The Samba-Bugzilla – Attachment 9059 Details for
Bug 10034
wbinfo -u should only operate on its own domain by default
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
v4-1-test patch
0001-nsswitch-Don-t-enumerate-all-domains-with-wbinfo-u-g.patch (text/plain), 4.53 KB, created by
Andreas Schneider
on 2013-07-18 10:15:08 UTC
(
hide
)
Description:
v4-1-test patch
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2013-07-18 10:15:08 UTC
Size:
4.53 KB
patch
obsolete
>From 6672978f340fdd6b56a920f4f15e7b0147f17f66 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 17 Jul 2013 16:13:22 +0200 >Subject: [PATCH] nsswitch: Don't enumerate all domains with wbinfo -u|-g. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >By default wbinfo -u|-g should only enumerate the domain winbindd is >joined to. The command can be harmfull if you have e.g. 30 domains and >700k users. Then the parent will collect all information and the >oom-killer will kill winbind. As we still want to support it, you can >enable it the old behaviour with wbinfo --domain='*' -u. This is >a measure that sysadmins don't shoot themself. > >https://bugzilla.samba.org/show_bug.cgi?id=10034 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Günther Deschner <gd@samba.org> > >Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> >Autobuild-Date(master): Thu Jul 18 11:54:58 CEST 2013 on sn-devel-104 > >(cherry picked from commit 33bce26fcf2e82b9c381eeb32e1d731d3965e22f) >--- > docs-xml/manpages/wbinfo.1.xml | 9 +++++---- > nsswitch/wbinfo.c | 22 ++++++++++++++++++---- > 2 files changed, 23 insertions(+), 8 deletions(-) > >diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml >index d886082..5b0045a 100644 >--- a/docs-xml/manpages/wbinfo.1.xml >+++ b/docs-xml/manpages/wbinfo.1.xml >@@ -146,8 +146,9 @@ > <listitem><para>This parameter sets the domain on which any specified > operations will performed. If special domain name '.' is used to represent > the current domain to which <citerefentry><refentrytitle>winbindd</refentrytitle> >- <manvolnum>8</manvolnum></citerefentry> belongs. Currently only the >- <option>-u</option>, and <option>-g</option> options honor this parameter. >+ <manvolnum>8</manvolnum></citerefentry> belongs. A '*' as the domain name >+ means to enumerate over all domains (NOTE: This can take a long time and use >+ a lot of memory). > </para></listitem> > </varlistentry> > >@@ -181,7 +182,7 @@ > <listitem><para>This option will list all groups available > in the Windows NT domain for which the <citerefentry><refentrytitle>samba</refentrytitle> > <manvolnum>7</manvolnum></citerefentry> daemon is operating in. Groups in all trusted domains >- will also be listed. Note that this operation does not assign >+ can be listed with the --domain='*' option. Note that this operation does not assign > group ids to any groups that have not already been > seen by <citerefentry><refentrytitle>winbindd</refentrytitle> > <manvolnum>8</manvolnum></citerefentry>. </para></listitem> >@@ -390,7 +391,7 @@ > <listitem><para>This option will list all users available > in the Windows NT domain for which the <citerefentry><refentrytitle>winbindd</refentrytitle> > <manvolnum>8</manvolnum></citerefentry> daemon is operating in. Users in all trusted domains >- will also be listed. Note that this operation does not assign >+ can be listed with the --domain='*' option. Note that this operation does not assign > user ids to any users that have not already been seen by <citerefentry> > <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> > .</para></listitem> >diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c >index 1d1557d..a1ca7fc 100644 >--- a/nsswitch/wbinfo.c >+++ b/nsswitch/wbinfo.c >@@ -1926,9 +1926,16 @@ static bool print_domain_users(const char *domain) > > /* Send request to winbind daemon */ > >- /* '.' is the special sign for our own domain */ >- if (domain && strcmp(domain, ".") == 0) { >+ if (domain == NULL) { > domain = get_winbind_domain(); >+ } else { >+ /* '.' is the special sign for our own domain */ >+ if ((domain[0] == '\0') || strcmp(domain, ".") == 0) { >+ domain = get_winbind_domain(); >+ /* '*' is the special sign for all domains */ >+ } else if (strcmp(domain, "*") == 0) { >+ domain = NULL; >+ } > } > > wbc_status = wbcListUsers(domain, &num_users, &users); >@@ -1956,9 +1963,16 @@ static bool print_domain_groups(const char *domain) > > /* Send request to winbind daemon */ > >- /* '.' is the special sign for our own domain */ >- if (domain && strcmp(domain, ".") == 0) { >+ if (domain == NULL) { > domain = get_winbind_domain(); >+ } else { >+ /* '.' is the special sign for our own domain */ >+ if ((domain[0] == '\0') || strcmp(domain, ".") == 0) { >+ domain = get_winbind_domain(); >+ /* '*' is the special sign for all domains */ >+ } else if (strcmp(domain, "*") == 0) { >+ domain = NULL; >+ } > } > > wbc_status = wbcListGroups(domain, &num_groups, &groups); >-- >1.8.3.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9059">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
asn
:
review?
(
gd
)
Actions:
View
Attachments on
bug 10034
: 9059