s3-auth: Remove security=share (depricated since 3.6).
[kai/samba.git] / lib / param / loadparm_server_role.c
1 /*
2    Unix SMB/CIFS implementation.
3    Parameter loading functions
4    Copyright (C) Karl Auer 1993-1998
5
6    Largely re-written by Andrew Tridgell, September 1994
7
8    Copyright (C) Simo Sorce 2001
9    Copyright (C) Alexander Bokovoy 2002
10    Copyright (C) Stefan (metze) Metzmacher 2002
11    Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
12    Copyright (C) Michael Adam 2008
13    Copyright (C) Andrew Bartlett 2010
14
15    This program is free software; you can redistribute it and/or modify
16    it under the terms of the GNU General Public License as published by
17    the Free Software Foundation; either version 3 of the License, or
18    (at your option) any later version.
19
20    This program is distributed in the hope that it will be useful,
21    but WITHOUT ANY WARRANTY; without even the implied warranty of
22    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
23    GNU General Public License for more details.
24
25    You should have received a copy of the GNU General Public License
26    along with this program.  If not, see <http://www.gnu.org/licenses/>.
27 */
28 #include "includes.h"
29 #include "lib/param/loadparm.h"
30 #include "libds/common/roles.h"
31
32 /*******************************************************************
33  Set the server type we will announce as via nmbd.
34 ********************************************************************/
35
36 static const struct srv_role_tab {
37         uint32_t role;
38         const char *role_str;
39 } srv_role_tab [] = {
40         { ROLE_STANDALONE, "ROLE_STANDALONE" },
41         { ROLE_DOMAIN_MEMBER, "ROLE_DOMAIN_MEMBER" },
42         { ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" },
43         { ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" },
44         { 0, NULL }
45 };
46
47 const char* server_role_str(uint32_t role)
48 {
49         int i = 0;
50         for (i=0; srv_role_tab[i].role_str; i++) {
51                 if (role == srv_role_tab[i].role) {
52                         return srv_role_tab[i].role_str;
53                 }
54         }
55         return NULL;
56 }
57
58 /**
59  * Set the server role based on security, domain logons and domain master
60  */
61 int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master)
62 {
63         int role;
64
65         if (server_role != ROLE_AUTO) {
66                 if (lp_is_security_and_server_role_valid(server_role, security)) {
67                         return server_role;
68                 }
69         }
70
71         /* If server_role is set to ROLE_AUTO, or conflicted with the
72          * chosen security setting, figure out the correct role */
73         role = ROLE_STANDALONE;
74
75         switch (security) {
76                 case SEC_SERVER:
77                         if (domain_logons) {
78                                 DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
79                         }
80                         /* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */
81                         role = ROLE_STANDALONE;
82                         break;
83                 case SEC_DOMAIN:
84                         if (domain_logons) {
85                                 DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
86                                 role = ROLE_DOMAIN_BDC;
87                                 break;
88                         }
89                         role = ROLE_DOMAIN_MEMBER;
90                         break;
91                 case SEC_ADS:
92                         if (domain_logons) {
93                                 role = ROLE_DOMAIN_CONTROLLER;
94                                 break;
95                         }
96                         role = ROLE_DOMAIN_MEMBER;
97                         break;
98                 case SEC_AUTO:
99                 case SEC_USER:
100                         if (domain_logons) {
101
102                                 if (domain_master) {
103                                         role = ROLE_DOMAIN_PDC;
104                                 } else {
105                                         role = ROLE_DOMAIN_BDC;
106                                 }
107                         }
108                         break;
109                 default:
110                         DEBUG(0, ("Server's Role undefined due to unknown security mode\n"));
111                         break;
112         }
113
114         return role;
115 }
116
117 /**
118  * Set the server role based on security, domain logons and domain master
119  */
120 int lp_find_security(int server_role, int security)
121 {
122         if (security != SEC_AUTO) {
123                 return security;
124         }
125
126         switch (server_role) {
127         case ROLE_AUTO:
128         case ROLE_STANDALONE:
129                 return SEC_USER;
130         case ROLE_DOMAIN_MEMBER:
131 #if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4)
132                 return SEC_ADS;
133 #else
134                 return SEC_DOMAIN;
135 #endif
136         case ROLE_DOMAIN_PDC:
137         case ROLE_DOMAIN_BDC:
138         default:
139                 return SEC_USER;
140         }
141 }
142
143
144 /**
145  * Check if server role and security parameters are contradictory
146  */
147 bool lp_is_security_and_server_role_valid(int server_role, int security)
148 {
149         bool valid = false;
150
151         if (security == SEC_AUTO) {
152                 return true;
153         }
154
155         switch (server_role) {
156         case ROLE_AUTO:
157                 valid = true;
158                 break;
159         case ROLE_STANDALONE:
160                 if (security == SEC_SERVER || security == SEC_USER) {
161                         valid = true;
162                 }
163                 break;
164
165         case ROLE_DOMAIN_MEMBER:
166                 if (security == SEC_ADS || security == SEC_DOMAIN) {
167                         valid = true;
168                 }
169                 break;
170
171         case ROLE_DOMAIN_PDC:
172         case ROLE_DOMAIN_BDC:
173                 if (security == SEC_USER || security == SEC_ADS || security == SEC_DOMAIN) {
174                         valid = true;
175                 }
176                 break;
177
178         default:
179                 break;
180         }
181
182         return valid;
183 }