diff options
| -rw-r--r-- | lib/param/loadparm.c | 27 | ||||
| -rw-r--r-- | lib/param/loadparm_server_role.c (renamed from source3/param/loadparm_server_role.c) | 82 | ||||
| -rw-r--r-- | lib/param/loadparm_server_role.h | 31 | ||||
| -rw-r--r-- | lib/param/wscript_build | 7 | ||||
| -rw-r--r-- | libds/common/roles.h | 2 | ||||
| -rw-r--r-- | script/mks3param.pl | 1 | ||||
| -rw-r--r-- | source3/Makefile.in | 2 | ||||
| -rw-r--r-- | source3/include/proto.h | 1 | ||||
| -rw-r--r-- | source3/param/loadparm.c | 15 | ||||
| -rw-r--r-- | source3/param/loadparm_ctx.c | 1 | ||||
| -rwxr-xr-x | source3/wscript_build | 2 |
11 files changed, 132 insertions, 39 deletions
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 44d219a9e4..aaff5bc5bc 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -65,6 +65,7 @@ #include "s3_param.h" #include "lib/util/bitmap.h" #include "libcli/smb/smb_constants.h" +#include "lib/param/loadparm_server_role.h" #define standard_sub_basic talloc_strdup @@ -81,6 +82,10 @@ static bool defaults_saved = false; char *tls_dhpfile; \ char *loglevel; \ char *panic_action; \ + int server_role; \ + int security; \ + int domain_master; \ + bool domain_logons; \ int bPreferredMaster; #include "param_global.h" @@ -113,8 +118,10 @@ static const struct enum_list enum_protocol[] = { }; static const struct enum_list enum_security[] = { + {SEC_AUTO, "AUTO"}, {SEC_SHARE, "SHARE"}, {SEC_USER, "USER"}, + {SEC_DOMAIN, "DOMAIN"}, {SEC_ADS, "ADS"}, {-1, NULL} }; @@ -1484,9 +1491,6 @@ static struct loadparm_context *global_loadparm_context; #include "lib/param/param_functions.c" -FN_GLOBAL_INTEGER(server_role, server_role) -static FN_GLOBAL_BOOL(domain_logons, domain_logons) -FN_GLOBAL_INTEGER(domain_master, domain_master) FN_GLOBAL_LIST(smb_ports, smb_ports) FN_GLOBAL_INTEGER(nbt_port, nbt_port) FN_GLOBAL_INTEGER(dgram_port, dgram_port) @@ -1570,7 +1574,6 @@ FN_GLOBAL_INTEGER(srv_maxprotocol, srv_maxprotocol) FN_GLOBAL_INTEGER(srv_minprotocol, srv_minprotocol) FN_GLOBAL_INTEGER(cli_maxprotocol, cli_maxprotocol) FN_GLOBAL_INTEGER(cli_minprotocol, cli_minprotocol) -FN_GLOBAL_INTEGER(security, security) FN_GLOBAL_BOOL(paranoid_server_security, paranoid_server_security) FN_GLOBAL_INTEGER(server_signing, server_signing) @@ -3306,7 +3309,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "share backend", "classic"); - lpcfg_do_global_parameter(lp_ctx, "server role", "standalone"); + lpcfg_do_global_parameter(lp_ctx, "server role", "auto"); lpcfg_do_global_parameter(lp_ctx, "domain logons", "No"); lpcfg_do_global_parameter(lp_ctx, "domain master", "Auto"); @@ -3370,7 +3373,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "server max protocol", "NT1"); lpcfg_do_global_parameter(lp_ctx, "client min protocol", "CORE"); lpcfg_do_global_parameter(lp_ctx, "client max protocol", "NT1"); - lpcfg_do_global_parameter(lp_ctx, "security", "USER"); + lpcfg_do_global_parameter(lp_ctx, "security", "AUTO"); lpcfg_do_global_parameter(lp_ctx, "paranoid server security", "True"); lpcfg_do_global_parameter(lp_ctx, "EncryptPasswords", "True"); lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True"); @@ -3799,3 +3802,15 @@ struct gensec_settings *lpcfg_gensec_settings(TALLOC_CTX *mem_ctx, struct loadpa return settings; } +int lpcfg_server_role(struct loadparm_context *lp_ctx) +{ + if (lp_ctx->s3_fns) { + return lp_ctx->s3_fns->server_role(); + } + + return