diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
| commit | 8daa83a594a2e98f39d764422bfbdbc62c9efd44 (patch) | |
| tree | 4099e8021376c7d8c05bdf8503093d80e9c7bad0 /lib/param | |
| parent | Initial commit. (diff) | |
| download | samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.tar.xz samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.zip | |
Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/param')
| -rw-r--r-- | lib/param/README | 86 | ||||
| -rw-r--r-- | lib/param/loadparm.c | 3765 | ||||
| -rw-r--r-- | lib/param/loadparm.h | 344 | ||||
| -rw-r--r-- | lib/param/loadparm_server_role.c | 155 | ||||
| -rw-r--r-- | lib/param/param.h | 282 | ||||
| -rw-r--r-- | lib/param/param_table.c | 463 | ||||
| -rw-r--r-- | lib/param/s3_param.h | 23 | ||||
| -rw-r--r-- | lib/param/samba-hostconfig.pc.in | 10 | ||||
| -rw-r--r-- | lib/param/util.c | 340 | ||||
| -rw-r--r-- | lib/param/wscript_build | 48 |
10 files changed, 5516 insertions, 0 deletions
diff --git a/lib/param/README b/lib/param/README new file mode 100644 index 0000000..11422f5 --- /dev/null +++ b/lib/param/README @@ -0,0 +1,86 @@ +libsamba-hostconfig +------------------- + +This directory contains "libsamba-hostconfig". + +The libsamba-hostconfig library provides access to all host-wide configuration +such as the configured shares, default parameter values and host secret keys. + + +Adding a parameter +------------------ + +To add or change an smb.conf option, in general you only have to add +the documentation to docs-xml/smbdotconf, or change it. +In addition to that, if special defaults are needed, the functions +loadparm_init() in lib/param/loadparm.c and/or init_globals() in +source3/param/loadparm.c need to be adapted accordingly. +The rest is generated for you. + +It is important to get the attributes right in the <samba:parameter ...> +tag of the xml files. These determine the details of the generated code. + +- Supported attributes are name, context, type, constant, function, + generated_function, synonym, parm, enumlist, handler, and deprecated. +- Supported contexts are 'G' (for global) and 'S' (for share). +- Supported types are boolean, boolean-rev, boolean-auto, list, + cmdlist, string, ustring, char, integer, bytes, octal, and enum. + + + +Using smb.conf parameters in the code +------------------------------------- + +Call the lpcfg_*() function. To get the lp_ctx, have the caller pass +it to you. To get a lp_ctx for the source3/param loadparm system, use: + +struct loadparm_context *lp_ctx = loadparm_init_s3(tmp_ctx, loadparm_s3_helpers()); + +Remember to talloc_unlink(tmp_ctx, lp_ctx) the result when you are done! + +To get a lp_ctx for the lib/param loadparm system, typically the +pointer is already set up by popt at startup, and is passed down from +cmdline_lp_ctx. + +In pure source3/ code, you may use lp_*() functions, but are +encouraged to use the lpcfg_*() functions so that code can be made +common. + + +How does loadparm_init_s3() work? +--------------------------------- + +loadparm_s3_helpers() returns a initialised table of function +pointers, pointing at all global lp_*() functions, except for those +that return substituted strings (% macros). The lpcfg_*() function +then calls this plugged in function, allowing the one function and +pattern to use either loadparm system. + + +There is a lot of generated code, here, what generates what? +------------------------------------------------------------ + +The regular format of the CPP macros in param_functions.c is used to +generate up the prototypes (mkproto.pl, mks3param_proto.pl), the service +and globals table (mkparamdefs.pl), the glue table (mmks3param.pl) and +the initialisation of the glue table (mks3param_ctx_table.pl). + +I have tried combining some of these, but it just makes the scripts more +complex. + +The CPP macros are defined in and expand in lib/param/loadparm.c and +source3/param/loadparm.c to read the values from the generated +structures. They are CPP #included into these files so that the same +macro has two definitions, depending on the system it is loading into. + + +Why was this done, rather than a 'proper' fix, or just using one system or the other? +------------------------------------------------------------------------------------- + +This was done to allow merging from both ends - merging more parts of +the loadparm handling, and merging code that needs to read the +smb.conf, without having to do it all at once. Ideally +param_functions.c would be generated from param_table.c or (even +better) our XML manpage source, and the CPP macros would instead be +generated expanded as generated C files, but this is a task nobody has +taken on yet. diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c new file mode 100644 index 0000000..6ef29ed --- /dev/null +++ b/lib/param/loadparm.c @@ -0,0 +1,3765 @@ +/* + Unix SMB/CIFS implementation. + Parameter loading functions + Copyright (C) Karl Auer 1993-1998 + + Largely re-written by Andrew Tridgell, September 1994 + + Copyright (C) Simo Sorce 2001 + Copyright (C) Alexander Bokovoy 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003. + Copyright (C) James Myers 2003 <myersjj@samba.org> + Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007 + Copyright (C) Andrew Bartlett 2011-2012 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* + * Load parameters. + * + * This module provides suitable callback functions for the params + * module. It builds the internal table of service details which is + * then used by the rest of the server. + * + * To add a parameter: + * + * 1) add it to the global or service structure definition + * 2) add it to the parm_table + * 3) add it to the list of available functions (eg: using FN_GLOBAL_STRING()) + * 4) If it's a global then initialise it in init_globals. If a local + * (ie. service) parameter then initialise it in the sDefault structure + * + * + * Notes: + * The configuration file is processed sequentially for speed. It is NOT + * accessed randomly as happens in 'real' Windows. For this reason, there + * is a fair bit of sequence-dependent code here - ie., code which assumes + * that certain things happen before others. In particular, the code which + * happens at the boundary between sections is delicately poised, so be + * careful! + * + */ + +#include "includes.h" +#include "version.h" +#include "dynconfig/dynconfig.h" +#include "system/time.h" +#include "system/locale.h" +#include "system/network.h" /* needed for TCP_NODELAY */ +#include "../lib/util/dlinklist.h" +#include "lib/param/param.h" +#define LOADPARM_SUBSTITUTION_INTERNALS 1 +#include "lib/param/loadparm.h" +#include "auth/gensec/gensec.h" +#include "lib/param/s3_param.h" +#include "lib/util/bitmap.h" +#include "libcli/smb/smb_constants.h" +#include "tdb.h" +#include "librpc/gen_ndr/nbt.h" +#include "librpc/gen_ndr/dns.h" +#include "librpc/gen_ndr/security.h" +#include "libds/common/roles.h" +#include "lib/util/samba_util.h" +#include "libcli/auth/ntlm_check.h" +#include "lib/crypto/gnutls_helpers.h" +#include "lib/util/smb_strtox.h" +#include "auth/credentials/credentials.h" + +#ifdef HAVE_HTTPCONNECTENCRYPT +#include <cups/http.h> +#endif + +#define standard_sub_basic talloc_strdup + +#include "lib/param/param_global.h" + +struct loadparm_service *lpcfg_default_service(struct loadparm_context *lp_ctx) +{ + return lp_ctx->sDefault; +} + +int lpcfg_rpc_low_port(struct loadparm_context *lp_ctx) +{ + return lp_ctx->globals->rpc_low_port; +} + +int lpcfg_rpc_high_port(struct loadparm_context *lp_ctx) +{ + return lp_ctx->globals->rpc_high_port; +} + +enum samba_weak_crypto lpcfg_weak_crypto(struct loadparm_context *lp_ctx) +{ + if (lp_ctx->globals->weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) { + lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED; + + if (samba_gnutls_weak_crypto_allowed()) { + lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED; + } + } + + return lp_ctx->globals->weak_crypto; +} + +/** + * Convenience routine to grab string parameters into temporary memory + * and run standard_sub_basic on them. + * + * The buffers can be written to by + * callers without affecting the source string. + */ + +static const char *lpcfg_string(const char *s) +{ +#if 0 /* until REWRITE done to make thread-safe */ + size_t len = s ? strlen(s) : 0; + char *ret; +#endif + + /* The follow debug is useful for tracking down memory problems + especially if you have an inner loop that is calling a lp_*() + function that returns a string. Perhaps this debug should be + present all the time? */ + +#if 0 + DEBUG(10, ("lpcfg_string(%s)\n", s)); +#endif + +#if 0 /* until REWRITE done to make thread-safe */ + if (!lp_talloc) + lp_talloc = talloc_init("lp_talloc"); + + ret = talloc_array(lp_talloc, char, len + 100); /* leave room for substitution */ + + if (!ret) + return NULL; + + if (!s) + *ret = 0; + else + strlcpy(ret, s, len); + + if (trim_string(ret, "\"", "\"")) { + if (strchr(ret,'"') != NULL) + strlcpy(ret, s, len); + } + + standard_sub_basic(ret,len+100); + return (ret); +#endif + return s; +} + +/* + In this section all the functions that are used to access the + parameters from the rest of the program are defined +*/ + +/* + * the creation of separate lpcfg_*() and lp_*() functions is to allow + * for code compatibility between existing Samba4 and Samba3 code. + */ + +/* this global context supports the lp_*() function variants */ +static struct loadparm_context *global_loadparm_context; + +#define FN_GLOBAL_SUBSTITUTED_STRING(fn_name,var_name) \ + _PUBLIC_ char *lpcfg_ ## fn_name(struct loadparm_context *lp_ctx, \ + const struct loadparm_substitution *lp_sub, TALLOC_CTX *mem_ctx) \ +{ \ + if (lp_ctx == NULL) return NULL; \ + return lpcfg_substituted_string(mem_ctx, lp_sub, \ + lp_ctx->globals->var_name ? lp_ctx->globals->var_name : ""); \ +} + +#define FN_GLOBAL_CONST_STRING(fn_name,var_name) \ + _PUBLIC_ const char *lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) { \ + if (lp_ctx == NULL) return NULL; \ + return lp_ctx->globals->var_name ? lpcfg_string(lp_ctx->globals->var_name) : ""; \ +} + +#define FN_GLOBAL_LIST(fn_name,var_name) \ + _PUBLIC_ const char **lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) { \ + if (lp_ctx == NULL) return NULL; \ + return lp_ctx->globals->var_name; \ + } + +#define FN_GLOBAL_BOOL(fn_name,var_name) \ + _PUBLIC_ bool lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) {\ + if (lp_ctx == NULL) return false; \ + return lp_ctx->globals->var_name; \ +} + +#define FN_GLOBAL_INTEGER(fn_name,var_name) \ + _PUBLIC_ int lpcfg_ ## fn_name(struct loadparm_context *lp_ctx) { \ + return lp_ctx->globals->var_name; \ + } + +/* Local parameters don't need the ->s3_fns because the struct + * loadparm_service is shared and lpcfg_service() checks the ->s3_fns + * hook */ +#define FN_LOCAL_SUBSTITUTED_STRING(fn_name,val) \ + _PUBLIC_ char *lpcfg_ ## fn_name(struct loadparm_service *service, \ + struct loadparm_service *sDefault, TALLOC_CTX *ctx) { \ + return(talloc_strdup(ctx, lpcfg_string((const char *)((service != NULL && service->val != NULL) ? service->val : sDefault->val)))); \ + } + +#define FN_LOCAL_CONST_STRING(fn_name,val) \ + _PUBLIC_ const char *lpcfg_ ## fn_name(struct loadparm_service *service, \ + struct loadparm_service *sDefault) { \ + return((const char *)((service != NULL && service->val != NULL) ? service->val : sDefault->val)); \ + } + +#define FN_LOCAL_LIST(fn_name,val) \ + _PUBLIC_ const char **lpcfg_ ## fn_name(struct loadparm_service *service, \ + struct loadparm_service *sDefault) {\ + return(const char **)(service != NULL && service->val != NULL? service->val : sDefault->val); \ + } + +#define FN_LOCAL_PARM_BOOL(fn_name, val) FN_LOCAL_BOOL(fn_name, val) + +#define FN_LOCAL_BOOL(fn_name,val) \ + _PUBLIC_ bool lpcfg_ ## fn_name(struct loadparm_service *service, \ + struct loadparm_service *sDefault) { \ + return((service != NULL)? service->val : sDefault->val); \ + } + +#define FN_LOCAL_INTEGER(fn_name,val) \ + _PUBLIC_ int lpcfg_ ## fn_name(struct loadparm_service *service, \ + struct loadparm_service *sDefault) { \ + return((service != NULL)? service->val : sDefault->val); \ + } + +#define FN_LOCAL_PARM_INTEGER(fn_name, val) FN_LOCAL_INTEGER(fn_name, val) + +#define FN_LOCAL_CHAR(fn_name,val) \ + _PUBLIC_ char lpcfg_ ## fn_name(struct loadparm_service *service, \ + struct loadparm_service *sDefault) { \ + return((service != NULL)? service->val : sDefault->val); \ + } + +#define FN_LOCAL_PARM_CHAR(fn_name,val) FN_LOCAL_CHAR(fn_name, val) + +#include "lib/param/param_functions.c" + +/* These functions cannot be auto-generated */ +FN_LOCAL_BOOL(autoloaded, autoloaded) +FN_GLOBAL_CONST_STRING(dnsdomain, dnsdomain) + +/* local prototypes */ +static struct loadparm_service *lpcfg_getservicebyname(struct loadparm_context *lp_ctx, + const char *pszServiceName); +static bool do_section(const char *pszSectionName, void *); +static bool set_variable_helper(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr, + const char *pszParmName, const char *pszParmValue); +static bool lp_do_parameter_parametric(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *pszParmName, + const char *pszParmValue, int flags); + +/* The following are helper functions for parametrical options support. */ +/* It returns a pointer to parametrical option value if it exists or NULL otherwise */ +/* Actual parametrical functions are quite simple */ +struct parmlist_entry *get_parametric_helper(struct loadparm_service *service, + const char *type, const char *option, + struct parmlist_entry *global_opts) +{ + size_t type_len = strlen(type); + size_t option_len = strlen(option); + char param_key[type_len + option_len + 2]; + struct parmlist_entry *data = NULL; + + snprintf(param_key, sizeof(param_key), "%s:%s", type, option); + + /* + * Try to fetch the option from the data. + */ + if (service != NULL) { + data = service->param_opt; + while (data != NULL) { + if (strwicmp(data->key, param_key) == 0) { + return data; + } + data = data->next; + } + } + + /* + * Fall back to fetching from the globals. + */ + data = global_opts; + while (data != NULL) { + if (strwicmp(data->key, param_key) == 0) { + return data; + } + data = data->next; + } + + return NULL; +} + +const char *lpcfg_get_parametric(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *type, const char *option) +{ + struct parmlist_entry *data; + + if (lp_ctx == NULL) + return NULL; + + data = get_parametric_helper(service, + type, option, lp_ctx->globals->param_opt); + + if (data == NULL) { + return NULL; + } else { + return data->value; + } +} + + +/** + * convenience routine to return int parameters. + */ +int lp_int(const char *s) +{ + + if (!s || !*s) { + DEBUG(0,("lp_int(%s): is called with NULL!\n",s)); + return -1; + } + + return strtol(s, NULL, 0); +} + +/** + * convenience routine to return unsigned long parameters. + */ +unsigned long lp_ulong(const char *s) +{ + int error = 0; + unsigned long int ret; + + if (!s || !*s) { + DBG_DEBUG("lp_ulong(%s): is called with NULL!\n",s); + return -1; + } + + ret = smb_strtoul(s, NULL, 0, &error, SMB_STR_STANDARD); + if (error != 0) { + DBG_DEBUG("lp_ulong(%s): conversion failed\n",s); + return -1; + } + + return ret; +} + +/** + * convenience routine to return unsigned long long parameters. + */ +unsigned long long lp_ulonglong(const char *s) +{ + int error = 0; + unsigned long long int ret; + + if (!s || !*s) { + DBG_DEBUG("lp_ulonglong(%s): is called with NULL!\n", s); + return -1; + } + + ret = smb_strtoull(s, NULL, 0, &error, SMB_STR_STANDARD); + if (error != 0) { + DBG_DEBUG("lp_ulonglong(%s): conversion failed\n",s); + return -1; + } + + return ret; +} + +/** + * convenience routine to return unsigned long parameters. + */ +static long lp_long(const char *s) +{ + + if (!s) { + DEBUG(0,("lp_long(%s): is called with NULL!\n",s)); + return -1; + } + + return strtol(s, NULL, 0); +} + +/** + * convenience routine to return unsigned long parameters. + */ +static double lp_double(const char *s) +{ + + if (!s) { + DEBUG(0,("lp_double(%s): is called with NULL!\n",s)); + return -1; + } + + return strtod(s, NULL); +} + +/** + * convenience routine to return boolean parameters. + */ +bool lp_bool(const char *s) +{ + bool ret = false; + + if (!s || !*s) { + DEBUG(0,("lp_bool(%s): is called with NULL!\n",s)); + return false; + } + + if (!set_boolean(s, &ret)) { + DEBUG(0,("lp_bool(%s): value is not boolean!