param: mark realm parameter as const

[kai/samba.git] / lib / param / loadparm.c
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c

index 58be25c85b508082e962795dd1cd02940b7c7d71..3ac5a4dd27aa7918bb1857f612b5237ab1bd57f6 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -65,6 +65,7 @@
  #include "s3_param.h"
  #include "lib/util/bitmap.h"
  #include "libcli/smb/smb_constants.h"
+#include "source4/dns_server/dns_update.h"
  
  #define standard_sub_basic talloc_strdup
  
@@ -81,6 +82,10 @@ static bool defaults_saved = false;
         char *tls_dhpfile;                                              \
         char *loglevel;                                                 \
         char *panic_action;                                             \
+       int server_role;                                                \
+       int security;                                                   \
+       int domain_master;                                              \
+       int domain_logons;                                              \
         int bPreferredMaster;
  
  #include "param_global.h"
@@ -100,75 +105,7 @@ static bool handle_debuglevel(struct loadparm_context *lp_ctx, int unused,
  static bool handle_logfile(struct loadparm_context *lp_ctx, int unused,
                            const char *pszParmValue, char **ptr);
  
-static const struct enum_list enum_protocol[] = {
-       {PROTOCOL_SMB2_02, "SMB2"},
-       {PROTOCOL_SMB2_02, "SMB2_02"},
-       {PROTOCOL_NT1, "NT1"},
-       {PROTOCOL_LANMAN2, "LANMAN2"},
-       {PROTOCOL_LANMAN1, "LANMAN1"},
-       {PROTOCOL_CORE, "CORE"},
-       {PROTOCOL_COREPLUS, "COREPLUS"},
-       {PROTOCOL_COREPLUS, "CORE+"},
-       {-1, NULL}
-};
-
-static const struct enum_list enum_security[] = {
-       {SEC_SHARE, "SHARE"},
-       {SEC_USER, "USER"},
-       {SEC_ADS, "ADS"},
-       {-1, NULL}
-};
-
-static const struct enum_list enum_bool_auto[] = {
-       {false, "No"},
-       {false, "False"},
-       {false, "0"},
-       {true, "Yes"},
-       {true, "True"},
-       {true, "1"},
-       {Auto, "Auto"},
-       {-1, NULL}
-};
-
-/* Client-side offline caching policy types */
-
-static const struct enum_list enum_csc_policy[] = {
-       {CSC_POLICY_MANUAL, "manual"},
-       {CSC_POLICY_DOCUMENTS, "documents"},
-       {CSC_POLICY_PROGRAMS, "programs"},
-       {CSC_POLICY_DISABLE, "disable"},
-       {-1, NULL}
-};
-
-/* SMB signing types. */
-static const struct enum_list enum_smb_signing_vals[] = {
-       {SMB_SIGNING_OFF, "No"},
-       {SMB_SIGNING_OFF, "False"},
-       {SMB_SIGNING_OFF, "0"},
-       {SMB_SIGNING_OFF, "Off"},
-       {SMB_SIGNING_OFF, "disabled"},
-       {SMB_SIGNING_SUPPORTED, "Yes"},
-       {SMB_SIGNING_SUPPORTED, "True"},
-       {SMB_SIGNING_SUPPORTED, "1"},
-       {SMB_SIGNING_SUPPORTED, "On"},
-       {SMB_SIGNING_SUPPORTED, "enabled"},
-       {SMB_SIGNING_REQUIRED, "required"},
-       {SMB_SIGNING_REQUIRED, "mandatory"},
-       {SMB_SIGNING_REQUIRED, "force"},
-       {SMB_SIGNING_REQUIRED, "forced"},
-       {SMB_SIGNING_REQUIRED, "enforced"},
-       {SMB_SIGNING_AUTO, "auto"},
-       {-1, NULL}
-};
-
-static const struct enum_list enum_server_role[] = {
-       {ROLE_STANDALONE, "standalone"},
-       {ROLE_DOMAIN_MEMBER, "member server"},
-       {ROLE_DOMAIN_MEMBER, "member"},
-       {ROLE_DOMAIN_CONTROLLER, "domain controller"},
-       {ROLE_DOMAIN_CONTROLLER, "dc"},
-       {-1, NULL}
-};
+#include "param_enums.c"
  
