#include "s3_param.h"
#include "lib/util/bitmap.h"
#include "libcli/smb/smb_constants.h"
+#include "source4/dns_server/dns_update.h"
#define standard_sub_basic talloc_strdup
char *tls_dhpfile; \
char *loglevel; \
char *panic_action; \
+ int server_role; \
+ int security; \
+ int domain_master; \
+ int domain_logons; \
int bPreferredMaster;
#include "param_global.h"
static bool handle_logfile(struct loadparm_context *lp_ctx, int unused,
const char *pszParmValue, char **ptr);
-static const struct enum_list enum_protocol[] = {
- {PROTOCOL_SMB2_02, "SMB2"},
- {PROTOCOL_SMB2_02, "SMB2_02"},
- {PROTOCOL_NT1, "NT1"},
- {PROTOCOL_LANMAN2, "LANMAN2"},
- {PROTOCOL_LANMAN1, "LANMAN1"},
- {PROTOCOL_CORE, "CORE"},
- {PROTOCOL_COREPLUS, "COREPLUS"},
- {PROTOCOL_COREPLUS, "CORE+"},
- {-1, NULL}
-};
-
-static const struct enum_list enum_security[] = {
- {SEC_SHARE, "SHARE"},
- {SEC_USER, "USER"},
- {SEC_ADS, "ADS"},
- {-1, NULL}
-};
-
-static const struct enum_list enum_bool_auto[] = {
- {false, "No"},
- {false, "False"},
- {false, "0"},
- {true, "Yes"},
- {true, "True"},
- {true, "1"},
- {Auto, "Auto"},
- {-1, NULL}
-};
-
-/* Client-side offline caching policy types */
-
-static const struct enum_list enum_csc_policy[] = {
- {CSC_POLICY_MANUAL, "manual"},
- {CSC_POLICY_DOCUMENTS, "documents"},
- {CSC_POLICY_PROGRAMS, "programs"},
- {CSC_POLICY_DISABLE, "disable"},
- {-1, NULL}
-};
-
-/* SMB signing types. */
-static const struct enum_list enum_smb_signing_vals[] = {
- {SMB_SIGNING_DEFAULT, "default"},
- {SMB_SIGNING_OFF, "No"},
- {SMB_SIGNING_OFF, "False"},
- {SMB_SIGNING_OFF, "0"},
- {SMB_SIGNING_OFF, "Off"},
- {SMB_SIGNING_OFF, "disabled"},
- {SMB_SIGNING_IF_REQUIRED, "if_required"},
- {SMB_SIGNING_IF_REQUIRED, "Yes"},
- {SMB_SIGNING_IF_REQUIRED, "True"},
- {SMB_SIGNING_IF_REQUIRED, "1"},
- {SMB_SIGNING_IF_REQUIRED, "On"},
- {SMB_SIGNING_IF_REQUIRED, "enabled"},
- {SMB_SIGNING_IF_REQUIRED, "auto"},
- {SMB_SIGNING_REQUIRED, "required"},
- {SMB_SIGNING_REQUIRED, "mandatory"},
- {SMB_SIGNING_REQUIRED, "force"},
- {SMB_SIGNING_REQUIRED, "forced"},
- {SMB_SIGNING_REQUIRED, "enforced"},
- {-1, NULL}
-};
-
-/* Server role options */
-static const struct enum_list enum_server_role[] = {
- {ROLE_AUTO, "auto"},
- {ROLE_STANDALONE, "standalone"},
- {ROLE_DOMAIN_MEMBER, "member server"},
- {ROLE_DOMAIN_MEMBER, "member"},
- /* note that currently
- ROLE_DOMAIN_CONTROLLER == ROLE_DOMAIN_BDC */
- {ROLE_DOMAIN_CONTROLLER, "domain controller"},
- {ROLE_DOMAIN_BDC, "backup domain controller"},
- {ROLE_DOMAIN_BDC, "bdc"},
- {ROLE_DOMAIN_BDC, "dc"},
- {ROLE_DOMAIN_PDC, "primary domain controller"},
- {ROLE_DOMAIN_PDC, "pdc"},
- {-1, NULL}
-};
+#include "param_enums.c"
#define GLOBAL_VAR(name) offsetof(struct loadparm_global, name)
#define LOCAL_VAR(name) offsetof(struct loadparm_service, name)
.special = NULL,
.enum_list = NULL
},
+ {
+ .label = "samba kcc command",
+ .type = P_CMDLIST,
+ .p_class = P_GLOBAL,
+ .offset = GLOBAL_VAR(szSambaKCCCommand),
+ .special = NULL,
+ .enum_list = NULL
+ },
{
.label = "nsupdate command",
.type = P_CMDLIST,
.special = NULL,
.enum_list = NULL
},
+ {
+ .label = "allow dns updates",
+ .type = P_ENUM,
+ .p_class = P_GLOBAL,
+ .offset = GLOBAL_VAR(allow_dns_updates),
+ .special = NULL,
+ .enum_list = enum_dns_update_settings
+ },
{NULL, P_BOOL, P_NONE, 0, NULL, NULL, 0}
};
#include "lib/param/param_functions.c"
-FN_GLOBAL_INTEGER(server_role, server_role)
-FN_GLOBAL_BOOL(domain_logons, domain_logons)
-FN_GLOBAL_INTEGER(domain_master, domain_master)
FN_GLOBAL_LIST(smb_ports, smb_ports)
FN_GLOBAL_INTEGER(nbt_port, nbt_port)
FN_GLOBAL_INTEGER(dgram_port, dgram_port)
FN_GLOBAL_LIST(rndc_command, szRNDCCommand)
FN_GLOBAL_LIST(dns_update_command, szDNSUpdateCommand)
FN_GLOBAL_LIST(spn_update_command, szSPNUpdateCommand)
+FN_GLOBAL_LIST(samba_kcc_command, szSambaKCCCommand)
FN_GLOBAL_LIST(nsupdate_command, szNSUpdateCommand)
FN_GLOBAL_LIST(dcerpc_endpoint_servers, dcerpc_ep_servers)
FN_GLOBAL_LIST(server_services, server_services)
