Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Parameter loading functions
4 : Copyright (C) Karl Auer 1993-1998
5 :
6 : Largely re-written by Andrew Tridgell, September 1994
7 :
8 : Copyright (C) Simo Sorce 2001
9 : Copyright (C) Alexander Bokovoy 2002
10 : Copyright (C) Stefan (metze) Metzmacher 2002
11 : Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12 : Copyright (C) Michael Adam 2008
13 : Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
14 : Copyright (C) Andrew Bartlett 2011
15 :
16 : This program is free software; you can redistribute it and/or modify
17 : it under the terms of the GNU General Public License as published by
18 : the Free Software Foundation; either version 3 of the License, or
19 : (at your option) any later version.
20 :
21 : This program is distributed in the hope that it will be useful,
22 : but WITHOUT ANY WARRANTY; without even the implied warranty of
23 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 : GNU General Public License for more details.
25 :
26 : You should have received a copy of the GNU General Public License
27 : along with this program. If not, see <http://www.gnu.org/licenses/>.
28 : */
29 :
30 : #include "includes.h"
31 : #include "lib/param/param.h"
32 : #include "lib/param/loadparm.h"
33 : #include "lib/param/param_global.h"
34 : #include "libcli/auth/ntlm_check.h"
35 : #include "libcli/smb/smb_constants.h"
36 : #include "libds/common/roles.h"
37 : #include "libds/common/flags.h"
38 : #include "source4/lib/tls/tls.h"
39 : #include "auth/credentials/credentials.h"
40 : #include "source3/librpc/gen_ndr/ads.h"
41 :
42 : #ifndef N_
43 : #define N_(x) x
44 : #endif
45 :
46 : static const struct enum_list enum_protocol[] = {
47 : {PROTOCOL_DEFAULT, "default"}, /* the caller decides what this means */
48 : {PROTOCOL_SMB2_10, "SMB2"}, /* for now keep PROTOCOL_SMB2_10 */
49 : {PROTOCOL_SMB3_11, "SMB3"}, /* for now keep PROTOCOL_SMB3_11 */
50 : {PROTOCOL_SMB3_11, "SMB3_11"},
51 : {PROTOCOL_SMB3_02, "SMB3_02"},
52 : {PROTOCOL_SMB3_00, "SMB3_00"},
53 : {PROTOCOL_SMB2_10, "SMB2_10"},
54 : {PROTOCOL_SMB2_02, "SMB2_02"},
55 : {PROTOCOL_NT1, "NT1"},
56 : {PROTOCOL_LANMAN2, "LANMAN2"},
57 : {PROTOCOL_LANMAN1, "LANMAN1"},
58 : {PROTOCOL_CORE, "CORE"},
59 : {PROTOCOL_COREPLUS, "COREPLUS"},
60 : {PROTOCOL_COREPLUS, "CORE+"},
61 : {-1, NULL}
62 : };
63 :
64 720 : const char* lpcfg_get_smb_protocol(int type)
65 : {
66 0 : int i;
67 6824 : for (i = 1; enum_protocol[i].value != -1; i++) {
68 6824 : if (enum_protocol[i].value == type) {
69 720 : return enum_protocol[i].name;
70 : }
71 : }
72 0 : return NULL;
73 : }
74 :
75 : static const struct enum_list enum_security[] = {
76 : {SEC_AUTO, "AUTO"},
77 : {SEC_USER, "USER"},
78 : {SEC_DOMAIN, "DOMAIN"},
79 : {SEC_ADS, "ADS"},
80 : {-1, NULL}
81 : };
82 :
83 : static const struct enum_list enum_bool_auto[] = {
84 : {false, "No"},
85 : {false, "False"},
86 : {false, "0"},
87 : {true, "Yes"},
88 : {true, "True"},
89 : {true, "1"},
90 : {Auto, "Auto"},
91 : {-1, NULL}
92 : };
93 :
94 : static const struct enum_list enum_csc_policy[] = {
95 : {CSC_POLICY_MANUAL, "manual"},
96 : {CSC_POLICY_DOCUMENTS, "documents"},
97 : {CSC_POLICY_PROGRAMS, "programs"},
98 : {CSC_POLICY_DISABLE, "disable"},
99 : {-1, NULL}
100 : };
101 :
102 : /* Server role options */
103 : static const struct enum_list enum_server_role[] = {
104 : {ROLE_AUTO, "auto"},
105 : {ROLE_STANDALONE, "standalone server"},
106 : {ROLE_STANDALONE, "standalone"},
107 : {ROLE_DOMAIN_MEMBER, "member server"},
108 : {ROLE_DOMAIN_MEMBER, "member"},
109 : {ROLE_DOMAIN_PDC, "classic primary domain controller"},
110 : {ROLE_DOMAIN_BDC, "classic backup domain controller"},
111 : {ROLE_ACTIVE_DIRECTORY_DC, "active directory domain controller"},
112 : {ROLE_ACTIVE_DIRECTORY_DC, "domain controller"},
113 : {ROLE_ACTIVE_DIRECTORY_DC, "dc"},
114 : {ROLE_IPA_DC, "IPA primary domain controller"},
115 : {-1, NULL}
116 : };
117 :
118 : /* SMB signing types. */
119 : static const struct enum_list enum_smb_signing_vals[] = {
120 : {SMB_SIGNING_DEFAULT, "default"},
121 : {SMB_SIGNING_OFF, "No"},
122 : {SMB_SIGNING_OFF, "False"},
123 : {SMB_SIGNING_OFF, "0"},
124 : {SMB_SIGNING_OFF, "Off"},
125 : {SMB_SIGNING_OFF, "disabled"},
126 : {SMB_SIGNING_IF_REQUIRED, "if_required"},
127 : {SMB_SIGNING_IF_REQUIRED, "Yes"},
128 : {SMB_SIGNING_IF_REQUIRED, "True"},
129 : {SMB_SIGNING_IF_REQUIRED, "1"},
130 : {SMB_SIGNING_IF_REQUIRED, "On"},
131 : {SMB_SIGNING_IF_REQUIRED, "enabled"},
132 : {SMB_SIGNING_IF_REQUIRED, "auto"},
133 : {SMB_SIGNING_DESIRED, "desired"},
134 : {SMB_SIGNING_REQUIRED, "required"},
135 : {SMB_SIGNING_REQUIRED, "mandatory"},
136 : {SMB_SIGNING_REQUIRED, "force"},
137 : {SMB_SIGNING_REQUIRED, "forced"},
138 : {SMB_SIGNING_REQUIRED, "enforced"},
139 : {-1, NULL}
140 : };
141 :
142 : static const struct enum_list enum_smb_encryption_vals[] = {
143 : {SMB_ENCRYPTION_DEFAULT, "default"},
144 : {SMB_ENCRYPTION_OFF, "No"},
145 : {SMB_ENCRYPTION_OFF, "False"},
146 : {SMB_ENCRYPTION_OFF, "0"},
147 : {SMB_ENCRYPTION_OFF, "Off"},
148 : {SMB_ENCRYPTION_OFF, "disabled"},
149 : {SMB_ENCRYPTION_IF_REQUIRED, "if_required"},
150 : {SMB_ENCRYPTION_IF_REQUIRED, "Yes"},
151 : {SMB_ENCRYPTION_IF_REQUIRED, "True"},
152 : {SMB_ENCRYPTION_IF_REQUIRED, "1"},
153 : {SMB_ENCRYPTION_IF_REQUIRED, "On"},
154 : {SMB_ENCRYPTION_IF_REQUIRED, "enabled"},
155 : {SMB_ENCRYPTION_IF_REQUIRED, "auto"},
156 : {SMB_ENCRYPTION_DESIRED, "desired"},
157 : {SMB_ENCRYPTION_REQUIRED, "required"},
158 : {SMB_ENCRYPTION_REQUIRED, "mandatory"},
159 : {SMB_ENCRYPTION_REQUIRED, "force"},
160 : {SMB_ENCRYPTION_REQUIRED, "forced"},
161 : {SMB_ENCRYPTION_REQUIRED, "enforced"},
162 : {-1, NULL}
163 : };
164 :
165 : static const struct enum_list enum_use_kerberos_vals[] = {
166 : {CRED_USE_KERBEROS_DESIRED, "desired"},
167 : {CRED_USE_KERBEROS_DESIRED, "auto"},
168 : {CRED_USE_KERBEROS_REQUIRED, "yes"},
169 : {CRED_USE_KERBEROS_REQUIRED, "required"},
170 : {CRED_USE_KERBEROS_DISABLED, "no"},
171 : {CRED_USE_KERBEROS_DISABLED, "disabled"},
172 : {CRED_USE_KERBEROS_DISABLED, "off"},
173 : {-1, NULL}
174 : };
175 :
176 : static const struct enum_list enum_client_protection_vals[] = {
177 : {CRED_CLIENT_PROTECTION_DEFAULT, "default"},
178 : {CRED_CLIENT_PROTECTION_PLAIN, "plain"},
179 : {CRED_CLIENT_PROTECTION_SIGN, "sign"},
180 : {CRED_CLIENT_PROTECTION_ENCRYPT, "encrypt"},
181 : {-1, NULL}
182 : };
183 :
184 : static const struct enum_list enum_mdns_name_values[] = {
185 : {MDNS_NAME_NETBIOS, "netbios"},
