diff options
29 files changed, 245 insertions, 208 deletions
diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h index 34881dd97b..eb9c76817f 100644 --- a/lib/param/loadparm.h +++ b/lib/param/loadparm.h @@ -27,6 +27,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#ifndef _LOADPARM_H +#define _LOADPARM_H + #include "../lib/util/parmlist.h" /* the following are used by loadparm for option lists */ @@ -105,6 +108,86 @@ struct parm_struct { #define DEFAULT_WORKGROUP "WORKGROUP" #endif +/* types of configuration backends for loadparm */ +#define CONFIG_BACKEND_FILE 0 +#define CONFIG_BACKEND_REGISTRY 1 + +/* + Do you want session setups at user level security with a invalid + password to be rejected or allowed in as guest? WinNT rejects them + but it can be a pain as it means "net view" needs to use a password + + You have 3 choices in the setting of map_to_guest: + + "NEVER_MAP_TO_GUEST" means session setups with an invalid password + are rejected. This is the default. + + "MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password + are rejected, unless the username does not exist, in which case it + is treated as a guest login + + "MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password + are treated as a guest login + + Note that map_to_guest only has an effect in user or server + level security. +*/ + +#define NEVER_MAP_TO_GUEST 0 +#define MAP_TO_GUEST_ON_BAD_USER 1 +#define MAP_TO_GUEST_ON_BAD_PASSWORD 2 +#define MAP_TO_GUEST_ON_BAD_UID 3 + +/* + * This should be under the HAVE_KRB5 flag but since they're used + * in lp_kerberos_method(), they ned to be always available + * If you add any entries to KERBEROS_VERIFY defines, please modify USE.*KEYTAB macros + * so they remain accurate. + */ + +#define KERBEROS_VERIFY_SECRETS 0 +#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1 +#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2 +#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3 + +/* ACL compatibility */ +enum acl_compatibility {ACL_COMPAT_AUTO, ACL_COMPAT_WINNT, ACL_COMPAT_WIN2K}; + +/* printing types */ +enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX, + PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ, + PRINT_CUPS,PRINT_LPRNT,PRINT_LPROS2,PRINT_IPRINT +#if defined(DEVELOPER) || defined(ENABLE_BUILD_FARM_HACKS) +,PRINT_TEST,PRINT_VLP +#endif /* DEVELOPER */ +}; + + + + +/* ads auth control flags */ +#define ADS_AUTH_DISABLE_KERBEROS 0x0001 +#define ADS_AUTH_NO_BIND 0x0002 +#define ADS_AUTH_ANON_BIND 0x0004 +#define ADS_AUTH_SIMPLE_BIND 0x0008 +#define ADS_AUTH_ALLOW_NTLMSSP 0x0010 +#define ADS_AUTH_SASL_SIGN 0x0020 +#define ADS_AUTH_SASL_SEAL 0x0040 +#define ADS_AUTH_SASL_FORCE 0x0080 +#define ADS_AUTH_USER_CREDS 0x0100 + +/* LDAP SSL options */ +enum ldap_ssl_types {LDAP_SSL_OFF, LDAP_SSL_START_TLS}; + +/* LDAP PASSWD SYNC methods */ +enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY}; + +/* map readonly options */ +enum mapreadonly_options {MAP_READONLY_NO, MAP_READONLY_YES, MAP_READONLY_PERMISSIONS}; + +/* case handling */ +enum case_handling {CASE_LOWER,CASE_UPPER}; + /* * Default passwd chat script. */ @@ -137,3 +220,5 @@ const char* server_role_str(uint32_t role); int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master); int lp_find_security(int server_role, int security); bool lp_is_security_and_server_role_valid(int server_role, int security); + +#endif /* _LOADPARM_H */ diff --git a/lib/param/param_table.c b/lib/param/param_table.c index 922b147871..9aa0d713a5 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -118,3 +118,137 @@ static const struct enum_list enum_dns_update_settings[] = { {DNS_UPDATE_SIGNED, "signed"}, {-1, NULL} }; + +/* + Do you want session setups at user level security with a invalid + password to be rejected or allowed in as guest? WinNT rejects them + but it can be a pain as it means "net view" needs to use a password + + You have 3 choices in the setting