1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-29 11:21:54 +03:00
samba-mirror/source3/include/local.h

242 lines
7.4 KiB
C
Raw Normal View History

/* Copyright (C) 1995-1998 Samba-Team */
/* Copyright (C) 1998 John H Terpstra <jht@aquasoft.com.au> */
/* local definitions for file server */
#ifndef _LOCAL_H
#define _LOCAL_H
/* Yves Gaige <yvesg@hptnodur.grenoble.hp.com> requested this set this */
/* to a maximum of 8 if old smb clients break because of long printer names. */
#define MAXPRINTERLEN 15
/* max number of directories open at once */
/* note that with the new directory code this no longer requires a
file handle per directory, but large numbers do use more memory */
#define MAX_OPEN_DIRECTORIES 256
/* max number of directory handles */
/* As this now uses the bitmap code this can be
quite large. */
#define MAX_DIRECTORY_HANDLES 2048
/* maximum number of file caches per smbd */
#define MAX_WRITE_CACHES 10
/*
* Fudgefactor required for open tdb's, etc.
*/
#ifndef MAX_OPEN_FUDGEFACTOR
#define MAX_OPEN_FUDGEFACTOR 20
#endif
/*
* Minimum number of open files needed for Windows7 to
* work correctly. A little conservative but better that
* than run out of fd's.
*/
#ifndef MIN_OPEN_FILES_WINDOWS
#define MIN_OPEN_FILES_WINDOWS 16384
#endif
/*
* Default number of maximum open files per smbd. This is
* also limited by the maximum available file descriptors
* per process and can also be set in smb.conf as "max open files"
* in the [global] section.
*/
#ifndef MAX_OPEN_FILES
#define MAX_OPEN_FILES (MIN_OPEN_FILES_WINDOWS + MAX_OPEN_FUDGEFACTOR)
#endif
#define WORDMAX 0xFFFF
/* the maximum password length before we declare a likely attack */
#define MAX_PASS_LEN 200
/* separators for lists */
#define LIST_SEP " \t,;\n\r"
/* wchar separators for lists */
#define LIST_SEP_W wchar_list_sep
/* this is where browse lists are kept in the lock dir */
#define SERVER_LIST "browse.dat"
/* shall filenames with illegal chars in them get mangled in long
filename listings? */
#define MANGLE_LONG_FILENAMES
/* define this if you want to stop spoofing with .. and soft links
NOTE: This also slows down the server considerably */
#define REDUCE_PATHS
/* the size of the directory cache */
#define DIRCACHESIZE 20
/* what default type of filesystem do we want this to show up as in a
NT file manager window? */
#define FSTYPE_STRING "NTFS"
/* the default guest account - normally set in the Makefile or smb.conf */
#ifndef GUEST_ACCOUNT
#define GUEST_ACCOUNT "nobody"
#endif
/* user to test password server with as invalid in security=server mode. */
#ifndef INVALID_USER_PREFIX
#define INVALID_USER_PREFIX "sambatest"
#endif
/* the default pager to use for the client "more" command. Users can
override this with the PAGER environment variable */
#ifndef PAGER
#define PAGER "more"
#endif
/* the size of the uid cache used to reduce valid user checks */
#define VUID_CACHE_SIZE 32
/* the following control timings of various actions. Don't change
them unless you know what you are doing. These are all in seconds */
#define DEFAULT_SMBD_TIMEOUT (60*60*24*7)
#define SMBD_RELOAD_CHECK (180)
#define IDLE_CLOSED_TIMEOUT (60)
#define DPTR_IDLE_TIMEOUT (120)
#define SMBD_SELECT_TIMEOUT (60)
#define NMBD_SELECT_LOOP (10)
#define BROWSE_INTERVAL (60)
#define REGISTRATION_INTERVAL (10*60)
#define NMBD_INETD_TIMEOUT (120)
#define NMBD_MAX_TTL (24*60*60)
#define LPQ_LOCK_TIMEOUT (5)
#define NMBD_INTERFACES_RELOAD (120)
#define NMBD_UNEXPECTED_TIMEOUT (15)
s3-printing: Initiate pcap reload from parent smbd Since commit 7022554, smbds share a printcap cache (printer_list.tdb), therefore ordering of events between smbd processes is important when updating printcap cache information. Consider the following two process example: 1) smbd1 receives HUP or printcap cache time expiry 2) smbd1 checks whether pcap needs refresh, it does 3) smbd1 marks pcap as refreshed 4) smbd1 forks child1 to obtain cups printer info 5) smbd2 receives HUP or printcap cache time expiry 6) smbd2 checks whether pcap needs refresh, it does not (due to step 3) 7) smbd2 reloads printer shares prior to child1 completion (stale pcap) 8) child1 completion, pcap cache (printer_list.tdb) is updated by smbd1 9) smbd1 reloads printer shares based on new pcap information In this case both smbd1 and smbd2 are reliant on the pcap update performed on child1 completion. The prior commit "reload shares after pcap cache fill" ensures that smbd1 only reloads printer shares following pcap update, however smbd2 continues to present shares based on stale pcap data. This commit addresses the above problem by driving pcap cache and printer share updates from the parent smbd process. 1) smbd0 (parent) receives a HUP or printcap cache time expiry 2) smbd0 forks child0 to obtain cups printer info 3) child0 completion, pcap cache (printer_list.tdb) is updated by smbd0 4) smbd0 reloads printer shares 5) smbd0 notifies child smbds of pcap update via message_send_all() 6) child smbds read fresh pcap data and reload printer shares This architecture has the additional advantage that only a single process (the parent smbd) requests printer information from the printcap backend. Use time_mono in housekeeping functions As suggested by Björn Jacke.
