DEBUG(3, ("[%5lu]: getgroups %s\n", (unsigned long)state->pid,
state->request.data.username));
- /* when using "winbind use default domain" we need to avoid that
- * initgroups() requests from NSS hit our DC too badly for accounts
- * that will never be on the remote DC */
-
- if (lp_winbind_use_default_domain()) {
-
- const char **list = lp_winbind_initgroups_blacklist();
- int i;
-
- if (!list || !list[0]) {
- goto parse;
- }
-
- for (i=0; list[i] != NULL; i++) {
-
- if (strequal(state->request.data.username, list[i])) {
- DEBUG(3,("ignoring blacklisted user [%s] for getgroups\n",
- state->request.data.username));
- request_ok(state);
- return;
- }
- }
- }
- parse:
/* Parse domain and username */
s = TALLOC_P(state->mem_ctx, struct getgroups_state);
BOOL bWinbindRefreshTickets;
BOOL bWinbindOfflineLogon;
char **szIdmapBackend;
- char **szWinbindInitgroupsBlacklist;
char *szAddShareCommand;
char *szChangeShareCommand;
char *szDeleteShareCommand;
{"winbind nss info", P_LIST, P_GLOBAL, &Globals.szWinbindNssInfo, NULL, NULL, FLAG_ADVANCED},
{"winbind refresh tickets", P_BOOL, P_GLOBAL, &Globals.bWinbindRefreshTickets, NULL, NULL, FLAG_ADVANCED},
{"winbind offline logon", P_BOOL, P_GLOBAL, &Globals.bWinbindOfflineLogon, NULL, NULL, FLAG_ADVANCED},
- {"winbind initgroups blacklist", P_LIST, P_GLOBAL, &Globals.szWinbindInitgroupsBlacklist, NULL, NULL, FLAG_ADVANCED},
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
};
Globals.szWinbindNssInfo = str_list_make("template", NULL);
Globals.bWinbindRefreshTickets = False;
Globals.bWinbindOfflineLogon = False;
- Globals.szWinbindInitgroupsBlacklist = str_list_make("root nobody lp", NULL);
Globals.bPassdbExpandExplicit = False;
FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon)
FN_GLOBAL_LIST(lp_idmap_backend, &Globals.szIdmapBackend)
-FN_GLOBAL_LIST(lp_winbind_initgroups_blacklist, &Globals.szWinbindInitgroupsBlacklist)
FN_GLOBAL_BOOL(lp_passdb_expand_explicit, &Globals.bPassdbExpandExplicit)
FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)