[SCM] Samba Shared Repository - branch master updated

Fri Jun 21 04:50:02 MDT 2013

The branch, master has been updated
       via  ad86e2a s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals with BUILTIN
       via  2d2d13e s3:passdb add a gid argument to pdb_create_builtin_alias
       via  212baed s3:utils/net_sam make use of pdb_create_builtin helper function
       via  df41835 s3:passdb expose pdb_create_builtin function
       via  6a048b4 s3:passdb/pdb_tdb add parameter to control handling of BUILTIN
       via  324b3cc s3:passdb/pdb_ldap remove an unnecessary check
       via  01e094b s3:passdb/pdb_ldap make the module handle well-known
       via  987de8a s3:passdb make pdb_sid_to_id honor backend responsibilities
       via  55dd9e6 s3:passdb/pdb_samba_dsdb make the module handle well-known
       via  56df37d s3:lib/util_sid_passdb make use of pdb_is_responsible_for_* functions
       via  0ad38d7 s3:passdb add pdb_*_is_responsible_for* functions
       via  9eb67f2 s3:passdb add idmap control functions
       via  0ad89c3 s3:passdb/samba_dsdb fix some compiler warnings
       via  e211b5c s3:passdb/samba_dsdb fix a compiler warning
       via  e17bc56 s3:utils/net_lookup fix a format-error
      from  88c72fc s4-winbind: Add special case for BUILTIN domain

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ad86e2a599812bc7b7d0037d3acd3f3e6973c4be
Author: Christian Ambach <ambi at samba.org>
Date:   Tue Jun 18 17:06:52 2013 +0200

    s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals with BUILTIN
    
    when creating a BUILTIN group, make the strategy dependent on passdb backend behavior
    1. if passdb is responsible for BUILTIN (normal case), call pdb_create_builtin_alias with gid=0 argument
    so it asks winbindd for a gid to be used
    2. if passdb is not responsible, ask for a mapping for the group first and let pdb_create_builtin_alias
    create the mapping based on the gid that was determined in the mapping request
    
    Pair-Programmed-With: Michael Adam <obnox at samba.org>
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Signed-off-by: Michael Adam <obnox at samba.org>
    
    Autobuild-User(master): Michael Adam <obnox at samba.org>
    Autobuild-Date(master): Fri Jun 21 12:49:10 CEST 2013 on sn-devel-104

commit 2d2d13ee6104f21fa4a3ec845f216084a24da0b2
Author: Christian Ambach <ambi at samba.org>
Date:   Tue Jun 18 16:30:31 2013 +0200

    s3:passdb add a gid argument to pdb_create_builtin_alias
    
    make it possible to skip the allocation of a new gid from winbind
    by specifying the gid to be used
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

commit 212baedcd579aa584e31225932afe4a3a07c891e
Author: Christian Ambach <ambi at samba.org>
Date:   Sat Jun 1 21:32:42 2013 +0200

    s3:utils/net_sam make use of pdb_create_builtin helper function
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

commit df41835eea828173f8678b24c2db0ec23045a26d
Author: Christian Ambach <ambi at samba.org>
Date:   Sat Jun 1 21:32:19 2013 +0200

    s3:passdb expose pdb_create_builtin function
    
    this one first tries to map the principal before
    allocating a new gid
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

commit 6a048b424a2ecf38614aa6912f0d8c8a26c87ad5
Author: Christian Ambach <ambi at samba.org>
Date:   Mon May 27 14:48:27 2013 +0200

    s3:passdb/pdb_tdb add parameter to control handling of BUILTIN
    
    with tdbsam:map builtin, one can control if tdbsam should
    be used to map entries from BUILTIN or not.
    By default, they will be mapped (as in older releases)
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

commit 324b3cc00cb97ff8d13bb3dd42e6fdcf0bea67a5
Author: Christian Ambach <ambi at samba.org>
Date:   Mon May 27 14:43:40 2013 +0200

    s3:passdb/pdb_ldap remove an unnecessary check
    
    as general passdb code already verifies for which
    idmap domains the module is responsible, requests for
    other domains should not come in here any more
    
