The Samba-Bugzilla – Attachment 4966 Details for
Bug 6899
implement nss_initgroups_ignoreusers or similar
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Similar patch for 3.4.3
samba-3.4.3-winbind-initgroup-ignore.patch (text/plain), 3.60 KB, created by
Nick (550-5.1.1 The email account that you tried to reach does not exist)
on 2009-11-19 09:22:57 UTC
(
hide
)
Description:
Similar patch for 3.4.3
Filename:
MIME Type:
Creator:
Nick (550-5.1.1 The email account that you tried to reach does not exist)
Created:
2009-11-19 09:22:57 UTC
Size:
3.60 KB
patch
obsolete
>diff -U3 -r samba-3.4.3.orig/nsswitch/winbind_nss_linux.c samba-3.4.3/nsswitch/winbind_nss_linux.c >--- samba-3.4.3.orig/nsswitch/winbind_nss_linux.c 2009-10-29 00:47:16.000000000 -0700 >+++ samba-3.4.3/nsswitch/winbind_nss_linux.c 2009-11-18 10:07:52.000000000 -0800 >@@ -1034,6 +1034,17 @@ > user, group); > #endif > >+ /* Don't initialize supplementary groups for root, so core services >+ initialized as root won't hang if winbind is waiting on something */ >+ if (!strcmp(user, "root")) { >+#ifdef DEBUG_NSS >+ fprintf(stderr, "[%5d]: initgroups ignoring user 'root'\n", >+ getpid()); >+#endif >+ ret = NSS_STATUS_SUCCESS; >+ goto done; >+ } >+ > #if HAVE_PTHREAD > pthread_mutex_lock(&winbind_nss_mutex); > #endif >diff -U3 -r samba-3.4.3.orig/source3/include/proto.h samba-3.4.3/source3/include/proto.h >--- samba-3.4.3.orig/source3/include/proto.h 2009-10-29 00:47:16.000000000 -0700 >+++ samba-3.4.3/source3/include/proto.h 2009-11-18 09:59:40.000000000 -0800 >@@ -3971,6 +3971,7 @@ > bool lp_winbind_offline_logon(void); > bool lp_winbind_normalize_names(void); > bool lp_winbind_rpc_only(void); >+const char **lp_winbind_initgroups_ignoreusers(void); > const char **lp_idmap_domains(void); > const char *lp_idmap_backend(void); > char *lp_idmap_alloc_backend(void); >diff -U3 -r samba-3.4.3.orig/source3/param/loadparm.c samba-3.4.3/source3/param/loadparm.c >--- samba-3.4.3.orig/source3/param/loadparm.c 2009-10-29 00:47:16.000000000 -0700 >+++ samba-3.4.3/source3/param/loadparm.c 2009-11-18 09:59:40.000000000 -0800 >@@ -350,6 +350,7 @@ > int cups_connection_timeout; > char *szSMBPerfcountModule; > bool bMapUntrustedToDomain; >+ char **szWinbindInitgroupsIgnoreusers; > }; > > static struct global Globals; >@@ -4568,6 +4569,15 @@ > .enum_list = NULL, > .flags = FLAG_ADVANCED, > }, >+ { >+ .label = "winbind initgroups ignoreusers", >+ .type = P_LIST, >+ .p_class = P_GLOBAL, >+ .ptr = &Globals.szWinbindInitgroupsIgnoreusers, >+ .special = NULL, >+ .enum_list = NULL, >+ .flags = FLAG_ADVANCED, >+ }, > > {NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0} > }; >@@ -5336,6 +5346,7 @@ > FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon) > FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames) > FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly) >+FN_GLOBAL_LIST(lp_winbind_initgroups_ignoreusers, &Globals.szWinbindInitgroupsIgnoreusers) > > FN_GLOBAL_CONST_STRING(lp_idmap_backend, &Globals.szIdmapBackend) > FN_GLOBAL_STRING(lp_idmap_alloc_backend, &Globals.szIdmapAllocBackend) >diff -U3 -r samba-3.4.3.orig/source3/winbindd/winbindd_group.c samba-3.4.3/source3/winbindd/winbindd_group.c >--- samba-3.4.3.orig/source3/winbindd/winbindd_group.c 2009-10-29 00:47:16.000000000 -0700 >+++ samba-3.4.3/source3/winbindd/winbindd_group.c 2009-11-18 10:02:28.000000000 -0800 >@@ -1543,6 +1543,8 @@ > struct getgroups_state *s; > char *real_name = NULL; > NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; >+ unsigned int i; >+ char **ignoreusers; > > /* Ensure null termination */ > state->request.data.username >@@ -1551,6 +1553,20 @@ > DEBUG(3, ("[%5lu]: getgroups %s\n", (unsigned long)state->pid, > state->request.data.username)); > >+ /* Don't even lookup users we want to ignore. */ >+ >+ ignoreusers = lp_winbind_initgroups_ignoreusers(); >+ if (ignoreusers) { >+ for (i = 0; ignoreusers[i] && i < UINT_MAX; i++) { >+ if (!strcmp(ignoreusers[i], state->request.data.username)) { >+ DEBUG(3, ("[%5lu]: getgroups ignoring user %s\n", >+ (unsigned long)state->pid, state->request.data.username)); >+ state->finished = True; >+ return; >+ } >+ } >+ } >+ > /* Parse domain and username */ > > s = TALLOC_P(state->mem_ctx, struct getgroups_state);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4966">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6899
:
4961
| 4966