From 0bedec7abea5f8dea5d6bd1fbb600f7beebabef9 Mon Sep 17 00:00:00 2001 From: Christian Ambach Date: Mon, 7 May 2012 19:14:56 +0200 Subject: s3:winbindd/autorid add ignore builtin parameter BUILTIN should be handled by passdb, however if passdb does not know about a SID, autorid creates a range for BUILTIN and does deterministic mapping make it possible to turn off this behavior --- source3/winbindd/idmap_autorid.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'source3/winbindd/idmap_autorid.c') diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c index d3b38bd398..08dcc6595f 100644 --- a/source3/winbindd/idmap_autorid.c +++ b/source3/winbindd/idmap_autorid.c @@ -46,6 +46,7 @@ struct autorid_global_config { uint32_t minvalue; uint32_t rangesize; uint32_t maxranges; + bool ignore_builtin; }; struct autorid_domain_config { @@ -492,6 +493,8 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom, ZERO_STRUCT(domaincfg); + DEBUG(10, ("Trying to map %s\n", sid_string_dbg(ids[i]->sid))); + sid_copy(&domainsid, ids[i]->sid); if (!sid_split_rid(&domainsid, &rid)) { DEBUG(4, ("Could not determine domain SID from %s, " @@ -525,6 +528,13 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom, continue; } + /* BUILTIN is passdb's job */ + if (dom_sid_equal(&domainsid, &global_sid_Builtin) && + global->ignore_builtin) { + DEBUG(10, ("Ignoring request for BUILTIN domain\n")); + continue; + } + /* * Check if the domain is around */ @@ -869,6 +879,9 @@ static NTSTATUS idmap_autorid_initialize(struct idmap_domain *dom) DEBUG(5, ("%d domain ranges with a size of %d are available\n", config->maxranges, config->rangesize)); + config->ignore_builtin = lp_parm_bool(-1, "idmap config *", + "ignore builtin", false); + /* fill the TDB common configuration */ commonconfig->private_data = config; -- cgit