r21884: * Blacklist BUILTIN and MACHINE domains from the

  idmap domains as these should only be handled by the
  winbindd_passdb.c backend

* Allow the alloc init to fail for backwards compatible
  configurations like

     idmap backend = ad
     idmap uid = 1000-100000
	....

* Remove the deprecated flags from idmap backend, et. al.
  These are mutually exclusive with the new configuration
  options (idmap domains).  Logging annoying messages
  about deprecated parameters is confusing.  So we'll try
  this apprpach for now.
(This used to be commit 5e30807b4e9c0211c9e2c02deee94543e8f0d855)

2 files changed, 31 insertions, 18 deletions

diff --git a/source3/nsswitch/idmap.c b/source3/nsswitch/idmap.c
index a58959afe4..c2a38fa979 100644
--- a/source3/nsswitch/idmap.c
+++ b/source3/nsswitch/idmap.c
@@ -297,7 +297,6 @@ NTSTATUS idmap_init(void)
 		char *p = NULL;
 		const char *q = NULL;		
 
-		DEBUG(0, ("WARNING: idmap backend is deprecated!\n"));
 		compat = 1;
 
 		if ( (compat_backend = talloc_strdup( idmap_ctx, *compat_list )) == NULL ) {
@@ -337,6 +336,15 @@ NTSTATUS idmap_init(void)
 	       	const char *parm_backend;
 		char *config_option;
 
+		/* ignore BUILTIN and local MACHINE domains */
+		if ( strequal(dom_list[i], "BUILTIN") 
+		     || strequal(dom_list[i], get_global_sam_name() ) ) 
+		{
+			DEBUG(0,("idmap_init: Ignoring invalid domain %s\n", 
+				 dom_list[i]));
+			continue;
+		}
+
 		if (strequal(dom_list[i], lp_workgroup())) {
 			pri_dom_is_in_list = True;
 		}
@@ -577,17 +585,22 @@ NTSTATUS idmap_init(void)
 			alloc_methods = get_alloc_methods(alloc_backends, alloc_backend);
 		}
 	}
-	if ( ! alloc_methods) {
-		DEBUG(0, ("ERROR: Could not get methods for alloc backend %s\n", alloc_backend));
-		ret = NT_STATUS_UNSUCCESSFUL;
-		goto done;
-	}
-
-	ret = alloc_methods->init(compat_params);
-	if ( ! NT_STATUS_IS_OK(ret)) {
-		DEBUG(0, ("ERROR: Initialization failed for alloc backend %s\n", alloc_backend));
-		ret = NT_STATUS_UNSUCCESSFUL;
-		goto done;
+	if ( alloc_methods) {
+		ret = alloc_methods->init(compat_params);
+		if ( ! NT_STATUS_IS_OK(ret)) {
+			DEBUG(0, ("idmap_init: Initialization failed for alloc "
+				  "backend %s\n", alloc_backend));
+			ret = NT_STATUS_UNSUCCESSFUL;
+			goto done;
+		}
+	} else {
+		DEBUG(2, ("idmap_init: Unable to get methods for alloc backend %s\n", 
+			  alloc_backend));
+		/* certain compat backends are just readonly */
+		if ( compat )
+			ret = NT_STATUS_OK;
+		else
+			ret = NT_STATUS_UNSUCCESSFUL;
 	}
 
 	/* cleanpu temporary strings */
@@ -595,7 +608,7 @@ NTSTATUS idmap_init(void)
 	
 	backend_init_status = NT_STATUS_OK;
 	
-	return NT_STATUS_OK;
+	return ret;
 
 done:
 	DEBUG(0, ("Aborting IDMAP Initialization ...\n"));
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 6d2ba9377d..b81d2688df 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1268,14 +1268,14 @@ static struct parm_struct parm_table[] = {
 
 	{"passdb expand explicit", P_BOOL, P_GLOBAL, &Globals.bPassdbExpandExplicit, NULL, NULL, FLAG_ADVANCED},
 	{"idmap domains", P_LIST, P_GLOBAL, &Globals.szIdmapDomains, NULL, NULL, FLAG_ADVANCED}, 
-	{"idmap backend", P_LIST, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEPRECATED }, 
+	{"idmap backend", P_LIST, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED }, 
 	{"idmap alloc backend", P_STRING, P_GLOBAL, &Globals.szIdmapAllocBackend, NULL, NULL, FLAG_ADVANCED}, 
 	{"idmap expire time", P_INTEGER, P_GLOBAL, &Globals.iIdmapExpireTime, NULL, NULL, FLAG_ADVANCED}, 
 	{"idmap negative time", P_INTEGER, P_GLOBAL, &Globals.iIdmapNegativeTime, NULL, NULL, FLAG_ADVANCED}, 
-	{"idmap uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEPRECATED }, 
-	{"winbind uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_HIDE | FLAG_DEPRECATED }, 
-	{"idmap gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED | FLAG_DEPRECATED }, 
-	{"winbind gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_HIDE | FLAG_DEPRECATED }, 
+	{"idmap uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED }, 
+	{"winbind uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_HIDE }, 
+	{"idmap gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED }, 
+	{"winbind gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_HIDE }, 
 	{"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, FLAG_ADVANCED}, 
 	{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, FLAG_ADVANCED}, 
 	{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED},