Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Parameter loading functions
4 : Copyright (C) Karl Auer 1993-1998
5 :
6 : Largely re-written by Andrew Tridgell, September 1994
7 :
8 : Copyright (C) Simo Sorce 2001
9 : Copyright (C) Alexander Bokovoy 2002
10 : Copyright (C) Stefan (metze) Metzmacher 2002
11 : Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 : Copyright (C) Michael Adam 2008
13 : Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 : Copyright (C) Andrew Bartlett 2011
15 :
16 : This program is free software; you can redistribute it and/or modify
17 : it under the terms of the GNU General Public License as published by
18 : the Free Software Foundation; either version 3 of the License, or
19 : (at your option) any later version.
20 :
21 : This program is distributed in the hope that it will be useful,
22 : but WITHOUT ANY WARRANTY; without even the implied warranty of
23 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 : GNU General Public License for more details.
25 :
26 : You should have received a copy of the GNU General Public License
27 : along with this program. If not, see <http://www.gnu.org/licenses/>.
28 : */
29 :
30 : #include "includes.h"
31 : #include "lib/param/param.h"
32 : #include "lib/param/loadparm.h"
33 : #include "lib/param/param_global.h"
34 : #include "libcli/auth/ntlm_check.h"
35 : #include "libcli/smb/smb_constants.h"
36 : #include "libds/common/roles.h"
37 : #include "source4/lib/tls/tls.h"
38 : #include "auth/credentials/credentials.h"
39 :
40 : #ifndef N_
41 : #define N_(x) x
42 : #endif
43 :
44 : static const struct enum_list enum_protocol[] = {
45 : {PROTOCOL_DEFAULT, "default"}, /* the caller decides what this means */
46 : {PROTOCOL_SMB2_10, "SMB2"}, /* for now keep PROTOCOL_SMB2_10 */
47 : {PROTOCOL_SMB3_11, "SMB3"}, /* for now keep PROTOCOL_SMB3_11 */
48 : {PROTOCOL_SMB3_11, "SMB3_11"},
49 : {PROTOCOL_SMB3_02, "SMB3_02"},
50 : {PROTOCOL_SMB3_00, "SMB3_00"},
51 : {PROTOCOL_SMB2_10, "SMB2_10"},
52 : {PROTOCOL_SMB2_02, "SMB2_02"},
53 : {PROTOCOL_NT1, "NT1"},
54 : {PROTOCOL_LANMAN2, "LANMAN2"},
55 : {PROTOCOL_LANMAN1, "LANMAN1"},
56 : {PROTOCOL_CORE, "CORE"},
57 : {PROTOCOL_COREPLUS, "COREPLUS"},
58 : {PROTOCOL_COREPLUS, "CORE+"},
59 : {-1, NULL}
60 : };
61 :
62 0 : const char* lpcfg_get_smb_protocol(int type)
63 : {
64 : int i;
65 0 : for (i = 1; enum_protocol[i].value != -1; i++) {
66 0 : if (enum_protocol[i].value == type) {
67 0 : return enum_protocol[i].name;
68 : }
69 : }
70 0 : return NULL;
71 : }
72 :
73 : static const struct enum_list enum_security[] = {
74 : {SEC_AUTO, "AUTO"},
75 : {SEC_USER, "USER"},
76 : {SEC_DOMAIN, "DOMAIN"},
77 : {SEC_ADS, "ADS"},
78 : {-1, NULL}
79 : };
80 :
81 : static const struct enum_list enum_bool_auto[] = {
82 : {false, "No"},
