#include "s3_param.h"
#include "lib/util/bitmap.h"
#include "libcli/smb/smb_constants.h"
+#include "lib/param/loadparm_server_role.h"
#define standard_sub_basic talloc_strdup
char *tls_dhpfile; \
char *loglevel; \
char *panic_action; \
+ int server_role; \
+ int security; \
+ int domain_master; \
+ bool domain_logons; \
int bPreferredMaster;
#include "param_global.h"
};
static const struct enum_list enum_security[] = {
+ {SEC_AUTO, "AUTO"},
{SEC_SHARE, "SHARE"},
{SEC_USER, "USER"},
+ {SEC_DOMAIN, "DOMAIN"},
{SEC_ADS, "ADS"},
{-1, NULL}
};
#include "lib/param/param_functions.c"
-FN_GLOBAL_INTEGER(server_role, server_role)
-static FN_GLOBAL_BOOL(domain_logons, domain_logons)
-FN_GLOBAL_INTEGER(domain_master, domain_master)
FN_GLOBAL_LIST(smb_ports, smb_ports)
FN_GLOBAL_INTEGER(nbt_port, nbt_port)
FN_GLOBAL_INTEGER(dgram_port, dgram_port)
FN_GLOBAL_INTEGER(srv_minprotocol, srv_minprotocol)
FN_GLOBAL_INTEGER(cli_maxprotocol, cli_maxprotocol)
FN_GLOBAL_INTEGER(cli_minprotocol, cli_minprotocol)
-FN_GLOBAL_INTEGER(security, security)
FN_GLOBAL_BOOL(paranoid_server_security, paranoid_server_security)
FN_GLOBAL_INTEGER(server_signing, server_signing)
lpcfg_do_global_parameter(lp_ctx, "share backend", "classic");
- lpcfg_do_global_parameter(lp_ctx, "server role", "standalone");
+ lpcfg_do_global_parameter(lp_ctx, "server role", "auto");
lpcfg_do_global_parameter(lp_ctx, "domain logons", "No");
lpcfg_do_global_parameter(lp_ctx, "domain master", "Auto");
lpcfg_do_global_parameter(lp_ctx, "server max protocol", "NT1");
lpcfg_do_global_parameter(lp_ctx, "client min protocol", "CORE");
lpcfg_do_global_parameter(lp_ctx, "client max protocol", "NT1");
- lpcfg_do_global_parameter(lp_ctx, "security", "USER");
+ lpcfg_do_global_parameter(lp_ctx, "security", "AUTO");
lpcfg_do_global_parameter(lp_ctx, "paranoid server security", "True");
lpcfg_do_global_parameter(lp_ctx, "EncryptPasswords", "True");
lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True");
return settings;
}
+int lpcfg_server_role(struct loadparm_context *lp_ctx)
+{
+ if (lp_ctx->s3_fns) {
+ return lp_ctx->s3_fns->server_role();
+ }
+
+ return lp_find_server_role(lp_ctx->globals->server_role,
+ lp_ctx->globals->security,
+ lp_ctx->globals->domain_logons,
+ (lp_ctx->globals->domain_master == true) ||
+ (lp_ctx->globals->domain_master == Auto));
+}
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
+#include "lib/param/loadparm_server_role.h"
+#include "libds/common/roles.h"
/*******************************************************************
Set the server type we will announce as via nmbd.