    Pair-Programmed-With: Michael Adam <obnox at samba.org>
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 01e094b53ff87ca83993e59196efa2c7adca1eec
Author: Christian Ambach <ambi at samba.org>
Date:   Tue Jun 18 10:43:38 2013 +0200

    s3:passdb/pdb_ldap make the module handle well-known
    
    overwrite the passdb defaults and let this module handle well-knowns
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

commit 987de8a971bf9730c92406234d4a0f3a23a92dda
Author: Christian Ambach <ambi at samba.org>
Date:   Tue Jun 18 10:47:33 2013 +0200

    s3:passdb make pdb_sid_to_id honor backend responsibilities
    
    only ask passdb backend for mapping if it is responsible
    
    Pair-Programmed-With: Michael Adam <obnox at samba.org>
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 55dd9e6a9cf70fbead0a7af277da092ded221d46
Author: Christian Ambach <ambi at samba.org>
Date:   Tue Jun 18 10:43:38 2013 +0200

    s3:passdb/pdb_samba_dsdb make the module handle well-known
    
    overwrite the passdb defaults and let this module handle well-knowns
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

commit 56df37d332d8cb18f28c7a48376795916eaa050d
Author: Christian Ambach <ambi at samba.org>
Date:   Tue Jun 18 10:39:10 2013 +0200

    s3:lib/util_sid_passdb make use of pdb_is_responsible_for_* functions
    
    ask passdb to determine if sid/object should be handled by passdb or not
    
    Pair-Programmed-With: Michael Adam <obnox at samba.org>
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 0ad38d777f442b5da10c39c9c5695c4d857d7141
Author: Christian Ambach <ambi at samba.org>
Date:   Mon May 27 12:24:22 2013 +0200

    s3:passdb add pdb_*_is_responsible_for* functions
    
    allows PDB modules to specify for which special domains they
    are responsible when it comes to SID->xid conversion
    
    By default, passdb modules will be responsible for local BUILTIN,
    local SAM and Unix Users/Groups
    
    Pair-Programmed-With: Michael Adam <obnox at samba.org>
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 9eb67f259f91e31dfb6a7abf2b42ec8a4ce9f837
Author: Christian Ambach <ambi at samba.org>
Date:   Mon Jun 17 16:32:02 2013 +0200

    s3:passdb add idmap control functions
    
    make it possible for each backend to specify for which domains
    it should be asked for SID->xid mappings
    
    Pair-Programmed-With: Michael Adam <obnox at samba.org>
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 0ad89c3cc96ce9f66325424adc96babdcc2781d5
Author: Christian Ambach <ambi at samba.org>
Date:   Mon May 27 13:28:47 2013 +0200

    s3:passdb/samba_dsdb fix some compiler warnings
    
    about gids and group_sids being potentially uninitialized
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

commit e211b5c5d248756eb48a60ac05144a346e111a5e
Author: Christian Ambach <ambi at samba.org>
Date:   Mon May 27 13:33:24 2013 +0200

    s3:passdb/samba_dsdb fix a compiler warning
    
    about discarding const modifier
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

commit e17bc56cafb6a6338b5edda20f53161c0af63a5c
Author: Christian Ambach <ambi at samba.org>
Date:   Fri Jun 21 10:10:04 2013 +0200

    s3:utils/net_lookup fix a format-error
    
    clang complains about short being used for unsigned as format-error
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/groupdb/mapping.c       |   34 ++++++++++------
 source3/include/passdb.h        |   17 +++++++-
 source3/lib/util_sid_passdb.c   |   49 ++++++++++++++++-------
 source3/passdb/ABI/pdb-0.sigs   |    8 +++-
 source3/passdb/pdb_interface.c  |   81 +++++++++++++++++++++++++++++++++++++++
 source3/passdb/pdb_ldap.c       |   11 +++--
 source3/passdb/pdb_samba_dsdb.c |   13 +++++-
 source3/passdb/pdb_tdb.c        |   10 +++++
 source3/passdb/pdb_util.c       |   43 +++++++++++++++++---
 source3/utils/net_lookup.c      |    2 +-
 source3/utils/net_sam.c         |    2 +-
 11 files changed, 224 insertions(+), 46 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index c6fcc8a..e3d52b7 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -790,15 +790,19 @@ NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods,
 	return NT_STATUS_UNSUCCESSFUL;
 }
 
-/********************************************************************
- Really just intended to be called by smbd
-********************************************************************/
-
-NTSTATUS pdb_create_builtin_alias(uint32 rid)
+/**
+* @brief Add a new group mapping
+*
+* @param[in] gid gid to use to store the mapping. If gid is 0,
+*                new gid will be allocated from winbind
+*
+* @return Normal NTSTATUS return
+*/
+NTSTATUS pdb_create_builtin_alias(uint32 rid, gid_t gid)
 {
 	struct dom_sid sid;
 	enum lsa_SidType type;
-	gid_t gid;
+	gid_t gidformap;
 	GROUP_MAP *map;
 	NTSTATUS status;
 	const char *name = NULL;
@@ -820,15 +824,21 @@ NTSTATUS pdb_create_builtin_alias(uint32 rid)
 		goto done;
 	}
 
