struct loadparm_service *,
+ iNumServices + 1);
+ if (tsp == NULL) {
+ DEBUG(0, ("add_a_service: failed to enlarge "
+ "ServicePtrs!\n"));
+ return (-1);
+ }
+ ServicePtrs = tsp;
+ iNumServices++;
+ }
+ ServicePtrs[i] = talloc_zero(ServicePtrs, struct loadparm_service);
+ if (!ServicePtrs[i]) {
+ DEBUG(0,("add_a_service: out of memory!\n"));
+ return (-1);
+ }
+
+ ServicePtrs[i]->valid = true;
+
+ copy_service(ServicePtrs[i], pservice, NULL);
+ if (name)
+ lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->szService,
+ name);
+
+ DEBUG(8,("add_a_service: Creating snum = %d for %s\n",
+ i, ServicePtrs[i]->szService));
+
+ if (!hash_a_service(ServicePtrs[i]->szService, i)) {
+ return (-1);
+ }
+
+ return (i);
+}
+
+/***************************************************************************
+ Convert a string to uppercase and remove whitespaces.
+***************************************************************************/
+
+char *canonicalize_servicename(TALLOC_CTX *ctx, const char *src)
+{
+ char *result;
+
+ if ( !src ) {
+ DEBUG(0,("canonicalize_servicename: NULL source name!\n"));
+ return NULL;
+ }
+
+ result = talloc_strdup(ctx, src);
+ SMB_ASSERT(result != NULL);
+
+ if (!strlower_m(result)) {
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ return result;
+}
+
+/***************************************************************************
+ Add a name/index pair for the services array to the hash table.
+***************************************************************************/
+
+static bool hash_a_service(const char *name, int idx)
+{
+ char *canon_name;
+
+ if ( !ServiceHash ) {
+ DEBUG(10,("hash_a_service: creating servicehash\n"));
+ ServiceHash = db_open_rbt(NULL);
+ if ( !ServiceHash ) {
+ DEBUG(0,("hash_a_service: open tdb servicehash failed!\n"));
+ return false;
+ }
+ }
+
+ DEBUG(10,("hash_a_service: hashing index %d for service name %s\n",
+ idx, name));
+
+ canon_name = canonicalize_servicename(talloc_tos(), name );
+
+ dbwrap_store_bystring(ServiceHash, canon_name,
+ make_tdb_data((uint8_t *)&idx, sizeof(idx)),
+ TDB_REPLACE);
+
+ TALLOC_FREE(canon_name);
+
+ return true;
+}
+
+/***************************************************************************
+ Add a new home service, with the specified home directory, defaults coming
+ from service ifrom.
+***************************************************************************/
+
+bool lp_add_home(const char *pszHomename, int iDefaultService,
+ const char *user, const char *pszHomedir)
+{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ int i;
+ char *global_path;
+
+ if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
+ pszHomedir[0] == '\0') {
+ return false;
+ }
+
+ i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
+
+ if (i < 0)
+ return false;
+
+ global_path = lp_path(talloc_tos(), lp_sub, GLOBAL_SECTION_SNUM);
+ if (!(*(ServicePtrs[iDefaultService]->path))
+ || strequal(ServicePtrs[iDefaultService]->path, global_path)) {
+ lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path,
+ pszHomedir);
+ }
+ TALLOC_FREE(global_path);
+
+ if (!(*(ServicePtrs[i]->comment))) {
+ char *comment = talloc_asprintf(talloc_tos(), "Home directory of %s", user);
+ if (comment == NULL) {
+ return false;
+ }
+ lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment,
+ comment);
+ TALLOC_FREE(comment);
+ }
+
+ /* set the browseable flag from the global default */
+
+ ServicePtrs[i]->browseable = sDefault.browseable;
+ ServicePtrs[i]->access_based_share_enum = sDefault.access_based_share_enum;
+
+ ServicePtrs[i]->autoloaded = true;
+
+ DEBUG(3, ("adding home's share [%s] for user '%s' at '%s'\n", pszHomename,
+ user, ServicePtrs[i]->path ));
+
+ return true;
+}
+
+/***************************************************************************
+ Add a new service, based on an old one.
+***************************************************************************/
+
+int lp_add_service(const char *pszService, int iDefaultService)
+{
+ if (iDefaultService < 0) {
+ return add_a_service(&sDefault, pszService);
+ }
+
+ return (add_a_service(ServicePtrs[iDefaultService], pszService));
+}
+
+/***************************************************************************
+ Add the IPC service.
+***************************************************************************/
+
+static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
+{
+ char *comment = NULL;
+ int i = add_a_service(&sDefault, ipc_name);
+
+ if (i < 0)
+ return false;
+
+ comment = talloc_asprintf(talloc_tos(), "IPC Service (%s)",
+ Globals.server_string);
+ if (comment == NULL) {
+ return false;
+ }
+
+ lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
+ lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
+ lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
+ ServicePtrs[i]->max_connections = 0;
+ ServicePtrs[i]->available = true;
+ ServicePtrs[i]->read_only = true;
+ ServicePtrs[i]->guest_only = false;
+ ServicePtrs[i]->administrative_share = true;
+ ServicePtrs[i]->guest_ok = guest_ok;
+ ServicePtrs[i]->printable = false;
+ ServicePtrs[i]->browseable = sDefault.browseable;
+ ServicePtrs[i]->autoloaded = false;
+
+ DEBUG(3, ("adding IPC service\n"));
+
+ TALLOC_FREE(comment);
+ return true;
+}
+
+/***************************************************************************
+ Add a new printer service, with defaults coming from service iFrom.
+***************************************************************************/
+
+bool lp_add_printer(const char *pszPrintername, int iDefaultService)
+{
+ const char *comment = "From Printcap";
+ int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
+
+ if (i < 0)
+ return false;
+
+ /* note that we do NOT default the availability flag to true - */
+ /* we take it from the default service passed. This allows all */
+ /* dynamic printers to be disabled by disabling the [printers] */
+ /* entry (if/when the 'available' keyword is implemented!). */
+
+ /* the printer name is set to the service name. */
+ lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->_printername,
+ pszPrintername);
+ lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
+
+ /* set the browseable flag from the gloabl default */
+ ServicePtrs[i]->browseable = sDefault.browseable;
+
+ /* Printers cannot be read_only. */
+ ServicePtrs[i]->read_only = false;
+ /* No oplocks on printer services. */
+ ServicePtrs[i]->oplocks = false;
+ /* Printer services must be printable. */
+ ServicePtrs[i]->printable = true;
+
+ DEBUG(3, ("adding printer service %s\n", pszPrintername));
+
+ return true;
+}
+
+
+/***************************************************************************
+ Check whether the given parameter name is valid.
+ Parametric options (names containing a colon) are considered valid.
+***************************************************************************/
+
+bool lp_parameter_is_valid(const char *pszParmName)
+{
+ return ((lpcfg_map_parameter(pszParmName) != -1) ||
+ (strchr(pszParmName, ':') != NULL));
+}
+
+/***************************************************************************
+ Check whether the given name is the name of a global parameter.
+ Returns true for strings belonging to parameters of class
+ P_GLOBAL, false for all other strings, also for parametric options
+ and strings not belonging to any option.
+***************************************************************************/
+
+bool lp_parameter_is_global(const char *pszParmName)
+{
+ int num = lpcfg_map_parameter(pszParmName);
+
+ if (num >= 0) {
+ return (parm_table[num].p_class == P_GLOBAL);
+ }
+
+ return false;
+}
+
+/**************************************************************************
+ Determine the canonical name for a parameter.
+ Indicate when it is an inverse (boolean) synonym instead of a
+ "usual" synonym.
+**************************************************************************/
+
+bool lp_canonicalize_parameter(const char *parm_name, const char **canon_parm,
+ bool *inverse)
+{
+ int num;
+
+ if (!lp_parameter_is_valid(parm_name)) {
+ *canon_parm = NULL;
+ return false;
+ }
+
+ num = map_parameter_canonical(parm_name, inverse);
+ if (num < 0) {
+ /* parametric option */
+ *canon_parm = parm_name;
+ } else {
+ *canon_parm = parm_table[num].label;
+ }
+
+ return true;
+
+}
+
+/**************************************************************************
+ Determine the canonical name for a parameter.
+ Turn the value given into the inverse boolean expression when
+ the synonym is an invers boolean synonym.
+
+ Return true if
+ - parm_name is a valid parameter name and
+ - val is a valid value for this parameter and
+ - in case the parameter is an inverse boolean synonym, if the val
+ string could successfully be converted to the reverse bool.
+ Return false in all other cases.
+**************************************************************************/
+
+bool lp_canonicalize_parameter_with_value(const char *parm_name,
+ const char *val,
+ const char **canon_parm,
+ const char **canon_val)
+{
+ int num;
+ bool inverse;
+ bool ret;
+
+ if (!lp_parameter_is_valid(parm_name)) {
+ *canon_parm = NULL;
+ *canon_val = NULL;
+ return false;
+ }
+
+ num = map_parameter_canonical(parm_name, &inverse);
+ if (num < 0) {
+ /* parametric option */
+ *canon_parm = parm_name;
+ *canon_val = val;
+ return true;
+ }
+
+ *canon_parm = parm_table[num].label;
+ if (inverse) {
+ if (!lp_invert_boolean(val, canon_val)) {
+ *canon_val = NULL;
+ return false;
+ }
+ } else {
+ *canon_val = val;
+ }
+
+ ret = lp_parameter_value_is_valid(*canon_parm, *canon_val);
+
+ return ret;
+}
+
+/***************************************************************************
+ Map a parameter's string representation to the index of the canonical
+ form of the parameter (it might be a synonym).
+ Returns -1 if the parameter string is not recognised.
+***************************************************************************/
+
+static int map_parameter_canonical(const char *pszParmName, bool *inverse)
+{
+ int parm_num, canon_num;
+ bool loc_inverse = false;
+
+ parm_num = lpcfg_map_parameter(pszParmName);
+ if ((parm_num < 0) || !(parm_table[parm_num].flags & FLAG_SYNONYM)) {
+ /* invalid, parametric or no canidate for synonyms ... */
+ goto done;
+ }
+
+ for (canon_num = 0; parm_table[canon_num].label; canon_num++) {
+ if (is_synonym_of(parm_num, canon_num, &loc_inverse)) {
+ parm_num = canon_num;
+ goto done;
+ }
+ }
+
+done:
+ if (inverse != NULL) {
+ *inverse = loc_inverse;
+ }
+ return parm_num;
+}
+
+/***************************************************************************
+ return true if parameter number parm1 is a synonym of parameter
+ number parm2 (parm2 being the principal name).
+ set inverse to true if parm1 is P_BOOLREV and parm2 is P_BOOL,
+ false otherwise.
+***************************************************************************/
+
+static bool is_synonym_of(int parm1, int parm2, bool *inverse)
+{
+ if ((parm_table[parm1].offset == parm_table[parm2].offset) &&
+ (parm_table[parm1].p_class == parm_table[parm2].p_class) &&
+ (parm_table[parm1].flags & FLAG_SYNONYM) &&
+ !(parm_table[parm2].flags & FLAG_SYNONYM))
+ {
+ if (inverse != NULL) {
+ if ((parm_table[parm1].type == P_BOOLREV) &&
+ (parm_table[parm2].type == P_BOOL))
+ {
+ *inverse = true;
+ } else {
+ *inverse = false;
+ }
+ }
+ return true;
+ }
+ return false;
+}
+
+/***************************************************************************
+ Show one parameter's name, type, [values,] and flags.
