That troublemaker again (replace domain logons =, domain master =)
Andrew Bartlett
abartlet at pcug.org.au
Sun Nov 11 19:59:02 GMT 2001
Ok, next up on the shooting range:
To allow the work I am doing for plugable authentication paramaters I
have already proposed to remove the 'server' and 'domain' options from
security=, and to replace them with an 'auth order = ' paramater.
Unfortunetly Samba is a dependency hell in this area - we make up a
'server role' paramater already, based on particular values of other
paramaters. What I am proposing to do is to change this around:
Create a new 'server role = ' paramater, with possible options:
PDC
BDC
DMB
STANDALONE
DOMAIN MEMBER
This will replace the current 'doamin logons =' and 'domain master ='
paramaters, and remove the dependeny on 'security = ', which is where my
actual work is.
I would like to do this for 3.0, becouse we won't get another chance for
a while. I don't propose a backward compatability arrangement (except
that the defaults will still give the same behaviour) becouse then we
actually don't get anywhere...
Instead I am much more inclined to a 'conversion script' arrangement.
This is however somthing that we will need to look at over the next few
months before release, and I am open to proposals in this area.
Also, this paramter could be used to provide defaults for other
paramters: Particularly 'auth order = '.
So, let the comments (flames) begin...
Thanks,
Andrew Bartlett
(proposed patch attached)
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
? intl/Makefile
? intl/lang_tdb.po
? intl/po
? intl/po2tbl.sed
? nsswitch/.libs
? passdb/pass_check.old.c
? passdb/pdb_unix.c
? po/Makefile
? po/POTFILES
? smbd/patch
Index: include/smb.h
===================================================================
RCS file: /data/cvs/samba/source/include/smb.h,v
retrieving revision 1.387
diff -u -r1.387 smb.h
--- include/smb.h 8 Nov 2001 00:21:25 -0000 1.387
+++ include/smb.h 12 Nov 2001 03:55:35 -0000
@@ -1284,7 +1284,8 @@
ROLE_STANDALONE,
ROLE_DOMAIN_MEMBER,
ROLE_DOMAIN_BDC,
- ROLE_DOMAIN_PDC
+ ROLE_DOMAIN_PDC,
+ ROLE_DMB
};
/* printing types */
Index: lib/util_sid.c
===================================================================
RCS file: /data/cvs/samba/source/lib/util_sid.c,v
retrieving revision 1.35
diff -u -r1.35 util_sid.c
--- lib/util_sid.c 5 Nov 2001 22:57:14 -0000 1.35
+++ lib/util_sid.c 12 Nov 2001 03:55:36 -0000
@@ -116,7 +116,7 @@
if (sid_name_map_initialized) return;
- if ((lp_security() == SEC_USER) && lp_domain_logons()) {
+ if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
sid_name_map[i].sid = &global_sam_sid;
sid_name_map[i].name = global_myworkgroup;
sid_name_map[i].known_users = NULL;
Index: nmbd/nmbd_become_dmb.c
===================================================================
RCS file: /data/cvs/samba/source/nmbd/nmbd_become_dmb.c,v
retrieving revision 1.13
diff -u -r1.13 nmbd_become_dmb.c
--- nmbd/nmbd_become_dmb.c 2 Oct 2001 04:29:30 -0000 1.13
+++ nmbd/nmbd_become_dmb.c 12 Nov 2001 03:55:38 -0000
@@ -375,27 +375,33 @@
lastrun = t;
- /* Do the "internet group" - <1c> names. */
- if (lp_domain_logons())
- add_logon_names();
-
- /* Do the domain master names. */
- if(lp_server_role() == ROLE_DOMAIN_PDC)
- {
- if(we_are_a_wins_client())
- {
- /* We register the WORKGROUP<1b> name with the WINS
- server first, and call add_domain_master_bcast()
- only if this is successful.
-
- This results in domain logon services being gracefully provided,
- as opposed to the aggressive nature of 1.9.16p2 to 1.9.16p11.
- 1.9.16p2 to 1.9.16p11 - due to a bug in namelogon.c,
- cannot provide domain master / domain logon services.
- */
- become_domain_master_browser_wins(global_myworkgroup);
- }
- else
- become_domain_master_browser_bcast(global_myworkgroup);
+ switch (lp_server_role()) {
+ case ROLE_DOMAIN_PDC:
+ /* Do the "internet group" - <1c> names. */
+ add_logon_names();
+ /* fall-though intentional */
+ case ROLE_DMB:
+ if(we_are_a_wins_client())
+ {
+ /* We register the WORKGROUP<1b> name with the WINS
+ server first, and call add_domain_master_bcast()
+ only if this is successful.