-	if (!winbind_allocate_gid(&gid)) {
-		DEBUG(3, ("pdb_create_builtin_alias: Could not get a gid out of winbind\n"));
-		status = NT_STATUS_ACCESS_DENIED;
-		goto done;
+	if (gid == 0) {
+		if (!winbind_allocate_gid(&gidformap)) {
+			DEBUG(3, ("pdb_create_builtin_alias: Could not get a "
+				  "gid out of winbind\n"));
+			status = NT_STATUS_ACCESS_DENIED;
+			goto done;
+		}
+	} else {
+		gidformap = gid;
 	}
 
-	DEBUG(10, ("Creating alias %s with gid %u\n", name, (unsigned)gid));
+	DEBUG(10, ("Creating alias %s with gid %u\n", name,
+		   (unsigned) gidformap));
 
-	map->gid = gid;
+	map->gid = gidformap;
 	sid_copy(&map->sid, &sid);
 	map->sid_name_use = SID_NAME_ALIAS;
 	map->nt_name = talloc_strdup(map, name);
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 5e5a7bf..637c55a 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -123,7 +123,7 @@ NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods,
 					   enum lsa_SidType sid_name_use,
 					   GROUP_MAP **rmap, size_t *num_entries,
 					   bool unix_only);
-NTSTATUS pdb_create_builtin_alias(uint32_t rid);
+NTSTATUS pdb_create_builtin_alias(uint32_t rid, gid_t gid);
 
 
 /* passdb headers */
@@ -413,9 +413,10 @@ enum pdb_policy_type {
  * Changed to 19, removed uid_to_rid
  * Changed to 20, pdb_secret calls
  * Changed to 21, set/enum_upn_suffixes. AB.
+ * Changed to 22, idmap control functions
  */
 
-#define PASSDB_INTERFACE_VERSION 21
+#define PASSDB_INTERFACE_VERSION 22
 
 struct pdb_methods 
 {
@@ -624,6 +625,12 @@ struct pdb_methods
 				     uint32_t num_suffixes,
 				     const char **suffixes);
 
+	bool (*is_responsible_for_our_sam)(struct pdb_methods *methods);
+	bool (*is_responsible_for_builtin)(struct pdb_methods *methods);
+	bool (*is_responsible_for_wellknown)(struct pdb_methods *methods);
+	bool (*is_responsible_for_unix_users)(struct pdb_methods *methods);
+	bool (*is_responsible_for_unix_groups)(struct pdb_methods *methods);
+
 	void *private_data;  /* Private data of some kind */
 
 	void (*free_private_data)(void **);
@@ -927,9 +934,15 @@ NTSTATUS pdb_enum_upn_suffixes(TALLOC_CTX *mem_ctx,
 
 NTSTATUS pdb_set_upn_suffixes(uint32_t num_suffixes,
 			      const char **suffixes);
+bool pdb_is_responsible_for_our_sam(void);
+bool pdb_is_responsible_for_builtin(void);
+bool pdb_is_responsible_for_wellknown(void);
+bool pdb_is_responsible_for_unix_users(void);
+bool pdb_is_responsible_for_unix_groups(void);
 
 /* The following definitions come from passdb/pdb_util.c  */
 
+NTSTATUS pdb_create_builtin(uint32_t rid);
 NTSTATUS create_builtin_users(const struct dom_sid *sid);
 NTSTATUS create_builtin_administrators(const struct dom_sid *sid);
 
diff --git a/source3/lib/util_sid_passdb.c b/source3/lib/util_sid_passdb.c
index 33fb542..0138c7d 100644
--- a/source3/lib/util_sid_passdb.c
+++ b/source3/lib/util_sid_passdb.c
@@ -21,6 +21,7 @@
 #include "includes.h"
 #include "lib/util_sid_passdb.h"
 #include "passdb/machine_sid.h"
+#include "passdb.h"
 
 /**
  * check whether this is an object-sid that should
@@ -28,23 +29,29 @@
  */
 bool sid_check_object_is_for_passdb(const struct dom_sid *sid)
 {
-	if (sid_check_is_in_our_sam(sid)) {
+	if (sid_check_is_in_our_sam(sid) && pdb_is_responsible_for_our_sam()) {
 		return true;
 	}
 