+ (helper functions for show_parameter_list)
+***************************************************************************/
+
+static void show_parameter(int parmIndex)
+{
+ size_t enumIndex, flagIndex;
+ size_t parmIndex2;
+ bool hadFlag;
+ bool hadSyn;
+ bool inverse;
+ const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
+ "P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
+ "P_ENUM", "P_BYTES", "P_CMDLIST" };
+ unsigned flags[] = { FLAG_DEPRECATED, FLAG_SYNONYM };
+ const char *flag_names[] = { "FLAG_DEPRECATED", "FLAG_SYNONYM", NULL};
+
+ printf("%s=%s", parm_table[parmIndex].label,
+ type[parm_table[parmIndex].type]);
+ if (parm_table[parmIndex].type == P_ENUM) {
+ printf(",");
+ for (enumIndex=0;
+ parm_table[parmIndex].enum_list[enumIndex].name;
+ enumIndex++)
+ {
+ printf("%s%s",
+ enumIndex ? "|" : "",
+ parm_table[parmIndex].enum_list[enumIndex].name);
+ }
+ }
+ printf(",");
+ hadFlag = false;
+ for (flagIndex=0; flag_names[flagIndex]; flagIndex++) {
+ if (parm_table[parmIndex].flags & flags[flagIndex]) {
+ printf("%s%s",
+ hadFlag ? "|" : "",
+ flag_names[flagIndex]);
+ hadFlag = true;
+ }
+ }
+
+ /* output synonyms */
+ hadSyn = false;
+ for (parmIndex2=0; parm_table[parmIndex2].label; parmIndex2++) {
+ if (is_synonym_of(parmIndex, parmIndex2, &inverse)) {
+ printf(" (%ssynonym of %s)", inverse ? "inverse " : "",
+ parm_table[parmIndex2].label);
+ } else if (is_synonym_of(parmIndex2, parmIndex, &inverse)) {
+ if (!hadSyn) {
+ printf(" (synonyms: ");
+ hadSyn = true;
+ } else {
+ printf(", ");
+ }
+ printf("%s%s", parm_table[parmIndex2].label,
+ inverse ? "[i]" : "");
+ }
+ }
+ if (hadSyn) {
+ printf(")");
+ }
+
+ printf("\n");
+}
+
+/*
+ * Check the value for a P_ENUM
+ */
+static bool check_enum_parameter(struct parm_struct *parm, const char *value)
+{
+ int i;
+
+ for (i = 0; parm->enum_list[i].name; i++) {
+ if (strwicmp(value, parm->enum_list[i].name) == 0) {
+ return true;
+ }
+ }
+ return false;
+}
+
+/**************************************************************************
+ Check whether the given value is valid for the given parameter name.
+**************************************************************************/
+
+static bool lp_parameter_value_is_valid(const char *parm_name, const char *val)
+{
+ bool ret = false, tmp_bool;
+ int num = lpcfg_map_parameter(parm_name), tmp_int;
+ uint64_t tmp_int64 = 0;
+ struct parm_struct *parm;
+
+ /* parametric options (parameter names containing a colon) cannot
+ be checked and are therefore considered valid. */
+ if (strchr(parm_name, ':') != NULL) {
+ return true;
+ }
+
+ if (num >= 0) {
+ parm = &parm_table[num];
+ switch (parm->type) {
+ case P_BOOL:
+ case P_BOOLREV:
+ ret = set_boolean(val, &tmp_bool);
+ break;
+
+ case P_INTEGER:
+ ret = (sscanf(val, "%d", &tmp_int) == 1);
+ break;
+
+ case P_OCTAL:
+ ret = (sscanf(val, "%o", &tmp_int) == 1);
+ break;
+
+ case P_ENUM:
+ ret = check_enum_parameter(parm, val);
+ break;
+
+ case P_BYTES:
+ if (conv_str_size_error(val, &tmp_int64) &&
+ tmp_int64 <= INT_MAX) {
+ ret = true;
+ }
+ break;
+
+ case P_CHAR:
+ case P_LIST:
+ case P_STRING:
+ case P_USTRING:
+ case P_CMDLIST:
+ ret = true;
+ break;
+ }
+ }
+ return ret;
+}
+
+/***************************************************************************
+ Show all parameter's name, type, [values,] and flags.
+***************************************************************************/
+
+void show_parameter_list(void)
+{
+ int classIndex, parmIndex;
+ const char *section_names[] = { "local", "global", NULL};
+
+ for (classIndex=0; section_names[classIndex]; classIndex++) {
+ printf("[%s]\n", section_names[classIndex]);
+ for (parmIndex = 0; parm_table[parmIndex].label; parmIndex++) {
+ if (parm_table[parmIndex].p_class == classIndex) {
+ show_parameter(parmIndex);
+ }
+ }
+ }
+}
+
+/***************************************************************************
+ Get the standard string representation of a boolean value ("yes" or "no")
+***************************************************************************/
+
+static const char *get_boolean(bool bool_value)
+{
+ static const char *yes_str = "yes";
+ static const char *no_str = "no";
+
+ return (bool_value ? yes_str : no_str);
+}
+
+/***************************************************************************
+ Provide the string of the negated boolean value associated to the boolean
+ given as a string. Returns false if the passed string does not correctly
+ represent a boolean.
+***************************************************************************/
+
+bool lp_invert_boolean(const char *str, const char **inverse_str)
+{
+ bool val;
+
+ if (!set_boolean(str, &val)) {
+ return false;
+ }
+
+ *inverse_str = get_boolean(!val);
+ return true;
+}
+
+/***************************************************************************
+ Provide the canonical string representation of a boolean value given
+ as a string. Return true on success, false if the string given does
+ not correctly represent a boolean.
+***************************************************************************/
+
+bool lp_canonicalize_boolean(const char *str, const char**canon_str)
+{
+ bool val;
+
+ if (!set_boolean(str, &val)) {
+ return false;
+ }
+
+ *canon_str = get_boolean(val);
+ return true;
+}
+
+/***************************************************************************
+Find a service by name. Otherwise works like get_service.
+***************************************************************************/
+
+int getservicebyname(const char *pszServiceName, struct loadparm_service *pserviceDest)
+{
+ int iService = -1;
+ char *canon_name;
+ TDB_DATA data;
+ NTSTATUS status;
+
+ if (ServiceHash == NULL) {
+ return -1;
+ }
+
+ canon_name = canonicalize_servicename(talloc_tos(), pszServiceName);
+
+ status = dbwrap_fetch_bystring(ServiceHash, canon_name, canon_name,
+ &data);
+
+ if (NT_STATUS_IS_OK(status) &&
+ (data.dptr != NULL) &&
+ (data.dsize == sizeof(iService)))
+ {
+ memcpy(&iService, data.dptr, sizeof(iService));
+ }
+
+ TALLOC_FREE(canon_name);
+
+ if ((iService != -1) && (LP_SNUM_OK(iService))
+ && (pserviceDest != NULL)) {
+ copy_service(pserviceDest, ServicePtrs[iService], NULL);
+ }
+
+ return (iService);
+}
+
+/* Return a pointer to a service by name. Unlike getservicebyname, it does not copy the service */
+struct loadparm_service *lp_service(const char *pszServiceName)
+{
+ int iService = getservicebyname(pszServiceName, NULL);
+ if (iService == -1 || !LP_SNUM_OK(iService)) {
+ return NULL;
+ }
+ return ServicePtrs[iService];
+}
+
+struct loadparm_service *lp_servicebynum(int snum)
+{
+ if ((snum == -1) || !LP_SNUM_OK(snum)) {
+ return NULL;
+ }
+ return ServicePtrs[snum];
+}
+
+struct loadparm_service *lp_default_loadparm_service(void)
+{
+ return &sDefault;
+}
+
+static struct smbconf_ctx *lp_smbconf_ctx(void)
+{
+ sbcErr err;
+ static struct smbconf_ctx *conf_ctx = NULL;
+
+ if (conf_ctx == NULL) {
+ err = smbconf_init(NULL, &conf_ctx, "registry:");
+ if (!SBC_ERROR_IS_OK(err)) {
+ DEBUG(1, ("error initializing registry configuration: "
+ "%s\n", sbcErrorString(err)));
+ conf_ctx = NULL;
+ }
+ }
+
+ return conf_ctx;
+}
+
+static bool process_smbconf_service(struct smbconf_service *service)
+{
+ uint32_t count;
+ bool ret;
+
+ if (service == NULL) {
+ return false;
+ }
+
+ ret = lp_do_section(service->name, NULL);
+ if (ret != true) {
+ return false;
+ }
+ for (count = 0; count < service->num_params; count++) {
+
+ if (!bInGlobalSection && bGlobalOnly) {
+ ret = true;
+ } else {
+ const char *pszParmName = service->param_names[count];
+ const char *pszParmValue = service->param_values[count];
+
+ DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
+
+ ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
+ pszParmName, pszParmValue);
+ }
+
+ if (ret != true) {
+ return false;
+ }
+ }
+ if (iServiceIndex >= 0) {
+ return lpcfg_service_ok(ServicePtrs[iServiceIndex]);
+ }
+ return true;
+}
+
+/**
+ * load a service from registry and activate it
+ */
+bool process_registry_service(const char *service_name)
+{
+ sbcErr err;
+ struct smbconf_service *service = NULL;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+ struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
+ bool ret = false;
+
+ if (conf_ctx == NULL) {
+ goto done;
+ }
+
+ DEBUG(5, ("process_registry_service: service name %s\n", service_name));
+
+ if (!smbconf_share_exists(conf_ctx, service_name)) {
+ /*
+ * Registry does not contain data for this service (yet),
+ * but make sure lp_load doesn't return false.
+ */
+ ret = true;
+ goto done;
+ }
+
+ err = smbconf_get_share(conf_ctx, mem_ctx, service_name, &service);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ ret = process_smbconf_service(service);
+ if (!ret) {
+ goto done;
+ }
+
+ /* store the csn */
+ smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
+
+done:
+ TALLOC_FREE(mem_ctx);
+ return ret;
+}
+
+/*
+ * process_registry_globals
+ */
+static bool process_registry_globals(void)
+{
+ bool ret;
+
+ add_to_file_list(NULL, &file_lists, INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME);
+
+ if (!bInGlobalSection && bGlobalOnly) {
+ ret = true;
+ } else {
+ const char *pszParmName = "registry shares";
+ const char *pszParmValue = "yes";
+
+ DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
+
+ ret = lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
+ pszParmName, pszParmValue);
+ }
+
+ if (!ret) {
+ return ret;
+ }
+
+ return process_registry_service(GLOBAL_NAME);
+}
+
+bool process_registry_shares(void)
+{
+ sbcErr err;
+ uint32_t count;
+ struct smbconf_service **service = NULL;
+ uint32_t num_shares = 0;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+ struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
+ bool ret = false;
+
+ if (conf_ctx == NULL) {
+ goto done;
+ }
+
+ err = smbconf_get_config(conf_ctx, mem_ctx, &num_shares, &service);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ ret = true;
+
+ for (count = 0; count < num_shares; count++) {
+ if (strequal(service[count]->name, GLOBAL_NAME)) {
+ continue;
+ }
+ ret = process_smbconf_service(service[count]);
+ if (!ret) {
+ goto done;
+ }
+ }
+
+ /* store the csn */
+ smbconf_changed(conf_ctx, &conf_last_csn, NULL, NULL);
+
+done:
+ TALLOC_FREE(mem_ctx);
+ return ret;
+}
+
+/**
+ * reload those shares from registry that are already
+ * activated in the services array.
+ */
+static bool reload_registry_shares(void)
+{
+ int i;
+ bool ret = true;
+
+ for (i = 0; i < iNumServices; i++) {
+ if (!VALID(i)) {
+ continue;
+ }
+
+ if (ServicePtrs[i]->usershare == USERSHARE_VALID) {
+ continue;
+ }
+
+ ret = process_registry_service(ServicePtrs[i]->szService);
+ if (!ret) {
+ goto done;
+ }
+ }
+
+done:
+ return ret;
+}
+
+
+#define MAX_INCLUDE_DEPTH 100
+
+static uint8_t include_depth;
+
+/**
+ * Free the file lists
+ */
+static void free_file_list(void)
+{
+ struct file_lists *f;
+ struct file_lists *next;
+
+ f = file_lists;
+ while( f ) {
+ next = f->next;
+ TALLOC_FREE( f );
+ f = next;
+ }
+ file_lists = NULL;
+}
+
+
+/**
+ * Utility function for outsiders to check if we're running on registry.
+ */
+bool lp_config_backend_is_registry(void)
+{
+ return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
+}
+
+/**
+ * Utility function to check if the config backend is FILE.
+ */
+bool lp_config_backend_is_file(void)
+{
+ return (lp_config_backend() == CONFIG_BACKEND_FILE);
+}
+
+/*******************************************************************
+ Check if a config file has changed date.
+********************************************************************/
+
+bool lp_file_list_changed(void)
+{
+ struct file_lists *f = file_lists;
+
+ DEBUG(6, ("lp_file_list_changed()\n"));
+
+ while (f) {
+ if (strequal(f->name, INCLUDE_REGISTRY_NAME)) {
+ struct smbconf_ctx *conf_ctx = lp_smbconf_ctx();
+
+ if (conf_ctx == NULL) {
+ return false;
+ }
+ if (smbconf_changed(conf_ctx, &conf_last_csn, NULL,
+ NULL))
+ {
+ DEBUGADD(6, ("registry config changed\n"));
+ return true;
+ }
+ } else {
+ time_t mod_time;
+ char *n2 = NULL;
+
+ n2 = talloc_sub_basic(talloc_tos(),
+ get_current_username(),
+ current_user_info.domain,
+ f->name);
+ if (!n2) {
+ return false;
+ }
+ DEBUGADD(6, ("file %s -> %s last mod_time: %s\n",
+ f->name, n2, ctime(&f->modtime)));
+
+ mod_time = file_modtime(n2);
+
+ if (mod_time &&
+ ((f->modtime != mod_time) ||
+ (f->subfname == NULL) ||
+ (strcmp(n2, f->subfname) != 0)))
+ {
+ DEBUGADD(6,
+ ("file %s modified: %s\n", n2,
+ ctime(&mod_time)));
+ f->modtime = mod_time;
+ TALLOC_FREE(f->subfname);
+ f->subfname = talloc_strdup(f, n2);
+ if (f->subfname == NULL) {
+ smb_panic("talloc_strdup failed");
+ }
+ TALLOC_FREE(n2);
+ return true;
+ }
+ TALLOC_FREE(n2);
+ }
+ f = f->next;
+ }
+ return false;
+}
+
+
+/**
+ * Initialize iconv conversion descriptors.
+ *
+ * This is called the first time it is needed, and also called again
+ * every time the configuration is reloaded, because the charset or
+ * codepage might have changed.
+ **/
+static void init_iconv(void)
+{
+ struct smb_iconv_handle *ret = NULL;
+
+ ret = reinit_iconv_handle(NULL,
+ lp_dos_charset(),
+ lp_unix_charset());
+ if (ret == NULL) {
+ smb_panic("reinit_iconv_handle failed");
+ }
+}
+
+/***************************************************************************
+ Handle the include operation.
+***************************************************************************/
+static bool bAllowIncludeRegistry = true;
+
+bool lp_include(struct loadparm_context *lp_ctx, struct loadparm_service *service,
+ const char *pszParmValue, char **ptr)
+{
+ char *fname;
+
+ if (include_depth >= MAX_INCLUDE_DEPTH) {
+ DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
+ include_depth));
+ return false;
+ }
+
+ if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
+ if (!bAllowIncludeRegistry) {
+ return true;
+ }
+ if (lp_ctx->bInGlobalSection) {
+ bool ret;
+ include_depth++;
+ ret = process_registry_globals();
+ include_depth--;
+ return ret;
+ } else {
+ DEBUG(1, ("\"include = registry\" only effective "
+ "in %s section\n", GLOBAL_NAME));
+ return false;
+ }
+ }
+
+ fname = talloc_sub_basic(talloc_tos(), get_current_username(),
+ current_user_info.domain,
+ pszParmValue);
+
+ add_to_file_list(NULL, &file_lists, pszParmValue, fname);
+
+ if (service == NULL) {
+ lpcfg_string_set(Globals.ctx, ptr, fname);
+ } else {
+ lpcfg_string_set(service, ptr, fname);
+ }
+
+ if (file_exist(fname)) {
+ bool ret;
+ include_depth++;
+ ret = pm_process(fname, lp_do_section, do_parameter, lp_ctx);
+ include_depth--;
+ TALLOC_FREE(fname);
+ return ret;
+ }
+
+ DEBUG(2, ("Can't find include file %s\n", fname));
+ TALLOC_FREE(fname);
+ return true;
+}
+
+bool lp_idmap_range(const char *domain_name, uint32_t *low, uint32_t *high)
+{
+ char *config_option = NULL;
+ const char *range = NULL;
+ bool ret = false;
+
+ SMB_ASSERT(low != NULL);
+ SMB_ASSERT(high != NULL);
+
+ if ((domain_name == NULL) || (domain_name[0] == '\0')) {
+ domain_name = "*";
+ }
+
+ config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
+ domain_name);
+ if (config_option == NULL) {
+ DEBUG(0, ("out of memory\n"));
+ return false;
+ }
+
+ range = lp_parm_const_string(-1, config_option, "range", NULL);
+ if (range == NULL) {
+ DEBUG(1, ("idmap range not specified for domain '%s'\n", domain_name));
+ goto done;
+ }
+
+ if (sscanf(range, "%u - %u", low, high) != 2) {
+ DEBUG(1, ("error parsing idmap range '%s' for domain '%s'\n",
+ range, domain_name));
+ goto done;
+ }
+
+ ret = true;
+
+done:
+ talloc_free(config_option);
+ return ret;
+
+}
+
+bool lp_idmap_default_range(uint32_t *low, uint32_t *high)
+{
+ return lp_idmap_range("*", low, high);
+}
+
+const char *lp_idmap_backend(const char *domain_name)
+{
+ char *config_option = NULL;
+ const char *backend = NULL;
+
+ if ((domain_name == NULL) || (domain_name[0] == '\0')) {
+ domain_name = "*";
+ }
+
+ config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
+ domain_name);
+ if (config_option == NULL) {
+ DEBUG(0, ("out of memory\n"));
+ return false;
+ }
+
+ backend = lp_parm_const_string(-1, config_option, "backend", NULL);
+ if (backend == NULL) {
+ DEBUG(1, ("idmap backend not specified for domain '%s'\n", domain_name));
+ goto done;
+ }
+
+done:
+ talloc_free(config_option);
+ return backend;
+}
+
+const char *lp_idmap_default_backend(void)
+{
+ return lp_idmap_backend("*");
+}
+
+/***************************************************************************
+ Handle ldap suffixes - default to ldapsuffix if sub-suffixes are not defined.
+***************************************************************************/
+
+static const char *append_ldap_suffix(TALLOC_CTX *ctx, const char *str )
+{
+ const char *suffix_string;
+
+ suffix_string = talloc_asprintf(ctx, "%s,%s", str,
+ Globals.ldap_suffix );
+ if ( !suffix_string ) {
+ DEBUG(0,("append_ldap_suffix: talloc_asprintf() failed!\n"));
+ return "";
+ }
+
+ return suffix_string;
+}
+
+const char *lp_ldap_machine_suffix(TALLOC_CTX *ctx)
+{
+ if (Globals._ldap_machine_suffix[0])
+ return append_ldap_suffix(ctx, Globals._ldap_machine_suffix);
+
+ return talloc_strdup(ctx, Globals.ldap_suffix);
+}
+
+const char *lp_ldap_user_suffix(TALLOC_CTX *ctx)
+{
+ if (Globals._ldap_user_suffix[0])
+ return append_ldap_suffix(ctx, Globals._ldap_user_suffix);
+
+ return talloc_strdup(ctx, Globals.ldap_suffix);
+}
+
+const char *lp_ldap_group_suffix(TALLOC_CTX *ctx)
+{
+ if (Globals._ldap_group_suffix[0])
+ return append_ldap_suffix(ctx, Globals._ldap_group_suffix);
+
+ return talloc_strdup(ctx, Globals.ldap_suffix);
+}
+
+const char *lp_ldap_idmap_suffix(TALLOC_CTX *ctx)
+{
+ if (Globals._ldap_idmap_suffix[0])
+ return append_ldap_suffix(ctx, Globals._ldap_idmap_suffix);
+
+ return talloc_strdup(ctx, Globals.ldap_suffix);
+}
+
+/**
+ return the parameter pointer for a parameter
+*/
+void *lp_parm_ptr(struct loadparm_service *service, struct parm_struct *parm)
+{
+ if (service == NULL) {
+ if (parm->p_class == P_LOCAL)
+ return (void *)(((char *)&sDefault)+parm->offset);
+ else if (parm->p_class == P_GLOBAL)
+ return (void *)(((char *)&Globals)+parm->offset);
+ else return NULL;
+ } else {
+ return (void *)(((char *)service) + parm->offset);
+ }
+}
+
+/***************************************************************************
+ Process a parameter for a particular service number. If snum < 0
+ then assume we are in the globals.
+***************************************************************************/
+
+bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct loadparm_context *lp_ctx;
+ bool ok;
+
+ lp_ctx = setup_lp_context(frame);
+ if (lp_ctx == NULL) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ if (snum < 0) {
+ ok = lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue);
+ } else {
+ ok = lpcfg_do_service_parameter(lp_ctx, ServicePtrs[snum],
+ pszParmName, pszParmValue);
+ }
+
+ TALLOC_FREE(frame);
+
+ return ok;
+}
+
+/***************************************************************************
+set a parameter, marking it with FLAG_CMDLINE. Parameters marked as
+FLAG_CMDLINE won't be overridden by loads from smb.conf.
+***************************************************************************/
+
+static bool lp_set_cmdline_helper(const char *pszParmName, const char *pszParmValue)
+{
+ int parmnum, i;
+ parmnum = lpcfg_map_parameter(pszParmName);
+ if (parmnum >= 0) {
+ flags_list[parmnum] &= ~FLAG_CMDLINE;
+ if (!lp_do_parameter(-1, pszParmName, pszParmValue)) {
+ return false;
+ }
+ flags_list[parmnum] |= FLAG_CMDLINE;
+
+ /* we have to also set FLAG_CMDLINE on aliases. Aliases must
+ * be grouped in the table, so we don't have to search the
+ * whole table */
+ for (i=parmnum-1;
+ i>=0 && parm_table[i].offset == parm_table[parmnum].offset
+ && parm_table[i].p_class == parm_table[parmnum].p_class;
+ i--) {
+ flags_list[i] |= FLAG_CMDLINE;
+ }
+ for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset
+ && parm_table[i].p_class == parm_table[parmnum].p_class;i++) {
+ flags_list[i] |= FLAG_CMDLINE;
+ }
+
+ return true;
+ }
+
+ /* it might be parametric */
+ if (strchr(pszParmName, ':') != NULL) {
+ set_param_opt(NULL, &Globals.param_opt, pszParmName, pszParmValue, FLAG_CMDLINE);
+ return true;
+ }
+
+ DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName));
+ return false;
+}
+
+bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue)
+{
+ bool ret;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct loadparm_context *lp_ctx;
+
+ lp_ctx = setup_lp_context(frame);
+ if (lp_ctx == NULL) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ ret = lpcfg_set_cmdline(lp_ctx, pszParmName, pszParmValue);
+
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+/***************************************************************************
+ Process a parameter.
+***************************************************************************/
+
+static bool do_parameter(const char *pszParmName, const char *pszParmValue,
+ void *userdata)
+{
+ if (!bInGlobalSection && bGlobalOnly)
+ return true;
+
+ DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
+
+ if (bInGlobalSection) {
+ return lpcfg_do_global_parameter(userdata, pszParmName, pszParmValue);
+ } else {
+ return lpcfg_do_service_parameter(userdata, ServicePtrs[iServiceIndex],
+ pszParmName, pszParmValue);
+ }
+}
+
+
+static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
+
+/*
+ * check that @vfs_objects includes all vfs modules required by an AD DC.
+ */
+static bool check_ad_dc_required_mods(const char **vfs_objects)
+{
+ int i;
+ int j;
+ int got_req;
+
+ for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
+ got_req = false;
+ for (j = 0; vfs_objects[j] != NULL; j++) {
+ if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
+ got_req = true;
+ break;
+ }
+ }
+ if (!got_req) {
+ DEBUG(0, ("vfs objects specified without required AD "
+ "DC module: %s\n", ad_dc_req_vfs_mods[i]));
+ return false;
+ }
+ }
+
+ DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
+ return true;
+}
+
+
+/***************************************************************************
+ Initialize any local variables in the sDefault table, after parsing a
+ [globals] section.
