2010-05-18 16:10:13 +04:00
/*
Unix SMB / CIFS implementation .
Parameter loading functions
Copyright ( C ) Karl Auer 1993 - 1998
Largely re - written by Andrew Tridgell , September 1994
Copyright ( C ) Simo Sorce 2001
Copyright ( C ) Alexander Bokovoy 2002
Copyright ( C ) Stefan ( metze ) Metzmacher 2002
Copyright ( C ) Jim McDonough < jmcd @ us . ibm . com > 2003
Copyright ( C ) Michael Adam 2008
Copyright ( C ) Andrew Bartlett 2010
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
2011-11-10 08:22:37 +04:00
# include "lib/param/loadparm.h"
2011-11-10 05:45:54 +04:00
# include "libds/common/roles.h"
2010-05-18 16:10:13 +04:00
/*******************************************************************
Set the server type we will announce as via nmbd .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static const struct srv_role_tab {
2011-11-10 05:45:54 +04:00
uint32_t role ;
2010-05-18 16:10:13 +04:00
const char * role_str ;
} srv_role_tab [ ] = {
{ ROLE_STANDALONE , " ROLE_STANDALONE " } ,
{ ROLE_DOMAIN_MEMBER , " ROLE_DOMAIN_MEMBER " } ,
{ ROLE_DOMAIN_BDC , " ROLE_DOMAIN_BDC " } ,
{ ROLE_DOMAIN_PDC , " ROLE_DOMAIN_PDC " } ,
{ 0 , NULL }
} ;
2011-11-10 05:45:54 +04:00
const char * server_role_str ( uint32_t role )
2010-05-18 16:10:13 +04:00
{
int i = 0 ;
for ( i = 0 ; srv_role_tab [ i ] . role_str ; i + + ) {
if ( role = = srv_role_tab [ i ] . role ) {
return srv_role_tab [ i ] . role_str ;
}
}
return NULL ;
}
2011-11-10 05:45:54 +04:00
/**
* Set the server role based on security , domain logons and domain master
*/
2011-12-22 09:40:10 +04:00
int lp_find_server_role ( int server_role , int security , int domain_logons , int domain_master )
2010-05-18 16:10:13 +04:00
{
2011-11-10 05:45:54 +04:00
int role ;
2010-05-18 16:10:13 +04:00
2011-11-10 05:45:54 +04:00
if ( server_role ! = ROLE_AUTO ) {
2011-11-10 12:34:36 +04:00
if ( lp_is_security_and_server_role_valid ( server_role , security ) ) {
return server_role ;
}
2011-11-10 05:45:54 +04:00
}
2011-11-10 12:34:36 +04:00
/* If server_role is set to ROLE_AUTO, or conflicted with the
* chosen security setting , figure out the correct role */
2011-11-10 05:45:54 +04:00
role = ROLE_STANDALONE ;
switch ( security ) {
2010-05-18 16:10:13 +04:00
case SEC_SHARE :
2011-11-10 05:45:54 +04:00
if ( domain_logons ) {
2010-05-18 16:10:13 +04:00
DEBUG ( 0 , ( " Server's Role (logon server) conflicts with share-level security \n " ) ) ;
2011-11-10 05:45:54 +04:00
}
2010-05-18 16:10:13 +04:00
break ;
case SEC_SERVER :
2011-11-10 05:45:54 +04:00
if ( domain_logons ) {
2010-05-18 16:10:13 +04:00
DEBUG ( 0 , ( " Server's Role (logon server) conflicts with server-level security \n " ) ) ;
2011-11-10 05:45:54 +04:00
}
2010-05-18 16:10:13 +04:00
/* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */
2011-11-10 05:45:54 +04:00
role = ROLE_STANDALONE ;
2010-05-18 16:10:13 +04:00
break ;
case SEC_DOMAIN :
2011-11-10 05:45:54 +04:00
if ( domain_logons ) {
2010-05-18 16:10:13 +04:00
DEBUG ( 1 , ( " Server's Role (logon server) NOT ADVISED with domain-level security \n " ) ) ;
2011-11-10 05:45:54 +04:00
role = ROLE_DOMAIN_BDC ;
2010-05-18 16:10:13 +04:00
break ;
}
2011-11-10 05:45:54 +04:00
role = ROLE_DOMAIN_MEMBER ;
2010-05-18 16:10:13 +04:00
break ;
case SEC_ADS :
2011-11-10 05:45:54 +04:00
if ( domain_logons ) {
role = ROLE_DOMAIN_CONTROLLER ;
2010-05-18 16:10:13 +04:00
break ;
}
2011-11-10 05:45:54 +04:00
role = ROLE_DOMAIN_MEMBER ;
2010-05-18 16:10:13 +04:00
break ;
2011-11-10 05:45:54 +04:00
case SEC_AUTO :
2010-05-18 16:10:13 +04:00
case SEC_USER :
2011-11-10 05:45:54 +04:00
if ( domain_logons ) {
2010-05-18 16:10:13 +04:00
2011-11-10 05:45:54 +04:00
if ( domain_master ) {
role = ROLE_DOMAIN_PDC ;
} else {
role = ROLE_DOMAIN_BDC ;
}
2010-05-18 16:10:13 +04:00
}
break ;
default :
DEBUG ( 0 , ( " Server's Role undefined due to unknown security mode \n " ) ) ;
break ;
}
2011-11-10 05:45:54 +04:00
return role ;
2010-05-18 16:10:13 +04:00
}
2011-11-10 05:45:54 +04:00
/**
* Set the server role based on security , domain logons and domain master
*/
int lp_find_security ( int server_role , int security )
{
if ( security ! = SEC_AUTO ) {
return security ;
}
switch ( server_role ) {
case ROLE_AUTO :
case ROLE_STANDALONE :
return SEC_USER ;
case ROLE_DOMAIN_MEMBER :
# if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4)
return SEC_ADS ;
# else
return SEC_DOMAIN ;
# endif
case ROLE_DOMAIN_PDC :
case ROLE_DOMAIN_BDC :
default :
return SEC_USER ;
}
}
2011-11-10 10:45:28 +04:00
/**
* Check if server role and security parameters are contradictory
*/
bool lp_is_security_and_server_role_valid ( int server_role , int security )
{
bool valid = false ;
2011-11-10 12:34:36 +04:00
if ( security = = SEC_AUTO ) {
return true ;
2011-11-10 10:45:28 +04:00
}
switch ( server_role ) {
2011-11-10 12:34:36 +04:00
case ROLE_AUTO :
valid = true ;
break ;
2011-11-10 10:45:28 +04:00
case ROLE_STANDALONE :
if ( security = = SEC_SHARE | | security = = SEC_SERVER | | security = = SEC_USER ) {
valid = true ;
}
break ;
case ROLE_DOMAIN_MEMBER :
if ( security = = SEC_ADS | | security = = SEC_DOMAIN ) {
valid = true ;
}
break ;
case ROLE_DOMAIN_PDC :
case ROLE_DOMAIN_BDC :
2011-11-10 12:34:36 +04:00
if ( security = = SEC_USER | | security = = SEC_ADS | | security = = SEC_DOMAIN ) {
2011-11-10 10:45:28 +04:00
valid = true ;
}
break ;
default :
break ;
}
return valid ;
}