search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3/torture: use stack buffer for rbtree loop
[Samba.git] / source3 / utils / testparm.c
blob2d717f197569625cfccc7215373c9a2640154cf3
1 /*
2 Unix SMB/CIFS implementation.
3 Test validity of smb.conf
4 Copyright (C) Karl Auer 1993, 1994-1998
5
6 Extensively modified by Andrew Tridgell, 1995
7 Converted to popt by Jelmer Vernooij (jelmer@nl.linux.org), 2002
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 /*
24 * Testbed for loadparm.c/params.c
25 *
26 * This module simply loads a specified configuration file and
27 * if successful, dumps it's contents to stdout. Note that the
28 * operation is performed with DEBUGLEVEL at 3.
29 *
30 * Useful for a quick 'syntax check' of a configuration file.
31 *
32 */
33
34 #include "includes.h"
35 #include "system/filesys.h"
36 #include "popt_common.h"
37 #include "lib/param/loadparm.h"
38 #include "lib/crypto/gnutls_helpers.h"
39 #include "cmdline_contexts.h"
40
41 #include <regex.h>
42
43 /*******************************************************************
44 Check if a directory exists.
45 ********************************************************************/
46
47 static bool directory_exist_stat(const char *dname,SMB_STRUCT_STAT *st)
48 {
49 SMB_STRUCT_STAT st2;
50 bool ret;
51
52 if (!st)
53 st = &st2;
54
55 if (sys_stat(dname, st, false) != 0)
56 return(False);
57
58 ret = S_ISDIR(st->st_ex_mode);
59 if(!ret)
60 errno = ENOTDIR;
61 return ret;
62 }
63
64 struct idmap_config {
65 const char *domain_name;
66 const char *backend;
67 uint32_t high;
68 uint32_t low;
69 };
70
71 struct idmap_domains {
72 struct idmap_config *c;
73 uint32_t count;
74 uint32_t size;
75 };
76
77 static bool lp_scan_idmap_found_domain(const char *string,
78 regmatch_t matches[],
79 void *private_data)
80 {
81 bool ok = false;
82
83 if (matches[1].rm_so == -1) {
84 fprintf(stderr, "Found match, but no name - invalid idmap config");
85 return false;
86 }
87 if (matches[1].rm_eo <= matches[1].rm_so) {
88 fprintf(stderr, "Invalid match - invalid idmap config");
89 return false;
90 }
91
92 {
93 struct idmap_domains *d = private_data;
94 struct idmap_config *c = &d->c[d->count];
95 regoff_t len = matches[1].rm_eo - matches[1].rm_so;
96 char domname[len + 1];
97
98 if (d->count >= d->size) {
99 return false;
100 }
101
102 memcpy(domname, string + matches[1].rm_so, len);
103 domname[len] = '\0';
104
105 c->domain_name = talloc_strdup_upper(d->c, domname);
106 if (c->domain_name == NULL) {
107 return false;
108 }
109 c->backend = talloc_strdup(d->c, lp_idmap_backend(domname));
110 if (c->backend == NULL) {
111 return false;
112 }
113
114 if (lp_server_role() != ROLE_ACTIVE_DIRECTORY_DC) {
115 ok = lp_idmap_range(domname, &c->low, &c->high);
116 if (!ok) {
117 fprintf(stderr,
118 "ERROR: Invalid idmap range for domain "
119 "%s!\n\n",
120 c->domain_name);
121 return false;
122 }
123 }
124
125 d->count++;
126 }
127
128 return false; /* Keep scanning */
129 }
130
131 static bool do_idmap_check(void)
132 {
