[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Sun Jun 15 18:54:03 MDT 2014
The branch, master has been updated
via 26ab17f s4-winbind: Use winbindd in the AD DC for fl2003dc and plugin_s4_dc
via ad53370 s3-winbindd: Honour pdb_is_responsible_for_everything_else()
via b359b0c passdb: Allow a passdb module to do idmap for everything
from c709328 vfs:gpfs: fix a debug message
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 26ab17fa01ff89b3a67efad403561f404a3848a4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue May 20 10:15:31 2014 +1200
s4-winbind: Use winbindd in the AD DC for fl2003dc and plugin_s4_dc
(Including changes to knownfail to match the new winbindd in use in each environment)
Change-Id: I9e08086eba98e95e05a99afef28315e2857aae56
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jun 16 02:53:49 CEST 2014 on sn-devel-104
commit ad533709e5f98230cc3f6b79afecf2c6e057a4b8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 28 15:37:19 2014 +1300
s3-winbindd: Honour pdb_is_responsible_for_everything_else()
This allows us to avoid running idmap_init_default_domain() which
gives an error in the default AD DC config.
Andrew Bartlett
Change-Id: I923bd941951f6a907e6fa1ad167e5218a01040ff
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim at samba.org>
commit b359b0c160e6c13249a6226583dec9553874b232
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 28 15:36:22 2014 +1300
passdb: Allow a passdb module to do idmap for everything
This patch seems odd, but the pdb_samba_dsdb module has exactly this
semantics. That is, the pdb_samba_dsdb is responsible for all IDMAP
values, due to backing on to the idmap.ldb allocator. This option is
added so we can continue to support the mappings written into that
database even when switching winbindd implementations - the source4/
winbind code would only ask the idmap_ldb code, no matter what the
SID.
Almost all of the behaviour for this is already in winbindd, but we
need this extra flag function so as to avoid (currently intentional)
errors at startup due to not having a per-domain allocation
configured in the smb.conf.
Andrew Bartlett
Change-Id: I6b0d7a1463fe28dfd36715af0285911ecc07585c
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim at samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 29 +------------------
selftest/target/Samba4.pm | 5 +++-
source3/include/passdb.h | 5 +++-
source3/lib/util_sid_passdb.c | 10 +++++++
.../passdb/ABI/{pdb-0.1.0.sigs => pdb-0.1.1.sigs} | 1 +
source3/passdb/pdb_interface.c | 14 +++++++++
source3/passdb/pdb_samba_dsdb.c | 7 +++++
source3/winbindd/idmap.c | 19 +++++++-----
source3/wscript_build | 2 +-
9 files changed, 54 insertions(+), 38 deletions(-)
copy source3/passdb/ABI/{pdb-0.1.0.sigs => pdb-0.1.1.sigs} (99%)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 6d46f5a..531d51b 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -246,10 +246,6 @@
^samba.blackbox.wbinfo\(dc:local\).wbinfo -I against dc
^samba.blackbox.wbinfo\(dc:local\).wbinfo --trusted-domains against dc
^samba.blackbox.wbinfo\(dc:local\).wbinfo --all-domains against dc
-^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -N against plugin_s4_dc
-^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -I against plugin_s4_dc
-^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --trusted-domains against plugin_s4_dc
-^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --all-domains against plugin_s4_dc
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -N against s4member
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -I against s4member
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --trusted-domains against s4member
@@ -276,37 +272,20 @@
^samba.wbinfo_simple.\(s4member:local\).--allocate-gid
^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-uid
^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-gid
+^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --getdcname against plugin_s4_dc\(plugin_s4_dc:local\)
#
# These do not work against winbindd in member mode for unknown reasons
#
^samba.wbinfo_simple.\(member:local\).--user-info
