00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035 #include "includes.h"
00036
00037 extern BOOL AllowDebugChange;
00038
00039
00040
00041
00042
00043
00044 static int do_global_checks(void)
00045 {
00046 int ret = 0;
00047 SMB_STRUCT_STAT st;
00048
00049 if (lp_security() >= SEC_DOMAIN && !lp_encrypted_passwords()) {
00050 fprintf(stderr, "ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must always be set to 'true'.\n");
00051 ret = 1;
00052 }
00053
00054 if (lp_wins_support() && lp_wins_server_list()) {
00055 fprintf(stderr, "ERROR: both 'wins support = true' and 'wins server = <server list>' \
00056 cannot be set in the smb.conf file. nmbd will abort with this setting.\n");
00057 ret = 1;
00058 }
00059
00060 if (!directory_exist(lp_lockdir(), &st)) {
00061 fprintf(stderr, "ERROR: lock directory %s does not exist\n",
00062 lp_lockdir());
00063 ret = 1;
00064 } else if ((st.st_mode & 0777) != 0755) {
00065 fprintf(stderr, "WARNING: lock directory %s should have permissions 0755 for browsing to work\n",
00066 lp_lockdir());
00067 ret = 1;
00068 }
00069
00070 if (!directory_exist(lp_piddir(), &st)) {
00071 fprintf(stderr, "ERROR: pid directory %s does not exist\n",
00072 lp_piddir());
00073 ret = 1;
00074 }
00075
00076 if (lp_passdb_expand_explicit()) {
00077 fprintf(stderr, "WARNING: passdb expand explicit = yes is "
00078 "deprecated\n");
00079 }
00080
00081
00082
00083
00084
00085 if((lp_security() == SEC_SERVER || lp_security() >= SEC_DOMAIN) && !lp_passwordserver()) {
00086 pstring sec_setting;
00087 if(lp_security() == SEC_SERVER)
00088 pstrcpy(sec_setting, "server");
00089 else if(lp_security() == SEC_DOMAIN)
00090 pstrcpy(sec_setting, "domain");
00091
00092 fprintf(stderr, "ERROR: The setting 'security=%s' requires the 'password server' parameter be set \
00093 to a valid password server.\n", sec_setting );
00094 ret = 1;
00095 }
00096
00097
00098
00099
00100
00101
00102 if(lp_security() == SEC_USER && lp_unix_password_sync()) {
00103
00104
00105
00106
00107
00108 #ifdef WITH_PAM
00109 if (!lp_pam_password_change()) {
00110 #endif
00111
00112 if(lp_passwd_program() == NULL) {
00113 fprintf( stderr, "ERROR: the 'unix password sync' parameter is set and there is no valid 'passwd program' \
00114 parameter.\n" );
00115 ret = 1;
00116 } else {
00117 pstring passwd_prog;
00118 pstring truncated_prog;
00119 const char *p;
00120
00121 pstrcpy( passwd_prog, lp_passwd_program());
00122 p = passwd_prog;
00123 *truncated_prog = '\0';
00124 next_token(&p, truncated_prog, NULL, sizeof(pstring));
00125
00126 if(access(truncated_prog, F_OK) == -1) {
00127 fprintf(stderr, "ERROR: the 'unix password sync' parameter is set and the 'passwd program' (%s) \
00128 cannot be executed (error was %s).\n", truncated_prog, strerror(errno) );
00129 ret = 1;
00130 }
00131
00132 }
00133
00134 #ifdef WITH_PAM
00135 }
00136 #endif
00137
00138 if(lp_passwd_chat() == NULL) {
00139 fprintf(stderr, "ERROR: the 'unix password sync' parameter is set and there is no valid 'passwd chat' \
00140 parameter.\n");
00141 ret = 1;
00142 } else
00143
00144 if(strstr_m(lp_passwd_program(), "%u") == NULL) {
00145 fprintf(stderr, "ERROR: the 'passwd program' (%s) requires a '%%u' parameter.\n", lp_passwd_program());
00146 ret = 1;
00147 }
00148
00149
00150
00151
00152
00153
00154 if(lp_encrypted_passwords()) {
00155 if(strstr_m( lp_passwd_chat(), "%o")!=NULL) {
00156 fprintf(stderr, "ERROR: the 'passwd chat' script [%s] expects to use the old plaintext password \
00157 via the %%o substitution. With encrypted passwords this is not possible.\n", lp_passwd_chat() );
00158 ret = 1;
00159 }
00160 }
00161 }
00162
00163 if (strlen(lp_winbind_separator()) != 1) {
00164 fprintf(stderr,"ERROR: the 'winbind separator' parameter must be a single character.\n");
00165 ret = 1;
00166 }
00167
00168 if (*lp_winbind_separator() == '+') {
