r21884: * Blacklist BUILTIN and MACHINE domains from the

  idmap domains as these should only be handled by the
  winbindd_passdb.c backend

* Allow the alloc init to fail for backwards compatible
  configurations like

     idmap backend = ad
     idmap uid = 1000-100000
	....

* Remove the deprecated flags from idmap backend, et. al.
  These are mutually exclusive with the new configuration
  options (idmap domains).  Logging annoying messages
  about deprecated parameters is confusing.  So we'll try
  this apprpach for now.

diff --git a/source/nsswitch/idmap.c b/source/nsswitch/idmap.c
index a58959afe4c36586e6055d84258c6307d593b293..c2a38fa979720fc4da12536f201ee19eb3742300 100644 (file)
--- a/source/nsswitch/idmap.c
+++ b/source/nsswitch/idmap.c
@@ -297,7 +297,6 @@ NTSTATUS idmap_init(void)
                char *p = NULL;
                const char *q = NULL;           
 
-               DEBUG(0, ("WARNING: idmap backend is deprecated!\n"));
                compat = 1;
 
                if ( (compat_backend = talloc_strdup( idmap_ctx, *compat_list )) == NULL ) {
@@ -337,6 +336,15 @@ NTSTATUS idmap_init(void)
                const char *parm_backend;
                char *config_option;
 
+               /* ignore BUILTIN and local MACHINE domains */
+               if ( strequal(dom_list[i], "BUILTIN") 
+                    || strequal(dom_list[i], get_global_sam_name() ) ) 
+               {
+                       DEBUG(0,("idmap_init: Ignoring invalid domain %s\n", 
+                                dom_list[i]));
+                       continue;
+               }
+
                if (strequal(dom_list[i], lp_workgroup())) {
                        pri_dom_is_in_list = True;
                }
@@ -577,17 +585,22 @@ NTSTATUS idmap_init(void)
                        alloc_methods = get_alloc_methods(alloc_backends, alloc_backend);
                }
        }
-       if ( ! alloc_methods) {
-               DEBUG(0, ("ERROR: Could not get methods for alloc backend %s\n", alloc_backend));
-               ret = NT_STATUS_UNSUCCESSFUL;
-               goto done;
-       }
-
-       ret = alloc_methods->init(compat_params);
-       if ( ! NT_STATUS_IS_OK(ret)) {
-               DEBUG(0, ("ERROR: Initialization failed for alloc backend %s\n", alloc_backend));
-               ret = NT_STATUS_UNSUCCESSFUL;
-               goto done;
+       if ( alloc_methods) {
+               ret = alloc_methods->init(compat_params);
+               if ( ! NT_STATUS_IS_OK(ret)) {
+                       DEBUG(0, ("idmap_init: Initialization failed for alloc "
+                                 "backend %s\n", alloc_backend));
+                       ret = NT_STATUS_UNSUCCESSFUL;
+                       goto done;
+               }
+       } else {
+               DEBUG(2, ("idmap_init: Unable to get methods for alloc backend %s\n", 
+                         alloc_backend));
+               /* certain compat backends are just readonly */
+               if ( compat )
+                       ret = NT_STATUS_OK;
+               else
+                       ret = NT_STATUS_UNSUCCESSFUL;
        }
 
        /* cleanpu temporary strings */
@@ -595,7 +608,7 @@ NTSTATUS idmap_init(void)
        
        backend_init_status = NT_STATUS_OK;
        
-       return NT_STATUS_OK;
+       return ret;
 
 done:
        DEBUG(0, ("Aborting IDMAP Initialization ...\n"));

diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 6d2ba9377de5bbbf63896a1c09c5c8eeb5ad7a37..b81d2688dfa3afb795c31173e715c1e4a4c0808c 100644 (file)
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -1268,14 +1268,14 @@ static struct parm_struct parm_table[] = {
 
        {"passdb expand explicit", P_BOOL, P_GLOBAL, &Globals.bPassdbExpandExplicit, NULL, NULL, FLAG_ADVANCED},
        {"idmap domains", P_LIST, P_GLOBAL, &Globals.szIdmapDomains, NULL, NULL, FLAG_ADVANCED}, 
-       {"idmap backend", P_LIST, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEPRECATED }, 
+       {"idmap backend", P_LIST, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED }, 
        {"idmap alloc backend", P_STRING, P_GLOBAL, &Globals.szIdmapAllocBackend, NULL, NULL, FLAG_ADVANCED}, 
        {"idmap expire time", P_INTEGER, P_GLOBAL, &Globals.iIdmapExpireTime, NULL, NULL, FLAG_ADVANCED}, 
        {"idmap negative time", P_INTEGER, P_GLOBAL, &Globals.iIdmapNegativeTime, NULL, NULL, FLAG_ADVANCED}, 
-       {"idmap uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEPRECATED }, 
-       {"winbind uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_HIDE | FLAG_DEPRECATED }, 
-       {"idmap gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED | FLAG_DEPRECATED }, 
-       {"winbind gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_HIDE | FLAG_DEPRECATED }, 
+       {"idmap uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED }, 
+       {"winbind uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_HIDE }, 
+       {"idmap gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED }, 
+       {"winbind gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_HIDE }, 
        {"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, FLAG_ADVANCED}, 
        {"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, FLAG_ADVANCED}, 
        {"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED},