[PATCH] winbindd uid/gid assignment plugin
Mike Gerdts
Michael.Gerdts at alcatel.com
Sat May 11 18:39:01 GMT 2002
A couple days ago I mentioned that I was considering the creation of a
plugin architecture for winbind's uid/gid assignment. For details see
http://lists.samba.org/pipermail/samba-technical/2002-May/036616.html
I now have a patch against 2.2.4 available, as well as the first plugin
that works with it. Get them from:
http://www.cae.wisc.edu/~gerdts/samba/2.2.4-idmap-plugin.patch.gz
http://www.cae.wisc.edu/~gerdts/samba/idmap_file.tar.gz
Notes on the patch:
1. There is a fix for a bug that causes nscd to crash on
Solaris. If you are trying to use it on something other than
Solaris, remove the references to pw_age and pw_comment in
winbind_nss.c. This fix is done right in HEAD and SAMBA_2_2.
2. There are lots of debugging statements around id range checks
in winbindd_group.c, winbindd_user.c, winbindd_idmap.c, and
winbindd_sid.c. These changes are not necessary for proper
function of this patch but will be helpful in debugging.
They should probably go into SAMBA_2_2 and HEAD whether the
plugin change does or not. I will split this out soon and
create patches against HEAD and SAMBA_2_2.
Here's how it works:
A global configuration option was added to smb.conf:
winbind id map object = /dir/idmap_file.so
If this is defined, loadable, idmap_init() succeeds, and the idmap_ops
structure returned from idmap_init() contains pointers to functions for
uid and/or gid assignment, then the uid and/or gid assignment functions
specified within the shared library are used for assigning new uids
and/or gids. If the functions are not available, the default sequential
method is used. It is all done in a manner quite similar to that found
in the VFS.
The idmap_file plugin expects files of the form:
DOMAIN:gerdts:393
or
DOMAIN:Domain Users:15
Currently the file locations are hard coded.
Please let me know what you think,
Mike
More information about the samba-technical
mailing list