Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Parameter loading functions
4 : Copyright (C) Karl Auer 1993-1998
5 :
6 : Largely re-written by Andrew Tridgell, September 1994
7 :
8 : Copyright (C) Simo Sorce 2001
9 : Copyright (C) Alexander Bokovoy 2002
10 : Copyright (C) Stefan (metze) Metzmacher 2002
11 : Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 : Copyright (C) Michael Adam 2008
13 : Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 : Copyright (C) Andrew Bartlett 2011
15 :
16 : This program is free software; you can redistribute it and/or modify
17 : it under the terms of the GNU General Public License as published by
18 : the Free Software Foundation; either version 3 of the License, or
19 : (at your option) any later version.
20 :
21 : This program is distributed in the hope that it will be useful,
22 : but WITHOUT ANY WARRANTY; without even the implied warranty of
23 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 : GNU General Public License for more details.
25 :
26 : You should have received a copy of the GNU General Public License
27 : along with this program. If not, see <http://www.gnu.org/licenses/>.
28 : */
29 :
30 : #include "includes.h"
31 : #include "lib/param/param.h"
32 : #include "lib/param/loadparm.h"
33 : #include "lib/param/param_global.h"
34 : #include "libcli/auth/ntlm_check.h"
35 : #include "libcli/smb/smb_constants.h"
36 : #include "libds/common/roles.h"
37 : #include "source4/lib/tls/tls.h"
38 : #include "auth/credentials/credentials.h"
39 : #include "source3/librpc/gen_ndr/ads.h"
40 :
41 : #ifndef N_
42 : #define N_(x) x
43 : #endif
44 :
45 : static const struct enum_list enum_protocol[] = {
46 : {PROTOCOL_DEFAULT, "default"}, /* the caller decides what this means */
47 : {PROTOCOL_SMB2_10, "SMB2"}, /* for now keep PROTOCOL_SMB2_10 */
48 : {PROTOCOL_SMB3_11, "SMB3"}, /* for now keep PROTOCOL_SMB3_11 */
49 : {PROTOCOL_SMB3_11, "SMB3_11"},
50 : {PROTOCOL_SMB3_02, "SMB3_02"},
51 : {PROTOCOL_SMB3_00, "SMB3_00"},
52 : {PROTOCOL_SMB2_10, "SMB2_10"},
53 : {PROTOCOL_SMB2_02, "SMB2_02"},
54 : {PROTOCOL_NT1, "NT1"},
55 : {PROTOCOL_LANMAN2, "LANMAN2"},
56 : {PROTOCOL_LANMAN1, "LANMAN1"},
57 : {PROTOCOL_CORE, "CORE"},
58 : {PROTOCOL_COREPLUS, "COREPLUS"},
59 : {PROTOCOL_COREPLUS, "CORE+"},
60 : {-1, NULL}
61 : };
62 :
63 0 : const char* lpcfg_get_smb_protocol(int type)
64 : {
65 : int i;
66 0 : for (i = 1; enum_protocol[i].value != -1; i++) {
67 0 : if (enum_protocol[i].value == type) {
68 0 : return enum_protocol[i].name;
69 : }
70 : }
71 0 : return NULL;
72 : }
73 :
74 : static const struct enum_list enum_security[] = {
75 : {SEC_AUTO, "AUTO"},
76 : {SEC_USER, "USER"},
77 : {SEC_DOMAIN, "DOMAIN"},
78 : {SEC_ADS, "ADS"},
79 : {-1, NULL}
80 : };
81 :
82 : static const struct enum_list enum_bool_auto[] = {
83 : {false, "No"},
84 : {false, "False"},
85 : {false, "0"},
86 : {true, "Yes"},
87 : {true, "True"},
88 : {true, "1"},
89 : {Auto, "Auto"},
90 : {-1, NULL}
91 : };
92 :
93 : static const struct enum_list enum_csc_policy[] = {
94 : {CSC_POLICY_MANUAL, "manual"},
95 : {CSC_POLICY_DOCUMENTS, "documents"},
96 : {CSC_POLICY_PROGRAMS, "programs"},
97 : {CSC_POLICY_DISABLE, "disable"},
98 : {-1, NULL}
99 : };
100 :
101 : /* Server role options */
102 : static const struct enum_list enum_server_role[] = {
103 : {ROLE_AUTO, "auto"},
104 : {ROLE_STANDALONE, "standalone server"},
105 : {ROLE_STANDALONE, "standalone"},
106 : {ROLE_DOMAIN_MEMBER, "member server"},
107 : {ROLE_DOMAIN_MEMBER, "member"},
108 : {ROLE_DOMAIN_PDC, "classic primary domain controller"},
109 : {ROLE_DOMAIN_BDC, "classic backup domain controller"},
110 : {ROLE_ACTIVE_DIRECTORY_DC, "active directory domain controller"},
111 : {ROLE_ACTIVE_DIRECTORY_DC, "domain controller"},
112 : {ROLE_ACTIVE_DIRECTORY_DC, "dc"},
113 : {ROLE_IPA_DC, "IPA primary domain controller"},
114 : {-1, NULL}
115 : };
116 :
117 : /* SMB signing types. */
118 : static const struct enum_list enum_smb_signing_vals[] = {
119 : {SMB_SIGNING_DEFAULT, "default"},
120 : {SMB_SIGNING_OFF, "No"},
121 : {SMB_SIGNING_OFF, "False"},
122 : {SMB_SIGNING_OFF, "0"},
123 : {SMB_SIGNING_OFF, "Off"},
124 : {SMB_SIGNING_OFF, "disabled"},
125 : {SMB_SIGNING_IF_REQUIRED, "if_required"},
126 : {SMB_SIGNING_IF_REQUIRED, "Yes"},
127 : {SMB_SIGNING_IF_REQUIRED, "True"},
128 : {SMB_SIGNING_IF_REQUIRED, "1"},
129 : {SMB_SIGNING_IF_REQUIRED, "On"},
130 : {SMB_SIGNING_IF_REQUIRED, "enabled"},
131 : {SMB_SIGNING_IF_REQUIRED, "auto"},
132 : {SMB_SIGNING_DESIRED, "desired"},
133 : {SMB_SIGNING_REQUIRED, "required"},
134 : {SMB_SIGNING_REQUIRED, "mandatory"},
135 : {SMB_SIGNING_REQUIRED, "force"},
136 : {SMB_SIGNING_REQUIRED, "forced"},
137 : {SMB_SIGNING_REQUIRED, "enforced"},
138 : {-1, NULL}
139 : };
140 :
141 : static const struct enum_list enum_smb_encryption_vals[] = {
142 : {SMB_ENCRYPTION_DEFAULT, "default"},
143 : {SMB_ENCRYPTION_OFF, "No"},
144 : {SMB_ENCRYPTION_OFF, "False"},
145 : {SMB_ENCRYPTION_OFF, "0"},
146 : {SMB_ENCRYPTION_OFF, "Off"},
147 : {SMB_ENCRYPTION_OFF, "disabled"},
148 : {SMB_ENCRYPTION_IF_REQUIRED, "if_required"},
149 : {SMB_ENCRYPTION_IF_REQUIRED, "Yes"},
150 : {SMB_ENCRYPTION_IF_REQUIRED, "True"},
151 : {SMB_ENCRYPTION_IF_REQUIRED, "1"},
152 : {SMB_ENCRYPTION_IF_REQUIRED, "On"},
153 : {SMB_ENCRYPTION_IF_REQUIRED, "enabled"},
154 : {SMB_ENCRYPTION_IF_REQUIRED, "auto"},
155 : {SMB_ENCRYPTION_DESIRED, "desired"},
156 : {SMB_ENCRYPTION_REQUIRED, "required"},
157 : {SMB_ENCRYPTION_REQUIRED, "mandatory"},
158 : {SMB_ENCRYPTION_REQUIRED, "force"},
159 : {SMB_ENCRYPTION_REQUIRED, "forced"},
