2011-11-10 08:19:33 +04:00
/*
Unix SMB / CIFS implementation .
Parameter loading functions
Copyright ( C ) Karl Auer 1993 - 1998
Largely re - written by Andrew Tridgell , September 1994
Copyright ( C ) Simo Sorce 2001
Copyright ( C ) Alexander Bokovoy 2002
Copyright ( C ) Stefan ( metze ) Metzmacher 2002
Copyright ( C ) Jim McDonough < jmcd @ us . ibm . com > 2003
Copyright ( C ) Michael Adam 2008
Copyright ( C ) Jelmer Vernooij < jelmer @ samba . org > 2007
Copyright ( C ) Andrew Bartlett 2011
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
2014-02-24 03:31:43 +04:00
# include "includes.h"
# include "lib/param/param.h"
# include "lib/param/loadparm.h"
# include "lib/param/param_global.h"
2017-07-03 03:11:51 +03:00
# include "libcli/auth/ntlm_check.h"
2014-02-24 03:31:43 +04:00
# include "libcli/smb/smb_constants.h"
2015-12-28 22:01:54 +03:00
# include "libds/common/roles.h"
2015-12-24 00:12:56 +03:00
# include "source4/lib/tls/tls.h"
2014-02-24 03:31:43 +04:00
# ifndef N_
# define N_(x) x
# endif
2011-11-10 08:19:33 +04:00
static const struct enum_list enum_protocol [ ] = {
2014-09-24 01:08:10 +04:00
{ PROTOCOL_DEFAULT , " default " } , /* the caller decides what this means */
2012-06-04 01:02:56 +04:00
{ PROTOCOL_SMB2_10 , " SMB2 " } , /* for now keep PROTOCOL_SMB2_10 */
2014-10-10 17:24:55 +04:00
{ PROTOCOL_SMB3_11 , " SMB3 " } , /* for now keep PROTOCOL_SMB3_11 */
2015-03-04 09:02:38 +03:00
{ PROTOCOL_SMB3_11 , " SMB3_11 " } ,
2014-09-23 06:02:40 +04:00
{ PROTOCOL_SMB3_10 , " SMB3_10 " } ,
2013-09-13 13:27:39 +04:00
{ PROTOCOL_SMB3_02 , " SMB3_02 " } ,
2012-05-05 11:31:39 +04:00
{ PROTOCOL_SMB3_00 , " SMB3_00 " } ,
2011-12-22 16:12:24 +04:00
{ PROTOCOL_SMB2_24 , " SMB2_24 " } ,
2011-11-19 17:01:25 +04:00
{ PROTOCOL_SMB2_22 , " SMB2_22 " } ,
2011-11-10 08:19:33 +04:00
{ PROTOCOL_SMB2_10 , " SMB2_10 " } ,
{ PROTOCOL_SMB2_02 , " SMB2_02 " } ,
{ PROTOCOL_NT1 , " NT1 " } ,
{ PROTOCOL_LANMAN2 , " LANMAN2 " } ,
{ PROTOCOL_LANMAN1 , " LANMAN1 " } ,
{ PROTOCOL_CORE , " CORE " } ,
{ PROTOCOL_COREPLUS , " COREPLUS " } ,
{ PROTOCOL_COREPLUS , " CORE+ " } ,
{ - 1 , NULL }
} ;
static const struct enum_list enum_security [ ] = {
{ SEC_AUTO , " AUTO " } ,
{ SEC_USER , " USER " } ,
{ SEC_DOMAIN , " DOMAIN " } ,
{ SEC_ADS , " ADS " } ,
{ - 1 , NULL }
} ;
static const struct enum_list enum_bool_auto [ ] = {
{ false , " No " } ,
{ false , " False " } ,
{ false , " 0 " } ,
{ true , " Yes " } ,
{ true , " True " } ,
{ true , " 1 " } ,
{ Auto , " Auto " } ,
{ - 1 , NULL }
} ;
static const struct enum_list enum_csc_policy [ ] = {
{ CSC_POLICY_MANUAL , " manual " } ,
{ CSC_POLICY_DOCUMENTS , " documents " } ,
{ CSC_POLICY_PROGRAMS , " programs " } ,
{ CSC_POLICY_DISABLE , " disable " } ,
{ - 1 , NULL }
} ;
/* Server role options */
static const struct enum_list enum_server_role [ ] = {
{ ROLE_AUTO , " auto " } ,
2012-06-11 04:50:08 +04:00
{ ROLE_STANDALONE , " standalone server " } ,
2011-11-10 08:19:33 +04:00
{ ROLE_STANDALONE , " standalone " } ,
{ ROLE_DOMAIN_MEMBER , " member server " } ,