of map_to_guest: + + "Never" means session setups with an invalid password + are rejected. This is the default. + + "Bad User" means session setups with an invalid password + are rejected, unless the username does not exist, in which case it + is treated as a guest login + + "Bad Password" means session setups with an invalid password + are treated as a guest login + + Note that map_to_guest only has an effect in user or server + level security. +*/ + +static const struct enum_list enum_map_to_guest[] = { + {NEVER_MAP_TO_GUEST, "Never"}, + {MAP_TO_GUEST_ON_BAD_USER, "Bad User"}, + {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"}, + {MAP_TO_GUEST_ON_BAD_UID, "Bad Uid"}, + {-1, NULL} +}; + +/* Config backend options */ + +static const struct enum_list enum_config_backend[] = { + {CONFIG_BACKEND_FILE, "file"}, + {CONFIG_BACKEND_REGISTRY, "registry"}, + {-1, NULL} +}; + + +/* ADS kerberos ticket verification options */ + +static const struct enum_list enum_kerberos_method[] = { + {KERBEROS_VERIFY_SECRETS, "default"}, + {KERBEROS_VERIFY_SECRETS, "secrets only"}, + {KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"}, + {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"}, + {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"}, + {-1, NULL} +}; + + +/* ACL compatibility options. */ +static const struct enum_list enum_acl_compat_vals[] = { + { ACL_COMPAT_AUTO, "auto" }, + { ACL_COMPAT_WINNT, "winnt" }, + { ACL_COMPAT_WIN2K, "win2k" }, + { -1, NULL} +}; + + +static const struct enum_list enum_printing[] = { + {PRINT_SYSV, "sysv"}, + {PRINT_AIX, "aix"}, + {PRINT_HPUX, "hpux"}, + {PRINT_BSD, "bsd"}, + {PRINT_QNX, "qnx"}, + {PRINT_PLP, "plp"}, + {PRINT_LPRNG, "lprng"}, + {PRINT_CUPS, "cups"}, + {PRINT_IPRINT, "iprint"}, + {PRINT_LPRNT, "nt"}, + {PRINT_LPROS2, "os2"}, +#if defined(DEVELOPER) || defined(ENABLE_BUILD_FARM_HACKS) + {PRINT_TEST, "test"}, + {PRINT_VLP, "vlp"}, +#endif /* DEVELOPER */ + {-1, NULL} +}; + +static const struct enum_list enum_ldap_sasl_wrapping[] = { + {0, "plain"}, + {ADS_AUTH_SASL_SIGN, "sign"}, + {ADS_AUTH_SASL_SEAL, "seal"}, + {-1, NULL} +}; + +static const struct enum_list enum_ldap_ssl[] = { + {LDAP_SSL_OFF, "no"}, + {LDAP_SSL_OFF, "off"}, + {LDAP_SSL_START_TLS, "start tls"}, + {LDAP_SSL_START_TLS, "start_tls"}, + {-1, NULL} +}; + +/* LDAP Dereferencing Alias types */ +#define SAMBA_LDAP_DEREF_NEVER 0 +#define SAMBA_LDAP_DEREF_SEARCHING 1 +#define SAMBA_LDAP_DEREF_FINDING 2 +#define SAMBA_LDAP_DEREF_ALWAYS 3 + +static const struct enum_list enum_ldap_deref[] = { + {SAMBA_LDAP_DEREF_NEVER, "never"}, + {SAMBA_LDAP_DEREF_SEARCHING, "searching"}, + {SAMBA_LDAP_DEREF_FINDING, "finding"}, + {SAMBA_LDAP_DEREF_ALWAYS, "always"}, + {-1, "auto"} +}; + +static const struct enum_list enum_ldap_passwd_sync[] = { + {LDAP_PASSWD_SYNC_OFF, "no"}, + {LDAP_PASSWD_SYNC_OFF, "off"}, + {LDAP_PASSWD_SYNC_ON, "yes"}, + {LDAP_PASSWD_SYNC_ON, "on"}, + {LDAP_PASSWD_SYNC_ONLY, "only"}, + {-1, NULL} +}; + +static const struct enum_list enum_map_readonly[] = { + {MAP_READONLY_NO, "no"}, + {MAP_READONLY_NO, "false"}, + {MAP_READONLY_NO, "0"}, + {MAP_READONLY_YES, "yes"}, + {MAP_READONLY_YES, "true"}, + {MAP_READONLY_YES, "1"}, + {MAP_READONLY_PERMISSIONS, "permissions"}, + {MAP_READONLY_PERMISSIONS, "perms"}, + {-1, NULL} +}; + +static const struct enum_list enum_case[] = { + {CASE_LOWER, "lower"}, + {CASE_UPPER, "upper"}, + {-1, NULL} +}; diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c index d46c48f8f3..803e027cd3 100644 --- a/libgpo/gpo_ldap.c +++ b/libgpo/gpo_ldap.c @@ -21,6 +21,7 @@ #include "libgpo/gpo.h" #include "auth.h" #include "../libcli/security/security.h" +#include "lib/param/loadparm.h" /**************************************************************** parse the raw extension string into a GP_EXT structure diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c index 80f5fa7d3e..a2ba4e3257 100644 --- a/source3/auth/auth_generic.c +++ b/source3/auth/auth_generic.c @@ -31,6 +31,7 @@ #endif #include "librpc/crypto/gse.h" #include "auth/credentials/credentials.h" +#include "lib/param/loadparm.h" static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, TALLOC_CTX *mem_ctx, diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index c4479d40aa..28d934add3 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -33,6 +33,7 @@ #include "../librpc/gen_ndr/ndr_auth.h" #include "../auth/auth_sam_reply.h" #include "../librpc/gen_ndr/idmap.h" +#include "lib/param/loadparm.