160 : {SMB_ENCRYPTION_REQUIRED, "enforced"},
161 : {-1, NULL}
162 : };
163 :
164 : static const struct enum_list enum_use_kerberos_vals[] = {
165 : {CRED_USE_KERBEROS_DESIRED, "desired"},
166 : {CRED_USE_KERBEROS_DESIRED, "auto"},
167 : {CRED_USE_KERBEROS_REQUIRED, "yes"},
168 : {CRED_USE_KERBEROS_REQUIRED, "required"},
169 : {CRED_USE_KERBEROS_DISABLED, "no"},
170 : {CRED_USE_KERBEROS_DISABLED, "disabled"},
171 : {CRED_USE_KERBEROS_DISABLED, "off"},
172 : {-1, NULL}
173 : };
174 :
175 : static const struct enum_list enum_client_protection_vals[] = {
176 : {CRED_CLIENT_PROTECTION_DEFAULT, "default"},
177 : {CRED_CLIENT_PROTECTION_PLAIN, "plain"},
178 : {CRED_CLIENT_PROTECTION_SIGN, "sign"},
179 : {CRED_CLIENT_PROTECTION_ENCRYPT, "encrypt"},
180 : {-1, NULL}
181 : };
182 :
183 : static const struct enum_list enum_mdns_name_values[] = {
184 : {MDNS_NAME_NETBIOS, "netbios"},
185 : {MDNS_NAME_MDNS, "mdns"},
186 : {-1, NULL}
187 : };
188 :
189 : static const struct enum_list enum_tls_verify_peer_vals[] = {
190 : {TLS_VERIFY_PEER_NO_CHECK,
191 : TLS_VERIFY_PEER_NO_CHECK_STRING},
192 : {TLS_VERIFY_PEER_CA_ONLY,
193 : TLS_VERIFY_PEER_CA_ONLY_STRING},
194 : {TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE,
195 : TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE_STRING},
196 : {TLS_VERIFY_PEER_CA_AND_NAME,
197 : TLS_VERIFY_PEER_CA_AND_NAME_STRING},
198 : {TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE,
199 : TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE_STRING},
200 : {-1, NULL}
201 : };
202 :
203 : /* DNS update options. */
204 : static const struct enum_list enum_dns_update_settings[] = {
205 : {DNS_UPDATE_OFF, "disabled"},
206 : {DNS_UPDATE_OFF, "No"},
207 : {DNS_UPDATE_OFF, "False"},
208 : {DNS_UPDATE_OFF, "0"},
209 : {DNS_UPDATE_OFF, "Off"},
210 : {DNS_UPDATE_ON, "nonsecure and secure"},
211 : {DNS_UPDATE_ON, "nonsecure"},
212 : {DNS_UPDATE_SIGNED, "secure only"},
213 : {DNS_UPDATE_SIGNED, "secure"},
214 : {DNS_UPDATE_SIGNED, "signed"},
215 : {-1, NULL}
216 : };
217 :
218 : /*
219 : Do you want session setups at user level security with a invalid
220 : password to be rejected or allowed in as guest? WinNT rejects them
221 : but it can be a pain as it means "net view" needs to use a password
222 :
223 : You have 3 choices in the setting of map_to_guest:
224 :
225 : "Never" means session setups with an invalid password
226 : are rejected. This is the default.
227 :
228 : "Bad User" means session setups with an invalid password
229 : are rejected, unless the username does not exist, in which case it
230 : is treated as a guest login
231 :
232 : "Bad Password" means session setups with an invalid password
233 : are treated as a guest login
234 :
235 : Note that map_to_guest only has an effect in user or server
236 : level security.
