[SCM] Samba Shared Repository - branch master updated - 86612b1163d2dae8f707b6a038ad1a361c975973

Michael Adam obnox at samba.org
Mon Sep 29 11:59:48 GMT 2008 

The branch, master has been updated
       via  86612b1163d2dae8f707b6a038ad1a361c975973 (commit)
       via  7caa8c85acfb6d6f8e16e95788fa5e84c031e111 (commit)
       via  acf5f2e5b049f20049cb6c549a00ba4b95322aa0 (commit)
       via  a93dc2c8589428e409fca5a6c21db50db001fe92 (commit)
       via  b8c9daac6eb8a2bcdb14c71c1ddfbfeba4b9b54d (commit)
      from  4fa4a524de0647644abc842f34a926b458388b09 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 86612b1163d2dae8f707b6a038ad1a361c975973
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Sep 17 15:37:54 2008 +1000

    re-added "winbind:ignore domains" patch
    
    This option really is essential, as we discover again and again at
    customer sites. Due to bugs in winbind some domains are toxic. When
    you are installing at a site and a particular domain in a complex
    setup causes winbind to segfault or hang then you need a way to
    disable that domain and continue.
    
    In an ideal world winbind could handle arbitrarily complex ADS
    domains, but we are nowhere near that yet. If we ever get to that
    stage then we won't need this option.

commit 7caa8c85acfb6d6f8e16e95788fa5e84c031e111
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Sep 15 14:51:35 2008 +1000

    fixed an (unlikely) memory leak

commit acf5f2e5b049f20049cb6c549a00ba4b95322aa0
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Sep 15 14:27:50 2008 +1000

    fixed a segfault on the ctdb destructor code

commit a93dc2c8589428e409fca5a6c21db50db001fe92
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Sep 17 16:23:17 2008 +1000

    removed unused variables

commit b8c9daac6eb8a2bcdb14c71c1ddfbfeba4b9b54d
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Sep 17 16:15:40 2008 +1000

    fixed segv on startup with trusted domains
    
    With some setups, idmap_tdb2_allocate_id can be called before the
    allocate backend is initialised, leading to a segv. This change
    ensures that the db is opened in all paths that use it

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/dbwrap_ctdb.c        |   14 +++++++++++---
 source3/winbindd/idmap_tdb2.c    |   19 +++++++++++++++++--
 source3/winbindd/winbindd_util.c |   17 +++++++++++++++++
 3 files changed, 45 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/dbwrap_ctdb.c b/source3/lib/dbwrap_ctdb.c
index 63a5ce4..2818634 100644
--- a/source3/lib/dbwrap_ctdb.c
+++ b/source3/lib/dbwrap_ctdb.c
@@ -405,8 +405,9 @@ static struct db_record *db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ct
 	return result;
 }
 
-static int db_ctdb_record_destructor(struct db_record *rec)
+static int db_ctdb_record_destructor(struct db_record **recp)
 {
+	struct db_record *rec = talloc_get_type_abort(*recp, struct db_record);
 	struct db_ctdb_transaction_handle *h = talloc_get_type_abort(
 		rec->private_data, struct db_ctdb_transaction_handle);
 	int ret = h->ctx->db->transaction_commit(h->ctx->db);
@@ -424,7 +425,7 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx
 							 TDB_DATA key)
 {
 	int res;
-	struct db_record *rec;
+	struct db_record *rec, **recp;
 
 	res = db_ctdb_transaction_start(ctx->db);
 	if (res == -1) {
@@ -438,7 +439,14 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx
 	}
 
