aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/param/loadparm.c27
-rw-r--r--lib/param/loadparm_server_role.c (renamed from source3/param/loadparm_server_role.c)82
-rw-r--r--lib/param/loadparm_server_role.h31
-rw-r--r--lib/param/wscript_build7
-rw-r--r--libds/common/roles.h2
-rw-r--r--script/mks3param.pl1
-rw-r--r--source3/Makefile.in2
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/param/loadparm.c15
-rw-r--r--source3/param/loadparm_ctx.c1
-rwxr-xr-xsource3/wscript_build2
11 files changed, 132 insertions, 39 deletions
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 44d219a9e49..aaff5bc5bc7 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -65,6 +65,7 @@
#include "s3_param.h"
#include "lib/util/bitmap.h"
#include "libcli/smb/smb_constants.h"
+#include "lib/param/loadparm_server_role.h"
#define standard_sub_basic talloc_strdup
@@ -81,6 +82,10 @@ static bool defaults_saved = false;
char *tls_dhpfile; \
char *loglevel; \
char *panic_action; \
+ int server_role; \
+ int security; \
+ int domain_master; \
+ bool domain_logons; \
int bPreferredMaster;
#include "param_global.h"
@@ -113,8 +118,10 @@ static const struct enum_list enum_protocol[] = {
};
static const struct enum_list enum_security[] = {
+ {SEC_AUTO, "AUTO"},
{SEC_SHARE, "SHARE"},
{SEC_USER, "USER"},
+ {SEC_DOMAIN, "DOMAIN"},
{SEC_ADS, "ADS"},
{-1, NULL}
};
@@ -1484,9 +1491,6 @@ static struct loadparm_context *global_loadparm_context;
#include "lib/param/param_functions.c"
-FN_GLOBAL_INTEGER(server_role, server_role)
-static FN_GLOBAL_BOOL(domain_logons, domain_logons)
-FN_GLOBAL_INTEGER(domain_master, domain_master)
FN_GLOBAL_LIST(smb_ports, smb_ports)
FN_GLOBAL_INTEGER(nbt_port, nbt_port)
FN_GLOBAL_INTEGER(dgram_port, dgram_port)
@@ -1570,7 +1574,6 @@ FN_GLOBAL_INTEGER(srv_maxprotocol, srv_maxprotocol)
FN_GLOBAL_INTEGER(srv_minprotocol, srv_minprotocol)
FN_GLOBAL_INTEGER(cli_maxprotocol, cli_maxprotocol)
FN_GLOBAL_INTEGER(cli_minprotocol, cli_minprotocol)
-FN_GLOBAL_INTEGER(security, security)
FN_GLOBAL_BOOL(paranoid_server_security, paranoid_server_security)
FN_GLOBAL_INTEGER(server_signing, server_signing)
@@ -3306,7 +3309,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "share backend", "classic");
- lpcfg_do_global_parameter(lp_ctx, "server role", "standalone");
+ lpcfg_do_global_parameter(lp_ctx, "server role", "auto");
lpcfg_do_global_parameter(lp_ctx, "domain logons", "No");
lpcfg_do_global_parameter(lp_ctx, "domain master", "Auto");
@@ -3370,7 +3373,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "server max protocol", "NT1");
lpcfg_do_global_parameter(lp_ctx, "client min protocol", "CORE");
lpcfg_do_global_parameter(lp_ctx, "client max protocol", "NT1");
- lpcfg_do_global_parameter(lp_ctx, "security", "USER");
+ lpcfg_do_global_parameter(lp_ctx, "security", "AUTO");
lpcfg_do_global_parameter(lp_ctx, "paranoid server security", "True");
lpcfg_do_global_parameter(lp_ctx, "EncryptPasswords", "True");
lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True");
@@ -3799,3 +3802,15 @@ struct gensec_settings *lpcfg_gensec_settings(TALLOC_CTX *mem_ctx, struct loadpa
return settings;
}
+int lpcfg_server_role(struct loadparm_context *lp_ctx)
+{
+ if (lp_ctx->s3_fns) {
+ return lp_ctx->s3_fns->server_role();
+ }
+
+ return lp_find_server_role(lp_ctx->globals->server_role,
+ lp_ctx->globals->security,
+ lp_ctx->globals->domain_logons,
+ (lp_ctx->globals->domain_master == true) ||
+ (lp_ctx->globals->domain_master == Auto));
+}
diff --git a/source3/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c
index 7fe4411b54d..1abe9b9ddc3 100644
--- a/source3/param/loadparm_server_role.c
+++ b/lib/param/loadparm_server_role.c
@@ -26,13 +26,15 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
+#include "lib/param/loadparm_server_role.h"
+#include "libds/common/roles.h"
/*******************************************************************
Set the server type we will announce as via nmbd.
********************************************************************/
static const struct srv_role_tab {
- uint32 role;
+ uint32_t role;
const char *role_str;
} srv_role_tab [] = {
{ ROLE_STANDALONE, "ROLE_STANDALONE" },
@@ -42,7 +44,7 @@ static const struct srv_role_tab {
{ 0, NULL }
};
-const char* server_role_str(uint32 role)
+const char* server_role_str(uint32_t role)
{
int i = 0;
for (i=0; srv_role_tab[i].role_str; i++) {
@@ -53,43 +55,57 @@ const char* server_role_str(uint32 role)
return NULL;
}
-void set_server_role(void)
+/**
+ * Set the server role based on security, domain logons and domain master
+ */
+int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master)
{
- int server_role = ROLE_STANDALONE;
+ int role;
- switch (lp_security()) {
+ if (server_role != ROLE_AUTO) {
+ return server_role;
+ }
+
+ /* If server_role is set to ROLE_AUTO, figure out the correct role */
+ role = ROLE_STANDALONE;
+
+ switch (security) {
case SEC_SHARE:
- if (lp_domain_logons())
+ if (domain_logons) {
DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
+ }
break;
case SEC_SERVER:
- if (lp_domain_logons())
+ if (domain_logons) {
DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
+ }
/* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */
- server_role = ROLE_STANDALONE;
+ role = ROLE_STANDALONE;
break;
case SEC_DOMAIN:
- if (lp_domain_logons()) {
+ if (domain_logons) {
DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
- server_role = ROLE_DOMAIN_BDC;
+ role = ROLE_DOMAIN_BDC;
break;
}
- server_role = ROLE_DOMAIN_MEMBER;
+ role = ROLE_DOMAIN_MEMBER;
break;
case SEC_ADS:
- if (lp_domain_logons()) {
- server_role = ROLE_DOMAIN_CONTROLLER;
+ if (domain_logons) {
+ role = ROLE_DOMAIN_CONTROLLER;
break;
}
- server_role = ROLE_DOMAIN_MEMBER;
+ role = ROLE_DOMAIN_MEMBER;
break;
+ case SEC_AUTO:
case SEC_USER:
- if (lp_domain_logons()) {
+ if (domain_logons) {
- if (lp_domain_master_true_or_auto()) /* auto or yes */
- server_role = ROLE_DOMAIN_PDC;
- else
- server_role = ROLE_DOMAIN_BDC;
+ if (domain_master) {
+ role = ROLE_DOMAIN_PDC;
+ } else {
+ role = ROLE_DOMAIN_BDC;
+ }
}
break;
default:
@@ -97,7 +113,31 @@ void set_server_role(void)
break;
}
- _lp_set_server_role(server_role);
- DEBUG(10, ("set_server_role: role = %s\n", server_role_str(server_role)));
+ return role;
}
+/**
+ * Set the server role based on security, domain logons and domain master
+ */
+int lp_find_security(int server_role, int security)
+{
+ if (security != SEC_AUTO) {
+ return security;
+ }
+
+ switch (server_role) {
+ case ROLE_AUTO:
+ case ROLE_STANDALONE:
+ return SEC_USER;
+ case ROLE_DOMAIN_MEMBER:
+#if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4)
+ return SEC_ADS;
+#else
+ return SEC_DOMAIN;
+#endif
+ case ROLE_DOMAIN_PDC:
+ case ROLE_DOMAIN_BDC:
+ default:
+ return SEC_USER;
+ }
+}
diff --git a/lib/param/loadparm_server_role.h b/lib/param/loadparm_server_role.h
new file mode 100644
index 00000000000..2c82527573b
--- /dev/null
+++ b/lib/param/loadparm_server_role.h
@@ -0,0 +1,31 @@
+/*
+ Unix SMB/CIFS implementation.