{ ROLE_DOMAIN_MEMBER , " member " } ,
2012-06-10 16:08:20 +04:00
{ ROLE_DOMAIN_PDC , " classic primary domain controller " } ,
{ ROLE_DOMAIN_BDC , " classic backup domain controller " } ,
{ ROLE_ACTIVE_DIRECTORY_DC , " active directory domain controller " } ,
{ ROLE_ACTIVE_DIRECTORY_DC , " domain controller " } ,
{ ROLE_ACTIVE_DIRECTORY_DC , " dc " } ,
2011-11-10 08:19:33 +04:00
{ - 1 , NULL }
} ;
/* SMB signing types. */
static const struct enum_list enum_smb_signing_vals [ ] = {
{ SMB_SIGNING_DEFAULT , " default " } ,
{ SMB_SIGNING_OFF , " No " } ,
{ SMB_SIGNING_OFF , " False " } ,
{ SMB_SIGNING_OFF , " 0 " } ,
{ SMB_SIGNING_OFF , " Off " } ,
{ SMB_SIGNING_OFF , " disabled " } ,
{ SMB_SIGNING_IF_REQUIRED , " if_required " } ,
{ SMB_SIGNING_IF_REQUIRED , " Yes " } ,
{ SMB_SIGNING_IF_REQUIRED , " True " } ,
{ SMB_SIGNING_IF_REQUIRED , " 1 " } ,
{ SMB_SIGNING_IF_REQUIRED , " On " } ,
{ SMB_SIGNING_IF_REQUIRED , " enabled " } ,
{ SMB_SIGNING_IF_REQUIRED , " auto " } ,
2015-06-30 15:16:19 +03:00
{ SMB_SIGNING_DESIRED , " desired " } ,
2011-11-10 08:19:33 +04:00
{ SMB_SIGNING_REQUIRED , " required " } ,
{ SMB_SIGNING_REQUIRED , " mandatory " } ,
{ SMB_SIGNING_REQUIRED , " force " } ,
{ SMB_SIGNING_REQUIRED , " forced " } ,
{ SMB_SIGNING_REQUIRED , " enforced " } ,
{ - 1 , NULL }
} ;
2011-12-16 17:25:57 +04:00
2017-11-26 07:03:59 +03:00
static const struct enum_list enum_mdns_name_values [ ] = {
{ MDNS_NAME_NETBIOS , " netbios " } ,
{ MDNS_NAME_MDNS , " mdns " } ,
{ - 1 , NULL }
} ;
2015-12-24 00:12:56 +03:00
static const struct enum_list enum_tls_verify_peer_vals [ ] = {
{ TLS_VERIFY_PEER_NO_CHECK ,
TLS_VERIFY_PEER_NO_CHECK_STRING } ,
{ TLS_VERIFY_PEER_CA_ONLY ,
TLS_VERIFY_PEER_CA_ONLY_STRING } ,
{ TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE ,
TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE_STRING } ,
{ TLS_VERIFY_PEER_CA_AND_NAME ,
TLS_VERIFY_PEER_CA_AND_NAME_STRING } ,
{ TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE ,
TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE_STRING } ,
{ - 1 , NULL }
} ;
2011-12-16 17:25:57 +04:00
/* DNS update options. */
static const struct enum_list enum_dns_update_settings [ ] = {
2012-09-12 11:39:06 +04:00
{ DNS_UPDATE_OFF , " disabled " } ,
{ DNS_UPDATE_OFF , " No " } ,
2011-12-16 17:25:57 +04:00
{ DNS_UPDATE_OFF , " False " } ,
2012-09-12 11:39:06 +04:00
{ DNS_UPDATE_OFF , " 0 " } ,
{ DNS_UPDATE_OFF , " Off " } ,
{ DNS_UPDATE_ON , " nonsecure and secure " } ,
{ DNS_UPDATE_ON , " nonsecure " } ,
{ DNS_UPDATE_SIGNED , " secure only " } ,
{ DNS_UPDATE_SIGNED , " secure " } ,
2011-12-16 17:25:57 +04:00
{ DNS_UPDATE_SIGNED , " signed " } ,
{ - 1 , NULL }
} ;
2012-07-23 06:47:01 +04:00
/*
Do you want session setups at user level security with a invalid
password to be rejected or allowed in as guest ? WinNT rejects them
but it can be a pain as it means " net view " needs to use a password
You have 3 choices in the setting of map_to_guest :
" Never " means session setups with an invalid password
are rejected . This is the default .
