Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Parameter loading functions
4 : Copyright (C) Karl Auer 1993-1998
5 :
6 : Largely re-written by Andrew Tridgell, September 1994
7 :
8 : Copyright (C) Simo Sorce 2001
9 : Copyright (C) Alexander Bokovoy 2002
10 : Copyright (C) Stefan (metze) Metzmacher 2002
11 : Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 : Copyright (C) Michael Adam 2008
13 : Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 : Copyright (C) Andrew Bartlett 2011
15 :
16 : This program is free software; you can redistribute it and/or modify
17 : it under the terms of the GNU General Public License as published by
18 : the Free Software Foundation; either version 3 of the License, or
19 : (at your option) any later version.
20 :
21 : This program is distributed in the hope that it will be useful,
22 : but WITHOUT ANY WARRANTY; without even the implied warranty of
23 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 : GNU General Public License for more details.
25 :
26 : You should have received a copy of the GNU General Public License
27 : along with this program. If not, see <http://www.gnu.org/licenses/>.
28 : */
29 :
30 : #include "includes.h"
31 : #include "lib/param/param.h"
32 : #include "lib/param/loadparm.h"
33 : #include "lib/param/param_global.h"
34 : #include "libcli/auth/ntlm_check.h"
35 : #include "libcli/smb/smb_constants.h"
36 : #include "libds/common/roles.h"
37 : #include "libds/common/flags.h"
38 : #include "source4/lib/tls/tls.h"
39 : #include "auth/credentials/credentials.h"
40 : #include "source3/librpc/gen_ndr/ads.h"
41 :
42 : #ifndef N_
43 : #define N_(x) x
44 : #endif
45 :
46 : static const struct enum_list enum_protocol[] = {
47 : {PROTOCOL_DEFAULT, "default"}, /* the caller decides what this means */
48 : {PROTOCOL_SMB2_10, "SMB2"}, /* for now keep PROTOCOL_SMB2_10 */
49 : {PROTOCOL_SMB3_11, "SMB3"}, /* for now keep PROTOCOL_SMB3_11 */
50 : {PROTOCOL_SMB3_11, "SMB3_11"},
51 : {PROTOCOL_SMB3_02, "SMB3_02"},
52 : {PROTOCOL_SMB3_00, "SMB3_00"},
53 : {PROTOCOL_SMB2_10, "SMB2_10"},
54 : {PROTOCOL_SMB2_02, "SMB2_02"},
55 : {PROTOCOL_NT1, "NT1"},
56 : {PROTOCOL_LANMAN2, "LANMAN2"},
57 : {PROTOCOL_LANMAN1, "LANMAN1"},
58 : {PROTOCOL_CORE, "CORE"},
59 : {PROTOCOL_COREPLUS, "COREPLUS"},
60 : {PROTOCOL_COREPLUS, "CORE+"},
61 : {-1, NULL}
62 : };
63 :
64 720 : const char* lpcfg_get_smb_protocol(int type)
65 : {
66 0 : int i;
67 6824 : for (i = 1; enum_protocol[i].value != -1; i++) {
68 6824 : if (enum_protocol[i].value == type) {
69 720 : return enum_protocol[i].name;
70 : }
71 : }
72 0 : return NULL;
73 : }
74 :
75 : static const struct enum_list enum_security[] = {
76 : {SEC_AUTO, "AUTO"},
77 : {SEC_USER, "USER"},
78 : {SEC_DOMAIN, "DOMAIN"},
79 : {SEC_ADS, "ADS"},
80 : {-1, NULL}
81 : };
82 :
83 : static const struct enum_list enum_bool_auto[] = {
84 : {false, "No"},
85 : {false, "False"},
86 : {false, "0"},
87 : {true, "Yes"},
88 : {true, "True"},
89 : {true, "1"},
90 : {Auto, "Auto"},
91 : {-1, NULL}
92 : };
93 :
94 : static const struct enum_list enum_csc_policy[] = {
95 : {CSC_POLICY_MANUAL, "manual"},
96 : {CSC_POLICY_DOCUMENTS, "documents"},
97 : {CSC_POLICY_PROGRAMS, "programs"},
