diff options
Diffstat (limited to 'lib/param')
-rw-r--r-- | lib/param/loadparm.h | 85 | ||||
-rw-r--r-- | lib/param/param_table.c | 134 |
2 files changed, 219 insertions, 0 deletions
diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h index 34881dd97b..eb9c76817f 100644 --- a/lib/param/loadparm.h +++ b/lib/param/loadparm.h @@ -27,6 +27,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#ifndef _LOADPARM_H +#define _LOADPARM_H + #include "../lib/util/parmlist.h" /* the following are used by loadparm for option lists */ @@ -105,6 +108,86 @@ struct parm_struct { #define DEFAULT_WORKGROUP "WORKGROUP" #endif +/* types of configuration backends for loadparm */ +#define CONFIG_BACKEND_FILE 0 +#define CONFIG_BACKEND_REGISTRY 1 + +/* + Do you want session setups at user level security with a invalid + password to be rejected or allowed in as guest? WinNT rejects them + but it can be a pain as it means "net view" needs to use a password + + You have 3 choices in the setting of map_to_guest: + + "NEVER_MAP_TO_GUEST" means session setups with an invalid password + are rejected. This is the default. + + "MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password + are rejected, unless the username does not exist, in which case it + is treated as a guest login + + "MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password + are treated as a guest login + + Note that map_to_guest only has an effect in user or server + level security. +*/ + +#define NEVER_MAP_TO_GUEST 0 +#define MAP_TO_GUEST_ON_BAD_USER 1 +#define MAP_TO_GUEST_ON_BAD_PASSWORD 2 +#define MAP_TO_GUEST_ON_BAD_UID 3 + +/* + * This should be under the HAVE_KRB5 flag but since they're used + * in lp_kerberos_method(), they ned to be always available + * If you add any entries to KERBEROS_VERIFY defines, please modify USE.*KEYTAB macros + * so they remain accurate. + */ + +#define KERBEROS_VERIFY_SECRETS 0 +#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1 +#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2 +#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3 + +/* ACL compatibility */ +enum acl_compatibility {ACL_COMPAT_AUTO, ACL_COMPAT_WINNT, ACL_COMPAT_WIN2K}; + +/* printing types */ +enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX, + PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ, + PRINT_CUPS,PRINT_LPRNT,PRINT_LPROS2,PRINT_IPRINT +#if defined(DEVELOPER) || defined(ENABLE_BUILD_FARM_HACKS) +,PRINT_TEST,PRINT_VLP +#endif /* DEVELOPER */ +}; + + + + +/* ads auth control flags */ +#define ADS_AUTH_DISABLE_KERBEROS 0x0001 +#define ADS_AUTH_NO_BIND 0x0002 +#define ADS_AUTH_ANON_BIND 0x0004 +#define ADS_AUTH_SIMPLE_BIND 0x0008 +#define ADS_AUTH_ALLOW_NTLMSSP 0x0010 +#define ADS_AUTH_SASL_SIGN 0x0020 +#define ADS_AUTH_SASL_SEAL 0x0040 +#define ADS_AUTH_SASL_FORCE 0x0080 +#define ADS_AUTH_USER_CREDS 0x0100 + +/* LDAP SSL options */ +enum ldap_ssl_types {LDAP_SSL_OFF, LDAP_SSL_START_TLS}; + +/* LDAP PASSWD SYNC methods */ +enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY}; + +/* map readonly options */ +enum mapreadonly_options {MAP_READONLY_NO, MAP_READONLY_YES, MAP_READONLY_PERMISSIONS}; + +/* case handling */ +enum case_handling {CASE_LOWER,CASE_UPPER}; + /* * Default passwd chat script. */ @@ -137,3 +220,5 @@ const char* server_role_str(uint32_t role); int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master); int lp_find_security(int server_role, int security); bool lp_is_security_and_server_role_valid(int server_role, int security); + +#endif /* _LOADPARM_H */ diff --git a/lib/param/param_table.c b/lib/param/param_table.c index 922b147871..9aa0d713a5 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -118,3 +118,137 @@ static const struct enum_list