\n",s)); + return false; + } + + return ret; +} + +/** + * Return parametric option from a given service. Type is a part of option before ':' + * Parametric option has following syntax: 'Type: option = value' + * Returned value is allocated in 'lp_talloc' context + */ + +const char *lpcfg_parm_string(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option) +{ + const char *value = lpcfg_get_parametric(lp_ctx, service, type, option); + + if (value) + return lpcfg_string(value); + + return NULL; +} + +/** + * Return parametric option from a given service. Type is a part of option before ':' + * Parametric option has following syntax: 'Type: option = value' + * Returned value is allocated in 'lp_talloc' context + */ + +const char **lpcfg_parm_string_list(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *type, + const char *option, const char *separator) +{ + const char *value = lpcfg_get_parametric(lp_ctx, service, type, option); + + if (value != NULL) { + char **l = str_list_make(mem_ctx, value, separator); + return discard_const_p(const char *, l); + } + + return NULL; +} + +/** + * Return parametric option from a given service. Type is a part of option before ':' + * Parametric option has following syntax: 'Type: option = value' + */ + +int lpcfg_parm_int(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, int default_v) +{ + const char *value = lpcfg_get_parametric(lp_ctx, service, type, option); + + if (value) + return lp_int(value); + + return default_v; +} + +/** + * Return parametric option from a given service. Type is a part of + * option before ':'. + * Parametric option has following syntax: 'Type: option = value'. + */ + +int lpcfg_parm_bytes(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, int default_v) +{ + uint64_t bval; + + const char *value = lpcfg_get_parametric(lp_ctx, service, type, option); + + if (value && conv_str_size_error(value, &bval)) { + if (bval <= INT_MAX) { + return (int)bval; + } + } + + return default_v; +} + +/** + * Return parametric option from a given service. + * Type is a part of option before ':' + * Parametric option has following syntax: 'Type: option = value' + */ +unsigned long lpcfg_parm_ulong(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, unsigned long default_v) +{ + const char *value = lpcfg_get_parametric(lp_ctx, service, type, option); + + if (value) + return lp_ulong(value); + + return default_v; +} + +/** + * Return parametric option from a given service. + * Type is a part of option before ':' + * Parametric option has following syntax: 'Type: option = value' + */ +unsigned long long lpcfg_parm_ulonglong(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *type, const char *option, + unsigned long long default_v) +{ + const char *value = lpcfg_get_parametric(lp_ctx, service, type, option); + + if (value) { + return lp_ulonglong(value); + } + + return default_v; +} + +long lpcfg_parm_long(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, long default_v) +{ + const char *value = lpcfg_get_parametric(lp_ctx, service, type, option); + + if (value) + return lp_long(value); + + return default_v; +} + +double lpcfg_parm_double(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, double default_v) +{ + const char *value = lpcfg_get_parametric(lp_ctx, service, type, option); + + if (value != NULL) + return lp_double(value); + + return default_v; +} + +/** + * Return parametric option from a given service. Type is a part of option before ':' + * Parametric option has following syntax: 'Type: option = value' + */ + +bool lpcfg_parm_bool(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, bool default_v) +{ + const char *value = lpcfg_get_parametric(lp_ctx, service, type, option); + + if (value != NULL) + return lp_bool(value); + + return default_v; +} + + +/* this is used to prevent lots of mallocs of size 1 */ +static const char lpcfg_string_empty[] = ""; + +/** + Free a string value. +**/ +void lpcfg_string_free(char **s) +{ + if (s == NULL) { + return; + } + if (*s == lpcfg_string_empty) { + *s = NULL; + return; + } + TALLOC_FREE(*s); +} + +/** + * Set a string value, deallocating any existing space, and allocing the space + * for the string + */ +bool lpcfg_string_set(TALLOC_CTX *mem_ctx, char **dest, const char *src) +{ + lpcfg_string_free(dest); + + if ((src == NULL) || (*src == '\0')) { + *dest = discard_const_p(char, lpcfg_string_empty); + return true; + } + + *dest = talloc_strdup(mem_ctx, src); + if ((*dest) == NULL) { + DEBUG(0,("Out of memory in string_set\n")); + return false; + } + + return true; +} + +/** + * Set a string value, deallocating any existing space, and allocing the space + * for the string + */ +bool lpcfg_string_set_upper(TALLOC_CTX *mem_ctx, char **dest, const char *src) +{ + lpcfg_string_free(dest); + + if ((src == NULL) || (*src == '\0')) { + *dest = discard_const_p(char, lpcfg_string_empty); + return true; + } + + *dest = strupper_talloc(mem_ctx, src); + if ((*dest) == NULL) { + DEBUG(0,("Out of memory in string_set_upper\n")); + return false; + } + + return true; +} + + + +/** + * Add a new service to the services array initialising it with the given + * service. + */ + +struct loadparm_service *lpcfg_add_service(struct loadparm_context *lp_ctx, + const struct loadparm_service *pservice, + const char *name) +{ + int i; + int num_to_alloc = lp_ctx->iNumServices + 1; + struct parmlist_entry *data, *pdata; + + if (lp_ctx->s3_fns != NULL) { + smb_panic("Add a service should not be called on an s3 loadparm ctx"); + } + + if (pservice == NULL) { + pservice = lp_ctx->sDefault; + } + + /* it might already exist */ + if (name) { + struct loadparm_service *service = lpcfg_getservicebyname(lp_ctx, + name); + if (service != NULL) { + /* Clean all parametric options for service */ + /* They will be added during parsing again */ + data = service->param_opt; + while (data) { + pdata = data->next; + talloc_free(data); + data = pdata; + } + service->param_opt = NULL; + return service; + } + } + + /* find an invalid one */ + for (i = 0; i < lp_ctx->iNumServices; i++) + if (lp_ctx->services[i] == NULL) + break; + + /* if not, then create one */ + if (i == lp_ctx->iNumServices) { + struct loadparm_service **tsp; + + tsp = talloc_realloc(lp_ctx, lp_ctx->services, struct loadparm_service *, num_to_alloc); + + if (!tsp) { + DEBUG(0,("lpcfg_add_service: failed to enlarge services!\n")); + return NULL; + } else { + lp_ctx->services = tsp; + lp_ctx->services[lp_ctx->iNumServices] = NULL; + } + + lp_ctx->iNumServices++; + } + + lp_ctx->services[i] = talloc_zero(lp_ctx->services, struct loadparm_service); + if (lp_ctx->services[i] == NULL) { + DEBUG(0,("lpcfg_add_service: out of memory!\n")); + return NULL; + } + copy_service(lp_ctx->services[i], pservice, NULL); + if (name != NULL) + lpcfg_string_set(lp_ctx->services[i], &lp_ctx->services[i]->szService, name); + return lp_ctx->services[i]; +} + +/** + * Map a parameter's string representation to something we can use. + * Returns False if the parameter string is not recognised, else TRUE. + */ + +int lpcfg_map_parameter(const char *pszParmName) +{ + int iIndex; + + for (iIndex = 0; parm_table[iIndex].label; iIndex++) + if (strwicmp(parm_table[iIndex].label, pszParmName) == 0) + return iIndex; + + /* Warn only if it isn't parametric option */ + if (strchr(pszParmName, ':') == NULL) + DEBUG(0, ("Unknown parameter encountered: \"%s\"\n", pszParmName)); + /* We do return 'fail' for parametric options as well because they are + stored in different storage + */ + return -1; +} + + +/** + return the parameter structure for a parameter +*/ +struct parm_struct *lpcfg_parm_struct(struct loadparm_context *lp_ctx, const char *name) +{ + int num = lpcfg_map_parameter(name); + + if (num < 0) { + return NULL; + } + + return &parm_table[num]; +} + +/** + return the parameter pointer for a parameter +*/ +void *lpcfg_parm_ptr(struct loadparm_context *lp_ctx, + struct loadparm_service *service, struct parm_struct *parm) +{ + if (lp_ctx->s3_fns) { + return lp_ctx->s3_fns->get_parm_ptr(service, parm); + } + + if (service == NULL) { + if (parm->p_class == P_LOCAL) + return ((char *)lp_ctx->sDefault)+parm->offset; + else if (parm->p_class == P_GLOBAL) + return ((char *)lp_ctx->globals)+parm->offset; + else return NULL; + } else { + return ((char *)service) + parm->offset; + } +} + +/** + return the parameter pointer for a parameter +*/ +bool lpcfg_parm_is_cmdline(struct loadparm_context *lp_ctx, const char *name) +{ + int parmnum; + + parmnum = lpcfg_map_parameter(name); + if (parmnum == -1) return false; + + return lp_ctx->flags[parmnum] & FLAG_CMDLINE; +} + +bool lpcfg_parm_is_unspecified(struct loadparm_context *lp_ctx, const char *name) +{ + int parmnum; + + parmnum = lpcfg_map_parameter(name); + if (parmnum == -1) return false; + + return lp_ctx->flags[parmnum] & FLAG_DEFAULT; +} + +/** + * Find a service by name. Otherwise works like get_service. + */ + +static struct loadparm_service *lpcfg_getservicebyname(struct loadparm_context *lp_ctx, + const char *pszServiceName) +{ + int iService; + + if (lp_ctx->s3_fns) { + return lp_ctx->s3_fns->get_service(pszServiceName); + } + + for (iService = lp_ctx->iNumServices - 1; iService >= 0; iService--) + if (lp_ctx->services[iService] != NULL && + strwicmp(lp_ctx->services[iService]->szService, pszServiceName) == 0) { + return lp_ctx->services[iService]; + } + + return NULL; +} + +/** + * Add a parametric option to a parmlist_entry, + * replacing old value, if already present. + */ +void set_param_opt(TALLOC_CTX *mem_ctx, + struct parmlist_entry **opt_list, + const char *opt_name, + const char *opt_value, + unsigned priority) +{ + struct parmlist_entry *new_opt, *opt; + + opt = *opt_list; + + /* Traverse destination */ + while (opt) { + /* If we already have same option, override it */ + if (strwicmp(opt->key, opt_name) == 0) { + if ((opt->priority & FLAG_CMDLINE) && + !(priority & FLAG_CMDLINE)) { + /* it's been marked as not to be + overridden */ + return; + } + TALLOC_FREE(opt->list); + lpcfg_string_set(opt, &opt->value, opt_value); + opt->priority = priority; + return; + } + opt = opt->next; + } + + new_opt = talloc_pooled_object( + mem_ctx, struct parmlist_entry, + 2, strlen(opt_name) + 1 + strlen(opt_value) + 1); + if (new_opt == NULL) { + smb_panic("OOM"); + } + new_opt->key = NULL; + lpcfg_string_set(new_opt, &new_opt->key, opt_name); + new_opt->value = NULL; + lpcfg_string_set(new_opt, &new_opt->value, opt_value); + + new_opt->list = NULL; + new_opt->priority = priority; + DLIST_ADD(*opt_list, new_opt); +} + +/** + * Copy a service structure to another. + * If pcopymapDest is NULL then copy all fields + */ + +void copy_service(struct loadparm_service *pserviceDest, + const struct loadparm_service *pserviceSource, + struct bitmap *pcopymapDest) +{ + int i; + bool bcopyall = (pcopymapDest == NULL); + struct parmlist_entry *data; + + for (i = 0; parm_table[i].label; i++) + if (parm_table[i].p_class == P_LOCAL && + (bcopyall || bitmap_query(pcopymapDest, i))) { + const void *src_ptr = + ((const char *)pserviceSource) + parm_table[i].offset; + void *dest_ptr = + ((char *)pserviceDest) + parm_table[i].offset; + + switch (parm_table[i].type) { + case P_BOOL: + case P_BOOLREV: + *(bool *)dest_ptr = *(const bool *)src_ptr; + break; + + case P_INTEGER: + case P_BYTES: + case P_OCTAL: + case P_ENUM: + *(int *)dest_ptr = *(const int *)src_ptr; + break; + + case P_CHAR: + *(char *)dest_ptr = *(const char *)src_ptr; + break; + + case P_STRING: + lpcfg_string_set(pserviceDest, + (char **)dest_ptr, + *(const char * const *)src_ptr); + break; + + case P_USTRING: + lpcfg_string_set_upper(pserviceDest, + (char **)dest_ptr, + *(const char * const *)src_ptr); + break; + case P_CMDLIST: + case P_LIST: + TALLOC_FREE(*((char ***)dest_ptr)); + *(char ***)dest_ptr = str_list_copy(pserviceDest, + *discard_const_p(const char **, src_ptr)); + break; + default: + break; + } + } + + if (bcopyall) { + init_copymap(pserviceDest); + if (pserviceSource->copymap) + bitmap_copy(pserviceDest->copymap, + pserviceSource->copymap); + } + + for (data = pserviceSource->param_opt; data != NULL; data = data->next) { + set_param_opt(pserviceDest, &pserviceDest->param_opt, + data->key, data->value, data->priority); + } +} + +/** + * Check a service for consistency. Return False if the service is in any way + * incomplete or faulty, else True. + */ +bool lpcfg_service_ok(struct loadparm_service *service) +{ + bool bRetval; + + bRetval = true; + if (service->szService[0] == '\0') { + DEBUG(0, ("The following message indicates an internal error:\n")); + DEBUG(0, ("No service name in service entry.\n")); + bRetval = false; + } + + /* The [printers] entry MUST be printable. I'm all for flexibility, but */ + /* I can't see why you'd want a non-printable printer service... */ + if (strwicmp(service->szService, PRINTERS_NAME) == 0) { + if (!service->printable) { + DEBUG(0, ("WARNING: [%s] service MUST be printable!\n", + service->szService)); + service->printable = true; + } + /* [printers] service must also be non-browsable. */ + if (service->browseable) + service->browseable = false; + } + + if (service->path[0] == '\0' && + strwicmp(service->szService, HOMES_NAME) != 0 && + service->msdfs_proxy[0] == '\0') + { + DEBUG(0, ("WARNING: No path in service %s - making it unavailable!\n", + service->szService)); + service->available = false; + } + + if (!service->available) + DEBUG(1, ("NOTE: Service %s is flagged unavailable.\n", + service->szService)); + + return bRetval; +} + + +/******************************************************************* + Keep a linked list of all config files so we know when one has changed + it's date and needs to be reloaded. +********************************************************************/ + +void add_to_file_list(TALLOC_CTX *mem_ctx, struct file_lists **list, + const char *fname, const char *subfname) +{ + struct file_lists *f = *list; + + while (f) { + if (f->name && !strcmp(f->name, fname)) + break; + f = f->next; + } + + if (!f) { + f = talloc_zero(mem_ctx, struct file_lists); + if (!f) + goto fail; + f->next = *list; + f->name = talloc_strdup(f, fname); + if (!f->name) { + TALLOC_FREE(f); + goto fail; + } + f->subfname = talloc_strdup(f, subfname); + if (!f->subfname) { + TALLOC_FREE(f); + goto fail; + } + *list = f; + } + + /* If file_modtime() fails it leaves f->modtime as zero. */ + (void)file_modtime(subfname, &f->modtime); + return; + +fail: + DEBUG(0, ("Unable to add file to file list: %s\n", fname)); + +} + +/* + * set the value for a P_ENUM + */ +bool lp_set_enum_parm( struct parm_struct *parm, const char *pszParmValue, + int *ptr ) +{ + int i; + + for (i = 0; parm->enum_list[i].name; i++) { + if (strwicmp(pszParmValue, parm->enum_list[i].name) == 0) { + *ptr = parm->enum_list[i].value; + return true; + } + } + DEBUG(0, ("WARNING: Ignoring invalid value '%s' for parameter '%s'\n", + pszParmValue, parm->label)); + return false; +} + + +/*************************************************************************** + Handle the "realm" parameter +***************************************************************************/ + +bool handle_realm(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + char *upper; + char *lower; + + upper = strupper_talloc(lp_ctx, pszParmValue); + if (upper == NULL) { + return false; + } + + lower = strlower_talloc(lp_ctx, pszParmValue); + if (lower == NULL) { + TALLOC_FREE(upper); + return false; + } + + lpcfg_string_set(lp_ctx->globals->ctx, &lp_ctx->globals->realm, upper); + lpcfg_string_set(lp_ctx->globals->ctx, &lp_ctx->globals->dnsdomain, lower); + + return true; +} + +/*************************************************************************** + Handle the include operation. +***************************************************************************/ + +bool handle_include(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + char *fname; + const char *substitution_variable_substring; + char next_char; + + if (lp_ctx->s3_fns) { + return lp_ctx->s3_fns->lp_include(lp_ctx, service, pszParmValue, ptr); + } + + fname = standard_sub_basic(lp_ctx, pszParmValue); + + add_to_file_list(lp_ctx, &lp_ctx->file_lists, pszParmValue, fname); + + lpcfg_string_set(lp_ctx, ptr, fname); + + if (file_exist(fname)) + return pm_process(fname, do_section, lpcfg_do_parameter, lp_ctx); + + /* + * If the file doesn't exist, we check that it isn't due to variable + * substitution + */ + substitution_variable_substring = strchr(fname, '%'); + + if (substitution_variable_substring != NULL) { + next_char = substitution_variable_substring[1]; + if ((next_char >= 'a' && next_char <= 'z') + || (next_char >= 'A' && next_char <= 'Z')) { + DEBUG(2, ("Tried to load %s but variable substitution in " + "filename, ignoring file.\n", fname)); + return true; + } + } + + DEBUG(2, ("Can't find include file %s\n", fname)); + + return false; +} + +/*************************************************************************** + Handle the interpretation of the copy parameter. +***************************************************************************/ + +bool handle_copy(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + bool bRetval; + struct loadparm_service *serviceTemp = NULL; + + bRetval = false; + + DEBUG(3, ("Copying service from service %s\n", pszParmValue)); + + serviceTemp = lpcfg_getservicebyname(lp_ctx, pszParmValue); + + if (service == NULL) { + DEBUG(0, ("Unable to copy service - invalid service destination.\n")); + return false; + } + + if (serviceTemp != NULL) { + if (serviceTemp == service) { + DEBUG(0, ("Can't copy service %s - unable to copy self!\n", pszParmValue)); + } else { + copy_service(service, + serviceTemp, + service->copymap); + lpcfg_string_set(service, ptr, pszParmValue); + + bRetval = true; + } + } else { + DEBUG(0, ("Unable to copy service - source not found: %s\n", + pszParmValue)); + bRetval = false; + } + + return bRetval; +} + +bool handle_debug_list(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + lpcfg_string_set(lp_ctx->globals->ctx, ptr, pszParmValue); + + return debug_parse_levels(pszParmValue); +} + +bool handle_logfile(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + if (lp_ctx->s3_fns == NULL) { + debug_set_logfile(pszParmValue); + } + + lpcfg_string_set(lp_ctx->globals->ctx, ptr, pszParmValue); + + return true; +} + +/* + * These special charset handling methods only run in the source3 code. + */ + +bool handle_charset(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + if (lp_ctx->s3_fns) { + if (*ptr == NULL || strcmp(*ptr, pszParmValue) != 0) { + struct smb_iconv_handle *ret = NULL; + + ret = reinit_iconv_handle(NULL, + lpcfg_dos_charset(lp_ctx), + lpcfg_unix_charset(lp_ctx)); + if (ret == NULL) { + smb_panic("reinit_iconv_handle failed"); + } + } + + } + return lpcfg_string_set(lp_ctx->globals->ctx, ptr, pszParmValue); + +} + +bool handle_dos_charset(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + bool is_utf8 = false; + size_t len = strlen(pszParmValue); + + if (lp_ctx->s3_fns) { + if (len == 4 || len == 5) { + /* Don't use StrCaseCmp here as we don't want to + initialize iconv. */ + if ((toupper_m(pszParmValue[0]) == 'U') && + (toupper_m(pszParmValue[1]) == 'T') && + (toupper_m(pszParmValue[2]) == 'F')) { + if (len == 4) { + if (pszParmValue[3] == '8') { + is_utf8 = true; + } + } else { + if (pszParmValue[3] == '-' && + pszParmValue[4] == '8') { + is_utf8 = true; + } + } + } + } + + if (*ptr == NULL || strcmp(*ptr, pszParmValue) != 0) { + struct smb_iconv_handle *ret = NULL; + if (is_utf8) { + DEBUG(0,("ERROR: invalid DOS charset: 'dos charset' must not " + "be UTF8, using (default value) %s instead.\n", + DEFAULT_DOS_CHARSET)); + pszParmValue = DEFAULT_DOS_CHARSET; + } + ret = reinit_iconv_handle(NULL, + lpcfg_dos_charset(lp_ctx), + lpcfg_unix_charset(lp_ctx)); + if (ret == NULL) { + smb_panic("reinit_iconv_handle failed"); + } + } + } + + return lpcfg_string_set(lp_ctx->globals->ctx, ptr, pszParmValue); +} + +bool handle_printing(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + static int parm_num = -1; + + if (parm_num == -1) { + parm_num = lpcfg_map_parameter("printing"); + } + + if (!lp_set_enum_parm(&parm_table[parm_num], pszParmValue, (int*)ptr)) { + return false; + } + + if (lp_ctx->s3_fns) { + if (service == NULL) { + init_printer_values(lp_ctx, lp_ctx->globals->ctx, lp_ctx->sDefault); + } else { + init_printer_values(lp_ctx, service, service); + } + } + + return true; +} + +bool handle_ldap_debug_level(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + lp_ctx->globals->ldap_debug_level = lp_int(pszParmValue); + + if (lp_ctx->s3_fns) { + lp_ctx->s3_fns->init_ldap_debugging(); + } + return true; +} + +/* + * idmap related parameters + */ + +bool handle_idmap_backend(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + if (lp_ctx->s3_fns) { + lp_do_parameter_parametric(lp_ctx, service, "idmap config * : backend", + pszParmValue, 0); + } + + return lpcfg_string_set(lp_ctx->globals->ctx, ptr, pszParmValue); +} + +bool handle_idmap_uid(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + if (lp_ctx->s3_fns) { + lp_do_parameter_parametric(lp_ctx, service, "idmap config * : range", + pszParmValue, 0); + } + + return lpcfg_string_set(lp_ctx->globals->ctx, ptr, pszParmValue); +} + +bool handle_idmap_gid(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + if (lp_ctx->s3_fns) { + lp_do_parameter_parametric(lp_ctx, service, "idmap config * : range", + pszParmValue, 0); + } + + return lpcfg_string_set(lp_ctx->globals->ctx, ptr, pszParmValue); +} + +bool handle_smb_ports(struct loadparm_context *lp_ctx, struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + static int parm_num = -1; + int i; + const char **list; + + if (!pszParmValue || !