  #define GLOBAL_VAR(name) offsetof(struct loadparm_global, name)
  #define LOCAL_VAR(name) offsetof(struct loadparm_service, name)
@@ -182,6 +119,22 @@ static struct parm_struct parm_table[] = {
                 .special        = NULL,
                 .enum_list      = enum_server_role
         },
+       {
+               .label          = "domain logons",
+               .type           = P_ENUM,
+               .p_class        = P_GLOBAL,
+               .offset         = GLOBAL_VAR(domain_logons),
+               .special        = NULL,
+               .enum_list      = enum_bool_auto
+       },
+       {
+               .label          = "domain master",
+               .type           = P_ENUM,
+               .p_class        = P_GLOBAL,
+               .offset         = GLOBAL_VAR(domain_master),
+               .special        = NULL,
+               .enum_list      = enum_bool_auto
+       },
         {
                 .label          = "dos charset",
                 .type           = P_STRING,
@@ -212,7 +165,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_LOCAL,
                 .offset         = LOCAL_VAR(comment),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT
         },
         {
                 .label          = "path",
@@ -220,7 +174,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_LOCAL,
                 .offset         = LOCAL_VAR(szPath),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT,
         },
         {
                 .label          = "directory",
@@ -228,7 +183,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_LOCAL,
                 .offset         = LOCAL_VAR(szPath),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_HIDE,
         },
         {
                 .label          = "workgroup",
@@ -236,7 +192,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szWorkgroup),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD,
         },
         {
                 .label          = "realm",
@@ -244,7 +201,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szRealm),
                 .special        = handle_realm,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD,
         },
         {
                 .label          = "netbios name",
@@ -252,7 +210,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szNetbiosName),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD,
         },
         {
                 .label          = "netbios aliases",
@@ -268,7 +227,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szNetbiosScope),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "server string",
@@ -276,7 +236,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szServerString),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_BASIC | FLAG_ADVANCED,
         },
         {
                 .label          = "interfaces",
@@ -284,7 +245,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szInterfaces),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD,
         },
         {
                 .label          = "bind interfaces only",
@@ -292,7 +254,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bBindInterfacesOnly),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED | FLAG_WIZARD,
         },
         {
                 .label          = "ntvfs handler",
@@ -357,7 +320,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bNullPasswords),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED | FLAG_DEPRECATED,
         },
         {
                 .label          = "obey pam restrictions",
@@ -365,37 +329,14 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bObeyPamRestrictions),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "password server",
-               .type           = P_LIST,
-               .p_class        = P_GLOBAL,
-               .offset         = GLOBAL_VAR(szPasswordServers),
-               .special        = NULL,
-               .enum_list      = NULL
-       },
-       {
-               .label          = "spoolss database",
                 .type           = P_STRING,
                 .p_class        = P_GLOBAL,
-               .offset         = GLOBAL_VAR(szSPOOLSS_URL),
-               .special        = NULL,
-               .enum_list      = NULL
-       },
-       {
-               .label          = "wins config database",
-               .type           = P_STRING,
-               .p_class        = P_GLOBAL,
-               .offset         = GLOBAL_VAR(szWINS_CONFIG_URL),
-               .special        = NULL,
-               .enum_list      = NULL
-       },
-       {
-               .label          = "wins database",
-               .type           = P_STRING,
-               .p_class        = P_GLOBAL,
-               .offset         = GLOBAL_VAR(szWINS_URL),
+               .offset         = GLOBAL_VAR(szPasswordServer),
                 .special        = NULL,
                 .enum_list      = NULL
         },
@@ -429,7 +370,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bLanmanAuth),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "ntlm auth",
@@ -437,7 +379,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bNTLMAuth),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "client NTLMv2 auth",
@@ -445,7 +388,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bClientNTLMv2Auth),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "client lanman auth",
@@ -453,7 +397,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bClientLanManAuth),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "client plaintext auth",
@@ -461,7 +406,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bClientPlaintextAuth),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "client use spnego principal",
@@ -553,7 +499,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(logfile),
                 .special        = handle_logfile,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
  
         {
@@ -666,7 +613,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bLargeReadwrite),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "server max protocol",
@@ -674,7 +622,26 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(srv_maxprotocol),
                 .special        = NULL,
-               .enum_list      = enum_protocol
+               .enum_list      = enum_protocol,
+               .flags          = FLAG_ADVANCED,
+       },
+       {
+               .label          = "max protocol",
+               .type           = P_ENUM,
+               .p_class        = P_GLOBAL,
+               .offset         = GLOBAL_VAR(srv_maxprotocol),
+               .special        = NULL,
+               .enum_list      = enum_protocol,
+               .flags          = FLAG_ADVANCED,
+       },
+       {
+               .label          = "protocol",
+               .type           = P_ENUM,
+               .p_class        = P_GLOBAL,
+               .offset         = GLOBAL_VAR(srv_maxprotocol),
+               .special        = NULL,
+               .enum_list      = enum_protocol,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "server min protocol",
@@ -682,7 +649,17 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(srv_minprotocol),
                 .special        = NULL,
-               .enum_list      = enum_protocol
+               .enum_list      = enum_protocol,
+               .flags          = FLAG_ADVANCED,
+       },
+       {
+               .label          = "min protocol",
+               .type           = P_ENUM,
+               .p_class        = P_GLOBAL,
+               .offset         = GLOBAL_VAR(srv_minprotocol),
+               .special        = NULL,
+               .enum_list      = enum_protocol,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "client max protocol",
@@ -748,7 +725,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(max_mux),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "max xmit",
@@ -756,7 +734,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(max_xmit),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
  
         {
@@ -773,7 +752,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(max_wins_ttl),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "min wins ttl",
@@ -781,7 +761,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(min_wins_ttl),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "time server",
@@ -789,7 +770,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bTimeServer),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "unix extensions",
@@ -797,7 +779,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bUnixExtensions),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "use spnego",
@@ -813,7 +796,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(server_signing),
                 .special        = NULL,
-               .enum_list      = enum_smb_signing_vals
+               .enum_list      = enum_smb_signing_vals,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "client signing",
@@ -838,7 +822,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_LOCAL,
                 .offset         = LOCAL_VAR(iMaxConnections),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED | FLAG_SHARE,
         },
         {
                 .label          = "paranoid server security",
@@ -914,7 +899,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_LOCAL,
                 .offset         = LOCAL_VAR(szPrintername),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED | FLAG_PRINT,
         },
         {
                 .label          = "printer",
@@ -922,7 +908,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_LOCAL,
                 .offset         = LOCAL_VAR(szPrintername),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_HIDE,
         },
  
         {
@@ -956,7 +943,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bPreferredMaster),
                 .special        = NULL,
-               .enum_list      = enum_bool_auto
+               .enum_list      = enum_bool_auto,
+               .flags          = FLAG_BASIC | FLAG_ADVANCED,
         },
         {
                 .label          = "prefered master",
@@ -964,7 +952,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bPreferredMaster),
                 .special        = NULL,
-               .enum_list      = enum_bool_auto
+               .enum_list      = enum_bool_auto,
+               .flags          = FLAG_HIDE,
         },
         {
                 .label          = "local master",
@@ -980,7 +969,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_LOCAL,
                 .offset         = LOCAL_VAR(bBrowseable),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT,
         },
         {
                 .label          = "browsable",
@@ -992,28 +982,30 @@ static struct parm_struct parm_table[] = {
         },
  
         {
-               .label          = "wins server",
-               .type           = P_LIST,
+               .label          = "dns proxy",
+               .type           = P_BOOL,
                 .p_class        = P_GLOBAL,
-               .offset         = GLOBAL_VAR(szWINSservers),
+               .offset         = GLOBAL_VAR(bWINSdnsProxy),
                 .special        = NULL,
                 .enum_list      = NULL
         },
         {
-               .label          = "wins support",
-               .type           = P_BOOL,
+               .label          = "wins server",
+               .type           = P_LIST,
                 .p_class        = P_GLOBAL,
-               .offset         = GLOBAL_VAR(bWINSsupport),
+               .offset         = GLOBAL_VAR(szWINSservers),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD,
         },
         {
-               .label          = "dns proxy",
+               .label          = "wins support",
                 .type           = P_BOOL,
                 .p_class        = P_GLOBAL,
-               .offset         = GLOBAL_VAR(bWINSdnsProxy),
+               .offset         = GLOBAL_VAR(bWINSsupport),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD,
         },
         {
                 .label          = "wins hook",
@@ -1021,7 +1013,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szWINSHook),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
  
         {
@@ -1030,7 +1023,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_LOCAL,
                 .offset         = LOCAL_VAR(iCSCPolicy),
                 .special        = NULL,
-               .enum_list      = enum_csc_policy
+               .enum_list      = enum_csc_policy,
+               .flags          = FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL,
         },
  
         {
@@ -1064,7 +1058,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szAutoServices),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "auto services",
@@ -1072,23 +1067,26 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szAutoServices),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
-               .label          = "lock dir",
+               .label          = "lock directory",
                 .type           = P_STRING,
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szLockDir),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
-               .label          = "lock directory",
+               .label          = "lock dir",
                 .type           = P_STRING,
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szLockDir),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_HIDE,
         },
         {
                 .label          = "state directory",
@@ -1096,7 +1094,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szStateDir),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "cache directory",
@@ -1104,7 +1103,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szCacheDir),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "pid directory",
@@ -1129,7 +1129,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_LOCAL,
                 .offset         = LOCAL_VAR(szCopy),
                 .special        = handle_copy,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_HIDE,
         },
         {
                 .label          = "include",
@@ -1154,7 +1155,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_LOCAL,
                 .offset         = LOCAL_VAR(volume),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED | FLAG_SHARE,
         },
         {
                 .label          = "fstype",
@@ -1188,7 +1190,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bHostMSDfs),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "winbind separator",
@@ -1204,7 +1207,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szWinbinddSocketDirectory),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "winbindd privileged socket directory",
@@ -1212,7 +1216,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szWinbinddPrivilegedSocketDirectory),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "winbind sealed pipes",
@@ -1220,7 +1225,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bWinbindSealedPipes),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "template shell",
@@ -1228,7 +1234,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szTemplateShell),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "template homedir",
@@ -1236,7 +1243,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szTemplateHomedir),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "idmap trusted only",
@@ -1244,7 +1252,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(bIdmapTrustedOnly),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
  
         {
@@ -1253,7 +1262,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szNTPSignDSocketDirectory),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "rndc command",
@@ -1261,7 +1271,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szRNDCCommand),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "dns update command",
@@ -1269,7 +1280,8 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szDNSUpdateCommand),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "spn update command",
@@ -1277,7 +1289,17 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szSPNUpdateCommand),
                 .special        = NULL,
-               .enum_list      = NULL
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
+       },
+       {
+               .label          = "samba kcc command",
+               .type           = P_CMDLIST,
+               .p_class        = P_GLOBAL,
+               .offset         = GLOBAL_VAR(szSambaKCCCommand),
+               .special        = NULL,
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
         },
         {
                 .label          = "nsupdate command",
@@ -1285,6 +1307,33 @@ static struct parm_struct parm_table[] = {
                 .p_class        = P_GLOBAL,
                 .offset         = GLOBAL_VAR(szNSUpdateCommand),
                 .special        = NULL,
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
+       },
+       {
+               .label          = "allow dns updates",
+               .type           = P_ENUM,
+               .p_class        = P_GLOBAL,
+               .offset         = GLOBAL_VAR(allow_dns_updates),
+               .special        = NULL,
+               .enum_list      = enum_dns_update_settings,
+               .flags          = FLAG_ADVANCED,
+       },
+       {
+               .label          = "dns forwarder",
+               .type           = P_STRING,
+               .p_class        = P_GLOBAL,
+               .offset         = GLOBAL_VAR(dns_forwarder),
+               .special        = NULL,
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
+       },
+       {
+               .label          = "dns recursive queries",
+               .type           = P_BOOL,
+               .p_class        = P_GLOBAL,
+               .offset         = GLOBAL_VAR(dns_recursive_queries),
+               .special        = NULL,
                 .enum_list      = NULL
         },
  
