From 86612b1163d2dae8f707b6a038ad1a361c975973 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 17 Sep 2008 15:37:54 +1000 Subject: re-added "winbind:ignore domains" patch This option really is essential, as we discover again and again at customer sites. Due to bugs in winbind some domains are toxic. When you are installing at a site and a particular domain in a complex setup causes winbind to segfault or hang then you need a way to disable that domain and continue. In an ideal world winbind could handle arbitrarily complex ADS domains, but we are nowhere near that yet. If we ever get to that stage then we won't need this option. --- source3/winbindd/winbindd_util.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'source3') diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 5b5ca41a74..b8cb27c797 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -111,7 +111,16 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const const char *alternative_name = NULL; char *idmap_config_option; const char *param; + const char **ignored_domains, **dom; + ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL); + for (dom=ignored_domains; dom && *dom; dom++) { + if (gen_fnmatch(*dom, domain_name) == 0) { + DEBUG(2,("Ignoring domain '%s'\n", domain_name)); + return NULL; + } + } + /* ignore alt_name if we are not in an AD domain */ if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) { @@ -436,6 +445,10 @@ static void rescan_forest_root_trusts( void ) &dom_list[i].sid ); } + if (d == NULL) { + continue; + } + DEBUG(10,("rescan_forest_root_trusts: Following trust path " "for domain tree root %s (%s)\n", d->name, d->alt_name )); @@ -500,6 +513,10 @@ static void rescan_forest_trusts( void ) &cache_methods, &dom_list[i].sid ); } + + if (d == NULL) { + continue; + } DEBUG(10,("Following trust path for domain %s (%s)\n", d->name, d->alt_name )); -- cgit