Fix winbind client code so that winbind calls are not made if the

requested name does not have a winbind separator character. This
makes the intent explicit. Tim, contact me if this is not what
you indended.
Jeremy.
(This used to be commit 86b7cf7f85840316052ff29115bf55c04dc17486)

2 files changed, 43 insertions, 15 deletions

diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c
index 9b720e5ea4..92fdd62b15 100644
--- a/source3/nsswitch/wb_client.c
+++ b/source3/nsswitch/wb_client.c
@@ -34,11 +34,8 @@ NSS_STATUS winbindd_request(int req_type,
 
 static void parse_domain_user(char *domuser, fstring domain, fstring user)
 {
-        char *p;
-        char *sep = lp_winbind_separator();
-        if (!sep) sep = "\\";
-        p = strchr(domuser,*sep);
-        if (!p) p = strchr(domuser,'\\');
+        char *p = strchr(domuser,*lp_winbind_separator());
+
         if (!p) {
                 fstrcpy(domain,"");
                 fstrcpy(user, domuser);
@@ -63,6 +60,13 @@ BOOL winbind_lookup_name(const char *name, DOM_SID *sid,
 	if (!sid || !name_type)
 		return False;
 
+	/*
+	 * Don't do the lookup if the name has no separator.
+	 */
+
+	if (!strchr(name, *lp_winbind_separator()))
+		return False;
+
 	/* Send off request */
 
 	ZERO_STRUCT(request);
@@ -285,13 +289,10 @@ int winbind_initgroups(char *user, gid_t gid)
 {
 	gid_t *tgr, *groups = NULL;
 	int result;
-	char *sep;
 
 	/* Call normal initgroups if we are a local user */
 
-	sep = lp_winbind_separator();
-
-	if (!strchr(user, *sep)) {
+	if (!strchr(user, *lp_winbind_separator())) {
 		return initgroups(user, gid);
 	}
 
@@ -362,11 +363,19 @@ int winbind_getgroups(const char *user, int size, gid_t *list)
 	gid_t *groups = NULL;
 	int result, i;
 
+	/*
+	 * Don't do the lookup if the name has no separator.
+	 */
+
+	if (!strchr(user, *lp_winbind_separator()))
+		return -1;
+
 	/* Fetch list of groups */
 
 	result = wb_getgroups(user, &groups);
 
-	if (size == 0) goto done;
+	if (size == 0)
+		goto done;
 
 	if (result > size) {
 		result = -1;
@@ -422,7 +431,7 @@ BOOL winbind_gidtoname(fstring name, gid_t gid)
 	if (!winbind_lookup_sid(&sid, dom_name, group_name, &name_type))
 		return False;
 
-	if (name_type != SID_NAME_USER)
+	if (name_type != SID_NAME_DOM_GRP)
 		return False;
 
 	slprintf(name, sizeof(fstring)-1, "%s%s%s", dom_name, 
@@ -438,9 +447,8 @@ BOOL winbind_nametouid(uid_t *puid, const char *name)
 	DOM_SID sid;
 	enum SID_NAME_USE name_type;
 
-	if (!winbind_lookup_name(name, &sid, &name_type)) {
+	if (!winbind_lookup_name(name, &sid, &name_type))
                 return False;
-        }
 
 	if (name_type != SID_NAME_USER)
 		return False;
@@ -455,9 +463,8 @@ BOOL winbind_nametogid(gid_t *pgid, const char *gname)
 	DOM_SID g_sid;
 	enum SID_NAME_USE name_type;
 
-	if (!winbind_lookup_name(gname, &g_sid, &name_type)) {
+	if (!winbind_lookup_name(gname, &g_sid, &name_type))
                 return False;
-        }
 
 	if (name_type != SID_NAME_DOM_GRP)
 		return False;
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index d29b144147..d154615db6 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -244,6 +244,13 @@ static BOOL wbinfo_lookupname(char *name)
 	struct winbindd_request request;
 	struct winbindd_response response;
 
+	/*
+	 * Don't do the lookup if the name has no separator.
+	 */
+ 
+	if (!strchr(name, *lp_winbind_separator()))
+		return False;
+
 	/* Send off request */
 
 	ZERO_STRUCT(request);
@@ -271,6 +278,13 @@ static BOOL wbinfo_auth(char *username)
         NSS_STATUS result;
         char *p;
 
+	/*
+	 * Don't do the lookup if the name has no separator.
+	 */
+ 
+	if (!strchr(username, *lp_winbind_separator()))
+		return False;
+
 	/* Send off request */
 
 	ZERO_STRUCT(request);
@@ -306,6 +320,13 @@ static BOOL wbinfo_auth_crap(char *username)
         fstring pass;
         char *p;
 
+	/*
+	 * Don't do the lookup if the name has no separator.
+	 */
+ 
+	if (!strchr(username, *lp_winbind_separator()))
+		return False;
+
 	/* Send off request */
 
 	ZERO_STRUCT(request);