237 : */
238 :
239 : static const struct enum_list enum_map_to_guest[] = {
240 : {NEVER_MAP_TO_GUEST, "Never"},
241 : {MAP_TO_GUEST_ON_BAD_USER, "Bad User"},
242 : {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"},
243 : {MAP_TO_GUEST_ON_BAD_UID, "Bad Uid"},
244 : {-1, NULL}
245 : };
246 :
247 : /* Config backend options */
248 :
249 : static const struct enum_list enum_config_backend[] = {
250 : {CONFIG_BACKEND_FILE, "file"},
251 : {CONFIG_BACKEND_REGISTRY, "registry"},
252 : {-1, NULL}
253 : };
254 :
255 : static const struct enum_list enum_smbd_profiling_level[] = {
256 : {0, "off"}, {1, "count"}, {2, "on"}, {-1, NULL}
257 : };
258 :
259 :
260 : /* ADS kerberos ticket verification options */
261 :
262 : static const struct enum_list enum_kerberos_method[] = {
263 : {KERBEROS_VERIFY_SECRETS, "default"},
264 : {KERBEROS_VERIFY_SECRETS, "secrets only"},
265 : {KERBEROS_VERIFY_SECRETS, "secretsonly"},
266 : {KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"},
267 : {KERBEROS_VERIFY_SYSTEM_KEYTAB, "systemkeytab"},
268 : {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"},
269 : {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicatedkeytab"},
270 : {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"},
271 : {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secretsandkeytab"},
272 : {-1, NULL}
273 : };
274 :
275 : /* Kerberos encryption types selection options */
276 :
277 : static const struct enum_list enum_kerberos_encryption_types_vals[] = {
278 : {KERBEROS_ETYPES_ALL, "all"},
279 : {KERBEROS_ETYPES_STRONG, "strong"},
280 : {KERBEROS_ETYPES_LEGACY, "legacy"},
281 : {-1, NULL}
282 : };
283 :
284 : static const struct enum_list enum_printing[] = {
285 : {PRINT_SYSV, "sysv"},
286 : {PRINT_AIX, "aix"},
287 : {PRINT_HPUX, "hpux"},
288 : {PRINT_BSD, "bsd"},
289 : {PRINT_QNX, "qnx"},
290 : {PRINT_PLP, "plp"},
291 : {PRINT_LPRNG, "lprng"},
292 : #ifdef HAVE_CUPS
293 : {PRINT_CUPS, "cups"},
294 : #endif
295 : #ifdef HAVE_IPRINT
296 : {PRINT_IPRINT, "iprint"},
297 : #endif
298 : {PRINT_LPRNT, "nt"},
299 : {PRINT_LPROS2, "os2"},
300 : #if defined(DEVELOPER) || defined(ENABLE_SELFTEST)
301 : {PRINT_TEST, "test"},
302 : {PRINT_VLP, "vlp"},
303 : #endif /* DEVELOPER */
304 : {-1, NULL}
305 : };
306 :
307 : static const struct enum_list enum_ldap_sasl_wrapping[] = {
308 : {0, "plain"},
309 : {ADS_AUTH_SASL_SIGN, "sign"},
310 : {ADS_AUTH_SASL_SEAL, "seal"},
311 : {-1, NULL}
312 : };
313 :
314 : static const struct enum_list enum_ldap_server_require_strong_auth_vals[] = {
315 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "No" },
316 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "False" },
317 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "0" },
318 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS,
319 : "allow_sasl_over_tls" },
320 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "Yes" },
321 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "True" },
322 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "1" },
323 : {-1, NULL}
324 : };
325 :
326 : static const struct enum_list enum_ldap_ssl[] = {
327 : {LDAP_SSL_OFF, "no"},
328 : {LDAP_SSL_OFF, "off"},
329 : {LDAP_SSL_START_TLS, "start tls"},
330 : {LDAP_SSL_START_TLS, "start_tls"},
331 : {-1, NULL}
332 : };
333 :
334 : /* LDAP Dereferencing Alias types */
335 : #define SAMBA_LDAP_DEREF_NEVER 0