+
+ This results in domain logon services being gracefully provided,
+ as opposed to the aggressive nature of 1.9.16p2 to 1.9.16p11.
+ 1.9.16p2 to 1.9.16p11 - due to a bug in namelogon.c,
+ cannot provide domain master / domain logon services.
+ */
+ become_domain_master_browser_wins(global_myworkgroup);
+ } else {
+ become_domain_master_browser_bcast(global_myworkgroup);
+ }
+ break;
+ case ROLE_DOMAIN_BDC:
+ /* Do the "internet group" - <1c> names. */
+ add_logon_names();
+ break;
+ default:
+ /* Standalone or domain member */
}
}
Index: nmbd/nmbd_incomingdgrams.c
===================================================================
RCS file: /data/cvs/samba/source/nmbd/nmbd_incomingdgrams.c,v
retrieving revision 1.18
diff -u -r1.18 nmbd_incomingdgrams.c
--- nmbd/nmbd_incomingdgrams.c 2 Oct 2001 04:29:31 -0000 1.18
+++ nmbd/nmbd_incomingdgrams.c 12 Nov 2001 03:55:39 -0000
@@ -383,6 +383,7 @@
char *local_master_name = buf;
struct work_record *work;
struct browse_cache_record *browrec;
+ enum server_types server_role = lp_server_role();
START_PROFILE(master_browser_announce);
local_master_name[15] = 0;
@@ -390,7 +391,7 @@
DEBUG(3,("process_master_browser_announce: Local master announce from %s IP %s.\n",
local_master_name, inet_ntoa(p->ip)));
- if (!lp_domain_master())
+ if (!(server_role == ROLE_DMB || server_role == ROLE_DOMAIN_PDC))
{
DEBUG(0,("process_master_browser_announce: Not configured as domain \
master - ignoring master announce.\n"));
Index: nmbd/nmbd_processlogon.c
===================================================================
RCS file: /data/cvs/samba/source/nmbd/nmbd_processlogon.c,v
retrieving revision 1.49
diff -u -r1.49 nmbd_processlogon.c
--- nmbd/nmbd_processlogon.c 2 Oct 2001 04:29:32 -0000 1.49
+++ nmbd/nmbd_processlogon.c 12 Nov 2001 03:55:40 -0000
@@ -82,10 +82,11 @@
char *uniuser; /* Unicode user name. */
pstring ascuser;
char *unicomp; /* Unicode computer name. */
+ enum server_types server_role = lp_server_role();
memset(outbuf, 0, sizeof(outbuf));
- if (!lp_domain_logons())
+ if (!(server_role == ROLE_DOMAIN_PDC || server_role == ROLE_DOMAIN_BDC))
{
DEBUG(3,("process_logon_packet: Logon packet received from IP %s and domain \
logons are not enabled.\n", inet_ntoa(p->ip) ));
@@ -142,7 +143,7 @@
char *q = buf + 2;
char *machine = q;
- if (!lp_domain_master())
+ if (!(server_role == ROLE_DOMAIN_PDC))
{
/* We're not Primary Domain Controller -- ignore this */
return;
Index: nmbd/nmbd_workgroupdb.c
===================================================================
RCS file: /data/cvs/samba/source/nmbd/nmbd_workgroupdb.c,v
retrieving revision 1.16
diff -u -r1.16 nmbd_workgroupdb.c
--- nmbd/nmbd_workgroupdb.c 2 Oct 2001 04:29:33 -0000 1.16
+++ nmbd/nmbd_workgroupdb.c 12 Nov 2001 03:55:40 -0000
@@ -55,6 +55,7 @@
struct work_record *work;
struct subnet_record *subrec;
int t = -1;
+ enum server_types server_role = lp_server_role();
if((work = (struct work_record *)malloc(sizeof(*work))) == NULL)
{
@@ -108,7 +109,8 @@
/* NTAS uses ???????? */
work->ElectionCriterion = (MAINTAIN_LIST)|(BROWSER_ELECTION_VERSION<<8);
