diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /lib/param/loadparm_server_role.c | |
parent | Initial commit. (diff) | |
download | samba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/param/loadparm_server_role.c')
-rw-r--r-- | lib/param/loadparm_server_role.c | 155 |
1 files changed, 155 insertions, 0 deletions
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c new file mode 100644 index 0000000..a78d1ab --- /dev/null +++ b/lib/param/loadparm_server_role.c @@ -0,0 +1,155 @@ +/* + Unix SMB/CIFS implementation. + Parameter loading functions + Copyright (C) Karl Auer 1993-1998 + + Largely re-written by Andrew Tridgell, September 1994 + + Copyright (C) Simo Sorce 2001 + Copyright (C) Alexander Bokovoy 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 + Copyright (C) Michael Adam 2008 + Copyright (C) Andrew Bartlett 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ +#include "includes.h" +#include "lib/param/loadparm.h" +#include "libds/common/roles.h" + +/******************************************************************* + Set the server type we will announce as via nmbd. +********************************************************************/ + +static const struct srv_role_tab { + uint32_t role; + const char *role_str; +} srv_role_tab [] = { + { ROLE_STANDALONE, "ROLE_STANDALONE" }, + { ROLE_DOMAIN_MEMBER, "ROLE_DOMAIN_MEMBER" }, + { ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" }, + { ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" }, + { ROLE_ACTIVE_DIRECTORY_DC, "ROLE_ACTIVE_DIRECTORY_DC" }, + { ROLE_IPA_DC, "ROLE_IPA_DC"}, + { 0, NULL } +}; + +const char* server_role_str(uint32_t role) +{ + int i = 0; + for (i=0; srv_role_tab[i].role_str; i++) { + if (role == srv_role_tab[i].role) { + return srv_role_tab[i].role_str; + } + } + return NULL; +} + +/** + * Set the server role based on security, domain logons and domain master + */ +int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master) +{ + int role; + + if (server_role != ROLE_AUTO) { + if (lp_is_security_and_server_role_valid(server_role, security)) { + return server_role; + } + } + + /* If server_role is set to ROLE_AUTO, or conflicted with the + * chosen security setting, figure out the correct role */ + role = ROLE_STANDALONE; + + switch (security) { + case SEC_DOMAIN: + case SEC_ADS: + role = ROLE_DOMAIN_MEMBER; + break; + case SEC_AUTO: + case SEC_USER: + if (domain_logons) { + + if (domain_master) { + role = ROLE_DOMAIN_PDC; + } else { + role = ROLE_DOMAIN_BDC; + } + } + break; + default: + DEBUG(0, ("Server's Role undefined due to unknown security mode\n")); + break; + } + + return role; +} + +/** + * Set the server role based on security, domain logons and domain master + */ +int lp_find_security(int server_role, int security) +{ + if (security != SEC_AUTO) { + return security; + } + + switch (server_role) { + case ROLE_DOMAIN_MEMBER: + return SEC_ADS; + default: + return SEC_USER; + } +} + + +/** + * Check if server role and security parameters are contradictory + */ +bool lp_is_security_and_server_role_valid(int server_role, int security) +{ + bool valid = false; + + if (security == SEC_AUTO) { + return true; + } + + switch (server_role) { + case ROLE_AUTO: + valid = true; + break; + case ROLE_DOMAIN_MEMBER: + if (security == SEC_ADS || security == SEC_DOMAIN) { + valid = true; + } + break; + + case ROLE_STANDALONE: + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + case ROLE_ACTIVE_DIRECTORY_DC: + case ROLE_IPA_DC: + if (security == SEC_USER) { + valid = true; + } + break; + + default: + break; + } + + return valid; +} |