*pszParmValue) { + return false; + } + + if (parm_num == -1) { + parm_num = lpcfg_map_parameter("smb ports"); + if (parm_num == -1) { + return false; + } + } + + if (!set_variable_helper(lp_ctx->globals->ctx, parm_num, ptr, "smb ports", + pszParmValue)) { + return false; + } + + list = lp_ctx->globals->smb_ports; + if (list == NULL) { + return false; + } + + /* Check that each port is a valid integer and within range */ + for (i = 0; list[i] != NULL; i++) { + char *end = NULL; + int port = 0; + port = strtol(list[i], &end, 10); + if (*end != '\0' || port <= 0 || port > 65535) { + TALLOC_FREE(list); + return false; + } + } + + return true; +} + +bool handle_rpc_server_dynamic_port_range(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *pszParmValue, + char **ptr) +{ + static int parm_num = -1; + int low_port = -1, high_port = -1; + int rc; + + if (parm_num == -1) { + parm_num = lpcfg_map_parameter("rpc server dynamic port range"); + if (parm_num == -1) { + return false; + } + } + + if (pszParmValue == NULL || pszParmValue[0] == '\0') { + return false; + } + + rc = sscanf(pszParmValue, "%d - %d", &low_port, &high_port); + if (rc != 2) { + return false; + } + + if (low_port > high_port) { + return false; + } + + if (low_port < SERVER_TCP_PORT_MIN|| high_port > SERVER_TCP_PORT_MAX) { + return false; + } + + if (!set_variable_helper(lp_ctx->globals->ctx, parm_num, ptr, + "rpc server dynamic port range", + pszParmValue)) { + return false; + } + + lp_ctx->globals->rpc_low_port = low_port; + lp_ctx->globals->rpc_high_port = high_port; + + return true; +} + +bool handle_smb2_max_credits(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + int value = lp_int(pszParmValue); + + if (value <= 0) { + value = DEFAULT_SMB2_MAX_CREDITS; + } + + *(int *)ptr = value; + + return true; +} + +bool handle_cups_encrypt(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + int result = 0; +#ifdef HAVE_HTTPCONNECTENCRYPT + int value = lp_int(pszParmValue); + + switch (value) { + case Auto: + result = HTTP_ENCRYPT_REQUIRED; + break; + case true: + result = HTTP_ENCRYPT_ALWAYS; + break; + case false: + result = HTTP_ENCRYPT_NEVER; + break; + default: + result = 0; + break; + } +#endif + *(int *)ptr = result; + + return true; +} + +/*************************************************************************** + Initialise a copymap. +***************************************************************************/ + +/** + * Initializes service copymap + * Note: pservice *must* be valid TALLOC_CTX + */ +void init_copymap(struct loadparm_service *pservice) +{ + int i; + + TALLOC_FREE(pservice->copymap); + + pservice->copymap = bitmap_talloc(pservice, num_parameters()); + if (!pservice->copymap) { + DEBUG(0, + ("Couldn't allocate copymap!! (size %d)\n", + (int)num_parameters())); + } else { + for (i = 0; i < num_parameters(); i++) { + bitmap_set(pservice->copymap, i); + } + } +} + +/** + * Process a parametric option + */ +static bool lp_do_parameter_parametric(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *pszParmName, + const char *pszParmValue, int flags) +{ + struct parmlist_entry **data; + char *name; + TALLOC_CTX *mem_ctx; + + while (isspace((unsigned char)*pszParmName)) { + pszParmName++; + } + + name = strlower_talloc(lp_ctx, pszParmName); + if (!name) return false; + + if (service == NULL) { + data = &lp_ctx->globals->param_opt; + /** + * s3 code cannot deal with parametric options stored on the globals ctx. + */ + if (lp_ctx->s3_fns != NULL) { + mem_ctx = NULL; + } else { + mem_ctx = lp_ctx->globals->ctx; + } + } else { + data = &service->param_opt; + mem_ctx = service; + } + + set_param_opt(mem_ctx, data, name, pszParmValue, flags); + + talloc_free(name); + + return true; +} + +static bool set_variable_helper(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr, + const char *pszParmName, const char *pszParmValue) +{ + size_t i; + + /* switch on the type of variable it is */ + switch (parm_table[parmnum].type) + { + case P_BOOL: { + bool b; + if (!set_boolean(pszParmValue, &b)) { + DEBUG(0, ("set_variable_helper(%s): value is not " + "boolean!\n", pszParmValue)); + return false; + } + *(bool *)parm_ptr = b; + } + break; + + case P_BOOLREV: { + bool b; + if (!set_boolean(pszParmValue, &b)) { + DEBUG(0, ("set_variable_helper(%s): value is not " + "boolean!\n", pszParmValue)); + return false; + } + *(bool *)parm_ptr = !b; + } + break; + + case P_INTEGER: + *(int *)parm_ptr = lp_int(pszParmValue); + break; + + case P_CHAR: + *(char *)parm_ptr = *pszParmValue; + break; + + case P_OCTAL: + i = sscanf(pszParmValue, "%o", (int *)parm_ptr); + if ( i != 1 ) { + DEBUG ( 0, ("Invalid octal number %s\n", pszParmName )); + return false; + } + break; + + case P_BYTES: + { + uint64_t val; + if (conv_str_size_error(pszParmValue, &val)) { + if (val <= INT_MAX) { + *(int *)parm_ptr = (int)val; + break; + } + } + + DEBUG(0, ("set_variable_helper(%s): value is not " + "a valid size specifier!\n", pszParmValue)); + return false; + } + + case P_CMDLIST: + TALLOC_FREE(*(char ***)parm_ptr); + *(char ***)parm_ptr = str_list_make_v3(mem_ctx, + pszParmValue, NULL); + break; + + case P_LIST: + { + char **new_list = str_list_make_v3(mem_ctx, + pszParmValue, NULL); + if (new_list == NULL) { + break; + } + + for (i=0; new_list[i]; i++) { + if (*(const char ***)parm_ptr != NULL && + new_list[i][0] == '+' && + new_list[i][1]) + { + if (!str_list_check(*(const char ***)parm_ptr, + &new_list[i][1])) { + *(const char ***)parm_ptr = str_list_add(*(const char ***)parm_ptr, + &new_list[i][1]); + } + } else if (*(const char ***)parm_ptr != NULL && + new_list[i][0] == '-' && + new_list[i][1]) + { + str_list_remove(*(const char ***)parm_ptr, + &new_list[i][1]); + } else { + if (i != 0) { + DEBUG(0, ("Unsupported list syntax for: %s = %s\n", + pszParmName, pszParmValue)); + return false; + } + *(char ***)parm_ptr = new_list; + break; + } + } + break; + } + + case P_STRING: + lpcfg_string_set(mem_ctx, (char **)parm_ptr, pszParmValue); + break; + + case P_USTRING: + lpcfg_string_set_upper(mem_ctx, (char **)parm_ptr, pszParmValue); + break; + + case P_ENUM: + if (!lp_set_enum_parm(&parm_table[parmnum], pszParmValue, (int*)parm_ptr)) { + return false; + } + break; + + } + + return true; + +} + +bool handle_name_resolve_order(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + const char **valid_values = NULL; + const char **values_to_set = NULL; + int i; + bool value_is_valid = false; + valid_values = str_list_make_v3_const(NULL, + DEFAULT_NAME_RESOLVE_ORDER, + NULL); + if (valid_values == NULL) { + DBG_ERR("OOM: failed to make string list from %s\n", + DEFAULT_NAME_RESOLVE_ORDER); + goto out; + } + values_to_set = str_list_make_v3_const(lp_ctx->globals->ctx, + pszParmValue, + NULL); + if (values_to_set == NULL) { + DBG_ERR("OOM: failed to make string list from %s\n", + pszParmValue); + goto out; + } + TALLOC_FREE(lp_ctx->globals->name_resolve_order); + for (i = 0; values_to_set[i] != NULL; i++) { + value_is_valid = str_list_check(valid_values, values_to_set[i]); + if (!value_is_valid) { + DBG_ERR("WARNING: Ignoring invalid list value '%s' " + "for parameter 'name resolve order'\n", + values_to_set[i]); + break; + } + } +out: + if (value_is_valid) { + lp_ctx->globals->name_resolve_order = values_to_set; + } else { + TALLOC_FREE(values_to_set); + } + TALLOC_FREE(valid_values); + return value_is_valid; +} + +bool handle_kdc_default_domain_supported_enctypes(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + char **enctype_list = NULL; + char **enctype = NULL; + uint32_t result = 0; + bool ok = true; + + enctype_list = str_list_make(NULL, pszParmValue, NULL); + if (enctype_list == NULL) { + DBG_ERR("OOM: failed to make string list from %s\n", + pszParmValue); + ok = false; + goto out; + } + + for (enctype = enctype_list; *enctype != NULL; ++enctype) { + if (strwicmp(*enctype, "arcfour-hmac-md5") == 0 || + strwicmp(*enctype, "rc4-hmac") == 0) + { + result |= KERB_ENCTYPE_RC4_HMAC_MD5; + } + else if (strwicmp(*enctype, "aes128-cts-hmac-sha1-96") == 0 || + strwicmp(*enctype, "aes128-cts") == 0) + { + result |= KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96; + } + else if (strwicmp(*enctype, "aes256-cts-hmac-sha1-96") == 0 || + strwicmp(*enctype, "aes256-cts") == 0) + { + result |= KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96; + } + else if (strwicmp(*enctype, "aes256-cts-hmac-sha1-96-sk") == 0 || + strwicmp(*enctype, "aes256-cts-sk") == 0) + { + result |= KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK; + } + else { + const char *bitstr = *enctype; + int base; + int error; + unsigned long bit; + + /* See if the bit's specified in hexadecimal. */ + if (bitstr[0] == '0' && + (bitstr[1] == 'x' || bitstr[2] == 'X')) + { + base = 16; + bitstr += 2; + } + else { + base = 10; + } + + bit = smb_strtoul(bitstr, NULL, base, &error, SMB_STR_FULL_STR_CONV); + if (error) { + DBG_ERR("WARNING: Ignoring invalid value '%s' " + "for parameter 'kdc default domain supported enctypes'\n", + *enctype); + ok = false; + } else { + result |= bit; + } + } + } + + *(int *)ptr = result; +out: + TALLOC_FREE(enctype_list); + + return ok; +} + +bool handle_kdc_supported_enctypes(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *pszParmValue, char **ptr) +{ + char **enctype_list = NULL; + char **enctype = NULL; + uint32_t result = 0; + bool ok = true; + + enctype_list = str_list_make(NULL, pszParmValue, NULL); + if (enctype_list == NULL) { + DBG_ERR("OOM: failed to make string list from %s\n", + pszParmValue); + ok = false; + goto out; + } + + for (enctype = enctype_list; *enctype != NULL; ++enctype) { + if (strwicmp(*enctype, "arcfour-hmac-md5") == 0 || + strwicmp(*enctype, "rc4-hmac") == 0) + { + result |= KERB_ENCTYPE_RC4_HMAC_MD5; + } + else if (strwicmp(*enctype, "aes128-cts-hmac-sha1-96") == 0 || + strwicmp(*enctype, "aes128-cts") == 0) + { + result |= KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96; + } + else if (strwicmp(*enctype, "aes256-cts-hmac-sha1-96") == 0 || + strwicmp(*enctype, "aes256-cts") == 0) + { + result |= KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96; + } + else { + const char *bitstr = *enctype; + int base; + int error; + unsigned long bit; + + /* See if the bit's specified in hexadecimal. */ + if (bitstr[0] == '0' && + (bitstr[1] == 'x' || bitstr[2] == 'X')) + { + base = 16; + bitstr += 2; + } + else { + base = 10; + } + + bit = smb_strtoul(bitstr, NULL, base, &error, SMB_STR_FULL_STR_CONV); + if (error) { + DBG_ERR("WARNING: Ignoring invalid value '%s' " + "for parameter 'kdc default domain supported enctypes'\n", + *enctype); + ok = false; + } else { + result |= bit; + } + } + } + + *(int *)ptr = result; +out: + TALLOC_FREE(enctype_list); + + return ok; +} + +static bool set_variable(TALLOC_CTX *mem_ctx, struct loadparm_service *service, + int parmnum, void *parm_ptr, + const char *pszParmName, const char *pszParmValue, + struct loadparm_context *lp_ctx, bool on_globals) +{ + int i; + bool ok; + + /* if it is a special case then go ahead */ + if (parm_table[parmnum].special) { + ok = parm_table[parmnum].special(lp_ctx, service, pszParmValue, + (char **)parm_ptr); + } else { + ok = set_variable_helper(mem_ctx, parmnum, parm_ptr, + pszParmName, pszParmValue); + } + + if (!ok) { + return false; + } + + if (on_globals && (lp_ctx->flags[parmnum] & FLAG_DEFAULT)) { + lp_ctx->flags[parmnum] &= ~FLAG_DEFAULT; + /* we have to also unset FLAG_DEFAULT on aliases */ + for (i=parmnum-1;i>=0 && parm_table[i].offset == parm_table[parmnum].offset;i--) { + lp_ctx->flags[i] &= ~FLAG_DEFAULT; + } + for (i=parmnum+1;i<num_parameters() && parm_table[i].offset == parm_table[parmnum].offset;i++) { + lp_ctx->flags[i] &= ~FLAG_DEFAULT; + } + } + return true; +} + + +bool lpcfg_do_global_parameter(struct loadparm_context *lp_ctx, + const char *pszParmName, const char *pszParmValue) +{ + int parmnum = lpcfg_map_parameter(pszParmName); + void *parm_ptr; + + if (parmnum < 0) { + if (strchr(pszParmName, ':')) { + return lp_do_parameter_parametric(lp_ctx, NULL, pszParmName, pszParmValue, 0); + } + DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName)); + return true; + } + + /* if the flag has been set on the command line, then don't allow override, + but don't report an error */ + if (lp_ctx->flags[parmnum] & FLAG_CMDLINE) { + return true; + } + + if (parm_table[parmnum].flags & FLAG_DEPRECATED) { + char *suppress_env = getenv("SAMBA_DEPRECATED_SUPPRESS"); + bool print_warning = (suppress_env == NULL + || suppress_env[0] == '\0'); + if (print_warning) { + DBG_WARNING("WARNING: The \"%s\" option " + "is deprecated\n", + pszParmName); + + } + } + + parm_ptr = lpcfg_parm_ptr(lp_ctx, NULL, &parm_table[parmnum]); + + return set_variable(lp_ctx->globals->ctx, NULL, parmnum, parm_ptr, + pszParmName, pszParmValue, lp_ctx, true); +} + +bool lpcfg_do_service_parameter(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *pszParmName, const char *pszParmValue) +{ + void *parm_ptr; + int i; + int parmnum = lpcfg_map_parameter(pszParmName); + + if (parmnum < 0) { + if (strchr(pszParmName, ':')) { + return lp_do_parameter_parametric(lp_ctx, service, pszParmName, pszParmValue, 0); + } + DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName)); + return true; + } + + /* if the flag has been set on the command line, then don't allow override, + but don't report an error */ + if (lp_ctx->flags[parmnum] & FLAG_CMDLINE) { + return true; + } + + if (parm_table[parmnum].flags & FLAG_DEPRECATED) { + char *suppress_env = getenv("SAMBA_DEPRECATED_SUPPRESS"); + bool print_warning = (suppress_env == NULL + || suppress_env[0] == '\0'); + if (print_warning) { + DBG_WARNING("WARNING: The \"%s\" option " + "is deprecated\n", + pszParmName); + + } + } + + if (parm_table[parmnum].p_class == P_GLOBAL) { + DEBUG(0, + ("Global parameter %s found in service section!\n", + pszParmName)); + return true; + } + parm_ptr = ((char *)service) + parm_table[parmnum].offset; + + if (!service->copymap) + init_copymap(service); + + /* this handles the aliases - set the copymap for other + * entries with the same data pointer */ + for (i = 0; parm_table[i].label; i++) + if (parm_table[i].offset == parm_table[parmnum].offset && + parm_table[i].p_class == parm_table[parmnum].p_class) + bitmap_clear(service->copymap, i); + + return set_variable(service, service, parmnum, parm_ptr, pszParmName, + pszParmValue, lp_ctx, false); +} + +/** + * Process a parameter. + */ + +bool lpcfg_do_parameter(const char *pszParmName, const char *pszParmValue, + void *userdata) +{ + struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata; + + if (lp_ctx->bInGlobalSection) + return lpcfg_do_global_parameter(lp_ctx, pszParmName, + pszParmValue); + else + return lpcfg_do_service_parameter(lp_ctx, lp_ctx->currentService, + pszParmName, pszParmValue); +} + +/* + variable argument do parameter +*/ +bool lpcfg_do_global_parameter_var(struct loadparm_context *lp_ctx, const char *pszParmName, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4); +bool lpcfg_do_global_parameter_var(struct loadparm_context *lp_ctx, + const char *pszParmName, const char *fmt, ...) +{ + char *s; + bool ret; + va_list ap; + + va_start(ap, fmt); + s = talloc_vasprintf(NULL, fmt, ap); + va_end(ap); + ret = lpcfg_do_global_parameter(lp_ctx, pszParmName, s); + talloc_free(s); + return ret; +} + + +/* + set a parameter from the commandline - this is called from command line parameter + parsing code. It sets the parameter then marks the parameter as unable to be modified + by smb.conf processing +*/ +bool lpcfg_set_cmdline(struct loadparm_context *lp_ctx, const char *pszParmName, + const char *pszParmValue) +{ + int parmnum; + int i; + + while (isspace((unsigned char)*pszParmValue)) pszParmValue++; + + parmnum = lpcfg_map_parameter(pszParmName); + + if (parmnum < 0 && strchr(pszParmName, ':')) { + /* set a parametric option */ + bool ok; + ok = lp_do_parameter_parametric(lp_ctx, NULL, pszParmName, + pszParmValue, FLAG_CMDLINE); + if (lp_ctx->s3_fns != NULL) { + if (ok) { + lp_ctx->s3_fns->store_cmdline(pszParmName, pszParmValue); + } + } + return ok; + } + + if (parmnum < 0) { + DEBUG(0,("Unknown option '%s'\n", pszParmName)); + return false; + } + + /* reset the CMDLINE flag in case this has been called before */ + lp_ctx->flags[parmnum] &= ~FLAG_CMDLINE; + + if (!lpcfg_do_global_parameter(lp_ctx, pszParmName, pszParmValue)) { + return false; + } + + lp_ctx->flags[parmnum] |= FLAG_CMDLINE; + + /* we have to also set FLAG_CMDLINE on aliases */ + for (i=parmnum-1; + i>=0 && parm_table[i].p_class == parm_table[parmnum].p_class && + parm_table[i].offset == parm_table[parmnum].offset; + i--) { + lp_ctx->flags[i] |= FLAG_CMDLINE; + } + for (i=parmnum+1; + i<num_parameters() && + parm_table[i].p_class == parm_table[parmnum].p_class && + parm_table[i].offset == parm_table[parmnum].offset; + i++) { + lp_ctx->flags[i] |= FLAG_CMDLINE; + } + + if (lp_ctx->s3_fns != NULL) { + lp_ctx->s3_fns->store_cmdline(pszParmName, pszParmValue); + } + + return true; +} + +/* + set a option from the commandline in 'a=b' format. Use to support --option +*/ +bool lpcfg_set_option(struct loadparm_context *lp_ctx, const char *option) +{ + char *p, *s; + bool ret; + + s = talloc_strdup(NULL, option); + if (!s) { + return false; + } + + p = strchr(s, '='); + if (!p) { + talloc_free(s); + return false; + } + + *p = 0; + + ret = lpcfg_set_cmdline(lp_ctx, s, p+1); + talloc_free(s); + return ret; +} + + +#define BOOLSTR(b) ((b) ? "Yes" : "No") + +/** + * Print a parameter of the specified type. + */ + +void lpcfg_print_parameter(struct parm_struct *p, void *ptr, FILE * f) +{ + /* For the separation of lists values that we print below */ + const char *list_sep = ", "; + int i; + switch (p->type) + { + case P_ENUM: + for (i = 0; p->enum_list[i].name; i++) { + if (*(int *)ptr == p->enum_list[i].value) { + fprintf(f, "%s", + p->enum_list[i].name); + break; + } + } + break; + + case P_BOOL: + fprintf(f, "%s", BOOLSTR(*(bool *)ptr)); + break; + + case P_BOOLREV: + fprintf(f, "%s", BOOLSTR(!*(bool *)ptr)); + break; + + case P_INTEGER: + case P_BYTES: + fprintf(f, "%d", *(int *)ptr); + break; + + case P_CHAR: + fprintf(f, "%c", *(char *)ptr); + break; + + case P_OCTAL: { + int val = *(int *)ptr; + if (val == -1) { + fprintf(f, "-1"); + } else { + fprintf(f, "0%03o", val); + } + break; + } + + case P_CMDLIST: + list_sep = " "; + + FALL_THROUGH; + case P_LIST: + if ((char ***)ptr && *(char ***)ptr) { + char **list = *(char ***)ptr; + for (; *list; list++) { + /* surround strings with whitespace in double quotes */ + if (*(list+1) == NULL) { + /* last item, no extra separator */ + list_sep = ""; + } + if ( strchr_m( *list, ' ' ) ) { + fprintf(f, "\"%s\"%s", *list, list_sep); + } else { + fprintf(f, "%s%s", *list, list_sep); + } + } + } + break; + + case P_STRING: + case P_USTRING: + if (*(char **)ptr) { + fprintf(f, "%s", *(char **)ptr); + } + break; + } +} + +/** + * Check if two parameters are equal. + */ + +static bool lpcfg_equal_parameter(parm_type type, void *ptr1, void *ptr2) +{ + switch (type) { + case P_BOOL: + case P_BOOLREV: + return (*((bool *)ptr1) == *((bool *)ptr2)); + + case P_INTEGER: + case P_ENUM: + case P_OCTAL: + case P_BYTES: + return (*((int *)ptr1) == *((int *)ptr2)); + + case P_CHAR: + return (*((char *)ptr1) == *((char *)ptr2)); + + case P_LIST: + case P_CMDLIST: + return str_list_equal(*(const char ***)ptr1, *(const char ***)ptr2); + + case P_STRING: + case P_USTRING: + { + char *p1 = *(char **)ptr1, *p2 = *(char **)ptr2; + if (p1 && !*p1) + p1 = NULL; + if (p2 && !*p2) + p2 = NULL; + return (p1 == p2 || strequal(p1, p2)); + } + } + return false; +} + +/** + * Process a new section (service). + * + * At this stage all sections are services. + * Later we'll have special sections that permit server parameters to be set. + * Returns True on success, False on failure. + */ + +static bool do_section(const char *pszSectionName, void *userdata) +{ + struct loadparm_context *lp_ctx = (struct loadparm_context *)userdata; + bool bRetval; + bool isglobal; + + if (lp_ctx->s3_fns != NULL) { + return lp_ctx->s3_fns->do_section(pszSectionName, lp_ctx); + } + + isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) || + (strwicmp(pszSectionName, GLOBAL_NAME2) == 0)); + + /* if we've just struck a global section, note the fact. */ + lp_ctx->bInGlobalSection = isglobal; + + /* check for multiple global sections */ + if (lp_ctx->bInGlobalSection) { + DEBUG(4, ("Processing section \"[%s]\"\n", pszSectionName)); + bRetval = true; + goto out; + } + + /* if we have a current service, tidy it up before moving on */ + bRetval = true; + + if (lp_ctx->currentService != NULL) + bRetval = lpcfg_service_ok(lp_ctx->currentService); + + /* if all is still well, move to the next record in the services array */ + if (bRetval) { + /* We put this here to avoid an odd message order if messages are */ + /* issued by the post-processing of a previous section. */ + DEBUG(4, ("Processing section \"[%s]\"\n", pszSectionName)); + + if ((lp_ctx->currentService = lpcfg_add_service(lp_ctx, lp_ctx->sDefault, + pszSectionName)) + == NULL) { + DEBUG(0, ("Failed to add a new service\n")); + bRetval = false; + goto out; + } + } +out: + return bRetval; +} + + +/** + * Determine if a particular base parameter is currently set to the default value. + */ + +static bool is_default(void *base_structure, int i) +{ + void *def_ptr = ((char *)base_structure) + parm_table[i].offset; + switch (parm_table[i].type) { + case P_CMDLIST: + case P_LIST: + return str_list_equal((const char * const *)parm_table[i].def.lvalue, + *(const char * const **)def_ptr); + case P_STRING: + case P_USTRING: + return strequal(parm_table[i].def.svalue, + *(char **)def_ptr); + case P_BOOL: + case P_BOOLREV: + return parm_table[i].def.bvalue == + *(bool *)def_ptr; + case P_INTEGER: + case P_CHAR: + case P_OCTAL: + case P_BYTES: + case P_ENUM: + return parm_table[i].def.ivalue == + *(int *)def_ptr; + } + return false; +} + +/** + *Display the contents of the global structure. + */ + +void lpcfg_dump_globals(struct loadparm_context *lp_ctx, FILE *f, + bool show_defaults) +{ + int i; + struct parmlist_entry *data; + + fprintf(f, "# Global parameters\n[global]\n"); + + for (i = 0; parm_table[i].label; i++) { + if (parm_table[i].p_class != P_GLOBAL) { + continue; + } + + if (parm_table[i].flags & FLAG_SYNONYM) { + continue; + } + + if (!show_defaults) { + if (lp_ctx->flags && (lp_ctx->flags[i] & FLAG_DEFAULT)) { + continue; + } + + if (is_default(lp_ctx->globals, i)) { + continue; + } + } + + fprintf(f, "\t%s = ", parm_table[i].label); + lpcfg_print_parameter(&parm_table[i], lpcfg_parm_ptr(lp_ctx, NULL, &parm_table[i]), f); + fprintf(f, "\n"); + } + if (lp_ctx->globals->param_opt != NULL) { + for (data = lp_ctx->globals->param_opt; data; + data = data->next) { + if (!show_defaults && (data->priority & FLAG_DEFAULT)) { + continue; + } + fprintf(f, "\t%s = %s\n", data->key, data->value); + } + } + +} + +/** + * Display the contents of a single services record. + */ + +void lpcfg_dump_a_service(struct loadparm_service * pService, struct loadparm_service *sDefault, FILE * f, + unsigned int *flags, bool show_defaults) +{ + int i; + struct parmlist_entry *data; + + if (pService != sDefault) + fprintf(f, "\n[%s]\n", pService->szService); + + for (i = 0; parm_table[i].label; i++) { + if (parm_table[i].p_class != P_LOCAL) { + continue; + } + + if (parm_table[i].flags & FLAG_SYNONYM) { + continue; + } + + if (*parm_table[i].label == '-') { + continue; + } + + if (pService == sDefault) { + if (!show_defaults) { + if (flags && (flags[i] & FLAG_DEFAULT)) { + continue; + } + + if (is_default(sDefault, i)) { + continue; + } + } + } else { + bool equal; + + equal = lpcfg_equal_parameter(parm_table[i].type, + ((char *)pService) + + parm_table[i].offset, + ((char *)sDefault) + + parm_table[i].offset); + if (equal) { + continue; + } + } + + fprintf(f, "\t%s = ", parm_table[i].label); + lpcfg_print_parameter(&parm_table[i], + ((char *)pService) + parm_table[i].offset, f); + fprintf(f, "\n"); + } + if (pService->param_opt != NULL) { + for (data = pService->param_opt; data; data = data->next) { + if (!show_defaults && (data->priority & FLAG_DEFAULT)) { + continue; + } + fprintf(f, "\t%s = %s\n", data->key, data->value); + } + } +} + +bool lpcfg_dump_a_parameter(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *parm_name, FILE * f) +{ + struct parm_struct *parm; + void *ptr; + char *local_parm_name; + char *parm_opt; + const char *parm_opt_value; + + /* check for parametrical option */ + local_parm_name = talloc_strdup(lp_ctx, parm_name); + if (local_parm_name == NULL) { + return false; + } + + parm_opt = strchr( local_parm_name, ':'); + + if (parm_opt) { + *parm_opt = '\0'; + parm_opt++; + if (strlen(parm_opt)) { + parm_opt_value = lpcfg_parm_string(lp_ctx, service, + local_parm_name, parm_opt); + if (parm_opt_value) { + fprintf(f, "%s\n", parm_opt_value); + TALLOC_FREE(local_parm_name); + return true; + } + } + TALLOC_FREE(local_parm_name); + return false; + } + TALLOC_FREE(local_parm_name); + + /* parameter is not parametric, search the table */ + parm = lpcfg_parm_struct(lp_ctx, parm_name); + if (!parm) { + return false; + } + + if (service != NULL && parm->p_class == P_GLOBAL) { + return false; + } + + ptr = lpcfg_parm_ptr(lp_ctx, service,parm); + + lpcfg_print_parameter(parm, ptr, f); + fprintf(f, "\n"); + return true; +} + +/** + * Auto-load some home services. + */ +static void lpcfg_add_auto_services(struct loadparm_context *lp_ctx, + const char *str) +{ + return; +} + +/*************************************************************************** + Initialise the sDefault parameter structure for the printer values. +***************************************************************************/ + +void init_printer_values(struct loadparm_context *lp_ctx, TALLOC_CTX *ctx, + struct loadparm_service *pService) +{ + /* choose defaults depending on the type of printing */ + switch (pService->printing) { + case PRINT_BSD: + case PRINT_AIX: + case PRINT_LPRNT: + case PRINT_LPROS2: + lpcfg_string_set(ctx, &pService->lpq_command, "lpq -P'%p'"); + lpcfg_string_set(ctx, &pService->lprm_command, "lprm -P'%p' %j"); + lpcfg_string_set(ctx, &pService->print_command, "lpr -r -P'%p' %s"); + break; + + case PRINT_LPRNG: + case PRINT_PLP: + lpcfg_string_set(ctx, &pService->lpq_command, "lpq -P'%p'"); + lpcfg_string_set(ctx, &pService->lprm_command, "lprm -P'%p' %j"); + lpcfg_string_set(ctx, &pService->print_command, "lpr -r -P'%p' %s"); + lpcfg_string_set(ctx, &pService->queuepause_command, "lpc stop '%p'"); + lpcfg_string_set(ctx, &pService->queueresume_command, "lpc start '%p'"); + lpcfg_string_set(ctx, &pService->lppause_command, "lpc hold '%p' %j"); + lpcfg_string_set(ctx, &pService->lpresume_command, "lpc release '%p' %j"); + break; + + case PRINT_CUPS: + case PRINT_IPRINT: + /* set the lpq command to contain the destination printer + name only. This is used by cups_queue_get() */ + lpcfg_string_set(ctx, &pService->lpq_command, "%p"); + lpcfg_string_set(ctx, &pService->lprm_command, ""); + lpcfg_string_set(ctx, &pService->print_command, ""); + lpcfg_string_set(ctx, &pService->lppause_command, ""); + lpcfg_string_set(ctx, &pService->lpresume_command, ""); + lpcfg_string_set(ctx, &pService->queuepause_command, ""); + lpcfg_string_set(ctx, &pService->queueresume_command, ""); + break; + + case PRINT_SYSV: + case PRINT_HPUX: + lpcfg_string_set(ctx, &pService->lpq_command, "lpstat -o%p"); + lpcfg_string_set(ctx, &pService->lprm_command, "cancel %p-%j"); + lpcfg_string_set(ctx, &pService->print_command, "lp -c -d%p %s; rm %s"); + lpcfg_string_set(ctx, &pService->queuepause_command, "disable %p"); + lpcfg_string_set(ctx, &pService->queueresume_command, "enable %p"); +#ifndef HPUX + lpcfg_string_set(ctx, &pService->lppause_command, "lp -i %p-%j -H hold"); + lpcfg_string_set(ctx, &pService->lpresume_command, "lp -i %p-%j -H resume"); +#endif /* HPUX */ + break; + + case PRINT_QNX: + lpcfg_string_set(ctx, &pService->lpq_command, "lpq -P%p"); + lpcfg_string_set(ctx, &pService->lprm_command, "lprm -P%p %j"); + lpcfg_string_set(ctx, &pService->print_command, "lp -r -P%p %s"); + break; + +#if defined(DEVELOPER) || defined(ENABLE_SELFTEST) + + case PRINT_TEST: + case PRINT_VLP: { + const char *tdbfile; + TALLOC_CTX *tmp_ctx = talloc_new(ctx); + const char *tmp; + + tmp = lpcfg_parm_string(lp_ctx, NULL, "vlp", "tdbfile"); + if (tmp == NULL) { + tmp = "/tmp/vlp.tdb"; + } + + tdbfile = talloc_asprintf(tmp_ctx, "tdbfile=%s", tmp); + if (tdbfile == NULL) { + tdbfile="tdbfile=/tmp/vlp.tdb"; + } + + tmp = talloc_asprintf(tmp_ctx, "vlp %s print %%p %%s", + tdbfile); + lpcfg_string_set(ctx, &pService->print_command, + tmp ? tmp : "vlp print %p %s"); + + tmp = talloc_asprintf(tmp_ctx, "vlp %s lpq %%p", + tdbfile); + lpcfg_string_set(ctx, &pService->lpq_command, + tmp ? tmp : "vlp lpq %p"); + + tmp = talloc_asprintf(tmp_ctx, "vlp %s lprm %%p %%j", + tdbfile); + lpcfg_string_set(ctx, &pService->lprm_command, + tmp ? tmp : "vlp lprm %p %j"); + + tmp = talloc_asprintf(tmp_ctx, "vlp %s lppause %%p %%j", + tdbfile); + lpcfg_string_set(ctx, &pService->lppause_command, + tmp ? tmp : "vlp lppause %p %j"); + + tmp = talloc_asprintf(tmp_ctx, "vlp %s lpresume %%p %%j", + tdbfile); + lpcfg_string_set(ctx, &pService->lpresume_command, + tmp ? tmp : "vlp lpresume %p %j"); + + tmp = talloc_asprintf(tmp_ctx, "vlp %s queuepause %%p", + tdbfile); + lpcfg_string_set(ctx, &pService->queuepause_command, + tmp ? tmp : "vlp queuepause %p"); + + tmp = talloc_asprintf(tmp_ctx, "vlp %s queueresume %%p", + tdbfile); + lpcfg_string_set(ctx, &pService->queueresume_command, + tmp ? tmp : "vlp queueresume %p"); + TALLOC_FREE(tmp_ctx); + + break; + } +#endif /* DEVELOPER */ + + } +} + + +static int lpcfg_destructor(struct loadparm_context *lp_ctx) +{ + struct parmlist_entry *data; + + if (lp_ctx->refuse_free) { + /* someone is trying to free the + global_loadparm_context. + We can't allow that. */ + return -1; + } + + if (lp_ctx->globals->param_opt != NULL) { + struct parmlist_entry *next; + for (data = lp_ctx->globals->param_opt; data; data=next) { + next = data->next; + if (data->priority & FLAG_CMDLINE) continue; + DLIST_REMOVE(lp_ctx->globals->param_opt, data); + talloc_free(data); + } + } + + return 0; +} + +/** + * Initialise the global parameter structure. + * + * Note that most callers should use loadparm_init_global() instead + */ +struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) +{ + int i; + char *myname; + struct loadparm_context *lp_ctx; + struct parmlist_entry *parm; + char *logfile; + + lp_ctx = talloc_zero(mem_ctx, struct loadparm_context); + if (lp_ctx == NULL) + return NULL; + + talloc_set_destructor(lp_ctx, lpcfg_destructor); + lp_ctx->bInGlobalSection = true; + lp_ctx->globals = talloc_zero(lp_ctx, struct loadparm_global); + /* This appears odd, but globals in s3 isn't a pointer */ + lp_ctx->globals->ctx = lp_ctx->globals; + lp_ctx->globals->rpc_low_port = SERVER_TCP_LOW_PORT; + lp_ctx->globals->rpc_high_port = SERVER_TCP_HIGH_PORT; + lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_UNKNOWN; + lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service); + lp_ctx->flags = talloc_zero_array(lp_ctx, unsigned int, num_parameters()); + + lp_ctx->sDefault->max_print_jobs = 1000; + lp_ctx->sDefault->available = true; + lp_ctx->sDefault->browseable = true; + lp_ctx->sDefault->read_only = true; + lp_ctx->sDefault->map_archive = true; + lp_ctx->sDefault->strict_locking = true; + lp_ctx->sDefault->oplocks = true; + lp_ctx->sDefault->create_mask = 0744; + lp_ctx->sDefault->force_create_mode = 0000; + lp_ctx->sDefault->directory_mask = 0755; + lp_ctx->sDefault->force_directory_mode = 0000; + lp_ctx->sDefault->aio_read_size = 1; + lp_ctx->sDefault->aio_write_size = 1; + lp_ctx->sDefault->smbd_search_ask_sharemode = true; + lp_ctx->sDefault->smbd_getinfo_ask_sharemode = true; + lp_ctx->sDefault->volume_serial_number = -1; + + DEBUG(3, ("Initialising global parameters\n")); + + for (i = 0; parm_table[i].label; i++) { + if ((parm_table[i].type == P_STRING || + parm_table[i].type == P_USTRING) && + !(lp_ctx->flags[i] & FLAG_CMDLINE)) { + TALLOC_CTX *parent_mem; + char **r; + if (parm_table[i].p_class == P_LOCAL) { + parent_mem = lp_ctx->sDefault; + r = (char **)(((char *)lp_ctx->sDefault) + parm_table[i].offset); + } else { + parent_mem = lp_ctx->globals; + r = (char **)(((char *)lp_ctx->globals) + parm_table[i].offset); + } + lpcfg_string_set(parent_mem, r, ""); + } + } + + logfile = talloc_asprintf(lp_ctx, "%s/log.samba", dyn_LOGFILEBASE); + lpcfg_do_global_parameter(lp_ctx, "log file", logfile); + talloc_free(logfile); + + lpcfg_do_global_parameter(lp_ctx, "log level", "0"); + + lpcfg_do_global_parameter(lp_ctx, "syslog", "1"); + lpcfg_do_global_parameter(lp_ctx, "syslog only", "No"); + lpcfg_do_global_parameter(lp_ctx, "debug timestamp", "Yes"); + lpcfg_do_global_parameter(lp_ctx, "debug prefix timestamp", "No"); + lpcfg_do_global_parameter(lp_ctx, "debug hires timestamp", "Yes"); + lpcfg_do_global_parameter(lp_ctx, "debug syslog format", "No"); + lpcfg_do_global_parameter(lp_ctx, "debug pid", "No"); + lpcfg_do_global_parameter(lp_ctx, "debug uid", "No"); + lpcfg_do_global_parameter(lp_ctx, "debug class", "No"); + + lpcfg_do_global_parameter(lp_ctx, "server role", "auto"); + lpcfg_do_global_parameter(lp_ctx, "domain logons", "No"); + lpcfg_do_global_parameter(lp_ctx, "domain master", "Auto"); + + /* options that can be set on the command line must be initialised via + the slower lpcfg_do_global_parameter() to ensure that FLAG_CMDLINE is obeyed */ +#ifdef TCP_NODELAY + lpcfg_do_global_parameter(lp_ctx, "socket options", "TCP_NODELAY"); +#endif + lpcfg_do_global_parameter(lp_ctx, "workgroup", DEFAULT_WORKGROUP); + myname = get_myname(lp_ctx); + lpcfg_do_global_parameter(lp_ctx, "netbios name", myname); + talloc_free(myname); + lpcfg_do_global_parameter(lp_ctx, + "name resolve order", + DEFAULT_NAME_RESOLVE_ORDER); + + lpcfg_do_global_parameter(lp_ctx, "fstype", "NTFS"); + + lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default"); + lpcfg_do_global_parameter(lp_ctx, "max connections", "0"); + + lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver"); + lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns"); + lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true"); + /* the winbind method for domain controllers is for both RODC + auth forwarding and for trusted domains */ + lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR); + lpcfg_do_global_parameter(lp_ctx, "binddns dir", dyn_BINDDNS_DIR); + lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb"); + + /* This hive should be dynamically generated by Samba using + data from the sam, but for the moment leave it in a tdb to + keep regedt32 from popping up an annoying dialog. */ + lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_USERS", "hku.ldb"); + + /* using UTF8 by default allows us to support all chars */ + lpcfg_do_global_parameter(lp_ctx, "unix charset", "UTF-8"); + + /* Use codepage 850 as a default for the dos character set */ + lpcfg_do_global_parameter(lp_ctx, "dos charset", "CP850"); + + /* + * Allow the default PASSWD_CHAT to be overridden in local.h. + */ + lpcfg_do_global_parameter(lp_ctx, "passwd chat", DEFAULT_PASSWD_CHAT); + + lpcfg_do_global_parameter(lp_ctx, "pid directory", dyn_PIDDIR); + lpcfg_do_global_parameter(lp_ctx, "lock dir", dyn_LOCKDIR); + lpcfg_do_global_parameter(lp_ctx, "state directory", dyn_STATEDIR); + lpcfg_do_global_parameter(lp_ctx, "cache directory", dyn_CACHEDIR); + lpcfg_do_global_parameter(lp_ctx, "ncalrpc dir", dyn_NCALRPCDIR); + + lpcfg_do_global_parameter(lp_ctx, "nbt client socket address", "0.0.0.0"); + lpcfg_do_global_parameter_var(lp_ctx, "server string", + "Samba %s", SAMBA_VERSION_STRING); + + lpcfg_do_global_parameter(lp_ctx, "password server", "*"); + + lpcfg_do_global_parameter(lp_ctx, "max mux", "50"); + lpcfg_do_global_parameter(lp_ctx, "max xmit", "16644"); + lpcfg_do_global_parameter(lp_ctx, "host msdfs", "true"); + + lpcfg_do_global_parameter(lp_ctx, "LargeReadwrite", "True"); + lpcfg_do_global_parameter(lp_ctx, "server min protocol", "SMB2_02"); + lpcfg_do_global_parameter(lp_ctx, "server max protocol", "SMB3"); + lpcfg_do_global_parameter(lp_ctx, "client min protocol", "SMB2_02"); + lpcfg_do_global_parameter(lp_ctx, "client max protocol", "default"); + lpcfg_do_global_parameter(lp_ctx, "client ipc min protocol", "default"); + lpcfg_do_global_parameter(lp_ctx, "client ipc max protocol", "default"); + lpcfg_do_global_parameter(lp_ctx, "security", "AUTO"); + lpcfg_do_global_parameter(lp_ctx, "EncryptPasswords", "True"); + lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True"); + lpcfg_do_global_parameter(lp_ctx, "WriteRaw", "True"); + lpcfg_do_global_parameter(lp_ctx, "NullPasswords", "False"); + lpcfg_do_global_parameter(lp_ctx, "old password allowed period", "60"); + lpcfg_do_global_parameter(lp_ctx, "ObeyPamRestrictions", "False"); + + lpcfg_do_global_parameter(lp_ctx, "TimeServer", "False"); + lpcfg_do_global_parameter(lp_ctx, "BindInterfacesOnly", "False"); + lpcfg_do_global_parameter(lp_ctx, "Unicode", "True"); + lpcfg_do_global_parameter(lp_ctx, "ClientLanManAuth", "False"); + lpcfg_do_global_parameter(lp_ctx, "ClientNTLMv2Auth", "True"); + lpcfg_do_global_parameter(lp_ctx, "LanmanAuth", "False"); + lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "ntlmv2-only"); + lpcfg_do_global_parameter(lp_ctx, "NT hash store", "always"); + lpcfg_do_global_parameter(lp_ctx, "RawNTLMv2Auth", "False"); + lpcfg_do_global_parameter(lp_ctx, "client use spnego principal", "False"); + + lpcfg_do_global_parameter(lp_ctx, "allow dcerpc auth level connect", "False"); + + lpcfg_do_global_parameter(lp_ctx, "UnixExtensions", "True"); + + lpcfg_do_global_parameter(lp_ctx, "PreferredMaster", "Auto"); + lpcfg_do_global_parameter(lp_ctx, "LocalMaster", "True"); + + lpcfg_do_global_parameter(lp_ctx, "wins