2010-12-23 14:14:21 +03:00
#define SMBD_HOUSEKEEPING_INTERVAL SMBD_SELECT_TIMEOUT
/* the following are in milliseconds */
#define LOCK_RETRY_TIMEOUT (100)
/* do you want to dump core (carefully!) when an internal error is
encountered? Samba will be careful to make the core file only
accessible to root */
#define DUMP_CORE 1
/* shall we support browse requests via a FIFO to nmbd? */
#define ENABLE_FIFO 1
/* how long (in miliseconds) to wait for a socket connect to happen */
#define LONG_CONNECT_TIMEOUT 30000
#define SHORT_CONNECT_TIMEOUT 5000
/* the default netbios keepalive timeout */
#define DEFAULT_KEEPALIVE 300
/* the directory to sit in when idle */
/* #define IDLE_DIR "/" */
/* Timout (in seconds) to wait for an oplock break
message to return from the client. */
#define OPLOCK_BREAK_TIMEOUT 30
/* Timout (in seconds) to add to the oplock break timeout
to wait for the smbd to smbd message to return. */
#define OPLOCK_BREAK_TIMEOUT_FUDGEFACTOR 2
/* the read preciction code has been disabled until some problems with
it are worked out */
#define USE_READ_PREDICTION 0
/* Minimum length of allowed password when changing UNIX password. */
#define MINPASSWDLENGTH 5
/* maximum ID number used for session control. This cannot be larger
than 62*62 for the current code */
#define MAX_SESSION_ID 3000
/* For the benifit of PAM and the 'session exec' scripts, we fake up a terminal
name. This can be in one of two forms: The first for systems not using
utmp (and therefore not constrained as to length or the need for a number
< 3000 or so) and the second for systems with this 'well behaved terminal
like name' constraint.
*/
#ifndef SESSION_TEMPLATE
/* Paramaters are 'pid' and 'vuid' */
#define SESSION_TEMPLATE "smb/%lu/%d"
#endif
#ifndef SESSION_UTMP_TEMPLATE
#define SESSION_UTMP_TEMPLATE "smb/%d"
#endif
/* the maximum age in seconds of a password. Should be a lp_ parameter */
#define MAX_PASSWORD_AGE (21*24*60*60)
/* Default allocation roundup. */
#define SMB_ROUNDUP_ALLOCATION_SIZE 0x100000
/* shall we deny oplocks to clients that get timeouts? */
#define FASCIST_OPLOCK_BACKOFF 1
/* this enables the "rabbit pellet" fix for SMBwritebraw */
#define RABBIT_PELLET_FIX 1
/* Max number of open RPC pipes. */
#define MAX_OPEN_PIPES 2048
/* Tuning for server auth mutex. */
#define CLI_AUTH_TIMEOUT 5000 /* In milli-seconds. */
#define NUM_CLI_AUTH_CONNECT_RETRIES 3
/* Number in seconds to wait for the mutex. This must be less than 30 seconds. */
#define SERVER_MUTEX_WAIT_TIME ( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)
/* Number in seconds for winbindd to wait for the mutex. Make this 2 * smbd wait time. */
#define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2)
/* Buffer size to use when printing backtraces */
#define BACKTRACE_STACK_SIZE 64
/* size of listen() backlog in smbd */
#define SMBD_LISTEN_BACKLOG 50
/* Number of microseconds to wait before a sharing violation. */
#define SHARING_VIOLATION_USEC_WAIT 950000
/* Number of microseconds to wait before a updating the write time (2 secs). */
#define WRITE_TIME_UPDATE_USEC_DELAY 2000000
#define MAX_LDAP_REPLICATION_SLEEP_TIME 5000 /* In milliseconds. */
/* tdb hash size for the open database. */
#define SMB_OPEN_DATABASE_TDB_HASH_SIZE 10007
/* Characters we disallow in sharenames. */
#define INVALID_SHARENAME_CHARS "%<>*?|/\\+=;:\","
/* Seconds between connection attempts to a remote server. */
#define FAILED_CONNECTION_CACHE_TIMEOUT (LONG_CONNECT_TIMEOUT * 2 / 1000)
/* Default hash size for the winbindd cache. */
#define WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE 5000
/* Windows minimum lock resolution timeout in ms */
#define WINDOWS_MINIMUM_LOCK_TIMEOUT_MS 200
/* Maximum size of RPC data we will accept for one call. */
#define MAX_RPC_DATA_SIZE (15*1024*1024)
Fix bug #7146 - Samba miss-parses authenticated RPC packets. Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy
2010-02-18 02:27:59 +03:00
#define CLIENT_NDR_PADDING_SIZE 8
#define SERVER_NDR_PADDING_SIZE 8
#define DEFAULT_SMB2_MAX_READ (64*1024)
#define DEFAULT_SMB2_MAX_WRITE (64*1024)
#define DEFAULT_SMB2_MAX_TRANSACT (64*1024)
#define DEFAULT_SMB2_MAX_CREDITS 8192
#define DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR 2
#endif