98 : {CSC_POLICY_DISABLE, "disable"},
99 : {-1, NULL}
100 : };
101 :
102 : /* Server role options */
103 : static const struct enum_list enum_server_role[] = {
104 : {ROLE_AUTO, "auto"},
105 : {ROLE_STANDALONE, "standalone server"},
106 : {ROLE_STANDALONE, "standalone"},
107 : {ROLE_DOMAIN_MEMBER, "member server"},
108 : {ROLE_DOMAIN_MEMBER, "member"},
109 : {ROLE_DOMAIN_PDC, "classic primary domain controller"},
110 : {ROLE_DOMAIN_BDC, "classic backup domain controller"},
111 : {ROLE_ACTIVE_DIRECTORY_DC, "active directory domain controller"},
112 : {ROLE_ACTIVE_DIRECTORY_DC, "domain controller"},
113 : {ROLE_ACTIVE_DIRECTORY_DC, "dc"},
114 : {ROLE_IPA_DC, "IPA primary domain controller"},
115 : {-1, NULL}
116 : };
117 :
118 : /* SMB signing types. */
119 : static const struct enum_list enum_smb_signing_vals[] = {
120 : {SMB_SIGNING_DEFAULT, "default"},
121 : {SMB_SIGNING_OFF, "No"},
122 : {SMB_SIGNING_OFF, "False"},
123 : {SMB_SIGNING_OFF, "0"},
124 : {SMB_SIGNING_OFF, "Off"},
125 : {SMB_SIGNING_OFF, "disabled"},
126 : {SMB_SIGNING_IF_REQUIRED, "if_required"},
127 : {SMB_SIGNING_IF_REQUIRED, "Yes"},
128 : {SMB_SIGNING_IF_REQUIRED, "True"},
129 : {SMB_SIGNING_IF_REQUIRED, "1"},
130 : {SMB_SIGNING_IF_REQUIRED, "On"},
131 : {SMB_SIGNING_IF_REQUIRED, "enabled"},
132 : {SMB_SIGNING_IF_REQUIRED, "auto"},
133 : {SMB_SIGNING_DESIRED, "desired"},
134 : {SMB_SIGNING_REQUIRED, "required"},
135 : {SMB_SIGNING_REQUIRED, "mandatory"},
136 : {SMB_SIGNING_REQUIRED, "force"},
137 : {SMB_SIGNING_REQUIRED, "forced"},
138 : {SMB_SIGNING_REQUIRED, "enforced"},
139 : {-1, NULL}
140 : };
141 :
142 : static const struct enum_list enum_smb_encryption_vals[] = {
143 : {SMB_ENCRYPTION_DEFAULT, "default"},
144 : {SMB_ENCRYPTION_OFF, "No"},
145 : {SMB_ENCRYPTION_OFF, "False"},
146 : {SMB_ENCRYPTION_OFF, "0"},
147 : {SMB_ENCRYPTION_OFF, "Off"},
148 : {SMB_ENCRYPTION_OFF, "disabled"},
149 : {SMB_ENCRYPTION_IF_REQUIRED, "if_required"},
150 : {SMB_ENCRYPTION_IF_REQUIRED, "Yes"},
151 : {SMB_ENCRYPTION_IF_REQUIRED, "True"},
152 : {SMB_ENCRYPTION_IF_REQUIRED, "1"},
153 : {SMB_ENCRYPTION_IF_REQUIRED, "On"},
154 : {SMB_ENCRYPTION_IF_REQUIRED, "enabled"},
155 : {SMB_ENCRYPTION_IF_REQUIRED, "auto"},
156 : {SMB_ENCRYPTION_DESIRED, "desired"},
157 : {SMB_ENCRYPTION_REQUIRED, "required"},
158 : {SMB_ENCRYPTION_REQUIRED, "mandatory"},
159 : {SMB_ENCRYPTION_REQUIRED, "force"},
160 : {SMB_ENCRYPTION_REQUIRED, "forced"},
161 : {SMB_ENCRYPTION_REQUIRED, "enforced"},
162 : {-1, NULL}
163 : };
164 :
165 : static const struct enum_list enum_use_kerberos_vals[] = {
166 : {CRED_USE_KERBEROS_DESIRED, "desired"},
167 : {CRED_USE_KERBEROS_DESIRED, "auto"},
168 : {CRED_USE_KERBEROS_REQUIRED, "yes"},
169 : {CRED_USE_KERBEROS_REQUIRED, "required"},
170 : {CRED_USE_KERBEROS_DISABLED, "no"},
171 : {CRED_USE_KERBEROS_DISABLED, "disabled"},
172 : {CRED_USE_KERBEROS_DISABLED, "off"},
173 : {-1, NULL}
174 : };
175 :
176 : static const struct enum_list enum_client_protection_vals[] = {
177 : {CRED_CLIENT_PROTECTION_DEFAULT, "default"},
178 : {CRED_CLIENT_PROTECTION_PLAIN, "plain"},
179 : {CRED_CLIENT_PROTECTION_SIGN, "sign"},
180 : {CRED_CLIENT_PROTECTION_ENCRYPT, "encrypt"},
181 : {-1, NULL}
182 : };
183 :