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c index 0939c70b5a..974a8aa2f8 100644 --- a/source3/auth/user_krb5.c +++ b/source3/auth/user_krb5.c @@ -22,6 +22,7 @@ #include "librpc/gen_ndr/krb5pac.h" #include "nsswitch/libwbclient/wbclient.h" #include "passdb.h" +#include "lib/param/loadparm.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH diff --git a/source3/include/ads.h b/source3/include/ads.h index 3d5fc3aae6..91a0f8162f 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -127,17 +127,6 @@ typedef void **ADS_MODLIST; #define ADS_PINGS 0x0000FFFF /* Ping response */ -/* ads auth control flags */ -#define ADS_AUTH_DISABLE_KERBEROS 0x0001 -#define ADS_AUTH_NO_BIND 0x0002 -#define ADS_AUTH_ANON_BIND 0x0004 -#define ADS_AUTH_SIMPLE_BIND 0x0008 -#define ADS_AUTH_ALLOW_NTLMSSP 0x0010 -#define ADS_AUTH_SASL_SIGN 0x0020 -#define ADS_AUTH_SASL_SEAL 0x0040 -#define ADS_AUTH_SASL_FORCE 0x0080 -#define ADS_AUTH_USER_CREDS 0x0100 - enum ads_extended_dn_flags { ADS_EXTENDED_DN_HEX_STRING = 0, ADS_EXTENDED_DN_STRING = 1 /* not supported on win2k */ diff --git a/source3/include/includes.h b/source3/include/includes.h index 2a117cf227..1b22a5770c 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -404,6 +404,8 @@ typedef char fstring[FSTRING_LEN]; #include "proto.h" #endif +#include "lib/param/loadparm.h" + /* String routines */ #include "srvstr.h" diff --git a/source3/include/printing.h b/source3/include/printing.h index 5d0672cc36..391fb7ae82 100644 --- a/source3/include/printing.h +++ b/source3/include/printing.h @@ -25,6 +25,7 @@ SAMBA printing subsystem. */ #include "tdb_compat.h" +#include "lib/param/loadparm.h" /* Extra fields above "LPQ_PRINTING" are used to map extra NT status codes. */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 16a4e12a77..c396f0ed26 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -633,43 +633,11 @@ http://msdn.microsoft.com/en-us/library/cc246334(PROT.13).aspx #define NO_SUBSTREAMS 0x2 #define NO_REPARSETAG 0x4 -/* printing types */ -enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX, - PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ, - PRINT_CUPS,PRINT_LPRNT,PRINT_LPROS2,PRINT_IPRINT -#if defined(DEVELOPER) || defined(ENABLE_BUILD_FARM_HACKS) -,PRINT_TEST,PRINT_VLP -#endif /* DEVELOPER */ -}; - -/* LDAP SSL options */ -enum ldap_ssl_types {LDAP_SSL_OFF, LDAP_SSL_START_TLS}; - -/* LDAP PASSWD SYNC methods */ -enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY}; - -/* - * This should be under the HAVE_KRB5 flag but since they're used - * in lp_kerberos_method(), they ned to be always available - * If you add any entries to KERBEROS_VERIFY defines, please modify USE.*KEYTAB macros - * so they remain accurate. - */ - -#define KERBEROS_VERIFY_SECRETS 0 -#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1 -#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2 -#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3 - /* Remote architectures we know about. */ enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_WINXP, RA_WIN2K3, RA_VISTA, RA_SAMBA, RA_CIFSFS, RA_WINXP64, RA_OSX}; -/* case handling */ -enum case_handling {CASE_LOWER,CASE_UPPER}; - -/* ACL compatibility */ -enum acl_compatibility {ACL_COMPAT_AUTO, ACL_COMPAT_WINNT, ACL_COMPAT_WIN2K}; /* * Global value meaning that the smb_uid field should be * ingored (in share level security and protocol level == CORE) @@ -867,32 +835,6 @@ struct node_status_extra { /* There really is more here ... */ }; -/* - Do you want session setups at user level security with a invalid - password to be rejected or allowed in as guest? WinNT rejects them - but it can be a pain as it means "net view" needs to use a password - - You have 3 choices in the setting of map_to_guest: - - "NEVER_MAP_TO_GUEST" means session setups with an invalid password - are rejected. This is the default. - - "MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password - are rejected, unless the username does not exist, in which case it - is treated as a guest login - - "MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password - are treated as a guest login - - Note that map_to_guest only has an effect in user or server - level security. -*/ - -#define NEVER_MAP_TO_GUEST 0 -#define MAP_TO_GUEST_ON_BAD_USER 1 -#define MAP_TO_GUEST_ON_BAD_PASSWORD 2 -#define MAP_TO_GUEST_ON_BAD_UID 3 - #define SAFE_NETBIOS_CHARS ". -_" /* The maximum length of a trust account password. @@ -933,9 +875,6 @@ struct ea_list { /* Prefix for xattrs storing streams. */ #define SAMBA_XATTR_MARKER "user.SAMBA_STREAMS" -/* map readonly options */ -enum mapreadonly_options {MAP_READONLY_NO, MAP_READONLY_YES, MAP_READONLY_PERMISSIONS}; - /* usershare error codes. */ enum usershare_err { USERSHARE_OK=0, diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 85a9ac557f..bdd90f0c95 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -26,6 +26,7 @@ #include "smbldap.h" #include "../libcli/security/security.h" #include <tevent.h> +#include "lib/param/loadparm.h" /* Try not to hit the up or down server forever */ diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index 8f4098651d..bfa6652543 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -23,6 +23,7 @@ */ #include "includes.h" +#include "lib/param/loadparm.h" const char toupper_ascii_fast_table[128] = { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, diff --git a/source3/libads/kerberos_util.c b/source3/libads/kerberos_util.c index f252645efd..7d49c02869 100644 --- a/source3/libads/kerberos_util.c +++ b/source3/libads/kerberos_util.c @@ -21,6 +21,7 @@ #include "includes.h" #include "smb_krb5.h" #include "ads.h" +#include "lib/param/loadparm.h" #ifdef HAVE_KRB5 diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 5c77df1ade..640a020a8b 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -29,6 +29,7 @@ #include "../libds/common/flags.h" #include "smbldap.h" #include "../libcli/security/security.h" +#include "lib/param/loadparm.h" #ifdef HAVE_LDAP diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c index 8a4b452b87..88db3a3ab7 100644 --- a/source3/libads/ldap_utils.c +++ b/source3/libads/ldap_utils.c @@ -22,6 +22,7 @@ #include "includes.h" #include "ads.h" +#include "lib/param/loadparm.h" #ifdef HAVE_LDAP diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c index c667aa3637..fd0b63e87d 100644 --- a/source3/libads/ndr.c +++ b/source3/libads/ndr.c @@ -23,6 +23,7 @@ #include "ads.h" #include "../librpc/gen_ndr/ndr_netlogon.h" #include "../librpc/ndr/libndr.h" +#include "lib/param/loadparm.h" static void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r) { diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 42d65b63d4..ee3a693f71 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -24,6 +24,7 @@ #include "ads.h" #include "smb_krb5.h" #include "system/gssapi.h" +#include "lib/param/loadparm.h" #ifdef HAVE_LDAP diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index c549b586cb..c9b2282b51 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -39,6 +39,7 @@ #include "passdb.h" #include "libsmb/libsmb.h" #include "../libcli/smb/smbXcli_base.h" +#include "lib/param/loadparm.h" /**************************************************************** ****************************************************************/ diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c