summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Ambach <ambi@samba.org>2012-05-07 19:14:56 +0200
committerChristian Ambach <ambi@samba.org>2012-05-08 09:26:07 +0200
commit0bedec7abea5f8dea5d6bd1fbb600f7beebabef9 (patch)
treeb72266cca2e047bf8bae7a2510a28a19d92adbc1
parentda9723478321565fc552cced964d3e72c69f634b (diff)
downloadsamba-0bedec7abea5f8dea5d6bd1fbb600f7beebabef9.tar.gz
samba-0bedec7abea5f8dea5d6bd1fbb600f7beebabef9.tar.bz2
samba-0bedec7abea5f8dea5d6bd1fbb600f7beebabef9.zip
s3:winbindd/autorid add ignore builtin parameter
BUILTIN should be handled by passdb, however if passdb does not know about a SID, autorid creates a range for BUILTIN and does deterministic mapping make it possible to turn off this behavior
-rw-r--r--source3/winbindd/idmap_autorid.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index d3b38bd398..08dcc6595f 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -46,6 +46,7 @@ struct autorid_global_config {
uint32_t minvalue;
uint32_t rangesize;
uint32_t maxranges;
+ bool ignore_builtin;
};
struct autorid_domain_config {
@@ -492,6 +493,8 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
ZERO_STRUCT(domaincfg);
+ DEBUG(10, ("Trying to map %s\n", sid_string_dbg(ids[i]->sid)));
+
sid_copy(&domainsid, ids[i]->sid);
if (!sid_split_rid(&domainsid, &rid)) {
DEBUG(4, ("Could not determine domain SID from %s, "
@@ -525,6 +528,13 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
continue;
}
+ /* BUILTIN is passdb's job */
+ if (dom_sid_equal(&domainsid, &global_sid_Builtin) &&
+ global->ignore_builtin) {
+ DEBUG(10, ("Ignoring request for BUILTIN domain\n"));
+ continue;
+ }
+
/*
* Check if the domain is around
*/
@@ -869,6 +879,9 @@ static NTSTATUS idmap_autorid_initialize(struct idmap_domain *dom)
DEBUG(5, ("%d domain ranges with a size of %d are available\n",
config->maxranges, config->rangesize));
+ config->ignore_builtin = lp_parm_bool(-1, "idmap config *",
+ "ignore builtin", false);
+
/* fill the TDB common configuration */
commonconfig->private_data = config;