lp_find_server_role(lp_ctx->globals->server_role, + lp_ctx->globals->security, + lp_ctx->globals->domain_logons, + (lp_ctx->globals->domain_master == true) || + (lp_ctx->globals->domain_master == Auto)); +} diff --git a/source3/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c index 7fe4411b54..1abe9b9ddc 100644 --- a/source3/param/loadparm_server_role.c +++ b/lib/param/loadparm_server_role.c @@ -26,13 +26,15 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" +#include "lib/param/loadparm_server_role.h" +#include "libds/common/roles.h" /******************************************************************* Set the server type we will announce as via nmbd. ********************************************************************/ static const struct srv_role_tab { - uint32 role; + uint32_t role; const char *role_str; } srv_role_tab [] = { { ROLE_STANDALONE, "ROLE_STANDALONE" }, @@ -42,7 +44,7 @@ static const struct srv_role_tab { { 0, NULL } }; -const char* server_role_str(uint32 role) +const char* server_role_str(uint32_t role) { int i = 0; for (i=0; srv_role_tab[i].role_str; i++) { @@ -53,43 +55,57 @@ const char* server_role_str(uint32 role) return NULL; } -void set_server_role(void) +/** + * Set the server role based on security, domain logons and domain master + */ +int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master) { - int server_role = ROLE_STANDALONE; + int role; - switch (lp_security()) { + if (server_role != ROLE_AUTO) { + return server_role; + } + + /* If server_role is set to ROLE_AUTO, figure out the correct role */ + role = ROLE_STANDALONE; + + switch (security) { case SEC_SHARE: - if (lp_domain_logons()) + if (domain_logons) { DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n")); + } break; case SEC_SERVER: - if (lp_domain_logons()) + if (domain_logons) { DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n")); + } /* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */ - server_role = ROLE_STANDALONE; + role = ROLE_STANDALONE; break; case SEC_DOMAIN: - if (lp_domain_logons()) { + if (domain_logons) { DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n")); - server_role = ROLE_DOMAIN_BDC; + role = ROLE_DOMAIN_BDC; break; } - server_role = ROLE_DOMAIN_MEMBER; + role = ROLE_DOMAIN_MEMBER; break; case SEC_ADS: - if (lp_domain_logons()) { - server_role = ROLE_DOMAIN_CONTROLLER; + if (domain_logons) { + role = ROLE_DOMAIN_CONTROLLER; break; } - server_role = ROLE_DOMAIN_MEMBER; + role = ROLE_DOMAIN_MEMBER; break; + case SEC_AUTO: case SEC_USER: - if (lp_domain_logons()) { + if (domain_logons) { - if (lp_domain_master_true_or_auto()) /* auto or yes */ - server_role = ROLE_DOMAIN_PDC; - else - server_role = ROLE_DOMAIN_BDC; + if (domain_master) { + role = ROLE_DOMAIN_PDC; + } else { + role = ROLE_DOMAIN_BDC; + } } break; default: @@ -97,7 +113,31 @@ void set_server_role(void) break; } - _lp_set_server_role(server_role); - DEBUG(10, ("set_server_role: role = %s\n", server_role_str(server_role))); + return role; } +/** + * Set the server role based on security, domain logons and domain master + */ +int lp_find_security(int server_role, int security) +{ + if (security != SEC_AUTO) { + return security; + } + + switch (server_role) { + case ROLE_AUTO: + case ROLE_STANDALONE: + return SEC_USER; + case ROLE_DOMAIN_MEMBER: +#if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4) + return