00169 fprintf(stderr,"'winbind separator = +' might cause problems with group membership.\n");
00170 }
00171
00172 if (lp_algorithmic_rid_base() < BASE_RID) {
00173
00174
00175 fprintf(stderr,"'algorithmic rid base' must be equal to or above %lu\n", BASE_RID);
00176 }
00177
00178 if (lp_algorithmic_rid_base() & 1) {
00179 fprintf(stderr,"'algorithmic rid base' must be even.\n");
00180 }
00181
00182 #ifndef HAVE_DLOPEN
00183 if (lp_preload_modules()) {
00184 fprintf(stderr,"WARNING: 'preload modules = ' set while loading plugins not supported.\n");
00185 }
00186 #endif
00187
00188 if (!lp_passdb_backend()) {
00189 fprintf(stderr,"ERROR: passdb backend must have a value or be left out\n");
00190 }
00191
00192 return ret;
00193 }
00194
00195 int main(int argc, const char *argv[])
00196 {
00197 const char *config_file = dyn_CONFIGFILE;
00198 int s;
00199 static BOOL silent_mode = False;
00200 static BOOL show_all_parameters = False;
00201 int ret = 0;
00202 poptContext pc;
00203 static const char *term_code = "";
00204 static char *parameter_name = NULL;
00205 static const char *section_name = NULL;
00206 static char *new_local_machine = NULL;
00207 const char *cname;
00208 const char *caddr;
00209 static int show_defaults;
00210
00211 struct poptOption long_options[] = {
00212 POPT_AUTOHELP
00213 {"suppress-prompt", 's', POPT_ARG_VAL, &silent_mode, 1, "Suppress prompt for enter"},
00214 {"verbose", 'v', POPT_ARG_NONE, &show_defaults, 1, "Show default options too"},
00215 {"server", 'L',POPT_ARG_STRING, &new_local_machine, 0, "Set %%L macro to servername\n"},
00216 {"encoding", 't', POPT_ARG_STRING, &term_code, 0, "Print parameters with encoding"},
00217 {"show-all-parameters", '\0', POPT_ARG_VAL, &show_all_parameters, True, "Show the parameters, type, possible values" },
00218 {"parameter-name", '\0', POPT_ARG_STRING, ¶meter_name, 0, "Limit testparm to a named parameter" },
00219 {"section-name", '\0', POPT_ARG_STRING, §ion_name, 0, "Limit testparm to a named section" },
00220 POPT_COMMON_VERSION
00221 POPT_TABLEEND
00222 };
00223
00224 load_case_tables();
00225
00226 pc = poptGetContext(NULL, argc, argv, long_options,
00227 POPT_CONTEXT_KEEP_FIRST);
00228 poptSetOtherOptionHelp(pc, "[OPTION...] <config-file> [host-name] [host-ip]");
00229
00230 while(poptGetNextOpt(pc) != -1);
00231
00232 if (show_all_parameters) {
00233 show_parameter_list();
00234 exit(0);
00235 }
00236
00237 setup_logging(poptGetArg(pc), True);
00238
00239 if (poptPeekArg(pc))
00240 config_file = poptGetArg(pc);
00241
00242 cname = poptGetArg(pc);
00243 caddr = poptGetArg(pc);
00244
00245 if ( cname && ! caddr ) {
00246 printf ( "ERROR: You must specify both a machine name and an IP address.\n" );
00247 return(1);
00248 }
00249
00250 if (new_local_machine) {
00251 set_local_machine_name(new_local_machine, True);
00252 }
00253
00254 dbf = x_stderr;
00255 DEBUGLEVEL = 2;
00256 AllowDebugChange = False;
00257
00258 fprintf(stderr,"Load smb config files from %s\n",config_file);
00259
00260 if (!lp_load(config_file,False,True,False,True)) {
00261 fprintf(stderr,"Error loading services.\n");
00262 return(1);
00263 }
00264
00265 fprintf(stderr,"Loaded services file OK.\n");
00266
00267 ret = do_global_checks();
00268
00269 for (s=0;s<1000;s++) {
00270 if (VALID_SNUM(s))
00271 if (strlen(lp_servicename(s)) > 12) {
00272 fprintf(stderr, "WARNING: You have some share names that are longer than 12 characters.\n" );
00273 fprintf(stderr, "These may not be accessible to some older clients.\n" );
00274 fprintf(stderr, "(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)\n" );
00275 break;
00276 }
00277 }
00278
00279 for (s=0;s<1000;s++) {
00280 if (VALID_SNUM(s)) {
00281 const char **deny_list = lp_hostsdeny(s);
00282 const char **allow_list = lp_hostsallow(s);
00283 int i;
00284 if(deny_list) {
00285 for (i=0; deny_list[i]; i++) {
00286 char *hasstar = strchr_m(deny_list[i], '*');
00287 char *hasquery = strchr_m(deny_list[i], '?');