-	if (sid_check_is_in_builtin(sid)) {
+	if (sid_check_is_in_builtin(sid) && pdb_is_responsible_for_builtin()) {
 		return true;
 	}
 
-	if (sid_check_is_in_wellknown_domain(sid)) {
+	if (sid_check_is_in_wellknown_domain(sid) &&
+	    pdb_is_responsible_for_wellknown())
+	{
 		return true;
 	}
 
-	if (sid_check_is_in_unix_users(sid)) {
+	if (sid_check_is_in_unix_users(sid) &&
+	    pdb_is_responsible_for_unix_users())
+	{
 		return true;
 	}
 
-	if (sid_check_is_in_unix_groups(sid)) {
+	if (sid_check_is_in_unix_groups(sid) &&
+	    pdb_is_responsible_for_unix_groups())
+	{
 		return true;
 	}
 
@@ -56,43 +63,55 @@ bool sid_check_object_is_for_passdb(const struct dom_sid *sid)
  */
 bool sid_check_is_for_passdb(const struct dom_sid *sid)
 {
-	if (sid_check_is_our_sam(sid)) {
+	if (sid_check_is_our_sam(sid) && pdb_is_responsible_for_our_sam()) {
 		return true;
 	}
 
-	if (sid_check_is_in_our_sam(sid)) {
+	if (sid_check_is_in_our_sam(sid) && pdb_is_responsible_for_our_sam()) {
 		return true;
 	}
 
-	if (sid_check_is_builtin(sid)) {
+	if (sid_check_is_builtin(sid) && pdb_is_responsible_for_builtin()) {
 		return true;
 	}
 
-	if (sid_check_is_in_builtin(sid)) {
+	if (sid_check_is_in_builtin(sid) && pdb_is_responsible_for_builtin()) {
 		return true;
 	}
 
-	if (sid_check_is_wellknown_domain(sid, NULL)) {
+	if (sid_check_is_wellknown_domain(sid, NULL) &&
+	    pdb_is_responsible_for_wellknown())
+	{
 		return true;
 	}
 
-	if (sid_check_is_in_wellknown_domain(sid)) {
+	if (sid_check_is_in_wellknown_domain(sid) &&
+	    pdb_is_responsible_for_wellknown())
+	{
 		return true;
 	}
 
-	if (sid_check_is_unix_users(sid)) {
+	if (sid_check_is_unix_users(sid) &&
+	    pdb_is_responsible_for_unix_users())
+	{
 		return true;
 	}
 
-	if (sid_check_is_in_unix_users(sid)) {
+	if (sid_check_is_in_unix_users(sid) &&
+	    pdb_is_responsible_for_unix_users())
+	{
 		return true;
 	}
 
-	if (sid_check_is_unix_groups(sid)) {
+	if (sid_check_is_unix_groups(sid) &&
+	    pdb_is_responsible_for_unix_groups())
+	{
 		return true;
 	}
 
-	if (sid_check_is_in_unix_groups(sid)) {
+	if (sid_check_is_in_unix_groups(sid) &&
+	    pdb_is_responsible_for_unix_groups())
+	{
 		return true;
 	}
 
diff --git a/source3/passdb/ABI/pdb-0.sigs b/source3/passdb/ABI/pdb-0.sigs
index 51810ef..ccb371b 100644
--- a/source3/passdb/ABI/pdb-0.sigs
+++ b/source3/passdb/ABI/pdb-0.sigs
@@ -19,6 +19,7 @@ algorithmic_rid_base: int (void)
 builtin_domain_name: const char *(void)
 cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *)
 cache_account_policy_set: bool (enum pdb_policy_type, uint32_t)
+pdb_create_builtin: NTSTATUS (uint32_t)
 create_builtin_administrators: NTSTATUS (const struct dom_sid *)
 create_builtin_users: NTSTATUS (const struct dom_sid *)
 decode_account_policy_name: const char *(enum pdb_policy_type)
@@ -73,7 +74,7 @@ pdb_build_fields_present: uint32_t (struct samu *)
 pdb_capabilities: uint32_t (void)
 pdb_copy_sam_account: bool (struct samu *, struct samu *)
 pdb_create_alias: NTSTATUS (const char *, uint32_t *)
-pdb_create_builtin_alias: NTSTATUS (uint32_t)
+pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t)
 pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *)
 pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *)
 pdb_decode_acct_ctrl: uint32_t (const char *)
@@ -90,6 +91,11 @@ pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid
 pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
 pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
 pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
+pdb_is_responsible_for_our_sam: bool (void)
+pdb_is_responsible_for_builtin: bool (void)
+pdb_is_responsible_for_wellknown: bool (void)
+pdb_is_responsible_for_unix_users: bool (void)
+pdb_is_responsible_for_unix_groups: bool (void)
 pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
 pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
 pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 36dde6f..ea67e2f 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -34,6 +34,7 @@
 #include "../libcli/security/security.h"
 #include "../lib/util/util_pw.h"
 #include "passdb/pdb_secrets.h"
+#include "lib/util_sid_passdb.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_PASSDB
@@ -1217,6 +1218,12 @@ bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid)
 bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id)
 {
 	struct pdb_methods *pdb = pdb_get_methods();
+
+	/* only ask the backend if it is responsible */
+	if (!sid_check_object_is_for_passdb(sid)) {
+		return false;
+	}
+
 	return pdb->sid_to_id(pdb, sid, id);
 }
 