@@ -1482,100 +1531,97 @@ static struct loadparm_context *global_loadparm_context;
  
  #include "lib/param/param_functions.c"
  
-FN_GLOBAL_INTEGER(server_role, server_role)
-FN_GLOBAL_LIST(smb_ports, smb_ports)
-FN_GLOBAL_INTEGER(nbt_port, nbt_port)
-FN_GLOBAL_INTEGER(dgram_port, dgram_port)
-FN_GLOBAL_INTEGER(cldap_port, cldap_port)
-FN_GLOBAL_INTEGER(krb5_port, krb5_port)
-FN_GLOBAL_INTEGER(kpasswd_port, kpasswd_port)
-FN_GLOBAL_INTEGER(web_port, web_port)
-FN_GLOBAL_BOOL(tls_enabled, tls_enabled)
-FN_GLOBAL_STRING(logfile, logfile)
-FN_GLOBAL_STRING(share_backend, szShareBackend)
-FN_GLOBAL_STRING(spoolss_url, szSPOOLSS_URL)
-FN_GLOBAL_STRING(wins_config_url, szWINS_CONFIG_URL)
-FN_GLOBAL_STRING(wins_url, szWINS_URL)
-FN_GLOBAL_CONST_STRING(winbind_separator, szWinbindSeparator)
-FN_GLOBAL_CONST_STRING(winbindd_socket_directory, szWinbinddSocketDirectory)
-FN_GLOBAL_CONST_STRING(winbindd_privileged_socket_directory, szWinbinddPrivilegedSocketDirectory)
-FN_GLOBAL_CONST_STRING(template_shell, szTemplateShell)
-FN_GLOBAL_CONST_STRING(template_homedir, szTemplateHomedir)
-FN_GLOBAL_BOOL(winbind_sealed_pipes, bWinbindSealedPipes)
-FN_GLOBAL_BOOL(idmap_trusted_only, bIdmapTrustedOnly)
-FN_GLOBAL_STRING(private_dir, szPrivateDir)
-FN_GLOBAL_STRING(serverstring, szServerString)
-FN_GLOBAL_STRING(lockdir, szLockDir)
-FN_GLOBAL_STRING(statedir, szStateDir)
-FN_GLOBAL_STRING(cachedir, szCacheDir)
-FN_GLOBAL_STRING(ncalrpc_dir, ncalrpc_dir)
-FN_GLOBAL_STRING(dos_charset, dos_charset)
-FN_GLOBAL_STRING(unix_charset, unix_charset)
-FN_GLOBAL_STRING(piddir, szPidDir)
-FN_GLOBAL_LIST(rndc_command, szRNDCCommand)
-FN_GLOBAL_LIST(dns_update_command, szDNSUpdateCommand)
-FN_GLOBAL_LIST(spn_update_command, szSPNUpdateCommand)
-FN_GLOBAL_LIST(nsupdate_command, szNSUpdateCommand)
-FN_GLOBAL_LIST(dcerpc_endpoint_servers, dcerpc_ep_servers)
-FN_GLOBAL_LIST(server_services, server_services)
-FN_GLOBAL_STRING(ntptr_providor, ntptr_providor)
-FN_GLOBAL_STRING(passdb_backend, passdb_backend)
-FN_GLOBAL_STRING(auto_services, szAutoServices)
-FN_GLOBAL_STRING(passwd_chat, szPasswdChat)
-FN_GLOBAL_LIST(passwordserver, szPasswordServers)
-FN_GLOBAL_LIST(name_resolve_order, szNameResolveOrder)
-FN_GLOBAL_STRING(realm, szRealm_upper)
-FN_GLOBAL_STRING(dnsdomain, szRealm_lower)
-FN_GLOBAL_STRING(socket_options, socket_options)
-FN_GLOBAL_STRING(workgroup, szWorkgroup)
-FN_GLOBAL_STRING(netbios_name, szNetbiosName)
-FN_GLOBAL_STRING(netbios_scope, szNetbiosScope)
-FN_GLOBAL_LIST(wins_server_list, szWINSservers)
-FN_GLOBAL_LIST(interfaces, szInterfaces)
-FN_GLOBAL_STRING(socket_address, szSocketAddress)
-FN_GLOBAL_LIST(netbios_aliases, szNetbiosAliases)
+FN_GLOBAL_BOOL(bind_interfaces_only, bBindInterfacesOnly)
+FN_GLOBAL_BOOL(client_lanman_auth, bClientLanManAuth)
+FN_GLOBAL_BOOL(client_ntlmv2_auth, bClientNTLMv2Auth)
+FN_GLOBAL_BOOL(client_plaintext_auth, bClientPlaintextAuth)
+FN_GLOBAL_BOOL(client_use_spnego_principal, client_use_spnego_principal)
  FN_GLOBAL_BOOL(disable_netbios, bDisableNetbios)
-FN_GLOBAL_BOOL(we_are_a_wins_server, bWINSsupport)
-FN_GLOBAL_BOOL(wins_dns_proxy, bWINSdnsProxy)
-FN_GLOBAL_STRING(wins_hook, szWINSHook)
-FN_GLOBAL_BOOL(local_master, bLocalMaster)
-FN_GLOBAL_BOOL(readraw, bReadRaw)
+FN_GLOBAL_BOOL(dns_recursive_queries, dns_recursive_queries)
+FN_GLOBAL_BOOL(encrypted_passwords, bEncryptPasswords)
+FN_GLOBAL_BOOL(host_msdfs, bHostMSDfs)
+FN_GLOBAL_BOOL(idmap_trusted_only, bIdmapTrustedOnly)
+FN_GLOBAL_BOOL(lanman_auth, bLanmanAuth)
  FN_GLOBAL_BOOL(large_readwrite, bLargeReadwrite)
-FN_GLOBAL_BOOL(writeraw, bWriteRaw)
+FN_GLOBAL_BOOL(local_master, bLocalMaster)
+FN_GLOBAL_BOOL(ntlm_auth, bNTLMAuth)
+FN_GLOBAL_BOOL(nt_status_support, bNTStatusSupport)
  FN_GLOBAL_BOOL(null_passwords, bNullPasswords)
  FN_GLOBAL_BOOL(obey_pam_restrictions, bObeyPamRestrictions)
-FN_GLOBAL_BOOL(encrypted_passwords, bEncryptPasswords)
+FN_GLOBAL_BOOL(paranoid_server_security, paranoid_server_security)
+FN_GLOBAL_BOOL(readraw, bReadRaw)
+FN_GLOBAL_BOOL(rpc_big_endian, bRpcBigEndian)
  FN_GLOBAL_BOOL(time_server, bTimeServer)
-FN_GLOBAL_BOOL(bind_interfaces_only, bBindInterfacesOnly)
+FN_GLOBAL_BOOL(tls_enabled, tls_enabled)
  FN_GLOBAL_BOOL(unicode, bUnicode)
-FN_GLOBAL_BOOL(nt_status_support, bNTStatusSupport)
-FN_GLOBAL_BOOL(lanman_auth, bLanmanAuth)
-FN_GLOBAL_BOOL(ntlm_auth, bNTLMAuth)
-FN_GLOBAL_BOOL(client_plaintext_auth, bClientPlaintextAuth)
-FN_GLOBAL_BOOL(client_lanman_auth, bClientLanManAuth)
-FN_GLOBAL_BOOL(client_ntlmv2_auth, bClientNTLMv2Auth)
-FN_GLOBAL_BOOL(client_use_spnego_principal, client_use_spnego_principal)
-FN_GLOBAL_BOOL(host_msdfs, bHostMSDfs)
  FN_GLOBAL_BOOL(unix_extensions, bUnixExtensions)
-FN_GLOBAL_BOOL(use_spnego, bUseSpnego)
  FN_GLOBAL_BOOL(use_mmap, bUseMmap)
-FN_GLOBAL_BOOL(rpc_big_endian, bRpcBigEndian)
-FN_GLOBAL_INTEGER(max_wins_ttl, max_wins_ttl)
-FN_GLOBAL_INTEGER(min_wins_ttl, min_wins_ttl)
+FN_GLOBAL_BOOL(use_spnego, bUseSpnego)
+FN_GLOBAL_BOOL(we_are_a_wins_server, bWINSsupport)
+FN_GLOBAL_BOOL(winbind_sealed_pipes, bWinbindSealedPipes)
+FN_GLOBAL_BOOL(wins_dns_proxy, bWINSdnsProxy)
+FN_GLOBAL_BOOL(writeraw, bWriteRaw)
+FN_GLOBAL_CONST_STRING(dns_forwarder, dns_forwarder)
+FN_GLOBAL_CONST_STRING(ntp_signd_socket_directory, szNTPSignDSocketDirectory)
+FN_GLOBAL_CONST_STRING(passwordserver, szPasswordServer)
+FN_GLOBAL_CONST_STRING(realm, szRealm_upper)
+FN_GLOBAL_CONST_STRING(template_homedir, szTemplateHomedir)
+FN_GLOBAL_CONST_STRING(template_shell, szTemplateShell)
+FN_GLOBAL_CONST_STRING(winbindd_privileged_socket_directory, szWinbinddPrivilegedSocketDirectory)
+FN_GLOBAL_CONST_STRING(winbindd_socket_directory, szWinbinddSocketDirectory)
+FN_GLOBAL_CONST_STRING(winbind_separator, szWinbindSeparator)
+FN_GLOBAL_INTEGER(allow_dns_updates, allow_dns_updates)
+FN_GLOBAL_INTEGER(cldap_port, cldap_port)
+FN_GLOBAL_INTEGER(client_signing, client_signing)
+FN_GLOBAL_INTEGER(cli_maxprotocol, cli_maxprotocol)
+FN_GLOBAL_INTEGER(cli_minprotocol, cli_minprotocol)
+FN_GLOBAL_INTEGER(dgram_port, dgram_port)
+FN_GLOBAL_INTEGER(kpasswd_port, kpasswd_port)
+FN_GLOBAL_INTEGER(krb5_port, krb5_port)
  FN_GLOBAL_INTEGER(maxmux, max_mux)
+FN_GLOBAL_INTEGER(max_wins_ttl, max_wins_ttl)
  FN_GLOBAL_INTEGER(max_xmit, max_xmit)
+FN_GLOBAL_INTEGER(min_wins_ttl, min_wins_ttl)
+FN_GLOBAL_INTEGER(nbt_port, nbt_port)
  FN_GLOBAL_INTEGER(passwordlevel, pwordlevel)
+FN_GLOBAL_INTEGER(server_signing, server_signing)
  FN_GLOBAL_INTEGER(srv_maxprotocol, srv_maxprotocol)
  FN_GLOBAL_INTEGER(srv_minprotocol, srv_minprotocol)
-FN_GLOBAL_INTEGER(cli_maxprotocol, cli_maxprotocol)
-FN_GLOBAL_INTEGER(cli_minprotocol, cli_minprotocol)
-FN_GLOBAL_INTEGER(security, security)
-FN_GLOBAL_BOOL(paranoid_server_security, paranoid_server_security)
-
-FN_GLOBAL_INTEGER(server_signing, server_signing)
-FN_GLOBAL_INTEGER(client_signing, client_signing)
-
-FN_GLOBAL_CONST_STRING(ntp_signd_socket_directory, szNTPSignDSocketDirectory)
+FN_GLOBAL_INTEGER(web_port, web_port)
+FN_GLOBAL_LIST(dcerpc_endpoint_servers, dcerpc_ep_servers)
+FN_GLOBAL_LIST(dns_update_command, szDNSUpdateCommand)
+FN_GLOBAL_LIST(interfaces, szInterfaces)
+FN_GLOBAL_LIST(name_resolve_order, szNameResolveOrder)
+FN_GLOBAL_LIST(netbios_aliases, szNetbiosAliases)
+FN_GLOBAL_LIST(nsupdate_command, szNSUpdateCommand)
+FN_GLOBAL_LIST(rndc_command, szRNDCCommand)
+FN_GLOBAL_LIST(samba_kcc_command, szSambaKCCCommand)
+FN_GLOBAL_LIST(server_services, server_services)
+FN_GLOBAL_LIST(smb_ports, smb_ports)
+FN_GLOBAL_LIST(spn_update_command, szSPNUpdateCommand)
+FN_GLOBAL_LIST(wins_server_list, szWINSservers)
+FN_GLOBAL_STRING(auto_services, szAutoServices)
+FN_GLOBAL_STRING(cachedir, szCacheDir)
+FN_GLOBAL_STRING(dnsdomain, szRealm_lower)
+FN_GLOBAL_STRING(dos_charset, dos_charset)
+FN_GLOBAL_STRING(lockdir, szLockDir)
+FN_GLOBAL_STRING(logfile, logfile)
+FN_GLOBAL_STRING(ncalrpc_dir, ncalrpc_dir)
+FN_GLOBAL_STRING(netbios_name, szNetbiosName)
+FN_GLOBAL_STRING(netbios_scope, szNetbiosScope)
+FN_GLOBAL_STRING(ntptr_providor, ntptr_providor)
+FN_GLOBAL_STRING(passdb_backend, passdb_backend)
+FN_GLOBAL_STRING(passwd_chat, szPasswdChat)
+FN_GLOBAL_STRING(piddir, szPidDir)
+FN_GLOBAL_STRING(private_dir, szPrivateDir)
+FN_GLOBAL_STRING(serverstring, szServerString)
+FN_GLOBAL_STRING(share_backend, szShareBackend)
+FN_GLOBAL_STRING(socket_address, szSocketAddress)
+FN_GLOBAL_STRING(socket_options, socket_options)
+FN_GLOBAL_STRING(statedir, szStateDir)
+FN_GLOBAL_STRING(unix_charset, unix_charset)
+FN_GLOBAL_STRING(wins_hook, szWINSHook)
+FN_GLOBAL_STRING(workgroup, szWorkgroup)
  
