Rev 596: merged patch from ronnie to add winbind:ignore domains option. This is used for sites where you have some domains that you should never touch in http://samba.org/~tridge/3_0-ctdb

Sun Jun 17 00:56:47 GMT 2007

------------------------------------------------------------
revno: 596
revision-id: tridge at samba.org-20070617005644-hzr9y3f2g28asx9y
parent: tridge at samba.org-20070616180634-t7eoiva1rd4694p8
committer: Andrew Tridgell <tridge at samba.org>
branch nick: s3-ctdb-tridge
timestamp: Sun 2007-06-17 10:56:44 +1000
message:
  merged patch from ronnie to add winbind:ignore domains option. This is used for sites where you have some domains that you should never touch
modified:
  source/nsswitch/winbindd_util.c winbindd_util.c-20070210173807-1wjifrbwaz6xnmgl-754
=== modified file 'source/nsswitch/winbindd_util.c'

--- a/source/nsswitch/winbindd_util.c	2007-04-24 23:09:33 +0000
+++ b/source/nsswitch/winbindd_util.c	2007-06-17 00:56:44 +0000
@@ -101,7 +101,16 @@
 {
 	struct winbindd_domain *domain;
 	const char *alternative_name = NULL;
+	const char **ignored_domains, **dom;
 	
+	ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
+	for (dom=ignored_domains; *dom; dom++) {
+		if (gen_fnmatch(*dom, domain_name) != 0) {
+			DEBUG(2,("Ignoring domain '%s'\n", *dom));
+			return NULL;
+		}
+	}
+
 	/* ignore alt_name if we are not in an AD domain */
 	
 	if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) {
@@ -280,7 +289,9 @@
 			domain = add_trusted_domain(p, alternate_name,
 						    &cache_methods,
 						    &sid);
-			setup_domain_child(domain, &domain->child, NULL);
+			if (domain) {
+				setup_domain_child(domain, &domain->child, NULL);
+			}
 		}
 		p=q;
 		if (p != NULL)
@@ -507,32 +518,38 @@
 	
 		domain = add_trusted_domain( lp_workgroup(), lp_realm(),
 					     &cache_methods, &our_sid);
-		domain->primary = True;
-		setup_domain_child(domain, &domain->child, NULL);
+		if (domain) {
+			domain->primary = True;
+			setup_domain_child(domain, &domain->child, NULL);
 		
-		/* Even in the parent winbindd we'll need to
-		   talk to the DC, so try and see if we can
-		   contact it. Theoretically this isn't neccessary
-		   as the init_dc_connection() in init_child_recv()
-		   will do this, but we can start detecting the DC
-		   early here. */
-		set_domain_online_request(domain);
+			/* Even in the parent winbindd we'll need to
+			   talk to the DC, so try and see if we can
+			   contact it. Theoretically this isn't neccessary
+			   as the init_dc_connection() in init_child_recv()
+			   will do this, but we can start detecting the DC
+			   early here. */
+			set_domain_online_request(domain);
+		}
 	}
 
 	/* Local SAM */
 
 	domain = add_trusted_domain(get_global_sam_name(), NULL,
 				    &passdb_methods, get_global_sam_sid());
-	if ( role != ROLE_DOMAIN_MEMBER ) {
-		domain->primary = True;
+	if (domain) {
+		if ( role != ROLE_DOMAIN_MEMBER ) {
+			domain->primary = True;
+		}
+		setup_domain_child(domain, &domain->child, NULL);
 	}
-	setup_domain_child(domain, &domain->child, NULL);
 
 	/* BUILTIN domain */
 
 	domain = add_trusted_domain("BUILTIN", NULL, &passdb_methods,
 				    &global_sid_Builtin);
-	setup_domain_child(domain, &domain->child, NULL);
+	if (domain) {
+		setup_domain_child(domain, &domain->child, NULL);
+	}
 
 	return True;
 }