184 : static const struct enum_list enum_mdns_name_values[] = {
185 : {MDNS_NAME_NETBIOS, "netbios"},
186 : {MDNS_NAME_MDNS, "mdns"},
187 : {-1, NULL}
188 : };
189 :
190 : static const struct enum_list enum_tls_verify_peer_vals[] = {
191 : {TLS_VERIFY_PEER_NO_CHECK,
192 : TLS_VERIFY_PEER_NO_CHECK_STRING},
193 : {TLS_VERIFY_PEER_CA_ONLY,
194 : TLS_VERIFY_PEER_CA_ONLY_STRING},
195 : {TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE,
196 : TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE_STRING},
197 : {TLS_VERIFY_PEER_CA_AND_NAME,
198 : TLS_VERIFY_PEER_CA_AND_NAME_STRING},
199 : {TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE,
200 : TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE_STRING},
201 : {-1, NULL}
202 : };
203 :
204 : /* DNS update options. */
205 : static const struct enum_list enum_dns_update_settings[] = {
206 : {DNS_UPDATE_OFF, "disabled"},
207 : {DNS_UPDATE_OFF, "No"},
208 : {DNS_UPDATE_OFF, "False"},
209 : {DNS_UPDATE_OFF, "0"},
210 : {DNS_UPDATE_OFF, "Off"},
211 : {DNS_UPDATE_ON, "nonsecure and secure"},
212 : {DNS_UPDATE_ON, "nonsecure"},
213 : {DNS_UPDATE_SIGNED, "secure only"},
214 : {DNS_UPDATE_SIGNED, "secure"},
215 : {DNS_UPDATE_SIGNED, "signed"},
216 : {-1, NULL}
217 : };
218 :
219 : /*
220 : Do you want session setups at user level security with a invalid
221 : password to be rejected or allowed in as guest? WinNT rejects them
222 : but it can be a pain as it means "net view" needs to use a password
223 :
224 : You have 3 choices in the setting of map_to_guest:
225 :
226 : "Never" means session setups with an invalid password
227 : are rejected. This is the default.
228 :
229 : "Bad User" means session setups with an invalid password
230 : are rejected, unless the username does not exist, in which case it
231 : is treated as a guest login
232 :
233 : "Bad Password" means session setups with an invalid password
234 : are treated as a guest login
235 :
236 : Note that map_to_guest only has an effect in user or server
237 : level security.
238 : */
239 :
240 : static const struct enum_list enum_map_to_guest[] = {
241 : {NEVER_MAP_TO_GUEST, "Never"},
242 : {MAP_TO_GUEST_ON_BAD_USER, "Bad User"},
243 : {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"},
244 : {MAP_TO_GUEST_ON_BAD_UID, "Bad Uid"},
245 : {-1, NULL}
246 : };
247 :
248 : /* Config backend options */
249 :
250 : static const struct enum_list enum_config_backend[] = {
251 : {CONFIG_BACKEND_FILE, "file"},
252 : {CONFIG_BACKEND_REGISTRY, "registry"},
253 : {-1, NULL}
254 : };
255 :
256 : static const struct enum_list enum_smbd_profiling_level[] = {
257 : {0, "off"}, {1, "count"}, {2, "on"}, {-1, NULL}
258 : };
259 :
260 :
261 : /* ADS kerberos ticket verification options */
262 :
263 : static const struct enum_list enum_kerberos_method[] = {
264 : {KERBEROS_VERIFY_SECRETS, "default"},
265 : {KERBEROS_VERIFY_SECRETS, "secrets only"},
266 : {KERBEROS_VERIFY_SECRETS, "secretsonly"},
267 : {KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"},
268 : {KERBEROS_VERIFY_SYSTEM_KEYTAB, "systemkeytab"},
269 : {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"},
270 : {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicatedkeytab"},