+***************************************************************************/
+
+static void init_locals(void)
+{
+ /*
+ * We run this check once the [globals] is parsed, to force
+ * the VFS objects and other per-share settings we need for
+ * the standard way a AD DC is operated. We may change these
+ * as our code evolves, which is why we force these settings.
+ *
+ * We can't do this at the end of lp_load_ex(), as by that
+ * point the services have been loaded and they will already
+ * have "" as their vfs objects.
+ */
+ if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
+ const char **vfs_objects = lp_vfs_objects(-1);
+ if (vfs_objects != NULL) {
+ /* ignore return, only warn if modules are missing */
+ check_ad_dc_required_mods(vfs_objects);
+ } else {
+ if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
+ } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
+ } else {
+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
+ }
+ }
+
+ lp_do_parameter(-1, "map hidden", "no");
+ lp_do_parameter(-1, "map system", "no");
+ lp_do_parameter(-1, "map readonly", "no");
+ lp_do_parameter(-1, "map archive", "no");
+ lp_do_parameter(-1, "store dos attributes", "yes");
+ }
+}
+
+/***************************************************************************
+ Process a new section (service). At this stage all sections are services.
+ Later we'll have special sections that permit server parameters to be set.
+ Returns true on success, false on failure.
+***************************************************************************/
+
+bool lp_do_section(const char *pszSectionName, void *userdata)
+{
+ struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata;
+ bool bRetval;
+ bool isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
+ (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
+
+ /* if we were in a global section then do the local inits */
+ if (bInGlobalSection && !isglobal)
+ init_locals();
+
+ /* if we've just struck a global section, note the fact. */
+ bInGlobalSection = isglobal;
+ if (lp_ctx != NULL) {
+ lp_ctx->bInGlobalSection = isglobal;
+ }
+
+ /* check for multiple global sections */
+ if (bInGlobalSection) {
+ DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
+ return true;
+ }
+
+ if (!bInGlobalSection && bGlobalOnly)
+ return true;
+
+ /* if we have a current service, tidy it up before moving on */
+ bRetval = true;
+
+ if ((iServiceIndex >= 0) && (ServicePtrs[iServiceIndex] != NULL))
+ bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
+
+ /* if all is still well, move to the next record in the services array */
+ if (bRetval) {
+ /* We put this here to avoid an odd message order if messages are */
+ /* issued by the post-processing of a previous section. */
+ DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
+
+ iServiceIndex = add_a_service(&sDefault, pszSectionName);
+ if (iServiceIndex < 0) {
+ DEBUG(0, ("Failed to add a new service\n"));
+ return false;
+ }
+ /* Clean all parametric options for service */
+ /* They will be added during parsing again */
+ free_param_opts(&ServicePtrs[iServiceIndex]->param_opt);
+ }
+
+ return bRetval;
+}
+
+/***************************************************************************
+ Display the contents of a parameter of a single services record.
+***************************************************************************/
+
+bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal)
+{
+ bool result = false;
+ struct loadparm_context *lp_ctx;
+
+ lp_ctx = setup_lp_context(talloc_tos());
+ if (lp_ctx == NULL) {
+ return false;
+ }
+
+ if (isGlobal) {
+ result = lpcfg_dump_a_parameter(lp_ctx, NULL, parm_name, f);
+ } else {
+ result = lpcfg_dump_a_parameter(lp_ctx, ServicePtrs[snum], parm_name, f);
+ }
+ TALLOC_FREE(lp_ctx);
+ return result;
+}
+
+#if 0
+/***************************************************************************
+ Display the contents of a single copy structure.
+***************************************************************************/
+static void dump_copy_map(bool *pcopymap)
+{
+ int i;
+ if (!pcopymap)
+ return;
+
+ printf("\n\tNon-Copied parameters:\n");
+
+ for (i = 0; parm_table[i].label; i++)
+ if (parm_table[i].p_class == P_LOCAL &&
+ parm_table[i].ptr && !pcopymap[i] &&
+ (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
+ {
+ printf("\t\t%s\n", parm_table[i].label);
+ }
+}
+#endif
+
+/***************************************************************************
+ Return TRUE if the passed service number is within range.
+***************************************************************************/
+
+bool lp_snum_ok(int iService)
+{
+ return (LP_SNUM_OK(iService) && ServicePtrs[iService]->available);
+}
+
+/***************************************************************************
+ Auto-load some home services.
+***************************************************************************/
+
+static void lp_add_auto_services(const char *str)
+{
+ char *s;
+ char *p;
+ int homes;
+ char *saveptr;
+
+ if (!str)
+ return;
+
+ s = talloc_strdup(talloc_tos(), str);
+ if (!s) {
+ smb_panic("talloc_strdup failed");
+ return;
+ }
+
+ homes = lp_servicenumber(HOMES_NAME);
+
+ for (p = strtok_r(s, LIST_SEP, &saveptr); p;
+ p = strtok_r(NULL, LIST_SEP, &saveptr)) {
+ char *home;
+
+ if (lp_servicenumber(p) >= 0)
+ continue;
+
+ home = get_user_home_dir(talloc_tos(), p);
+
+ if (home && home[0] && homes >= 0)
+ lp_add_home(p, homes, p, home);
+
+ TALLOC_FREE(home);
+ }
+ TALLOC_FREE(s);
+}
+
+/***************************************************************************
+ Auto-load one printer.
+***************************************************************************/
+
+void lp_add_one_printer(const char *name, const char *comment,
+ const char *location, void *pdata)
+{
+ int printers = lp_servicenumber(PRINTERS_NAME);
+ int i;
+
+ if (lp_servicenumber(name) < 0) {
+ lp_add_printer(name, printers);
+ if ((i = lp_servicenumber(name)) >= 0) {
+ lpcfg_string_set(ServicePtrs[i],
+ &ServicePtrs[i]->comment, comment);
+ ServicePtrs[i]->autoloaded = true;
+ }
+ }
+}
+
+/***************************************************************************
+ Have we loaded a services file yet?
+***************************************************************************/
+
+bool lp_loaded(void)
+{
+ return (bLoaded);
+}
+
+/***************************************************************************
+ Unload unused services.
+***************************************************************************/
+
+void lp_killunused(struct smbd_server_connection *sconn,
+ bool (*snumused) (struct smbd_server_connection *, int))
+{
+ int i;
+ for (i = 0; i < iNumServices; i++) {
+ if (!VALID(i))
+ continue;
+
+ /* don't kill autoloaded or usershare services */
+ if ( ServicePtrs[i]->autoloaded ||
+ ServicePtrs[i]->usershare == USERSHARE_VALID) {
+ continue;
+ }
+
+ if (!snumused || !snumused(sconn, i)) {
+ free_service_byindex(i);
+ }
+ }
+}
+
+/**
+ * Kill all except autoloaded and usershare services - convenience wrapper
+ */
+void lp_kill_all_services(void)
+{
+ lp_killunused(NULL, NULL);
+}
+
+/***************************************************************************
+ Unload a service.
+***************************************************************************/
+
+void lp_killservice(int iServiceIn)
+{
+ if (VALID(iServiceIn)) {
+ free_service_byindex(iServiceIn);
+ }
+}
+
+/***************************************************************************
+ Save the curent values of all global and sDefault parameters into the
+ defaults union. This allows testparm to show only the
+ changed (ie. non-default) parameters.
+***************************************************************************/
+
+static void lp_save_defaults(void)
+{
+ int i;
+ struct parmlist_entry * parm;
+ for (i = 0; parm_table[i].label; i++) {
+ if (!(flags_list[i] & FLAG_CMDLINE)) {
+ flags_list[i] |= FLAG_DEFAULT;
+ }
+
+ if (i > 0 && parm_table[i].offset == parm_table[i - 1].offset
+ && parm_table[i].p_class == parm_table[i - 1].p_class)
+ continue;
+ switch (parm_table[i].type) {
+ case P_LIST:
+ case P_CMDLIST:
+ parm_table[i].def.lvalue = str_list_copy(
+ NULL, *(const char ***)lp_parm_ptr(NULL, &parm_table[i]));
+ break;
+ case P_STRING:
+ case P_USTRING:
+ lpcfg_string_set(
+ Globals.ctx,
+ &parm_table[i].def.svalue,
+ *(char **)lp_parm_ptr(
+ NULL, &parm_table[i]));
+ if (parm_table[i].def.svalue == NULL) {
+ smb_panic("lpcfg_string_set() failed");
+ }
+ break;
+ case P_BOOL:
+ case P_BOOLREV:
+ parm_table[i].def.bvalue =
+ *(bool *)lp_parm_ptr(NULL, &parm_table[i]);
+ break;
+ case P_CHAR:
+ parm_table[i].def.cvalue =
+ *(char *)lp_parm_ptr(NULL, &parm_table[i]);
+ break;
+ case P_INTEGER:
+ case P_OCTAL:
+ case P_ENUM:
+ case P_BYTES:
+ parm_table[i].def.ivalue =
+ *(int *)lp_parm_ptr(NULL, &parm_table[i]);
+ break;
+ }
+ }
+
+ for (parm=Globals.param_opt; parm; parm=parm->next) {
+ if (!(parm->priority & FLAG_CMDLINE)) {
+ parm->priority |= FLAG_DEFAULT;
+ }
+ }
+
+ for (parm=sDefault.param_opt; parm; parm=parm->next) {
+ if (!(parm->priority & FLAG_CMDLINE)) {
+ parm->priority |= FLAG_DEFAULT;
+ }
+ }
+
+ defaults_saved = true;
+}
+
+/***********************************************************
+ If we should send plaintext/LANMAN passwords in the clinet
+************************************************************/
+
+static void set_allowed_client_auth(void)
+{
+ if (Globals.client_ntlmv2_auth) {
+ Globals.client_lanman_auth = false;
+ }
+ if (!Globals.client_lanman_auth) {
+ Globals.client_plaintext_auth = false;
+ }
+}
+
+/***************************************************************************
+ JRA.
+ The following code allows smbd to read a user defined share file.
+ Yes, this is my intent. Yes, I'm comfortable with that...
+
+ THE FOLLOWING IS SECURITY CRITICAL CODE.
+
+ It washes your clothes, it cleans your house, it guards you while you sleep...
+ Do not f%^k with it....
+***************************************************************************/
+
+#define MAX_USERSHARE_FILE_SIZE (10*1024)
+
+/***************************************************************************
+ Check allowed stat state of a usershare file.
+ Ensure we print out who is dicking with us so the admin can
+ get their sorry ass fired.
+***************************************************************************/
+
+static bool check_usershare_stat(const char *fname,
+ const SMB_STRUCT_STAT *psbuf)
+{
+ if (!S_ISREG(psbuf->st_ex_mode)) {
+ DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
+ "not a regular file\n",
+ fname, (unsigned int)psbuf->st_ex_uid ));
+ return false;
+ }
+
+ /* Ensure this doesn't have the other write bit set. */
+ if (psbuf->st_ex_mode & S_IWOTH) {
+ DEBUG(0,("check_usershare_stat: file %s owned by uid %u allows "
+ "public write. Refusing to allow as a usershare file.\n",
+ fname, (unsigned int)psbuf->st_ex_uid ));
+ return false;
+ }
+
+ /* Should be 10k or less. */
+ if (psbuf->st_ex_size > MAX_USERSHARE_FILE_SIZE) {
+ DEBUG(0,("check_usershare_stat: file %s owned by uid %u is "
+ "too large (%u) to be a user share file.\n",
+ fname, (unsigned int)psbuf->st_ex_uid,
+ (unsigned int)psbuf->st_ex_size ));
+ return false;
+ }
+
+ return true;
+}
+
+/***************************************************************************
+ Parse the contents of a usershare file.
