The Samba-Bugzilla – Attachment 844 Details for
Bug 2161
Implement "trim default domain" to allow winbind fallback allocation
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
trimdefaultdomain.patch
trimdefaultdomain.diff (text/plain), 3.70 KB, created by
Luke Mewburn
on 2004-12-15 03:37:05 UTC
(
hide
)
Description:
trimdefaultdomain.patch
Filename:
MIME Type:
Creator:
Luke Mewburn
Created:
2004-12-15 03:37:05 UTC
Size:
3.70 KB
patch
obsolete
>Implement smb.conf(5) global option "trim default domain", which trims >the leading "DOMAIN\" in usernames looked up from the local passwd database; >this may be present with when security=domain or security=ads. > >Setting smb.conf(5): > security = ADS > trim default domain = yes > winbind use default domain = yes >allows "passwd: files winbind" in nsswitch.conf(5) to use /etc/passwd >("files") for username->UID mapping, falling back to a dynamic UID >from winbindd(8) ("winbind") for users only in ADS and not in /etc/passwd. > >(The prior behaviour without this option was that smbd(8) tried to lookup >"DOMAIN\user" from /etc/passwd, not find it, and then lookup via winbindd(8), >and the latter will fake up an entry for DOMAIN\user.) > >Index: auth/auth_util.c >=================================================================== >--- auth/auth_util.c 8 Jul 2004 17:06:11 -0000 1.1.1.4 >+++ auth/auth_util.c 28 Oct 2004 07:08:55 -0000 >@@ -990,6 +990,19 @@ struct passwd *smb_getpwnam( char *domus > > if ( p ) { > fstring strip_username; >+ char oldsep; >+ >+ /* if 'trim default domain' and the DOMAIN\ is the same >+ as the workgroup, don't lookup DOMAIN\ */ >+ oldsep = *p; >+ *p = '\0'; >+ if (lp_trim_default_domain() >+ && strequal(lp_workgroup(), username)) { >+ DEBUG(7,("My domain -- skipping %s%c%s lookup\n", username, oldsep, p+1)); >+ *p = oldsep; >+ goto trim_default_domain; >+ } >+ *p = oldsep; > > pw = Get_Pwnam( domuser ); > if ( pw ) { >@@ -1008,10 +1021,12 @@ struct passwd *smb_getpwnam( char *domus > else > fstrcpy( save_username, pw->pw_name ); > >+ DEBUG(7,("Get_Pwnam domain user [%s] result [%s]\n", domuser, save_username)); > /* whew -- done! */ > return pw; > } > >+ trim_default_domain: > /* setup for lookup of just the username */ > /* remember that p and username are overlapping memory */ > >@@ -1031,6 +1046,7 @@ struct passwd *smb_getpwnam( char *domus > if (username[strlen(username)-1] == '$') > return NULL; > >+ DEBUG(7,("plain user not found, attempt to create\n")); > auth_add_user_script(NULL, username); > pw = Get_Pwnam(username); > } >@@ -1039,6 +1055,7 @@ struct passwd *smb_getpwnam( char *domus > > if ( pw ) > fstrcpy( save_username, pw->pw_name ); >+ DEBUG(7,("Get_Pwnam plain user [%s] result [%s]\n", username, save_username)); > > return pw; > } >Index: param/loadparm.c >=================================================================== >--- param/loadparm.c 12 Sep 2004 03:47:16 -0000 1.1.1.6 >+++ param/loadparm.c 28 Oct 2004 07:09:00 -0000 >@@ -288,6 +288,7 @@ typedef struct > BOOL bDisableNetbios; > BOOL bKernelChangeNotify; > BOOL bUseKerberosKeytab; >+ BOOL bTrimDefaultDomain; > BOOL bDeferSharingViolations; > int restrict_anonymous; > int name_cache_timeout; >@@ -867,6 +868,7 @@ static struct parm_struct parm_table[] = > {"deny hosts", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_HIDE}, > {"preload modules", P_LIST, P_GLOBAL, &Globals.szPreloadModules, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL}, > {"use kerberos keytab", P_BOOL, P_GLOBAL, &Globals.bUseKerberosKeytab, NULL, NULL, FLAG_ADVANCED}, >+ {"trim default domain", P_BOOL, P_GLOBAL, &Globals.bTrimDefaultDomain, NULL, NULL, FLAG_ADVANCED}, > > {N_("Logging Options"), P_SEP, P_SEPARATOR}, > >@@ -1763,6 +1765,7 @@ FN_GLOBAL_BOOL(lp_client_use_spnego, &Gl > FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups) > FN_GLOBAL_BOOL(lp_kernel_change_notify, &Globals.bKernelChangeNotify) > FN_GLOBAL_BOOL(lp_use_kerberos_keytab, &Globals.bUseKerberosKeytab) >+FN_GLOBAL_BOOL(lp_trim_default_domain, &Globals.bTrimDefaultDomain) > FN_GLOBAL_BOOL(lp_defer_sharing_violations, &Globals.bDeferSharingViolations) > FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level) > FN_GLOBAL_INTEGER(lp_max_ttl, &Globals.max_ttl)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=844">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2161
: 844