" Bad User " means session setups with an invalid password
are rejected , unless the username does not exist , in which case it
is treated as a guest login
" Bad Password " means session setups with an invalid password
are treated as a guest login
Note that map_to_guest only has an effect in user or server
level security .
*/
static const struct enum_list enum_map_to_guest [ ] = {
{ NEVER_MAP_TO_GUEST , " Never " } ,
{ MAP_TO_GUEST_ON_BAD_USER , " Bad User " } ,
{ MAP_TO_GUEST_ON_BAD_PASSWORD , " Bad Password " } ,
{ MAP_TO_GUEST_ON_BAD_UID , " Bad Uid " } ,
{ - 1 , NULL }
} ;
/* Config backend options */
static const struct enum_list enum_config_backend [ ] = {
{ CONFIG_BACKEND_FILE , " file " } ,
{ CONFIG_BACKEND_REGISTRY , " registry " } ,
{ - 1 , NULL }
} ;
2014-10-09 16:56:28 +04:00
static const struct enum_list enum_smbd_profiling_level [ ] = {
{ 0 , " off " } , { 1 , " count " } , { 2 , " on " } , { - 1 , NULL }
} ;
2012-07-23 06:47:01 +04:00
/* ADS kerberos ticket verification options */
static const struct enum_list enum_kerberos_method [ ] = {
{ KERBEROS_VERIFY_SECRETS , " default " } ,
{ KERBEROS_VERIFY_SECRETS , " secrets only " } ,
2017-03-13 19:28:58 +03:00
{ KERBEROS_VERIFY_SECRETS , " secretsonly " } ,
2012-07-23 06:47:01 +04:00
{ KERBEROS_VERIFY_SYSTEM_KEYTAB , " system keytab " } ,
2017-03-13 19:28:58 +03:00
{ KERBEROS_VERIFY_SYSTEM_KEYTAB , " systemkeytab " } ,
2012-07-23 06:47:01 +04:00
{ KERBEROS_VERIFY_DEDICATED_KEYTAB , " dedicated keytab " } ,
2017-03-13 19:28:58 +03:00
{ KERBEROS_VERIFY_DEDICATED_KEYTAB , " dedicatedkeytab " } ,
2012-07-23 06:47:01 +04:00
{ KERBEROS_VERIFY_SECRETS_AND_KEYTAB , " secrets and keytab " } ,
2017-03-13 19:28:58 +03:00
{ KERBEROS_VERIFY_SECRETS_AND_KEYTAB , " secretsandkeytab " } ,
2012-07-23 06:47:01 +04:00
{ - 1 , NULL }
} ;
2016-05-08 15:45:44 +03:00
/* Kerberos encryption types selection options */
static const struct enum_list enum_kerberos_encryption_types_vals [ ] = {
{ KERBEROS_ETYPES_ALL , " all " } ,
{ KERBEROS_ETYPES_STRONG , " strong " } ,
{ KERBEROS_ETYPES_LEGACY , " legacy " } ,
{ - 1 , NULL }
} ;
2012-07-23 06:47:01 +04:00
static const struct enum_list enum_printing [ ] = {
{ PRINT_SYSV , " sysv " } ,
{ PRINT_AIX , " aix " } ,
{ PRINT_HPUX , " hpux " } ,
{ PRINT_BSD , " bsd " } ,
{ PRINT_QNX , " qnx " } ,
{ PRINT_PLP , " plp " } ,