+***************************************************************************/
+
+enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
+ SMB_STRUCT_STAT *psbuf,
+ const char *servicename,
+ int snum,
+ char **lines,
+ int numlines,
+ char **pp_sharepath,
+ char **pp_comment,
+ char **pp_cp_servicename,
+ struct security_descriptor **ppsd,
+ bool *pallow_guest)
+{
+ const char **prefixallowlist = lp_usershare_prefix_allow_list();
+ const char **prefixdenylist = lp_usershare_prefix_deny_list();
+ int us_vers;
+ DIR *dp;
+ SMB_STRUCT_STAT sbuf;
+ char *sharepath = NULL;
+ char *comment = NULL;
+
+ *pp_sharepath = NULL;
+ *pp_comment = NULL;
+
+ *pallow_guest = false;
+
+ if (numlines < 4) {
+ return USERSHARE_MALFORMED_FILE;
+ }
+
+ if (strcmp(lines[0], "#VERSION 1") == 0) {
+ us_vers = 1;
+ } else if (strcmp(lines[0], "#VERSION 2") == 0) {
+ us_vers = 2;
+ if (numlines < 5) {
+ return USERSHARE_MALFORMED_FILE;
+ }
+ } else {
+ return USERSHARE_BAD_VERSION;
+ }
+
+ if (strncmp(lines[1], "path=", 5) != 0) {
+ return USERSHARE_MALFORMED_PATH;
+ }
+
+ sharepath = talloc_strdup(ctx, &lines[1][5]);
+ if (!sharepath) {
+ return USERSHARE_POSIX_ERR;
+ }
+ trim_string(sharepath, " ", " ");
+
+ if (strncmp(lines[2], "comment=", 8) != 0) {
+ return USERSHARE_MALFORMED_COMMENT_DEF;
+ }
+
+ comment = talloc_strdup(ctx, &lines[2][8]);
+ if (!comment) {
+ return USERSHARE_POSIX_ERR;
+ }
+ trim_string(comment, " ", " ");
+ trim_char(comment, '"', '"');
+
+ if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
+ return USERSHARE_MALFORMED_ACL_DEF;
+ }
+
+ if (!parse_usershare_acl(ctx, &lines[3][14], ppsd)) {
+ return USERSHARE_ACL_ERR;
+ }
+
+ if (us_vers == 2) {
+ if (strncmp(lines[4], "guest_ok=", 9) != 0) {
+ return USERSHARE_MALFORMED_ACL_DEF;
+ }
+ if (lines[4][9] == 'y') {
+ *pallow_guest = true;
+ }
+
+ /* Backwards compatible extension to file version #2. */
+ if (numlines > 5) {
+ if (strncmp(lines[5], "sharename=", 10) != 0) {
+ return USERSHARE_MALFORMED_SHARENAME_DEF;
+ }
+ if (!strequal(&lines[5][10], servicename)) {
+ return USERSHARE_BAD_SHARENAME;
+ }
+ *pp_cp_servicename = talloc_strdup(ctx, &lines[5][10]);
+ if (!*pp_cp_servicename) {
+ return USERSHARE_POSIX_ERR;
+ }
+ }
+ }
+
+ if (*pp_cp_servicename == NULL) {
+ *pp_cp_servicename = talloc_strdup(ctx, servicename);
+ if (!*pp_cp_servicename) {
+ return USERSHARE_POSIX_ERR;
+ }
+ }
+
+ if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->path) == 0)) {
+ /* Path didn't change, no checks needed. */
+ *pp_sharepath = sharepath;
+ *pp_comment = comment;
+ return USERSHARE_OK;
+ }
+
+ /* The path *must* be absolute. */
+ if (sharepath[0] != '/') {
+ DEBUG(2,("parse_usershare_file: share %s: path %s is not an absolute path.\n",
+ servicename, sharepath));
+ return USERSHARE_PATH_NOT_ABSOLUTE;
+ }
+
+ /* If there is a usershare prefix deny list ensure one of these paths
+ doesn't match the start of the user given path. */
+ if (prefixdenylist) {
+ int i;
+ for ( i=0; prefixdenylist[i]; i++ ) {
+ DEBUG(10,("parse_usershare_file: share %s : checking prefixdenylist[%d]='%s' against %s\n",
+ servicename, i, prefixdenylist[i], sharepath ));
+ if (memcmp( sharepath, prefixdenylist[i], strlen(prefixdenylist[i])) == 0) {
+ DEBUG(2,("parse_usershare_file: share %s path %s starts with one of the "
+ "usershare prefix deny list entries.\n",
+ servicename, sharepath));
+ return USERSHARE_PATH_IS_DENIED;
+ }
+ }
+ }
+
+ /* If there is a usershare prefix allow list ensure one of these paths
+ does match the start of the user given path. */
+
+ if (prefixallowlist) {
+ int i;
+ for ( i=0; prefixallowlist[i]; i++ ) {
+ DEBUG(10,("parse_usershare_file: share %s checking prefixallowlist[%d]='%s' against %s\n",
+ servicename, i, prefixallowlist[i], sharepath ));
+ if (memcmp( sharepath, prefixallowlist[i], strlen(prefixallowlist[i])) == 0) {
+ break;
+ }
+ }
+ if (prefixallowlist[i] == NULL) {
+ DEBUG(2,("parse_usershare_file: share %s path %s doesn't start with one of the "
+ "usershare prefix allow list entries.\n",
+ servicename, sharepath));
+ return USERSHARE_PATH_NOT_ALLOWED;
+ }
+ }
+
+ /* Ensure this is pointing to a directory. */
+ dp = opendir(sharepath);
+
+ if (!dp) {
+ DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
+ servicename, sharepath));
+ return USERSHARE_PATH_NOT_DIRECTORY;
+ }
+
+ /* Ensure the owner of the usershare file has permission to share
+ this directory. */
+
+ if (sys_stat(sharepath, &sbuf, false) == -1) {
+ DEBUG(2,("parse_usershare_file: share %s : stat failed on path %s. %s\n",
+ servicename, sharepath, strerror(errno) ));
+ closedir(dp);
+ return USERSHARE_POSIX_ERR;
+ }
+
+ closedir(dp);
+
+ if (!S_ISDIR(sbuf.st_ex_mode)) {
+ DEBUG(2,("parse_usershare_file: share %s path %s is not a directory.\n",
+ servicename, sharepath ));
+ return USERSHARE_PATH_NOT_DIRECTORY;
+ }
+
+ /* Check if sharing is restricted to owner-only. */
+ /* psbuf is the stat of the usershare definition file,
+ sbuf is the stat of the target directory to be shared. */
+
+ if (lp_usershare_owner_only()) {
+ /* root can share anything. */
+ if ((psbuf->st_ex_uid != 0) && (sbuf.st_ex_uid != psbuf->st_ex_uid)) {
+ return USERSHARE_PATH_NOT_ALLOWED;
+ }
+ }
+
+ *pp_sharepath = sharepath;
+ *pp_comment = comment;
+ return USERSHARE_OK;
+}
+
+/***************************************************************************
+ Deal with a usershare file.
+ Returns:
+ >= 0 - snum
+ -1 - Bad name, invalid contents.
+ - service name already existed and not a usershare, problem
+ with permissions to share directory etc.
+***************************************************************************/
+
+static int process_usershare_file(const char *dir_name, const char *file_name, int snum_template)
+{
+ SMB_STRUCT_STAT sbuf;
+ SMB_STRUCT_STAT lsbuf;
+ char *fname = NULL;
+ char *sharepath = NULL;
+ char *comment = NULL;
+ char *cp_service_name = NULL;
+ char **lines = NULL;
+ int numlines = 0;
+ int fd = -1;
+ int iService = -1;
+ TALLOC_CTX *ctx = talloc_stackframe();
+ struct security_descriptor *psd = NULL;
+ bool guest_ok = false;
+ char *canon_name = NULL;
+ bool added_service = false;
+ int ret = -1;
+ NTSTATUS status;
+
+ /* Ensure share name doesn't contain invalid characters. */
+ if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
+ DEBUG(0,("process_usershare_file: share name %s contains "
+ "invalid characters (any of %s)\n",
+ file_name, INVALID_SHARENAME_CHARS ));
+ goto out;
+ }
+
+ canon_name = canonicalize_servicename(ctx, file_name);
+ if (!canon_name) {
+ goto out;
+ }
+
+ fname = talloc_asprintf(ctx, "%s/%s", dir_name, file_name);
+ if (!fname) {
+ goto out;
+ }
+
+ /* Minimize the race condition by doing an lstat before we
+ open and fstat. Ensure this isn't a symlink link. */
+
+ if (sys_lstat(fname, &lsbuf, false) != 0) {
+ if (errno == ENOENT) {
+ /* Unknown share requested. Just ignore. */
+ goto out;
+ }
+ /* Only log messages for meaningful problems. */
+ DEBUG(0,("process_usershare_file: stat of %s failed. %s\n",
+ fname, strerror(errno) ));
+ goto out;
+ }
+
+ /* This must be a regular file, not a symlink, directory or
+ other strange filetype. */
+ if (!check_usershare_stat(fname, &lsbuf)) {
+ goto out;
+ }
+
+ {
+ TDB_DATA data;
+
+ status = dbwrap_fetch_bystring(ServiceHash, canon_name,
+ canon_name, &data);
+
+ iService = -1;
+
+ if (NT_STATUS_IS_OK(status) &&
+ (data.dptr != NULL) &&
+ (data.dsize == sizeof(iService))) {
+ memcpy(&iService, data.dptr, sizeof(iService));
+ }
+ }
+
+ if (iService != -1 &&
+ timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
+ &lsbuf.st_ex_mtime) == 0) {
+ /* Nothing changed - Mark valid and return. */
+ DEBUG(10,("process_usershare_file: service %s not changed.\n",
+ canon_name ));
+ ServicePtrs[iService]->usershare = USERSHARE_VALID;
+ ret = iService;
+ goto out;
+ }
+
+ /* Try and open the file read only - no symlinks allowed. */
+#ifdef O_NOFOLLOW
+ fd = open(fname, O_RDONLY|O_NOFOLLOW, 0);
+#else
+ fd = open(fname, O_RDONLY, 0);
+#endif
+
+ if (fd == -1) {
+ DEBUG(0,("process_usershare_file: unable to open %s. %s\n",
+ fname, strerror(errno) ));
+ goto out;
+ }
+
+ /* Now fstat to be *SURE* it's a regular file. */
+ if (sys_fstat(fd, &sbuf, false) != 0) {
+ close(fd);
+ DEBUG(0,("process_usershare_file: fstat of %s failed. %s\n",
+ fname, strerror(errno) ));
+ goto out;
+ }
+
+ /* Is it the same dev/inode as was lstated ? */
+ if (!check_same_stat(&lsbuf, &sbuf)) {
+ close(fd);
+ DEBUG(0,("process_usershare_file: fstat of %s is a different file from lstat. "
+ "Symlink spoofing going on ?\n", fname ));
+ goto out;
+ }
+
+ /* This must be a regular file, not a symlink, directory or
+ other strange filetype. */
+ if (!check_usershare_stat(fname, &sbuf)) {
+ close(fd);
+ goto out;
+ }
+
+ lines = fd_lines_load(fd, &numlines, MAX_USERSHARE_FILE_SIZE, NULL);
+
+ close(fd);
+ if (lines == NULL) {
+ DEBUG(0,("process_usershare_file: loading file %s owned by %u failed.\n",
+ fname, (unsigned int)sbuf.st_ex_uid ));
+ goto out;
+ }
+
+ if (parse_usershare_file(ctx, &sbuf, file_name,
+ iService, lines, numlines, &sharepath,
+ &comment, &cp_service_name,
+ &psd, &guest_ok) != USERSHARE_OK) {
+ goto out;
+ }
+
+ /* Everything ok - add the service possibly using a template. */
+ if (iService < 0) {
+ const struct loadparm_service *sp = &sDefault;
+ if (snum_template != -1) {
+ sp = ServicePtrs[snum_template];
+ }
+
+ if ((iService = add_a_service(sp, cp_service_name)) < 0) {
+ DEBUG(0, ("process_usershare_file: Failed to add "
+ "new service %s\n", cp_service_name));
+ goto out;
+ }
+
+ added_service = true;
+
+ /* Read only is controlled by usershare ACL below. */
+ ServicePtrs[iService]->read_only = false;
+ }
+
+ /* Write the ACL of the new/modified share. */
+ status = set_share_security(canon_name, psd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("process_usershare_file: Failed to set share "
+ "security for user share %s\n",
+ canon_name ));
+ goto out;
+ }
+
+ /* If from a template it may be marked invalid. */
+ ServicePtrs[iService]->valid = true;
+
+ /* Set the service as a valid usershare. */
+ ServicePtrs[iService]->usershare = USERSHARE_VALID;
+
+ /* Set guest access. */
+ if (lp_usershare_allow_guests()) {
+ ServicePtrs[iService]->guest_ok = guest_ok;
+ }
+
+ /* And note when it was loaded. */
+ ServicePtrs[iService]->usershare_last_mod = sbuf.st_ex_mtime;
+ lpcfg_string_set(ServicePtrs[iService], &ServicePtrs[iService]->path,
+ sharepath);
+ lpcfg_string_set(ServicePtrs[iService],
+ &ServicePtrs[iService]->comment, comment);
+
+ ret = iService;
+
+ out:
+
+ if (ret == -1 && iService != -1 && added_service) {
+ lp_remove_service(iService);
+ }
+
+ TALLOC_FREE(lines);
+ TALLOC_FREE(ctx);
+ return ret;
+}
+
+/***************************************************************************
+ Checks if a usershare entry has been modified since last load.
