summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2008-04-01 18:25:47 -0400
committerGünther Deschner <gd@samba.org>2008-04-03 00:26:35 +0200
commita123abdb912e9fefed501d2621b719f3584c2a2b (patch)
treec4c8539f1bea1dd4b8f97dd5c357f83bc3b50607
parent3ebb6be00d88aeb27cfe7d2cc931b14d4993a94b (diff)
downloadsamba-a123abdb912e9fefed501d2621b719f3584c2a2b.tar.gz
samba-a123abdb912e9fefed501d2621b719f3584c2a2b.tar.bz2
samba-a123abdb912e9fefed501d2621b719f3584c2a2b.zip
Fix trusted users on a DC that uses the old idmap syntax. There was no default backend therefore on IDs were mapped by default.
(This used to be commit f6069126e5e6d239b1ae00e897a420227f923e3f)
-rw-r--r--source3/winbindd/idmap.c70
1 files changed, 70 insertions, 0 deletions
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index c1b4e10adf..10807e6640 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -522,6 +522,76 @@ NTSTATUS idmap_init(void)
talloc_free(config_option);
}
+ /* on DCs we need to add idmap_tdb as the default backend if compat is
+ * defined (when the old implicit configuration is used)
+ * This is not done in the previous loop a on member server we exclude
+ * the local domain. But on a DC the local domain is the only domain
+ * available therefore we are left with no default domain */
+ if (((lp_server_role() == ROLE_DOMAIN_PDC) ||
+ (lp_server_role() == ROLE_DOMAIN_BDC)) &&
+ ((num_domains == 0) && (compat == 1))) {
+
+ dom = TALLOC_ZERO_P(idmap_ctx, struct idmap_domain);
+ IDMAP_CHECK_ALLOC(dom);
+
+ dom->name = talloc_strdup(dom, "__default__");
+ IDMAP_CHECK_ALLOC(dom->name);
+
+ dom->default_domain = True;
+ dom->readonly = False;
+
+ /* get the backend methods for this domain */
+ dom->methods = get_methods(backends, compat_backend);
+
+ if ( ! dom->methods) {
+ ret = smb_probe_module("idmap", compat_backend);
+ if (NT_STATUS_IS_OK(ret)) {
+ dom->methods = get_methods(backends,
+ compat_backend);
+ }
+ }
+ if ( ! dom->methods) {
+ DEBUG(0, ("ERROR: Could not get methods for "
+ "backend %s\n", compat_backend));
+ ret = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ /* now that we have methods,
+ * set the destructor for this domain */
+ talloc_set_destructor(dom, close_domain_destructor);
+
+ dom->params = talloc_strdup(dom, compat_params);
+ IDMAP_CHECK_ALLOC(dom->params);
+
+ /* Finally instance a backend copy for this domain */
+ ret = dom->methods->init(dom);
+ if ( ! NT_STATUS_IS_OK(ret)) {
+ DEBUG(0, ("ERROR: Initialization failed for backend "
+ "%s (domain %s), deferred!\n",
+ compat_backend, dom->name));
+ }
+ idmap_domains = talloc_realloc(idmap_ctx, idmap_domains,
+ struct idmap_domain *, 2);
+ if ( ! idmap_domains) {
+ DEBUG(0, ("Out of memory!\n"));
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ idmap_domains[num_domains] = dom;
+
+ def_dom_num = num_domains;
+
+ /* Bump counter to next available slot */
+
+ num_domains++;
+
+ DEBUG(10, ("Domain %s - Backend %s - %sdefault - %sreadonly\n",
+ dom->name, compat_backend,
+ dom->default_domain?"":"not ",
+ dom->readonly?"":"not "));
+ }
+
/* automatically add idmap_nss backend if needed */
if ((lp_server_role() == ROLE_DOMAIN_MEMBER) &&
( ! pri_dom_is_in_list) &&