diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-11-10 12:45:54 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-11-17 00:34:08 +0100 |
commit | 9524e2fce1b7f644fef5f7c8134f72681d786e65 (patch) | |
tree | 0ffe517b8f05845767921af0c255eea71da5f71e /source3 | |
parent | f099feaa01b6548cb60cb9d7d50b1f196b1af878 (diff) | |
download | samba-9524e2fce1b7f644fef5f7c8134f72681d786e65.tar.gz samba-9524e2fce1b7f644fef5f7c8134f72681d786e65.tar.bz2 samba-9524e2fce1b7f644fef5f7c8134f72681d786e65.zip |
param: calculate server role from security, and security from server role
This allows smb.conf files from either the samba3 or samba4 tradition
to come to the same value of server role, using the information in the
smb.conf file.
This is important so that tools like 'net getlocalsid' work against a
Samba4 AD installation (yes, users have tried this).
Andrew Bartlett
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 2 | ||||
-rw-r--r-- | source3/include/proto.h | 1 | ||||
-rw-r--r-- | source3/param/loadparm.c | 15 | ||||
-rw-r--r-- | source3/param/loadparm_ctx.c | 1 | ||||
-rw-r--r-- | source3/param/loadparm_server_role.c | 103 | ||||
-rwxr-xr-x | source3/wscript_build | 2 |
6 files changed, 11 insertions, 113 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 1ec93a1104..76b00b75a2 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -495,7 +495,7 @@ READLINE_OBJ = ../libcli/smbreadline/smbreadline.o # Be sure to include them into your application POPT_LIB_OBJ = lib/popt_common.o -PARAM_WITHOUT_REG_OBJ = ../dynconfig/dynconfig.o param/loadparm.o param/loadparm_ctx.o param/loadparm_server_role.o param/util.o lib/sharesec.o lib/ldap_debug_handler.o ../lib/param/loadparm.o ../lib/param/util.o +PARAM_WITHOUT_REG_OBJ = ../dynconfig/dynconfig.o param/loadparm.o param/loadparm_ctx.o ../lib/param/loadparm_server_role.o param/util.o lib/sharesec.o lib/ldap_debug_handler.o ../lib/param/loadparm.o ../lib/param/util.o PARAM_REG_ADD_OBJ = $(REG_SMBCONF_OBJ) $(LIBSMBCONF_OBJ) $(PRIVILEGES_BASIC_OBJ) PARAM_OBJ = $(PARAM_WITHOUT_REG_OBJ) $(PARAM_REG_ADD_OBJ) diff --git a/source3/include/proto.h b/source3/include/proto.h index b9e7f384ab..0228120cc6 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1619,7 +1619,6 @@ struct share_params *get_share_params(TALLOC_CTX *mem_ctx, const char *sharename); const char *volume_label(int snum); bool lp_domain_master(void); -bool lp_domain_master_true_or_auto(void); bool lp_preferred_master(void); void lp_remove_service(int snum); void lp_copy_service(int snum, const char *new_name); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 285023944a..25b5eb84dc 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -60,6 +60,7 @@ #include "lib/smbconf/smbconf.h" #include "lib/smbconf/smbconf_init.h" #include "lib/param/loadparm.h" +#include "lib/param/loadparm_server_role.h" #include "ads.h" #include "../librpc/gen_ndr/svcctl.h" @@ -4822,7 +4823,7 @@ static void init_globals(bool reinit_globals) Globals.PrintcapCacheTime = 750; /* 12.5 minutes */ Globals.ConfigBackend = config_backend; - Globals.ServerRole = ROLE_STANDALONE; + Globals.ServerRole = ROLE_AUTO; /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */ /* Discovered by 2 days of pain by Don McCall @ HP :-). */ @@ -5390,7 +5391,7 @@ FN_GLOBAL_INTEGER(lp_lock_spin_time, iLockSpinTime) FN_GLOBAL_INTEGER(lp_usershare_max_shares, iUsershareMaxShares) FN_GLOBAL_CONST_STRING(lp_socket_options, szSocketOptions) FN_GLOBAL_INTEGER(lp_config_backend, ConfigBackend) -FN_GLOBAL_INTEGER(lp_server_role, ServerRole) +static FN_GLOBAL_INTEGER(lp__server_role, ServerRole) FN_GLOBAL_INTEGER(lp_smb2_max_read, ismb2_max_read) FN_GLOBAL_INTEGER(lp_smb2_max_write, ismb2_max_write) FN_GLOBAL_INTEGER(lp_smb2_max_trans, ismb2_max_trans) @@ -9121,7 +9122,6 @@ static bool lp_load_ex(const char *pszFname, } } - set_server_role(); set_allowed_client_auth(); if (lp_security() == SEC_SHARE) { @@ -9432,7 +9432,7 @@ bool lp_domain_master(void) If we are PDC then