From 8c71dc3505ab83ce95ab40a56f77313c4448be16 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 22 Aug 2012 21:01:16 +1000
Subject: param: Add startup checks for valid server role/binary combinations

This should eliminate confusion from our users about what they can
expect to successfully run.

Andrew Bartlett
---
 file_server/file_server.c   |  1 +
 source3/nmbd/nmbd.c         | 10 ++++++++++
 source3/smbd/server.c       |  7 +++++++
 source3/winbindd/winbindd.c |  6 ++++++
 source4/smbd/server.c       | 11 +++++++++++
 5 files changed, 35 insertions(+)

diff --git a/file_server/file_server.c b/file_server/file_server.c
index 448894ecbd..b6f73824f6 100644
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -50,6 +50,7 @@ static const char *generate_smb_conf(struct task_server *task)
 
 	fdprintf(fd, "[globals]\n");
 	fdprintf(fd, "# auto-generated config for fileserver\n");
+	fdprintf(fd, "server role check:inhibit=yes\n");
 	fdprintf(fd, "passdb backend = samba4\n");
         fdprintf(fd, "rpc_server:default = external\n");
 	fdprintf(fd, "rpc_server:svcctl = embedded\n");
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 1728bb9c5a..d4df2020d5 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -888,6 +888,16 @@ static bool open_sockets(bool isdaemon, int port)
 		exit(1);
 	}
 
+	if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
+	    && !lp_parm_bool(-1, "server role check", "inhibit", false)) {
+		/* TODO: when we have a merged set of defaults for
+		 * loadparm, we could possibly check if the internal
+		 * nbt server is in the list, and allow a startup if disabled */
+		DEBUG(0, ("server role = 'active directory domain controller' not compatible with running nmbd standalone. \n"));
+		DEBUGADD(0, ("You should start 'samba' instead, and it will control starting the internal nbt server\n"));
+		exit(1);
+	}
+
 	msg = messaging_init(NULL, server_event_context());
 	if (msg == NULL) {
 		return 1;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 6abf8ccaeb..d53b19a57f 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1227,6 +1227,13 @@ extern void build_options(bool screen);
 		exit(1);
 	}
 
+	if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
+	    && !lp_parm_bool(-1, "server role check", "inhibit", false)) {
+		DEBUG(0, ("server role = 'active directory domain controller' not compatible with running smbd standalone. \n"));
+		DEBUGADD(0, ("You should start 'samba' instead, and it will control starting smbd if required\n"));
+		exit(1);
+	}
+
 	/* ...NOTE... Log files are working from this point! */
 
 	DEBUG(3,("loaded services\n"));
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index c43b5859e2..eab62a7028 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1406,6 +1406,12 @@ int main(int argc, char **argv, char **envp)
 	 */
 	dump_core_setup("winbindd", lp_logfile(talloc_tos()));
 
+	if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
+		DEBUG(0, ("server role = 'active directory domain controller' not compatible with running the winbindd binary. \n"));
+		DEBUGADD(0, ("You should start 'samba' instead, and it will control starting the internal AD DC winbindd implementation, which is not the same as this one\n"));
+		exit(1);
+	}
+
 	/* Initialise messaging system */
 
 	if (winbind_messaging_context() == NULL) {
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index f3405a7c2a..b3d8ae5f5d 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -453,6 +453,17 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
 				 discard_const(binary_name));
 	}
 
+	if (lpcfg_server_role(cmdline_lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC
+	    && !lpcfg_parm_bool(cmdline_lp_ctx, NULL, "server role check", "inhibit", false)
+	    && !str_list_check_ci(lpcfg_server_services(cmdline_lp_ctx), "smb") 
+	    && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx), "remote")
+	    && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx), "mapiproxy")) {
+		DEBUG(0, ("At this time the 'samba' binary should only be used for either:\n"));
+		DEBUGADD(0, ("'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'\n"));
+		DEBUGADD(0, ("You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks\n"));
+		exit(1);
+	};
+
 	prime_ldb_databases(event_ctx);
 
 	status = setup_parent_messaging(event_ctx, cmdline_lp_ctx);
-- 
cgit