********************************************************************/
static const struct srv_role_tab {
- uint32 role;
+ uint32_t role;
const char *role_str;
} srv_role_tab [] = {
{ ROLE_STANDALONE, "ROLE_STANDALONE" },
{ 0, NULL }
};
-const char* server_role_str(uint32 role)
+const char* server_role_str(uint32_t role)
{
int i = 0;
for (i=0; srv_role_tab[i].role_str; i++) {
return NULL;
}
-void set_server_role(void)
+/**
+ * Set the server role based on security, domain logons and domain master
+ */
+int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master)
{
- int server_role = ROLE_STANDALONE;
+ int role;
- switch (lp_security()) {
+ if (server_role != ROLE_AUTO) {
+ return server_role;
+ }
+
+ /* If server_role is set to ROLE_AUTO, figure out the correct role */
+ role = ROLE_STANDALONE;
+
+ switch (security) {
case SEC_SHARE:
- if (lp_domain_logons())
+ if (domain_logons) {
DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
+ }
break;
case SEC_SERVER:
- if (lp_domain_logons())
+ if (domain_logons) {
DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
+ }
/* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */
- server_role = ROLE_STANDALONE;
+ role = ROLE_STANDALONE;
break;
case SEC_DOMAIN:
- if (lp_domain_logons()) {
+ if (domain_logons) {
DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
- server_role = ROLE_DOMAIN_BDC;
+ role = ROLE_DOMAIN_BDC;
break;
}
- server_role = ROLE_DOMAIN_MEMBER;
+ role = ROLE_DOMAIN_MEMBER;
break;
case SEC_ADS:
- if (lp_domain_logons()) {
- server_role = ROLE_DOMAIN_CONTROLLER;
+ if (domain_logons) {
+ role = ROLE_DOMAIN_CONTROLLER;
break;
}
- server_role = ROLE_DOMAIN_MEMBER;
+ role = ROLE_DOMAIN_MEMBER;
break;
+ case SEC_AUTO:
case SEC_USER:
- if (lp_domain_logons()) {
+ if (domain_logons) {
- if (lp_domain_master_true_or_auto()) /* auto or yes */
- server_role = ROLE_DOMAIN_PDC;
- else
- server_role = ROLE_DOMAIN_BDC;
+ if (domain_master) {
+ role = ROLE_DOMAIN_PDC;
+ } else {
+ role = ROLE_DOMAIN_BDC;
+ }
}
break;
default:
break;
}
- _lp_set_server_role(server_role);
- DEBUG(10, ("set_server_role: role = %s\n", server_role_str(server_role)));
+ return role;
}
+/**
+ * Set the server role based on security, domain logons and domain master
+ */
+int lp_find_security(int server_role, int security)
+{
+ if (security != SEC_AUTO) {
+ return security;
+ }
+
+ switch (server_role) {
+ case ROLE_AUTO:
+ case ROLE_STANDALONE:
+ return SEC_USER;
+ case ROLE_DOMAIN_MEMBER:
+#if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4)
+ return SEC_ADS;
+#else
+ return SEC_DOMAIN;
+#endif
+ case ROLE_DOMAIN_PDC:
+ case ROLE_DOMAIN_BDC:
+ default:
+ return SEC_USER;
+ }
+}
--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+ Parameter loading functions
+ Copyright (C) Karl Auer 1993-1998
+
+ Largely re-written by Andrew Tridgell, September 1994
+
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Alexander Bokovoy 2002
+ Copyright (C) Stefan (metze) Metzmacher 2002
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ Copyright (C) Michael Adam 2008
+ Copyright (C) Andrew Bartlett 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+const char* server_role_str(uint32_t role);
+int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master);
+int lp_find_security(int server_role, int security);
target='param_global.h',
rule='${PERL} ${SRC[1].abspath(env)} ${SRC[0].abspath(env)} --file ${TGT} --generate-scope=GLOBAL')
+bld.SAMBA_LIBRARY('server-role',
+ source='loadparm_server_role.c',
+ deps='samba-util',
+ private_library=True)
+
bld.SAMBA_LIBRARY('samba-hostconfig',
source='loadparm.c generic.c util.c',