{ PRINT_LPRNG , " lprng " } ,
2012-09-05 09:03:31 +04:00
# ifdef HAVE_CUPS
2012-07-23 06:47:01 +04:00
{ PRINT_CUPS , " cups " } ,
2012-09-05 09:03:31 +04:00
# endif
# ifdef HAVE_IPRINT
2012-07-23 06:47:01 +04:00
{ PRINT_IPRINT , " iprint " } ,
2012-09-05 09:03:31 +04:00
# endif
2012-07-23 06:47:01 +04:00
{ PRINT_LPRNT , " nt " } ,
{ PRINT_LPROS2 , " os2 " } ,
2012-08-21 02:16:24 +04:00
# if defined(DEVELOPER) || defined(ENABLE_SELFTEST)
2012-07-23 06:47:01 +04:00
{ PRINT_TEST , " test " } ,
{ PRINT_VLP , " vlp " } ,
# endif /* DEVELOPER */
{ - 1 , NULL }
} ;
static const struct enum_list enum_ldap_sasl_wrapping [ ] = {
{ 0 , " plain " } ,
{ ADS_AUTH_SASL_SIGN , " sign " } ,
{ ADS_AUTH_SASL_SEAL , " seal " } ,
{ - 1 , NULL }
} ;
2015-12-21 14:03:56 +03:00
static const struct enum_list enum_ldap_server_require_strong_auth_vals [ ] = {
{ LDAP_SERVER_REQUIRE_STRONG_AUTH_NO , " No " } ,
{ LDAP_SERVER_REQUIRE_STRONG_AUTH_NO , " False " } ,
{ LDAP_SERVER_REQUIRE_STRONG_AUTH_NO , " 0 " } ,
{ LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS ,
" allow_sasl_over_tls " } ,
{ LDAP_SERVER_REQUIRE_STRONG_AUTH_YES , " Yes " } ,
{ LDAP_SERVER_REQUIRE_STRONG_AUTH_YES , " True " } ,
{ LDAP_SERVER_REQUIRE_STRONG_AUTH_YES , " 1 " } ,
{ - 1 , NULL }
} ;
2012-07-23 06:47:01 +04:00
static const struct enum_list enum_ldap_ssl [ ] = {
{ LDAP_SSL_OFF , " no " } ,
{ LDAP_SSL_OFF , " off " } ,
{ LDAP_SSL_START_TLS , " start tls " } ,
{ LDAP_SSL_START_TLS , " start_tls " } ,
{ - 1 , NULL }
} ;
/* LDAP Dereferencing Alias types */
# define SAMBA_LDAP_DEREF_NEVER 0
# define SAMBA_LDAP_DEREF_SEARCHING 1
# define SAMBA_LDAP_DEREF_FINDING 2
# define SAMBA_LDAP_DEREF_ALWAYS 3
static const struct enum_list enum_ldap_deref [ ] = {
{ SAMBA_LDAP_DEREF_NEVER , " never " } ,
{ SAMBA_LDAP_DEREF_SEARCHING , " searching " } ,
{ SAMBA_LDAP_DEREF_FINDING , " finding " } ,
{ SAMBA_LDAP_DEREF_ALWAYS , " always " } ,
{ - 1 , " auto " }
} ;
static const struct enum_list enum_ldap_passwd_sync [ ] = {
{ LDAP_PASSWD_SYNC_OFF , " no " } ,
{ LDAP_PASSWD_SYNC_OFF , " off " } ,
{ LDAP_PASSWD_SYNC_ON , " yes " } ,
{ LDAP_PASSWD_SYNC_ON , " on " } ,
{ LDAP_PASSWD_SYNC_ONLY , " only " } ,
{ - 1 , NULL }
} ;
static const struct enum_list enum_map_readonly [ ] = {
{ MAP_READONLY_NO , " no " } ,
{ MAP_READONLY_NO , " false " } ,
{ MAP_READONLY_NO , " 0 " } ,
