And finally IDMAP in 3_0

We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.

Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.

The code has been tested and seem to work right, more testing is needed for
corner cases.

Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)

Simo.
(This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)

1 files changed, 54 insertions, 35 deletions

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 45c95d1258..5740ce1b70 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -8,6 +8,7 @@
    Copyright (C) Simo Sorce 2001
    Copyright (C) Alexander Bokovoy 2002
    Copyright (C) Stefan (metze) Metzmacher 2002
+   Copyright (C) Anthony Liguori 2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -163,10 +164,11 @@ typedef struct
 	BOOL bUtmp;
 #endif
 	char *szSourceEnv;
-	char *szWinbindUID;
-	char *szWinbindGID;
+	char *szIdmapUID;
+	char *szIdmapGID;
+	BOOL *bIdmapOnly;
 	char *szNonUnixAccountRange;
-	BOOL bAlgorithmicRidBase;
+	int AlgorithmicRidBase;
 	char *szTemplateHomedir;
 	char *szTemplateShell;
 	char *szWinbindSeparator;
@@ -174,6 +176,7 @@ typedef struct
 	BOOL bWinbindEnumGroups;
 	BOOL bWinbindUseDefaultDomain;
 	char *szWinbindBackend;
+	char *szIdmapBackend;
 	char *szAddShareCommand;
 	char *szChangeShareCommand;
 	char *szDeleteShareCommand;
@@ -550,8 +553,8 @@ static BOOL handle_include(const char *pszParmValue, char **ptr);
 static BOOL handle_copy(const char *pszParmValue, char **ptr);
 static BOOL handle_source_env(const char *pszParmValue, char **ptr);
 static BOOL handle_netbios_name(const char *pszParmValue, char **ptr);
-static BOOL handle_winbind_uid(const char *pszParmValue, char **ptr);
-static BOOL handle_winbind_gid(const char *pszParmValue, char **ptr);
+static BOOL handle_idmap_uid(const char *pszParmValue, char **ptr);
+static BOOL handle_idmap_gid(const char *pszParmValue, char **ptr);
 static BOOL handle_debug_list( const char *pszParmValue, char **ptr );
 static BOOL handle_workgroup( const char *pszParmValue, char **ptr );
 static BOOL handle_netbios_aliases( const char *pszParmValue, char **ptr );
@@ -759,7 +762,7 @@ static struct parm_struct parm_table[] = {
 	{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
-	{"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.bAlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+	{"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.AlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE | FLAG_DEVELOPER},
@@ -1113,8 +1116,12 @@ static struct parm_struct parm_table[] = {
 
 	{"Winbind options", P_SEP, P_SEPARATOR},
 
-	{"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
-	{"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+	{"idmap only", P_BOOL, P_GLOBAL, &Globals.bIdmapOnly, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+	{"idmap backend", P_STRING, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+	{"idmap uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+	{"winbind uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_HIDE},
+	{"idmap gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+	{"winbind gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_HIDE},
 	{"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
@@ -1122,7 +1129,6 @@ static struct parm_struct parm_table[] = {
 	{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 	{"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
-	{"winbind backend", P_STRING, P_GLOBAL, &Globals.szWinbindBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
 
 	{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
 };
@@ -1311,7 +1317,7 @@ static void init_globals(void)
 	string_set(&Globals.szNameResolveOrder, "lmhosts wins host bcast");
 	string_set(&Globals.szPasswordServer, "*");
 
-	Globals.bAlgorithmicRidBase = BASE_RID;
+	Globals.AlgorithmicRidBase = BASE_RID;
 
 	Globals.bLoadPrinters = True;
 	Globals.mangled_stack = 50;
@@ -1458,7 +1464,7 @@ static void init_globals(void)
 	Globals.bWinbindEnumGroups = True;
 	Globals.bWinbindUseDefaultDomain = False;
 
-	string_set(&Globals.szWinbindBackend, "tdb");
+	Globals.bIdmapOnly = False;
 
 	Globals.name_cache_timeout = 660; /* In seconds */
 
@@ -1636,7 +1642,9 @@ FN_GLOBAL_STRING(lp_acl_compatibility, &Globals.szAclCompat)
 FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers)
 FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups)
 FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain)
-FN_GLOBAL_STRING(lp_winbind_backend, &Globals.szWinbindBackend)
+
+FN_GLOBAL_STRING(lp_idmap_backend, &Globals.szIdmapBackend)
+FN_GLOBAL_BOOL(lp_idmap_only, &Globals.bIdmapOnly)
 
 #ifdef WITH_LDAP_SAMCONFIG
 FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer)
@@ -1847,7 +1855,7 @@ FN_LOCAL_INTEGER(lp_block_size, iBlock_size)
 FN_LOCAL_CHAR(lp_magicchar, magic_char)
 FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
 FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)
-FN_GLOBAL_BOOL(lp_algorithmic_rid_base, &Globals.bAlgorithmicRidBase)
+FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
 FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
 FN_GLOBAL_BOOL(lp_client_signing, &Globals.client_signing)
 
@@ -2839,55 +2847,55 @@ static BOOL handle_copy(const char *pszParmValue, char **ptr)
 }
 
 /***************************************************************************
- Handle winbind uid and gid allocation parameters.  The format of these
+ Handle idmap/non unix account uid and gid allocation parameters.  The format of these
  parameters is:
 
  [global]
 
-        winbind uid = 1000-1999
-        winbind gid = 700-899
+        idmap uid = 1000-1999
+        idmap gid = 700-899
 
  We only do simple parsing checks here.  The strings are parsed into useful
- structures in the winbind daemon code.
+ structures in the idmap daemon code.
 
 ***************************************************************************/
 
-/* Some lp_ routines to return winbind [ug]id information */
+/* Some lp_ routines to return idmap [ug]id information */
 
-static uid_t winbind_uid_low, winbind_uid_high;
-static gid_t winbind_gid_low, winbind_gid_high;
+static uid_t idmap_uid_low, idmap_uid_high;
+static gid_t idmap_gid_low, idmap_gid_high;
 
-BOOL lp_winbind_uid(uid_t *low, uid_t *high)
+BOOL lp_idmap_uid(uid_t *low, uid_t *high)
 {
-        if (winbind_uid_low == 0 || winbind_uid_high == 0)
+        if (idmap_uid_low == 0 || idmap_uid_high == 0)
                 return False;
 
         if (low)
-                *low = winbind_uid_low;
+                *low = idmap_uid_low;
 
         if (high)
-                *high = winbind_uid_high;
+                *high = idmap_uid_high;
 
         return True;
 }
 
-BOOL lp_winbind_gid(gid_t *low, gid_t *high)
+BOOL lp_idmap_gid(gid_t *low, gid_t *high)
 {
-        if (winbind_gid_low == 0 || winbind_gid_high == 0)
+        if (idmap_gid_low == 0 || idmap_gid_high == 0)
                 return False;
 
         if (low)
-                *low = winbind_gid_low;
+                *low = idmap_gid_low;
 
         if (high)
-                *high = winbind_gid_high;
+                *high = idmap_gid_high;
 
         return True;
 }
 
-/* Do some simple checks on "winbind [ug]id" parameter values */
+/* Do some simple checks on "idmap [ug]id" parameter values */
 
-static BOOL handle_winbind_uid(const char *pszParmValue, char **ptr)
+static BOOL handle_idmap_uid(const char *pszParmValue, char **ptr)
 {
 	uint32 low, high;
 
@@ -2898,13 +2906,13 @@ static BOOL handle_winbind_uid(const char *pszParmValue, char **ptr)
 
 	string_set(ptr, pszParmValue);
 
-        winbind_uid_low = low;
-        winbind_uid_high = high;
+        idmap_uid_low = low;
+        idmap_uid_high = high;
 
 	return True;
 }
 
-static BOOL handle_winbind_gid(const char *pszParmValue, char **ptr)
+static BOOL handle_idmap_gid(const char *pszParmValue, char **ptr)
 {
 	uint32 low, high;
 
@@ -2915,8 +2923,8 @@ static BOOL handle_winbind_gid(const char *pszParmValue, char **ptr)
 
 	string_set(ptr, pszParmValue);
 
-        winbind_gid_low = low;
-        winbind_gid_high = high;
+        idmap_gid_low = low;
+        idmap_gid_high = high;
 
 	return True;
 }
@@ -3800,7 +3808,18 @@ static void set_server_role(void)
 				DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
 			break;
 		case SEC_SERVER:
+			if (lp_domain_logons())
+				DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
+			server_role = ROLE_DOMAIN_MEMBER;
+			break;
 		case SEC_DOMAIN:
+			if (lp_domain_logons()) {
+				DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
+				server_role = ROLE_DOMAIN_BDC;
+				break;
+			}
+			server_role = ROLE_DOMAIN_MEMBER;
+			break;
 		case SEC_ADS:
 			if (lp_domain_logons()) {
 				server_role = ROLE_DOMAIN_PDC;