[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-3057-g41898a4
Jeremy Allison
jra at samba.org
Mon Sep 29 23:06:08 GMT 2008
The branch, v3-2-test has been updated
via 41898a42c1ad7d382088799a6e3f712583808d20 (commit)
from 3a2a70996919a7ee08fea40b8e5f1cf2e3bd7caf (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 41898a42c1ad7d382088799a6e3f712583808d20
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Sep 29 16:04:23 2008 -0700
re-added "winbind:ignore domains" patch
This option really is essential, as we discover again and again at
customer sites. Due to bugs in winbind some domains are toxic. When
you are installing at a site and a particular domain in a complex
setup causes winbind to segfault or hang then you need a way to
disable that domain and continue.
In an ideal world winbind could handle arbitrarily complex ADS
domains, but we are nowhere near that yet. If we ever get to that
stage then we won't need this option.
-----------------------------------------------------------------------
Summary of changes:
source/winbindd/winbindd_util.c | 24 +++++++++++++++++++++---
1 files changed, 21 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c
index cfe9136..3425b4c 100644
--- a/source/winbindd/winbindd_util.c
+++ b/source/winbindd/winbindd_util.c
@@ -109,13 +109,23 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
{
struct winbindd_domain *domain;
const char *alternative_name = NULL;
-
+ const char *param;
+ const char **ignored_domains, **dom;
+
+ ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
+ for (dom=ignored_domains; dom && *dom; dom++) {
+ if (gen_fnmatch(*dom, domain_name) == 0) {
+ DEBUG(2,("Ignoring domain '%s'\n", domain_name));
+ return NULL;
+ }
+ }
+
/* ignore alt_name if we are not in an AD domain */
-
+
if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) {
alternative_name = alt_name;
}
-
+
/* We can't call domain_list() as this function is called from
init_domain_list() and we'll get stuck in a loop. */
for (domain = _domain_list; domain; domain = domain->next) {
@@ -402,6 +412,10 @@ static void rescan_forest_root_trusts( void )
&dom_list[i].sid );
}
+ if (d == NULL) {
+ continue;
+ }
+
DEBUG(10,("rescan_forest_root_trusts: Following trust path "
"for domain tree root %s (%s)\n",
d->name, d->alt_name ));
@@ -466,6 +480,10 @@ static void rescan_forest_trusts( void )
&cache_methods,
&dom_list[i].sid );
}
+
+ if (d == NULL) {
+ continue;
+ }
DEBUG(10,("Following trust path for domain %s (%s)\n",
d->name, d->alt_name ));
--
Samba Shared Repository
More information about the samba-cvs
mailing list