index c1eea7fc70..dbcc520048 100644 --- a/source3/librpc/crypto/gse_krb5.c +++ b/source3/librpc/crypto/gse_krb5.c @@ -21,6 +21,7 @@ #include "smb_krb5.h" #include "secrets.h" #include "gse_krb5.h" +#include "lib/param/loadparm.h" #ifdef HAVE_KRB5 diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 39b780c611..d4e68cb00c 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -26,6 +26,7 @@ #include "libads/sitename_cache.h" #include "ads.h" #include "../librpc/gen_ndr/nbt.h" +#include "lib/param/loadparm.h" /********************************************************************** Is this our primary domain ? diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index a116531ebd..26f81f2eca 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -56,10 +56,10 @@ #include "includes.h" #include "system/filesys.h" #include "util_tdb.h" +#include "lib/param/loadparm.h" #include "printing.h" #include "lib/smbconf/smbconf.h" #include "lib/smbconf/smbconf_init.h" -#include "lib/param/loadparm.h" #include "ads.h" #include "../librpc/gen_ndr/svcctl.h" @@ -97,9 +97,6 @@ extern userdom_struct current_user_info; static bool in_client = false; /* Not in the client by default */ static struct smbconf_csn conf_last_csn; -#define CONFIG_BACKEND_FILE 0 -#define CONFIG_BACKEND_REGISTRY 1 - static int config_backend = CONFIG_BACKEND_FILE; /* some helpful bits */ @@ -326,138 +323,6 @@ static void free_param_opts(struct parmlist_entry **popts); #include "lib/param/param_table.c" -static const struct enum_list enum_printing[] = { - {PRINT_SYSV, "sysv"}, - {PRINT_AIX, "aix"}, - {PRINT_HPUX, "hpux"}, - {PRINT_BSD, "bsd"}, - {PRINT_QNX, "qnx"}, - {PRINT_PLP, "plp"}, - {PRINT_LPRNG, "lprng"}, - {PRINT_CUPS, "cups"}, - {PRINT_IPRINT, "iprint"}, - {PRINT_LPRNT, "nt"}, - {PRINT_LPROS2, "os2"}, -#if defined(DEVELOPER) || defined(ENABLE_BUILD_FARM_HACKS) - {PRINT_TEST, "test"}, - {PRINT_VLP, "vlp"}, -#endif /* DEVELOPER */ - {-1, NULL} -}; - -static const struct enum_list enum_ldap_sasl_wrapping[] = { - {0, "plain"}, - {ADS_AUTH_SASL_SIGN, "sign"}, - {ADS_AUTH_SASL_SEAL, "seal"}, - {-1, NULL} -}; - -static const struct enum_list enum_ldap_ssl[] = { - {LDAP_SSL_OFF, "no"}, - {LDAP_SSL_OFF, "off"}, - {LDAP_SSL_START_TLS, "start tls"}, - {LDAP_SSL_START_TLS, "start_tls"}, - {-1, NULL} -}; - -/* LDAP Dereferencing Alias types */ -#define SAMBA_LDAP_DEREF_NEVER 0 -#define SAMBA_LDAP_DEREF_SEARCHING 1 -#define SAMBA_LDAP_DEREF_FINDING 2 -#define SAMBA_LDAP_DEREF_ALWAYS 3 - -static const struct enum_list enum_ldap_deref[] = { - {SAMBA_LDAP_DEREF_NEVER, "never"}, - {SAMBA_LDAP_DEREF_SEARCHING, "searching"}, - {SAMBA_LDAP_DEREF_FINDING, "finding"}, - {SAMBA_LDAP_DEREF_ALWAYS, "always"}, - {-1, "auto"} -}; - -static const struct enum_list enum_ldap_passwd_sync[] = { - {LDAP_PASSWD_SYNC_OFF, "no"}, - {LDAP_PASSWD_SYNC_OFF, "off"}, - {LDAP_PASSWD_SYNC_ON, "yes"}, - {LDAP_PASSWD_SYNC_ON, "on"}, - {LDAP_PASSWD_SYNC_ONLY, "only"}, - {-1, NULL} -}; - -static const struct enum_list enum_map_readonly[] = { - {MAP_READONLY_NO, "no"}, - {MAP_READONLY_NO, "false"}, - {MAP_READONLY_NO, "0"}, - {MAP_READONLY_YES, "yes"}, - {MAP_READONLY_YES, "true"}, - {MAP_READONLY_YES, "1"}, - {MAP_READONLY_PERMISSIONS, "permissions"}, - {MAP_READONLY_PERMISSIONS, "perms"}, - {-1, NULL} -}; - -static const struct enum_list enum_case[] = { - {CASE_LOWER, "lower"}, - {CASE_UPPER, "upper"}, - {-1, NULL} -}; - - -/* ACL compatibility options. */ -static const struct enum_list enum_acl_compat_vals[] = { - { ACL_COMPAT_AUTO, "auto" }, - { ACL_COMPAT_WINNT, "winnt" }, - { ACL_COMPAT_WIN2K, "win2k" }, - { -1, NULL} -}; - -/* - Do you want session setups at user level security with a invalid - password to be rejected or allowed in as guest? WinNT rejects them - but it can be a pain as it means "net view" needs to use a password - - You have 3 choices in the setting of map_to_guest: - - "Never" means session setups