+***************************************************************************/
+
+static bool usershare_exists(int iService, struct timespec *last_mod)
+{
+ SMB_STRUCT_STAT lsbuf;
+ const char *usersharepath = Globals.usershare_path;
+ char *fname;
+
+ fname = talloc_asprintf(talloc_tos(),
+ "%s/%s",
+ usersharepath,
+ ServicePtrs[iService]->szService);
+ if (fname == NULL) {
+ return false;
+ }
+
+ if (sys_lstat(fname, &lsbuf, false) != 0) {
+ TALLOC_FREE(fname);
+ return false;
+ }
+
+ if (!S_ISREG(lsbuf.st_ex_mode)) {
+ TALLOC_FREE(fname);
+ return false;
+ }
+
+ TALLOC_FREE(fname);
+ *last_mod = lsbuf.st_ex_mtime;
+ return true;
+}
+
+static bool usershare_directory_is_root(uid_t uid)
+{
+ if (uid == 0) {
+ return true;
+ }
+
+ if (uid_wrapper_enabled()) {
+ return true;
+ }
+
+ return false;
+}
+
+/***************************************************************************
+ Load a usershare service by name. Returns a valid servicenumber or -1.
+***************************************************************************/
+
+int load_usershare_service(const char *servicename)
+{
+ SMB_STRUCT_STAT sbuf;
+ const char *usersharepath = Globals.usershare_path;
+ int max_user_shares = Globals.usershare_max_shares;
+ int snum_template = -1;
+
+ if (servicename[0] == '\0') {
+ /* Invalid service name. */
+ return -1;
+ }
+
+ if (*usersharepath == 0 || max_user_shares == 0) {
+ return -1;
+ }
+
+ if (sys_stat(usersharepath, &sbuf, false) != 0) {
+ DEBUG(0,("load_usershare_service: stat of %s failed. %s\n",
+ usersharepath, strerror(errno) ));
+ return -1;
+ }
+
+ if (!S_ISDIR(sbuf.st_ex_mode)) {
+ DEBUG(0,("load_usershare_service: %s is not a directory.\n",
+ usersharepath ));
+ return -1;
+ }
+
+ /*
+ * This directory must be owned by root, and have the 't' bit set.
+ * It also must not be writable by "other".
+ */
+
+#ifdef S_ISVTX
+ if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
+ !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
+#else
+ if (!usershare_directory_is_root(sbuf.st_ex_uid) ||
+ (sbuf.st_ex_mode & S_IWOTH)) {
+#endif
+ DEBUG(0,("load_usershare_service: directory %s is not owned by root "
+ "or does not have the sticky bit 't' set or is writable by anyone.\n",
+ usersharepath ));
+ return -1;
+ }
+
+ /* Ensure the template share exists if it's set. */
+ if (Globals.usershare_template_share[0]) {
+ /* We can't use lp_servicenumber here as we are recommending that
+ template shares have -valid=false set. */
+ for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
+ if (ServicePtrs[snum_template]->szService &&
+ strequal(ServicePtrs[snum_template]->szService,
+ Globals.usershare_template_share)) {
+ break;
+ }
+ }
+
+ if (snum_template == -1) {
+ DEBUG(0,("load_usershare_service: usershare template share %s "
+ "does not exist.\n",
+ Globals.usershare_template_share ));
+ return -1;
+ }
+ }
+
+ return process_usershare_file(usersharepath, servicename, snum_template);
+}
+
+/***************************************************************************
+ Load all user defined shares from the user share directory.
+ We only do this if we're enumerating the share list.
+ This is the function that can delete usershares that have
+ been removed.
+***************************************************************************/
+
+int load_usershare_shares(struct smbd_server_connection *sconn,
+ bool (*snumused) (struct smbd_server_connection *, int))
+{
+ DIR *dp;
+ SMB_STRUCT_STAT sbuf;
+ struct dirent *de;
+ int num_usershares = 0;
+ int max_user_shares = Globals.usershare_max_shares;
+ unsigned int num_dir_entries, num_bad_dir_entries, num_tmp_dir_entries;
+ unsigned int allowed_bad_entries = ((2*max_user_shares)/10);
+ unsigned int allowed_tmp_entries = ((2*max_user_shares)/10);
+ int iService;
+ int snum_template = -1;
+ const char *usersharepath = Globals.usershare_path;
+ int ret = lp_numservices();
+ TALLOC_CTX *tmp_ctx;
+
+ if (max_user_shares == 0 || *usersharepath == '\0') {
+ return lp_numservices();
+ }
+
+ if (sys_stat(usersharepath, &sbuf, false) != 0) {
+ DEBUG(0,("load_usershare_shares: stat of %s failed. %s\n",
+ usersharepath, strerror(errno) ));
+ return ret;
+ }
+
+ /*
+ * This directory must be owned by root, and have the 't' bit set.
+ * It also must not be writable by "other".
+ */
+
+#ifdef S_ISVTX
+ if (sbuf.st_ex_uid != 0 || !(sbuf.st_ex_mode & S_ISVTX) || (sbuf.st_ex_mode & S_IWOTH)) {
+#else
+ if (sbuf.st_ex_uid != 0 || (sbuf.st_ex_mode & S_IWOTH)) {
+#endif
+ DEBUG(0,("load_usershare_shares: directory %s is not owned by root "
+ "or does not have the sticky bit 't' set or is writable by anyone.\n",
+ usersharepath ));
+ return ret;
+ }
+
+ /* Ensure the template share exists if it's set. */
+ if (Globals.usershare_template_share[0]) {
+ /* We can't use lp_servicenumber here as we are recommending that
+ template shares have -valid=false set. */
+ for (snum_template = iNumServices - 1; snum_template >= 0; snum_template--) {
+ if (ServicePtrs[snum_template]->szService &&
+ strequal(ServicePtrs[snum_template]->szService,
+ Globals.usershare_template_share)) {
+ break;
+ }
+ }
+
+ if (snum_template == -1) {
+ DEBUG(0,("load_usershare_shares: usershare template share %s "
+ "does not exist.\n",
+ Globals.usershare_template_share ));
+ return ret;
+ }
+ }
+
+ /* Mark all existing usershares as pending delete. */
+ for (iService = iNumServices - 1; iService >= 0; iService--) {
+ if (VALID(iService) && ServicePtrs[iService]->usershare) {
+ ServicePtrs[iService]->usershare = USERSHARE_PENDING_DELETE;
+ }
+ }
+
+ dp = opendir(usersharepath);
+ if (!dp) {
+ DEBUG(0,("load_usershare_shares:: failed to open directory %s. %s\n",
+ usersharepath, strerror(errno) ));
+ return ret;
+ }
+
+ for (num_dir_entries = 0, num_bad_dir_entries = 0, num_tmp_dir_entries = 0;
+ (de = readdir(dp));
+ num_dir_entries++ ) {
+ int r;
+ const char *n = de->d_name;
+
+ /* Ignore . and .. */
+ if (*n == '.') {
+ if ((n[1] == '\0') || (n[1] == '.' && n[2] == '\0')) {
+ continue;
+ }
+ }
+
+ if (n[0] == ':') {
+ /* Temporary file used when creating a share. */
+ num_tmp_dir_entries++;
+ }
+
+ /* Allow 20% tmp entries. */
+ if (num_tmp_dir_entries > allowed_tmp_entries) {
+ DEBUG(0,("load_usershare_shares: too many temp entries (%u) "
+ "in directory %s\n",
+ num_tmp_dir_entries, usersharepath));
+ break;
+ }
+
+ r = process_usershare_file(usersharepath, n, snum_template);
+ if (r == 0) {
+ /* Update the services count. */
+ num_usershares++;
+ if (num_usershares >= max_user_shares) {
+ DEBUG(0,("load_usershare_shares: max user shares reached "
+ "on file %s in directory %s\n",
+ n, usersharepath ));
+ break;
+ }
+ } else if (r == -1) {
+ num_bad_dir_entries++;
+ }
+
+ /* Allow 20% bad entries. */
+ if (num_bad_dir_entries > allowed_bad_entries) {
+ DEBUG(0,("load_usershare_shares: too many bad entries (%u) "
+ "in directory %s\n",
+ num_bad_dir_entries, usersharepath));
+ break;
+ }
+
+ /* Allow 20% bad entries. */
+ if (num_dir_entries > max_user_shares + allowed_bad_entries) {
+ DEBUG(0,("load_usershare_shares: too many total entries (%u) "
+ "in directory %s\n",
+ num_dir_entries, usersharepath));
+ break;
+ }
+ }
+
+ closedir(dp);
+
+ /* Sweep through and delete any non-refreshed usershares that are
+ not currently in use. */
+ tmp_ctx = talloc_stackframe();
+ for (iService = iNumServices - 1; iService >= 0; iService--) {
+ if (VALID(iService) && (ServicePtrs[iService]->usershare == USERSHARE_PENDING_DELETE)) {
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ char *servname;
+
+ if (snumused && snumused(sconn, iService)) {
+ continue;
+ }
+
+ servname = lp_servicename(tmp_ctx, lp_sub, iService);
+
+ /* Remove from the share ACL db. */
+ DEBUG(10,("load_usershare_shares: Removing deleted usershare %s\n",
+ servname ));
+ delete_share_security(servname);
+ free_service_byindex(iService);
+ }
+ }
+ talloc_free(tmp_ctx);
+
+ return lp_numservices();
+}
+
+/********************************************************
+ Destroy global resources allocated in this file
+********************************************************/
+
+void gfree_loadparm(void)
+{
+ int i;
+
+ free_file_list();
+
+ /* Free resources allocated to services */
+
+ for ( i = 0; i < iNumServices; i++ ) {
+ if ( VALID(i) ) {
+ free_service_byindex(i);
+ }
+ }
+
+ TALLOC_FREE( ServicePtrs );
+ iNumServices = 0;
+
+ /* Now release all resources allocated to global
+ parameters and the default service */
+
+ free_global_parameters();
+}
+
+
+/***************************************************************************
+ Allow client apps to specify that they are a client
+***************************************************************************/
+static void lp_set_in_client(bool b)
+{
+ in_client = b;
+}
+
+
+/***************************************************************************
+ Determine if we're running in a client app
+***************************************************************************/
+static bool lp_is_in_client(void)
+{
+ return in_client;
+}
+
+static void lp_enforce_ad_dc_settings(void)
+{
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "passdb backend", "samba_dsdb");
+ lp_do_parameter(GLOBAL_SECTION_SNUM,
+ "winbindd:use external pipes", "true");
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:default", "external");
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:svcctl", "embedded");
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:srvsvc", "embedded");
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:eventlog", "embedded");
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:ntsvcs", "embedded");
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:winreg", "embedded");
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:spoolss", "embedded");
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_daemon:spoolssd", "embedded");
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "rpc_server:tcpip", "no");
+}
+
+/***************************************************************************
+ Load the services array from the services file. Return true on success,
+ false on failure.
