[SCM] Samba Shared Repository - branch master updated -
86612b1163d2dae8f707b6a038ad1a361c975973
Michael Adam
obnox at samba.org
Mon Sep 29 11:59:48 GMT 2008
The branch, master has been updated
via 86612b1163d2dae8f707b6a038ad1a361c975973 (commit)
via 7caa8c85acfb6d6f8e16e95788fa5e84c031e111 (commit)
via acf5f2e5b049f20049cb6c549a00ba4b95322aa0 (commit)
via a93dc2c8589428e409fca5a6c21db50db001fe92 (commit)
via b8c9daac6eb8a2bcdb14c71c1ddfbfeba4b9b54d (commit)
from 4fa4a524de0647644abc842f34a926b458388b09 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 86612b1163d2dae8f707b6a038ad1a361c975973
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Sep 17 15:37:54 2008 +1000
re-added "winbind:ignore domains" patch
This option really is essential, as we discover again and again at
customer sites. Due to bugs in winbind some domains are toxic. When
you are installing at a site and a particular domain in a complex
setup causes winbind to segfault or hang then you need a way to
disable that domain and continue.
In an ideal world winbind could handle arbitrarily complex ADS
domains, but we are nowhere near that yet. If we ever get to that
stage then we won't need this option.
commit 7caa8c85acfb6d6f8e16e95788fa5e84c031e111
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Sep 15 14:51:35 2008 +1000
fixed an (unlikely) memory leak
commit acf5f2e5b049f20049cb6c549a00ba4b95322aa0
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Sep 15 14:27:50 2008 +1000
fixed a segfault on the ctdb destructor code
commit a93dc2c8589428e409fca5a6c21db50db001fe92
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Sep 17 16:23:17 2008 +1000
removed unused variables
commit b8c9daac6eb8a2bcdb14c71c1ddfbfeba4b9b54d
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Sep 17 16:15:40 2008 +1000
fixed segv on startup with trusted domains
With some setups, idmap_tdb2_allocate_id can be called before the
allocate backend is initialised, leading to a segv. This change
ensures that the db is opened in all paths that use it
-----------------------------------------------------------------------
Summary of changes:
source3/lib/dbwrap_ctdb.c | 14 +++++++++++---
source3/winbindd/idmap_tdb2.c | 19 +++++++++++++++++--
source3/winbindd/winbindd_util.c | 17 +++++++++++++++++
3 files changed, 45 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/dbwrap_ctdb.c b/source3/lib/dbwrap_ctdb.c
index 63a5ce4..2818634 100644
--- a/source3/lib/dbwrap_ctdb.c
+++ b/source3/lib/dbwrap_ctdb.c
@@ -405,8 +405,9 @@ static struct db_record *db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ct
return result;
}
-static int db_ctdb_record_destructor(struct db_record *rec)
+static int db_ctdb_record_destructor(struct db_record **recp)
{
+ struct db_record *rec = talloc_get_type_abort(*recp, struct db_record);
struct db_ctdb_transaction_handle *h = talloc_get_type_abort(
rec->private_data, struct db_ctdb_transaction_handle);
int ret = h->ctx->db->transaction_commit(h->ctx->db);
@@ -424,7 +425,7 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx
TDB_DATA key)
{
int res;
- struct db_record *rec;
+ struct db_record *rec, **recp;
res = db_ctdb_transaction_start(ctx->db);
if (res == -1) {
@@ -438,7 +439,14 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx
}
/* destroy this transaction when we release the lock */
- talloc_set_destructor((struct db_record *)talloc_new(rec), db_ctdb_record_destructor);
+ recp = talloc(rec, struct db_record *);
+ if (recp == NULL) {
+ ctx->db->transaction_cancel(ctx->db);
+ talloc_free(rec);
+ return NULL;
+ }
+ *recp = rec;
+ talloc_set_destructor(recp, db_ctdb_record_destructor);
return rec;
}
diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
index 3066db6..8bde963 100644
--- a/source3/winbindd/idmap_tdb2.c
+++ b/source3/winbindd/idmap_tdb2.c
@@ -94,12 +94,11 @@ static NTSTATUS idmap_tdb2_open_db(void)
*/
static NTSTATUS idmap_tdb2_alloc_load(void)
{
- const char *range;
uid_t low_uid = 0;
uid_t high_uid = 0;
gid_t low_gid = 0;
gid_t high_gid = 0;
- uint32 low_id, high_id;
+ uint32 low_id;
/* see if a idmap script is configured */
idmap_tdb2_state.idmap_script = lp_parm_const_string(-1, "idmap",
@@ -187,6 +186,10 @@ static NTSTATUS idmap_tdb2_allocate_id(struct unixid *xid)
uint32_t high_hwm;
uint32_t hwm;
int res;
+ NTSTATUS status;
+
+ status = idmap_tdb2_open_db();
+ NT_STATUS_NOT_OK_RETURN(status);
/* Get current high water mark */
switch (xid->type) {
@@ -264,6 +267,10 @@ static NTSTATUS idmap_tdb2_get_hwm(struct unixid *xid)
const char *hwmtype;
uint32_t hwm;
uint32_t high_hwm;
+ NTSTATUS status;
+
+ status = idmap_tdb2_open_db();
+ NT_STATUS_NOT_OK_RETURN(status);
/* Get current high water mark */
switch (xid->type) {
@@ -451,6 +458,10 @@ static NTSTATUS idmap_tdb2_id_to_sid(struct idmap_tdb2_context *ctx, struct id_m
NTSTATUS ret;
TDB_DATA data;
char *keystr;
+ NTSTATUS status;
+
+ status = idmap_tdb2_open_db();
+ NT_STATUS_NOT_OK_RETURN(status);
if (!ctx || !map) {
return NT_STATUS_INVALID_PARAMETER;
@@ -546,6 +557,10 @@ static NTSTATUS idmap_tdb2_sid_to_id(struct idmap_tdb2_context *ctx, struct id_m
TDB_DATA data;
char *keystr;
unsigned long rec_id = 0;
+ NTSTATUS status;
+
+ status = idmap_tdb2_open_db();
+ NT_STATUS_NOT_OK_RETURN(status);
if ((keystr = sid_string_talloc(ctx, map->sid)) == NULL) {
DEBUG(0, ("Out of memory!\n"));
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 5b5ca41..b8cb27c 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -111,7 +111,16 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
const char *alternative_name = NULL;
char *idmap_config_option;
const char *param;
+ const char **ignored_domains, **dom;
+ ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
+ for (dom=ignored_domains; dom && *dom; dom++) {
+ if (gen_fnmatch(*dom, domain_name) == 0) {
+ DEBUG(2,("Ignoring domain '%s'\n", domain_name));
+ return NULL;
+ }
+ }
+
/* ignore alt_name if we are not in an AD domain */
if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) {
@@ -436,6 +445,10 @@ static void rescan_forest_root_trusts( void )
&dom_list[i].sid );
}
+ if (d == NULL) {
+ continue;
+ }
+
DEBUG(10,("rescan_forest_root_trusts: Following trust path "
"for domain tree root %s (%s)\n",
d->name, d->alt_name ));
@@ -500,6 +513,10 @@ static void rescan_forest_trusts( void )
&cache_methods,
&dom_list[i].sid );
}
+
+ if (d == NULL) {
+ continue;
+ }
DEBUG(10,("Following trust path for domain %s (%s)\n",
d->name, d->alt_name ));
--
Samba Shared Repository
More information about the samba-cvs
mailing list