support", "False"); + lpcfg_do_global_parameter(lp_ctx, "dns proxy", "True"); + + lpcfg_do_global_parameter(lp_ctx, "winbind separator", "\\"); + lpcfg_do_global_parameter(lp_ctx, "winbind sealed pipes", "True"); + lpcfg_do_global_parameter(lp_ctx, "winbind scan trusted domains", "False"); + lpcfg_do_global_parameter(lp_ctx, "require strong key", "True"); + lpcfg_do_global_parameter(lp_ctx, "reject md5 servers", "True"); + lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR); + lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR); + lpcfg_do_global_parameter_var(lp_ctx, "gpo update command", "%s/samba-gpupdate", dyn_SCRIPTSBINDIR); + lpcfg_do_global_parameter_var(lp_ctx, "apply group policies", "False"); + lpcfg_do_global_parameter_var(lp_ctx, "dns update command", "%s/samba_dnsupdate", dyn_SCRIPTSBINDIR); + lpcfg_do_global_parameter_var(lp_ctx, "spn update command", "%s/samba_spnupdate", dyn_SCRIPTSBINDIR); + lpcfg_do_global_parameter_var(lp_ctx, "samba kcc command", + "%s/samba_kcc", dyn_SCRIPTSBINDIR); +#ifdef MIT_KDC_PATH + lpcfg_do_global_parameter_var(lp_ctx, + "mit kdc command", + MIT_KDC_PATH); +#endif + lpcfg_do_global_parameter(lp_ctx, "template shell", "/bin/false"); + lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%D/%U"); + + lpcfg_do_global_parameter(lp_ctx, "client signing", "default"); + lpcfg_do_global_parameter(lp_ctx, "client ipc signing", "default"); + lpcfg_do_global_parameter(lp_ctx, "server signing", "default"); + + lpcfg_do_global_parameter(lp_ctx, "use mmap", "True"); + + lpcfg_do_global_parameter(lp_ctx, "smb ports", "445 139"); + lpcfg_do_global_parameter_var(lp_ctx, "nbt port", "%d", NBT_NAME_SERVICE_PORT); + lpcfg_do_global_parameter_var(lp_ctx, "dgram port", "%d", NBT_DGRAM_SERVICE_PORT); + lpcfg_do_global_parameter(lp_ctx, "cldap port", "389"); + lpcfg_do_global_parameter(lp_ctx, "krb5 port", "88"); + lpcfg_do_global_parameter(lp_ctx, "kpasswd port", "464"); + lpcfg_do_global_parameter_var(lp_ctx, "dns port", "%d", DNS_SERVICE_PORT); + + lpcfg_do_global_parameter(lp_ctx, "kdc enable fast", "True"); + + lpcfg_do_global_parameter(lp_ctx, "nt status support", "True"); + + lpcfg_do_global_parameter(lp_ctx, "max wins ttl", "518400"); /* 6 days */ + lpcfg_do_global_parameter(lp_ctx, "min wins ttl", "21600"); + + lpcfg_do_global_parameter(lp_ctx, "tls enabled", "True"); + lpcfg_do_global_parameter(lp_ctx, "tls verify peer", "as_strict_as_possible"); + lpcfg_do_global_parameter(lp_ctx, "tls keyfile", "tls/key.pem"); + lpcfg_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem"); + lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem"); + lpcfg_do_global_parameter(lp_ctx, + "tls priority", + "NORMAL:-VERS-SSL3.0"); + + lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g"); + + lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "secure only"); + lpcfg_do_global_parameter(lp_ctx, "dns zone scavenging", "False"); + lpcfg_do_global_parameter(lp_ctx, "dns forwarder", ""); + + lpcfg_do_global_parameter(lp_ctx, "algorithmic rid base", "1000"); + + lpcfg_do_global_parameter(lp_ctx, "enhanced browsing", "True"); + + lpcfg_do_global_parameter(lp_ctx, "winbind nss info", "template"); + + lpcfg_do_global_parameter(lp_ctx, "server schannel", "True"); + lpcfg_do_global_parameter(lp_ctx, "server schannel require seal", "True"); + lpcfg_do_global_parameter(lp_ctx, "reject md5 clients", "True"); + + lpcfg_do_global_parameter(lp_ctx, "short preserve case", "True"); + + lpcfg_do_global_parameter(lp_ctx, "max open files", "16384"); + + lpcfg_do_global_parameter(lp_ctx, "cups connection timeout", "30"); + + lpcfg_do_global_parameter(lp_ctx, "locking", "True"); + + lpcfg_do_global_parameter(lp_ctx, "block size", "1024"); + + lpcfg_do_global_parameter(lp_ctx, "client use spnego", "True"); + + lpcfg_do_global_parameter(lp_ctx, "change notify", "True"); + + lpcfg_do_global_parameter(lp_ctx, "name cache timeout", "660"); + + lpcfg_do_global_parameter(lp_ctx, "defer sharing violations", "True"); + + lpcfg_do_global_parameter(lp_ctx, "ldap replication sleep", "1000"); + + lpcfg_do_global_parameter(lp_ctx, "idmap backend", "tdb"); + + lpcfg_do_global_parameter(lp_ctx, "enable privileges", "True"); + + lpcfg_do_global_parameter_var(lp_ctx, "smb2 max write", "%u", DEFAULT_SMB2_MAX_WRITE); + + lpcfg_do_global_parameter(lp_ctx, "passdb backend", "tdbsam"); + + lpcfg_do_global_parameter(lp_ctx, "deadtime", "10080"); + + lpcfg_do_global_parameter(lp_ctx, "getwd cache", "True"); + + lpcfg_do_global_parameter(lp_ctx, "winbind nested groups", "True"); + + lpcfg_do_global_parameter(lp_ctx, "mangled names", "illegal"); + + lpcfg_do_global_parameter_var(lp_ctx, "smb2 max credits", "%u", DEFAULT_SMB2_MAX_CREDITS); + + lpcfg_do_global_parameter(lp_ctx, "ldap ssl", "start tls"); + + lpcfg_do_global_parameter(lp_ctx, "ldap deref", "auto"); + + lpcfg_do_global_parameter(lp_ctx, "lm interval", "60"); + + lpcfg_do_global_parameter(lp_ctx, "mangling method", "hash2"); + + lpcfg_do_global_parameter(lp_ctx, "hide dot files", "True"); + + lpcfg_do_global_parameter(lp_ctx, "browse list", "True"); + + lpcfg_do_global_parameter(lp_ctx, "passwd chat timeout", "2"); + + lpcfg_do_global_parameter(lp_ctx, "guest account", GUEST_ACCOUNT); + + lpcfg_do_global_parameter(lp_ctx, "client schannel", "True"); + + lpcfg_do_global_parameter(lp_ctx, "smb encrypt", "default"); + + lpcfg_do_global_parameter(lp_ctx, "max log size", "5000"); + + lpcfg_do_global_parameter(lp_ctx, "idmap negative cache time", "120"); + + lpcfg_do_global_parameter(lp_ctx, "ldap follow referral", "auto"); + + lpcfg_do_global_parameter(lp_ctx, "multicast dns register", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "winbind reconnect delay", "30"); + + lpcfg_do_global_parameter(lp_ctx, "winbind request timeout", "60"); + + lpcfg_do_global_parameter(lp_ctx, "nt acl support", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "acl check permissions", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "keepalive", "300"); + + lpcfg_do_global_parameter(lp_ctx, "smbd profiling level", "off"); + + lpcfg_do_global_parameter(lp_ctx, "winbind cache time", "300"); + + lpcfg_do_global_parameter(lp_ctx, "level2 oplocks", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "show add printer wizard", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "ldap page size", "1000"); + + lpcfg_do_global_parameter(lp_ctx, "kernel share modes", "no"); + + lpcfg_do_global_parameter(lp_ctx, "strict locking", "Auto"); + + lpcfg_do_global_parameter(lp_ctx, "strict sync", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "map readonly", "no"); + + lpcfg_do_global_parameter(lp_ctx, "allow trusted domains", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "default devmode", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "os level", "20"); + + lpcfg_do_global_parameter(lp_ctx, "dos filetimes", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "mangling char", "~"); + + lpcfg_do_global_parameter(lp_ctx, "printcap cache time", "750"); + + lpcfg_do_global_parameter(lp_ctx, "create krb5 conf", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "winbind max clients", "200"); + + lpcfg_do_global_parameter(lp_ctx, "acl map full control", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "nt pipe support", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "ldap debug threshold", "10"); + + lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "seal"); + + lpcfg_do_global_parameter(lp_ctx, "mdns name", "netbios"); + + lpcfg_do_global_parameter(lp_ctx, "ldap server require strong auth", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "follow symlinks", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "machine password timeout", "604800"); + + lpcfg_do_global_parameter(lp_ctx, "ldap connection timeout", "2"); + + lpcfg_do_global_parameter(lp_ctx, "winbind expand groups", "0"); + + lpcfg_do_global_parameter(lp_ctx, "stat cache", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "lpq cache time", "30"); + + lpcfg_do_global_parameter_var(lp_ctx, "smb2 max trans", "%u", DEFAULT_SMB2_MAX_TRANSACT); + + lpcfg_do_global_parameter_var(lp_ctx, "smb2 max read", "%u", DEFAULT_SMB2_MAX_READ); + + lpcfg_do_global_parameter(lp_ctx, "durable handles", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "max stat cache size", "512"); + + lpcfg_do_global_parameter(lp_ctx, "ldap passwd sync", "no"); + + lpcfg_do_global_parameter(lp_ctx, "kernel change notify", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "max ttl", "259200"); + + lpcfg_do_global_parameter(lp_ctx, "blocking locks", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "load printers", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "idmap cache time", "604800"); + + lpcfg_do_global_parameter(lp_ctx, "preserve case", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "lm announce", "auto"); + + lpcfg_do_global_parameter(lp_ctx, "afs token lifetime", "604800"); + + lpcfg_do_global_parameter(lp_ctx, "enable core files", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "winbind max domain connections", "1"); + + lpcfg_do_global_parameter(lp_ctx, "case sensitive", "auto"); + + lpcfg_do_global_parameter(lp_ctx, "ldap timeout", "15"); + + lpcfg_do_global_parameter(lp_ctx, "mangle prefix", "1"); + + lpcfg_do_global_parameter(lp_ctx, "posix locking", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "lock spin time", "200"); + + lpcfg_do_global_parameter(lp_ctx, "nmbd bind explicit broadcast", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "init logon delay", "100"); + + lpcfg_do_global_parameter(lp_ctx, "usershare owner only", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "-valid", "yes"); + + lpcfg_do_global_parameter_var(lp_ctx, "usershare path", "%s/usershares", get_dyn_STATEDIR()); + +#ifdef DEVELOPER + lpcfg_do_global_parameter_var(lp_ctx, "panic action", "/bin/sleep 999999999"); +#endif + + lpcfg_do_global_parameter(lp_ctx, "smb passwd file", get_dyn_SMB_PASSWD_FILE()); + + lpcfg_do_global_parameter(lp_ctx, "logon home", "\\\\%N\\%U"); + + lpcfg_do_global_parameter(lp_ctx, "logon path", "\\\\%N\\%U\\profile"); + + lpcfg_do_global_parameter(lp_ctx, "printjob username", "%U"); + + lpcfg_do_global_parameter(lp_ctx, "aio max threads", "100"); + + lpcfg_do_global_parameter(lp_ctx, "smb2 leases", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "server multi channel support", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "kerberos encryption types", "all"); + + lpcfg_do_global_parameter(lp_ctx, + "rpc server dynamic port range", + "49152-65535"); + + lpcfg_do_global_parameter(lp_ctx, "prefork children", "4"); + lpcfg_do_global_parameter(lp_ctx, "prefork backoff increment", "10"); + lpcfg_do_global_parameter(lp_ctx, "prefork maximum backoff", "120"); + + lpcfg_do_global_parameter(lp_ctx, "check parent directory delete on close", "no"); + + lpcfg_do_global_parameter(lp_ctx, "ea support", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "store dos attributes", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "debug encryption", "no"); + + lpcfg_do_global_parameter(lp_ctx, "spotlight backend", "noindex"); + + lpcfg_do_global_parameter( + lp_ctx, "ldap max anonymous request size", "256000"); + lpcfg_do_global_parameter( + lp_ctx, "ldap max authenticated request size", "16777216"); + lpcfg_do_global_parameter( + lp_ctx, "ldap max search request size", "256000"); + + /* Async DNS query timeout in seconds. */ + lpcfg_do_global_parameter(lp_ctx, "async dns timeout", "10"); + + lpcfg_do_global_parameter(lp_ctx, + "client smb encrypt", + "default"); + + lpcfg_do_global_parameter(lp_ctx, + "client use kerberos", + "desired"); + + lpcfg_do_global_parameter(lp_ctx, + "client protection", + "default"); + + lpcfg_do_global_parameter(lp_ctx, + "smbd max xattr size", + "65536"); + + lpcfg_do_global_parameter(lp_ctx, + "acl flag inherited canonicalization", + "yes"); + + lpcfg_do_global_parameter(lp_ctx, + "winbind use krb5 enterprise principals", + "yes"); + + lpcfg_do_global_parameter(lp_ctx, + "client smb3 signing algorithms", + DEFAULT_SMB3_SIGNING_ALGORITHMS); + lpcfg_do_global_parameter(lp_ctx, + "server smb3 signing algorithms", + DEFAULT_SMB3_SIGNING_ALGORITHMS); + + lpcfg_do_global_parameter(lp_ctx, + "client smb3 encryption algorithms", + DEFAULT_SMB3_ENCRYPTION_ALGORITHMS); + lpcfg_do_global_parameter(lp_ctx, + "server smb3 encryption algorithms", + DEFAULT_SMB3_ENCRYPTION_ALGORITHMS); + + lpcfg_do_global_parameter(lp_ctx, + "min domain uid", + "1000"); + + lpcfg_do_global_parameter(lp_ctx, + "rpc start on demand helpers", + "yes"); + + lpcfg_do_global_parameter(lp_ctx, + "ad dc functional level", + "2008_R2"); + + lpcfg_do_global_parameter(lp_ctx, + "acl claims evaluation", + "AD DC only"); + + for (i = 0; parm_table[i].label; i++) { + if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) { + lp_ctx->flags[i] |= FLAG_DEFAULT; + } + } + + for (parm=lp_ctx->globals->param_opt; parm; parm=parm->next) { + if (!(parm->priority & FLAG_CMDLINE)) { + parm->priority |= FLAG_DEFAULT; + } + } + + for (parm=lp_ctx->sDefault->param_opt; parm; parm=parm->next) { + if (!(parm->priority & FLAG_CMDLINE)) { + parm->priority |= FLAG_DEFAULT; + } + } + + return lp_ctx; +} + +/** + * Initialise the global parameter structure. + */ +struct loadparm_context *loadparm_init_global(bool load_default) +{ + if (global_loadparm_context == NULL) { + global_loadparm_context = loadparm_init(NULL); + } + if (global_loadparm_context == NULL) { + return NULL; + } + global_loadparm_context->global = true; + if (load_default && !global_loadparm_context->loaded) { + lpcfg_load_default(global_loadparm_context); + } + global_loadparm_context->refuse_free = true; + return global_loadparm_context; +} + +/** + * @brief Initialise the global parameter structure. + * + * This function initialized the globals if needed. Make sure that + * gfree_loadparm() is called before the application exits. + * + * @param mem_ctx The talloc memory context to allocate lp_ctx on. + * + * @param s3_fns The loadparm helper functions to use + * + * @return An initialized lp_ctx pointer or NULL on error. + */ +struct loadparm_context *loadparm_init_s3(TALLOC_CTX *mem_ctx, + const struct loadparm_s3_helpers *s3_fns) +{ + struct loadparm_context *loadparm_context = talloc_zero(mem_ctx, struct loadparm_context); + if (!loadparm_context) { + return NULL; + } + loadparm_context->s3_fns = s3_fns; + loadparm_context->globals = s3_fns->globals; + loadparm_context->flags = s3_fns->flags; + + /* Make sure globals are correctly initialized */ + loadparm_context->s3_fns->init_globals(loadparm_context, false); + + return loadparm_context; +} + +const char *lpcfg_configfile(struct loadparm_context *lp_ctx) +{ + return lp_ctx->szConfigFile; +} + +const char *lp_default_path(void) +{ + if (getenv("SMB_CONF_PATH")) + return getenv("SMB_CONF_PATH"); + else + return dyn_CONFIGFILE; +} + +/** + * Update the internal state of a loadparm context after settings + * have changed. + */ +static bool lpcfg_update(struct loadparm_context *lp_ctx) +{ + struct debug_settings settings; + int max_protocol, min_protocol; + TALLOC_CTX *tmp_ctx; + const struct loadparm_substitution *lp_sub = + lpcfg_noop_substitution(); + + tmp_ctx = talloc_new(lp_ctx); + if (tmp_ctx == NULL) { + return false; + } + + lpcfg_add_auto_services(lp_ctx, lpcfg_auto_services(lp_ctx, lp_sub, tmp_ctx)); + + if (!lp_ctx->globals->wins_server_list && lp_ctx->globals->we_are_a_wins_server) { + lpcfg_do_global_parameter(lp_ctx, "wins server", "127.0.0.1"); + } + + if (!lp_ctx->global) { + TALLOC_FREE(tmp_ctx); + return true; + } + + panic_action = lp_ctx->globals->panic_action; + + reload_charcnv(lp_ctx); + + ZERO_STRUCT(settings); + /* Add any more debug-related smb.conf parameters created in + * future here */ + settings.timestamp_logs = lp_ctx->globals->timestamp_logs; + settings.debug_prefix_timestamp = lp_ctx->globals->debug_prefix_timestamp; + settings.debug_hires_timestamp = lp_ctx->globals->debug_hires_timestamp; + settings.debug_syslog_format = lp_ctx->globals->debug_syslog_format; + settings.debug_pid = lp_ctx->globals->debug_pid; + settings.debug_uid = lp_ctx->globals->debug_uid; + settings.debug_class = lp_ctx->globals->debug_class; + settings.max_log_size = lp_ctx->globals->max_log_size; + debug_set_settings(&settings, lp_ctx->globals->logging, + lp_ctx->globals->syslog, + lp_ctx->globals->syslog_only); + + /* FIXME: This is a bit of a hack, but we can't use a global, since + * not everything that uses lp also uses the socket library */ + if (lpcfg_parm_bool(lp_ctx, NULL, "socket", "testnonblock", false)) { + setenv("SOCKET_TESTNONBLOCK", "1", 1); + } else { + unsetenv("SOCKET_TESTNONBLOCK"); + } + + /* Check if command line max protocol < min protocol, if so + * report a warning to the user. + */ + max_protocol = lpcfg_client_max_protocol(lp_ctx); + min_protocol = lpcfg_client_min_protocol(lp_ctx); + if (lpcfg_client_max_protocol(lp_ctx) < lpcfg_client_min_protocol(lp_ctx)) { + const char *max_protocolp, *min_protocolp; + max_protocolp = lpcfg_get_smb_protocol(max_protocol); + min_protocolp = lpcfg_get_smb_protocol(min_protocol); + DBG_ERR("Max protocol %s is less than min protocol %s.