  /* local prototypes */
  static int map_parameter(const char *pszParmName);
@@ -1656,17 +1702,31 @@ static int lp_int(const char *s)
  /**
   * convenience routine to return unsigned long parameters.
   */
-static int lp_ulong(const char *s)
+static unsigned long lp_ulong(const char *s)
  {
  
         if (!s) {
-               DEBUG(0,("lp_int(%s): is called with NULL!\n",s));
+               DEBUG(0,("lp_ulong(%s): is called with NULL!\n",s));
                 return -1;
         }
  
         return strtoul(s, NULL, 0);
  }
  
+/**
+ * convenience routine to return unsigned long parameters.
+ */
+static long lp_long(const char *s)
+{
+
+       if (!s) {
+               DEBUG(0,("lp_long(%s): is called with NULL!\n",s));
+               return -1;
+       }
+
+       return strtol(s, NULL, 0);
+}
+
  /**
   * convenience routine to return unsigned long parameters.
   */
@@ -1797,6 +1857,17 @@ unsigned long lpcfg_parm_ulong(struct loadparm_context *lp_ctx,
         return default_v;
  }
  
+long lpcfg_parm_long(struct loadparm_context *lp_ctx,
+                    struct loadparm_service *service, const char *type,
+                    const char *option, long default_v)
+{
+       const char *value = lpcfg_get_parametric(lp_ctx, service, type, option);
+
+       if (value)
+               return lp_long(value);
+
+       return default_v;
+}
  
  double lpcfg_parm_double(struct loadparm_context *lp_ctx,
                       struct loadparm_service *service, const char *type,
@@ -2086,6 +2157,27 @@ void *lpcfg_parm_ptr(struct loadparm_context *lp_ctx,
         }
  }
  
+/**
+  return the parameter pointer for a parameter
+*/
+bool lpcfg_parm_is_cmdline(struct loadparm_context *lp_ctx, const char *name)
+{
+       int parmnum;
+
+       if (lp_ctx->s3_fns) {
+               struct parm_struct *parm = lp_ctx->s3_fns->get_parm_struct(name);
+               if (parm) {
+                       return parm->flags & FLAG_CMDLINE;
+               }
+               return false;
+       }
+
+       parmnum = map_parameter(name);
+       if (parmnum == -1) return false;
+
+       return lp_ctx->flags[parmnum] & FLAG_CMDLINE;
+}
+
  /**
   * Find a service by name. Otherwise works like get_service.
   */
@@ -2136,6 +2228,7 @@ static void copy_service(struct loadparm_service *pserviceDest,
                                         break;
  
                                 case P_INTEGER:
+                               case P_BYTES:
                                 case P_OCTAL:
                                 case P_ENUM:
                                         *(int *)dest_ptr = *(int *)src_ptr;
@@ -2177,7 +2270,7 @@ static void copy_service(struct loadparm_service *pserviceDest,
                         /* If we already have same option, override it */
                         if (strcmp(pdata->key, data->key) == 0) {
                                 talloc_free(pdata->value);
-                               pdata->value = talloc_reference(pdata,
+                               pdata->value = talloc_strdup(pdata,
                                                              data->value);
                                 not_added = false;
                                 break;
@@ -2188,8 +2281,8 @@ static void copy_service(struct loadparm_service *pserviceDest,
                         paramo = talloc_zero(pserviceDest, struct parmlist_entry);
                         if (paramo == NULL)
                                 smb_panic("OOM");
-                       paramo->key = talloc_reference(paramo, data->key);
-                       paramo->value = talloc_reference(paramo, data->value);
+                       paramo->key = talloc_strdup(paramo, data->key);
+                       paramo->value = talloc_strdup(paramo, data->value);
                         DLIST_ADD(pserviceDest->param_opt, paramo);
                 }
                 data = data->next;
@@ -2556,23 +2649,13 @@ static bool set_variable(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr,
                         char **new_list = str_list_make(mem_ctx,
                                                         pszParmValue, NULL);
                         for (i=0; new_list[i]; i++) {
-                               if (new_list[i][0] == '+' && new_list[i][1] &&
-                                   (!str_list_check(*(const char ***)parm_ptr,
-                                                    &new_list[i][1]))) {
-                                       *(const char ***)parm_ptr = str_list_add(*(const char ***)parm_ptr,
-                                                                                &new_list[i][1]);
-                               } else if (new_list[i][0] == '-' && new_list[i][1]) {
-#if 0 /* This is commented out because we sometimes parse the list
-       * twice, and so we can't assert on this */
+                               if (new_list[i][0] == '+' && new_list[i][1]) {
                                         if (!str_list_check(*(const char ***)parm_ptr,
                                                             &new_list[i][1])) {
-                                               DEBUG(0, ("Unsupported value for: %s = %s, %s is not in the original list [%s]\n",
-                                                         pszParmName, pszParmValue, new_list[i],
-                                                         str_list_join_shell(mem_ctx, *(const char ***)parm_ptr, ' ')));
-                                               return false;
-
+                                               *(const char ***)parm_ptr = str_list_add(*(const char ***)parm_ptr,
+                                                                                        &new_list[i][1]);
                                         }
-#endif
+                               } else if (new_list[i][0] == '-' && new_list[i][1]) {
                                         str_list_remove(*(const char ***)parm_ptr,
                                                         &new_list[i][1]);
                                 } else {
@@ -2612,6 +2695,9 @@ static bool set_variable(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr,
                                 return false;
                         }
                         break;
+
+               case P_SEP:
+                       break;
         }
  
  mark_non_default:
@@ -3014,6 +3100,8 @@ static bool is_default(struct loadparm_service *sDefault, int i)
                 case P_ENUM:
                         return parm_table[i].def.ivalue ==
                                 *(int *)def_ptr;
+               case P_SEP:
+                       break;
         }
         return false;
  }
@@ -3284,9 +3372,9 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
  
         lpcfg_do_global_parameter(lp_ctx, "share backend", "classic");
  
-       lpcfg_do_global_parameter(lp_ctx, "share backend", "classic");
-
-       lpcfg_do_global_parameter(lp_ctx, "server role", "standalone");
+       lpcfg_do_global_parameter(lp_ctx, "server role", "auto");
+       lpcfg_do_global_parameter(lp_ctx, "domain logons", "No");
+       lpcfg_do_global_parameter(lp_ctx, "domain master", "Auto");
  
         /* options that can be set on the command line must be initialised via
            the slower lpcfg_do_global_parameter() to ensure that FLAG_CMDLINE is obeyed */
@@ -3304,15 +3392,12 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
         lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
         lpcfg_do_global_parameter(lp_ctx, "max connections", "-1");
  