00288 if(hasstar || hasquery) {
00289 fprintf(stderr,"Invalid character %c in hosts deny list (%s) for service %s.\n",
00290 hasstar ? *hasstar : *hasquery, deny_list[i], lp_servicename(s) );
00291 }
00292 }
00293 }
00294
00295 if(allow_list) {
00296 for (i=0; allow_list[i]; i++) {
00297 char *hasstar = strchr_m(allow_list[i], '*');
00298 char *hasquery = strchr_m(allow_list[i], '?');
00299 if(hasstar || hasquery) {
00300 fprintf(stderr,"Invalid character %c in hosts allow list (%s) for service %s.\n",
00301 hasstar ? *hasstar : *hasquery, allow_list[i], lp_servicename(s) );
00302 }
00303 }
00304 }
00305
00306 if(lp_level2_oplocks(s) && !lp_oplocks(s)) {
00307 fprintf(stderr,"Invalid combination of parameters for service %s. \
00308 Level II oplocks can only be set if oplocks are also set.\n",
00309 lp_servicename(s) );
00310 }
00311
00312 if (lp_map_hidden(s) && !(lp_create_mask(s) & S_IXOTH)) {
00313 fprintf(stderr,"Invalid combination of parameters for service %s. \
00314 Map hidden can only work if create mask includes octal 01 (S_IXOTH).\n",
00315 lp_servicename(s) );
00316 }
00317 if (lp_map_hidden(s) && (lp_force_create_mode(s) & S_IXOTH)) {
00318 fprintf(stderr,"Invalid combination of parameters for service %s. \
00319 Map hidden can only work if force create mode excludes octal 01 (S_IXOTH).\n",
00320 lp_servicename(s) );
00321 }
00322 if (lp_map_system(s) && !(lp_create_mask(s) & S_IXGRP)) {
00323 fprintf(stderr,"Invalid combination of parameters for service %s. \
00324 Map system can only work if create mask includes octal 010 (S_IXGRP).\n",
00325 lp_servicename(s) );
00326 }
00327 if (lp_map_system(s) && (lp_force_create_mode(s) & S_IXGRP)) {
00328 fprintf(stderr,"Invalid combination of parameters for service %s. \
00329 Map system can only work if force create mode excludes octal 010 (S_IXGRP).\n",
00330 lp_servicename(s) );
00331 }
00332 #ifdef HAVE_CUPS
00333 if (lp_printing(s) == PRINT_CUPS && *(lp_printcommand(s)) != '\0') {
00334 fprintf(stderr,"Warning: Service %s defines a print command, but \
00335 print command parameter is ignored when using CUPS libraries.\n",
00336 lp_servicename(s) );
00337 }
00338 #endif
00339 }
00340 }
00341
00342
00343 if (!section_name && !parameter_name) {
00344 fprintf(stderr,"Server role: %s\n", server_role_str(lp_server_role()));
00345 }
00346
00347 if (!cname) {
00348 if (!silent_mode) {
00349 fprintf(stderr,"Press enter to see a dump of your service definitions\n");
00350 fflush(stdout);
00351 getc(stdin);
00352 }
00353 if (parameter_name || section_name) {
00354 BOOL isGlobal = False;
00355 s = GLOBAL_SECTION_SNUM;
00356
00357 if (!section_name) {
00358 section_name = GLOBAL_NAME;
00359 isGlobal = True;
00360 } else if ((isGlobal=!strwicmp(section_name, GLOBAL_NAME)) == 0 &&
00361 (s=lp_servicenumber(section_name)) == -1) {
00362 fprintf(stderr,"Unknown section %s\n",
00363 section_name);
00364 return(1);
00365 }
00366 if (parameter_name) {
00367 if (!dump_a_parameter( s, parameter_name, stdout, isGlobal)) {
00368 fprintf(stderr,"Parameter %s unknown for section %s\n",
00369 parameter_name, section_name);
00370 return(1);
00371 }
00372 } else {
00373 if (isGlobal == True)
00374 lp_dump(stdout, show_defaults, 0);
00375 else
00376 lp_dump_one(stdout, show_defaults, s);
00377 }
00378 return(ret);
00379 }
00380
00381 lp_dump(stdout, show_defaults, lp_numservices());
00382 }
00383
00384 if(cname && caddr){
00385
00386 for (s=0;s<1000;s++) {
00387 if (VALID_SNUM(s)) {
00388 if (allow_access(lp_hostsdeny(-1), lp_hostsallow(-1), cname, caddr)
00389 && allow_access(lp_hostsdeny(s), lp_hostsallow(s), cname, caddr)) {
00390 fprintf(stderr,"Allow connection from %s (%s) to %s\n",
00391 cname,caddr,lp_servicename(s));
00392 } else {
00393 fprintf(stderr,"Deny connection from %s (%s) to %s\n",
00394 cname,caddr,lp_servicename(s));
00395 }
00396 }
00397 }
00398 }
00399 return(ret);
00400 }
00401