s3-param: Handle setting default AD DC per-share settings in init_locals()

This function is helpfully called between when we finish processing
the globals and when we start processing the individual shares.  This
means that the "vfs objects" and other per-share settings we specify
here become the defaults for (eg) [netlogon] and [sysvol] but the
admin can override these on a per-share basis or (as we must in make
test) for the whole server.

This broke setting and fetching of group policy objects from Windows
clients, since this setting was moved from fileserver.conf in
8518dd6406c0132dfd8c44e084c2b39792974f2c, and wasn't found in 'make
test' because we have to override the vfs objects to insert the
xattr_tdb and fake_acl modules.

Andrew Bartlett

Reviewed-by: Michael Adam <obnox@samba.org>

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 12cb8db1d5cfcf898dbffb0bcef30be285aaf987..5229a5444a7092651705507649f888509b66e3d4 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3469,12 +3469,41 @@ static bool equal_parameter(parm_type type, void *ptr1, void *ptr2)
 }
 
 /***************************************************************************
- Initialize any local varients in the sDefault table.
+ Initialize any local variables in the sDefault table, after parsing a
+ [globals] section.
 ***************************************************************************/
 
 void init_locals(void)
 {
-       /* None as yet. */
+       /*
+        * We run this check once the [globals] is parsed, to force
+        * the VFS objects and other per-share settings we need for
+        * the standard way a AD DC is operated.  We may change these
+        * as our code evolves, which is why we force these settings.
+        *
+        * We can't do this at the end of lp_load_ex(), as by that
+        * point the services have been loaded and they will already
+        * have "" as their vfs objects.
+        */
+       if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
+               const char **vfs_objects = lp_vfs_objects(-1);
+               if (!vfs_objects || !vfs_objects[0]) {
+                       if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
+                               lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
+                       } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
+                               lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
+                       } else {
+                               lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
+                       }
+               }
+
+               lp_do_parameter(-1, "map hidden", "no");
+               lp_do_parameter(-1, "map system", "no");
+               lp_do_parameter(-1, "map readonly", "no");
+               lp_do_parameter(-1, "store dos attributes", "yes");
+               lp_do_parameter(-1, "create mask", "0777");
+               lp_do_parameter(-1, "directory mask", "0777");
+       }
 }
 
 /***************************************************************************
@@ -4887,17 +4916,13 @@ static bool lp_load_ex(const char *pszFname,
 
        fault_configure(smb_panic_s3);
 
+       /*
+        * We run this check once the whole smb.conf is parsed, to
+        * force some settings for the standard way a AD DC is
+        * operated.  We may changed these as our code evolves, which
+        * is why we force these settings.
+        */
        if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
-               const char **vfs_objects = lp_vfs_objects(-1);
-               if (!vfs_objects || !vfs_objects[0]) {
-                       if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
-                               lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
-                       } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
-                               lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
-                       } else {
-                               lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
-                       }
-               }
                lp_do_parameter(-1, "passdb backend", "samba_dsdb");
 
                lp_do_parameter(-1, "rpc_server:default", "external");
@@ -4909,13 +4934,6 @@ static bool lp_load_ex(const char *pszFname,
                lp_do_parameter(-1, "rpc_server:spoolss", "embedded");
                lp_do_parameter(-1, "rpc_daemon:spoolssd", "embedded");
                lp_do_parameter(-1, "rpc_server:tcpip", "no");
-
-               lp_do_parameter(-1, "map hidden", "no");
-               lp_do_parameter(-1, "map system", "no");
-               lp_do_parameter(-1, "map readonly", "no");
-               lp_do_parameter(-1, "store dos attributes", "yes");
-               lp_do_parameter(-1, "create mask", "0777");
-               lp_do_parameter(-1, "directory mask", "0777");
        }
 
        bAllowIncludeRegistry = true;