@@ -2374,6 +2381,69 @@ NTSTATUS pdb_set_upn_suffixes(uint32_t num_suffixes,
 }
 
 /*******************************************************************
+ idmap control methods
+ *******************************************************************/
+static bool pdb_default_is_responsible_for_our_sam(
+					struct pdb_methods *methods)
+{
+	return true;
+}
+
+static bool pdb_default_is_responsible_for_builtin(
+					struct pdb_methods *methods)
+{
+	return true;
+}
+
+static bool pdb_default_is_responsible_for_wellknown(
+					struct pdb_methods *methods)
+{
+	return false;
+}
+
+static bool pdb_default_is_responsible_for_unix_users(
+					struct pdb_methods *methods)
+{
+	return true;
+}
+
+static bool pdb_default_is_responsible_for_unix_groups(
+					struct pdb_methods *methods)
+{
+	return true;
+}
+
+bool pdb_is_responsible_for_our_sam(void)
+{
+	struct pdb_methods *pdb = pdb_get_methods();
+	return pdb->is_responsible_for_our_sam(pdb);
+}
+
+bool pdb_is_responsible_for_builtin(void)
+{
+	struct pdb_methods *pdb = pdb_get_methods();
+	return pdb->is_responsible_for_builtin(pdb);
+}
+
+bool pdb_is_responsible_for_wellknown(void)
+{
+	struct pdb_methods *pdb = pdb_get_methods();
+	return pdb->is_responsible_for_wellknown(pdb);
+}
+
+bool pdb_is_responsible_for_unix_users(void)
+{
+	struct pdb_methods *pdb = pdb_get_methods();
+	return pdb->is_responsible_for_unix_users(pdb);
+}
+
+bool pdb_is_responsible_for_unix_groups(void)
+{
+	struct pdb_methods *pdb = pdb_get_methods();
+	return pdb->is_responsible_for_unix_groups(pdb);
+}
+
+/*******************************************************************
  secret methods
  *******************************************************************/
 
@@ -2523,5 +2593,16 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods )
 	(*methods)->enum_upn_suffixes = pdb_default_enum_upn_suffixes;
 	(*methods)->set_upn_suffixes  = pdb_default_set_upn_suffixes;
 
+	(*methods)->is_responsible_for_our_sam =
+				pdb_default_is_responsible_for_our_sam;
+	(*methods)->is_responsible_for_builtin =
+				pdb_default_is_responsible_for_builtin;
+	(*methods)->is_responsible_for_wellknown =
+				pdb_default_is_responsible_for_wellknown;
+	(*methods)->is_responsible_for_unix_users =
+				pdb_default_is_responsible_for_unix_users;
+	(*methods)->is_responsible_for_unix_groups =
+				pdb_default_is_responsible_for_unix_groups;
+
 	return NT_STATUS_OK;
 }
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 0905ab4..d7db4d8 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -4916,10 +4916,6 @@ static bool ldapsam_sid_to_id(struct pdb_methods *methods,
 
 	TALLOC_CTX *mem_ctx;
 
-	if (!sid_check_object_is_for_passdb(sid)) {
-		return false;
-	}
-
 	ret = pdb_sid_to_id_unix_users_and_groups(sid, id);
 	if (ret == true) {
 		return true;
@@ -6435,6 +6431,11 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c
 	return NT_STATUS_OK;
 }
 