336 : #define SAMBA_LDAP_DEREF_SEARCHING 1
337 : #define SAMBA_LDAP_DEREF_FINDING 2
338 : #define SAMBA_LDAP_DEREF_ALWAYS 3
339 :
340 : static const struct enum_list enum_ldap_deref[] = {
341 : {SAMBA_LDAP_DEREF_NEVER, "never"},
342 : {SAMBA_LDAP_DEREF_SEARCHING, "searching"},
343 : {SAMBA_LDAP_DEREF_FINDING, "finding"},
344 : {SAMBA_LDAP_DEREF_ALWAYS, "always"},
345 : {-1, "auto"}
346 : };
347 :
348 : static const struct enum_list enum_ldap_passwd_sync[] = {
349 : {LDAP_PASSWD_SYNC_OFF, "no"},
350 : {LDAP_PASSWD_SYNC_OFF, "off"},
351 : {LDAP_PASSWD_SYNC_ON, "yes"},
352 : {LDAP_PASSWD_SYNC_ON, "on"},
353 : {LDAP_PASSWD_SYNC_ONLY, "only"},
354 : {-1, NULL}
355 : };
356 :
357 : static const struct enum_list enum_map_readonly[] = {
358 : {MAP_READONLY_NO, "no"},
359 : {MAP_READONLY_NO, "false"},
360 : {MAP_READONLY_NO, "0"},
361 : {MAP_READONLY_YES, "yes"},
362 : {MAP_READONLY_YES, "true"},
363 : {MAP_READONLY_YES, "1"},
364 : {MAP_READONLY_PERMISSIONS, "permissions"},
365 : {MAP_READONLY_PERMISSIONS, "perms"},
366 : {-1, NULL}
367 : };
368 :
369 : static const struct enum_list enum_case[] = {
370 : {CASE_LOWER, "lower"},
371 : {CASE_UPPER, "upper"},
372 : {-1, NULL}
373 : };
374 :
375 : static const struct enum_list enum_inherit_owner_vals[] = {
376 : {INHERIT_OWNER_NO, "no"},
377 : {INHERIT_OWNER_WINDOWS_AND_UNIX, "windows and unix"},
378 : {INHERIT_OWNER_WINDOWS_AND_UNIX, "yes"},
379 : {INHERIT_OWNER_UNIX_ONLY, "unix only"},
380 : {-1, NULL}};
381 :
382 : static const struct enum_list enum_mangled_names[] = {
383 : {MANGLED_NAMES_NO, "no"},
384 : {MANGLED_NAMES_NO, "false"},
385 : {MANGLED_NAMES_NO, "0"},
386 : {MANGLED_NAMES_ILLEGAL, "illegal"},
387 : {MANGLED_NAMES_YES, "yes"},
388 : {MANGLED_NAMES_YES, "true"},
389 : {MANGLED_NAMES_YES, "1"},
390 : {-1, NULL}
391 : };
392 :
393 : static const struct enum_list enum_ntlm_auth[] = {
394 : {NTLM_AUTH_DISABLED, "disabled"},
395 : {NTLM_AUTH_NTLMV2_ONLY, "ntlmv2-only"},
396 : {NTLM_AUTH_NTLMV2_ONLY, "no"},
397 : {NTLM_AUTH_NTLMV2_ONLY, "false"},
398 : {NTLM_AUTH_NTLMV2_ONLY, "0"},
399 : {NTLM_AUTH_ON, "ntlmv1-permitted"},
400 : {NTLM_AUTH_ON, "yes"},
401 : {NTLM_AUTH_ON, "true"},
402 : {NTLM_AUTH_ON, "1"},
403 : {NTLM_AUTH_MSCHAPv2_NTLMV2_ONLY, "mschapv2-and-ntlmv2-only"},
404 : {-1, NULL}
405 : };
406 :
407 : static const struct enum_list enum_nt_hash_store[] = {
408 : {NT_HASH_STORE_AUTO, "auto"},
409 : {NT_HASH_STORE_NEVER, "never"},
410 : {NT_HASH_STORE_ALWAYS, "always"},
411 : };
412 :
413 :
414 : static const struct enum_list enum_spotlight_backend[] = {
415 : {SPOTLIGHT_BACKEND_NOINDEX, "noindex"},
416 : {SPOTLIGHT_BACKEND_TRACKER, "tracker"},
417 : {SPOTLIGHT_BACKEND_ES, "elasticsearch"},
418 : {-1, NULL}
419 : };
420 :
421 : /* Note: We do not initialise the defaults union - it is not allowed in ANSI C
422 : *
423 : * NOTE: Handling of duplicated (synonym) parameters:
424 : * Parameters that are synonymous are stored in the same variable.
425 : * All but the default spelling carry the flag FLAG_SYNONYM.
426 : */
427 :
428 : #define GLOBAL_VAR(name) offsetof(struct loadparm_global, name)
429 : #define LOCAL_VAR(name) offsetof(struct loadparm_service, name)
430 :
431 : #include "lib/param/param_table_gen.c"
432 :
433 50815103 : int num_parameters(void)
434 : {
435 50815103 : return (sizeof(parm_table) / sizeof(struct parm_struct));
436 : }
|