^samba.wbinfo_simple.\(s3member:local\).--user-info
+^samba4.winbind.struct.getpwent\(plugin_s4_dc:local\)
#
# These just happen to fail for some reason (probably because they run against the s4 winbind)
#
-^samba4.winbind.pac.pac\(plugin_s4_dc:local\)
^samba4.winbind.pac.pac\(s4member:local\)
^samba4.winbind.struct.show_sequence\(s4member:local\)
-^samba4.winbind.struct.show_sequence\(plugin_s4_dc:local\)
^samba4.winbind.struct.getdcname\(s3member:local\)
^samba4.winbind.struct.lookup_name_sid\(s3member:local\)
-^samba4.winbind.wbclient.wbcPingDc\(fl2003dc:local\)
-^samba4.winbind.wbclient.wbcPingDc2\(fl2003dc:local\)
-^samba4.winbind.wbclient.wbcListTrusts\(fl2003dc:local\)
-^samba4.winbind.wbclient.wbcLookupDomainController\(fl2003dc:local\)
-^samba4.winbind.wbclient.wbcLookupDomainControllerEx\(fl2003dc:local\)
-^samba4.winbind.wbclient.wbcResolveWinsByName\(fl2003dc:local\)
-^samba4.winbind.wbclient.wbcResolveWinsByIP\(fl2003dc:local\)
-^samba4.winbind.wbclient.wbcLookupRids\(fl2003dc:local\)
-^samba4.winbind.wbclient.wbcGetSidAliases\(fl2003dc:local\)
-^samba4.winbind.wbclient.wbcLogonUser\(fl2003dc:local\)
-^samba4.winbind.wbclient.wbcChangeUserPassword\(fl2003dc:local\)
-^samba.wbinfo_simple.\(plugin_s4_dc:local\).--all-domains.wbinfo\(plugin_s4_dc:local\)
-^samba.wbinfo_simple.\(plugin_s4_dc:local\).--trusted-domains.wbinfo\(plugin_s4_dc:local\)
-^samba.wbinfo_simple.\(plugin_s4_dc:local\).--online-status.wbinfo\(plugin_s4_dc:local\)
-^samba.wbinfo_simple.\(plugin_s4_dc:local\).--online-status --domain=BUILTIN.wbinfo\(plugin_s4_dc:local\)
-^samba.wbinfo_simple.\(plugin_s4_dc:local\).--online-status --domain=PLUGINDOMAIN.wbinfo\(plugin_s4_dc:local\)
-^samba.wbinfo_simple.\(plugin_s4_dc:local\).--change-secret --domain=PLUGINDOMAIN.wbinfo\(plugin_s4_dc:local\)
^samba.wbinfo_simple.\(dc:local\).--all-domains.wbinfo\(dc:local\)
^samba.wbinfo_simple.\(dc:local\).--trusted-domains.wbinfo\(dc:local\)
^samba.wbinfo_simple.\(dc:local\).--online-status.wbinfo\(dc:local\)
@@ -336,10 +315,6 @@
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -I against promoted_dc\(promoted_dc:local\)
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --trusted-domains against promoted_dc\(promoted_dc:local\)
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --all-domains against promoted_dc\(promoted_dc:local\)
-^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -N against plugin_s4_dc\(plugin_s4_dc:local\)
-^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -I against plugin_s4_dc\(plugin_s4_dc:local\)
-^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --trusted-domains against plugin_s4_dc\(plugin_s4_dc:local\)
-^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --all-domains against plugin_s4_dc\(plugin_s4_dc:local\)
^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U against s3member\(s3member:local\)
^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U check for sane mapping\(s3member:local\)
^samba.blackbox.wbinfo\(s3member:local\).wbinfo -G against s3member\(s3member:local\)
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 7bdd396..c6e6ef9 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1315,6 +1315,8 @@ sub provision_fl2003dc($$)
my ($self, $prefix) = @_;
print "PROVISIONING DC...";
+ my $extra_conf_options = "allow dns updates = nonsecure and secure
+ server services = +winbindd -winbind";
my $ret = $self->provision($prefix,
"domain controller",
"dc6",
@@ -1322,7 +1324,7 @@ sub provision_fl2003dc($$)
"samba2003.example.com",
"2003",
"locDCpass6",
- undef, "allow dns updates = nonsecure and secure", "", undef);
+ undef, $extra_conf_options, "", undef);
unless (defined $ret) {
return undef;
@@ -1513,6 +1515,7 @@ sub provision_plugin_s4_dc($$)
lpq cache time = 0
print notify backchannel = yes
+ server services = +winbindd -winbind
";
my $extra_smbconf_shares = "
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 637c55a..f991808 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -414,9 +414,10 @@ enum pdb_policy_type {
* Changed to 20, pdb_secret calls
* Changed to 21, set/enum_upn_suffixes. AB.
* Changed to 22, idmap control functions
+ * Changed to 23, new idmap control functions
*/
-#define PASSDB_INTERFACE_VERSION 22
+#define PASSDB_INTERFACE_VERSION 23
struct pdb_methods
{
@@ -630,6 +631,7 @@ struct pdb_methods
bool (*is_responsible_for_wellknown)(struct pdb_methods *methods);
bool (*is_responsible_for_unix_users)(struct pdb_methods *methods);
bool (*is_responsible_for_unix_groups)(struct pdb_methods *methods);
+ bool (*is_responsible_for_everything_else)(struct pdb_methods *methods);
void *private_data; /* Private data of some kind */
@@ -939,6 +941,7 @@ bool pdb_is_responsible_for_builtin(void);
bool pdb_is_responsible_for_wellknown(void);
bool pdb_is_responsible_for_unix_users(void);
bool pdb_is_responsible_for_unix_groups(void);
+bool pdb_is_responsible_for_everything_else(void);
/* The following definitions come from passdb/pdb_util.c */
diff --git a/source3/lib/util_sid_passdb.c b/source3/lib/util_sid_passdb.c
index 0138c7d..b56837e 100644
--- a/source3/lib/util_sid_passdb.c
+++ b/source3/lib/util_sid_passdb.c
@@ -55,6 +55,11 @@ bool sid_check_object_is_for_passdb(const struct dom_sid *sid)
return true;
}
+ if (pdb_is_responsible_for_everything_else())
+ {
+ return true;
+ }
+
return false;
}
/**
@@ -115,5 +120,10 @@ bool sid_check_is_for_passdb(const struct dom_sid *sid)
return true;
}
+ if (pdb_is_responsible_for_everything_else())
+ {
+ return true;
+ }
+
return false;
}
diff --git a/source3/passdb/ABI/pdb-0.1.0.sigs b/source3/passdb/ABI/pdb-0.1.1.sigs
similarity index 99%
copy from source3/passdb/ABI/pdb-0.1.0.sigs
copy to source3/passdb/ABI/pdb-0.1.1.sigs
index f4de9c4..99f9605 100644
--- a/source3/passdb/ABI/pdb-0.1.0.sigs
+++ b/source3/passdb/ABI/pdb-0.1.1.sigs
@@ -177,6 +177,7 @@ pdb_group_rid_to_gid: gid_t (uint32_t)
pdb_increment_bad_password_count: bool (struct samu *)
pdb_is_password_change_time_max: bool (time_t)
pdb_is_responsible_for_builtin: bool (void)
+pdb_is_responsible_for_everything_else: bool (void)
pdb_is_responsible_for_our_sam: bool (void)
pdb_is_responsible_for_unix_groups: bool (void)
pdb_is_responsible_for_unix_users: bool (void)
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index e2057e3..2c82856 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -2447,6 +2447,12 @@ static bool pdb_default_is_responsible_for_unix_groups(
return true;
}
+static bool pdb_default_is_responsible_for_everything_else(
+ struct pdb_methods *methods)
+{
+ return false;
+}
+
bool pdb_is_responsible_for_our_sam(void)
{
struct pdb_methods *pdb = pdb_get_methods();
@@ -2477,6 +2483,12 @@ bool pdb_is_responsible_for_unix_groups(void)
return pdb->is_responsible_for_unix_groups(pdb);
}
+bool pdb_is_responsible_for_everything_else(void)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->is_responsible_for_everything_else(pdb);
+}
+
/*******************************************************************
secret methods
*******************************************************************/
@@ -2637,6 +2649,8 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods )
pdb_default_is_responsible_for_unix_users;
(*methods)->is_responsible_for_unix_groups =
pdb_default_is_responsible_for_unix_groups;
+ (*methods)->is_responsible_for_everything_else =
+ pdb_default_is_responsible_for_everything_else;
return NT_STATUS_OK;
}
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index e9255c7..7e7468d 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -2152,6 +2152,11 @@ static bool pdb_samba_dsdb_is_responsible_for_wellknown(struct pdb_methods *m)
return true;
}
+static bool pdb_samba_dsdb_is_responsible_for_everything_else(struct pdb_methods *m)
+{
+ return true;
+}
+
static void pdb_samba_dsdb_init_methods(struct pdb_methods *m)
{
m->name = "samba_dsdb";
@@ -2205,6 +2210,8 @@ static void pdb_samba_dsdb_init_methods(struct pdb_methods *m)
m->enum_trusteddoms = pdb_samba_dsdb_enum_trusteddoms;
m->is_responsible_for_wellknown =
pdb_samba_dsdb_is_responsible_for_wellknown;
+ m->is_responsible_for_everything_else =
+ pdb_samba_dsdb_is_responsible_for_everything_else;
}
static void free_private_data(void **vp)
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 97a34d4..674f54c 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -25,6 +25,7 @@
#include "winbindd.h"
#include "idmap.h"
#include "lib/util_sid_passdb.h"
+#include "passdb.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
@@ -330,14 +331,16 @@ static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx)
{
idmap_init();
- /*
- * Always init the default domain, we can't go without one
- */
- if (default_idmap_domain == NULL) {
- default_idmap_domain = idmap_init_default_domain(NULL);
- }
- if (default_idmap_domain == NULL) {
- return NULL;
+ if (!pdb_is_responsible_for_everything_else()) {
+ /*
+ * Always init the default domain, we can't go without one
+ */
+ if (default_idmap_domain == NULL) {
+ default_idmap_domain = idmap_init_default_domain(NULL);
+ }
+ if (default_idmap_domain == NULL) {
+ return NULL;
+ }
}
if (passdb_idmap_domain != NULL) {
diff --git a/source3/wscript_build b/source3/wscript_build
index 12817d3..5002f93 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -172,7 +172,7 @@ bld.SAMBA3_LIBRARY('pdb',
passdb/lookup_sid.h''',
abi_match=private_pdb_match,
abi_directory='passdb/ABI',
- vnum='0.1.0')
+ vnum='0.1.1')
bld.SAMBA3_LIBRARY('smbldaphelper',
source='passdb/pdb_ldap_schema.c passdb/pdb_ldap_util.c',
--
Samba Shared Repository
More information about the samba-cvs
mailing list