+ Parameter loading functions
+ Copyright (C) Karl Auer 1993-1998
+
+ Largely re-written by Andrew Tridgell, September 1994
+
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Alexander Bokovoy 2002
+ Copyright (C) Stefan (metze) Metzmacher 2002
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ Copyright (C) Michael Adam 2008
+ Copyright (C) Andrew Bartlett 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+const char* server_role_str(uint32_t role);
+int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master);
+int lp_find_security(int server_role, int security);
diff --git a/lib/param/wscript_build b/lib/param/wscript_build
index f61e8220375..13b7709abfe 100644
--- a/lib/param/wscript_build
+++ b/lib/param/wscript_build
@@ -16,11 +16,16 @@ bld.SAMBA_GENERATOR('param_global_h',
target='param_global.h',
rule='${PERL} ${SRC[1].abspath(env)} ${SRC[0].abspath(env)} --file ${TGT} --generate-scope=GLOBAL')
+bld.SAMBA_LIBRARY('server-role',
+ source='loadparm_server_role.c',
+ deps='samba-util',
+ private_library=True)
+
bld.SAMBA_LIBRARY('samba-hostconfig',
source='loadparm.c generic.c util.c',
pc_files='samba-hostconfig.pc',
vnum='0.0.1',
- deps='DYNCONFIG',
+ deps='DYNCONFIG server-role',
public_deps='samba-util param_local_h',
public_headers='param.h',
autoproto='param_proto.h',
diff --git a/libds/common/roles.h b/libds/common/roles.h
index f6f04758dde..67236032bcf 100644
--- a/libds/common/roles.h
+++ b/libds/common/roles.h
@@ -43,6 +43,6 @@ enum server_role {
#define ROLE_DOMAIN_CONTROLLER ROLE_DOMAIN_BDC
/* security levels for 'security =' option */
-enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS};
+enum security_types {SEC_AUTO, SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS};
#endif /* _LIBDS_ROLES_H_ */
diff --git a/script/mks3param.pl b/script/mks3param.pl
index 2679b5acae2..3126af502c3 100644
--- a/script/mks3param.pl
+++ b/script/mks3param.pl
@@ -95,6 +95,7 @@ sub print_header($$)
$file->("\tbool (*load)(const char *filename);\n");
$file->("\tbool (*set_cmdline)(const char *pszParmName, const char *pszParmValue);\n");
$file->("\tvoid (*dump)(FILE *f, bool show_defaults, int maxtoprint);\n");
+ $file->("\tint (*server_role)(void);\n");
}
sub print_footer($$)
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 1ec93a11041..76b00b75a24 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -495,7 +495,7 @@ READLINE_OBJ = ../libcli/smbreadline/smbreadline.o
# Be sure to include them into your application
POPT_LIB_OBJ = lib/popt_common.o
-PARAM_WITHOUT_REG_OBJ = ../dynconfig/dynconfig.o param/loadparm.o param/loadparm_ctx.o param/loadparm_server_role.o param/util.o lib/sharesec.o lib/ldap_debug_handler.o ../lib/param/loadparm.o ../lib/param/util.o
+PARAM_WITHOUT_REG_OBJ = ../dynconfig/dynconfig.o param/loadparm.o param/loadparm_ctx.o ../lib/param/loadparm_server_role.o param/util.o lib/sharesec.o lib/ldap_debug_handler.o ../lib/param/loadparm.o ../lib/param/util.o
PARAM_REG_ADD_OBJ = $(REG_SMBCONF_OBJ) $(LIBSMBCONF_OBJ) $(PRIVILEGES_BASIC_OBJ)
PARAM_OBJ = $(PARAM_WITHOUT_REG_OBJ) $(PARAM_REG_ADD_OBJ)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index b9e7f384ab3..0228120cc6f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1619,7 +1619,6 @@ struct share_params *get_share_params(TALLOC_CTX *mem_ctx,