186 : {MDNS_NAME_MDNS, "mdns"},
187 : {-1, NULL}
188 : };
189 :
190 : static const struct enum_list enum_tls_verify_peer_vals[] = {
191 : {TLS_VERIFY_PEER_NO_CHECK,
192 : TLS_VERIFY_PEER_NO_CHECK_STRING},
193 : {TLS_VERIFY_PEER_CA_ONLY,
194 : TLS_VERIFY_PEER_CA_ONLY_STRING},
195 : {TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE,
196 : TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE_STRING},
197 : {TLS_VERIFY_PEER_CA_AND_NAME,
198 : TLS_VERIFY_PEER_CA_AND_NAME_STRING},
199 : {TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE,
200 : TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE_STRING},
201 : {-1, NULL}
202 : };
203 :
204 : /* DNS update options. */
205 : static const struct enum_list enum_dns_update_settings[] = {
206 : {DNS_UPDATE_OFF, "disabled"},
207 : {DNS_UPDATE_OFF, "No"},
208 : {DNS_UPDATE_OFF, "False"},
209 : {DNS_UPDATE_OFF, "0"},
210 : {DNS_UPDATE_OFF, "Off"},
211 : {DNS_UPDATE_ON, "nonsecure and secure"},
212 : {DNS_UPDATE_ON, "nonsecure"},
213 : {DNS_UPDATE_SIGNED, "secure only"},
214 : {DNS_UPDATE_SIGNED, "secure"},
215 : {DNS_UPDATE_SIGNED, "signed"},
216 : {-1, NULL}
217 : };
218 :
219 : /*
220 : Do you want session setups at user level security with a invalid
221 : password to be rejected or allowed in as guest? WinNT rejects them
222 : but it can be a pain as it means "net view" needs to use a password
223 :
224 : You have 3 choices in the setting of map_to_guest:
225 :
226 : "Never" means session setups with an invalid password
227 : are rejected. This is the default.
228 :
229 : "Bad User" means session setups with an invalid password
230 : are rejected, unless the username does not exist, in which case it
231 : is treated as a guest login
232 :
233 : "Bad Password" means session setups with an invalid password
234 : are treated as a guest login
235 :
236 : Note that map_to_guest only has an effect in user or server
237 : level security.
238 : */
239 :
240 : static const struct enum_list enum_map_to_guest[] = {
241 : {NEVER_MAP_TO_GUEST, "Never"},
242 : {MAP_TO_GUEST_ON_BAD_USER, "Bad User"},
243 : {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"},
244 : {MAP_TO_GUEST_ON_BAD_UID, "Bad Uid"},
245 : {-1, NULL}
246 : };
247 :
248 : /* Config backend options */
249 :
250 : static const struct enum_list enum_config_backend[] = {
251 : {CONFIG_BACKEND_FILE, "file"},
252 : {CONFIG_BACKEND_REGISTRY, "registry"},
253 : {-1, NULL}
254 : };
255 :
256 : static const struct enum_list enum_smbd_profiling_level[] = {
257 : {0, "off"}, {1, "count"}, {2, "on"}, {-1, NULL}
258 : };
259 :
260 :
261 : /* ADS kerberos ticket verification options */
262 :
263 : static const struct enum_list enum_kerberos_method[] = {
264 : {KERBEROS_VERIFY_SECRETS, "default"},
265 : {KERBEROS_VERIFY_SECRETS, "secrets only"},
266 : {KERBEROS_VERIFY_SECRETS, "secretsonly"},
267 : {KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"},
268 : {KERBEROS_VERIFY_SYSTEM_KEYTAB, "systemkeytab"},
269 : {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"},
270 : {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicatedkeytab"},
271 : {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"},
272 : {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secretsandkeytab"},