enum_dns_update_settings[] = { {DNS_UPDATE_SIGNED, "signed"}, {-1, NULL} }; + +/* + Do you want session setups at user level security with a invalid + password to be rejected or allowed in as guest? WinNT rejects them + but it can be a pain as it means "net view" needs to use a password + + You have 3 choices in the setting of map_to_guest: + + "Never" means session setups with an invalid password + are rejected. This is the default. + + "Bad User" means session setups with an invalid password + are rejected, unless the username does not exist, in which case it + is treated as a guest login + + "Bad Password" means session setups with an invalid password + are treated as a guest login + + Note that map_to_guest only has an effect in user or server + level security. +*/ + +static const struct enum_list enum_map_to_guest[] = { + {NEVER_MAP_TO_GUEST, "Never"}, + {MAP_TO_GUEST_ON_BAD_USER, "Bad User"}, + {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"}, + {MAP_TO_GUEST_ON_BAD_UID, "Bad Uid"}, + {-1, NULL} +}; + +/* Config backend options */ + +static const struct enum_list enum_config_backend[] = { + {CONFIG_BACKEND_FILE, "file"}, + {CONFIG_BACKEND_REGISTRY, "registry"}, + {-1, NULL} +}; + + +/* ADS kerberos ticket verification options */ + +static const struct enum_list enum_kerberos_method[] = { + {KERBEROS_VERIFY_SECRETS, "default"}, + {KERBEROS_VERIFY_SECRETS, "secrets only"}, + {KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"}, + {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"}, + {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"}, + {-1, NULL} +}; + + +/* ACL compatibility options. */ +static const struct enum_list enum_acl_compat_vals[] = { + { ACL_COMPAT_AUTO, "auto" }, + { ACL_COMPAT_WINNT, "winnt" }, + { ACL_COMPAT_WIN2K, "win2k" }, + { -1, NULL} +}; + + +static const struct enum_list enum_printing[] = { + {PRINT_SYSV, "sysv"}, + {PRINT_AIX, "aix"}, + {PRINT_HPUX, "hpux"}, + {PRINT_BSD, "bsd"}, + {PRINT_QNX, "qnx"}, + {PRINT_PLP, "plp"}, + {PRINT_LPRNG, "lprng"}, + {PRINT_CUPS, "cups"}, + {PRINT_IPRINT, "iprint"}, + {PRINT_LPRNT, "nt"}, + {PRINT_LPROS2, "os2"}, +#if defined(DEVELOPER) || defined(ENABLE_BUILD_FARM_HACKS) + {PRINT_TEST, "test"}, + {PRINT_VLP, "vlp"}, +#endif /* DEVELOPER */ + {-1, NULL} +}; + +static const struct enum_list enum_ldap_sasl_wrapping[] = { + {0, "plain"}, + {ADS_AUTH_SASL_SIGN, "sign"}, + {ADS_AUTH_SASL_SEAL, "seal"}, + {-1, NULL} +}; + +static const struct enum_list enum_ldap_ssl[] = { + {LDAP_SSL_OFF, "no"}, + {LDAP_SSL_OFF, "off"}, + {LDAP_SSL_START_TLS, "start tls"}, + {LDAP_SSL_START_TLS, "start_tls"}, + {-1, NULL} +}; + +/* LDAP Dereferencing Alias types */ +#define SAMBA_LDAP_DEREF_NEVER 0 +#define SAMBA_LDAP_DEREF_SEARCHING 1 +#define SAMBA_LDAP_DEREF_FINDING 2 +#define SAMBA_LDAP_DEREF_ALWAYS 3 + +static const struct enum_list enum_ldap_deref[] = { + {SAMBA_LDAP_DEREF_NEVER, "never"}, + {SAMBA_LDAP_DEREF_SEARCHING, "searching"}, + {SAMBA_LDAP_DEREF_FINDING, "finding"}, + {SAMBA_LDAP_DEREF_ALWAYS, "always"}, + {-1, "auto"} +}; + +static const struct enum_list enum_ldap_passwd_sync[] = { + {LDAP_PASSWD_SYNC_OFF, "no"}, + {LDAP_PASSWD_SYNC_OFF, "off"}, + {LDAP_PASSWD_SYNC_ON, "yes"}, + {LDAP_PASSWD_SYNC_ON, "on"}, + {LDAP_PASSWD_SYNC_ONLY, "only"}, + {-1, NULL} +}; + +static const struct enum_list enum_map_readonly[] = { + {MAP_READONLY_NO, "no"}, + {MAP_READONLY_NO, "false"}, + {MAP_READONLY_NO, "0"}, + {MAP_READONLY_YES, "yes"}, + {MAP_READONLY_YES, "true"}, + {MAP_READONLY_YES, "1"}, + {MAP_READONLY_PERMISSIONS, "permissions"}, + {MAP_READONLY_PERMISSIONS, "perms"}, + {-1, NULL} +}; + +static const struct enum_list enum_case[] = { + {CASE_LOWER, "lower"}, + {CASE_UPPER, "upper"}, + {-1, NULL} +}; |