83 : {false, "False"},
84 : {false, "0"},
85 : {true, "Yes"},
86 : {true, "True"},
87 : {true, "1"},
88 : {Auto, "Auto"},
89 : {-1, NULL}
90 : };
91 :
92 : static const struct enum_list enum_csc_policy[] = {
93 : {CSC_POLICY_MANUAL, "manual"},
94 : {CSC_POLICY_DOCUMENTS, "documents"},
95 : {CSC_POLICY_PROGRAMS, "programs"},
96 : {CSC_POLICY_DISABLE, "disable"},
97 : {-1, NULL}
98 : };
99 :
100 : /* Server role options */
101 : static const struct enum_list enum_server_role[] = {
102 : {ROLE_AUTO, "auto"},
103 : {ROLE_STANDALONE, "standalone server"},
104 : {ROLE_STANDALONE, "standalone"},
105 : {ROLE_DOMAIN_MEMBER, "member server"},
106 : {ROLE_DOMAIN_MEMBER, "member"},
107 : {ROLE_DOMAIN_PDC, "classic primary domain controller"},
108 : {ROLE_DOMAIN_BDC, "classic backup domain controller"},
109 : {ROLE_ACTIVE_DIRECTORY_DC, "active directory domain controller"},
110 : {ROLE_ACTIVE_DIRECTORY_DC, "domain controller"},
111 : {ROLE_ACTIVE_DIRECTORY_DC, "dc"},
112 : {ROLE_IPA_DC, "IPA primary domain controller"},
113 : {-1, NULL}
114 : };
115 :
116 : /* SMB signing types. */
117 : static const struct enum_list enum_smb_signing_vals[] = {
118 : {SMB_SIGNING_DEFAULT, "default"},
119 : {SMB_SIGNING_OFF, "No"},
120 : {SMB_SIGNING_OFF, "False"},
121 : {SMB_SIGNING_OFF, "0"},
122 : {SMB_SIGNING_OFF, "Off"},
123 : {SMB_SIGNING_OFF, "disabled"},
124 : {SMB_SIGNING_IF_REQUIRED, "if_required"},
125 : {SMB_SIGNING_IF_REQUIRED, "Yes"},
126 : {SMB_SIGNING_IF_REQUIRED, "True"},
127 : {SMB_SIGNING_IF_REQUIRED, "1"},
128 : {SMB_SIGNING_IF_REQUIRED, "On"},
129 : {SMB_SIGNING_IF_REQUIRED, "enabled"},
130 : {SMB_SIGNING_IF_REQUIRED, "auto"},
131 : {SMB_SIGNING_DESIRED, "desired"},
132 : {SMB_SIGNING_REQUIRED, "required"},
133 : {SMB_SIGNING_REQUIRED, "mandatory"},
134 : {SMB_SIGNING_REQUIRED, "force"},
135 : {SMB_SIGNING_REQUIRED, "forced"},
136 : {SMB_SIGNING_REQUIRED, "enforced"},
137 : {-1, NULL}
138 : };
139 :
140 : static const struct enum_list enum_smb_encryption_vals[] = {
141 : {SMB_ENCRYPTION_DEFAULT, "default"},
142 : {SMB_ENCRYPTION_OFF, "No"},
143 : {SMB_ENCRYPTION_OFF, "False"},
144 : {SMB_ENCRYPTION_OFF, "0"},
145 : {SMB_ENCRYPTION_OFF, "Off"},
146 : {SMB_ENCRYPTION_OFF, "disabled"},
147 : {SMB_ENCRYPTION_IF_REQUIRED, "if_required"},
148 : {SMB_ENCRYPTION_IF_REQUIRED, "Yes"},
149 : {SMB_ENCRYPTION_IF_REQUIRED, "True"},
150 : {SMB_ENCRYPTION_IF_REQUIRED, "1"},
151 : {SMB_ENCRYPTION_IF_REQUIRED, "On"},
152 : {SMB_ENCRYPTION_IF_REQUIRED, "enabled"},
153 : {SMB_ENCRYPTION_IF_REQUIRED, "auto"},
154 : {SMB_ENCRYPTION_DESIRED, "desired"},
155 : {SMB_ENCRYPTION_REQUIRED, "required"},
156 : {SMB_ENCRYPTION_REQUIRED, "mandatory"},
157 : {SMB_ENCRYPTION_REQUIRED, "force"},
158 : {SMB_ENCRYPTION_REQUIRED, "forced"},
159 : {SMB_ENCRYPTION_REQUIRED, "enforced"},
