param: calculate server role from security, and security from server role

This allows smb.conf files from either the samba3 or samba4 tradition to come to the same value of server role, using the information in the smb.conf file. This is important so that tools like 'net getlocalsid' work against a Samba4 AD installation (yes, users have tried this). Andrew Bartlett Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2011-11-10 12:45:54 +1100
committer: Andrew Bartlett <abartlet@samba.org> 2011-11-17 00:34:08 +0100
commit: 9524e2fce1b7f644fef5f7c8134f72681d786e65 (patch)
tree: 0ffe517b8f05845767921af0c255eea71da5f71e /lib/param/loadparm_server_role.c
parent: f099feaa01b6548cb60cb9d7d50b1f196b1af878 (diff)
download: samba-9524e2fce1b7f644fef5f7c8134f72681d786e65.tar.gz
samba-9524e2fce1b7f644fef5f7c8134f72681d786e65.tar.bz2
samba-9524e2fce1b7f644fef5f7c8134f72681d786e65.zip
1 files changed, 143 insertions, 0 deletions
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c
new file mode 100644
index 0000000000..1abe9b9ddc
--- /dev/null
+++ b/lib/param/loadparm_server_role.c
@@ -0,0 +1,143 @@
+/*
+   Unix SMB/CIFS implementation.
+   Parameter loading functions
+   Copyright (C) Karl Auer 1993-1998
+
+   Largely re-written by Andrew Tridgell, September 1994
+
+   Copyright (C) Simo Sorce 2001
+   Copyright (C) Alexander Bokovoy 2002
+   Copyright (C) Stefan (metze) Metzmacher 2002
+   Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+   Copyright (C) Michael Adam 2008
+   Copyright (C) Andrew Bartlett 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "includes.h"
+#include "lib/param/loadparm_server_role.h"
+#include "libds/common/roles.h"
+
+/*******************************************************************
+ Set the server type we will announce as via nmbd.
+********************************************************************/
+
+static const struct srv_role_tab {
+	uint32_t role;
+	const char *role_str;
+} srv_role_tab [] = {
+	{ ROLE_STANDALONE, "ROLE_STANDALONE" },
+	{ ROLE_DOMAIN_MEMBER, "ROLE_DOMAIN_MEMBER" },
+	{ ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" },
+	{ ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" },
+	{ 0, NULL }
+};
+
+const char* server_role_str(uint32_t role)
+{
+	int i = 0;
+	for (i=0; srv_role_tab[i].role_str; i++) {
+		if (role == srv_role_tab[i].role) {
+			return srv_role_tab[i].role_str;
+		}
+	}
+	return NULL;
+}
+
+/**
+ * Set the server role based on security, domain logons and domain master
+ */
+int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master)
+{
+	int role;
+
+	if (server_role != ROLE_AUTO) {
+		return server_role;
+	}
+
+	/* If server_role is set to ROLE_AUTO, figure out the correct role */
+	role = ROLE_STANDALONE;
+
+	switch (security) {
+		case SEC_SHARE:
+			if (domain_logons) {
+				DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
+			}
+			break;
+		case SEC_SERVER:
+			if (domain_logons) {
+				DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
+			}
+			/* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */
+			role = ROLE_STANDALONE;
+			break;
+		case SEC_DOMAIN:
+			if (domain_logons) {
+				DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
+				role = ROLE_DOMAIN_BDC;
+				break;
+			}
+			role = ROLE_DOMAIN_MEMBER;
+			break;
+		case SEC_ADS:
+			if (domain_logons) {
+				role = ROLE_DOMAIN_CONTROLLER;
+				break;
+			}
+			role = ROLE_DOMAIN_MEMBER;
+			break;
+		case SEC_AUTO:
+		case SEC_USER:
+			if (domain_logons) {
+
+				if (domain_master) {
+					role = ROLE_DOMAIN_PDC;
+				} else {
+					role = ROLE_DOMAIN_BDC;
+				}
+			}
+			break;
+		default:
+			DEBUG(0, ("Server's Role undefined due to unknown security mode\n"));
+			break;
+	}
+
+	return role;
+}
+
+/**
+ * Set the server role based on security, domain logons and domain master
+ */
+int lp_find_security(int server_role, int security)
+{
+	if (security != SEC_AUTO) {
+		return security;
+	}
+
+	switch (server_role) {
+	case ROLE_AUTO:
+	case ROLE_STANDALONE:
+		return SEC_USER;
+	case ROLE_DOMAIN_MEMBER:
+#if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4)
+		return SEC_ADS;
+#else
+		return SEC_DOMAIN;
+#endif
+	case ROLE_DOMAIN_PDC:
+	case ROLE_DOMAIN_BDC:
+	default:
+		return SEC_USER;
+	}
+}
author	Andrew Bartlett <abartlet@samba.org>	2011-11-10 12:45:54 +1100
committer	Andrew Bartlett <abartlet@samba.org>	2011-11-17 00:34:08 +0100
commit	9524e2fce1b7f644fef5f7c8134f72681d786e65 (patch)
tree	0ffe517b8f05845767921af0c255eea71da5f71e /lib/param/loadparm_server_role.c
parent	f099feaa01b6548cb60cb9d7d50b1f196b1af878 (diff)
download	samba-9524e2fce1b7f644fef5f7c8134f72681d786e65.tar.gz samba-9524e2fce1b7f644fef5f7c8134f72681d786e65.tar.bz2 samba-9524e2fce1b7f644fef5f7c8134f72681d786e65.zip