-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!
Here's a little ten-liner I wrote some weeks ago being annoyed by diverging uid/gid allocation on separate member servers. I declared one of them the ID master, and had the others ask him. I know this is an ugly hack, but for me it worked quite well. I'm afraid this only works for 3_0, HEAD has a layer of indirection towards a pluggable winbind id map module architecture. Volker P.S: There's a little bug fix for winbindd_user.c. On error, a debug message used the uninitializes string domain_user_name. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Key-ID D32186CF, Fingerprint available: phone +49 551 3700000 iD8DBQE+d5sVOmSXH9Mhhs8RAseEAJoC7SM7bFFP4CeTK0vb58nz6cGhOgCbB4ej NzWGE9rgeVccI8+s8h0OB7o= =aYMe -----END PGP SIGNATURE----- Index: docs/docbook/manpages/smb.conf.5.sgml =================================================================== RCS file: /space/vl/cvstree/samba/docs/docbook/manpages/smb.conf.5.sgml,v retrieving revision 1.24.2.16 diff -u -r1.24.2.16 smb.conf.5.sgml --- docs/docbook/manpages/smb.conf.5.sgml 2 Jan 2003 16:12:23 -0000 1.24.2.16 +++ docs/docbook/manpages/smb.conf.5.sgml 18 Mar 2003 22:10:23 -0000 @@ -776,6 +776,7 @@ <listitem><para><link linkend="UTMP"><parameter>utmp</parameter></link></para></listitem> <listitem><para><link linkend="UTMPDIRECTORY"><parameter>utmp directory</parameter></link></para></listitem> <listitem><para><link linkend="WTMPDIRECTORY"><parameter>wtmp directory</parameter></link></para></listitem> + <listitem><para><link linkend="WINBINDALLOCIDSCRIPT"><parameter>winbind alloc id script</parameter></link></para></listitem> <listitem><para><link linkend="WINBINDCACHETIME"><parameter>winbind cache time</parameter></link></para></listitem> <listitem><para><link linkend="WINBINDENUMUSERS"><parameter>winbind enum users</parameter></link></para></listitem> <listitem><para><link linkend="WINBINDENUMGROUPS"><parameter>winbind enum groups</parameter></link></para></listitem> @@ -8158,6 +8159,29 @@ + + <varlistentry> + <term><anchor id="WINBINDALLOCIDSCRIPT">winbind alloc id script (G)</term> + <listitem><para>This parameter specifies a script that the + <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon will ask + if it needs to look up a unix uid or gid for a given NT SID. This + script should answer with the ID on stdout. It can be used + to coordinate ID mapping across several domain member servers + using winbind. Winbind will expand <parameter>%S</parameter> to + the SID in question and <parameter>%g</parameter> to -S if the + SID represents a user and to -Y if the SID represents a group. + This is designed to be used together with + <ulink url="wbinfo.8.html>wbinfo(1)</ulink> on a remote machine. + </para> + + <para>Default: <command>winbind alloc id script = </command></para> + <para>Example: <command>winbind alloc id script = + /usr/sbin/ssh -i /root/.ssh/wbinfo.id [EMAIL PROTECTED] wbinfo %g %S</command><para> + <para>This example certainly assumes that you have a passphrase-less + identity in /root/.ssh/wbinfo.id that has the corresponding + id-master:~dummy/.ssh/authorized_keys. + </listitem> + </varlistentry> <varlistentry> <term><anchor id="WINBINDCACHETIME">winbind cache time (G)</term> Index: source/nsswitch/winbindd_idmap.c =================================================================== RCS file: /space/vl/cvstree/samba/source/nsswitch/winbindd_idmap.c,v retrieving revision 1.18.2.1 diff -u -r1.18.2.1 winbindd_idmap.c --- source/nsswitch/winbindd_idmap.c 15 Jul 2002 10:34:44 -0000 1.18.2.1 +++ source/nsswitch/winbindd_idmap.c 18 Mar 2003 21:47:59 -0000 @@ -37,12 +37,58 @@ static TDB_CONTEXT *idmap_tdb; +/* Ask an external script to give us an id */ + +static BOOL ask_alloc_script(char *sid, uid_t *id, BOOL isgroup) +{ + pstring alloc_script; + fstring output; + int ret; + int fd = 0; + + pstrcpy(alloc_script, lp_winbind_alloc_id_script()); + if (! *alloc_script) return False; + + pstring_sub(alloc_script, "%g", isgroup ? "-Y" : "-S"); + pstring_sub(alloc_script, "%S", sid); + + ret = smbrun(alloc_script, &fd); + + DEBUG(3, ("Running the command '%s' gave %d\n", + alloc_script, ret)); + + if (ret != 0) + return False; + + if (fd == 0) + return False; + + *id = 0; + if (read(fd, output, sizeof(output)-1) > 0) { + output[sizeof(output)-1] = 0; + DEBUG(10, ("stdout of command '%s' is: '%s'\n", + alloc_script, output)); + *id = (uid_t)strtoul(output, NULL, 10); + } + close(fd); + + if (*id == 0 || errno == ERANGE) { + /* The output was garbage */ + return False; + } + return True; +} + /* Allocate either a user or group id from the pool */ -static BOOL allocate_id(uid_t *id, BOOL isgroup) +static BOOL allocate_id(char *sid, uid_t *id, BOOL isgroup) { int hwm; + if (*lp_winbind_alloc_id_script()) { + return ask_alloc_script(sid, id, isgroup); + } + /* Get current high water mark */ if ((hwm = tdb_fetch_int32(idmap_tdb, @@ -108,7 +154,7 @@ /* Allocate a new id for this sid */ - if (id && allocate_id(id, isgroup)) { + if (id && allocate_id(keystr, id, isgroup)) { fstring keystr2; /* Store new id */ Index: source/nsswitch/winbindd_user.c =================================================================== RCS file: /space/vl/cvstree/samba/source/nsswitch/winbindd_user.c,v retrieving revision 1.43.2.6 diff -u -r1.43.2.6 winbindd_user.c --- source/nsswitch/winbindd_user.c 12 Feb 2003 01:08:40 -0000 1.43.2.6 +++ source/nsswitch/winbindd_user.c 18 Mar 2003 21:36:44 -0000 @@ -449,7 +449,6 @@ for (i = 0; i < num_users; i++) { struct getpwent_user *name_list = NULL; - fstring domain_user_name; uint32 result; /* Do we need to fetch another chunk of users? */ @@ -509,8 +508,8 @@ sizeof(struct winbindd_pw); } else - DEBUG(1, ("could not lookup domain user %s\n", - domain_user_name)); + DEBUG(1, ("could not lookup domain user [%s]\n", + name_list[ent->sam_entry_index].name)); } /* Out of domains */ Index: source/param/loadparm.c =================================================================== RCS file: /space/vl/cvstree/samba/source/param/loadparm.c,v retrieving revision 1.397.2.29 diff -u -r1.397.2.29 loadparm.c --- source/param/loadparm.c 12 Mar 2003 21:02:45 -0000 1.397.2.29 +++ source/param/loadparm.c 18 Mar 2003 19:33:41 -0000 @@ -162,6 +162,7 @@ BOOL bWinbindEnumUsers; BOOL bWinbindEnumGroups; BOOL bWinbindUseDefaultDomain; + char *szWinbindAllocIdScript; char *szAddShareCommand; char *szChangeShareCommand; char *szDeleteShareCommand; @@ -1106,6 +1107,7 @@ {"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, + {"winbind alloc id script", P_STRING, P_GLOBAL, &Globals.szWinbindAllocIdScript, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0} }; @@ -1616,6 +1618,7 @@ FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers) FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups) FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain) +FN_GLOBAL_STRING(lp_winbind_alloc_id_script, &Globals.szWinbindAllocIdScript) #ifdef WITH_LDAP_SAMCONFIG FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer)