The branch, master has been updated via 26ab17f s4-winbind: Use winbindd in the AD DC for fl2003dc and plugin_s4_dc via ad53370 s3-winbindd: Honour pdb_is_responsible_for_everything_else() via b359b0c passdb: Allow a passdb module to do idmap for everything from c709328 vfs:gpfs: fix a debug message
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 26ab17fa01ff89b3a67efad403561f404a3848a4 Author: Andrew Bartlett <abart...@samba.org> Date: Tue May 20 10:15:31 2014 +1200 s4-winbind: Use winbindd in the AD DC for fl2003dc and plugin_s4_dc (Including changes to knownfail to match the new winbindd in use in each environment) Change-Id: I9e08086eba98e95e05a99afef28315e2857aae56 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Kamen Mazdrashki <kame...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Mon Jun 16 02:53:49 CEST 2014 on sn-devel-104 commit ad533709e5f98230cc3f6b79afecf2c6e057a4b8 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Mar 28 15:37:19 2014 +1300 s3-winbindd: Honour pdb_is_responsible_for_everything_else() This allows us to avoid running idmap_init_default_domain() which gives an error in the default AD DC config. Andrew Bartlett Change-Id: I923bd941951f6a907e6fa1ad167e5218a01040ff Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Kamen Mazdrashki <kame...@samba.org> commit b359b0c160e6c13249a6226583dec9553874b232 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Mar 28 15:36:22 2014 +1300 passdb: Allow a passdb module to do idmap for everything This patch seems odd, but the pdb_samba_dsdb module has exactly this semantics. That is, the pdb_samba_dsdb is responsible for all IDMAP values, due to backing on to the idmap.ldb allocator. This option is added so we can continue to support the mappings written into that database even when switching winbindd implementations - the source4/ winbind code would only ask the idmap_ldb code, no matter what the SID. Almost all of the behaviour for this is already in winbindd, but we need this extra flag function so as to avoid (currently intentional) errors at startup due to not having a per-domain allocation configured in the smb.conf. Andrew Bartlett Change-Id: I6b0d7a1463fe28dfd36715af0285911ecc07585c Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Kamen Mazdrashki <kame...@samba.org> ----------------------------------------------------------------------- Summary of changes: selftest/knownfail | 29 +------------------ selftest/target/Samba4.pm | 5 +++- source3/include/passdb.h | 5 +++- source3/lib/util_sid_passdb.c | 10 +++++++ .../passdb/ABI/{pdb-0.1.0.sigs => pdb-0.1.1.sigs} | 1 + source3/passdb/pdb_interface.c | 14 +++++++++ source3/passdb/pdb_samba_dsdb.c | 7 +++++ source3/winbindd/idmap.c | 19 +++++++----- source3/wscript_build | 2 +- 9 files changed, 54 insertions(+), 38 deletions(-) copy source3/passdb/ABI/{pdb-0.1.0.sigs => pdb-0.1.1.sigs} (99%) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index 6d46f5a..531d51b 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -246,10 +246,6 @@ ^samba.blackbox.wbinfo\(dc:local\).wbinfo -I against dc ^samba.blackbox.wbinfo\(dc:local\).wbinfo --trusted-domains against dc ^samba.blackbox.wbinfo\(dc:local\).wbinfo --all-domains against dc -^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -N against plugin_s4_dc -^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -I against plugin_s4_dc -^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --trusted-domains against plugin_s4_dc -^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --all-domains against plugin_s4_dc ^samba.blackbox.wbinfo\(s4member:local\).wbinfo -N against s4member ^samba.blackbox.wbinfo\(s4member:local\).wbinfo -I against s4member ^samba.blackbox.wbinfo\(s4member:local\).wbinfo --trusted-domains against s4member @@ -276,37 +272,20 @@ ^samba.wbinfo_simple.\(s4member:local\).--allocate-gid ^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-uid ^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-gid +^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --getdcname against plugin_s4_dc\(plugin_s4_dc:local\) # # These do not work against winbindd in member mode for unknown reasons # ^samba.wbinfo_simple.\(member:local\).--user-info ^samba.wbinfo_simple.\(s3member:local\).--user-info +^samba4.winbind.struct.getpwent\(plugin_s4_dc:local\) # # These just happen to fail for some reason (probably because they run against the s4 winbind) # -^samba4.winbind.pac.pac\(plugin_s4_dc:local\) ^samba4.winbind.pac.pac\(s4member:local\) ^samba4.winbind.struct.show_sequence\(s4member:local\) -^samba4.winbind.struct.show_sequence\(plugin_s4_dc:local\) ^samba4.winbind.struct.getdcname\(s3member:local\) ^samba4.winbind.struct.lookup_name_sid\(s3member:local\) -^samba4.winbind.wbclient.wbcPingDc\(fl2003dc:local\) -^samba4.winbind.wbclient.wbcPingDc2\(fl2003dc:local\) -^samba4.winbind.wbclient.wbcListTrusts\(fl2003dc:local\) -^samba4.winbind.wbclient.wbcLookupDomainController\(fl2003dc:local\) -^samba4.winbind.wbclient.wbcLookupDomainControllerEx\(fl2003dc:local\) -^samba4.winbind.wbclient.wbcResolveWinsByName\(fl2003dc:local\) -^samba4.winbind.wbclient.wbcResolveWinsByIP\(fl2003dc:local\) -^samba4.winbind.wbclient.wbcLookupRids\(fl2003dc:local\) -^samba4.winbind.wbclient.wbcGetSidAliases\(fl2003dc:local\) -^samba4.winbind.wbclient.wbcLogonUser\(fl2003dc:local\) -^samba4.winbind.wbclient.wbcChangeUserPassword\(fl2003dc:local\) -^samba.wbinfo_simple.\(plugin_s4_dc:local\).--all-domains.wbinfo\(plugin_s4_dc:local\) -^samba.wbinfo_simple.\(plugin_s4_dc:local\).--trusted-domains.wbinfo\(plugin_s4_dc:local\) -^samba.wbinfo_simple.\(plugin_s4_dc:local\).--online-status.wbinfo\(plugin_s4_dc:local\) -^samba.wbinfo_simple.\(plugin_s4_dc:local\).--online-status --domain=BUILTIN.wbinfo\(plugin_s4_dc:local\) -^samba.wbinfo_simple.\(plugin_s4_dc:local\).--online-status --domain=PLUGINDOMAIN.wbinfo\(plugin_s4_dc:local\) -^samba.wbinfo_simple.\(plugin_s4_dc:local\).--change-secret --domain=PLUGINDOMAIN.wbinfo\(plugin_s4_dc:local\) ^samba.wbinfo_simple.\(dc:local\).--all-domains.wbinfo\(dc:local\) ^samba.wbinfo_simple.\(dc:local\).--trusted-domains.wbinfo\(dc:local\) ^samba.wbinfo_simple.\(dc:local\).--online-status.wbinfo\(dc:local\) @@ -336,10 +315,6 @@ ^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -I against promoted_dc\(promoted_dc:local\) ^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --trusted-domains against promoted_dc\(promoted_dc:local\) ^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --all-domains against promoted_dc\(promoted_dc:local\) -^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -N against plugin_s4_dc\(plugin_s4_dc:local\) -^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -I against plugin_s4_dc\(plugin_s4_dc:local\) -^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --trusted-domains against plugin_s4_dc\(plugin_s4_dc:local\) -^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --all-domains against plugin_s4_dc\(plugin_s4_dc:local\) ^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U against s3member\(s3member:local\) ^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U check for sane mapping\(s3member:local\) ^samba.blackbox.wbinfo\(s3member:local\).wbinfo -G against s3member\(s3member:local\) diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 7bdd396..c6e6ef9 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -1315,6 +1315,8 @@ sub provision_fl2003dc($$) my ($self, $prefix) = @_; print "PROVISIONING DC..."; + my $extra_conf_options = "allow dns updates = nonsecure and secure + server services = +winbindd -winbind"; my $ret = $self->provision($prefix, "domain controller", "dc6", @@ -1322,7 +1324,7 @@ sub provision_fl2003dc($$) "samba2003.example.com", "2003", "locDCpass6", - undef, "allow dns updates = nonsecure and secure", "", undef); + undef, $extra_conf_options, "", undef); unless (defined $ret) { return undef; @@ -1513,6 +1515,7 @@ sub provision_plugin_s4_dc($$) lpq cache time = 0 print notify backchannel = yes + server services = +winbindd -winbind "; my $extra_smbconf_shares = " diff --git a/source3/include/passdb.h b/source3/include/passdb.h index 637c55a..f991808 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -414,9 +414,10 @@ enum pdb_policy_type { * Changed to 20, pdb_secret calls * Changed to 21, set/enum_upn_suffixes. AB. * Changed to 22, idmap control functions + * Changed to 23, new idmap control functions */ -#define PASSDB_INTERFACE_VERSION 22 +#define PASSDB_INTERFACE_VERSION 23 struct pdb_methods { @@ -630,6 +631,7 @@ struct pdb_methods bool (*is_responsible_for_wellknown)(struct pdb_methods *methods); bool (*is_responsible_for_unix_users)(struct pdb_methods *methods); bool (*is_responsible_for_unix_groups)(struct pdb_methods *methods); + bool (*is_responsible_for_everything_else)(struct pdb_methods *methods); void *private_data; /* Private data of some kind */ @@ -939,6 +941,7 @@ bool pdb_is_responsible_for_builtin(void); bool pdb_is_responsible_for_wellknown(void); bool pdb_is_responsible_for_unix_users(void); bool pdb_is_responsible_for_unix_groups(void); +bool pdb_is_responsible_for_everything_else(void); /* The following definitions come from passdb/pdb_util.c */ diff --git a/source3/lib/util_sid_passdb.c b/source3/lib/util_sid_passdb.c index 0138c7d..b56837e 100644 --- a/source3/lib/util_sid_passdb.c +++ b/source3/lib/util_sid_passdb.c @@ -55,6 +55,11 @@ bool sid_check_object_is_for_passdb(const struct dom_sid *sid) return true; } + if (pdb_is_responsible_for_everything_else()) + { + return true; + } + return false; } /** @@ -115,5 +120,10 @@ bool sid_check_is_for_passdb(const struct dom_sid *sid) return true; } + if (pdb_is_responsible_for_everything_else()) + { + return true; + } + return false; } diff --git a/source3/passdb/ABI/pdb-0.1.0.sigs b/source3/passdb/ABI/pdb-0.1.1.sigs similarity index 99% copy from source3/passdb/ABI/pdb-0.1.0.sigs copy to source3/passdb/ABI/pdb-0.1.1.sigs index f4de9c4..99f9605 100644 --- a/source3/passdb/ABI/pdb-0.1.0.sigs +++ b/source3/passdb/ABI/pdb-0.1.1.sigs @@ -177,6 +177,7 @@ pdb_group_rid_to_gid: gid_t (uint32_t) pdb_increment_bad_password_count: bool (struct samu *) pdb_is_password_change_time_max: bool (time_t) pdb_is_responsible_for_builtin: bool (void) +pdb_is_responsible_for_everything_else: bool (void) pdb_is_responsible_for_our_sam: bool (void) pdb_is_responsible_for_unix_groups: bool (void) pdb_is_responsible_for_unix_users: bool (void) diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index e2057e3..2c82856 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -2447,6 +2447,12 @@ static bool pdb_default_is_responsible_for_unix_groups( return true; } +static bool pdb_default_is_responsible_for_everything_else( + struct pdb_methods *methods) +{ + return false; +} + bool pdb_is_responsible_for_our_sam(void) { struct pdb_methods *pdb = pdb_get_methods(); @@ -2477,6 +2483,12 @@ bool pdb_is_responsible_for_unix_groups(void) return pdb->is_responsible_for_unix_groups(pdb); } +bool pdb_is_responsible_for_everything_else(void) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->is_responsible_for_everything_else(pdb); +} + /******************************************************************* secret methods *******************************************************************/ @@ -2637,6 +2649,8 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) pdb_default_is_responsible_for_unix_users; (*methods)->is_responsible_for_unix_groups = pdb_default_is_responsible_for_unix_groups; + (*methods)->is_responsible_for_everything_else = + pdb_default_is_responsible_for_everything_else; return NT_STATUS_OK; } diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c index e9255c7..7e7468d 100644 --- a/source3/passdb/pdb_samba_dsdb.c +++ b/source3/passdb/pdb_samba_dsdb.c @@ -2152,6 +2152,11 @@ static bool pdb_samba_dsdb_is_responsible_for_wellknown(struct pdb_methods *m) return true; } +static bool pdb_samba_dsdb_is_responsible_for_everything_else(struct pdb_methods *m) +{ + return true; +} + static void pdb_samba_dsdb_init_methods(struct pdb_methods *m) { m->name = "samba_dsdb"; @@ -2205,6 +2210,8 @@ static void pdb_samba_dsdb_init_methods(struct pdb_methods *m) m->enum_trusteddoms = pdb_samba_dsdb_enum_trusteddoms; m->is_responsible_for_wellknown = pdb_samba_dsdb_is_responsible_for_wellknown; + m->is_responsible_for_everything_else = + pdb_samba_dsdb_is_responsible_for_everything_else; } static void free_private_data(void **vp) diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 97a34d4..674f54c 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -25,6 +25,7 @@ #include "winbindd.h" #include "idmap.h" #include "lib/util_sid_passdb.h" +#include "passdb.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_IDMAP @@ -330,14 +331,16 @@ static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx) { idmap_init(); - /* - * Always init the default domain, we can't go without one - */ - if (default_idmap_domain == NULL) { - default_idmap_domain = idmap_init_default_domain(NULL); - } - if (default_idmap_domain == NULL) { - return NULL; + if (!pdb_is_responsible_for_everything_else()) { + /* + * Always init the default domain, we can't go without one + */ + if (default_idmap_domain == NULL) { + default_idmap_domain = idmap_init_default_domain(NULL); + } + if (default_idmap_domain == NULL) { + return NULL; + } } if (passdb_idmap_domain != NULL) { diff --git a/source3/wscript_build b/source3/wscript_build index 12817d3..5002f93 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -172,7 +172,7 @@ bld.SAMBA3_LIBRARY('pdb', passdb/lookup_sid.h''', abi_match=private_pdb_match, abi_directory='passdb/ABI', - vnum='0.1.0') + vnum='0.1.1') bld.SAMBA3_LIBRARY('smbldaphelper', source='passdb/pdb_ldap_schema.c passdb/pdb_ldap_util.c', -- Samba Shared Repository