along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
-#include "lib/param/loadparm_server_role.h"
+#include "lib/param/loadparm.h"
#include "libds/common/roles.h"
/*******************************************************************
{ ROLE_DOMAIN_MEMBER, "ROLE_DOMAIN_MEMBER" },
{ ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" },
{ ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" },
+ { ROLE_ACTIVE_DIRECTORY_DC, "ROLE_ACTIVE_DIRECTORY_DC" },
{ 0, NULL }
};
/**
* Set the server role based on security, domain logons and domain master
*/
-int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master)
+int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master)
{
int role;
if (server_role != ROLE_AUTO) {
- return server_role;
+ if (lp_is_security_and_server_role_valid(server_role, security)) {
+ return server_role;
+ }
}
- /* If server_role is set to ROLE_AUTO, figure out the correct role */
+ /* If server_role is set to ROLE_AUTO, or conflicted with the
+ * chosen security setting, figure out the correct role */
role = ROLE_STANDALONE;
switch (security) {
- case SEC_SHARE:
- if (domain_logons) {
- DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
- }
- break;
- case SEC_SERVER:
- if (domain_logons) {
- DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
- }
- /* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */
- role = ROLE_STANDALONE;
- break;
case SEC_DOMAIN:
- if (domain_logons) {
- DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
- role = ROLE_DOMAIN_BDC;
- break;
- }
- role = ROLE_DOMAIN_MEMBER;
- break;
case SEC_ADS:
- if (domain_logons) {
- role = ROLE_DOMAIN_CONTROLLER;
- break;
- }
role = ROLE_DOMAIN_MEMBER;
break;
case SEC_AUTO:
}
switch (server_role) {
- case ROLE_AUTO:
- case ROLE_STANDALONE:
- return SEC_USER;
case ROLE_DOMAIN_MEMBER:
-#if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4)
return SEC_ADS;
-#else
- return SEC_DOMAIN;
-#endif
+ default:
+ return SEC_USER;
+ }
+}
+
+
+/**
+ * Check if server role and security parameters are contradictory
+ */
+bool lp_is_security_and_server_role_valid(int server_role, int security)
+{
+ bool valid = false;
+
+ if (security == SEC_AUTO) {
+ return true;
+ }
+
+ switch (server_role) {
+ case ROLE_AUTO:
+ valid = true;
+ break;
+ case ROLE_DOMAIN_MEMBER:
+ if (security == SEC_ADS || security == SEC_DOMAIN) {
+ valid = true;
+ }
+ break;
+
+ case ROLE_STANDALONE:
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
+ case ROLE_ACTIVE_DIRECTORY_DC:
+ if (security == SEC_USER) {
+ valid = true;
+ }
+ break;
+
default:
- return SEC_USER;
+ break;
}
+
+ return valid;
}