work->ElectionCriterion |= (lp_os_level() << 24);
- if (lp_domain_master())
+
+ if (server_role == ROLE_DMB || server_role == ROLE_DOMAIN_PDC)
work->ElectionCriterion |= 0x80;
return work;
Index: param/loadparm.c
===================================================================
RCS file: /data/cvs/samba/source/param/loadparm.c,v
retrieving revision 1.352
diff -u -r1.352 loadparm.c
--- param/loadparm.c 9 Nov 2001 11:16:04 -0000 1.352
+++ param/loadparm.c 12 Nov 2001 03:55:49 -0000
@@ -179,6 +179,7 @@
int maxprotocol;
int minprotocol;
int security;
+ int ServerRole;
BOOL paranoid_server_security;
int maxdisksize;
int lpqcachetime;
@@ -514,7 +515,6 @@
static int iServiceIndex = 0;
static BOOL bInGlobalSection = True;
static BOOL bGlobalOnly = False;
-static int server_role;
static int default_server_announce;
#define NUMPARAMETERS (sizeof(parm_table) / sizeof(struct parm_struct))
@@ -529,7 +529,6 @@
static BOOL handle_wins_server_list(char *pszParmValue, char **ptr);
static BOOL handle_debug_list( char *pszParmValue, char **ptr );
-static void set_server_role(void);
static void set_default_server_announce_type(void);
static struct enum_list enum_protocol[] = {
@@ -550,6 +549,15 @@
{-1, NULL}
};
+static struct enum_list enum_server_role[] = {
+ {ROLE_STANDALONE, "STANDALONE"},
+ {ROLE_DOMAIN_MEMBER, "DOMAIN MEMBER"},
+ {ROLE_DOMAIN_PDC, "PDC"},
+ {ROLE_DOMAIN_BDC, "BDC"},
+ {ROLE_DMB, "DMB"},
+ {-1, NULL}
+};
+
static struct enum_list enum_printing[] = {
{PRINT_SYSV, "sysv"},
{PRINT_AIX, "aix"},
@@ -680,6 +688,7 @@
{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
{"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC},
+ {"server role", P_ENUM, P_GLOBAL, &Globals.ServerRole, NULL, enum_server_role, FLAG_BASIC},
{"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, 0},
{"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, 0},
{"passwd chat", P_STRING, P_GLOBAL, &Globals.szPasswdChat, NULL, NULL, 0},
@@ -907,7 +916,6 @@
{"logon path", P_STRING, P_GLOBAL, &Globals.szLogonPath, NULL, NULL, 0},
{"logon drive", P_STRING, P_GLOBAL, &Globals.szLogonDrive, NULL, NULL, 0},
{"logon home", P_STRING, P_GLOBAL, &Globals.szLogonHome, NULL, NULL, 0},
- {"domain logons", P_BOOL, P_GLOBAL, &Globals.bDomainLogons, NULL, NULL, 0},
{"Browse Options", P_SEP, P_SEPARATOR},
@@ -917,7 +925,6 @@
{"preferred master", P_ENUM, P_GLOBAL, &Globals.bPreferredMaster, NULL, enum_bool_auto, FLAG_BASIC},
{"prefered master", P_ENUM, P_GLOBAL, &Globals.bPreferredMaster, NULL, enum_bool_auto, FLAG_HIDE},
{"local master", P_BOOL, P_GLOBAL, &Globals.bLocalMaster, NULL, NULL, FLAG_BASIC},
- {"domain master", P_ENUM, P_GLOBAL, &Globals.bDomainMaster, NULL, enum_bool_auto, FLAG_BASIC},
{"browse list", P_BOOL, P_GLOBAL, &Globals.bBrowseList, NULL, NULL, 0},
{"browseable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
{"browsable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, 0},
@@ -1191,7 +1198,7 @@
string_set(&Globals.szPassdbModulePath, "");
string_set(&Globals.szGuestaccount, GUEST_ACCOUNT);
-
+
/*
* Allow the default PASSWD_CHAT to be overridden in local.h.
