Should find_builtin_domain() really panic on failure?

David Mair dmair at
Thu Nov 8 18:08:26 GMT 2007

In find_builtin_domain() in nssswitch/winbindd_util.c if find_domain_from_sid()
with SID "S-1-5-32" (BUILTIN) fails then find_builtin_domain() panics.

In 3.0.26a, the only call site I find for find_builtin_domain() is in
winbindd_gettoken_async() nssswitch/winbindd_async.c

Rather than a panic, would it be appropriate for find_builtin_domain() to just
return the NULL to winbindd_gettoken_async() and let it do the same thing as it
does when find_domain_from_sid_noinit() fails, i.e. log a message and:

cont(private_data, False, NULL, 0);

Where I am unsure of the viability of that is in the broad function of the
BUILTIN domain. For example, if nothing else works without it and if failing
while looking it up once means it will always fail then the process is
non-functioning anyway. In that case find_builtin_domain() might as well panic.

Although a patch for 3.0.26a is enclosed it is my first and I apologise if I 
broke any protocol [sic].

David Mair.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: builtin-no-panic.patch
Type: text/x-patch
Size: 993 bytes
Desc: not available
Url :

More information about the samba-technical mailing list