From 081a010f8cadd5a739f432a3f9c6cdcddd0239a8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 27 Jul 2012 10:15:10 +1000 Subject: lib/param: Merge "Security Options" section from source3/param This will make the merge of the whole table smoother. Based on an earlier patch Pair-Programmed-With: Andrew Tridgell Andrew Bartlett --- lib/param/loadparm.c | 613 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 589 insertions(+), 24 deletions(-) diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 3a12783b8a..9ecd7cc3aa 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -260,14 +260,8 @@ static struct parm_struct parm_table[] = { .enum_list = NULL, .flags = FLAG_ADVANCED | FLAG_WIZARD, }, - { - .label = "passdb backend", - .type = P_STRING, - .p_class = P_GLOBAL, - .offset = GLOBAL_VAR(passdb_backend), - .special = NULL, - .enum_list = NULL - }, + + {N_("Security Options"), P_SEP, P_SEPARATOR}, { .label = "security", @@ -275,7 +269,17 @@ static struct parm_struct parm_table[] = { .p_class = P_GLOBAL, .offset = GLOBAL_VAR(security), .special = NULL, - .enum_list = enum_security + .enum_list = enum_security, + .flags = FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD, + }, + { + .label = "auth methods", + .type = P_LIST, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(AuthMethods), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, }, { .label = "encrypt passwords", @@ -283,7 +287,44 @@ static struct parm_struct parm_table[] = { .p_class = P_GLOBAL, .offset = GLOBAL_VAR(bEncryptPasswords), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD, + }, + { + .label = "client schannel", + .type = P_ENUM, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(clientSchannel), + .special = NULL, + .enum_list = enum_bool_auto, + .flags = FLAG_BASIC | FLAG_ADVANCED, + }, + { + .label = "server schannel", + .type = P_ENUM, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(serverSchannel), + .special = NULL, + .enum_list = enum_bool_auto, + .flags = FLAG_BASIC | FLAG_ADVANCED, + }, + { + .label = "allow trusted domains", + .type = P_BOOL, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(bAllowTrustedDomains), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "map to guest", + .type = P_ENUM, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(map_to_guest), + .special = NULL, + .enum_list = enum_map_to_guest, + .flags = FLAG_ADVANCED, }, { .label = "null passwords", @@ -309,7 +350,17 @@ static struct parm_struct parm_table[] = { .p_class = P_GLOBAL, .offset = GLOBAL_VAR(szPasswordServer), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_WIZARD, + }, + { + .label = "smb passwd file", + .type = P_STRING, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(szSMBPasswdFile), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, }, { .label = "private dir", @@ -317,7 +368,99 @@ static struct parm_struct parm_table[] = { .p_class = P_GLOBAL, .offset = GLOBAL_VAR(szPrivateDir), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "private directory", + .type = P_STRING, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(szPrivateDir), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, + }, + { + .label = "passdb backend", + .type = P_STRING, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(passdb_backend), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_WIZARD, + }, + { + .label = "algorithmic rid base", + .type = P_INTEGER, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(AlgorithmicRidBase), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "root directory", + .type = P_STRING, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(szRootdir), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "root dir", + .type = P_STRING, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(szRootdir), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, + }, + { + .label = "root", + .type = P_STRING, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(szRootdir), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, + }, + { + .label = "guest account", + .type = P_STRING, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(szGuestaccount), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_BASIC | FLAG_ADVANCED, + }, + { + .label = "enable privileges", + .type = P_BOOL, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(bEnablePrivileges), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_DEPRECATED, + }, + + { + .label = "pam password change", + .type = P_BOOL, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(bPamPasswordChange), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "passwd program", + .type = P_STRING, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(szPasswdProgram), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, }, { .label = "passwd chat", @@ -325,7 +468,44 @@ static struct parm_struct parm_table[] = { .p_class = P_GLOBAL, .offset = GLOBAL_VAR(szPasswdChat), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "passwd chat debug", + .type = P_BOOL, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(bPasswdChatDebug), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "passwd chat timeout", + .type = P_INTEGER, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(iPasswdChatTimeout), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "check password script", + .type = P_STRING, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(szCheckPasswordScript), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "username map", + .type = P_STRING, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(szUsernameMap), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, }, { .label = "password level", @@ -333,7 +513,35 @@ static struct parm_struct parm_table[] = { .p_class = P_GLOBAL, .offset = GLOBAL_VAR(pwordlevel), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_DEPRECATED, + }, + { + .label = "username level", + .type = P_INTEGER, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(unamelevel), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "unix password sync", + .type = P_BOOL, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(bUnixPasswdSync), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "restrict anonymous", + .type = P_INTEGER, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(restrict_anonymous), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, }, { .label = "lanman auth", @@ -386,25 +594,188 @@ static struct parm_struct parm_table[] = { .p_class = P_GLOBAL, .offset = GLOBAL_VAR(client_use_spnego_principal), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "username", + .type = P_STRING, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(szUsername), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE | FLAG_DEPRECATED, + }, + { + .label = "user", + .type = P_STRING, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(szUsername), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, + }, + { + .label = "users", + .type = P_STRING, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(szUsername), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, + }, + { + .label = "invalid users", + .type = P_LIST, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(szInvalidUsers), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "valid users", + .type = P_LIST, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(szValidUsers), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "admin users", + .type = P_LIST, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(szAdminUsers), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "read list", + .type = P_LIST, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(readlist), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "write list", + .type = P_LIST, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(writelist), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "force user", + .type = P_STRING, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(force_user), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_SHARE, + }, + { + .label = "force group", + .type = P_STRING, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(force_group), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_SHARE, + }, + { + .label = "group", + .type = P_STRING, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(force_group), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, }, - { .label = "read only", .type = P_BOOL, .p_class = P_LOCAL, .offset = LOCAL_VAR(bRead_only), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE, + }, + { + .label = "write ok", + .type = P_BOOLREV, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bRead_only), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, + }, + { + .label = "writeable", + .type = P_BOOLREV, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bRead_only), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, + }, + { + .label = "writable", + .type = P_BOOLREV, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bRead_only), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, + }, + { + .label = "acl check permissions", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bAclCheckPermissions), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE | FLAG_DEPRECATED, + }, + { + .label = "acl group control", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bAclGroupControl), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "acl map full control", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bAclMapFullControl), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, }, - { .label = "create mask", .type = P_OCTAL, .p_class = P_LOCAL, .offset = LOCAL_VAR(iCreate_mask), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "create mode", + .type = P_OCTAL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(iCreate_mask), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, }, { .label = "force create mode", @@ -412,7 +783,26 @@ static struct parm_struct parm_table[] = { .p_class = P_LOCAL, .offset = LOCAL_VAR(iCreate_force_mode), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "security mask", + .type = P_OCTAL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(iSecurity_mask), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "force security mode", + .type = P_OCTAL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(iSecurity_force_mode), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, }, { .label = "directory mask", @@ -420,7 +810,17 @@ static struct parm_struct parm_table[] = { .p_class = P_LOCAL, .offset = LOCAL_VAR(iDir_mask), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "directory mode", + .type = P_OCTAL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(iDir_mask), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL, }, { .label = "force directory mode", @@ -428,16 +828,135 @@ static struct parm_struct parm_table[] = { .p_class = P_LOCAL, .offset = LOCAL_VAR(iDir_force_mode), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "directory security mask", + .type = P_OCTAL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(iDir_Security_mask), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "force directory security mode", + .type = P_OCTAL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(iDir_Security_force_mode), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "force unknown acl user", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bForceUnknownAclUser), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, + }, + { + .label = "inherit permissions", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bInheritPerms), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_SHARE, + }, + { + .label = "inherit acls", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bInheritACLS), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_SHARE, + }, + { + .label = "inherit owner", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bInheritOwner), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_SHARE, + }, + { + .label = "guest only", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bGuest_only), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_SHARE, + }, + { + .label = "only guest", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bGuest_only), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, + }, + { + .label = "administrative share", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bAdministrative_share), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT, }, + { + .label = "guest ok", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bGuest_ok), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT, + }, + { + .label = "public", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bGuest_ok), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, + }, + { + .label = "only user", + .type = P_BOOL, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(bOnlyUser), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_SHARE | FLAG_DEPRECATED, + }, { .label = "hosts allow", .type = P_LIST, .p_class = P_LOCAL, .offset = LOCAL_VAR(szHostsallow), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_GLOBAL | FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT, + }, + { + .label = "allow hosts", + .type = P_LIST, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(szHostsallow), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, }, { .label = "hosts deny", @@ -445,7 +964,53 @@ static struct parm_struct parm_table[] = { .p_class = P_LOCAL, .offset = LOCAL_VAR(szHostsdeny), .special = NULL, - .enum_list = NULL + .enum_list = NULL, + .flags = FLAG_GLOBAL | FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT, + }, + { + .label = "deny hosts", + .type = P_LIST, + .p_class = P_LOCAL, + .offset = LOCAL_VAR(szHostsdeny), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_HIDE, + }, + { + .label = "preload modules", + .type = P_LIST, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(szPreloadModules), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL, + }, + { + .label = "dedicated keytab file", + .type = P_STRING, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(szDedicatedKeytabFile), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { + .label = "kerberos method", + .type = P_ENUM, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(iKerberosMethod), + .special = NULL, + .enum_list = enum_kerberos_method, + .flags = FLAG_ADVANCED, + }, + { + .label = "map untrusted to domain", + .type = P_BOOL, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(bMapUntrustedToDomain), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED | FLAG_GLOBAL, }, {N_("Logging Options"), P_SEP, P_SEPARATOR}, -- cgit