/**
* Set the server role based on security, domain logons and domain master
*/
-int lp_find_server_role(int server_role, int security, bool domain_logons, bool domain_master)
+int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master)
{
int role;
if (server_role != ROLE_AUTO) {
- return server_role;
+ if (lp_is_security_and_server_role_valid(server_role, security)) {
+ return server_role;
+ }
}
- /* If server_role is set to ROLE_AUTO, figure out the correct role */
+ /* If server_role is set to ROLE_AUTO, or conflicted with the
+ * chosen security setting, figure out the correct role */
role = ROLE_STANDALONE;
switch (security) {
- case SEC_SHARE:
- if (domain_logons) {
- DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
- }
- break;
- case SEC_SERVER:
- if (domain_logons) {
- DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
- }
- /* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */
- role = ROLE_STANDALONE;
- break;
case SEC_DOMAIN:
if (domain_logons) {
DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
return SEC_USER;
}
}
+
+
+/**
+ * Check if server role and security parameters are contradictory
+ */
+bool lp_is_security_and_server_role_valid(int server_role, int security)
+{
+ bool valid = false;
+
+ if (security == SEC_AUTO) {
+ return true;
+ }
+
+ switch (server_role) {
+ case ROLE_AUTO:
+ valid = true;
+ break;
+ case ROLE_STANDALONE:
+ if (security == SEC_USER) {
+ valid = true;
+ }
+ break;
+
+ case ROLE_DOMAIN_MEMBER:
+ if (security == SEC_ADS || security == SEC_DOMAIN) {
+ valid = true;
+ }
+ break;
+
+ case ROLE_DOMAIN_PDC:
+ case ROLE_DOMAIN_BDC:
+ if (security == SEC_USER || security == SEC_ADS || security == SEC_DOMAIN) {
+ valid = true;
+ }
+ break;
+
+ default:
+ break;
+ }
+
+ return valid;
+}