133 struct idmap_domains *d;
134 uint32_t i;
135 bool ok = false;
136 int rc;
137
138 d = talloc_zero(talloc_tos(), struct idmap_domains);
139 if (d == NULL) {
140 return false;
141 }
142 d->count = 0;
143 d->size = 32;
144
145 d->c = talloc_array(d, struct idmap_config, d->size);
146 if (d->c == NULL) {
147 goto done;
148 }
149
150 rc = lp_wi_scan_global_parametrics("idmapconfig\\(.*\\):backend",
151 2,
152 lp_scan_idmap_found_domain,
153 d);
154 if (rc != 0) {
155 fprintf(stderr,
156 "FATAL: wi_scan_global_parametrics failed: %d",
157 rc);
158 }
159
160 for (i = 0; i < d->count; i++) {
161 struct idmap_config *c = &d->c[i];
162 uint32_t j;
163
164 for (j = 0; j < d->count && j != i; j++) {
165 struct idmap_config *x = &d->c[j];
166
167 if ((c->low >= x->low && c->low <= x->high) ||
168 (c->high >= x->low && c->high <= x->high)) {
169 /* Allow overlapping ranges for idmap_ad */
170 ok = strequal(c->backend, x->backend);
171 if (ok) {
172 ok = strequal(c->backend, "ad");
173 if (ok) {
174 fprintf(stderr,
175 "NOTE: The idmap_ad "
176 "range for the domain "
177 "%s overlaps with the "
178 "range of %s.\n\n",
179 c->domain_name,
180 x->domain_name);
181 continue;
182 }
183 }
184
185 fprintf(stderr,
186 "ERROR: The idmap range for the domain "
187 "%s (%s) overlaps with the range of "
188 "%s (%s)!\n\n",
189 c->domain_name,
190 c->backend,
191 x->domain_name,
192 x->backend);
193 ok = false;
194 goto done;
195 }
196 }
197 }
198
199 ok = true;
200 done:
201 TALLOC_FREE(d);
202 return ok;
203 }
204
205 /***********************************************
206 Here we do a set of 'hard coded' checks for bad
207 configuration settings.
208 ************************************************/
209
210 static int do_global_checks(void)
211 {
212 int ret = 0;
213 SMB_STRUCT_STAT st;
214 const char *socket_options;
215 const struct loadparm_substitution *lp_sub =
216 loadparm_s3_global_substitution();
217
218 if (lp_security() >= SEC_DOMAIN && !lp_encrypt_passwords()) {
219 fprintf(stderr, "ERROR: in 'security=domain' mode the "
220 "'encrypt passwords' parameter must always be "
221 "set to 'true'.\n\n");
222 ret = 1;
223 }
224
225 if (lp_we_are_a_wins_server() && lp_wins_server_list()) {
226 fprintf(stderr, "ERROR: both 'wins support = true' and "
227 "'wins server = <server list>' cannot be set in "
228 "the smb.conf file. nmbd will abort with this "
229 "setting.\n\n");
230 ret = 1;
231 }
232
233 if (strequal(lp_workgroup(), lp_netbios_name())) {
234 fprintf(stderr, "WARNING: 'workgroup' and 'netbios name' "
235 "must differ.\n\n");
236 }
237
238 if (lp_client_ipc_signing() == SMB_SIGNING_IF_REQUIRED
239 || lp_client_ipc_signing() == SMB_SIGNING_OFF) {
240 fprintf(stderr, "WARNING: The 'client ipc signing' value "
241 "%s SMB signing is not used when contacting a "
242 "domain controller or other server. "
243 "This setting is not recommended; please be "
244 "aware of the security implications when using "
245 "this configuration setting.\n\n",
246 lp_client_ipc_signing() == SMB_SIGNING_OFF ?
247 "ensures" : "may mean");
248 }
249
250 if (strlen(lp_netbios_name()) > 15) {
251 fprintf(stderr, "WARNING: The 'netbios name' is too long "
252 "(max. 15 chars).\n\n");
253 }
254
255 if (!directory_exist_stat(lp_lock_directory(), &st)) {
256 fprintf(stderr, "ERROR: lock directory %s does not exist\n\n",
257 lp_lock_directory());
258 ret = 1;
259 } else if ((st.st_ex_mode & 0777) != 0755) {
260 fprintf(stderr, "WARNING: lock directory %s should have "
261 "permissions 0755 for browsing to work\n\n",
262 lp_lock_directory());
263 }
264
265 if (!directory_exist_stat(lp_state_directory(), &st)) {
266 fprintf(stderr, "ERROR: state directory %s does not exist\n\n",
267 lp_state_directory());
268 ret = 1;
269 } else if ((st.st_ex_mode & 0777) != 0755) {
270 fprintf(stderr, "WARNING: state directory %s should have "
271 "permissions 0755 for browsing to work\n\n",
272 lp_state_directory());
273 }
274
275 if (!directory_exist_stat(lp_cache_directory(), &st)) {
276 fprintf(stderr, "ERROR: cache directory %s does not exist\n\n",
277 lp_cache_directory());
278 ret = 1;
279 } else if ((st.st_ex_mode & 0777) != 0755) {
280 fprintf(stderr, "WARNING: cache directory %s should have "
281 "permissions 0755 for browsing to work\n\n",
282 lp_cache_directory());
283 }
284
285 if (!directory_exist_stat(lp_pid_directory(), &st)) {
286 fprintf(stderr, "ERROR: pid directory %s does not exist\n\n",
287 lp_pid_directory());
288 ret = 1;
289 }
290
291 if (lp_passdb_expand_explicit()) {
292 fprintf(stderr, "WARNING: passdb expand explicit = yes is "
293 "deprecated\n\n");
294 }
295
296 /*
297 * Socket options.
298 */
299 socket_options = lp_socket_options();
300 if (socket_options != NULL &&
301 (strstr(socket_options, "SO_SNDBUF") ||
302 strstr(socket_options, "SO_RCVBUF") ||
303 strstr(socket_options, "SO_SNDLOWAT") ||
304 strstr(socket_options, "SO_RCVLOWAT")))
305 {
306 fprintf(stderr,
307 "WARNING: socket options = %s\n"
308 "This warning is printed because you set one of the\n"
309 "following options: SO_SNDBUF, SO_RCVBUF, SO_SNDLOWAT,\n"
310 "SO_RCVLOWAT\n"
311 "Modern server operating systems are tuned for\n"
312 "high network performance in the majority of situations;\n"
313 "when you set 'socket options' you are overriding those\n"
314 "settings.\n"
315 "Linux in particular has an auto-tuning mechanism for\n"
316 "buffer sizes (SO_SNDBUF, SO_RCVBUF) that will be\n"
317 "disabled if you specify a socket buffer size. This can\n"
318 "potentially cripple your TCP/IP stack.\n\n"
319 "Getting the 'socket options' correct can make a big\n"
320 "difference to your performance, but getting them wrong\n"
321 "can degrade it by just as much. As with any other low\n"
322 "level setting, if you must make changes to it, make\n "
323 "small changes and test the effect before making any\n"
324 "large changes.\n\n",
325 socket_options);
326 }
327
328 /*
329 * Password server sanity checks.
330 */
331
332 if((lp_security() >= SEC_DOMAIN) && !*lp_password_server()) {
333 const char *sec_setting;
334 if(lp_security() == SEC_DOMAIN)
335 sec_setting = "domain";
336 else if(lp_security() == SEC_ADS)
337 sec_setting = "ads";
338 else
339 sec_setting = "";
340
341 fprintf(stderr, "ERROR: The setting 'security=%s' requires the "
342 "'password server' parameter be set to the "
343 "default value * or a valid password server.\n\n",
344 sec_setting );
345 ret = 1;
346 }
347
348 if((lp_security() >= SEC_DOMAIN) && (strcmp(lp_password_server(), "*") != 0)) {
349 const char *sec_setting;
350 if(lp_security() == SEC_DOMAIN)
351 sec_setting = "domain";
352 else if(lp_security() == SEC_ADS)
353 sec_setting = "ads";
354 else
355 sec_setting = "";
356
357 fprintf(stderr, "WARNING: The setting 'security=%s' should NOT "
358 "be combined with the 'password server' "
359 "parameter.\n"
360 "(by default Samba will discover the correct DC "
361 "to contact automatically).\n\n",
362 sec_setting );
363 }
364
365 /*
366 * Password chat sanity checks.
367 */
368
369 if(lp_security() == SEC_USER && lp_unix_password_sync()) {
370
371 /*
372 * Check that we have a valid lp_passwd_program() if not using pam.