+static bool ldapsam_is_responsible_for_wellknown(struct pdb_methods *m)
+{
+	return true;
+}
+
 /**********************************************************************
  Initialise the normal mode for pdb_ldap
  *********************************************************************/
@@ -6472,6 +6473,8 @@ NTSTATUS pdb_ldapsam_init_common(struct pdb_methods **pdb_method,
 	(*pdb_method)->search_users = ldapsam_search_users;
 	(*pdb_method)->search_groups = ldapsam_search_groups;
 	(*pdb_method)->search_aliases = ldapsam_search_aliases;
+	(*pdb_method)->is_responsible_for_wellknown =
+					ldapsam_is_responsible_for_wellknown;
 
 	if (lp_parm_bool(-1, "ldapsam", "trusted", False)) {
 		(*pdb_method)->enum_group_members = ldapsam_enum_group_members;
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 0ff2e0a..3fc266c 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -1201,8 +1201,8 @@ static NTSTATUS fake_enum_group_memberships(struct pdb_samba_dsdb_state *state,
 {
 	NTSTATUS status;
 	size_t num_groups = 0;
-	struct dom_sid *group_sids;
-	gid_t *gids;
+	struct dom_sid *group_sids = NULL;
+	gid_t *gids = NULL;
 	TALLOC_CTX *tmp_ctx;
 
 	tmp_ctx = talloc_new(mem_ctx);
@@ -2065,7 +2065,7 @@ static bool pdb_samba_dsdb_sid_to_id(struct pdb_methods *m, const struct dom_sid
 	}
 
 	ZERO_STRUCT(id_map);
-	id_map.sid = sid;
+	id_map.sid = discard_const_p(struct dom_sid, sid);
 	id_maps[0] = &id_map;
 	id_maps[1] = NULL;
 
@@ -2122,6 +2122,11 @@ static NTSTATUS pdb_samba_dsdb_enum_trusteddoms(struct pdb_methods *m,
 	return NT_STATUS_OK;
 }
 
+static bool pdb_samba_dsdb_is_responsible_for_wellknown(struct pdb_methods *m)
+{
+	return true;
+}
+
 static void pdb_samba_dsdb_init_methods(struct pdb_methods *m)
 {
 	m->name = "samba_dsdb";
@@ -2173,6 +2178,8 @@ static void pdb_samba_dsdb_init_methods(struct pdb_methods *m)
 	m->set_trusteddom_pw = pdb_samba_dsdb_set_trusteddom_pw;
 	m->del_trusteddom_pw = pdb_samba_dsdb_del_trusteddom_pw;
 	m->enum_trusteddoms = pdb_samba_dsdb_enum_trusteddoms;
+	m->is_responsible_for_wellknown =
+				pdb_samba_dsdb_is_responsible_for_wellknown;
 }
 
 static void free_private_data(void **vp)
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index bd6e123..f256e6c 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -59,6 +59,7 @@ static int tdbsam_debug_level = DBGC_ALL;
 
 static struct db_context *db_sam;
 static char *tdbsam_filename;
+static bool map_builtin;
 
 struct tdbsam_convert_state {
 	int32_t from;
@@ -1276,6 +1277,11 @@ static bool tdbsam_search_users(struct pdb_methods *methods,
 	return true;
 }
 
+static bool tdbsam_is_responsible_for_builtin(struct pdb_methods *m)
+{
+	return map_builtin;
+}
+
 /*********************************************************************
  Initialize the tdb sam backend.  Setup the dispath table of methods,
  open the tdb, etc...
@@ -1304,6 +1310,10 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc
 	(*pdb_method)->capabilities = tdbsam_capabilities;
 	(*pdb_method)->new_rid = tdbsam_new_rid;
 
+	(*pdb_method)->is_responsible_for_builtin =
+					tdbsam_is_responsible_for_builtin;
+	map_builtin = lp_parm_bool(-1, "tdbsam", "map builtin", true);
+
 	/* save the path for later */
 
 	if (!location) {
diff --git a/source3/passdb/pdb_util.c b/source3/passdb/pdb_util.c
index 3b7377c..bf7b2b8 100644
--- a/source3/passdb/pdb_util.c
+++ b/source3/passdb/pdb_util.c
@@ -26,6 +26,7 @@
 #include "../libcli/security/security.h"
 #include "passdb.h"
 #include "lib/winbind_util.h"
+#include "../librpc/gen_ndr/idmap.h"
 
 /**
  * Add sid as a member of builtin_sid.
@@ -67,21 +68,49 @@ static NTSTATUS add_sid_to_builtin(const struct dom_sid *builtin_sid,
  * @param[in] rid BUILTIN rid to create


-- 
Samba Shared Repository