\n", + max_protocolp, min_protocolp); + } + + TALLOC_FREE(tmp_ctx); + return true; +} + +bool lpcfg_load_default(struct loadparm_context *lp_ctx) +{ + const char *path; + + path = lp_default_path(); + + if (!file_exist(path)) { + /* We allow the default smb.conf file to not exist, + * basically the equivalent of an empty file. */ + return lpcfg_update(lp_ctx); + } + + return lpcfg_load(lp_ctx, path); +} + +/** + * Load the services array from the services file. + * + * Return True on success, False on failure. + */ +static bool lpcfg_load_internal(struct loadparm_context *lp_ctx, + const char *filename, bool set_global) +{ + char *n2; + bool bRetval; + + if (lp_ctx->szConfigFile != NULL) { + talloc_free(discard_const_p(char, lp_ctx->szConfigFile)); + lp_ctx->szConfigFile = NULL; + } + + lp_ctx->szConfigFile = talloc_strdup(lp_ctx, filename); + + if (lp_ctx->s3_fns) { + return lp_ctx->s3_fns->load(filename); + } + + lp_ctx->bInGlobalSection = true; + n2 = standard_sub_basic(lp_ctx, lp_ctx->szConfigFile); + DEBUG(2, ("lpcfg_load: refreshing parameters from %s\n", n2)); + + add_to_file_list(lp_ctx, &lp_ctx->file_lists, lp_ctx->szConfigFile, n2); + + /* We get sections first, so have to start 'behind' to make up */ + lp_ctx->currentService = NULL; + bRetval = pm_process(n2, do_section, lpcfg_do_parameter, lp_ctx); + + /* finish up the last section */ + DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval))); + if (bRetval) + if (lp_ctx->currentService != NULL) + bRetval = lpcfg_service_ok(lp_ctx->currentService); + + bRetval = bRetval && lpcfg_update(lp_ctx); + + /* we do this unconditionally, so that it happens even + for a missing smb.conf */ + reload_charcnv(lp_ctx); + + if (bRetval == true && set_global) { + /* set this up so that any child python tasks will + find the right smb.conf */ + setenv("SMB_CONF_PATH", filename, 1); + + /* set the context used by the lp_*() function + variants */ + global_loadparm_context = lp_ctx; + lp_ctx->loaded = true; + } + + return bRetval; +} + +bool lpcfg_load_no_global(struct loadparm_context *lp_ctx, const char *filename) +{ + return lpcfg_load_internal(lp_ctx, filename, false); +} + +bool lpcfg_load(struct loadparm_context *lp_ctx, const char *filename) +{ + return lpcfg_load_internal(lp_ctx, filename, true); +} + +/** + * Return the max number of services. + */ + +int lpcfg_numservices(struct loadparm_context *lp_ctx) +{ + if (lp_ctx->s3_fns) { + return lp_ctx->s3_fns->get_numservices(); + } + + return lp_ctx->iNumServices; +} + +/** + * Display the contents of the services array in human-readable form. + */ + +void lpcfg_dump(struct loadparm_context *lp_ctx, FILE *f, bool show_defaults, + int maxtoprint) +{ + int iService; + + if (lp_ctx->s3_fns) { + lp_ctx->s3_fns->dump(f, show_defaults, maxtoprint); + return; + } + + lpcfg_dump_globals(lp_ctx, f, show_defaults); + + lpcfg_dump_a_service(lp_ctx->sDefault, lp_ctx->sDefault, f, lp_ctx->flags, show_defaults); + + for (iService = 0; iService < maxtoprint; iService++) + lpcfg_dump_one(f, show_defaults, lp_ctx->services[iService], lp_ctx->sDefault); +} + +/** + * Display the contents of one service in human-readable form. + */ +void lpcfg_dump_one(FILE *f, bool show_defaults, struct loadparm_service *service, struct loadparm_service *sDefault) +{ + if (service != NULL) { + if (service->szService[0] == '\0') + return; + lpcfg_dump_a_service(service, sDefault, f, NULL, show_defaults); + } +} + +struct loadparm_service *lpcfg_servicebynum(struct loadparm_context *lp_ctx, + int snum) +{ + if (lp_ctx->s3_fns) { + return lp_ctx->s3_fns->get_servicebynum(snum); + } + + return lp_ctx->services[snum]; +} + +struct loadparm_service *lpcfg_service(struct loadparm_context *lp_ctx, + const char *service_name) +{ + int iService; + char *serviceName; + + if (lp_ctx->s3_fns) { + return lp_ctx->s3_fns->get_service(service_name); + } + + for (iService = lp_ctx->iNumServices - 1; iService >= 0; iService--) { + if (lp_ctx->services[iService] && + lp_ctx->services[iService]->szService) { + /* + * The substitution here is used to support %U is + * service names + */ + serviceName = standard_sub_basic( + lp_ctx->services[iService], + lp_ctx->services[iService]->szService); + if (strequal(serviceName, service_name)) { + talloc_free(serviceName); + return lp_ctx->services[iService]; + } + talloc_free(serviceName); + } + } + + DEBUG(7,("lpcfg_servicenumber: couldn't find %s\n", service_name)); + return NULL; +} + +const char *lpcfg_servicename(const struct loadparm_service *service) +{ + return service ? lpcfg_string((const char *)service->szService) : NULL; +} + +struct smb_iconv_handle *lpcfg_iconv_handle(struct loadparm_context *lp_ctx) +{ + if (lp_ctx == NULL) { + return get_iconv_handle(); + } + return lp_ctx->iconv_handle; +} + +_PUBLIC_ void reload_charcnv(struct loadparm_context *lp_ctx) +{ + if (!lp_ctx->global) { + return; + } + + lp_ctx->iconv_handle = + reinit_iconv_handle(lp_ctx, + lpcfg_dos_charset(lp_ctx), + lpcfg_unix_charset(lp_ctx)); + if (lp_ctx->iconv_handle == NULL) { + smb_panic("reinit_iconv_handle failed"); + } +} + +_PUBLIC_ char *lpcfg_tls_keyfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +{ + return lpcfg_private_path(mem_ctx, lp_ctx, lpcfg__tls_keyfile(lp_ctx)); +} + +_PUBLIC_ char *lpcfg_tls_certfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +{ + return lpcfg_private_path(mem_ctx, lp_ctx, lpcfg__tls_certfile(lp_ctx)); +} + +_PUBLIC_ char *lpcfg_tls_cafile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +{ + return lpcfg_private_path(mem_ctx, lp_ctx, lpcfg__tls_cafile(lp_ctx)); +} + +_PUBLIC_ char *lpcfg_tls_crlfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +{ + return lpcfg_private_path(mem_ctx, lp_ctx, lpcfg__tls_crlfile(lp_ctx)); +} + +_PUBLIC_ char *lpcfg_tls_dhpfile(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +{ + return lpcfg_private_path(mem_ctx, lp_ctx, lpcfg__tls_dhpfile(lp_ctx)); +} + +struct gensec_settings *lpcfg_gensec_settings(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +{ + struct gensec_settings *settings = talloc_zero(mem_ctx, struct gensec_settings); + if (settings == NULL) + return NULL; + SMB_ASSERT(lp_ctx != NULL); + settings->lp_ctx = talloc_reference(settings, lp_ctx); + settings->target_hostname = lpcfg_parm_string(lp_ctx, NULL, "gensec", "target_hostname"); + return settings; +} + +int lpcfg_server_role(struct loadparm_context *lp_ctx) +{ + int domain_master = lpcfg__domain_master(lp_ctx); + + return lp_find_server_role(lpcfg__server_role(lp_ctx), + lpcfg__security(lp_ctx), + lpcfg__domain_logons(lp_ctx), + (domain_master == true) || + (domain_master == Auto)); +} + +int lpcfg_security(struct loadparm_context *lp_ctx) +{ + return lp_find_security(lpcfg__server_role(lp_ctx), + lpcfg__security(lp_ctx)); +} + +int lpcfg_client_max_protocol(struct loadparm_context *lp_ctx) +{ + int client_max_protocol = lpcfg__client_max_protocol(lp_ctx); + if (client_max_protocol == PROTOCOL_DEFAULT) { + return PROTOCOL_LATEST; + } + return client_max_protocol; +} + +int lpcfg_client_ipc_min_protocol(struct loadparm_context *lp_ctx) +{ + int client_ipc_min_protocol = lpcfg__client_ipc_min_protocol(lp_ctx); + if (client_ipc_min_protocol == PROTOCOL_DEFAULT) { + client_ipc_min_protocol = lpcfg_client_min_protocol(lp_ctx); + } + if (client_ipc_min_protocol < PROTOCOL_NT1) { + return PROTOCOL_NT1; + } + return client_ipc_min_protocol; +} + +int lpcfg_client_ipc_max_protocol(struct loadparm_context *lp_ctx) +{ + int client_ipc_max_protocol = lpcfg__client_ipc_max_protocol(lp_ctx); + if (client_ipc_max_protocol == PROTOCOL_DEFAULT) { + return PROTOCOL_LATEST; + } + if (client_ipc_max_protocol < PROTOCOL_NT1) { + return PROTOCOL_NT1; + } + return client_ipc_max_protocol; +} + +int lpcfg_client_ipc_signing(struct loadparm_context *lp_ctx) +{ + int client_ipc_signing = lpcfg__client_ipc_signing(lp_ctx); + if (client_ipc_signing == SMB_SIGNING_DEFAULT) { + return SMB_SIGNING_REQUIRED; + } + return client_ipc_signing; +} + +enum credentials_use_kerberos lpcfg_client_use_kerberos(struct loadparm_context *lp_ctx) +{ + if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) { + return CRED_USE_KERBEROS_REQUIRED; + } + + return lpcfg__client_use_kerberos(lp_ctx); +} + +bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory) +{ + bool allowed = true; + enum smb_signing_setting signing_setting = lpcfg_server_signing(lp_ctx); + + *mandatory = false; + + if (signing_setting == SMB_SIGNING_DEFAULT) { + /* + * If we are a domain controller, SMB signing is + * really important, as it can prevent a number of + * attacks on communications between us and the + * clients + * + * However, it really sucks (no sendfile, CPU + * overhead) performance-wise when used on a + * file server, so disable it by default + * on non-DCs + */ + + if (lpcfg_server_role(lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) { + signing_setting = SMB_SIGNING_REQUIRED; + } else { + signing_setting = SMB_SIGNING_OFF; + } + } + + switch (signing_setting) { + case SMB_SIGNING_REQUIRED: + *mandatory = true; + break; + case SMB_SIGNING_DESIRED: + case SMB_SIGNING_IF_REQUIRED: + break; + case SMB_SIGNING_OFF: + allowed = false; + break; + case SMB_SIGNING_DEFAULT: + case SMB_SIGNING_IPC_DEFAULT: + smb_panic(__location__); + break; + } + + return allowed; +} + +int lpcfg_tdb_hash_size(struct loadparm_context *lp_ctx, const char *name) +{ + const char *base; + + if (name == NULL) { + return 0; + } + + base = strrchr_m(name, '/'); + if (base != NULL) { + base += 1; + } else { + base = name; + } + return lpcfg_parm_int(lp_ctx, NULL, "tdb_hashsize", base, 0); + +} + +int lpcfg_tdb_flags(struct loadparm_context *lp_ctx, int tdb_flags) +{ + if (!lpcfg_use_mmap(lp_ctx)) { + tdb_flags |= TDB_NOMMAP; + } + return tdb_flags; +} + +/* + * Do not allow LanMan auth if unless NTLMv1 is also allowed + * + * This also ensures it is disabled if NTLM is totally disabled + */ +bool lpcfg_lanman_auth(struct loadparm_context *lp_ctx) +{ + enum ntlm_auth_level ntlm_auth_level = lpcfg_ntlm_auth(lp_ctx); + + if (ntlm_auth_level == NTLM_AUTH_ON) { + return lpcfg__lanman_auth(lp_ctx); + } else { + return false; + } +} + +static char *lpcfg_noop_substitution_fn( + TALLOC_CTX *mem_ctx, + const struct loadparm_substitution *lp_sub, + const char *raw_value, + void *private_data) +{ + return talloc_strdup(mem_ctx, raw_value); +} + +static const struct loadparm_substitution global_noop_substitution = { + .substituted_string_fn = lpcfg_noop_substitution_fn, +}; + +const struct loadparm_substitution *lpcfg_noop_substitution(void) +{ + return &global_noop_substitution; +} + +char *lpcfg_substituted_string(TALLOC_CTX *mem_ctx, + const struct loadparm_substitution *lp_sub, + const char *raw_value) +{ + return lp_sub->substituted_string_fn(mem_ctx, + lp_sub, + raw_value, + lp_sub->private_data); +} + +/** + * @brief Parse a string value of a given parameter to its integer enum value. + * + * @param[in] param_name The parameter name (e.g. 'client smb encrypt') + * + * @param[in] param_value The parameter value (e.g. 'required'). + * + * @return The integer value of the enum the param_value matches or INT32_MIN + * on error. + */ +int32_t lpcfg_parse_enum_vals(const char *param_name, + const char *param_value) +{ + struct parm_struct *parm = NULL; + int32_t ret = INT32_MIN; + bool ok; + + parm = lpcfg_parm_struct(NULL, param_name); + if (parm == NULL) { + return INT32_MIN; + } + + ok = lp_set_enum_parm(parm, param_value, &ret); + if (!ok) { + return INT32_MIN; + } + + return ret; +} diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h new file mode 100644 index 0000000..0bf4c17 --- /dev/null +++ b/lib/param/loadparm.h @@ -0,0 +1,344 @@ +/* + Unix SMB/CIFS implementation. + + type definitions for loadparm + + Copyright (C) Karl Auer 1993-1998 + + Largely re-written by Andrew Tridgell, September 1994 + + Copyright (C) Simo Sorce 2001 + Copyright (C) Alexander Bokovoy 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003. + Copyright (C) James Myers 2003 <myersjj@samba.org> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _LOADPARM_H +#define _LOADPARM_H + +#include <talloc.h> + +struct parmlist_entry { + struct parmlist_entry *prev, *next; + char *key; + char *value; + char **list; /* For the source3 parametric options, to save the parsed list */ + int priority; +}; + +struct parmlist { + struct parmlist_entry *entries; +}; + +/* the following are used by loadparm for option lists */ +typedef enum { + P_BOOL,P_BOOLREV,P_CHAR,P_INTEGER,P_OCTAL,P_LIST, + P_STRING,P_USTRING,P_ENUM,P_BYTES,P_CMDLIST +} parm_type; + +typedef enum { + P_LOCAL,P_GLOBAL,P_NONE +} parm_class; + +struct enum_list { + int value; + const char *name; +}; + +struct loadparm_service; +struct loadparm_context { + const char *szConfigFile; + struct loadparm_global *globals; + struct loadparm_service **services; + struct loadparm_service *sDefault; + struct smb_iconv_handle *iconv_handle; + int iNumServices; + struct loadparm_service *currentService; + bool bInGlobalSection; + struct file_lists *file_lists; + unsigned int *flags; + bool loaded; + bool refuse_free; + bool global; /* Is this the global context, which may set + * global variables such as debug level etc? */ + const struct loadparm_s3_helpers *s3_fns; +}; + +struct parm_struct { + const char *label; + parm_type type; + parm_class p_class; + offset_t offset; + bool (*special)(struct loadparm_context *lpcfg_ctx, + struct loadparm_service *, const char *, char **); + const struct enum_list *enum_list; + unsigned flags; + union { + bool bvalue; + int ivalue; + char *svalue; + char cvalue; + char **lvalue; + } def; +}; + +extern struct parm_struct parm_table[]; + +struct file_lists { + struct file_lists *next; + char *name; + char *subfname; + struct timespec modtime; +}; + +#define DEFAULT_NAME_RESOLVE_ORDER "lmhosts wins host bcast" +#define FLAG_DEPRECATED 0x1000 /* options that should no longer be used */ +#define FLAG_SYNONYM 0x2000 /* options that is a synonym of another option */ +#define FLAG_CMDLINE 0x10000 /* option has been overridden */ +#define FLAG_DEFAULT 0x20000 /* this option was a default */ + +/* This defines the section name in the configuration file that will + refer to the special "printers" service */ +#ifndef PRINTERS_NAME +#define PRINTERS_NAME "printers" +#endif + +/* This defines the section name in the configuration file that will + refer to the special "homes" service */ +#ifndef HOMES_NAME +#define HOMES_NAME "homes" +#endif + +/* This defines the section name in the configuration file that will contain */ +/* global parameters - that is, parameters relating to the whole server, not */ +/* just services. This name is then reserved, and may not be used as a */ +/* a service name. It will default to "global" if not defined here. */ +#ifndef GLOBAL_NAME +#define GLOBAL_NAME "global" +#define GLOBAL_NAME2 "globals" +#endif + +/* The default workgroup - usually overridden in smb.conf */ +#ifndef DEFAULT_WORKGROUP +#define DEFAULT_WORKGROUP "WORKGROUP" +#endif + +/* types of configuration backends for loadparm */ +#define CONFIG_BACKEND_FILE 0 +#define CONFIG_BACKEND_REGISTRY 1 + +/* + Do you want session setups at user level security with a invalid + password to be rejected or allowed in as guest? WinNT rejects them + but it can be a pain as it means "net view" needs to use a password + + You have 3 choices in the setting of map_to_guest: + + "NEVER_MAP_TO_GUEST" means session setups with an invalid password + are rejected. This is the default. + + "MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password + are rejected, unless the username does not exist, in which case it + is treated as a guest login + + "MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password + are treated as a guest login + + Note that map_to_guest only has an effect in user or server + level security. +*/ + +#define NEVER_MAP_TO_GUEST 0 +#define MAP_TO_GUEST_ON_BAD_USER 1 +#define MAP_TO_GUEST_ON_BAD_PASSWORD 2 +#define MAP_TO_GUEST_ON_BAD_UID 3 + +/* + * This should be under the HAVE_KRB5 flag but since they're used + * in lp_kerberos_method(), they need to be always available + * If you add any entries to KERBEROS_VERIFY defines, please modify USE.*KEYTAB macros + * so they remain accurate. + */ + +#define KERBEROS_VERIFY_SECRETS 0 +#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1 +#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2 +#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3 + +#define KERBEROS_ETYPES_ALL 0 +#define KERBEROS_ETYPES_STRONG 1 +#define KERBEROS_ETYPES_LEGACY 2 + +/* ACL compatibility */ +enum acl_compatibility {ACL_COMPAT_AUTO, ACL_COMPAT_WINNT, ACL_COMPAT_WIN2K}; + +/* printing types */ +enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX, + PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ, + PRINT_CUPS,PRINT_LPRNT,PRINT_LPROS2,PRINT_IPRINT +#if defined(DEVELOPER) || defined(ENABLE_SELFTEST) +,PRINT_TEST,PRINT_VLP +#endif /* DEVELOPER */ +}; + +#define SERVER_TCP_LOW_PORT 49152 +#define SERVER_TCP_HIGH_PORT 65535 + +#define SERVER_TCP_PORT_MIN 1024 +#define SERVER_TCP_PORT_MAX 65535 + + + +enum ldap_server_require_strong_auth { + LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, + LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS, + LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, +}; + +/* DNS update settings */ +enum dns_update_settings {DNS_UPDATE_OFF, DNS_UPDATE_ON, DNS_UPDATE_SIGNED}; + +/* MDNS name sources */ +enum mdns_name_values {MDNS_NAME_NETBIOS, MDNS_NAME_MDNS}; + +/* LDAP SSL options */ +enum ldap_ssl_types {LDAP_SSL_OFF, LDAP_SSL_START_TLS}; + +/* LDAP PASSWD SYNC methods */ +enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY}; + +/* map readonly options */ +enum mapreadonly_options {MAP_READONLY_NO, MAP_READONLY_YES, MAP_READONLY_PERMISSIONS}; + +/* case handling */ +enum case_handling {CASE_LOWER,CASE_UPPER}; + +/* inherit owner options */ +enum inheritowner_options { + INHERIT_OWNER_NO, + INHERIT_OWNER_WINDOWS_AND_UNIX, + INHERIT_OWNER_UNIX_ONLY +}; + +/* mangled names options */ +enum mangled_names_options {MANGLED_NAMES_NO, MANGLED_NAMES_YES, MANGLED_NAMES_ILLEGAL}; + +/* Spotlight backend options */ +enum spotlight_backend_options { + SPOTLIGHT_BACKEND_NOINDEX, + SPOTLIGHT_BACKEND_TRACKER, + SPOTLIGHT_BACKEND_ES, +}; + +/* FIPS values */ +enum samba_weak_crypto { + SAMBA_WEAK_CRYPTO_UNKNOWN, + SAMBA_WEAK_CRYPTO_ALLOWED, + SAMBA_WEAK_CRYPTO_DISALLOWED, +}; + +/* Controlling the storage of the NT password has on the AD DC */ +enum store_nt_hash { + NT_HASH_STORE_AUTO, + NT_HASH_STORE_NEVER, + NT_HASH_STORE_ALWAYS +}; + +/* Controlling the storage of the NT password has on the AD DC */ +enum acl_claims_evaluation { + ACL_CLAIMS_EVALUATION_AD_DC_ONLY, + ACL_CLAIMS_EVALUATION_NEVER +}; + +/* + * Default passwd chat script. + */ +#ifndef DEFAULT_PASSWD_CHAT +#define DEFAULT_PASSWD_CHAT "*new*password* %n\\n *new*password* %n\\n *changed*" +#endif + +/* Max number of jobs per print queue. */ +#ifndef PRINT_MAX_JOBID +#define PRINT_MAX_JOBID 10000 +#endif + +/* the default guest account - allow override via CFLAGS */ +#ifndef GUEST_ACCOUNT +#define GUEST_ACCOUNT "nobody" +#endif + +/* SMB2 defaults */ +#define DEFAULT_SMB2_MAX_READ (8*1024*1024) +#define DEFAULT_SMB2_MAX_WRITE (8*1024*1024) +#define DEFAULT_SMB2_MAX_TRANSACT (8*1024*1024) +#define DEFAULT_SMB2_MAX_CREDITS 8192 + +#define DEFAULT_SMB3_SIGNING_ALGORITHMS "AES-128-GMAC AES-128-CMAC HMAC-SHA256" +#define DEFAULT_SMB3_ENCRYPTION_ALGORITHMS "AES-128-GCM AES-128-CCM AES-256-GCM AES-256-CCM" + +#define LOADPARM_EXTRA_LOCALS \ + int usershare; \ + struct timespec usershare_last_mod; \ + char *szService; \ + struct parmlist_entry *param_opt; \ + struct bitmap *copymap; \ + char dummy[3]; /* for alignment */ + +#include "lib/param/param_local.h" + +#define LOADPARM_EXTRA_GLOBALS \ + struct parmlist_entry *param_opt; \ + char *dnsdomain; \ + int rpc_low_port; \ + int rpc_high_port; \ + enum samba_weak_crypto weak_crypto; + +const char* server_role_str(uint32_t role); +int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master); +int lp_find_security(int server_role, int security); +bool lp_is_security_and_server_role_valid(int server_role, int security); + +struct loadparm_global * get_globals(void); +unsigned int * get_flags(void); +int getservicebyname(const char *, struct loadparm_service *); +bool lp_include(struct loadparm_context *, struct loadparm_service *, + const char *, char **); +bool lp_do_section(const char *pszSectionName, void *userdata); +bool store_lp_set_cmdline(const char *pszParmName, const char *pszParmValue); + +int num_parameters(void); +int32_t lpcfg_parse_enum_vals(const char *param_name, + const char *param_value); + +struct loadparm_substitution; +#ifdef LOADPARM_SUBSTITUTION_INTERNALS +struct loadparm_substitution { + char *(*substituted_string_fn)( + TALLOC_CTX *mem_ctx, + const struct loadparm_substitution *lp_sub, + const char *raw_value, + void *private_data); + void *private_data; +}; +#endif /* LOADPARM_SUBSTITUTION_INTERNALS */ + +const struct loadparm_substitution *lpcfg_noop_substitution(void); +char *lpcfg_substituted_string(TALLOC_CTX *mem_ctx, + const struct loadparm_substitution *lp_sub, + const char *raw_value); + +#endif /* _LOADPARM_H */ diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c new file mode 100644 index 0000000..a78d1ab --- /dev/null +++ b/lib/param/loadparm_server_role.c @@ -0,0 +1,155 @@ +/* + Unix SMB/CIFS implementation. + Parameter loading functions + Copyright (C) Karl Auer 1993-1998 + + Largely re-written by Andrew Tridgell, September 1994 + + Copyright (C) Simo Sorce 2001 + Copyright (C) Alexander Bokovoy 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 + Copyright (C) Michael Adam 2008 + Copyright (C) Andrew Bartlett 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ +#include "includes.h" +#include "lib/param/loadparm.h" +#include "libds/common/roles.h" + +/******************************************************************* + Set the server type we will announce as via nmbd. +********************************************************************/ + +static const struct srv_role_tab { + uint32_t role; + const char *role_str; +} srv_role_tab [] = { + { ROLE_STANDALONE, "ROLE_STANDALONE" }, + { ROLE_DOMAIN_MEMBER, "ROLE_DOMAIN_MEMBER" }, + { ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" }, + { ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" }, + { ROLE_ACTIVE_DIRECTORY_DC, "ROLE_ACTIVE_DIRECTORY_DC" }, + { ROLE_IPA_DC, "ROLE_IPA_DC"}, + { 0, NULL } +}; + +const char* server_role_str(uint32_t role) +{ + int i = 0; + for (i=0; srv_role_tab[i].role_str; i++) { + if (role == srv_role_tab[i].role) { + return srv_role_tab[i].role_str; + } + } + return NULL; +} + +/** + * Set the server role based on security, domain logons and domain master + */ +int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master) +{ + int role; + + if (server_role != ROLE_AUTO) { + if (lp_is_security_and_server_role_valid(server_role, security)) { + return server_role; + } + } + + /* If server_role is set to ROLE_AUTO, or conflicted with the + * chosen security setting, figure out the correct role */ + role = ROLE_STANDALONE; + + switch (security) { + case SEC_DOMAIN: + case SEC_ADS: + role = ROLE_DOMAIN_MEMBER; + break; + case SEC_AUTO: + case SEC_USER: + if (domain_logons) { + + if (domain_master) { + role = ROLE_DOMAIN_PDC; + } else { + role = ROLE_DOMAIN_BDC; + } + } + break; + default: + DEBUG(0, ("Server's Role undefined due to unknown security mode\n")); + break; + } + + return role; +} + +/** + * Set the server role based on security, domain logons and domain master + */ +int lp_find_security(int server_role, int security) +{ + if (security != SEC_AUTO) { + return security; + } + + switch (server_role) { + case ROLE_DOMAIN_MEMBER: + return SEC_ADS; + default: + return SEC_USER; + } +} + + +/** + * Check if server role and security parameters are contradictory + */ +bool lp_is_security_and_server_role_valid(int server_role, int security) +{ + bool valid = false; + + if (security == SEC_AUTO) { + return true; + } + + switch (server_role) { + case ROLE_AUTO: + valid = true; + break; + case ROLE_DOMAIN_MEMBER: + if (security == SEC_ADS || security == SEC_DOMAIN) { + valid = true; + } + break; + + case ROLE_STANDALONE: + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + case ROLE_ACTIVE_DIRECTORY_DC: + case ROLE_IPA_DC: + if (security == SEC_USER) { + valid = true; + } + break; + + default: + break; + } + + return valid; +} diff --git a/lib/param/param.h b/lib/param/param.h new file mode 100644 index 0000000..aed48c1 --- /dev/null +++ b/lib/param/param.h @@ -0,0 +1,282 @@ +/* + Unix SMB/CIFS implementation. + Generic parameter parsing interface + Copyright (C) Jelmer Vernooij 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _PARAM_H /* _PARAM_H */ +#define _PARAM_H + +#include <talloc.h> + +struct loadparm_s3_helpers; +struct loadparm_substitution; + +struct parmlist_entry; + +struct param_context { + struct param_section *sections; +}; + +struct param_section { + const char *name; + struct param_section *prev, *next; + struct parmlist *parameters; +}; + +struct param_context; +struct smbsrv_connection; + +#define Auto (2) + +struct loadparm_context; +struct loadparm_service; +struct smbcli_options; +struct smbcli_session_options; +struct gensec_settings; +struct bitmap; +struct file_lists; + +#ifdef CONFIG_H_IS_FROM_SAMBA +#include "lib/param/param_proto.h" +#include "lib/param/param_functions.h" +#endif + +const char **lpcfg_interfaces(struct loadparm_context *); +const char *lpcfg_realm(struct loadparm_context *); +const char *lpcfg_netbios_name(struct loadparm_context *); +const char *lpcfg_private_dir(struct loadparm_context *); +const char *lpcfg_binddns_dir(struct loadparm_context *); +int lpcfg_server_role(struct loadparm_context *); +int lpcfg_allow_dns_updates(struct loadparm_context *); + +void reload_charcnv(struct loadparm_context *lp_ctx); + +struct loadparm_service *lpcfg_default_service(struct loadparm_context *lp_ctx); +bool lpcfg_autoloaded(struct loadparm_service *, struct loadparm_service *); + +char *lpcfg_tls_keyfile(TALLOC_CTX *mem_ctx, struct loadparm_context *); +char *lpcfg_tls_certfile(TALLOC_CTX *mem_ctx, struct loadparm_context *); +char *lpcfg_tls_cafile(TALLOC_CTX *mem_ctx, struct loadparm_context *); +char *lpcfg_tls_dhpfile(TALLOC_CTX *mem_ctx, struct loadparm_context *); +char *lpcfg_tls_crlfile(TALLOC_CTX *mem_ctx, struct loadparm_context *); + +const char *lpcfg_dnsdomain(struct loadparm_context *); + +const char *lpcfg_servicename(const struct loadparm_service *service); + + +const char *lpcfg_get_parametric(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *type, const char *option); + +const char *lpcfg_parm_string(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option); +const char **lpcfg_parm_string_list(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *type, + const char *option, const char *separator); +int lpcfg_parm_int(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, int default_v); +int lpcfg_parm_bytes(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, int default_v); +unsigned long lpcfg_parm_ulong(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, unsigned long default_v); +unsigned long long lpcfg_parm_ulonglong(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *type, const char *option, + unsigned long long default_v); +long lpcfg_parm_long(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, long default_v); +double lpcfg_parm_double(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, double default_v); +bool lpcfg_parm_bool(struct loadparm_context *lp_ctx, + struct loadparm_service *service, const char *type, + const char *option, bool default_v); +struct loadparm_service *lpcfg_add_service(struct loadparm_context *lp_ctx, + const struct loadparm_service *pservice, + const char *name); +struct parm_struct *lpcfg_parm_struct(struct loadparm_context *lp_ctx, const char *name); +void *lpcfg_parm_ptr(struct loadparm_context *lp_ctx, + struct loadparm_service *service, struct parm_struct *parm); +bool lpcfg_parm_is_cmdline(struct loadparm_context *lp_ctx, const char *name); +bool lpcfg_parm_is_unspecified(struct loadparm_context *lp_ctx, const char *name); + +bool lpcfg_do_global_parameter(struct loadparm_context *lp_ctx, + const char *pszParmName, const char *pszParmValue); +bool lpcfg_do_service_parameter(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *pszParmName, const char *pszParmValue); + +/** + * Process a parameter. + */ +bool lpcfg_do_global_parameter_var(struct loadparm_context *lp_ctx, + const char *pszParmName, const char *fmt, ...); +bool lpcfg_set_cmdline(struct loadparm_context *lp_ctx, const char *pszParmName, + const char *pszParmValue); +bool lpcfg_set_option(struct loadparm_context *lp_ctx, const char *option); + +/** + * Display the contents of a single services record. + */ +bool lpcfg_dump_a_parameter(struct loadparm_context *lp_ctx, + struct loadparm_service *service, + const char *parm_name, FILE * f); + +/** + * Initialise the global parameter structure. + */ +struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx); +struct loadparm_context *loadparm_init_global(bool load_default); +const char *lpcfg_configfile(struct loadparm_context *lp_ctx); +bool lpcfg_load_default(struct loadparm_context *lp_ctx); +const char *lp_default_path(void); + +/** + * Load the services array from the services file. + * + * Return True on success, False on failure. + */ +bool lpcfg_load(struct loadparm_context *lp_ctx, const char *filename); + +/** + * Return the max number of services. + */ +int lpcfg_numservices(struct loadparm_context *lp_ctx); + +/** + * Display the contents of the services array in human-readable form. + */ +void lpcfg_dump(struct loadparm_context *lp_ctx, FILE *f, bool show_defaults, + int maxtoprint); + +/** + * Display the contents of one service in human-readable form. + */ +void lpcfg_dump_one(FILE *f, bool show_defaults, struct loadparm_service *service, struct loadparm_service *sDefault); +struct loadparm_service *lpcfg_servicebynum(struct loadparm_context *lp_ctx, + int snum); +struct loadparm_service *lpcfg_service(struct loadparm_context *lp_ctx, + const char *service_name); + +struct smb_iconv_handle *lpcfg_iconv_handle(struct loadparm_context *lp_ctx); +void lpcfg_smbcli_options(struct loadparm_context *lp_ctx, + struct smbcli_options *options); +void lpcfg_smbcli_session_options(struct loadparm_context *lp_ctx, + struct smbcli_session_options *options); +const char **lpcfg_smb_ports(struct loadparm_context *); +const char *lpcfg_socket_options(struct loadparm_context *); +struct dcerpc_server_info *lpcfg_dcerpc_server_info(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); +struct gensec_settings *lpcfg_gensec_settings(TALLOC_CTX *, struct loadparm_context *); + +/* The following definitions come from param/util.c */ + + +/** + * @file + * @brief Misc utility functions + */ +bool lpcfg_is_mydomain(struct loadparm_context *lp_ctx, + const char *domain); + +bool lpcfg_is_my_domain_or_realm(struct loadparm_context *lp_ctx, + const char *domain); + +/** + see if a string matches either our primary or one of our secondary + netbios aliases. do a case insensitive match +*/ +bool lpcfg_is_myname(struct loadparm_context *lp_ctx, const char *name); + +/** + A useful function for returning a path in the Samba lock directory. +**/ +char *lpcfg_lock_path(TALLOC_CTX* mem_ctx, struct loadparm_context *lp_ctx, + const char *name); + +/** + * @brief Returns an absolute path to a file in the directory containing the current config file + * + * @param name File to find, relative to the config file directory. + * + * @retval Pointer to a talloc'ed string containing the full path. + **/ +char *lpcfg_config_path(TALLOC_CTX* mem_ctx, struct loadparm_context *lp_ctx, + const char *name); + +/** + * @brief Returns an absolute path to a file in the Samba private directory. + * + * @param name File to find, relative to PRIVATEDIR. + * if name is not relative, then use it as-is + * + * @retval Pointer to a talloc'ed string containing the full path. + **/ +char *lpcfg_private_path(TALLOC_CTX* mem_ctx, + struct loadparm_context *lp_ctx, + const char *name); + +/** + * @brief Returns an absolute path to a NTDB or TDB file in the Samba + * private directory. + * + * @param name File to find, relative to PRIVATEDIR, without .tdb extension. + * + * @retval Pointer to a talloc'ed string containing the full path, for + * use with dbwrap_local_open(). + **/ +char *lpcfg_private_db_path(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + const char *name); + +/** + return a path in the smbd.tmp directory, where all temporary file + for smbd go. If NULL is passed for name then return the directory + path itself +*/ +char *smbd_tmp_path(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + const char *name); + +const char *lpcfg_imessaging_path(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx); +const char *lpcfg_sam_name(struct loadparm_context *lp_ctx); +const char *lpcfg_sam_dnsname(struct loadparm_context *lp_ctx); + +void lpcfg_default_kdc_policy(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + time_t *svc_tkt_lifetime, + time_t *usr_tkt_lifetime, + time_t *renewal_lifetime); + +int lpcfg_rpc_port_low(struct loadparm_context *lp_ctx); +int lpcfg_rpc_port_high(struct loadparm_context *lp_ctx); + +/* The following definitions come from lib/version.c */ + +const char *samba_version_string(void); +const char *samba_copyright_string(void); + + +#endif /* _PARAM_H */ diff --git a/lib/param/param_table.c b/lib/param/param_table.c new file mode 100644 index 0000000..ce59156 --- /dev/null +++ b/lib/param/param_table.c @@ -0,0 +1,463 @@ +/* + Unix SMB/CIFS implementation. + Parameter loading functions + Copyright (C) Karl Auer 1993-1998 + + Largely re-written by Andrew Tridgell, September 1994 + + Copyright (C) Simo Sorce 2001 + Copyright (C) Alexander Bokovoy 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 + Copyright (C) Michael Adam 2008 + Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007 + Copyright (C) Andrew Bartlett 2011 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "lib/param/param.h" +#include "lib/param/loadparm.h" +#include "lib/param/param_global.h" +#include "libcli/auth/ntlm_check.h" +#include "libcli/smb/smb_constants.h" +#include "libds/common/roles.h" +#include "libds/common/flags.h" +#include "source4/lib/tls/tls.h" +#include "auth/credentials/credentials.h" +#include "source3/librpc/gen_ndr/ads.h" + +#ifndef N_ +#define N_(x) x +#endif + +static const struct enum_list enum_protocol[] = { + {PROTOCOL_DEFAULT, "default"}, /* the caller decides what this means */ + {PROTOCOL_SMB2_10, "SMB2"}, /* for now keep PROTOCOL_SMB2_10 */ + {PROTOCOL_SMB3_11, "SMB3"}, /* for now keep PROTOCOL_SMB3_11 */ + {PROTOCOL_SMB3_11, "SMB3_11"}, + {PROTOCOL_SMB3_02, "SMB3_02"}, + {PROTOCOL_SMB3_00, "SMB3_00"}, + {PROTOCOL_SMB2_10, "SMB2_10"}, + {PROTOCOL_SMB2_02, "SMB2_02"}, + {PROTOCOL_NT1, "NT1"}, + {PROTOCOL_LANMAN2, "LANMAN2"}, + {PROTOCOL_LANMAN1, "LANMAN1"}, + {PROTOCOL_CORE, "CORE"}, + {PROTOCOL_COREPLUS, "COREPLUS"}, + {PROTOCOL_COREPLUS, "CORE+"}, + {-1, NULL} +}; + +const char* lpcfg_get_smb_protocol(int type) +{ + int i; + for (i = 1; enum_protocol[i].value != -1; i++) { + if (enum_protocol[i].value == type) { + return enum_protocol[i].name; + } + } + return NULL; +} + +static const struct enum_list enum_security[] = { + {SEC_AUTO, "AUTO"}, + {SEC_USER, "USER"}, + {SEC_DOMAIN, "DOMAIN"}, + {SEC_ADS, "ADS"}, + {-1, NULL} +}; + +static const struct enum_list enum_bool_auto[] = { + {false, "No"}, + {false, "False"}, + {false, "0"}, + {true, "Yes"}, + {true, "True"}, + {true, "1"}, + {Auto, "Auto"}, + {-1, NULL} +}; + +static const struct enum_list enum_csc_policy[] = { + {CSC_POLICY_MANUAL, "manual"}, + {CSC_POLICY_DOCUMENTS, "documents"}, + {CSC_POLICY_PROGRAMS, "programs"}, + {CSC_POLICY_DISABLE, "disable"}, + {-1, NULL} +}; + +/* Server role options */ +static const struct enum_list enum_server_role[] = { + {ROLE_AUTO, "auto"}, + {ROLE_STANDALONE, "standalone server"}, + {ROLE_STANDALONE, "standalone"}, + {ROLE_DOMAIN_MEMBER, "member server"}, + {ROLE_DOMAIN_MEMBER, "member"}, + {ROLE_DOMAIN_PDC, "classic primary domain controller"}, + {ROLE_DOMAIN_BDC, "classic backup domain controller"}, + {ROLE_ACTIVE_DIRECTORY_DC, "active directory domain controller"}, + {ROLE_ACTIVE_DIRECTORY_DC, "domain controller"}, + {ROLE_ACTIVE_DIRECTORY_DC, "dc"}, + {ROLE_IPA_DC, "IPA primary domain controller"}, + {-1, NULL} +}; + +/* SMB signing types. */ +static const struct enum_list enum_smb_signing_vals[] = { + {SMB_SIGNING_DEFAULT, "default"}, + {SMB_SIGNING_OFF, "No"}, + {SMB_SIGNING_OFF, "False"}, + {SMB_SIGNING_OFF, "0"}, + {SMB_SIGNING_OFF, "Off"}, + {SMB_SIGNING_OFF, "disabled"}, + {SMB_SIGNING_IF_REQUIRED, "if_required"}, + {SMB_SIGNING_IF_REQUIRED, "Yes"}, + {SMB_SIGNING_IF_REQUIRED, "True"}, + {SMB_SIGNING_IF_REQUIRED, "1"}, + {SMB_SIGNING_IF_REQUIRED, "On"}, + {SMB_SIGNING_IF_REQUIRED, "enabled"}, + {SMB_SIGNING_IF_REQUIRED, "auto"}, + {SMB_SIGNING_DESIRED, "desired"}, + {SMB_SIGNING_REQUIRED, "required"}, + {SMB_SIGNING_REQUIRED, "mandatory"}, + {SMB_SIGNING_REQUIRED, "force"}, + {SMB_SIGNING_REQUIRED, "forced"}, + {SMB_SIGNING_REQUIRED, "enforced"}, + {-1, NULL} +}; + +static const struct enum_list enum_smb_encryption_vals[] = { + {SMB_ENCRYPTION_DEFAULT, "default"}, + {SMB_ENCRYPTION_OFF, "No"}, + {SMB_ENCRYPTION_OFF, "False"}, + {SMB_ENCRYPTION_OFF, "0"}, + {SMB_ENCRYPTION_OFF, "Off"}, + {SMB_ENCRYPTION_OFF, "disabled"}, + {SMB_ENCRYPTION_IF_REQUIRED, "if_required"}, + {SMB_ENCRYPTION_IF_REQUIRED, "Yes"}, + {SMB_ENCRYPTION_IF_REQUIRED, "True"}, + {SMB_ENCRYPTION_IF_REQUIRED, "1"}, + {SMB_ENCRYPTION_IF_REQUIRED, "On"}, + {SMB_ENCRYPTION_IF_REQUIRED, "enabled"}, + {SMB_ENCRYPTION_IF_REQUIRED, "auto"}, + {SMB_ENCRYPTION_DESIRED, "desired"}, + {SMB_ENCRYPTION_REQUIRED, "required"}, + {SMB_ENCRYPTION_REQUIRED, "mandatory"}, + {SMB_ENCRYPTION_REQUIRED, "force"}, + {SMB_ENCRYPTION_REQUIRED, "forced"}, + {SMB_ENCRYPTION_REQUIRED, "enforced"}, + {-1, NULL} +}; + +static const struct enum_list enum_use_kerberos_vals[] = { + {CRED_USE_KERBEROS_DESIRED, "desired"}, + {CRED_USE_KERBEROS_DESIRED, "auto"}, + {CRED_USE_KERBEROS_REQUIRED, "yes"}, + {CRED_USE_KERBEROS_REQUIRED, "required"}, + {CRED_USE_KERBEROS_DISABLED, "no"}, + {CRED_USE_KERBEROS_DISABLED, "disabled"}, + {CRED_USE_KERBEROS_DISABLED, "off"}, + {-1, NULL} +}; + +static const struct enum_list enum_client_protection_vals[] = { + {CRED_CLIENT_PROTECTION_DEFAULT, "default"}, + {CRED_CLIENT_PROTECTION_PLAIN, "plain"}, + {CRED_CLIENT_PROTECTION_SIGN, "sign"}, + {CRED_CLIENT_PROTECTION_ENCRYPT, "encrypt"}, + {-1, NULL} +}; + +static const struct enum_list enum_mdns_name_values[] = { + {MDNS_NAME_NETBIOS, "netbios"}, + {MDNS_NAME_MDNS, "mdns"}, + {-1, NULL} +}; + +static const struct enum_list enum_tls_verify_peer_vals[] = { + {TLS_VERIFY_PEER_NO_CHECK, + TLS_VERIFY_PEER_NO_CHECK_STRING}, + {TLS_VERIFY_PEER_CA_ONLY, + TLS_VERIFY_PEER_CA_ONLY_STRING}, + {TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE, + TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE_STRING}, + {TLS_VERIFY_PEER_CA_AND_NAME, + TLS_VERIFY_PEER_CA_AND_NAME_STRING}, + {TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE, + TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE_STRING}, + {-1, NULL} +}; + +/* DNS update options. */ +static const struct enum_list enum_dns_update_settings[] = { + {DNS_UPDATE_OFF, "disabled"}, + {DNS_UPDATE_OFF, "No"}, + {DNS_UPDATE_OFF, "False"}, + {DNS_UPDATE_OFF, "0"}, + {DNS_UPDATE_OFF, "Off"}, + {DNS_UPDATE_ON, "nonsecure and secure"}, + {DNS_UPDATE_ON, "nonsecure"}, + {DNS_UPDATE_SIGNED, "secure only"}, + {DNS_UPDATE_SIGNED, "secure"}, + {DNS_UPDATE_SIGNED, "signed"}, + {-1, NULL} +}; + +/* + Do you want session setups at user level security with a invalid + password to be rejected or allowed in as guest? WinNT rejects them + but it can be a pain as it means "net view" needs to use a password + + You have 3 choices in the setting of map_to_guest: + + "Never" means session setups with an invalid password + are rejected. This is the default. + + "Bad User" means session setups with an invalid password + are rejected, unless the username does not exist, in which case it + is treated as a guest login + + "Bad Password" means session setups with an invalid password + are treated as a guest login + + Note that map_to_guest only has an effect in user or server + level security. +*/ + +static const struct enum_list enum_map_to_guest[] = { + {NEVER_MAP_TO_GUEST, "Never"}, + {MAP_TO_GUEST_ON_BAD_USER, "Bad User"}, + {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"}, + {MAP_TO_GUEST_ON_BAD_UID, "Bad Uid"}, + {-1, NULL} +}; + +/* Config backend options */ + +static const struct enum_list enum_config_backend[] = { + {CONFIG_BACKEND_FILE, "file"}, + {CONFIG_BACKEND_REGISTRY, "registry"}, + {-1, NULL} +}; + +static const struct enum_list enum_smbd_profiling_level[] = { + {0, "off"}, {1, "count"}, {2, "on"}, {-1, NULL} +}; + + +/* ADS kerberos ticket verification options */ + +static const struct enum_list enum_kerberos_method[] = { + {KERBEROS_VERIFY_SECRETS, "default"}, + {KERBEROS_VERIFY_SECRETS, "secrets only"}, + {KERBEROS_VERIFY_SECRETS, "secretsonly"}, + {KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"}, + {KERBEROS_VERIFY_SYSTEM_KEYTAB, "systemkeytab"}, + {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"}, + {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicatedkeytab"}, + {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"}, + {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secretsandkeytab"}, + {-1, NULL} +}; + +/* Kerberos encryption types selection options */ + +static const struct enum_list enum_kerberos_encryption_types_vals[] = { + {KERBEROS_ETYPES_ALL, "all"}, + {KERBEROS_ETYPES_STRONG, "strong"}, + {KERBEROS_ETYPES_LEGACY, "legacy"}, + {-1, NULL} +}; + +static const struct enum_list enum_printing[] = { + {PRINT_SYSV, "sysv"}, + {PRINT_AIX, "aix"}, + {PRINT_HPUX, "hpux"}, + {PRINT_BSD, "bsd"}, + {PRINT_QNX, "qnx"}, + {PRINT_PLP, "plp"}, + {PRINT_LPRNG, "lprng"}, +#ifdef HAVE_CUPS + {PRINT_CUPS, "cups"}, +#endif +#ifdef HAVE_IPRINT + {PRINT_IPRINT, "iprint"}, +#endif + {PRINT_LPRNT, "nt"}, + {PRINT_LPROS2, "os2"}, +#if defined(DEVELOPER) || defined(ENABLE_SELFTEST) + {PRINT_TEST, "test"}, + {PRINT_VLP, "vlp"}, +#endif /* DEVELOPER */ + {-1, NULL} +}; + +static const struct enum_list enum_ldap_sasl_wrapping[] = { + {0, "plain"}, + {ADS_AUTH_SASL_SIGN, "sign"}, + {ADS_AUTH_SASL_SEAL, "seal"}, + {-1, NULL} +}; + +static const struct enum_list enum_ldap_server_require_strong_auth_vals[] = { + { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "No" }, + { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "False" }, + { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "0" }, + { LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS, + "allow_sasl_over_tls" }, + { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "Yes" }, + { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "True" }, + { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "1" }, + {-1, NULL} +}; + +static const struct enum_list enum_ldap_ssl[] = { + {LDAP_SSL_OFF, "no"}, + {LDAP_SSL_OFF, "off"}, + {LDAP_SSL_START_TLS, "start tls"}, + {LDAP_SSL_START_TLS, "start_tls"}, + {-1, NULL} +}; + +/* LDAP Dereferencing Alias types */ +#define SAMBA_LDAP_DEREF_NEVER 0 +#define SAMBA_LDAP_DEREF_SEARCHING 1 +#define SAMBA_LDAP_DEREF_FINDING 2 +#define SAMBA_LDAP_DEREF_ALWAYS 3 + +static const struct enum_list enum_ldap_deref[] = { + {SAMBA_LDAP_DEREF_NEVER, "never"}, + {SAMBA_LDAP_DEREF_SEARCHING, "searching"}, + {SAMBA_LDAP_DEREF_FINDING, "finding"}, + {SAMBA_LDAP_DEREF_ALWAYS, "always"}, + {-1, "auto"} +}; + +static const struct enum_list enum_ldap_passwd_sync[] = { + {LDAP_PASSWD_SYNC_OFF, "no"}, + {LDAP_PASSWD_SYNC_OFF, "off"}, + {LDAP_PASSWD_SYNC_ON, "yes"}, + {LDAP_PASSWD_SYNC_ON, "on"}, + {LDAP_PASSWD_SYNC_ONLY, "only"}, + {-1, NULL} +}; + +static const struct enum_list enum_map_readonly[] = { + {MAP_READONLY_NO, "no"}, + {MAP_READONLY_NO, "false"}, + {MAP_READONLY_NO, "0"}, + {MAP_READONLY_YES, "yes"}, + {MAP_READONLY_YES, "true"}, + {MAP_READONLY_YES, "1"}, + {MAP_READONLY_PERMISSIONS, "permissions"}, + {MAP_READONLY_PERMISSIONS, "perms"}, + {-1, NULL} +}; + +static const struct enum_list enum_case[] = { + {CASE_LOWER, "lower"}, + {CASE_UPPER, "upper"}, + {-1, NULL} +}; + +static const struct enum_list enum_inherit_owner_vals[] = { + {INHERIT_OWNER_NO, "no"}, + {INHERIT_OWNER_WINDOWS_AND_UNIX, "windows and unix"}, + {INHERIT_OWNER_WINDOWS_AND_UNIX, "yes"}, + {INHERIT_OWNER_UNIX_ONLY, "unix only"}, + {-1, NULL}}; + +static const struct enum_list enum_mangled_names[] = { + {MANGLED_NAMES_NO, "no"}, + {MANGLED_NAMES_NO, "false"}, + {MANGLED_NAMES_NO, "0"}, + {MANGLED_NAMES_ILLEGAL, "illegal"}, + {MANGLED_NAMES_YES, "yes"}, + {MANGLED_NAMES_YES, "true"}, + {MANGLED_NAMES_YES, "1"}, + {-1, NULL} +}; + +static const struct enum_list enum_ntlm_auth[] = { + {NTLM_AUTH_DISABLED, "disabled"}, + {NTLM_AUTH_NTLMV2_ONLY, "ntlmv2-only"}, + {NTLM_AUTH_NTLMV2_ONLY, "no"}, + {NTLM_AUTH_NTLMV2_ONLY, "false"}, + {NTLM_AUTH_NTLMV2_ONLY, "0"}, + {NTLM_AUTH_ON, "ntlmv1-permitted"}, + {NTLM_AUTH_ON, "yes"}, + {NTLM_AUTH_ON, "true"}, + {NTLM_AUTH_ON, "1"}, + {NTLM_AUTH_MSCHAPv2_NTLMV2_ONLY, "mschapv2-and-ntlmv2-only"}, + {-1, NULL} +}; + +static const struct enum_list enum_nt_hash_store[] = { + {NT_HASH_STORE_AUTO, "auto"}, + {NT_HASH_STORE_NEVER, "never"}, + {NT_HASH_STORE_ALWAYS, "always"}, +}; + + +static const struct enum_list enum_spotlight_backend[] = { + {SPOTLIGHT_BACKEND_NOINDEX, "noindex"}, + {SPOTLIGHT_BACKEND_TRACKER, "tracker"}, + {SPOTLIGHT_BACKEND_ES, "elasticsearch"}, + {-1, NULL} +}; + +static const struct enum_list enum_debug_syslog_format[] = { + {DEBUG_SYSLOG_FORMAT_NO, "No"}, + {DEBUG_SYSLOG_FORMAT_NO, "False"}, + {DEBUG_SYSLOG_FORMAT_NO, "0"}, + {DEBUG_SYSLOG_FORMAT_IN_LOGS, "in_logs"}, + {DEBUG_SYSLOG_FORMAT_IN_LOGS, "Yes"}, + {DEBUG_SYSLOG_FORMAT_IN_LOGS, "True"}, + {DEBUG_SYSLOG_FORMAT_IN_LOGS, "1"}, + {DEBUG_SYSLOG_FORMAT_ALWAYS, "always"}, + {-1, NULL} +}; + +static const struct enum_list enum_ad_functional_level[] = { + {DS_DOMAIN_FUNCTION_2008_R2, "2008_R2"}, + {DS_DOMAIN_FUNCTION_2012, "2012"}, + {DS_DOMAIN_FUNCTION_2012_R2, "2012_R2"}, + {DS_DOMAIN_FUNCTION_2016, "2016"}, + {-1, NULL} +}; + +static const struct enum_list enum_acl_claims_evaluation[] = { + {ACL_CLAIMS_EVALUATION_AD_DC_ONLY, "AD DC only"}, + {ACL_CLAIMS_EVALUATION_NEVER, "never"}, + {-1, NULL} +}; + +/* Note: We do not initialise the defaults union - it is not allowed in ANSI C + * + * NOTE: Handling of duplicated (synonym) parameters: + * Parameters that are synonymous are stored in the same variable. + * All but the default spelling carry the flag FLAG_SYNONYM. + */ + +#define GLOBAL_VAR(name) offsetof(struct loadparm_global, name) +#define LOCAL_VAR(name) offsetof(struct loadparm_service, name) + +#include "lib/param/param_table_gen.c" + +int num_parameters(void) +{ + return (sizeof(parm_table) / sizeof(struct parm_struct)); +} diff --git a/lib/param/s3_param.h b/lib/param/s3_param.h new file mode 100644 index 0000000..60a2911 --- /dev/null +++ b/lib/param/s3_param.h @@ -0,0 +1,23 @@ +#ifndef __S3_PARAM_H__ +#define __S3_PARAM_H__ + +struct loadparm_s3_helpers +{ + void * (*get_parm_ptr)(struct loadparm_service *service, struct parm_struct *parm); + struct loadparm_service * (*get_service)(const char *service_name); + struct loadparm_service * (*get_servicebynum)(int snum); + int (*getservicebyname)(const char *, struct loadparm_service *); + int (*get_numservices)(void); + bool (*load)(const char *filename); + bool (*store_cmdline)(const char *pszParmName, const char *pszParmValue); + void (*dump)(FILE *f, bool show_defaults, int maxtoprint); + bool (*lp_include)(struct loadparm_context*, struct loadparm_service *, + const char *, char **); + void (*init_ldap_debugging)(void); + bool (*do_section)(const char *pszSectionName, void *userdata); + void (*init_globals)(struct loadparm_context *lp_ctx, bool reinit_globals); + struct loadparm_global *globals; + unsigned int *flags; +}; + +#endif /* __S3_PARAM_H__ */ diff --git a/lib/param/samba-hostconfig.pc.in b/lib/param/samba-hostconfig.pc.in new file mode 100644 index 0000000..307f27b --- /dev/null +++ b/lib/param/samba-hostconfig.pc.in @@ -0,0 +1,10 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: samba-hostconfig +Description: Host-wide Samba configuration +Version: @PACKAGE_VERSION@ +Libs: @LIB_RPATH@ -L${libdir} -lsamba-hostconfig +Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1 diff --git a/lib/param/util.c b/lib/param/util.c new file mode 100644 index 0000000..8d862ad --- /dev/null +++ b/lib/param/util.c @@ -0,0 +1,340 @@ +/* + Unix SMB/CIFS implementation. + Samba utility functions + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Jeremy Allison 2001-2002 + Copyright (C) Simo Sorce 2001 + Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003. + Copyright (C) James J Myers 2003 + Copyright (C) Jelmer Vernooij 2005-2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "dynconfig/dynconfig.h" +#include "system/network.h" +#include "system/filesys.h" +#include "system/dir.h" +#include "param/param.h" +#include "libds/common/roles.h" +#include "tdb.h" + +/** + * @file + * @brief Misc utility functions + */ + + +bool lpcfg_is_mydomain(struct loadparm_context *lp_ctx, + const char *domain) +{ + return strequal(lpcfg_workgroup(lp_ctx), domain); +} + +bool lpcfg_is_my_domain_or_realm(struct loadparm_context *lp_ctx, + const char *domain) +{ + return strequal(lpcfg_workgroup(lp_ctx), domain) || + strequal(lpcfg_realm(lp_ctx), domain); +} + +/** + see if a string matches either our primary or one of our secondary + netbios aliases. do a case insensitive match +*/ +bool lpcfg_is_myname(struct loadparm_context *lp_ctx, const char *name) +{ + const char **aliases; + int i; + + if (strcasecmp_m(name, lpcfg_netbios_name(lp_ctx)) == 0) { + return true; + } + + aliases = lpcfg_netbios_aliases(lp_ctx); + for (i=0; aliases && aliases[i]; i++) { + if (strcasecmp_m(name, aliases[i]) == 0) { + return true; + } + } + + return false; +} + +static char *lpcfg_common_path(TALLOC_CTX* mem_ctx, + const char *parent, + const char *name) +{ + char *fname, *dname; + bool ok; + + if (name == NULL) { + return NULL; + } + if (name[0] == 0 || name[0] == '/' || strstr(name, ":/")) { + return talloc_strdup(mem_ctx, name); + } + + dname = talloc_strdup(mem_ctx, parent); + if (dname == NULL) { + return NULL; + } + trim_string(dname,"","/"); + + ok = directory_create_or_exist(dname, 0755); + if (!ok) { + DEBUG(1, ("Unable to create directory %s for file %s. " + "Error was %s\n", dname, name, strerror(errno))); + return NULL; + } + + fname = talloc_asprintf(mem_ctx, "%s/%s", dname, name); + if (fname == NULL) { + return dname; + } + talloc_free(dname); + + return fname; +} + + +/** + A useful function for returning a path in the Samba lock directory. +**/ +char *lpcfg_lock_path(TALLOC_CTX* mem_ctx, struct loadparm_context *lp_ctx, + const char *name) +{ + return lpcfg_common_path(mem_ctx, lpcfg_lock_directory(lp_ctx), name); +} + +/** + A useful function for returning a path in the Samba state directory. +**/ +char *lpcfg_state_path(TALLOC_CTX* mem_ctx, struct loadparm_context *lp_ctx, + const char *name) +{ + return lpcfg_common_path(mem_ctx, lpcfg_state_directory(lp_ctx), name); +} + +/** + A useful function for returning a path in the Samba cache directory. +**/ +char *lpcfg_cache_path(TALLOC_CTX* mem_ctx, struct loadparm_context *lp_ctx, + const char *name) +{ + return lpcfg_common_path(mem_ctx, lpcfg_cache_directory(lp_ctx), name); +} + +/** + * @brief Returns an absolute path to a file in the directory containing the current config file + * + * @param name File to find, relative to the config file directory. + * + * @retval Pointer to a talloc'ed string containing the full path. + **/ + +char *lpcfg_config_path(TALLOC_CTX* mem_ctx, struct loadparm_context *lp_ctx, + const char *name) +{ + char *fname, *config_dir, *p; + config_dir = talloc_strdup(mem_ctx, lpcfg_configfile(lp_ctx)); + if (config_dir == NULL) { + config_dir = talloc_strdup(mem_ctx, lp_default_path()); + } + p = strrchr(config_dir, '/'); + if (p == NULL) { + talloc_free(config_dir); + config_dir = talloc_strdup(mem_ctx, "."); + if (config_dir == NULL) { + return NULL; + } + } else { + p[0] = '\0'; + } + fname = talloc_asprintf(mem_ctx, "%s/%s", config_dir, name); + talloc_free(config_dir); + return fname; +} + +/** + * @brief Returns an absolute path to a file in the Samba private directory. + * + * @param name File to find, relative to PRIVATEDIR. + * if name is not relative, then use it as-is + * + * @retval Pointer to a talloc'ed string containing the full path. + **/ +char *lpcfg_private_path(TALLOC_CTX* mem_ctx, + struct loadparm_context *lp_ctx, + const char *name) +{ + char *fname; + if (name == NULL) { + return NULL; + } + if (name[0] == 0 || name[0] == '/' || strstr(name, ":/")) { + return talloc_strdup(mem_ctx, name); + } + fname = talloc_asprintf(mem_ctx, "%s/%s", lpcfg_private_dir(lp_ctx), name); + return fname; +} + +/** + * @brief Returns an absolute path to a NTDB or TDB file in the Samba + * private directory. + * + * @param name File to find, relative to PRIVATEDIR, without .tdb extension. + * + * @retval Pointer to a talloc'ed string containing the full path, for + * use with dbwrap_local_open(). + **/ +char *lpcfg_private_db_path(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + const char *name) +{ + return talloc_asprintf(mem_ctx, "%s/%s.tdb", + lpcfg_private_dir(lp_ctx), name); +} + +/** + return a path in the smbd.tmp directory, where all temporary file + for smbd go. If NULL is passed for name then return the directory + path itself +*/ +char *smbd_tmp_path(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + const char *name) +{ + char *fname, *dname; + bool ok; + + dname = lpcfg_private_path(mem_ctx, lp_ctx, "smbd.tmp"); + if (dname == NULL) { + return NULL; + } + + ok = directory_create_or_exist(dname, 0755); + if (!ok) { + return NULL; + } + + if (name == NULL) { + return dname; + } + + fname = talloc_asprintf(mem_ctx, "%s/%s", dname, name); + if (fname == NULL) { + return dname; + } + talloc_free(dname); + + return fname; +} + +const char *lpcfg_imessaging_path(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx) +{ + return smbd_tmp_path(mem_ctx, lp_ctx, "msg"); +} + +const char *lpcfg_sam_name(struct loadparm_context *lp_ctx) +{ + switch (lpcfg_server_role(lp_ctx)) { + case ROLE_DOMAIN_BDC: + case ROLE_DOMAIN_PDC: + case ROLE_ACTIVE_DIRECTORY_DC: + case ROLE_IPA_DC: + return lpcfg_workgroup(lp_ctx); + default: + return lpcfg_netbios_name(lp_ctx); + } +} + +const char *lpcfg_sam_dnsname(struct loadparm_context *lp_ctx) +{ + switch (lpcfg_server_role(lp_ctx)) { + case ROLE_ACTIVE_DIRECTORY_DC: + case ROLE_IPA_DC: + return lpcfg_dnsdomain(lp_ctx); + default: + return NULL; + } +} + +static int +tdb_fetch_lifetime_fn(TDB_DATA key, TDB_DATA data, void *private_data) +{ + if (data.dsize < 256) { + long *result = private_data; + char tmp[data.dsize + 1]; + memcpy(tmp, data.dptr, data.dsize); + tmp[data.dsize] = '\0'; + *result = atol(tmp); + return 0; + } + return -1; +} + +static long tdb_fetch_lifetime(struct tdb_context *tdb, + const char *keystr) +{ + long result = -1; + int ret; + + ret = tdb_parse_record( + tdb, + (TDB_DATA){ + .dptr = discard_const_p(uint8_t, keystr), + .dsize = strlen(keystr), + }, + tdb_fetch_lifetime_fn, + &result); + if (ret == -1) { + return -1; + } + return result; +} + +void lpcfg_default_kdc_policy(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + time_t *svc_tkt_lifetime, + time_t *usr_tkt_lifetime, + time_t *renewal_lifetime) +{ + long val; + TDB_CONTEXT *ctx = NULL; + const char *kdc_tdb = NULL; + + kdc_tdb = lpcfg_cache_path(mem_ctx, lp_ctx, "gpo.tdb"); + if (kdc_tdb) + ctx = tdb_open(kdc_tdb, 0, TDB_DEFAULT, O_RDWR, 0600); + + if (!ctx || ( val = tdb_fetch_lifetime(ctx, "kdc:service_ticket_lifetime") ) == -1 ) + val = lpcfg_parm_long(lp_ctx, NULL, "kdc", "service ticket lifetime", 10); + *svc_tkt_lifetime = val * 60 * 60; + + if (!ctx || ( val = tdb_fetch_lifetime(ctx, "kdc:user_ticket_lifetime") ) == -1 ) + val = lpcfg_parm_long(lp_ctx, NULL, "kdc", "user ticket lifetime", 10); + *usr_tkt_lifetime = val * 60 * 60; + + if (!ctx || ( val = tdb_fetch_lifetime(ctx, "kdc:renewal_lifetime") ) == -1 ) + val = lpcfg_parm_long(lp_ctx, NULL, "kdc", "renewal lifetime", 24 * 7); + *renewal_lifetime = val * 60 * 60; + + if (ctx != NULL) { + tdb_close(ctx); + ctx = NULL; + } +} diff --git a/lib/param/wscript_build b/lib/param/wscript_build new file mode 100644 index 0000000..864975a --- /dev/null +++ b/lib/param/wscript_build @@ -0,0 +1,48 @@ +#!/usr/bin/env python + +bld.SAMBA_GENERATOR('param_functions.c', + source= '../../script/generate_param.py ../../docs-xml/smbdotconf/parameters.all.xml', + target='param_functions.c', + group='build_source', + rule='${PYTHON} ${SRC[0].abspath(env)} --file ${SRC[1].abspath(env)} --output ${TGT} --mode=FUNCTIONS') + +bld.SAMBA_GENERATOR('param_functions.h', + source= '../../script/generate_param.py ../../docs-xml/smbdotconf/parameters.all.xml', + target='param_functions.h', + group='build_source', + rule='${PYTHON} ${SRC[0].abspath(env)} --file ${SRC[1].abspath(env)} --output ${TGT} --mode=LIBPROTO') + +bld.SAMBA_GENERATOR('param_local.h', + source= '../../script/generate_param.py ../../docs-xml/smbdotconf/parameters.all.xml', + target='param_local.h', + group='build_source', + rule='${PYTHON} ${SRC[0].abspath(env)} --file ${SRC[1].abspath(env)} --output ${TGT} --mode=PARAMDEFS --scope=LOCAL') + +bld.SAMBA_GENERATOR('param_global.h', + source= '../../script/generate_param.py ../../docs-xml/smbdotconf/parameters.all.xml', + target='param_global.h', + group='build_source', + rule='${PYTHON} ${SRC[0].abspath(env)} --file ${SRC[1].abspath(env)} --output ${TGT} --mode=PARAMDEFS --scope=GLOBAL') + +bld.SAMBA_GENERATOR('param_table_gen.c', + source='../../script/generate_param.py ../../docs-xml/smbdotconf/parameters.all.xml', + target='param_table_gen.c', + group='build_source', + rule='${PYTHON} ${SRC[0].abspath(env)} --file ${SRC[1].abspath(env)} --output ${TGT} --mode=PARAMTABLE') + +bld.SAMBA_LIBRARY('server-role', + source='loadparm_server_role.c', + deps='samba-util samba-debug', + private_library=True) + +bld.SAMBA_LIBRARY('samba-hostconfig', + source='loadparm.c util.c param_table.c', + pc_files='samba-hostconfig.pc', + vnum='0.0.1', + deps='DYNCONFIG server-role tdb', + public_deps='GNUTLS_HELPERS samba-util param_local.h', + public_headers='param.h', + autoproto='param_proto.h' + ) + + |