const char *sharename);
const char *volume_label(int snum);
bool lp_domain_master(void);
-bool lp_domain_master_true_or_auto(void);
bool lp_preferred_master(void);
void lp_remove_service(int snum);
void lp_copy_service(int snum, const char *new_name);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 285023944a4..25b5eb84dca 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -60,6 +60,7 @@
#include "lib/smbconf/smbconf.h"
#include "lib/smbconf/smbconf_init.h"
#include "lib/param/loadparm.h"
+#include "lib/param/loadparm_server_role.h"
#include "ads.h"
#include "../librpc/gen_ndr/svcctl.h"
@@ -4822,7 +4823,7 @@ static void init_globals(bool reinit_globals)
Globals.PrintcapCacheTime = 750; /* 12.5 minutes */
Globals.ConfigBackend = config_backend;
- Globals.ServerRole = ROLE_STANDALONE;
+ Globals.ServerRole = ROLE_AUTO;
/* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
/* Discovered by 2 days of pain by Don McCall @ HP :-). */
@@ -5390,7 +5391,7 @@ FN_GLOBAL_INTEGER(lp_lock_spin_time, iLockSpinTime)
FN_GLOBAL_INTEGER(lp_usershare_max_shares, iUsershareMaxShares)
FN_GLOBAL_CONST_STRING(lp_socket_options, szSocketOptions)
FN_GLOBAL_INTEGER(lp_config_backend, ConfigBackend)
-FN_GLOBAL_INTEGER(lp_server_role, ServerRole)
+static FN_GLOBAL_INTEGER(lp__server_role, ServerRole)
FN_GLOBAL_INTEGER(lp_smb2_max_read, ismb2_max_read)
FN_GLOBAL_INTEGER(lp_smb2_max_write, ismb2_max_write)
FN_GLOBAL_INTEGER(lp_smb2_max_trans, ismb2_max_trans)
@@ -9121,7 +9122,6 @@ static bool lp_load_ex(const char *pszFname,
}
}
- set_server_role();
set_allowed_client_auth();
if (lp_security() == SEC_SHARE) {
@@ -9432,7 +9432,7 @@ bool lp_domain_master(void)
If we are PDC then prefer us as DMB
************************************************************/
-bool lp_domain_master_true_or_auto(void)
+static bool lp_domain_master_true_or_auto(void)
{
if (Globals.iDomainMaster) /* auto or yes */
return true;
@@ -9736,7 +9736,10 @@ bool lp_readraw(void)
return _lp_readraw();
}
-void _lp_set_server_role(int server_role)
+int lp_server_role(void)
{
- Globals.ServerRole = server_role;
+ return lp_find_server_role(lp__server_role(),
+ lp_security(),
+ lp_domain_logons(),
+ lp_domain_master_true_or_auto());
}
diff --git a/source3/param/loadparm_ctx.c b/source3/param/loadparm_ctx.c
index 1e11eeb4b20..61fe97462d3 100644
--- a/source3/param/loadparm_ctx.c
+++ b/source3/param/loadparm_ctx.c
@@ -74,7 +74,6 @@ static const struct loadparm_s3_context s3_fns =
.dump = lp_dump,
.server_role = lp_server_role,
- .domain_master = lp_domain_master,
.winbind_separator = lp_winbind_separator,
.template_homedir = lp_template_homedir,
diff --git a/source3/wscript_build b/source3/wscript_build
index 99d40406d7a..2b05edb0d24 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -82,7 +82,7 @@ POPT_LIB_SRC = '''lib/popt_common.c'''
PARAM_UTIL_SRC = '''param/util.c'''
-PARAM_WITHOUT_REG_SRC = '''param/loadparm.c param/loadparm_server_role.c
+PARAM_WITHOUT_REG_SRC = '''param/loadparm.c
lib/sharesec.c lib/ldap_debug_handler.c lib/util_names.c'''
KRBCLIENT_SRC = '''libads/kerberos.c libads/ads_status.c libsmb/clikrb5.c'''