SEC_ADS; +#else + return SEC_DOMAIN; +#endif + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + default: + return SEC_USER; + } +} diff --git a/lib/param/loadparm_server_role.h b/lib/param/loadparm_server_role.h new file mode 100644 index 0000000000..2c82527573 --- /dev/null +++ b/lib/param/loadparm_server_role.h @@ -0,0 +1,31 @@ +/* + Unix SMB/CIFS implementation. + Parameter loading functions + Copyright (C) Karl Auer 1993-1998 + + Largely re-written by Andrew Tridgell, September 1994 + + Copyright (C) Simo Sorce 2001 + Copyright (C) Alexander Bokovoy 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 + Copyright (C) Michael Adam 2008 + Copyright (C) Andrew Bartlett 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +const char* server_role_str(uint32_t role); +int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master); +int lp_find_security(int server_role, int security); diff --git a/lib/param/wscript_build b/lib/param/wscript_build index f61e822037..13b7709abf 100644 --- a/lib/param/wscript_build +++ b/lib/param/wscript_build @@ -16,11 +16,16 @@ bld.SAMBA_GENERATOR('param_global_h', target='param_global.h', rule='${PERL} ${SRC[1].abspath(env)} ${SRC[0].abspath(env)} --file ${TGT} --generate-scope=GLOBAL') +bld.SAMBA_LIBRARY('server-role', + source='loadparm_server_role.c', + deps='samba-util', + private_library=True) + bld.SAMBA_LIBRARY('samba-hostconfig', source='loadparm.c generic.c util.c', pc_files='samba-hostconfig.pc', vnum='0.0.1', - deps='DYNCONFIG', + deps='DYNCONFIG server-role', public_deps='samba-util param_local_h', public_headers='param.h', autoproto='param_proto.h', diff --git a/libds/common/roles.h b/libds/common/roles.h index f6f04758dd..67236032bc 100644 --- a/libds/common/roles.h +++ b/libds/common/roles.h @@ -43,6 +43,6 @@ enum server_role { #define ROLE_DOMAIN_CONTROLLER ROLE_DOMAIN_BDC /* security levels for 'security =' option */ -enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS}; +enum security_types {SEC_AUTO, SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS}; #endif /* _LIBDS_ROLES_H_ */ diff --git a/script/mks3param.pl b/script/mks3param.pl index 2679b5acae..3126af502c 100644 --- a/script/mks3param.pl +++ b/script/mks3param.pl @@ -95,6 +95,7 @@ sub print_header($$) $file->("\tbool (*load)(const char *filename);\n"); $file->("\tbool (*set_cmdline)(const char *pszParmName, const char *pszParmValue);\n"); $file->("\tvoid (*dump)(FILE *f, bool show_defaults, int maxtoprint);\n"); + $file->("\tint (*server_role)(void);\n"); } sub print_footer($$) diff --git a/source3/Makefile.in b/source3/Makefile.in index 1ec93a1104..76b00b75a2 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -495,7 +495,7 @@ READLINE_OBJ = ../libcli/smbreadline/smbreadline.o # Be sure to include them into your application POPT_LIB_OBJ = lib/popt_common.o -PARAM_WITHOUT_REG_OBJ = ../dynconfig/dynconfig.o param/loadparm.o param/loadparm_ctx.o param/loadparm_server_role.o param/util.o lib/sharesec.o lib/ldap_debug_handler.o ../lib/param/loadparm.o ../lib/param/util.o +PARAM_WITHOUT_REG_OBJ = ../dynconfig/dynconfig.o param/loadparm.o param/loadparm_ctx.o ../lib/param/loadparm_server_role.o param/util.o lib/sharesec.o lib/ldap_debug_handler.o ../lib/param/loadparm.o ../lib/param/util.o PARAM_REG_ADD_OBJ = $(REG_SMBCONF_OBJ) $(LIBSMBCONF_OBJ) $(PRIVILEGES_BASIC_OBJ) PARAM_OBJ = $(PARAM_WITHOUT_REG_OBJ) $(PARAM_REG_ADD_OBJ) diff --git a/source3/include/proto.h b/source3/include/proto.h index b9e7f384ab..0228120cc6 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1619,7 +1619,6 @@ struct share_params *get_share_params(TALLOC_CTX *mem_ctx, const char *sharename); const char *volume_label(int snum); bool lp_domain_master(void); -bool lp_domain_master_true_or_auto(void); bool lp_preferred_master(void); void lp_remove_service(int snum); void lp_copy_service(int snum, const char *new_name); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 285023944a..25b5eb84dc 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -60,6 +60,7 @@ #include "lib/smbconf/smbconf.h" #include "lib/smbconf/smbconf_init.h" #include "lib/param/loadparm.h" +#include "lib/param/loadparm_server_role.h" #include "ads.h" #include "../librpc/gen_ndr/svcctl.h" @@ -4822,7 +4823,7 @@ static void init_globals(bool reinit_globals) Globals.PrintcapCacheTime = 750; /* 12.5 minutes */ Globals.ConfigBackend = config_backend; - Globals.ServerRole = ROLE_STANDALONE; + Globals.ServerRole = ROLE_AUTO; /* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */ /* Discovered by 2 days of pain by Don McCall @ HP :-). */ @@ -5390,7 +5391,7 @@ FN_GLOBAL_INTEGER(lp_lock_spin_time, iLockSpinTime) FN_GLOBAL_INTEGER(lp_usershare_max_shares, iUsershareMaxShares) FN_GLOBAL_CONST_STRING(lp_socket_options, szSocketOptions) FN_GLOBAL_INTEGER(lp_config_backend, ConfigBackend) -FN_GLOBAL_INTEGER(lp_server_role, ServerRole) +static FN_GLOBAL_INTEGER(lp__server_role, ServerRole) FN_GLOBAL_INTEGER(lp_smb2_max_read, ismb2_max_read) FN_GLOBAL_INTEGER(lp_smb2_max_write, ismb2_max_write) FN_GLOBAL_INTEGER(lp_smb2_max_trans, ismb2_max_trans) @@ -9121,7 +9122,6 @@ static bool lp_load_ex(const char *pszFname, } } - set_server_role(); set_allowed_client_auth(); if (lp_security() == SEC_SHARE) { @@ -9432,7 +9432,7 @@ bool lp_domain_master(void) If we are PDC then prefer us as DMB ************************************************************/ -bool lp_domain_master_true_or_auto(void) +static bool lp_domain_master_true_or_auto(void) { if (Globals.iDomainMaster) /* auto or yes */ return true; @@ -9736,7 +9736,10 @@ bool lp_readraw(void) return _lp_readraw(); } -void _lp_set_server_role(int server_role) +int lp_server_role(void) { - Globals.ServerRole = server_role; + return lp_find_server_role(lp__server_role(), + lp_security(), + lp_domain_logons(), + lp_domain_master_true_or_auto()); } diff --git a/source3/param/loadparm_ctx.c b/source3/param/loadparm_ctx.c index 1e11eeb4b2..61fe97462d 100644 --- a/source3/param/loadparm_ctx.c +++ b/source3/param/loadparm_ctx.c @@ -74,7 +74,6 @@ static const struct loadparm_s3_context s3_fns = .dump = lp_dump, .server_role = lp_server_role, - .domain_master = lp_domain_master, .winbind_separator = lp_winbind_separator, .template_homedir = lp_template_homedir, diff --git a/source3/wscript_build b/source3/wscript_build index 99d40406d7..2b05edb0d2 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -82,7 +82,7 @@ POPT_LIB_SRC = '''lib/popt_common.c''' PARAM_UTIL_SRC = '''param/util.c''' -PARAM_WITHOUT_REG_SRC = '''param/loadparm.c param/loadparm_server_role.c +PARAM_WITHOUT_REG_SRC = '''param/loadparm.c lib/sharesec.c lib/ldap_debug_handler.c lib/util_names.c''' KRBCLIENT_SRC = '''libads/kerberos.c libads/ads_status.c libsmb/clikrb5.c''' |