{ MAP_READONLY_YES , " yes " } ,
{ MAP_READONLY_YES , " true " } ,
{ MAP_READONLY_YES , " 1 " } ,
{ MAP_READONLY_PERMISSIONS , " permissions " } ,
{ MAP_READONLY_PERMISSIONS , " perms " } ,
{ - 1 , NULL }
} ;
static const struct enum_list enum_case [ ] = {
{ CASE_LOWER , " lower " } ,
{ CASE_UPPER , " upper " } ,
{ - 1 , NULL }
} ;
2012-07-23 07:53:16 +04:00
2016-08-02 09:37:00 +03:00
static const struct enum_list enum_inherit_owner_vals [ ] = {
{ INHERIT_OWNER_NO , " no " } ,
{ INHERIT_OWNER_WINDOWS_AND_UNIX , " windows and unix " } ,
{ INHERIT_OWNER_WINDOWS_AND_UNIX , " yes " } ,
{ INHERIT_OWNER_UNIX_ONLY , " unix only " } ,
{ - 1 , NULL } } ;
2012-07-23 07:53:16 +04:00
2016-11-17 16:22:41 +03:00
static const struct enum_list enum_mangled_names [ ] = {
{ MANGLED_NAMES_NO , " no " } ,
{ MANGLED_NAMES_NO , " false " } ,
{ MANGLED_NAMES_NO , " 0 " } ,
2016-11-17 16:24:07 +03:00
{ MANGLED_NAMES_ILLEGAL , " illegal " } ,
2016-11-17 16:22:41 +03:00
{ MANGLED_NAMES_YES , " yes " } ,
{ MANGLED_NAMES_YES , " true " } ,
{ MANGLED_NAMES_YES , " 1 " } ,
{ - 1 , NULL }
} ;
2017-07-03 03:11:51 +03:00
static const struct enum_list enum_ntlm_auth [ ] = {
2017-07-03 05:16:50 +03:00
{ NTLM_AUTH_DISABLED , " disabled " } ,
2017-07-03 03:11:51 +03:00
{ NTLM_AUTH_NTLMV2_ONLY , " ntlmv2-only " } ,
{ NTLM_AUTH_NTLMV2_ONLY , " no " } ,
{ NTLM_AUTH_NTLMV2_ONLY , " false " } ,
{ NTLM_AUTH_NTLMV2_ONLY , " 0 " } ,
{ NTLM_AUTH_ON , " ntlmv1-permitted " } ,
{ NTLM_AUTH_ON , " yes " } ,
{ NTLM_AUTH_ON , " true " } ,
{ NTLM_AUTH_ON , " 1 " } ,
{ NTLM_AUTH_MSCHAPv2_NTLMV2_ONLY , " mschapv2-and-ntlmv2-only " } ,
{ - 1 , NULL }
} ;
2012-07-23 07:53:16 +04:00
/* Note: We do not initialise the defaults union - it is not allowed in ANSI C
*
2015-04-24 10:36:05 +03:00
* NOTE : Handling of duplicated ( synonym ) parameters :
* Parameters that are synonymous are stored in the same variable .
2015-04-24 10:57:08 +03:00
* All but the default spelling carry the flag FLAG_SYNONYM .
2012-07-23 07:53:16 +04:00
*/
# define GLOBAL_VAR(name) offsetof(struct loadparm_global, name)
# define LOCAL_VAR(name) offsetof(struct loadparm_service, name)
2015-07-23 19:40:27 +03:00
# include "lib/param/param_table_gen.c"
2012-07-23 07:53:16 +04:00
2014-02-24 03:31:43 +04:00
int num_parameters ( void )
{
return ( sizeof ( parm_table ) / sizeof ( struct parm_struct ) ) ;
}