summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/param/loadparm.c27
-rw-r--r--lib/param/loadparm_server_role.c143
-rw-r--r--lib/param/loadparm_server_role.h31
-rw-r--r--lib/param/wscript_build7
4 files changed, 201 insertions, 7 deletions
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 44d219a9e4..aaff5bc5bc 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -65,6 +65,7 @@
#include "s3_param.h"
#include "lib/util/bitmap.h"
#include "libcli/smb/smb_constants.h"
+#include "lib/param/loadparm_server_role.h"
#define standard_sub_basic talloc_strdup
@@ -81,6 +82,10 @@ static bool defaults_saved = false;
char *tls_dhpfile; \
char *loglevel; \
char *panic_action; \
+ int server_role; \
+ int security; \
+ int domain_master; \
+ bool domain_logons; \
int bPreferredMaster;
#include "param_global.h"
@@ -113,8 +118,10 @@ static const struct enum_list enum_protocol[] = {
};
static const struct enum_list enum_security[] = {
+ {SEC_AUTO, "AUTO"},
{SEC_SHARE, "SHARE"},
{SEC_USER, "USER"},
+ {SEC_DOMAIN, "DOMAIN"},
{SEC_ADS, "ADS"},
{-1, NULL}
};
@@ -1484,9 +1491,6 @@ static struct loadparm_context *global_loadparm_context;
#include "lib/param/param_functions.c"
-FN_GLOBAL_INTEGER(server_role, server_role)
-static FN_GLOBAL_BOOL(domain_logons, domain_logons)
-FN_GLOBAL_INTEGER(domain_master, domain_master)
FN_GLOBAL_LIST(smb_ports, smb_ports)
FN_GLOBAL_INTEGER(nbt_port, nbt_port)
FN_GLOBAL_INTEGER(dgram_port, dgram_port)
@@ -1570,7 +1574,6 @@ FN_GLOBAL_INTEGER(srv_maxprotocol, srv_maxprotocol)
FN_GLOBAL_INTEGER(srv_minprotocol, srv_minprotocol)
FN_GLOBAL_INTEGER(cli_maxprotocol, cli_maxprotocol)
FN_GLOBAL_INTEGER(cli_minprotocol, cli_minprotocol)
-FN_GLOBAL_INTEGER(security, security)
FN_GLOBAL_BOOL(paranoid_server_security, paranoid_server_security)
FN_GLOBAL_INTEGER(server_signing, server_signing)
@@ -3306,7 +3309,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "share backend", "classic");
- lpcfg_do_global_parameter(lp_ctx, "server role", "standalone");
+ lpcfg_do_global_parameter(lp_ctx, "server role", "auto");
lpcfg_do_global_parameter(lp_ctx, "domain logons", "No");
lpcfg_do_global_parameter(lp_ctx, "domain master", "Auto");
@@ -3370,7 +3373,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "server max protocol", "NT1");
lpcfg_do_global_parameter(lp_ctx, "client min protocol", "CORE");
lpcfg_do_global_parameter(lp_ctx, "client max protocol", "NT1");
- lpcfg_do_global_parameter(lp_ctx, "security", "USER");
+ lpcfg_do_global_parameter(lp_ctx, "security", "AUTO");
lpcfg_do_global_parameter(lp_ctx, "paranoid server security", "True");
lpcfg_do_global_parameter(lp_ctx, "EncryptPasswords", "True");
lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True");
@@ -3799,3 +3802,15 @@ struct gensec_settings *lpcfg_gensec_settings(TALLOC_CTX *mem_ctx, struct loadpa
return settings;
}
+int lpcfg_server_role(struct loadparm_context *lp_ctx)
+{
+ if (lp_ctx->s3_fns) {
+ return lp_ctx->s3_fns->server_role();
+ }
+
+ return lp_find_server_role(lp_ctx->globals->server_role,
+ lp_ctx->globals->security,
+ lp_ctx->globals->domain_logons,
+ (lp_ctx->globals->domain_master == true) ||
+ (lp_ctx->globals->domain_master == Auto));
+}
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c
new file mode 100644
index 0000000000..1abe9b9ddc
--- /dev/null
+++ b/lib/param/loadparm_server_role.c
@@ -0,0 +1,143 @@
+/*
+ Unix SMB/CIFS implementation.
+ Parameter loading functions
+ Copyright (C) Karl Auer 1993-1998
+
+ Largely re-written by Andrew Tridgell, September 1994
+
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Alexander Bokovoy 2002
+ Copyright (C) Stefan (metze) Metzmacher 2002
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ Copyright (C) Michael Adam 2008
+ Copyright (C) Andrew Bartlett 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "includes.h"
+#include "lib/param/loadparm_server_role.h"
+#include "libds/common/roles.h"
+
+/*******************************************************************
+ Set the server type we will announce as via nmbd.