160 : {-1, NULL}
161 : };
162 :
163 : static const struct enum_list enum_use_kerberos_vals[] = {
164 : {CRED_USE_KERBEROS_DESIRED, "desired"},
165 : {CRED_USE_KERBEROS_DESIRED, "auto"},
166 : {CRED_USE_KERBEROS_REQUIRED, "yes"},
167 : {CRED_USE_KERBEROS_REQUIRED, "required"},
168 : {CRED_USE_KERBEROS_DISABLED, "no"},
169 : {CRED_USE_KERBEROS_DISABLED, "disabled"},
170 : {CRED_USE_KERBEROS_DISABLED, "off"},
171 : {-1, NULL}
172 : };
173 :
174 : static const struct enum_list enum_client_protection_vals[] = {
175 : {CRED_CLIENT_PROTECTION_DEFAULT, "default"},
176 : {CRED_CLIENT_PROTECTION_PLAIN, "plain"},
177 : {CRED_CLIENT_PROTECTION_SIGN, "sign"},
178 : {CRED_CLIENT_PROTECTION_ENCRYPT, "encrypt"},
179 : {-1, NULL}
180 : };
181 :
182 : static const struct enum_list enum_mdns_name_values[] = {
183 : {MDNS_NAME_NETBIOS, "netbios"},
184 : {MDNS_NAME_MDNS, "mdns"},
185 : {-1, NULL}
186 : };
187 :
188 : static const struct enum_list enum_tls_verify_peer_vals[] = {
189 : {TLS_VERIFY_PEER_NO_CHECK,
190 : TLS_VERIFY_PEER_NO_CHECK_STRING},
191 : {TLS_VERIFY_PEER_CA_ONLY,
192 : TLS_VERIFY_PEER_CA_ONLY_STRING},
193 : {TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE,
194 : TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE_STRING},
195 : {TLS_VERIFY_PEER_CA_AND_NAME,
196 : TLS_VERIFY_PEER_CA_AND_NAME_STRING},
197 : {TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE,
198 : TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE_STRING},
199 : {-1, NULL}
200 : };
201 :
202 : /* DNS update options. */
203 : static const struct enum_list enum_dns_update_settings[] = {
204 : {DNS_UPDATE_OFF, "disabled"},
205 : {DNS_UPDATE_OFF, "No"},
206 : {DNS_UPDATE_OFF, "False"},
207 : {DNS_UPDATE_OFF, "0"},
208 : {DNS_UPDATE_OFF, "Off"},
209 : {DNS_UPDATE_ON, "nonsecure and secure"},
210 : {DNS_UPDATE_ON, "nonsecure"},
211 : {DNS_UPDATE_SIGNED, "secure only"},
212 : {DNS_UPDATE_SIGNED, "secure"},
213 : {DNS_UPDATE_SIGNED, "signed"},
214 : {-1, NULL}
215 : };
216 :
217 : /*
218 : Do you want session setups at user level security with a invalid
219 : password to be rejected or allowed in as guest? WinNT rejects them
220 : but it can be a pain as it means "net view" needs to use a password
221 :
222 : You have 3 choices in the setting of map_to_guest:
223 :
224 : "Never" means session setups with an invalid password
225 : are rejected. This is the default.
226 :
227 : "Bad User" means session setups with an invalid password
228 : are rejected, unless the username does not exist, in which case it
229 : is treated as a guest login
230 :
231 : "Bad Password" means session setups with an invalid password
232 : are treated as a guest login
233 :
234 : Note that map_to_guest only has an effect in user or server
235 : level security.
