diff options
author | Volker Lendecke <vlendec@samba.org> | 2004-06-29 15:46:43 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:52:05 -0500 |
commit | 33c2230524094960b3a22742e7a94ecad8c9d8ab (patch) | |
tree | a9faf474c46d16e01f3322e2a909335a3b14ac8b | |
parent | baf7cf42a6319c9c31c9d29ee8102d5478826a38 (diff) | |
download | samba-33c2230524094960b3a22742e7a94ecad8c9d8ab.tar.gz samba-33c2230524094960b3a22742e7a94ecad8c9d8ab.tar.bz2 samba-33c2230524094960b3a22742e7a94ecad8c9d8ab.zip |
r1297: Yes, it does survive valgrind for my tests :-)
Check in the 'winbind proxy only' mode -- no new parameter required :-)
If you don't set idmap uid or idmap gid, winbind will not do idmap stuff, it
will only proxy the netlogon request and thus speed up the authentication of
domain users.
Volker
(This used to be commit 29235f0c69035376ad7ac27b08a59069fa151102)
-rw-r--r-- | source3/nsswitch/winbindd.c | 13 | ||||
-rw-r--r-- | source3/sam/idmap.c | 29 |
2 files changed, 34 insertions, 8 deletions
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index a98bd29406..50b6f0a87f 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -869,16 +869,13 @@ int main(int argc, char **argv) ZERO_STRUCT(server_state); - if (!winbindd_param_init()) - return 1; - /* Winbind daemon initialisation */ - if (!winbindd_upgrade_idmap()) - return 1; - - if (!idmap_init(lp_idmap_backend())) - return 1; + if ( (!winbindd_param_init()) || (!winbindd_upgrade_idmap()) || + (!idmap_init(lp_idmap_backend())) ) { + DEBUG(1, ("Could not init idmap -- netlogon proxy only\n")); + idmap_proxyonly(); + } generate_wellknown_sids(); diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c index 4d8b768c2f..bbb4980c76 100644 --- a/source3/sam/idmap.c +++ b/source3/sam/idmap.c @@ -36,6 +36,8 @@ static struct idmap_function_entry *backends = NULL; static struct idmap_methods *cache_map; static struct idmap_methods *remote_map; +static BOOL proxyonly = False; + /********************************************************************** Get idmap methods. Don't allow tdb to be a remote method. **********************************************************************/ @@ -144,6 +146,15 @@ BOOL idmap_init(const char *remote_backend) } /************************************************************************** + Don't do id mapping. This is used to make winbind a netlogon proxy only. +**************************************************************************/ + +void idmap_proxyonly(void) +{ + proxyonly = True; +} + +/************************************************************************** This is a rare operation, designed to allow an explicit mapping to be set up for a sid to a POSIX id. **************************************************************************/ @@ -153,6 +164,9 @@ NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type) struct idmap_methods *map = remote_map; DOM_SID tmp_sid; + if (proxyonly) + return NT_STATUS_UNSUCCESSFUL; + DEBUG(10, ("idmap_set_mapping: Set %s to %s %lu\n", sid_string_static(sid), ((id_type & ID_TYPEMASK) == ID_USERID) ? "UID" : "GID", @@ -186,6 +200,9 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) NTSTATUS ret; int loc_type; + if (proxyonly) + return NT_STATUS_UNSUCCESSFUL; + loc_type = *id_type; if (remote_map) { @@ -227,6 +244,9 @@ NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) NTSTATUS ret; int loc_type; + if (proxyonly) + return NT_STATUS_UNSUCCESSFUL; + loc_type = id_type; if (remote_map) { loc_type = id_type | ID_QUERY_ONLY; @@ -260,6 +280,9 @@ NTSTATUS idmap_allocate_id(unid_t *id, int id_type) { /* we have to allocate from the authoritative backend */ + if (proxyonly) + return NT_STATUS_UNSUCCESSFUL; + if ( remote_map ) return remote_map->allocate_id( id, id_type ); @@ -274,6 +297,9 @@ NTSTATUS idmap_allocate_rid(uint32 *rid, int type) { /* we have to allocate from the authoritative backend */ + if (proxyonly) + return NT_STATUS_UNSUCCESSFUL; + if ( remote_map ) return remote_map->allocate_rid( rid, type ); @@ -288,6 +314,9 @@ NTSTATUS idmap_close(void) { NTSTATUS ret; + if (proxyonly) + return NT_STATUS_OK; + ret = cache_map->close(); if (!NT_STATUS_IS_OK(ret)) { DEBUG(3, ("idmap_close: failed to close local tdb cache!\n")); |