+********************************************************************/
+
+static const struct srv_role_tab {
+ uint32_t role;
+ const char *role_str;
+} srv_role_tab [] = {
+ { ROLE_STANDALONE, "ROLE_STANDALONE" },
+ { ROLE_DOMAIN_MEMBER, "ROLE_DOMAIN_MEMBER" },
+ { ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" },
+ { ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" },
+ { 0, NULL }
+};
+
+const char* server_role_str(uint32_t role)
+{
+ int i = 0;
+ for (i=0; srv_role_tab[i].role_str; i++) {
+ if (role == srv_role_tab[i].role) {
+ return srv_role_tab[i].role_str;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * Set the server role based on security, domain logons and domain master
+ */
+int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master)
+{
+ int role;
+
+ if (server_role != ROLE_AUTO) {
+ return server_role;
+ }
+
+ /* If server_role is set to ROLE_AUTO, figure out the correct role */
+ role = ROLE_STANDALONE;
+
+ switch (security) {
+ case SEC_SHARE:
+ if (domain_logons) {
+ DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
+ }
+ break;
+ case SEC_SERVER:
+ if (domain_logons) {
+ DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
+ }
+ /* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */
+ role = ROLE_STANDALONE;
+ break;
+ case SEC_DOMAIN:
+ if (domain_logons) {
+ DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
+ role = ROLE_DOMAIN_BDC;
+ break;
+ }
+ role = ROLE_DOMAIN_MEMBER;
+ break;
+ case SEC_ADS:
+ if (domain_logons) {
+ role = ROLE_DOMAIN_CONTROLLER;
+ break;
+ }
+ role = ROLE_DOMAIN_MEMBER;
+ break;
+ case SEC_AUTO:
+ case SEC_USER:
+ if (domain_logons) {
+
+ if (domain_master) {
+ role = ROLE_DOMAIN_PDC;
+ } else {
+ role = ROLE_DOMAIN_BDC;
+ }
+ }
+ break;
+ default:
+ DEBUG(0, ("Server's Role undefined due to unknown security mode\n"));
+ break;
+ }
+
+ return role;
+}
+
+/**
+ * Set the server role based on security, domain logons and domain master
+ */
+int lp_find_security(int server_role, int security)
+{
+ if (security != SEC_AUTO) {
+ return security;
+ }
+
+ switch (server_role) {
+ case ROLE_AUTO:
+ case ROLE_STANDALONE:
+ return SEC_USER;
+ case ROLE_DOMAIN_MEMBER:
+#if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4)
+ return SEC_ADS;
+#else
+ return SEC_DOMAIN;
+#endif
+ case ROLE_DOMAIN_PDC:
+ case ROLE_DOMAIN_BDC:
+ default:
+ return SEC_USER;
+ }
+}
diff --git a/lib/param/loadparm_server_role.h b/lib/param/loadparm_server_role.h
new file mode 100644
index 0000000000..2c82527573
--- /dev/null
+++ b/lib/param/loadparm_server_role.h
@@ -0,0 +1,31 @@
+/*
+ Unix SMB/CIFS implementation.
+ Parameter loading functions
+ Copyright (C) Karl Auer 1993-1998
+
+ Largely re-written by Andrew Tridgell, September 1994
+
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Alexander Bokovoy 2002
+ Copyright (C) Stefan (metze) Metzmacher 2002
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ Copyright (C) Michael Adam 2008
+ Copyright (C) Andrew Bartlett 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+const char* server_role_str(uint32_t role);
+int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master);
+int lp_find_security(int server_role, int security);
diff --git a/lib/param/wscript_build b/lib/param/wscript_build
index f61e822037..13b7709abf 100644
--- a/lib/param/wscript_build
+++ b/lib/param/wscript_build
@@ -16,11 +16,16 @@ bld.SAMBA_GENERATOR('param_global_h',
target='param_global.h',
rule='${PERL} ${SRC[1].abspath(env)} ${SRC[0].abspath(env)} --file ${TGT} --generate-scope=GLOBAL')
+bld.SAMBA_LIBRARY('server-role',
+ source='loadparm_server_role.c',
+ deps='samba-util',
+ private_library=True)
+
bld.SAMBA_LIBRARY('samba-hostconfig',
source='loadparm.c generic.c util.c',
pc_files='samba-hostconfig.pc',
vnum='0.0.1',
- deps='DYNCONFIG',
+ deps='DYNCONFIG server-role',
public_deps='samba-util param_local_h',
public_headers='param.h',
autoproto='param_proto.h',