+***************************************************************************/
+
+static bool lp_load_ex(const char *pszFname,
+ bool global_only,
+ bool save_defaults,
+ bool add_ipc,
+ bool reinit_globals,
+ bool allow_include_registry,
+ bool load_all_shares)
+{
+ char *n2 = NULL;
+ bool bRetval;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct loadparm_context *lp_ctx;
+ int max_protocol, min_protocol;
+
+ DEBUG(3, ("lp_load_ex: refreshing parameters\n"));
+
+ bInGlobalSection = true;
+ bGlobalOnly = global_only;
+ bAllowIncludeRegistry = allow_include_registry;
+ sDefault = _sDefault;
+
+ lp_ctx = setup_lp_context(talloc_tos());
+
+ init_globals(lp_ctx, reinit_globals);
+
+ free_file_list();
+
+ if (save_defaults) {
+ init_locals();
+ lp_save_defaults();
+ }
+
+ if (!reinit_globals) {
+ free_param_opts(&Globals.param_opt);
+ apply_lp_set_cmdline();
+ }
+
+ lp_do_parameter(-1, "idmap config * : backend", Globals.idmap_backend);
+
+ /* We get sections first, so have to start 'behind' to make up */
+ iServiceIndex = -1;
+
+ if (lp_config_backend_is_file()) {
+ n2 = talloc_sub_basic(talloc_tos(), get_current_username(),
+ current_user_info.domain,
+ pszFname);
+ if (!n2) {
+ smb_panic("lp_load_ex: out of memory");
+ }
+
+ add_to_file_list(NULL, &file_lists, pszFname, n2);
+
+ bRetval = pm_process(n2, lp_do_section, do_parameter, lp_ctx);
+ TALLOC_FREE(n2);
+
+ /* finish up the last section */
+ DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
+ if (bRetval) {
+ if (iServiceIndex >= 0) {
+ bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
+ }
+ }
+
+ if (lp_config_backend_is_registry()) {
+ bool ok;
+ /* config backend changed to registry in config file */
+ /*
+ * We need to use this extra global variable here to
+ * survive restart: init_globals uses this as a default
+ * for config_backend. Otherwise, init_globals would
+ * send us into an endless loop here.
+ */
+
+ config_backend = CONFIG_BACKEND_REGISTRY;
+ /* start over */
+ DEBUG(1, ("lp_load_ex: changing to config backend "
+ "registry\n"));
+ init_globals(lp_ctx, true);
+
+ TALLOC_FREE(lp_ctx);
+
+ lp_kill_all_services();
+ ok = lp_load_ex(pszFname, global_only, save_defaults,
+ add_ipc, reinit_globals,
+ allow_include_registry,
+ load_all_shares);
+ TALLOC_FREE(frame);
+ return ok;
+ }
+ } else if (lp_config_backend_is_registry()) {
+ bRetval = process_registry_globals();
+ } else {
+ DEBUG(0, ("Illegal config backend given: %d\n",
+ lp_config_backend()));
+ bRetval = false;
+ }
+
+ if (bRetval && lp_registry_shares()) {
+ if (load_all_shares) {
+ bRetval = process_registry_shares();
+ } else {
+ bRetval = reload_registry_shares();
+ }
+ }
+
+ {
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ char *serv = lp_auto_services(talloc_tos(), lp_sub);
+ lp_add_auto_services(serv);
+ TALLOC_FREE(serv);
+ }
+
+ if (add_ipc) {
+ /* When 'restrict anonymous = 2' guest connections to ipc$
+ are denied */
+ lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
+ if ( lp_enable_asu_support() ) {
+ lp_add_ipc("ADMIN$", false);
+ }
+ }
+
+ set_allowed_client_auth();
+
+ if (lp_security() == SEC_ADS && strchr(lp_password_server(), ':')) {
+ DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
+ lp_password_server()));
+ }
+
+ bLoaded = true;
+
+ /* Now we check we_are_a_wins_server and set szWINSserver to 127.0.0.1 */
+ /* if we_are_a_wins_server is true and we are in the client */
+ if (lp_is_in_client() && Globals.we_are_a_wins_server) {
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
+ }
+
+ init_iconv();
+
+ fault_configure(smb_panic_s3);
+
+ /*
+ * We run this check once the whole smb.conf is parsed, to
+ * force some settings for the standard way a AD DC is
+ * operated. We may change these as our code evolves, which
+ * is why we force these settings.
+ */
+ if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
+ lp_enforce_ad_dc_settings();
+ }
+
+ bAllowIncludeRegistry = true;
+
+ /* Check if command line max protocol < min protocol, if so
+ * report a warning to the user.
+ */
+ max_protocol = lp_client_max_protocol();
+ min_protocol = lp_client_min_protocol();
+ if (max_protocol < min_protocol) {
+ const char *max_protocolp, *min_protocolp;
+ max_protocolp = lpcfg_get_smb_protocol(max_protocol);
+ min_protocolp = lpcfg_get_smb_protocol(min_protocol);
+ DBG_ERR("Max protocol %s is less than min protocol %s.\n",
+ max_protocolp, min_protocolp);
+ }
+
+ TALLOC_FREE(frame);
+ return (bRetval);
+}
+
+static bool lp_load(const char *pszFname,
+ bool global_only,
+ bool save_defaults,
+ bool add_ipc,
+ bool reinit_globals)
+{
+ return lp_load_ex(pszFname,
+ global_only,
+ save_defaults,
+ add_ipc,
+ reinit_globals,
+ true, /* allow_include_registry */
+ false); /* load_all_shares*/
+}
+
+bool lp_load_initial_only(const char *pszFname)
+{
+ return lp_load_ex(pszFname,
+ true, /* global only */
+ true, /* save_defaults */
+ false, /* add_ipc */
+ true, /* reinit_globals */
+ false, /* allow_include_registry */
+ false); /* load_all_shares*/
+}
+
+/**
+ * most common lp_load wrapper, loading only the globals
+ *
+ * If this is used in a daemon or client utility it should be called
+ * after processing popt.
+ */
+bool lp_load_global(const char *file_name)
+{
+ return lp_load(file_name,
+ true, /* global_only */
+ false, /* save_defaults */
+ false, /* add_ipc */
+ true); /* reinit_globals */
+}
+
+/**
+ * The typical lp_load wrapper with shares, loads global and
+ * shares, including IPC, but does not force immediate
+ * loading of all shares from registry.
+ */
+bool lp_load_with_shares(const char *file_name)
+{
+ return lp_load(file_name,
+ false, /* global_only */
+ false, /* save_defaults */
+ true, /* add_ipc */
+ true); /* reinit_globals */
+}
+
+/**
+ * lp_load wrapper, especially for clients
+ */
+bool lp_load_client(const char *file_name)
+{
+ lp_set_in_client(true);
+
+ return lp_load_global(file_name);
+}
+
+/**
+ * lp_load wrapper, loading only globals, but intended
+ * for subsequent calls, not reinitializing the globals
+ * to default values
+ */
+bool lp_load_global_no_reinit(const char *file_name)
+{
+ return lp_load(file_name,
+ true, /* global_only */
+ false, /* save_defaults */
+ false, /* add_ipc */
+ false); /* reinit_globals */
+}
+
+/**
+ * lp_load wrapper, loading globals and shares,
+ * intended for subsequent calls, i.e. not reinitializing
+ * the globals to default values.
+ */
+bool lp_load_no_reinit(const char *file_name)
+{
+ return lp_load(file_name,
+ false, /* global_only */
+ false, /* save_defaults */
+ false, /* add_ipc */
+ false); /* reinit_globals */
+}
+
+
+/**
+ * lp_load wrapper, especially for clients, no reinitialization
+ */
+bool lp_load_client_no_reinit(const char *file_name)
+{
+ lp_set_in_client(true);
+
+ return lp_load_global_no_reinit(file_name);
+}
+
+bool lp_load_with_registry_shares(const char *pszFname)
+{
+ return lp_load_ex(pszFname,
+ false, /* global_only */
+ true, /* save_defaults */
+ false, /* add_ipc */
+ true, /* reinit_globals */
+ true, /* allow_include_registry */
+ true); /* load_all_shares*/
+}
+
+/***************************************************************************
+ Return the max number of services.
+***************************************************************************/
+
+int lp_numservices(void)
+{
+ return (iNumServices);
+}
+
+/***************************************************************************
+Display the contents of the services array in human-readable form.
+***************************************************************************/
+
+void lp_dump(FILE *f, bool show_defaults, int maxtoprint)
+{
+ int iService;
+ struct loadparm_context *lp_ctx;
+
+ if (show_defaults)
+ defaults_saved = false;
+
+ lp_ctx = setup_lp_context(talloc_tos());
+ if (lp_ctx == NULL) {
+ return;
+ }
+
+ lpcfg_dump_globals(lp_ctx, f, !defaults_saved);
+
+ lpcfg_dump_a_service(&sDefault, &sDefault, f, flags_list, show_defaults);
+
+ for (iService = 0; iService < maxtoprint; iService++) {
+ fprintf(f,"\n");
+ lp_dump_one(f, show_defaults, iService);
+ }
+ TALLOC_FREE(lp_ctx);
+}
+
+/***************************************************************************
+Display the contents of one service in human-readable form.
+***************************************************************************/
+
+void lp_dump_one(FILE * f, bool show_defaults, int snum)
+{
+ if (VALID(snum)) {
+ if (ServicePtrs[snum]->szService[0] == '\0')
+ return;
+ lpcfg_dump_a_service(ServicePtrs[snum], &sDefault, f,
+ flags_list, show_defaults);
+ }
+}
+
+/***************************************************************************
+Return the number of the service with the given name, or -1 if it doesn't
+exist. Note that this is a DIFFERENT ANIMAL from the internal function
+getservicebyname()! This works ONLY if all services have been loaded, and
+does not copy the found service.
+***************************************************************************/
+
+int lp_servicenumber(const char *pszServiceName)
+{
+ int iService;
+ fstring serviceName;
+
+ if (!pszServiceName) {
+ return GLOBAL_SECTION_SNUM;
+ }
+
+ for (iService = iNumServices - 1; iService >= 0; iService--) {
+ if (VALID(iService) && ServicePtrs[iService]->szService) {
+ /*
+ * The substitution here is used to support %U in
+ * service names
+ */
+ fstrcpy(serviceName, ServicePtrs[iService]->szService);
+ standard_sub_basic(get_current_username(),
+ current_user_info.domain,
+ serviceName,sizeof(serviceName));
+ if (strequal(serviceName, pszServiceName)) {
+ break;
+ }
+ }
+ }
+
+ if (iService >= 0 && ServicePtrs[iService]->usershare == USERSHARE_VALID) {
+ struct timespec last_mod;
+
+ if (!usershare_exists(iService, &last_mod)) {
+ /* Remove the share security tdb entry for it. */
+ delete_share_security(lp_const_servicename(iService));
+ /* Remove it from the array. */
+ free_service_byindex(iService);
+ /* Doesn't exist anymore. */
+ return GLOBAL_SECTION_SNUM;
+ }
+
+ /* Has it been modified ? If so delete and reload. */
+ if (timespec_compare(&ServicePtrs[iService]->usershare_last_mod,
+ &last_mod) < 0) {
+ /* Remove it from the array. */
+ free_service_byindex(iService);
+ /* and now reload it. */
+ iService = load_usershare_service(pszServiceName);
+ }
+ }
+
+ if (iService < 0) {
+ DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
+ return GLOBAL_SECTION_SNUM;
+ }
+
+ return (iService);
+}
+
+/*******************************************************************
+ A useful volume label function.
+********************************************************************/
+
+const char *volume_label(TALLOC_CTX *ctx, int snum)
+{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ char *ret;
+ const char *label = lp_volume(ctx, lp_sub, snum);
+ size_t end = 32;
+
+ if (!*label) {
+ label = lp_servicename(ctx, lp_sub, snum);
+ }
+
+ /*
+ * Volume label can be a max of 32 bytes. Make sure to truncate
+ * it at a codepoint boundary if it's longer than 32 and contains
+ * multibyte characters. Windows insists on a volume label being
+ * a valid mb sequence, and errors out if not.
+ */
+ if (strlen(label) > 32) {
+ /*
+ * A MB char can be a max of 5 bytes, thus
+ * we should have a valid mb character at a
+ * minimum position of (32-5) = 27.
+ */
+ while (end >= 27) {
+ /*
+ * Check if a codepoint starting from next byte
+ * is valid. If yes, then the current byte is the
+ * end of a MB or ascii sequence and the label can
+ * be safely truncated here. If not, keep going
+ * backwards till a valid codepoint is found.
+ */
+ size_t len = 0;
+ const char *s = &label[end];
+ codepoint_t c = next_codepoint(s, &len);
+ if (c != INVALID_CODEPOINT) {
+ break;
+ }
+ end--;
+ }
+ }
+
+ /* This returns a max of 33 byte guarenteed null terminated string. */
+ ret = talloc_strndup(ctx, label, end);
+ if (!ret) {
+ return "";
+ }
+ return ret;
+}
+
+/*******************************************************************
+ Get the default server type we will announce as via nmbd.
+********************************************************************/
+
+int lp_default_server_announce(void)
+{
+ int default_server_announce = 0;
+ default_server_announce |= SV_TYPE_WORKSTATION;
+ default_server_announce |= SV_TYPE_SERVER;
+ default_server_announce |= SV_TYPE_SERVER_UNIX;
+
+ /* note that the flag should be set only if we have a
+ printer service but nmbd doesn't actually load the
+ services so we can't tell --jerry */
+
+ default_server_announce |= SV_TYPE_PRINTQ_SERVER;
+
+ default_server_announce |= SV_TYPE_SERVER_NT;
+ default_server_announce |= SV_TYPE_NT;
+
+ switch (lp_server_role()) {
+ case ROLE_DOMAIN_MEMBER:
+ default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
+ break;
+ case ROLE_DOMAIN_PDC:
+ case ROLE_IPA_DC:
+ default_server_announce |= SV_TYPE_DOMAIN_CTRL;
+ break;
+ case ROLE_DOMAIN_BDC:
+ default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
+ break;
+ case ROLE_STANDALONE:
+ default:
+ break;
+ }
+ if (lp_time_server())
+ default_server_announce |= SV_TYPE_TIME_SOURCE;
+
+ if (lp_host_msdfs())
+ default_server_announce |= SV_TYPE_DFS_SERVER;
+
+ return default_server_announce;
+}
+
+/***********************************************************
+ If we are PDC then prefer us as DMB
+************************************************************/
+
+bool lp_domain_master(void)
+{
+ if (Globals._domain_master == Auto)
+ return (lp_server_role() == ROLE_DOMAIN_PDC ||
+ lp_server_role() == ROLE_IPA_DC);
+
+ return (bool)Globals._domain_master;
+}
+
+/***********************************************************
+ If we are PDC then prefer us as DMB
+************************************************************/
+
+static bool lp_domain_master_true_or_auto(void)
+{
+ if (Globals._domain_master) /* auto or yes */
+ return true;
+
+ return false;
+}
+
+/***********************************************************
+ If we are DMB then prefer us as LMB
+************************************************************/
+
+bool lp_preferred_master(void)
+{
+ int preferred_master = lp__preferred_master();
+
+ if (preferred_master == Auto)
+ return (lp_local_master() && lp_domain_master());
+
+ return (bool)preferred_master;
+}
+
+/*******************************************************************
+ Remove a service.
+********************************************************************/
+
+void lp_remove_service(int snum)
+{
+ ServicePtrs[snum]->valid = false;
+}
+
+const char *lp_printername(TALLOC_CTX *ctx,
+ const struct loadparm_substitution *lp_sub,
+ int snum)
+{
+ const char *ret = lp__printername(ctx, lp_sub, snum);
+
+ if (ret == NULL || *ret == '\0') {
+ ret = lp_const_servicename(snum);
+ }
+
+ return ret;
+}
+
+
+/***********************************************************
+ Allow daemons such as winbindd to fix their logfile name.
+************************************************************/
+
+void lp_set_logfile(const char *name)
+{
+ lpcfg_string_set(Globals.ctx, &Globals.logfile, name);
+ debug_set_logfile(name);
+}
+
+/*******************************************************************
+ Return the max print jobs per queue.
+********************************************************************/
+
+int lp_maxprintjobs(int snum)
+{
+ int maxjobs = lp_max_print_jobs(snum);
+
+ if (maxjobs <= 0 || maxjobs >= PRINT_MAX_JOBID)
+ maxjobs = PRINT_MAX_JOBID - 1;
+
+ return maxjobs;
+}
+
+const char *lp_printcapname(void)
+{
+ const char *printcap_name = lp_printcap_name();
+
+ if ((printcap_name != NULL) &&
+ (printcap_name[0] != '\0'))
+ return printcap_name;
+
+ if (sDefault.printing == PRINT_CUPS) {
+ return "cups";
+ }
+
+ if (sDefault.printing == PRINT_BSD)
+ return "/etc/printcap";
+
+ return PRINTCAP_NAME;
+}
+
+static uint32_t spoolss_state;
+
+bool lp_disable_spoolss( void )
+{
+ if ( spoolss_state == SVCCTL_STATE_UNKNOWN )
+ spoolss_state = lp__disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
+
+ return spoolss_state == SVCCTL_STOPPED ? true : false;
+}
+
+void lp_set_spoolss_state( uint32_t state )
+{
+ SMB_ASSERT( (state == SVCCTL_STOPPED) || (state == SVCCTL_RUNNING) );
+
+ spoolss_state = state;
+}
+
+uint32_t lp_get_spoolss_state( void )
+{
+ return lp_disable_spoolss() ? SVCCTL_STOPPED : SVCCTL_RUNNING;
+}
+
+/*******************************************************************
+ Turn off sendfile if we find the underlying OS doesn't support it.
+********************************************************************/
+
+void set_use_sendfile(int snum, bool val)
+{
+ if (LP_SNUM_OK(snum))
+ ServicePtrs[snum]->_use_sendfile = val;
+ else
+ sDefault._use_sendfile = val;
+}
+
+void lp_set_mangling_method(const char *new_method)
+{
+ lpcfg_string_set(Globals.ctx, &Globals.mangling_method, new_method);
+}
+
+/*******************************************************************
+ Global state for POSIX pathname processing.
+********************************************************************/
+
+static bool posix_pathnames;
+
+bool lp_posix_pathnames(void)
+{
+ return posix_pathnames;
+}
+
+/*******************************************************************
+ Change everything needed to ensure POSIX pathname processing (currently
+ not much).
+********************************************************************/
+
+void lp_set_posix_pathnames(void)
+{
+ posix_pathnames = true;
+}
+
+/*******************************************************************
+ Global state for POSIX lock processing - CIFS unix extensions.
+********************************************************************/
+
+bool posix_default_lock_was_set;
+static enum brl_flavour posix_cifsx_locktype; /* By default 0 == WINDOWS_LOCK */
+
+enum brl_flavour lp_posix_cifsu_locktype(files_struct *fsp)
+{
+ if (posix_default_lock_was_set) {
+ return posix_cifsx_locktype;
+ } else {
+ return (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) ?
+ POSIX_LOCK : WINDOWS_LOCK;
+ }
+}
+
+/*******************************************************************
+********************************************************************/
+
+void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
+{
+ posix_default_lock_was_set = true;
+ posix_cifsx_locktype = val;
+}
+
+int lp_min_receive_file_size(void)
+{
+ int min_receivefile_size = lp_min_receivefile_size();
+
+ if (min_receivefile_size < 0) {
+ return 0;
+ }
+ return min_receivefile_size;
+}
+
+/*******************************************************************
+ Safe wide links checks.
+ This helper function always verify the validity of wide links,
+ even after a configuration file reload.
+********************************************************************/
+
+void widelinks_warning(int snum)
+{
+ if (lp_allow_insecure_wide_links()) {
+ return;
+ }
+
+ if (lp_wide_links(snum)) {
+ if (lp_smb1_unix_extensions()) {
+ DBG_ERR("Share '%s' has wide links and SMB1 unix "
+ "extensions enabled. "
+ "These parameters are incompatible. "
+ "Wide links will be disabled for this share.\n",
+ lp_const_servicename(snum));
+ } else if (lp_smb2_unix_extensions()) {
+ DBG_ERR("Share '%s' has wide links and SMB2 unix "
+ "extensions enabled. "
+ "These parameters are incompatible. "
+ "Wide links will be disabled for this share.\n",
+ lp_const_servicename(snum));
+ }
+ }
+}
+
+bool lp_widelinks(int snum)
+{
+ /* wide links is always incompatible with unix extensions */
+ if (lp_smb1_unix_extensions() || lp_smb2_unix_extensions()) {
+ /*
+ * Unless we have "allow insecure widelinks"
+ * turned on.
+ */
+ if (!lp_allow_insecure_wide_links()) {
+ return false;
+ }
+ }
+
+ return lp_wide_links(snum);
+}
+
+int lp_server_role(void)
+{
+ return lp_find_server_role(lp__server_role(),
+ lp__security(),
+ lp__domain_logons(),
+ lp_domain_master_true_or_auto());
+}
+
+int lp_security(void)
+{
+ return lp_find_security(lp__server_role(),
+ lp__security());
+}
+
+int lp_client_max_protocol(void)
+{
+ int client_max_protocol = lp__client_max_protocol();
+ if (client_max_protocol == PROTOCOL_DEFAULT) {
+ return PROTOCOL_LATEST;
+ }
+ return client_max_protocol;
+}
+
+int lp_client_ipc_min_protocol(void)
+{
+ int client_ipc_min_protocol = lp__client_ipc_min_protocol();
+ if (client_ipc_min_protocol == PROTOCOL_DEFAULT) {
+ client_ipc_min_protocol = lp_client_min_protocol();
+ }
+ if (client_ipc_min_protocol < PROTOCOL_NT1) {
+ return PROTOCOL_NT1;
+ }
+ return client_ipc_min_protocol;
+}
+
+int lp_client_ipc_max_protocol(void)
+{
+ int client_ipc_max_protocol = lp__client_ipc_max_protocol();
+ if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
+ return PROTOCOL_LATEST;
+ }
+ if (client_ipc_max_protocol < PROTOCOL_NT1) {
+ return PROTOCOL_NT1;
+ }
+ return client_ipc_max_protocol;
+}
+
+int lp_client_ipc_signing(void)
+{
+ int client_ipc_signing = lp__client_ipc_signing();
+ if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
+ return SMB_SIGNING_REQUIRED;
+ }
+ return client_ipc_signing;
+}
+
+enum credentials_use_kerberos lp_client_use_kerberos(void)
+{
+ if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+ return CRED_USE_KERBEROS_REQUIRED;
+ }
+
+ return lp__client_use_kerberos();
+}
+
+
+int lp_rpc_low_port(void)
+{
+ return Globals.rpc_low_port;
+}
+
+int lp_rpc_high_port(void)
+{
+ return Globals.rpc_high_port;
+}
+
+/*
+ * Do not allow LanMan auth if unless NTLMv1 is also allowed
+ *
+ * This also ensures it is disabled if NTLM is totally disabled
+ */
+bool lp_lanman_auth(void)
+{
+ enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
+
+ if (ntlm_auth_level == NTLM_AUTH_ON) {
+ return lp__lanman_auth();
+ } else {
+ return false;
+ }
+}
+
+struct loadparm_global * get_globals(void)
+{
+ return &Globals;
+}
+
+unsigned int * get_flags(void)
+{
+ if (flags_list == NULL) {
+ flags_list = talloc_zero_array(NULL, unsigned int, num_parameters());
+ }
+
+ return flags_list;
+}
+
+enum samba_weak_crypto lp_weak_crypto(void)
+{
+ if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
+ Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
+
+ if (samba_gnutls_weak_crypto_allowed()) {
+ Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
+ }
+ }
+
+ return Globals.weak_crypto;
+}
+
+uint32_t lp_get_async_dns_timeout(void)
+{
+ /*
+ * Clamp minimum async dns timeout to 1 second
+ * as per the man page.
+ */
+ return MAX(Globals.async_dns_timeout, 1);
+}
+
+/* SMB2 POSIX extensions. For now, *always* disabled. */
+bool lp_smb2_unix_extensions(void)
+{
+ return false;
+}