 	/* destroy this transaction when we release the lock */
-	talloc_set_destructor((struct db_record *)talloc_new(rec), db_ctdb_record_destructor);
+	recp = talloc(rec, struct db_record *);
+	if (recp == NULL) {
+		ctx->db->transaction_cancel(ctx->db);
+		talloc_free(rec);
+		return NULL;
+	}
+	*recp = rec;
+	talloc_set_destructor(recp, db_ctdb_record_destructor);
 	return rec;
 }
 
diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
index 3066db6..8bde963 100644
--- a/source3/winbindd/idmap_tdb2.c
+++ b/source3/winbindd/idmap_tdb2.c
@@ -94,12 +94,11 @@ static NTSTATUS idmap_tdb2_open_db(void)
 */
 static NTSTATUS idmap_tdb2_alloc_load(void)
 {
-	const char *range;
 	uid_t low_uid = 0;
 	uid_t high_uid = 0;
 	gid_t low_gid = 0;
 	gid_t high_gid = 0;
-	uint32 low_id, high_id;
+	uint32 low_id;
 
 	/* see if a idmap script is configured */
 	idmap_tdb2_state.idmap_script = lp_parm_const_string(-1, "idmap",
@@ -187,6 +186,10 @@ static NTSTATUS idmap_tdb2_allocate_id(struct unixid *xid)
 	uint32_t high_hwm;
 	uint32_t hwm;
 	int res;
+	NTSTATUS status;
+
+	status = idmap_tdb2_open_db();
+	NT_STATUS_NOT_OK_RETURN(status);
 
 	/* Get current high water mark */
 	switch (xid->type) {
@@ -264,6 +267,10 @@ static NTSTATUS idmap_tdb2_get_hwm(struct unixid *xid)
 	const char *hwmtype;
 	uint32_t hwm;
 	uint32_t high_hwm;
+	NTSTATUS status;
+
+	status = idmap_tdb2_open_db();
+	NT_STATUS_NOT_OK_RETURN(status);
 
 	/* Get current high water mark */
 	switch (xid->type) {
@@ -451,6 +458,10 @@ static NTSTATUS idmap_tdb2_id_to_sid(struct idmap_tdb2_context *ctx, struct id_m
 	NTSTATUS ret;
 	TDB_DATA data;
 	char *keystr;
+	NTSTATUS status;
+
+	status = idmap_tdb2_open_db();
+	NT_STATUS_NOT_OK_RETURN(status);
 
 	if (!ctx || !map) {
 		return NT_STATUS_INVALID_PARAMETER;
@@ -546,6 +557,10 @@ static NTSTATUS idmap_tdb2_sid_to_id(struct idmap_tdb2_context *ctx, struct id_m
 	TDB_DATA data;
 	char *keystr;
 	unsigned long rec_id = 0;
+	NTSTATUS status;
+
+	status = idmap_tdb2_open_db();
+	NT_STATUS_NOT_OK_RETURN(status);
 
 	if ((keystr = sid_string_talloc(ctx, map->sid)) == NULL) {
 		DEBUG(0, ("Out of memory!\n"));
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 5b5ca41..b8cb27c 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -111,7 +111,16 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
 	const char *alternative_name = NULL;
 	char *idmap_config_option;
 	const char *param;
+	const char **ignored_domains, **dom;
 	
+	ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
+	for (dom=ignored_domains; dom && *dom; dom++) {
+		if (gen_fnmatch(*dom, domain_name) == 0) {
+			DEBUG(2,("Ignoring domain '%s'\n", domain_name));
+			return NULL;
+		}
+	}
+
 	/* ignore alt_name if we are not in an AD domain */
 	
 	if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) {
@@ -436,6 +445,10 @@ static void rescan_forest_root_trusts( void )
 						&dom_list[i].sid );
 		}
 
+		if (d == NULL) {
+			continue;
+		}
+
        		DEBUG(10,("rescan_forest_root_trusts: Following trust path "
 			  "for domain tree root %s (%s)\n",
 	       		  d->name, d->alt_name ));
@@ -500,6 +513,10 @@ static void rescan_forest_trusts( void )
 							&cache_methods,
 							&dom_list[i].sid );
 			}
+
+			if (d == NULL) {
+				continue;
+			}
 			
 			DEBUG(10,("Following trust path for domain %s (%s)\n",
 				  d->name, d->alt_name ));


-- 
Samba Shared Repository

More information about the samba-cvs mailing list