FN_GLOBAL_INTEGER(srv_minprotocol, srv_minprotocol)
FN_GLOBAL_INTEGER(cli_maxprotocol, cli_maxprotocol)
FN_GLOBAL_INTEGER(cli_minprotocol, cli_minprotocol)
-FN_GLOBAL_INTEGER(security, security)
FN_GLOBAL_BOOL(paranoid_server_security, paranoid_server_security)
+FN_GLOBAL_INTEGER(allow_dns_updates, allow_dns_updates)
FN_GLOBAL_INTEGER(server_signing, server_signing)
FN_GLOBAL_INTEGER(client_signing, client_signing)
char **new_list = str_list_make(mem_ctx,
pszParmValue, NULL);
for (i=0; new_list[i]; i++) {
- if (new_list[i][0] == '+' && new_list[i][1] &&
- (!str_list_check(*(const char ***)parm_ptr,
- &new_list[i][1]))) {
- *(const char ***)parm_ptr = str_list_add(*(const char ***)parm_ptr,
- &new_list[i][1]);
- } else if (new_list[i][0] == '-' && new_list[i][1]) {
-#if 0 /* This is commented out because we sometimes parse the list
- * twice, and so we can't assert on this */
+ if (new_list[i][0] == '+' && new_list[i][1]) {
if (!str_list_check(*(const char ***)parm_ptr,
&new_list[i][1])) {
- DEBUG(0, ("Unsupported value for: %s = %s, %s is not in the original list [%s]\n",
- pszParmName, pszParmValue, new_list[i],
- str_list_join_shell(mem_ctx, *(const char ***)parm_ptr, ' ')));
- return false;
-
+ *(const char ***)parm_ptr = str_list_add(*(const char ***)parm_ptr,
+ &new_list[i][1]);
}
-#endif
+ } else if (new_list[i][0] == '-' && new_list[i][1]) {
str_list_remove(*(const char ***)parm_ptr,
&new_list[i][1]);
} else {
lpcfg_do_global_parameter(lp_ctx, "share backend", "classic");
- lpcfg_do_global_parameter(lp_ctx, "server role", "standalone");
+ lpcfg_do_global_parameter(lp_ctx, "server role", "auto");
lpcfg_do_global_parameter(lp_ctx, "domain logons", "No");
lpcfg_do_global_parameter(lp_ctx, "domain master", "Auto");
lpcfg_do_global_parameter(lp_ctx, "max mux", "50");
lpcfg_do_global_parameter(lp_ctx, "max xmit", "12288");
+ lpcfg_do_global_parameter(lp_ctx, "host msdfs", "true");
+
lpcfg_do_global_parameter(lp_ctx, "password level", "0");
lpcfg_do_global_parameter(lp_ctx, "LargeReadwrite", "True");
lpcfg_do_global_parameter(lp_ctx, "server min protocol", "CORE");
lpcfg_do_global_parameter(lp_ctx, "server max protocol", "NT1");
lpcfg_do_global_parameter(lp_ctx, "client min protocol", "CORE");
lpcfg_do_global_parameter(lp_ctx, "client max protocol", "NT1");
- lpcfg_do_global_parameter(lp_ctx, "security", "USER");
+ lpcfg_do_global_parameter(lp_ctx, "security", "AUTO");
lpcfg_do_global_parameter(lp_ctx, "paranoid server security", "True");
lpcfg_do_global_parameter(lp_ctx, "EncryptPasswords", "True");
lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True");
lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR);
lpcfg_do_global_parameter_var(lp_ctx, "dns update command", "%s/samba_dnsupdate", dyn_SCRIPTSBINDIR);
lpcfg_do_global_parameter_var(lp_ctx, "spn update command", "%s/samba_spnupdate", dyn_SCRIPTSBINDIR);
+ lpcfg_do_global_parameter_var(lp_ctx, "samba kcc command",
+ "%s/samba_kcc", dyn_SCRIPTSBINDIR);
#endif
lpcfg_do_global_parameter(lp_ctx, "template shell", "/bin/false");
lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%WORKGROUP%/%ACCOUNTNAME%");
lpcfg_do_global_parameter(lp_ctx, "rndc command", "/usr/sbin/rndc");
lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g");
+ lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "False");
+
for (i = 0; parm_table[i].label; i++) {
if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
lp_ctx->flags[i] |= FLAG_DEFAULT;
return settings;
}
+int lpcfg_server_role(struct loadparm_context *lp_ctx)
+{
+ if (lp_ctx->s3_fns) {
+ return lp_ctx->s3_fns->server_role();
+ }
+
+ return lp_find_server_role(lp_ctx->globals->server_role,
+ lp_ctx->globals->security,
+ lp_ctx->globals->domain_logons,
+ (lp_ctx->globals->domain_master == true) ||
+ (lp_ctx->globals->domain_master == Auto));
+}
+
+int lpcfg_security(struct loadparm_context *lp_ctx)
+{
+ if (lp_ctx->s3_fns) {
+ return lp_ctx->s3_fns->security();
+ }
+
+ return lp_find_security(lp_ctx->globals->server_role,
+ lp_ctx->globals->security);
+}