s3/passdb: add parameter to control handling of wellknown SIDs in pdb_tdb

With "tdbsam:map wellknown", one can control if pdb_tdb should be used
to map entries of wellknown SIDs or not. By default, they will not be
mapped, as in previous releases.

This is similar to commit 6a048b424a2ecf38614aa6912f0d8c8a26c87ad5
which added the option "tdbsam:map builtin" for the builtin groups.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Feb 20 15:20:31 UTC 2026 on atb-devel-224

diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index c42a912317b335da32250f3e8797b07424d248f3..7d166113ef9516eaeb997ffdae4a7639a96cb3e7 100644 (file)
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -62,6 +62,7 @@ static int tdbsam_debug_level = DBGC_ALL;
 static struct db_context *db_sam;
 static char *tdbsam_filename;
 static bool map_builtin;
+static bool map_wellknown;
 
 struct tdbsam_convert_state {
        int32_t from;
@@ -1305,6 +1306,11 @@ static bool tdbsam_is_responsible_for_builtin(struct pdb_methods *m)
        return map_builtin;
 }
 
+static bool tdbsam_is_responsible_for_wellknown(struct pdb_methods *m)
+{
+       return map_wellknown;
+}
+
 /*********************************************************************
  Initialize the tdb sam backend.  Setup the dispatch table of methods,
  open the tdb, etc...
@@ -1336,6 +1342,9 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc
        (*pdb_method)->is_responsible_for_builtin =
                                        tdbsam_is_responsible_for_builtin;
        map_builtin = lp_parm_bool(-1, "tdbsam", "map builtin", true);
+       (*pdb_method)->is_responsible_for_wellknown =
+                                       tdbsam_is_responsible_for_wellknown;
+       map_wellknown = lp_parm_bool(-1, "tdbsam", "map wellknown", false);
 
        /* save the path for later */