lib/param/loadparm_server_role.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Parameter loading functions
   4    Copyright (C) Karl Auer 1993-1998
   5
   6    Largely re-written by Andrew Tridgell, September 1994
   7
   8    Copyright (C) Simo Sorce 2001
   9    Copyright (C) Alexander Bokovoy 2002
  10    Copyright (C) Stefan (metze) Metzmacher 2002
  11    Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
  12    Copyright (C) Michael Adam 2008
  13    Copyright (C) Andrew Bartlett 2010
  14
  15    This program is free software; you can redistribute it and/or modify
  16    it under the terms of the GNU General Public License as published by
  17    the Free Software Foundation; either version 3 of the License, or
  18    (at your option) any later version.
  19
  20    This program is distributed in the hope that it will be useful,
  21    but WITHOUT ANY WARRANTY; without even the implied warranty of
  22    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  23    GNU General Public License for more details.
  24
  25    You should have received a copy of the GNU General Public License
  26    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  27 */
  28 #include "includes.h"
  29 #include "lib/param/loadparm.h"
  30 #include "libds/common/roles.h"
  31
  32 /*******************************************************************
  33  Set the server type we will announce as via nmbd.
  34 ********************************************************************/
  35
  36 static const struct srv_role_tab {
  37         uint32_t role;
  38         const char *role_str;
  39 } srv_role_tab [] = {
  40         { ROLE_STANDALONE, "ROLE_STANDALONE" },
  41         { ROLE_DOMAIN_MEMBER, "ROLE_DOMAIN_MEMBER" },
  42         { ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" },
  43         { ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" },
  44         { 0, NULL }
  45 };
  46
  47 const char* server_role_str(uint32_t role)
  48 {
  49         int i = 0;
  50         for (i=0; srv_role_tab[i].role_str; i++) {
  51                 if (role == srv_role_tab[i].role) {
  52                         return srv_role_tab[i].role_str;
  53                 }
  54         }
  55         return NULL;
  56 }
  57
  58 /**
  59  * Set the server role based on security, domain logons and domain master
  60  */
  61 int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master)
  62 {
  63         int role;
  64
  65         if (server_role != ROLE_AUTO) {
  66                 return server_role;
  67         }
  68
  69         /* If server_role is set to ROLE_AUTO, figure out the correct role */
  70         role = ROLE_STANDALONE;
  71
  72         switch (security) {
  73                 case SEC_SHARE:
  74                         if (domain_logons) {
  75                                 DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
  76                         }
  77                         break;
  78                 case SEC_SERVER:
  79                         if (domain_logons) {
  80                                 DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
  81                         }
  82                         /* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */
  83                         role = ROLE_STANDALONE;
  84                         break;
  85                 case SEC_DOMAIN:
  86                         if (domain_logons) {
  87                                 DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
  88                                 role = ROLE_DOMAIN_BDC;
  89                                 break;
  90                         }
  91                         role = ROLE_DOMAIN_MEMBER;
  92                         break;
  93                 case SEC_ADS:
  94                         if (domain_logons) {
  95                                 role = ROLE_DOMAIN_CONTROLLER;
  96                                 break;
  97                         }
  98                         role = ROLE_DOMAIN_MEMBER;
  99                         break;
 100                 case SEC_AUTO:
 101                 case SEC_USER:
 102                         if (domain_logons) {
 103
 104                                 if (domain_master) {
 105                                         role = ROLE_DOMAIN_PDC;
 106                                 } else {
 107                                         role = ROLE_DOMAIN_BDC;
 108                                 }
 109                         }
 110                         break;
 111                 default:
 112                         DEBUG(0, ("Server's Role undefined due to unknown security mode\n"));
 113                         break;
 114         }
 115
 116         return role;
 117 }
 118
 119 /**
 120  * Set the server role based on security, domain logons and domain master
 121  */
 122 int lp_find_security(int server_role, int security)
 123 {
 124         if (security != SEC_AUTO) {
 125                 return security;
 126         }
 127
 128         switch (server_role) {
 129         case ROLE_AUTO:
 130         case ROLE_STANDALONE:
 131                 return SEC_USER;
 132         case ROLE_DOMAIN_MEMBER:
 133 #if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4)
 134                 return SEC_ADS;
 135 #else
 136                 return SEC_DOMAIN;
 137 #endif
 138         case ROLE_DOMAIN_PDC:
 139         case ROLE_DOMAIN_BDC:
 140         default:
 141                 return SEC_USER;
 142         }
 143 }
 144
 145
 146 /**
 147  * Check if server role and security parameters are contradictory
 148  */
 149 bool lp_is_security_and_server_role_valid(int server_role, int security)
 150 {
 151         bool valid = false;
 152
 153         if (server_role == ROLE_AUTO || security == SEC_AUTO) {
 154                 return false;
 155         }
 156
 157         switch (server_role) {
 158         case ROLE_STANDALONE:
 159                 if (security == SEC_SHARE || security == SEC_SERVER || security == SEC_USER) {
 160                         valid = true;
 161                 }
 162                 break;
 163
 164         case ROLE_DOMAIN_MEMBER:
 165                 if (security == SEC_ADS || security == SEC_DOMAIN) {
 166                         valid = true;
 167                 }
 168                 break;
 169
 170         case ROLE_DOMAIN_PDC:
 171         case ROLE_DOMAIN_BDC:
 172                 if (security == SEC_USER) {
 173                         valid = true;
 174                 }
 175                 break;
 176
 177         default:
 178                 break;
 179         }
 180
 181         return valid;
 182 }