*/
@@ -1236,6 +1243,7 @@
Globals.maxprotocol = PROTOCOL_NT1;
Globals.minprotocol = PROTOCOL_CORE;
Globals.security = SEC_USER;
+ Globals.ServerRole = ROLE_STANDALONE;
Globals.paranoid_server_security = True;
Globals.bEncryptPasswords = False;
Globals.bUpdateEncrypt = False;
@@ -1338,8 +1346,6 @@
Globals.bPreferredMaster = Auto; /* depending on bDomainMaster */
Globals.os_level = 20;
Globals.bLocalMaster = True;
- Globals.bDomainMaster = Auto; /* depending on bDomainLogons */
- Globals.bDomainLogons = False;
Globals.bBrowseList = True;
Globals.bWINSsupport = False;
Globals.bWINSproxy = False;
@@ -1541,7 +1547,6 @@
FN_GLOBAL_BOOL(lp_we_are_a_wins_server, &Globals.bWINSsupport)
FN_GLOBAL_BOOL(lp_wins_proxy, &Globals.bWINSproxy)
FN_GLOBAL_BOOL(lp_local_master, &Globals.bLocalMaster)
-FN_GLOBAL_BOOL(lp_domain_logons, &Globals.bDomainLogons)
FN_GLOBAL_BOOL(lp_load_printers, &Globals.bLoadPrinters)
FN_GLOBAL_BOOL(lp_use_rhosts, &Globals.bUseRhosts)
FN_GLOBAL_BOOL(lp_readprediction, &Globals.bReadPrediction)
@@ -1594,6 +1599,7 @@
FN_GLOBAL_INTEGER(lp_maxprotocol, &Globals.maxprotocol)
FN_GLOBAL_INTEGER(lp_minprotocol, &Globals.minprotocol)
FN_GLOBAL_INTEGER(lp_security, &Globals.security)
+FN_GLOBAL_INTEGER(lp_server_role, &Globals.ServerRole)
FN_GLOBAL_BOOL(lp_paranoid_server_security, &Globals.paranoid_server_security)
FN_GLOBAL_INTEGER(lp_maxdisksize, &Globals.maxdisksize)
FN_GLOBAL_INTEGER(lp_lpqcachetime, &Globals.lpqcachetime)
@@ -3196,52 +3202,6 @@
defaults_saved = True;
}
-/*******************************************************************
- Set the server type we will announce as via nmbd.
-********************************************************************/
-static void set_server_role(void)
-{
- server_role = ROLE_STANDALONE;
-
- switch (lp_security())
- {
- case SEC_SHARE:
- {
- if (lp_domain_logons())
- {
- DEBUG(0,
- ("Server's Role (logon server) conflicts with share-level security\n"));
- }
- break;
- }
- case SEC_SERVER:
- case SEC_DOMAIN:
- {
- if (lp_domain_logons())
- {
- server_role = ROLE_DOMAIN_BDC;
- break;
- }
- server_role = ROLE_DOMAIN_MEMBER;
- break;
- }
- case SEC_USER:
- {
- if (lp_domain_logons())
- {
- server_role = ROLE_DOMAIN_PDC;
- break;
- }
- break;
- }
- default:
- {
- DEBUG(0,
- ("Server's Role undefined due to unknown security mode\n"));
- }
- }
-}
-
/***************************************************************************
Load the services array from the services file. Return True on success,
@@ -3288,7 +3248,6 @@
lp_add_ipc("ADMIN$", False);
}
- set_server_role();
set_default_server_announce_type();
bLoaded = True;
@@ -3475,28 +3434,6 @@
}
}
-/***********************************************************
- returns role of Samba server
-************************************************************/
-
-int lp_server_role(void)
-{
- return server_role;
-}
-
-/***********************************************************
- If we are PDC then prefer us as DMB
-************************************************************/
-
-BOOL lp_domain_master(void)
-{
- if (Globals.bDomainMaster == Auto)
- {
- return (lp_server_role() == ROLE_DOMAIN_PDC);
- }
-
- return Globals.bDomainMaster;
-}
/***********************************************************
If we are DMB then prefer us as LMB
@@ -3506,7 +3443,8 @@
{
if (Globals.bPreferredMaster == Auto)
{
- return (lp_local_master() && lp_domain_master());
+ return (lp_local_master() &&
+ (lp_server_role() == ROLE_DOMAIN_PDC || lp_server_role() == ROLE_DMB));
}
return Globals.bPreferredMaster;
Index: smbd/server.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/server.c,v
retrieving revision 1.344
diff -u -r1.344 server.c
--- smbd/server.c 22 Oct 2001 06:53:27 -0000 1.344
+++ smbd/server.c 12 Nov 2001 03:55:51 -0000
@@ -741,7 +741,7 @@
init_structs();
/* don't call winbind for our domain if we are the DC */
- if (lp_domain_logons()) {
+ if (lp_server_role() == ROLE_DOMAIN_PDC || lp_server_role() == ROLE_DOMAIN_BDC) {
winbind_exclude_domain(lp_workgroup());
}
More information about the samba-technical
mailing list