prefer us as DMB ************************************************************/ -bool lp_domain_master_true_or_auto(void) +static bool lp_domain_master_true_or_auto(void) { if (Globals.iDomainMaster) /* auto or yes */ return true; @@ -9736,7 +9736,10 @@ bool lp_readraw(void) return _lp_readraw(); } -void _lp_set_server_role(int server_role) +int lp_server_role(void) { - Globals.ServerRole = server_role; + return lp_find_server_role(lp__server_role(), + lp_security(), + lp_domain_logons(), + lp_domain_master_true_or_auto()); } diff --git a/source3/param/loadparm_ctx.c b/source3/param/loadparm_ctx.c index 1e11eeb4b2..61fe97462d 100644 --- a/source3/param/loadparm_ctx.c +++ b/source3/param/loadparm_ctx.c @@ -74,7 +74,6 @@ static const struct loadparm_s3_context s3_fns = .dump = lp_dump, .server_role = lp_server_role, - .domain_master = lp_domain_master, .winbind_separator = lp_winbind_separator, .template_homedir = lp_template_homedir, diff --git a/source3/param/loadparm_server_role.c b/source3/param/loadparm_server_role.c deleted file mode 100644 index 7fe4411b54..0000000000 --- a/source3/param/loadparm_server_role.c +++ /dev/null @@ -1,103 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Parameter loading functions - Copyright (C) Karl Auer 1993-1998 - - Largely re-written by Andrew Tridgell, September 1994 - - Copyright (C) Simo Sorce 2001 - Copyright (C) Alexander Bokovoy 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 - Copyright (C) Michael Adam 2008 - Copyright (C) Andrew Bartlett 2010 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ -#include "includes.h" - -/******************************************************************* - Set the server type we will announce as via nmbd. -********************************************************************/ - -static const struct srv_role_tab { - uint32 role; - const char *role_str; -} srv_role_tab [] = { - { ROLE_STANDALONE, "ROLE_STANDALONE" }, - { ROLE_DOMAIN_MEMBER, "ROLE_DOMAIN_MEMBER" }, - { ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" }, - { ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" }, - { 0, NULL } -}; - -const char* server_role_str(uint32 role) -{ - int i = 0; - for (i=0; srv_role_tab[i].role_str; i++) { - if (role == srv_role_tab[i].role) { - return srv_role_tab[i].role_str; - } - } - return NULL; -} - -void set_server_role(void) -{ - int server_role = ROLE_STANDALONE; - - switch (lp_security()) { - case SEC_SHARE: - if (lp_domain_logons()) - DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n")); - break; - case SEC_SERVER: - if (lp_domain_logons()) - DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n")); - /* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */ - server_role = ROLE_STANDALONE; - break; - case SEC_DOMAIN: - if (lp_domain_logons()) { - DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n")); - server_role = ROLE_DOMAIN_BDC; - break; - } - server_role = ROLE_DOMAIN_MEMBER; - break; - case SEC_ADS: - if (lp_domain_logons()) { - server_role = ROLE_DOMAIN_CONTROLLER; - break; - } - server_role = ROLE_DOMAIN_MEMBER; - break; - case SEC_USER: - if (lp_domain_logons()) { - - if (lp_domain_master_true_or_auto()) /* auto or yes */ - server_role = ROLE_DOMAIN_PDC; - else - server_role = ROLE_DOMAIN_BDC; - } - break; - default: - DEBUG(0, ("Server's Role undefined due to unknown security mode\n")); - break; - } - - _lp_set_server_role(server_role); - DEBUG(10, ("set_server_role: role = %s\n", server_role_str(server_role))); -} - diff --git a/source3/wscript_build b/source3/wscript_build index 99d40406d7..2b05edb0d2 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -82,7 +82,7 @@ POPT_LIB_SRC = '''lib/popt_common.c''' PARAM_UTIL_SRC = '''param/util.c''' -PARAM_WITHOUT_REG_SRC = '''param/loadparm.c param/loadparm_server_role.c +PARAM_WITHOUT_REG_SRC = '''param/loadparm.c lib/sharesec.c lib/ldap_debug_handler.c lib/util_names.c''' KRBCLIENT_SRC = '''libads/kerberos.c libads/ads_status.c libsmb/clikrb5.c''' |