-       lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup unixinfo browser eventlog6 backupkey");
+       lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup unixinfo browser eventlog6 backupkey dnsserver");
         lpcfg_do_global_parameter(lp_ctx, "server services", "smb rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate");
         lpcfg_do_global_parameter(lp_ctx, "ntptr providor", "simple_ldb");
         /* the winbind method for domain controllers is for both RODC
            auth forwarding and for trusted domains */
         lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
-       lpcfg_do_global_parameter(lp_ctx, "spoolss database", "spoolss.ldb");
-       lpcfg_do_global_parameter(lp_ctx, "wins config database", "wins_config.ldb");
-       lpcfg_do_global_parameter(lp_ctx, "wins database", "wins.ldb");
         lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
  
         /* This hive should be dynamically generated by Samba using
@@ -3345,13 +3430,15 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
  
         lpcfg_do_global_parameter(lp_ctx, "max mux", "50");
         lpcfg_do_global_parameter(lp_ctx, "max xmit", "12288");
+       lpcfg_do_global_parameter(lp_ctx, "host msdfs", "true");
+
         lpcfg_do_global_parameter(lp_ctx, "password level", "0");
         lpcfg_do_global_parameter(lp_ctx, "LargeReadwrite", "True");
         lpcfg_do_global_parameter(lp_ctx, "server min protocol", "CORE");
         lpcfg_do_global_parameter(lp_ctx, "server max protocol", "NT1");
         lpcfg_do_global_parameter(lp_ctx, "client min protocol", "CORE");
         lpcfg_do_global_parameter(lp_ctx, "client max protocol", "NT1");
-       lpcfg_do_global_parameter(lp_ctx, "security", "USER");
+       lpcfg_do_global_parameter(lp_ctx, "security", "AUTO");
         lpcfg_do_global_parameter(lp_ctx, "paranoid server security", "True");
         lpcfg_do_global_parameter(lp_ctx, "EncryptPasswords", "True");
         lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True");
@@ -3384,13 +3471,15 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
         lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR);
         lpcfg_do_global_parameter_var(lp_ctx, "dns update command", "%s/samba_dnsupdate", dyn_SCRIPTSBINDIR);
         lpcfg_do_global_parameter_var(lp_ctx, "spn update command", "%s/samba_spnupdate", dyn_SCRIPTSBINDIR);
+       lpcfg_do_global_parameter_var(lp_ctx, "samba kcc command",
+                                       "%s/samba_kcc", dyn_SCRIPTSBINDIR);
  #endif
         lpcfg_do_global_parameter(lp_ctx, "template shell", "/bin/false");
         lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%WORKGROUP%/%ACCOUNTNAME%");
         lpcfg_do_global_parameter(lp_ctx, "idmap trusted only", "False");
  
-       lpcfg_do_global_parameter(lp_ctx, "client signing", "Yes");
-       lpcfg_do_global_parameter(lp_ctx, "server signing", "auto");
+       lpcfg_do_global_parameter(lp_ctx, "client signing", "default");
+       lpcfg_do_global_parameter(lp_ctx, "server signing", "default");
  
         lpcfg_do_global_parameter(lp_ctx, "use spnego", "True");
  
@@ -3418,6 +3507,10 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
         lpcfg_do_global_parameter(lp_ctx, "rndc command", "/usr/sbin/rndc");
         lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g");
  
+        lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "False");
+        lpcfg_do_global_parameter(lp_ctx, "dns recursive queries", "False");
+        lpcfg_do_global_parameter(lp_ctx, "dns forwarder", "");
+
         for (i = 0; parm_table[i].label; i++) {
                 if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
                         lp_ctx->flags[i] |= FLAG_DEFAULT;
@@ -3458,7 +3551,7 @@ struct loadparm_context *loadparm_init_global(bool load_default)
  struct loadparm_context *loadparm_init_s3(TALLOC_CTX *mem_ctx, 
                                           const struct loadparm_s3_context *s3_fns)
  {
-       struct loadparm_context *loadparm_context = loadparm_init(mem_ctx);
+       struct loadparm_context *loadparm_context = talloc_zero(mem_ctx, struct loadparm_context);
         if (!loadparm_context) {
                 return NULL;
         }
@@ -3771,7 +3864,7 @@ _PUBLIC_ char *lpcfg_tls_dhpfile(TALLOC_CTX *mem_ctx, struct loadparm_context *l
  
  struct gensec_settings *lpcfg_gensec_settings(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
  {
-       struct gensec_settings *settings = talloc(mem_ctx, struct gensec_settings);
+       struct gensec_settings *settings = talloc_zero(mem_ctx, struct gensec_settings);
         if (settings == NULL)
                 return NULL;
         SMB_ASSERT(lp_ctx != NULL);
@@ -3780,3 +3873,25 @@ struct gensec_settings *lpcfg_gensec_settings(TALLOC_CTX *mem_ctx, struct loadpa
         return settings;
  }
  
+int lpcfg_server_role(struct loadparm_context *lp_ctx)
+{
+       if (lp_ctx->s3_fns) {
+               return lp_ctx->s3_fns->server_role();
+       }
+
+       return lp_find_server_role(lp_ctx->globals->server_role,
+                                  lp_ctx->globals->security,
+                                  lp_ctx->globals->domain_logons,
+                                  (lp_ctx->globals->domain_master == true) ||
+                                  (lp_ctx->globals->domain_master == Auto));
+}
+
+int lpcfg_security(struct loadparm_context *lp_ctx)
+{
+       if (lp_ctx->s3_fns) {
+               return lp_ctx->s3_fns->security();
+       }
+
+       return lp_find_security(lp_ctx->globals->server_role,
+                               lp_ctx->globals->security);
+}