236 : */
237 :
238 : static const struct enum_list enum_map_to_guest[] = {
239 : {NEVER_MAP_TO_GUEST, "Never"},
240 : {MAP_TO_GUEST_ON_BAD_USER, "Bad User"},
241 : {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"},
242 : {MAP_TO_GUEST_ON_BAD_UID, "Bad Uid"},
243 : {-1, NULL}
244 : };
245 :
246 : /* Config backend options */
247 :
248 : static const struct enum_list enum_config_backend[] = {
249 : {CONFIG_BACKEND_FILE, "file"},
250 : {CONFIG_BACKEND_REGISTRY, "registry"},
251 : {-1, NULL}
252 : };
253 :
254 : static const struct enum_list enum_smbd_profiling_level[] = {
255 : {0, "off"}, {1, "count"}, {2, "on"}, {-1, NULL}
256 : };
257 :
258 :
259 : /* ADS kerberos ticket verification options */
260 :
261 : static const struct enum_list enum_kerberos_method[] = {
262 : {KERBEROS_VERIFY_SECRETS, "default"},
263 : {KERBEROS_VERIFY_SECRETS, "secrets only"},
264 : {KERBEROS_VERIFY_SECRETS, "secretsonly"},
265 : {KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"},
266 : {KERBEROS_VERIFY_SYSTEM_KEYTAB, "systemkeytab"},
267 : {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"},
268 : {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicatedkeytab"},
269 : {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"},
270 : {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secretsandkeytab"},
271 : {-1, NULL}
272 : };
273 :
274 : /* Kerberos encryption types selection options */
275 :
276 : static const struct enum_list enum_kerberos_encryption_types_vals[] = {
277 : {KERBEROS_ETYPES_ALL, "all"},
278 : {KERBEROS_ETYPES_STRONG, "strong"},
279 : {KERBEROS_ETYPES_LEGACY, "legacy"},
280 : {-1, NULL}
281 : };
282 :
283 : static const struct enum_list enum_printing[] = {
284 : {PRINT_SYSV, "sysv"},
285 : {PRINT_AIX, "aix"},
286 : {PRINT_HPUX, "hpux"},
287 : {PRINT_BSD, "bsd"},
288 : {PRINT_QNX, "qnx"},
289 : {PRINT_PLP, "plp"},
290 : {PRINT_LPRNG, "lprng"},
291 : #ifdef HAVE_CUPS
292 : {PRINT_CUPS, "cups"},
293 : #endif
294 : #ifdef HAVE_IPRINT
295 : {PRINT_IPRINT, "iprint"},
296 : #endif
297 : {PRINT_LPRNT, "nt"},
298 : {PRINT_LPROS2, "os2"},
299 : #if defined(DEVELOPER) || defined(ENABLE_SELFTEST)
300 : {PRINT_TEST, "test"},
301 : {PRINT_VLP, "vlp"},
302 : #endif /* DEVELOPER */
303 : {-1, NULL}
304 : };
305 :
306 : static const struct enum_list enum_ldap_sasl_wrapping[] = {
307 : {0, "plain"},
308 : {ADS_AUTH_SASL_SIGN, "sign"},
309 : {ADS_AUTH_SASL_SEAL, "seal"},
310 : {-1, NULL}
311 : };
312 :
313 : static const struct enum_list enum_ldap_server_require_strong_auth_vals[] = {
314 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "No" },
315 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "False" },
316 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "0" },
317 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS,
318 : "allow_sasl_over_tls" },
319 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "Yes" },
320 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "True" },
321 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "1" },
322 : {-1, NULL}
323 : };
324 :
325 : static const struct enum_list enum_ldap_ssl[] = {
326 : {LDAP_SSL_OFF, "no"},
327 : {LDAP_SSL_OFF, "off"},
328 : {LDAP_SSL_START_TLS, "start tls"},
329 : {LDAP_SSL_START_TLS, "start_tls"},
330 : {-1, NULL}
331 : };
332 :
333 : /* LDAP Dereferencing Alias types */
334 : #define SAMBA_LDAP_DEREF_NEVER 0
335 : #define SAMBA_LDAP_DEREF_SEARCHING 1
336 : #define SAMBA_LDAP_DEREF_FINDING 2
337 : #define SAMBA_LDAP_DEREF_ALWAYS 3
338 :
339 : static const struct enum_list enum_ldap_deref[] = {
340 : {SAMBA_LDAP_DEREF_NEVER, "never"},
341 : {SAMBA_LDAP_DEREF_SEARCHING, "searching"},
342 : {SAMBA_LDAP_DEREF_FINDING, "finding"},
343 : {SAMBA_LDAP_DEREF_ALWAYS, "always"},
344 : {-1, "auto"}
345 : };
346 :
347 : static const struct enum_list enum_ldap_passwd_sync[] = {
348 : {LDAP_PASSWD_SYNC_OFF, "no"},
349 : {LDAP_PASSWD_SYNC_OFF, "off"},
350 : {LDAP_PASSWD_SYNC_ON, "yes"},
351 : {LDAP_PASSWD_SYNC_ON, "on"},
352 : {LDAP_PASSWD_SYNC_ONLY, "only"},
353 : {-1, NULL}
354 : };
355 :
356 : static const struct enum_list enum_map_readonly[] = {
357 : {MAP_READONLY_NO, "no"},
358 : {MAP_READONLY_NO, "false"},
359 : {MAP_READONLY_NO, "0"},
360 : {MAP_READONLY_YES, "yes"},
361 : {MAP_READONLY_YES, "true"},
362 : {MAP_READONLY_YES, "1"},
363 : {MAP_READONLY_PERMISSIONS, "permissions"},
364 : {MAP_READONLY_PERMISSIONS, "perms"},
365 : {-1, NULL}
366 : };
367 :
368 : static const struct enum_list enum_case[] = {
369 : {CASE_LOWER, "lower"},
370 : {CASE_UPPER, "upper"},
371 : {-1, NULL}
372 : };
373 :
374 : static const struct enum_list enum_inherit_owner_vals[] = {
375 : {INHERIT_OWNER_NO, "no"},
376 : {INHERIT_OWNER_WINDOWS_AND_UNIX, "windows and unix"},
377 : {INHERIT_OWNER_WINDOWS_AND_UNIX, "yes"},
378 : {INHERIT_OWNER_UNIX_ONLY, "unix only"},
379 : {-1, NULL}};
380 :
381 : static const struct enum_list enum_mangled_names[] = {
382 : {MANGLED_NAMES_NO, "no"},
383 : {MANGLED_NAMES_NO, "false"},
384 : {MANGLED_NAMES_NO, "0"},
385 : {MANGLED_NAMES_ILLEGAL, "illegal"},
386 : {MANGLED_NAMES_YES, "yes"},
387 : {MANGLED_NAMES_YES, "true"},
388 : {MANGLED_NAMES_YES, "1"},
389 : {-1, NULL}
390 : };
391 :
392 : static const struct enum_list enum_ntlm_auth[] = {
393 : {NTLM_AUTH_DISABLED, "disabled"},
394 : {NTLM_AUTH_NTLMV2_ONLY, "ntlmv2-only"},
395 : {NTLM_AUTH_NTLMV2_ONLY, "no"},
396 : {NTLM_AUTH_NTLMV2_ONLY, "false"},
397 : {NTLM_AUTH_NTLMV2_ONLY, "0"},
398 : {NTLM_AUTH_ON, "ntlmv1-permitted"},
399 : {NTLM_AUTH_ON, "yes"},
400 : {NTLM_AUTH_ON, "true"},
401 : {NTLM_AUTH_ON, "1"},
402 : {NTLM_AUTH_MSCHAPv2_NTLMV2_ONLY, "mschapv2-and-ntlmv2-only"},
403 : {-1, NULL}
404 : };
405 :
406 : static const struct enum_list enum_nt_hash_store[] = {
407 : {NT_HASH_STORE_AUTO, "auto"},
408 : {NT_HASH_STORE_NEVER, "never"},
409 : {NT_HASH_STORE_ALWAYS, "always"},
410 : };
411 :
412 :
413 : static const struct enum_list enum_spotlight_backend[] = {
414 : {SPOTLIGHT_BACKEND_NOINDEX, "noindex"},
415 : {SPOTLIGHT_BACKEND_TRACKER, "tracker"},
416 : {SPOTLIGHT_BACKEND_ES, "elasticsearch"},
417 : {-1, NULL}
418 : };
419 :
420 : /* Note: We do not initialise the defaults union - it is not allowed in ANSI C
421 : *
422 : * NOTE: Handling of duplicated (synonym) parameters:
423 : * Parameters that are synonymous are stored in the same variable.
424 : * All but the default spelling carry the flag FLAG_SYNONYM.
425 : */
426 :
427 : #define GLOBAL_VAR(name) offsetof(struct loadparm_global, name)
428 : #define LOCAL_VAR(name) offsetof(struct loadparm_service, name)
429 :
430 : #include "lib/param/param_table_gen.c"
431 :
432 50736894 : int num_parameters(void)
433 : {
434 50736894 : return (sizeof(parm_table) / sizeof(struct parm_struct));
435 : }
|