pc_files='samba-hostconfig.pc',
vnum='0.0.1',
- deps='DYNCONFIG',
+ deps='DYNCONFIG server-role',
public_deps='samba-util param_local_h',
public_headers='param.h',
autoproto='param_proto.h',
#define ROLE_DOMAIN_CONTROLLER ROLE_DOMAIN_BDC
/* security levels for 'security =' option */
-enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS};
+enum security_types {SEC_AUTO, SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS};
#endif /* _LIBDS_ROLES_H_ */
$file->("\tbool (*load)(const char *filename);\n");
$file->("\tbool (*set_cmdline)(const char *pszParmName, const char *pszParmValue);\n");
$file->("\tvoid (*dump)(FILE *f, bool show_defaults, int maxtoprint);\n");
+ $file->("\tint (*server_role)(void);\n");
}
sub print_footer($$)
# Be sure to include them into your application
POPT_LIB_OBJ = lib/popt_common.o
-PARAM_WITHOUT_REG_OBJ = ../dynconfig/dynconfig.o param/loadparm.o param/loadparm_ctx.o param/loadparm_server_role.o param/util.o lib/sharesec.o lib/ldap_debug_handler.o ../lib/param/loadparm.o ../lib/param/util.o
+PARAM_WITHOUT_REG_OBJ = ../dynconfig/dynconfig.o param/loadparm.o param/loadparm_ctx.o ../lib/param/loadparm_server_role.o param/util.o lib/sharesec.o lib/ldap_debug_handler.o ../lib/param/loadparm.o ../lib/param/util.o
PARAM_REG_ADD_OBJ = $(REG_SMBCONF_OBJ) $(LIBSMBCONF_OBJ) $(PRIVILEGES_BASIC_OBJ)
PARAM_OBJ = $(PARAM_WITHOUT_REG_OBJ) $(PARAM_REG_ADD_OBJ)
const char *sharename);
const char *volume_label(int snum);
bool lp_domain_master(void);
-bool lp_domain_master_true_or_auto(void);
bool lp_preferred_master(void);
void lp_remove_service(int snum);
void lp_copy_service(int snum, const char *new_name);
#include "lib/smbconf/smbconf.h"
#include "lib/smbconf/smbconf_init.h"
#include "lib/param/loadparm.h"
+#include "lib/param/loadparm_server_role.h"
#include "ads.h"
#include "../librpc/gen_ndr/svcctl.h"
Globals.PrintcapCacheTime = 750; /* 12.5 minutes */
Globals.ConfigBackend = config_backend;
- Globals.ServerRole = ROLE_STANDALONE;
+ Globals.ServerRole = ROLE_AUTO;
/* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
/* Discovered by 2 days of pain by Don McCall @ HP :-). */
FN_GLOBAL_INTEGER(lp_usershare_max_shares, iUsershareMaxShares)
FN_GLOBAL_CONST_STRING(lp_socket_options, szSocketOptions)
FN_GLOBAL_INTEGER(lp_config_backend, ConfigBackend)
-FN_GLOBAL_INTEGER(lp_server_role, ServerRole)
+static FN_GLOBAL_INTEGER(lp__server_role, ServerRole)
FN_GLOBAL_INTEGER(lp_smb2_max_read, ismb2_max_read)
FN_GLOBAL_INTEGER(lp_smb2_max_write, ismb2_max_write)
FN_GLOBAL_INTEGER(lp_smb2_max_trans, ismb2_max_trans)
}
}
- set_server_role();
set_allowed_client_auth();
if (lp_security() == SEC_SHARE) {
If we are PDC then prefer us as DMB
************************************************************/
-bool lp_domain_master_true_or_auto(void)
+static bool lp_domain_master_true_or_auto(void)
{
if (Globals.iDomainMaster) /* auto or yes */
return true;
return _lp_readraw();
}
-void _lp_set_server_role(int server_role)
+int lp_server_role(void)
{
- Globals.ServerRole = server_role;
+ return lp_find_server_role(lp__server_role(),
+ lp_security(),
+ lp_domain_logons(),
+ lp_domain_master_true_or_auto());
}
.dump = lp_dump,
.server_role = lp_server_role,
- .domain_master = lp_domain_master,
.winbind_separator = lp_winbind_separator,
.template_homedir = lp_template_homedir,
PARAM_UTIL_SRC = '''param/util.c'''
-PARAM_WITHOUT_REG_SRC = '''param/loadparm.c param/loadparm_server_role.c
+PARAM_WITHOUT_REG_SRC = '''param/loadparm.c
lib/sharesec.c lib/ldap_debug_handler.c lib/util_names.c'''
KRBCLIENT_SRC = '''libads/kerberos.c libads/ads_status.c libsmb/clikrb5.c'''