373 */
374
375 #ifdef WITH_PAM
376 if (!lp_pam_password_change()) {
377 #endif
378
379 if((lp_passwd_program(talloc_tos(), lp_sub) == NULL) ||
380 (strlen(lp_passwd_program(talloc_tos(), lp_sub)) == 0))
381 {
382 fprintf(stderr,
383 "ERROR: the 'unix password sync' "
384 "parameter is set and there is no valid "
385 "'passwd program' parameter.\n\n");
386 ret = 1;
387 } else {
388 const char *passwd_prog;
389 char *truncated_prog = NULL;
390 const char *p;
391
392 passwd_prog = lp_passwd_program(talloc_tos(), lp_sub);
393 p = passwd_prog;
394 next_token_talloc(talloc_tos(),
395 &p,
396 &truncated_prog, NULL);
397 if (truncated_prog && access(truncated_prog, F_OK) == -1) {
398 fprintf(stderr,
399 "ERROR: the 'unix password sync' "
400 "parameter is set and the "
401 "'passwd program' (%s) cannot be "
402 "executed (error was %s).\n\n",
403 truncated_prog,
404 strerror(errno));
405 ret = 1;
406 }
407 }
408
409 #ifdef WITH_PAM
410 }
411 #endif
412
413 if(lp_passwd_chat(talloc_tos(), lp_sub) == NULL) {
414 fprintf(stderr,
415 "ERROR: the 'unix password sync' parameter is "
416 "set and there is no valid 'passwd chat' "
417 "parameter.\n\n");
418 ret = 1;
419 }
420
421 if ((lp_passwd_program(talloc_tos(), lp_sub) != NULL) &&
422 (strlen(lp_passwd_program(talloc_tos(), lp_sub)) > 0))
423 {
424 /* check if there's a %u parameter present */
425 if(strstr_m(lp_passwd_program(talloc_tos(), lp_sub), "%u") == NULL) {
426 fprintf(stderr,
427 "ERROR: the 'passwd program' (%s) "
428 "requires a '%%u' parameter.\n\n",
429 lp_passwd_program(talloc_tos(), lp_sub));
430 ret = 1;
431 }
432 }
433
434 /*
435 * Check that we have a valid script and that it hasn't
436 * been written to expect the old password.
437 */
438
439 if(lp_encrypt_passwords()) {
440 if(strstr_m( lp_passwd_chat(talloc_tos(), lp_sub), "%o")!=NULL) {
441 fprintf(stderr,
442 "ERROR: the 'passwd chat' script [%s] "
443 "expects to use the old plaintext "
444 "password via the %%o substitution. With "
445 "encrypted passwords this is not "
446 "possible.\n\n",
447 lp_passwd_chat(talloc_tos(), lp_sub) );
448 ret = 1;
449 }
450 }
451 }
452
453 if (strlen(lp_winbind_separator()) != 1) {
454 fprintf(stderr, "ERROR: the 'winbind separator' parameter must "
455 "be a single character.\n\n");
456 ret = 1;
457 }
458
459 if (*lp_winbind_separator() == '+') {
460 fprintf(stderr, "'winbind separator = +' might cause problems "
461 "with group membership.\n\n");
462 }
463
464 if (lp_algorithmic_rid_base() < BASE_RID) {
465 /* Try to prevent admin foot-shooting, we can't put algorithmic
466 rids below 1000, that's the 'well known RIDs' on NT */
467 fprintf(stderr, "'algorithmic rid base' must be equal to or "
468 "above %lu\n\n", BASE_RID);
469 }
470
471 if (lp_algorithmic_rid_base() & 1) {
472 fprintf(stderr, "'algorithmic rid base' must be even.\n\n");
473 }
474
475 if (lp_server_role() != ROLE_STANDALONE) {
476 const char *default_backends[] = {
477 "tdb", "tdb2", "ldap", "autorid", "hash"
478 };
479 const char *idmap_backend;
480 bool valid_backend = false;
481 uint32_t i;
482 bool ok;
483
484 idmap_backend = lp_idmap_default_backend();
485
486 for (i = 0; i < ARRAY_SIZE(default_backends); i++) {
487 ok = strequal(idmap_backend, default_backends[i]);
