re-added "winbind:ignore domains" patch

This option really is essential, as we discover again and again at
customer sites. Due to bugs in winbind some domains are toxic. When
you are installing at a site and a particular domain in a complex
setup causes winbind to segfault or hang then you need a way to
disable that domain and continue.

In an ideal world winbind could handle arbitrarily complex ADS
domains, but we are nowhere near that yet. If we ever get to that
stage then we won't need this option.

diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c
index cfe91366d5190cf377f189a341ab4360935ab254..3425b4cc9ca679478dcf0b2818687955db9d4dc0 100644 (file)
--- a/source/winbindd/winbindd_util.c
+++ b/source/winbindd/winbindd_util.c
@@ -109,13 +109,23 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
 {
        struct winbindd_domain *domain;
        const char *alternative_name = NULL;
-       
+        const char *param;
+        const char **ignored_domains, **dom;
+
+        ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
+        for (dom=ignored_domains; dom && *dom; dom++) {
+                if (gen_fnmatch(*dom, domain_name) == 0) {
+                        DEBUG(2,("Ignoring domain '%s'\n", domain_name));
+                        return NULL;
+                }
+        }
+
        /* ignore alt_name if we are not in an AD domain */
-       
+
        if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) {
                alternative_name = alt_name;
        }
-        
+
        /* We can't call domain_list() as this function is called from
           init_domain_list() and we'll get stuck in a loop. */
        for (domain = _domain_list; domain; domain = domain->next) {
@@ -402,6 +412,10 @@ static void rescan_forest_root_trusts( void )
                                                &dom_list[i].sid );
                }
 
+               if (d == NULL) {
+                       continue;
+               }
+
                        DEBUG(10,("rescan_forest_root_trusts: Following trust path "
                          "for domain tree root %s (%s)\n",
                          d->name, d->alt_name ));
@@ -466,6 +480,10 @@ static void rescan_forest_trusts( void )
                                                        &cache_methods,
                                                        &dom_list[i].sid );
                        }
+
+                       if (d == NULL) {
+                               continue;
+                       }
                        
                        DEBUG(10,("Following trust path for domain %s (%s)\n",
                                  d->name, d->alt_name ));