with an invalid password - are rejected. This is the default. - - "Bad User" means session setups with an invalid password - are rejected, unless the username does not exist, in which case it - is treated as a guest login - - "Bad Password" means session setups with an invalid password - are treated as a guest login - - Note that map_to_guest only has an effect in user or server - level security. -*/ - -static const struct enum_list enum_map_to_guest[] = { - {NEVER_MAP_TO_GUEST, "Never"}, - {MAP_TO_GUEST_ON_BAD_USER, "Bad User"}, - {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"}, - {MAP_TO_GUEST_ON_BAD_UID, "Bad Uid"}, - {-1, NULL} -}; - -/* Config backend options */ - -static const struct enum_list enum_config_backend[] = { - {CONFIG_BACKEND_FILE, "file"}, - {CONFIG_BACKEND_REGISTRY, "registry"}, - {-1, NULL} -}; - -/* ADS kerberos ticket verification options */ - -static const struct enum_list enum_kerberos_method[] = { - {KERBEROS_VERIFY_SECRETS, "default"}, - {KERBEROS_VERIFY_SECRETS, "secrets only"}, - {KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"}, - {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"}, - {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"}, - {-1, NULL} -}; - /* Note: We do not initialise the defaults union - it is not allowed in ANSI C * * The FLAG_HIDE is explicit. Parameters set this way do NOT appear in any edit diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index e4dcbc370c..302717eb55 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -52,6 +52,7 @@ #include "../lib/util/util_pw.h" #include "lib/winbind_util.h" #include "librpc/gen_ndr/idmap.h" +#include "lib/param/loadparm.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 836ffd0de5..ad04a6515b 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -23,6 +23,7 @@ #include "librpc/gen_ndr/ndr_xattr.h" #include "../libcli/security/security.h" #include "smbd/smbd.h" +#include "lib/param/loadparm.h" static uint32_t filter_mode_by_protocol(uint32_t mode) { diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c index 8b1b6bf915..056879c876 100644 --- a/source3/smbd/mangle_hash.c +++ b/source3/smbd/mangle_hash.c @@ -26,6 +26,7 @@ #include "smbd/globals.h" #include "mangle.h" #include "util_tdb.h" +#include "lib/param/loadparm.h" /* -------------------------------------------------------------------------- ** * Other stuff... diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 9753bfeb61..59f8e0cd44 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -27,6 +27,7 @@ #include "passdb/lookup_sid.h" #include "auth.h" #include "../librpc/gen_ndr/idmap.h" +#include "lib/param/loadparm.h" extern const struct generic_mapping file_generic_mapping; diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 998ccb8c3b..a4f1588e51 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -37,6 +37,7 @@ #include "krb5_env.h" #include "../libcli/security/security.h" #include "libsmb/libsmb.h" +#include "lib/param/loadparm.h" #ifdef HAVE_ADS diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index afb51e9356..103a1f6d16 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -45,6 +45,7 @@ #include "source3/include/auth.h" #include "source3/auth/proto.h" #include "nsswitch/libwbclient/wbclient.h" +#include "lib/param/loadparm.h" #if HAVE_KRB5 #include "auth/kerberos/pac_utils.h" diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 1651b1bd0e..5a602422ae 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -78,6 +78,7 @@ #include "messages.h" #include "auth/gensec/gensec.h" #include "../libcli/smb/smbXcli_base.h" +#include "lib/param/loadparm.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index 0e9bea123e..60b15e3fe4 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -36,6 +36,7 @@ #include "system/select.h" #include "messages.h" #include "../lib/util/tevent_unix.h" +#include "lib/param/loadparm.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND |