diff options
| -rw-r--r-- | source3/nsswitch/winbindd.c | 13 | ||||
| -rw-r--r-- | source3/sam/idmap.c | 29 |
2 files changed, 34 insertions, 8 deletions
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index a98bd29406..50b6f0a87f 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -869,16 +869,13 @@ int main(int argc, char **argv) ZERO_STRUCT(server_state); - if (!winbindd_param_init()) - return 1; - /* Winbind daemon initialisation */ - if (!winbindd_upgrade_idmap()) - return 1; - - if (!idmap_init(lp_idmap_backend())) - return 1; + if ( (!winbindd_param_init()) || (!winbindd_upgrade_idmap()) || + (!idmap_init(lp_idmap_backend())) ) { + DEBUG(1, ("Could not init idmap -- netlogon proxy only\n")); + idmap_proxyonly(); + } generate_wellknown_sids(); diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c index 4d8b768c2f..bbb4980c76 100644 --- a/source3/sam/idmap.c +++ b/source3/sam/idmap.c @@ -36,6 +36,8 @@ static struct idmap_function_entry *backends = NULL; static struct idmap_methods *cache_map; static struct idmap_methods *remote_map; +static BOOL proxyonly = False; + /********************************************************************** Get idmap methods. Don't allow tdb to be a remote method. **********************************************************************/ @@ -144,6 +146,15 @@ BOOL idmap_init(const char *remote_backend) } /************************************************************************** + Don't do id mapping. This is used to make winbind a netlogon proxy only. +**************************************************************************/ + +void idmap_proxyonly(void) +{ + proxyonly = True; +} + +/************************************************************************** This is a rare operation, designed to allow an explicit mapping to be set up for a sid to a POSIX id. **************************************************************************/ @@ -153,6 +164,9 @@ NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type) struct idmap_methods *map = remote_map; DOM_SID tmp_sid; + if (proxyonly) + return NT_STATUS_UNSUCCESSFUL; + DEBUG(10, ("idmap_set_mapping: Set %s to %s %lu\n", sid_string_static(sid), ((id_type & ID_TYPEMASK) == ID_USERID) ? "UID" : "GID", @@ -186,6 +200,9 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) NTSTATUS ret; int loc_type; + if (proxyonly) + return NT_STATUS_UNSUCCESSFUL; + loc_type = *id_type; if (remote_map) { @@ -227,6 +244,9 @@ NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) NTSTATUS ret; int loc_type; + if (proxyonly) + return NT_STATUS_UNSUCCESSFUL; + loc_type = id_type; if (remote_map) { loc_type = id_type | ID_QUERY_ONLY; @@ -260,6 +280,9 @@ NTSTATUS idmap_allocate_id(unid_t *id, int id_type) { /* we have to allocate from the authoritative backend */ + if (proxyonly) + return NT_STATUS_UNSUCCESSFUL; + if ( remote_map ) return remote_map->allocate_id( id, id_type ); @@ -274,6 +297,9 @@ NTSTATUS idmap_allocate_rid(uint32 *rid, int type) { /* we have to allocate from the authoritative backend */ + if (proxyonly) + return NT_STATUS_UNSUCCESSFUL; + if ( remote_map ) return remote_map->allocate_rid( rid, type ); @@ -288,6 +314,9 @@ NTSTATUS idmap_close(void) { NTSTATUS ret; + if (proxyonly) + return NT_STATUS_OK; + ret = cache_map->close(); if (!NT_STATUS_IS_OK(ret)) { DEBUG(3, ("idmap_close: failed to close local tdb cache!\n")); |