273 : {-1, NULL}
274 : };
275 :
276 : /* Kerberos encryption types selection options */
277 :
278 : static const struct enum_list enum_kerberos_encryption_types_vals[] = {
279 : {KERBEROS_ETYPES_ALL, "all"},
280 : {KERBEROS_ETYPES_STRONG, "strong"},
281 : {KERBEROS_ETYPES_LEGACY, "legacy"},
282 : {-1, NULL}
283 : };
284 :
285 : static const struct enum_list enum_printing[] = {
286 : {PRINT_SYSV, "sysv"},
287 : {PRINT_AIX, "aix"},
288 : {PRINT_HPUX, "hpux"},
289 : {PRINT_BSD, "bsd"},
290 : {PRINT_QNX, "qnx"},
291 : {PRINT_PLP, "plp"},
292 : {PRINT_LPRNG, "lprng"},
293 : #ifdef HAVE_CUPS
294 : {PRINT_CUPS, "cups"},
295 : #endif
296 : #ifdef HAVE_IPRINT
297 : {PRINT_IPRINT, "iprint"},
298 : #endif
299 : {PRINT_LPRNT, "nt"},
300 : {PRINT_LPROS2, "os2"},
301 : #if defined(DEVELOPER) || defined(ENABLE_SELFTEST)
302 : {PRINT_TEST, "test"},
303 : {PRINT_VLP, "vlp"},
304 : #endif /* DEVELOPER */
305 : {-1, NULL}
306 : };
307 :
308 : static const struct enum_list enum_ldap_sasl_wrapping[] = {
309 : {0, "plain"},
310 : {ADS_AUTH_SASL_SIGN, "sign"},
311 : {ADS_AUTH_SASL_SEAL, "seal"},
312 : {ADS_AUTH_SASL_STARTTLS, "starttls"},
313 : {ADS_AUTH_SASL_LDAPS, "ldaps"},
314 : {-1, NULL}
315 : };
316 :
317 : static const struct enum_list enum_ldap_server_require_strong_auth_vals[] = {
318 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "No" },
319 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "False" },
320 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, "0" },
321 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS,
322 : "allow_sasl_over_tls" },
323 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_WITHOUT_TLS_CB,
324 : "allow_sasl_without_tls_channel_bindings" },
325 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "Yes" },
326 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "True" },
327 : { LDAP_SERVER_REQUIRE_STRONG_AUTH_YES, "1" },
328 : {-1, NULL}
329 : };
330 :
331 : static const struct enum_list enum_ldap_ssl[] = {
332 : {LDAP_SSL_OFF, "no"},
333 : {LDAP_SSL_OFF, "off"},
334 : {LDAP_SSL_START_TLS, "start tls"},
335 : {LDAP_SSL_START_TLS, "start_tls"},
336 : {-1, NULL}
337 : };
338 :
339 : /* LDAP Dereferencing Alias types */
340 : #define SAMBA_LDAP_DEREF_NEVER 0
341 : #define SAMBA_LDAP_DEREF_SEARCHING 1
342 : #define SAMBA_LDAP_DEREF_FINDING 2
343 : #define SAMBA_LDAP_DEREF_ALWAYS 3
344 :
345 : static const struct enum_list enum_ldap_deref[] = {
346 : {SAMBA_LDAP_DEREF_NEVER, "never"},
347 : {SAMBA_LDAP_DEREF_SEARCHING, "searching"},
348 : {SAMBA_LDAP_DEREF_FINDING, "finding"},
349 : {SAMBA_LDAP_DEREF_ALWAYS, "always"},
350 : {-1, "auto"}
351 : };
352 :
353 : static const struct enum_list enum_ldap_passwd_sync[] = {
354 : {LDAP_PASSWD_SYNC_OFF, "no"},
355 : {LDAP_PASSWD_SYNC_OFF, "off"},
356 : {LDAP_PASSWD_SYNC_ON, "yes"},
357 : {LDAP_PASSWD_SYNC_ON, "on"},
358 : {LDAP_PASSWD_SYNC_ONLY, "only"},
359 : {-1, NULL}
360 : };
361 :
362 : static const struct enum_list enum_map_readonly[] = {
363 : {MAP_READONLY_NO, "no"},
364 : {MAP_READONLY_NO, "false"},
365 : {MAP_READONLY_NO, "0"},
366 : {MAP_READONLY_YES, "yes"},
367 : {MAP_READONLY_YES, "true"},
368 : {MAP_READONLY_YES, "1"},
369 : {MAP_READONLY_PERMISSIONS, "permissions"},
370 : {MAP_READONLY_PERMISSIONS, "perms"},
371 : {-1, NULL}
372 : };
373 :
374 : static const struct enum_list enum_case[] = {
375 : {CASE_LOWER, "lower"},
376 : {CASE_UPPER, "upper"},
377 : {-1, NULL}
378 : };
379 :
380 : static const struct enum_list enum_inherit_owner_vals[] = {
381 : {INHERIT_OWNER_NO, "no"},
382 : {INHERIT_OWNER_WINDOWS_AND_UNIX, "windows and unix"},
383 : {INHERIT_OWNER_WINDOWS_AND_UNIX, "yes"},
384 : {INHERIT_OWNER_UNIX_ONLY, "unix only"},
385 : {-1, NULL}};
386 :
387 : static const struct enum_list enum_mangled_names[] = {
388 : {MANGLED_NAMES_NO, "no"},
389 : {MANGLED_NAMES_NO, "false"},
390 : {MANGLED_NAMES_NO, "0"},
391 : {MANGLED_NAMES_ILLEGAL, "illegal"},
392 : {MANGLED_NAMES_YES, "yes"},
393 : {MANGLED_NAMES_YES, "true"},
394 : {MANGLED_NAMES_YES, "1"},
395 : {-1, NULL}
396 : };
397 :
398 : static const struct enum_list enum_ntlm_auth[] = {
399 : {NTLM_AUTH_DISABLED, "disabled"},
400 : {NTLM_AUTH_NTLMV2_ONLY, "ntlmv2-only"},
401 : {NTLM_AUTH_NTLMV2_ONLY, "no"},
402 : {NTLM_AUTH_NTLMV2_ONLY, "false"},
403 : {NTLM_AUTH_NTLMV2_ONLY, "0"},
404 : {NTLM_AUTH_ON, "ntlmv1-permitted"},
405 : {NTLM_AUTH_ON, "yes"},
406 : {NTLM_AUTH_ON, "true"},
407 : {NTLM_AUTH_ON, "1"},
408 : {NTLM_AUTH_MSCHAPv2_NTLMV2_ONLY, "mschapv2-and-ntlmv2-only"},
409 : {-1, NULL}
410 : };
411 :
412 : static const struct enum_list enum_nt_hash_store[] = {
413 : {NT_HASH_STORE_AUTO, "auto"},
414 : {NT_HASH_STORE_NEVER, "never"},
415 : {NT_HASH_STORE_ALWAYS, "always"},
416 : };
417 :
418 :
419 : static const struct enum_list enum_spotlight_backend[] = {
420 : {SPOTLIGHT_BACKEND_NOINDEX, "noindex"},
421 : {SPOTLIGHT_BACKEND_TRACKER, "tracker"},
422 : {SPOTLIGHT_BACKEND_ES, "elasticsearch"},
423 : {-1, NULL}
424 : };
425 :
426 : static const struct enum_list enum_debug_syslog_format[] = {
427 : {DEBUG_SYSLOG_FORMAT_NO, "No"},
428 : {DEBUG_SYSLOG_FORMAT_NO, "False"},
429 : {DEBUG_SYSLOG_FORMAT_NO, "0"},
430 : {DEBUG_SYSLOG_FORMAT_IN_LOGS, "in_logs"},
431 : {DEBUG_SYSLOG_FORMAT_IN_LOGS, "Yes"},
432 : {DEBUG_SYSLOG_FORMAT_IN_LOGS, "True"},
433 : {DEBUG_SYSLOG_FORMAT_IN_LOGS, "1"},
434 : {DEBUG_SYSLOG_FORMAT_ALWAYS, "always"},
435 : {-1, NULL}
436 : };
437 :
438 : static const struct enum_list enum_ad_functional_level[] = {
439 : {DS_DOMAIN_FUNCTION_2008_R2, "2008_R2"},
440 : {DS_DOMAIN_FUNCTION_2012, "2012"},
441 : {DS_DOMAIN_FUNCTION_2012_R2, "2012_R2"},
442 : {DS_DOMAIN_FUNCTION_2016, "2016"},
443 : {-1, NULL}
444 : };
445 :
446 : static const struct enum_list enum_acl_claims_evaluation[] = {
447 : {ACL_CLAIMS_EVALUATION_AD_DC_ONLY, "AD DC only"},
448 : {ACL_CLAIMS_EVALUATION_NEVER, "never"},
449 : {-1, NULL}
450 : };
451 :
452 : /* Note: We do not initialise the defaults union - it is not allowed in ANSI C
453 : *
454 : * NOTE: Handling of duplicated (synonym) parameters:
455 : * Parameters that are synonymous are stored in the same variable.
456 : * All but the default spelling carry the flag FLAG_SYNONYM.
457 : */
458 :
459 : #define GLOBAL_VAR(name) offsetof(struct loadparm_global, name)
460 : #define LOCAL_VAR(name) offsetof(struct loadparm_service, name)
461 :
462 : #include "lib/param/param_table_gen.c"
463 :
464 151481378 : int num_parameters(void)
465 : {
466 151481378 : return (sizeof(parm_table) / sizeof(struct parm_struct));
467 : }
|
