[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3057-g41898a4

Jeremy Allison jra at samba.org
Mon Sep 29 23:06:08 GMT 2008 

The branch, v3-2-test has been updated
       via  41898a42c1ad7d382088799a6e3f712583808d20 (commit)
      from  3a2a70996919a7ee08fea40b8e5f1cf2e3bd7caf (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 41898a42c1ad7d382088799a6e3f712583808d20
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Sep 29 16:04:23 2008 -0700

    re-added "winbind:ignore domains" patch
    
    This option really is essential, as we discover again and again at
    customer sites. Due to bugs in winbind some domains are toxic. When
    you are installing at a site and a particular domain in a complex
    setup causes winbind to segfault or hang then you need a way to
    disable that domain and continue.
    
    In an ideal world winbind could handle arbitrarily complex ADS
    domains, but we are nowhere near that yet. If we ever get to that
    stage then we won't need this option.

-----------------------------------------------------------------------

Summary of changes:
 source/winbindd/winbindd_util.c |   24 +++++++++++++++++++++---
 1 files changed, 21 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c
index cfe9136..3425b4c 100644
--- a/source/winbindd/winbindd_util.c
+++ b/source/winbindd/winbindd_util.c
@@ -109,13 +109,23 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
 {
 	struct winbindd_domain *domain;
 	const char *alternative_name = NULL;
-	
+        const char *param;
+        const char **ignored_domains, **dom;
+
+        ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
+        for (dom=ignored_domains; dom && *dom; dom++) {
+                if (gen_fnmatch(*dom, domain_name) == 0) {
+                        DEBUG(2,("Ignoring domain '%s'\n", domain_name));
+                        return NULL;
+                }
+        }
+
 	/* ignore alt_name if we are not in an AD domain */
-	
+
 	if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) {
 		alternative_name = alt_name;
 	}
-        
+
 	/* We can't call domain_list() as this function is called from
 	   init_domain_list() and we'll get stuck in a loop. */
 	for (domain = _domain_list; domain; domain = domain->next) {
@@ -402,6 +412,10 @@ static void rescan_forest_root_trusts( void )
 						&dom_list[i].sid );
 		}
 
+		if (d == NULL) {
+			continue;
+		}
+
        		DEBUG(10,("rescan_forest_root_trusts: Following trust path "
 			  "for domain tree root %s (%s)\n",
 	       		  d->name, d->alt_name ));
@@ -466,6 +480,10 @@ static void rescan_forest_trusts( void )
 							&cache_methods,
 							&dom_list[i].sid );
 			}
+
+			if (d == NULL) {
+				continue;
+			}
 			
 			DEBUG(10,("Following trust path for domain %s (%s)\n",
 				  d->name, d->alt_name ));


-- 
Samba Shared Repository

More information about the samba-cvs mailing list