summaryrefslogtreecommitdiff
path: root/lib/param
diff options
context:
space:
mode:
Diffstat (limited to 'lib/param')
-rw-r--r--lib/param/loadparm.h85
-rw-r--r--lib/param/param_table.c134
2 files changed, 219 insertions, 0 deletions
diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h
index 34881dd97b..eb9c76817f 100644
--- a/lib/param/loadparm.h
+++ b/lib/param/loadparm.h
@@ -27,6 +27,9 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#ifndef _LOADPARM_H
+#define _LOADPARM_H
+
#include "../lib/util/parmlist.h"
/* the following are used by loadparm for option lists */
@@ -105,6 +108,86 @@ struct parm_struct {
#define DEFAULT_WORKGROUP "WORKGROUP"
#endif
+/* types of configuration backends for loadparm */
+#define CONFIG_BACKEND_FILE 0
+#define CONFIG_BACKEND_REGISTRY 1
+
+/*
+ Do you want session setups at user level security with a invalid
+ password to be rejected or allowed in as guest? WinNT rejects them
+ but it can be a pain as it means "net view" needs to use a password
+
+ You have 3 choices in the setting of map_to_guest:
+
+ "NEVER_MAP_TO_GUEST" means session setups with an invalid password
+ are rejected. This is the default.
+
+ "MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password
+ are rejected, unless the username does not exist, in which case it
+ is treated as a guest login
+
+ "MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password
+ are treated as a guest login
+
+ Note that map_to_guest only has an effect in user or server
+ level security.
+*/
+
+#define NEVER_MAP_TO_GUEST 0
+#define MAP_TO_GUEST_ON_BAD_USER 1
+#define MAP_TO_GUEST_ON_BAD_PASSWORD 2
+#define MAP_TO_GUEST_ON_BAD_UID 3
+
+/*
+ * This should be under the HAVE_KRB5 flag but since they're used
+ * in lp_kerberos_method(), they ned to be always available
+ * If you add any entries to KERBEROS_VERIFY defines, please modify USE.*KEYTAB macros
+ * so they remain accurate.
+ */
+
+#define KERBEROS_VERIFY_SECRETS 0
+#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1
+#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2
+#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3
+
+/* ACL compatibility */
+enum acl_compatibility {ACL_COMPAT_AUTO, ACL_COMPAT_WINNT, ACL_COMPAT_WIN2K};
+
+/* printing types */
+enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
+ PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ,
+ PRINT_CUPS,PRINT_LPRNT,PRINT_LPROS2,PRINT_IPRINT
+#if defined(DEVELOPER) || defined(ENABLE_BUILD_FARM_HACKS)
+,PRINT_TEST,PRINT_VLP
+#endif /* DEVELOPER */
+};
+
+
+
+
+/* ads auth control flags */
+#define ADS_AUTH_DISABLE_KERBEROS 0x0001
+#define ADS_AUTH_NO_BIND 0x0002
+#define ADS_AUTH_ANON_BIND 0x0004
+#define ADS_AUTH_SIMPLE_BIND 0x0008
+#define ADS_AUTH_ALLOW_NTLMSSP 0x0010
+#define ADS_AUTH_SASL_SIGN 0x0020
+#define ADS_AUTH_SASL_SEAL 0x0040
+#define ADS_AUTH_SASL_FORCE 0x0080
+#define ADS_AUTH_USER_CREDS 0x0100
+
+/* LDAP SSL options */
+enum ldap_ssl_types {LDAP_SSL_OFF, LDAP_SSL_START_TLS};
+
+/* LDAP PASSWD SYNC methods */
+enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY};
+
+/* map readonly options */
+enum mapreadonly_options {MAP_READONLY_NO, MAP_READONLY_YES, MAP_READONLY_PERMISSIONS};
+
+/* case handling */
+enum case_handling {CASE_LOWER,CASE_UPPER};
+
/*
* Default passwd chat script.
*/
@@ -137,3 +220,5 @@ const char* server_role_str(uint32_t role);
int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master);
int lp_find_security(int server_role, int security);
bool lp_is_security_and_server_role_valid(int server_role, int security);
+
+#endif /* _LOADPARM_H */
diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index 922b147871..9aa0d713a5 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -118,3 +118,137 @@ static const struct enum_list enum_dns_update_settings[] = {
{DNS_UPDATE_SIGNED, "signed"},
{-1, NULL}
};
+
+/*
+ Do you want session setups at user level security with a invalid
+ password to be rejected or allowed in as guest? WinNT rejects them
+ but it can be a pain as it means "net view" needs to use a password
+
+ You have 3 choices in the setting of map_to_guest:
+
+ "Never" means session setups with an invalid password
+ are rejected. This is the default.