271 : {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"},
272 : {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secretsandkeytab"},
273 : {-1, NULL}
274 : };
275 :
276 : /* Kerberos encryption types selection options */
277 :
278 : static const struct enum_list enum_kerberos_encryption_types_vals[] = {
279 : {KERBEROS_ETYPES_ALL, "all"},
280 : {KERBEROS_ETYPES_STRONG, "strong"},
281 : {KERBEROS_ETYPES_LEGACY, "legacy"},
282 : {-1, NULL}
283 : };
284 :
285 : static const struct enum_list enum_printing[] = {
286 : {PRINT_SYSV, "sysv"},
287 : {PRINT_AIX, "aix"},
288 : {PRINT_HPUX, "hpux"},
289 : {PRINT_BSD, "bsd"},
290 : {PRINT_QNX, "qnx"},
291 : {PRINT_PLP, "plp"},
292 : {PRINT_LPRNG, "lprng"},
293 : #ifdef HAVE_CUPS
294 : {PRINT_CUPS, "cups"},
295 : #endif
296 : #ifdef HAVE_IPRINT
297 : {PRINT_IPRINT, "iprint"},
298 : #endif
299 : {PRINT_LPRNT, "nt"},
300 : {PRINT_LPROS2, "os2"},
301 : #if defined(DEVELOPER) || defined(ENABLE_SELFTEST)
302 : {PRINT_TEST, "test"},
303 : {PRINT_VLP, "vlp"},
304 : #endif /* DEVELOPER */
305 : {-1, NULL}
306 : };
307 :
308 : static const struct enum_list enum_ldap_sasl_wrapping[] = {
309 : {0, "plain"},
310 : {ADS_AUTH_SASL_SIGN, "sign"},
311 : {ADS_AUTH_SASL_SEAL, "seal"},
312 : {-1, NULL}
313 : };
314 :
315 : static const struct enum_list enum_ldap_server_require_strong_auth_vals[] = {
316 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "No" },
317 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "False" },
318 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "0" },
319 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS,
320 : "allow_sasl_over_tls" },
321 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "Yes" },
322 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "True" },
323 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "1" },
324 : {-1, NULL}
325 : };
326 :
327 : static const struct enum_list enum_ldap_ssl[] = {
328 : {LDAP_SSL_OFF, "no"},
329 : {LDAP_SSL_OFF, "off"},
330 : {LDAP_SSL_START_TLS, "start tls"},
331 : {LDAP_SSL_START_TLS, "start_tls"},
332 : {-1, NULL}
333 : };
334 :
335 : /* LDAP Dereferencing Alias types */
336 : #define SAMBA_LDAP_DEREF_NEVER 0
337 : #define SAMBA_LDAP_DEREF_SEARCHING 1
338 : #define SAMBA_LDAP_DEREF_FINDING 2
339 : #define SAMBA_LDAP_DEREF_ALWAYS 3
340 :
341 : static const struct enum_list enum_ldap_deref[] = {
342 : {SAMBA_LDAP_DEREF_NEVER, "never"},
343 : {SAMBA_LDAP_DEREF_SEARCHING, "searching"},
344 : {SAMBA_LDAP_DEREF_FINDING, "finding"},
345 : {SAMBA_LDAP_DEREF_ALWAYS, "always"},
346 : {-1, "auto"}
347 : };
348 :
349 : static const struct enum_list enum_ldap_passwd_sync[] = {
350 : {LDAP_PASSWD_SYNC_OFF, "no"},
351 : {LDAP_PASSWD_SYNC_OFF, "off"},
352 : {LDAP_PASSWD_SYNC_ON, "yes"},
353 : {LDAP_PASSWD_SYNC_ON, "on"},
354 : {LDAP_PASSWD_SYNC_ONLY, "only"},
355 : {-1, NULL}
356 : };
357 :
358 : static const struct enum_list enum_map_readonly[] = {
359 : {MAP_READONLY_NO, "no"},
360 : {MAP_READONLY_NO, "false"},
361 : {MAP_READONLY_NO, "0"},
362 : {MAP_READONLY_YES, "yes"},
363 : {MAP_READONLY_YES, "true"},
364 : {MAP_READONLY_YES, "1"},
365 : {MAP_READONLY_PERMISSIONS, "permissions"},
366 : {MAP_READONLY_PERMISSIONS, "perms"},
367 : {-1, NULL}
368 : };
369 :
370 : static const struct enum_list enum_case[] = {
371 : {CASE_LOWER, "lower"},
372 : {CASE_UPPER, "upper"},
373 : {-1, NULL}
374 : };
375 :
376 : static const struct enum_list enum_inherit_owner_vals[] = {
377 : {INHERIT_OWNER_NO, "no"},
378 : {INHERIT_OWNER_WINDOWS_AND_UNIX, "windows and unix"},
379 : {INHERIT_OWNER_WINDOWS_AND_UNIX, "yes"},
380 : {INHERIT_OWNER_UNIX_ONLY, "unix only"},
381 : {-1, NULL}};
382 :
383 : static const struct enum_list enum_mangled_names[] = {
384 : {MANGLED_NAMES_NO, "no"},
385 : {MANGLED_NAMES_NO, "false"},
386 : {MANGLED_NAMES_NO, "0"},
387 : {MANGLED_NAMES_ILLEGAL, "illegal"},
388 : {MANGLED_NAMES_YES, "yes"},
389 : {MANGLED_NAMES_YES, "true"},
390 : {MANGLED_NAMES_YES, "1"},
391 : {-1, NULL}
392 : };
393 :
394 : static const struct enum_list enum_ntlm_auth[] = {
395 : {NTLM_AUTH_DISABLED, "disabled"},
396 : {NTLM_AUTH_NTLMV2_ONLY, "ntlmv2-only"},
397 : {NTLM_AUTH_NTLMV2_ONLY, "no"},
398 : {NTLM_AUTH_NTLMV2_ONLY, "false"},
399 : {NTLM_AUTH_NTLMV2_ONLY, "0"},
400 : {NTLM_AUTH_ON, "ntlmv1-permitted"},
401 : {NTLM_AUTH_ON, "yes"},
402 : {NTLM_AUTH_ON, "true"},
403 : {NTLM_AUTH_ON, "1"},
404 : {NTLM_AUTH_MSCHAPv2_NTLMV2_ONLY, "mschapv2-and-ntlmv2-only"},
405 : {-1, NULL}
406 : };
407 :
408 : static const struct enum_list enum_nt_hash_store[] = {
409 : {NT_HASH_STORE_AUTO, "auto"},
410 : {NT_HASH_STORE_NEVER, "never"},
411 : {NT_HASH_STORE_ALWAYS, "always"},
412 : };
413 :
414 :
415 : static const struct enum_list enum_spotlight_backend[] = {
416 : {SPOTLIGHT_BACKEND_NOINDEX, "noindex"},
417 : {SPOTLIGHT_BACKEND_TRACKER, "tracker"},
418 : {SPOTLIGHT_BACKEND_ES, "elasticsearch"},
419 : {-1, NULL}
420 : };
421 :
422 : static const struct enum_list enum_debug_syslog_format[] = {
423 : {DEBUG_SYSLOG_FORMAT_NO, "No"},
424 : {DEBUG_SYSLOG_FORMAT_NO, "False"},
425 : {DEBUG_SYSLOG_FORMAT_NO, "0"},
426 : {DEBUG_SYSLOG_FORMAT_IN_LOGS, "in_logs"},
427 : {DEBUG_SYSLOG_FORMAT_IN_LOGS, "Yes"},
428 : {DEBUG_SYSLOG_FORMAT_IN_LOGS, "True"},
429 : {DEBUG_SYSLOG_FORMAT_IN_LOGS, "1"},
430 : {DEBUG_SYSLOG_FORMAT_ALWAYS, "always"},
431 : {-1, NULL}
432 : };
433 :
434 : static const struct enum_list enum_ad_functional_level[] = {
435 : {DS_DOMAIN_FUNCTION_2008_R2, "2008_R2"},
436 : {DS_DOMAIN_FUNCTION_2012, "2012"},
437 : {DS_DOMAIN_FUNCTION_2012_R2, "2012_R2"},
438 : {DS_DOMAIN_FUNCTION_2016, "2016"},
439 : {-1, NULL}
440 : };
441 :
442 : static const struct enum_list enum_acl_claims_evaluation[] = {
443 : {ACL_CLAIMS_EVALUATION_AD_DC_ONLY, "AD DC only"},
444 : {ACL_CLAIMS_EVALUATION_NEVER, "never"},
445 : {-1, NULL}
446 : };
447 :
448 : /* Note: We do not initialise the defaults union - it is not allowed in ANSI C
449 : *
450 : * NOTE: Handling of duplicated (synonym) parameters:
451 : * Parameters that are synonymous are stored in the same variable.
452 : * All but the default spelling carry the flag FLAG_SYNONYM.
453 : */
454 :
455 : #define GLOBAL_VAR(name) offsetof(struct loadparm_global, name)
456 : #define LOCAL_VAR(name) offsetof(struct loadparm_service, name)
457 :
458 : #include "lib/param/param_table_gen.c"
459 :
460 150687088 : int num_parameters(void)
461 : {
462 150687088 : return (sizeof(parm_table) / sizeof(struct parm_struct));
463 : }
|
