summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2004-06-29 15:46:43 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:52:05 -0500
commit33c2230524094960b3a22742e7a94ecad8c9d8ab (patch)
treea9faf474c46d16e01f3322e2a909335a3b14ac8b
parentbaf7cf42a6319c9c31c9d29ee8102d5478826a38 (diff)
downloadsamba-33c2230524094960b3a22742e7a94ecad8c9d8ab.tar.gz
samba-33c2230524094960b3a22742e7a94ecad8c9d8ab.tar.bz2
samba-33c2230524094960b3a22742e7a94ecad8c9d8ab.zip
r1297: Yes, it does survive valgrind for my tests :-)
Check in the 'winbind proxy only' mode -- no new parameter required :-) If you don't set idmap uid or idmap gid, winbind will not do idmap stuff, it will only proxy the netlogon request and thus speed up the authentication of domain users. Volker (This used to be commit 29235f0c69035376ad7ac27b08a59069fa151102)
-rw-r--r--source3/nsswitch/winbindd.c13
-rw-r--r--source3/sam/idmap.c29
2 files changed, 34 insertions, 8 deletions
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index a98bd29406..50b6f0a87f 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -869,16 +869,13 @@ int main(int argc, char **argv)
ZERO_STRUCT(server_state);
- if (!winbindd_param_init())
- return 1;
-
/* Winbind daemon initialisation */
- if (!winbindd_upgrade_idmap())
- return 1;
-
- if (!idmap_init(lp_idmap_backend()))
- return 1;
+ if ( (!winbindd_param_init()) || (!winbindd_upgrade_idmap()) ||
+ (!idmap_init(lp_idmap_backend())) ) {
+ DEBUG(1, ("Could not init idmap -- netlogon proxy only\n"));
+ idmap_proxyonly();
+ }
generate_wellknown_sids();
diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c
index 4d8b768c2f..bbb4980c76 100644
--- a/source3/sam/idmap.c
+++ b/source3/sam/idmap.c
@@ -36,6 +36,8 @@ static struct idmap_function_entry *backends = NULL;
static struct idmap_methods *cache_map;
static struct idmap_methods *remote_map;
+static BOOL proxyonly = False;
+
/**********************************************************************
Get idmap methods. Don't allow tdb to be a remote method.
**********************************************************************/
@@ -144,6 +146,15 @@ BOOL idmap_init(const char *remote_backend)
}
/**************************************************************************
+ Don't do id mapping. This is used to make winbind a netlogon proxy only.
+**************************************************************************/
+
+void idmap_proxyonly(void)
+{
+ proxyonly = True;
+}
+
+/**************************************************************************
This is a rare operation, designed to allow an explicit mapping to be
set up for a sid to a POSIX id.
**************************************************************************/
@@ -153,6 +164,9 @@ NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
struct idmap_methods *map = remote_map;
DOM_SID tmp_sid;
+ if (proxyonly)
+ return NT_STATUS_UNSUCCESSFUL;
+
DEBUG(10, ("idmap_set_mapping: Set %s to %s %lu\n",
sid_string_static(sid),
((id_type & ID_TYPEMASK) == ID_USERID) ? "UID" : "GID",
@@ -186,6 +200,9 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
NTSTATUS ret;
int loc_type;
+ if (proxyonly)
+ return NT_STATUS_UNSUCCESSFUL;
+
loc_type = *id_type;
if (remote_map) {
@@ -227,6 +244,9 @@ NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
NTSTATUS ret;
int loc_type;
+ if (proxyonly)
+ return NT_STATUS_UNSUCCESSFUL;
+
loc_type = id_type;
if (remote_map) {
loc_type = id_type | ID_QUERY_ONLY;
@@ -260,6 +280,9 @@ NTSTATUS idmap_allocate_id(unid_t *id, int id_type)
{
/* we have to allocate from the authoritative backend */
+ if (proxyonly)
+ return NT_STATUS_UNSUCCESSFUL;
+
if ( remote_map )
return remote_map->allocate_id( id, id_type );
@@ -274,6 +297,9 @@ NTSTATUS idmap_allocate_rid(uint32 *rid, int type)
{
/* we have to allocate from the authoritative backend */
+ if (proxyonly)
+ return NT_STATUS_UNSUCCESSFUL;
+
if ( remote_map )
return remote_map->allocate_rid( rid, type );
@@ -288,6 +314,9 @@ NTSTATUS idmap_close(void)
{
NTSTATUS ret;
+ if (proxyonly)
+ return NT_STATUS_OK;
+
ret = cache_map->close();
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(3, ("idmap_close: failed to close local tdb cache!\n"));