+
+ "Bad User" means session setups with an invalid password
+ are rejected, unless the username does not exist, in which case it
+ is treated as a guest login
+
+ "Bad Password" means session setups with an invalid password
+ are treated as a guest login
+
+ Note that map_to_guest only has an effect in user or server
+ level security.
+*/
+
+static const struct enum_list enum_map_to_guest[] = {
+ {NEVER_MAP_TO_GUEST, "Never"},
+ {MAP_TO_GUEST_ON_BAD_USER, "Bad User"},
+ {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"},
+ {MAP_TO_GUEST_ON_BAD_UID, "Bad Uid"},
+ {-1, NULL}
+};
+
+/* Config backend options */
+
+static const struct enum_list enum_config_backend[] = {
+ {CONFIG_BACKEND_FILE, "file"},
+ {CONFIG_BACKEND_REGISTRY, "registry"},
+ {-1, NULL}
+};
+
+
+/* ADS kerberos ticket verification options */
+
+static const struct enum_list enum_kerberos_method[] = {
+ {KERBEROS_VERIFY_SECRETS, "default"},
+ {KERBEROS_VERIFY_SECRETS, "secrets only"},
+ {KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"},
+ {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"},
+ {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"},
+ {-1, NULL}
+};
+
+
+/* ACL compatibility options. */
+static const struct enum_list enum_acl_compat_vals[] = {
+ { ACL_COMPAT_AUTO, "auto" },
+ { ACL_COMPAT_WINNT, "winnt" },
+ { ACL_COMPAT_WIN2K, "win2k" },
+ { -1, NULL}
+};
+
+
+static const struct enum_list enum_printing[] = {
+ {PRINT_SYSV, "sysv"},
+ {PRINT_AIX, "aix"},
+ {PRINT_HPUX, "hpux"},
+ {PRINT_BSD, "bsd"},
+ {PRINT_QNX, "qnx"},
+ {PRINT_PLP, "plp"},
+ {PRINT_LPRNG, "lprng"},
+ {PRINT_CUPS, "cups"},
+ {PRINT_IPRINT, "iprint"},
+ {PRINT_LPRNT, "nt"},
+ {PRINT_LPROS2, "os2"},
+#if defined(DEVELOPER) || defined(ENABLE_BUILD_FARM_HACKS)
+ {PRINT_TEST, "test"},
+ {PRINT_VLP, "vlp"},
+#endif /* DEVELOPER */
+ {-1, NULL}
+};
+
+static const struct enum_list enum_ldap_sasl_wrapping[] = {
+ {0, "plain"},
+ {ADS_AUTH_SASL_SIGN, "sign"},
+ {ADS_AUTH_SASL_SEAL, "seal"},
+ {-1, NULL}
+};
+
+static const struct enum_list enum_ldap_ssl[] = {
+ {LDAP_SSL_OFF, "no"},
+ {LDAP_SSL_OFF, "off"},
+ {LDAP_SSL_START_TLS, "start tls"},
+ {LDAP_SSL_START_TLS, "start_tls"},
+ {-1, NULL}
+};
+
+/* LDAP Dereferencing Alias types */
+#define SAMBA_LDAP_DEREF_NEVER 0
+#define SAMBA_LDAP_DEREF_SEARCHING 1
+#define SAMBA_LDAP_DEREF_FINDING 2
+#define SAMBA_LDAP_DEREF_ALWAYS 3
+
+static const struct enum_list enum_ldap_deref[] = {
+ {SAMBA_LDAP_DEREF_NEVER, "never"},
+ {SAMBA_LDAP_DEREF_SEARCHING, "searching"},
+ {SAMBA_LDAP_DEREF_FINDING, "finding"},
+ {SAMBA_LDAP_DEREF_ALWAYS, "always"},
+ {-1, "auto"}
+};
+
+static const struct enum_list enum_ldap_passwd_sync[] = {
+ {LDAP_PASSWD_SYNC_OFF, "no"},
+ {LDAP_PASSWD_SYNC_OFF, "off"},
+ {LDAP_PASSWD_SYNC_ON, "yes"},
+ {LDAP_PASSWD_SYNC_ON, "on"},
+ {LDAP_PASSWD_SYNC_ONLY, "only"},
+ {-1, NULL}
+};
+
+static const struct enum_list enum_map_readonly[] = {
+ {MAP_READONLY_NO, "no"},
+ {MAP_READONLY_NO, "false"},
+ {MAP_READONLY_NO, "0"},
+ {MAP_READONLY_YES, "yes"},
+ {MAP_READONLY_YES, "true"},
+ {MAP_READONLY_YES, "1"},
+ {MAP_READONLY_PERMISSIONS, "permissions"},
+ {MAP_READONLY_PERMISSIONS, "perms"},
+ {-1, NULL}
+};
+
+static const struct enum_list enum_case[] = {
+ {CASE_LOWER, "lower"},
+ {CASE_UPPER, "upper"},
+ {-1, NULL}
+};