[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4197-gf0f2fbd

Mon, 29 Sep 2008 13:36:02 -0700 

The branch, v3-3-test has been updated
       via  f0f2fbd4800fb4a1df26f03f37b9972101657fdd (commit)
      from  8b908862ec7de000865cd8dfa691f5643cb3d099 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit f0f2fbd4800fb4a1df26f03f37b9972101657fdd
Author: Andrew Tridgell <[EMAIL PROTECTED]>
Date:   Mon Sep 29 13:34:58 2008 -0700

    re-added "winbind:ignore domains" patch
    
    This option really is essential, as we discover again and again at
    customer sites. Due to bugs in winbind some domains are toxic. When
    you are installing at a site and a particular domain in a complex
    setup causes winbind to segfault or hang then you need a way to
    disable that domain and continue.
    
    In an ideal world winbind could handle arbitrarily complex ADS
    domains, but we are nowhere near that yet. If we ever get to that
    stage then we won't need this option.

-----------------------------------------------------------------------

Summary of changes:
 source/winbindd/winbindd_util.c |   17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c
index e7b6576..7847d1d 100644
--- a/source/winbindd/winbindd_util.c
+++ b/source/winbindd/winbindd_util.c
@@ -111,7 +111,16 @@ static struct winbindd_domain *add_trusted_domain(const 
char *domain_name, const
        const char *alternative_name = NULL;
        char *idmap_config_option;
        const char *param;
+       const char **ignored_domains, **dom;
        
+       ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", 
NULL);
+       for (dom=ignored_domains; dom && *dom; dom++) {
+               if (gen_fnmatch(*dom, domain_name) == 0) {
+                       DEBUG(2,("Ignoring domain '%s'\n", domain_name));
+                       return NULL;
+               }
+       }
+
        /* ignore alt_name if we are not in an AD domain */
        
        if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) {
@@ -436,6 +445,10 @@ static void rescan_forest_root_trusts( void )
                                                &dom_list[i].sid );
                }
 
+               if (d == NULL) {
+                       continue;
+               }
+
                        DEBUG(10,("rescan_forest_root_trusts: Following trust 
path "
                          "for domain tree root %s (%s)\n",
                          d->name, d->alt_name ));
@@ -500,6 +513,10 @@ static void rescan_forest_trusts( void )
                                                        &cache_methods,
                                                        &dom_list[i].sid );
                        }
+
+                       if (d == NULL) {
+                               continue;
+                       }
                        
                        DEBUG(10,("Following trust path for domain %s (%s)\n",
                                  d->name, d->alt_name ));


-- 
Samba Shared Repository

Reply via email to