mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
r1297: Yes, it does survive valgrind for my tests :-)
Check in the 'winbind proxy only' mode -- no new parameter required :-)
If you don't set idmap uid or idmap gid, winbind will not do idmap stuff, it
will only proxy the netlogon request and thus speed up the authentication of
domain users.
Volker
(This used to be commit 29235f0c69
)
This commit is contained in:
parent
baf7cf42a6
commit
33c2230524
@ -869,16 +869,13 @@ int main(int argc, char **argv)
|
||||
|
||||
ZERO_STRUCT(server_state);
|
||||
|
||||
if (!winbindd_param_init())
|
||||
return 1;
|
||||
|
||||
/* Winbind daemon initialisation */
|
||||
|
||||
if (!winbindd_upgrade_idmap())
|
||||
return 1;
|
||||
|
||||
if (!idmap_init(lp_idmap_backend()))
|
||||
return 1;
|
||||
if ( (!winbindd_param_init()) || (!winbindd_upgrade_idmap()) ||
|
||||
(!idmap_init(lp_idmap_backend())) ) {
|
||||
DEBUG(1, ("Could not init idmap -- netlogon proxy only\n"));
|
||||
idmap_proxyonly();
|
||||
}
|
||||
|
||||
generate_wellknown_sids();
|
||||
|
||||
|
@ -36,6 +36,8 @@ static struct idmap_function_entry *backends = NULL;
|
||||
static struct idmap_methods *cache_map;
|
||||
static struct idmap_methods *remote_map;
|
||||
|
||||
static BOOL proxyonly = False;
|
||||
|
||||
/**********************************************************************
|
||||
Get idmap methods. Don't allow tdb to be a remote method.
|
||||
**********************************************************************/
|
||||
@ -143,6 +145,15 @@ BOOL idmap_init(const char *remote_backend)
|
||||
return True;
|
||||
}
|
||||
|
||||
/**************************************************************************
|
||||
Don't do id mapping. This is used to make winbind a netlogon proxy only.
|
||||
**************************************************************************/
|
||||
|
||||
void idmap_proxyonly(void)
|
||||
{
|
||||
proxyonly = True;
|
||||
}
|
||||
|
||||
/**************************************************************************
|
||||
This is a rare operation, designed to allow an explicit mapping to be
|
||||
set up for a sid to a POSIX id.
|
||||
@ -153,6 +164,9 @@ NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
|
||||
struct idmap_methods *map = remote_map;
|
||||
DOM_SID tmp_sid;
|
||||
|
||||
if (proxyonly)
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
DEBUG(10, ("idmap_set_mapping: Set %s to %s %lu\n",
|
||||
sid_string_static(sid),
|
||||
((id_type & ID_TYPEMASK) == ID_USERID) ? "UID" : "GID",
|
||||
@ -186,6 +200,9 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
|
||||
NTSTATUS ret;
|
||||
int loc_type;
|
||||
|
||||
if (proxyonly)
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
loc_type = *id_type;
|
||||
|
||||
if (remote_map) {
|
||||
@ -227,6 +244,9 @@ NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
|
||||
NTSTATUS ret;
|
||||
int loc_type;
|
||||
|
||||
if (proxyonly)
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
loc_type = id_type;
|
||||
if (remote_map) {
|
||||
loc_type = id_type | ID_QUERY_ONLY;
|
||||
@ -260,6 +280,9 @@ NTSTATUS idmap_allocate_id(unid_t *id, int id_type)
|
||||
{
|
||||
/* we have to allocate from the authoritative backend */
|
||||
|
||||
if (proxyonly)
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
if ( remote_map )
|
||||
return remote_map->allocate_id( id, id_type );
|
||||
|
||||
@ -274,6 +297,9 @@ NTSTATUS idmap_allocate_rid(uint32 *rid, int type)
|
||||
{
|
||||
/* we have to allocate from the authoritative backend */
|
||||
|
||||
if (proxyonly)
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
if ( remote_map )
|
||||
return remote_map->allocate_rid( rid, type );
|
||||
|
||||
@ -288,6 +314,9 @@ NTSTATUS idmap_close(void)
|
||||
{
|
||||
NTSTATUS ret;
|
||||
|
||||
if (proxyonly)
|
||||
return NT_STATUS_OK;
|
||||
|
||||
ret = cache_map->close();
|
||||
if (!NT_STATUS_IS_OK(ret)) {
|
||||
DEBUG(3, ("idmap_close: failed to close local tdb cache!\n"));
|
||||
|
Loading…
Reference in New Issue
Block a user