488 if (ok) {
489 valid_backend = true;
490 }
491 }
492
493 if (!valid_backend) {
494 ret = 1;
495 fprintf(stderr, "ERROR: Do not use the '%s' backend "
496 "as the default idmap backend!\n\n",
497 idmap_backend);
498 }
499
500 ok = do_idmap_check();
501 if (!ok) {
502 ret = 1;
503 }
504 }
505
506 #ifndef HAVE_DLOPEN
507 if (lp_preload_modules()) {
508 fprintf(stderr, "WARNING: 'preload modules = ' set while loading "
509 "plugins not supported.\n\n");
510 }
511 #endif
512
513 if (!lp_passdb_backend()) {
514 fprintf(stderr, "ERROR: passdb backend must have a value or be "
515 "left out\n\n");
516 }
517
518 if (lp_os_level() > 255) {
519 fprintf(stderr, "WARNING: Maximum value for 'os level' is "
520 "255!\n\n");
521 }
522
523 if (strequal(lp_dos_charset(), "UTF8") || strequal(lp_dos_charset(), "UTF-8")) {
524 fprintf(stderr, "ERROR: 'dos charset' must not be UTF8\n\n");
525 ret = 1;
526 }
527
528 return ret;
529 }
530
531 /**
532 * per-share logic tests
533 */
534 static void do_per_share_checks(int s)
535 {
536 const struct loadparm_substitution *lp_sub =
537 loadparm_s3_global_substitution();
538 const char **deny_list = lp_hosts_deny(s);
539 const char **allow_list = lp_hosts_allow(s);
540 const char **vfs_objects = NULL;
541 int i;
542 static bool uses_fruit;
543 static bool doesnt_use_fruit;
544 static bool fruit_mix_warned;
545
546 if(deny_list) {
547 for (i=0; deny_list[i]; i++) {
548 char *hasstar = strchr_m(deny_list[i], '*');
549 char *hasquery = strchr_m(deny_list[i], '?');
550 if(hasstar || hasquery) {
551 fprintf(stderr,
552 "Invalid character %c in hosts deny list "
553 "(%s) for service %s.\n\n",
554 hasstar ? *hasstar : *hasquery,
555 deny_list[i],
556 lp_servicename(talloc_tos(), lp_sub, s));
557 }
558 }
559 }
560
561 if(allow_list) {
562 for (i=0; allow_list[i]; i++) {
563 char *hasstar = strchr_m(allow_list[i], '*');
564 char *hasquery = strchr_m(allow_list[i], '?');
565 if(hasstar || hasquery) {
566 fprintf(stderr,
567 "Invalid character %c in hosts allow "
568 "list (%s) for service %s.\n\n",
569 hasstar ? *hasstar : *hasquery,
570 allow_list[i],
571 lp_servicename(talloc_tos(), lp_sub, s));
572 }
573 }
574 }
575
576 if(lp_level2_oplocks(s) && !lp_oplocks(s)) {
577 fprintf(stderr, "Invalid combination of parameters for service "
578 "%s. Level II oplocks can only be set if oplocks "
579 "are also set.\n\n",
580 lp_servicename(talloc_tos(), lp_sub, s));
581 }
582
583 if (!lp_store_dos_attributes(s) && lp_map_hidden(s)
584 && !(lp_create_mask(s) & S_IXOTH))
585 {
586 fprintf(stderr,
587 "Invalid combination of parameters for service %s. Map "
588 "hidden can only work if create mask includes octal "
589 "01 (S_IXOTH).\n\n",
590 lp_servicename(talloc_tos(), lp_sub, s));
591 }
592 if (!lp_store_dos_attributes(s) && lp_map_hidden(s)
593 && (lp_force_create_mode(s) & S_IXOTH))
594 {
595 fprintf(stderr,
596 "Invalid combination of parameters for service "
597 "%s. Map hidden can only work if force create mode "
598 "excludes octal 01 (S_IXOTH).\n\n",
599 lp_servicename(talloc_tos(), lp_sub, s));
600 }
601 if (!lp_store_dos_attributes(s) && lp_map_system(s)
602 && !(lp_create_mask(s) & S_IXGRP))
603 {
604 fprintf(stderr,
605 "Invalid combination of parameters for service "
606 "%s. Map system can only work if create mask includes "
607 "octal 010 (S_IXGRP).\n\n",
608 lp_servicename(talloc_tos(), lp_sub, s));
609 }
610 if (!lp_store_dos_attributes(s) && lp_map_system(s)
611 && (lp_force_create_mode(s) & S_IXGRP))
612 {
613 fprintf(stderr,
614 "Invalid combination of parameters for service "
615 "%s. Map system can only work if force create mode "
616 "excludes octal 010 (S_IXGRP).\n\n",
617 lp_servicename(talloc_tos(), lp_sub, s));
618 }
619 if (lp_printing(s) == PRINT_CUPS && *(lp_print_command(s)) != '\0') {
620 fprintf(stderr,
621 "Warning: Service %s defines a print command, but "
622 "parameter is ignored when using CUPS libraries.\n\n",
623 lp_servicename(talloc_tos(), lp_sub, s));
624 }
625
626 vfs_objects = lp_vfs_objects(s);
627 if (vfs_objects && str_list_check(vfs_objects, "fruit")) {
628 uses_fruit = true;
629 } else {
630 doesnt_use_fruit = true;
631 }
632
633 if (uses_fruit && doesnt_use_fruit && !fruit_mix_warned) {
634 fruit_mix_warned = true;
635 fprintf(stderr,
636 "WARNING: some services use vfs_fruit, others don't. Mounting them "
637 "in conjunction on OS X clients results in undefined behaviour.\n\n");
638 }
639 }
640
641 int main(int argc, const char *argv[])
642 {
643 const char *config_file = get_dyn_CONFIGFILE();
644 const struct loadparm_substitution *lp_sub =
645 loadparm_s3_global_substitution();
646 int s;
647 static int silent_mode = False;
648 static int show_all_parameters = False;
649 int ret = 0;
650 poptContext pc;
651 static char *parameter_name = NULL;
652 static const char *section_name = NULL;
653 const char *cname;
654 const char *caddr;
655 static int show_defaults;
656 static int skip_logic_checks = 0;
657 const char *weak_crypo_str = "";
658
659 struct poptOption long_options[] = {
660 POPT_AUTOHELP
661 {
662 .longName = "suppress-prompt",
663 .shortName = 's',
664 .argInfo = POPT_ARG_VAL,
665 .arg = &silent_mode,
666 .val = 1,
667 .descrip = "Suppress prompt for enter",
668 },
669 {
670 .longName = "verbose",
671 .shortName = 'v',
672 .argInfo = POPT_ARG_NONE,
673 .arg = &show_defaults,
674 .val = 1,
675 .descrip = "Show default options too",
676 },
677 {
678 .longName = "skip-logic-checks",
679 .shortName = 'l',
680 .argInfo = POPT_ARG_NONE,
681 .arg = &skip_logic_checks,
682 .val = 1,
683 .descrip = "Skip the global checks",
684 },
685 {
686 .longName = "show-all-parameters",
687 .shortName = '\0',
688 .argInfo = POPT_ARG_VAL,
689 .arg = &show_all_parameters,
690 .val = True,
691 .descrip = "Show the parameters, type, possible "
692 "values",
693 },
694 {
695 .longName = "parameter-name",
696 .shortName = '\0',
697 .argInfo = POPT_ARG_STRING,
698 .arg = &parameter_name,
699 .val = 0,
700 .descrip = "Limit testparm to a named parameter",
701 },
702 {
703 .longName = "section-name",
704 .shortName = '\0',
705 .argInfo = POPT_ARG_STRING,
706 .arg = &section_name,
707 .val = 0,
708 .descrip = "Limit testparm to a named section",
709 },
710 POPT_COMMON_VERSION
711 POPT_COMMON_DEBUGLEVEL
712 POPT_COMMON_OPTION
713 POPT_TABLEEND
714 };
715
716 TALLOC_CTX *frame = talloc_stackframe();
717
718 smb_init_locale();
719 /*
720 * Set the default debug level to 1.
721 * Allow it to be overridden by the command line,
722 * not by smb.conf.
723 */
724 lp_set_cmdline("log level", "1");
725
726 pc = poptGetContext(NULL, argc, argv, long_options,
727 POPT_CONTEXT_KEEP_FIRST);
728 poptSetOtherOptionHelp(pc, "[OPTION...] <config-file> [host-name] [host-ip]");
729
730 while(poptGetNextOpt(pc) != -1);
731
732 if (show_all_parameters) {
733 show_parameter_list();
734 exit(0);
735 }
736
737 setup_logging(poptGetArg(pc), DEBUG_STDERR);
738
739 if (poptPeekArg(pc))
740 config_file = poptGetArg(pc);
741
742 cname = poptGetArg(pc);
743 caddr = poptGetArg(pc);
744
745 poptFreeContext(pc);
746
747 if ( cname && ! caddr ) {
748 printf ( "ERROR: You must specify both a machine name and an IP address.\n" );
749 ret = 1;
750 goto done;
751 }
752
753 fprintf(stderr,"Load smb config files from %s\n",config_file);
754
755 if (!lp_load_with_registry_shares(config_file)) {
756 fprintf(stderr,"Error loading services.\n");
757 ret = 1;
758 goto done;
759 }
760
761 fprintf(stderr,"Loaded services file OK.\n");
762
763 if (samba_gnutls_weak_crypto_allowed()) {
764 weak_crypo_str = "allowed";
765 } else {
766 weak_crypo_str = "disallowed";
767 }
768 fprintf(stderr, "Weak crypto is %s\n", weak_crypo_str);
769
770 if (skip_logic_checks == 0) {
771 ret = do_global_checks();
772 }
773
774 for (s=0;s<1000;s++) {
775 if (VALID_SNUM(s) && (skip_logic_checks == 0)) {
776 do_per_share_checks(s);
777 }
778 }
779
780
781 if (!section_name && !parameter_name) {
782 fprintf(stderr,
783 "Server role: %s\n\n",
784 server_role_str(lp_server_role()));
785 }
786
787 if (!cname) {
788 if (!silent_mode) {
789 fprintf(stderr,"Press enter to see a dump of your service definitions\n");
790 fflush(stdout);
791 getc(stdin);
792 }
793 if (parameter_name || section_name) {
794 bool isGlobal = False;
795 s = GLOBAL_SECTION_SNUM;
796
797 if (!section_name) {
798 section_name = GLOBAL_NAME;
799 isGlobal = True;
800 } else if ((isGlobal=!strwicmp(section_name, GLOBAL_NAME)) == 0 &&
801 (s=lp_servicenumber(section_name)) == -1) {
802 fprintf(stderr,"Unknown section %s\n",
803 section_name);
804 ret = 1;
805 goto done;
806 }
807 if (parameter_name) {
808 if (!dump_a_parameter( s, parameter_name, stdout, isGlobal)) {
809 fprintf(stderr,"Parameter %s unknown for section %s\n",
810 parameter_name, section_name);
811 ret = 1;
812 goto done;
813 }
814 } else {
815 if (isGlobal == True)
816 lp_dump(stdout, show_defaults, 0);
817 else
818 lp_dump_one(stdout, show_defaults, s);
819 }
820 goto done;
821 }
822
823 lp_dump(stdout, show_defaults, lp_numservices());
824 }
825
826 if(cname && caddr){
827 /* this is totally ugly, a real `quick' hack */
828 for (s=0;s<1000;s++) {
829 if (VALID_SNUM(s)) {
830 if (allow_access(lp_hosts_deny(-1), lp_hosts_allow(-1), cname, caddr)
831 && allow_access(lp_hosts_deny(s), lp_hosts_allow(s), cname, caddr)) {
832 fprintf(stderr,"Allow connection from %s (%s) to %s\n",
833 cname,caddr,lp_servicename(talloc_tos(), lp_sub, s));
834 } else {
835 fprintf(stderr,"Deny connection from %s (%s) to %s\n",
836 cname,caddr,lp_servicename(talloc_tos(), lp_sub, s));
837 }
838 }
839 }
840 }
841
842 done:
843 gfree_loadparm();
844 TALLOC_FREE(frame);
845 return ret;
846 }
847
Samba GIT mirror