Line data    Source code

       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    Parameter loading functions
       4             :    Copyright (C) Karl Auer 1993-1998
       5             : 
       6             :    Largely re-written by Andrew Tridgell, September 1994
       7             : 
       8             :    Copyright (C) Simo Sorce 2001
       9             :    Copyright (C) Alexander Bokovoy 2002
      10             :    Copyright (C) Stefan (metze) Metzmacher 2002
      11             :    Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
      12             :    Copyright (C) Michael Adam 2008
      13             :    Copyright (C) Andrew Bartlett 2010
      14             : 
      15             :    This program is free software; you can redistribute it and/or modify
      16             :    it under the terms of the GNU General Public License as published by
      17             :    the Free Software Foundation; either version 3 of the License, or
      18             :    (at your option) any later version.
      19             : 
      20             :    This program is distributed in the hope that it will be useful,
      21             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      22             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      23             :    GNU General Public License for more details.
      24             : 
      25             :    You should have received a copy of the GNU General Public License
      26             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      27             : */
      28             : #include "includes.h"
      29             : #include "lib/param/loadparm.h"
      30             : #include "libds/common/roles.h"
      31             : 
      32             : /*******************************************************************
      33             :  Set the server type we will announce as via nmbd.
      34             : ********************************************************************/
      35             : 
      36             : static const struct srv_role_tab {
      37             :         uint32_t role;
      38             :         const char *role_str;
      39             : } srv_role_tab [] = {
      40             :         { ROLE_STANDALONE, "ROLE_STANDALONE" },
      41             :         { ROLE_DOMAIN_MEMBER, "ROLE_DOMAIN_MEMBER" },
      42             :         { ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" },
      43             :         { ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" },
      44             :         { ROLE_ACTIVE_DIRECTORY_DC, "ROLE_ACTIVE_DIRECTORY_DC" },
      45             :         { ROLE_IPA_DC, "ROLE_IPA_DC"},
      46             :         { 0, NULL }
      47             : };
      48             : 
      49         752 : const char* server_role_str(uint32_t role)
      50             : {
      51         752 :         int i = 0;
      52        1461 :         for (i=0; srv_role_tab[i].role_str; i++) {
      53        1461 :                 if (role == srv_role_tab[i].role) {
      54         752 :                         return srv_role_tab[i].role_str;
      55             :                 }
      56             :         }
      57           0 :         return NULL;
      58             : }
      59             : 
      60             : /**
      61             :  * Set the server role based on security, domain logons and domain master
      62             :  */
      63     3507509 : int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master)
      64             : {
      65       23283 :         int role;
      66             : 
      67     3507509 :         if (server_role != ROLE_AUTO) {
      68      658591 :                 if (lp_is_security_and_server_role_valid(server_role, security)) {
      69      635512 :                         return server_role;
      70             :                 }
      71             :         }
      72             : 
      73             :         /* If server_role is set to ROLE_AUTO, or conflicted with the
      74             :          * chosen security setting, figure out the correct role */
      75     2848918 :         role = ROLE_STANDALONE;
      76             : 
      77     2848918 :         switch (security) {
      78     2283911 :                 case SEC_DOMAIN:
      79             :                 case SEC_ADS:
      80     2283911 :                         role = ROLE_DOMAIN_MEMBER;
      81     2283911 :                         break;
      82      565005 :                 case SEC_AUTO:
      83             :                 case SEC_USER:
      84      565005 :                         if (domain_logons) {
      85             : 
      86      248919 :                                 if (domain_master) {
      87      248904 :                                         role = ROLE_DOMAIN_PDC;
      88             :                                 } else {
      89           1 :                                         role = ROLE_DOMAIN_BDC;
      90             :                                 }
      91             :                         }
      92      564803 :                         break;
      93           0 :                 default:
      94           0 :                         DEBUG(0, ("Server's Role undefined due to unknown security mode\n"));
      95           0 :                         break;
      96             :         }
      97             : 
      98     2848714 :         return role;
      99             : }
     100             : 
     101             : /**
     102             :  * Set the server role based on security, domain logons and domain master
     103             :  */
     104      189786 : int lp_find_security(int server_role, int security)
     105             : {
     106      189786 :         if (security != SEC_AUTO) {
     107       14149 :                 return security;
     108             :         }
     109             : 
     110      175610 :         switch (server_role) {
     111         218 :         case ROLE_DOMAIN_MEMBER:
     112         218 :                 return SEC_ADS;
     113      175391 :         default:
     114      175391 :                 return SEC_USER;
     115             :         }
     116             : }
     117             : 
     118             : 
     119             : /**
     120             :  * Check if server role and security parameters are contradictory
     121             :  */
     122      658591 : bool lp_is_security_and_server_role_valid(int server_role, int security)
     123             : {
     124      658591 :         bool valid = false;
     125             : 
     126      658591 :         if (security == SEC_AUTO) {
     127      635440 :                 return true;
     128             :         }
     129             : 
     130          92 :         switch (server_role) {
     131           0 :         case ROLE_AUTO:
     132           0 :                 valid = true;
     133           0 :                 break;
     134          74 :         case ROLE_DOMAIN_MEMBER:
     135          74 :                 if (security == SEC_ADS || security == SEC_DOMAIN) {
     136          74 :                         valid = true;
     137             :                 }
     138          72 :                 break;
     139             : 
     140          18 :         case ROLE_STANDALONE:
     141             :         case ROLE_DOMAIN_PDC:
     142             :         case ROLE_DOMAIN_BDC:
     143             :         case ROLE_ACTIVE_DIRECTORY_DC:
     144             :         case ROLE_IPA_DC:
     145          18 :                 if (security == SEC_USER) {
     146          18 :                         valid = true;
     147             :                 }
     148           0 :                 break;
     149             : 
     150           0 :         default:
     151           0 :                 break;
     152             :         }
     153             : 
     154          72 :         return valid;
     155             : }