diff options
author | Andreas Schneider <asn@samba.org> | 2013-07-17 16:13:22 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2013-07-18 11:54:56 +0200 |
commit | 33bce26fcf2e82b9c381eeb32e1d731d3965e22f (patch) | |
tree | dbe48c4c5c67221f264806764efc41f643508036 /nsswitch | |
parent | 7420574c74be1f5ea308c8ebfc572683d1e755d4 (diff) | |
download | samba-33bce26fcf2e82b9c381eeb32e1d731d3965e22f.tar.gz samba-33bce26fcf2e82b9c381eeb32e1d731d3965e22f.tar.bz2 samba-33bce26fcf2e82b9c381eeb32e1d731d3965e22f.zip |
nsswitch: Don't enumerate all domains with wbinfo -u|-g.
By default wbinfo -u|-g should only enumerate the domain winbindd is
joined to. The command can be harmfull if you have e.g. 30 domains and
700k users. Then the parent will collect all information and the
oom-killer will kill winbind. As we still want to support it, you can
enable it the old behaviour with wbinfo --domain='*' -u. This is
a measure that sysadmins don't shoot themself.
https://bugzilla.samba.org/show_bug.cgi?id=10034
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 18 11:54:58 CEST 2013 on sn-devel-104
Diffstat (limited to 'nsswitch')
-rw-r--r-- | nsswitch/wbinfo.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index 1d1557dcb1..a1ca7fc574 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -1926,9 +1926,16 @@ static bool print_domain_users(const char *domain) /* Send request to winbind daemon */ - /* '.' is the special sign for our own domain */ - if (domain && strcmp(domain, ".") == 0) { + if (domain == NULL) { domain = get_winbind_domain(); + } else { + /* '.' is the special sign for our own domain */ + if ((domain[0] == '\0') || strcmp(domain, ".") == 0) { + domain = get_winbind_domain(); + /* '*' is the special sign for all domains */ + } else if (strcmp(domain, "*") == 0) { + domain = NULL; + } } wbc_status = wbcListUsers(domain, &num_users, &users); @@ -1956,9 +1963,16 @@ static bool print_domain_groups(const char *domain) /* Send request to winbind daemon */ - /* '.' is the special sign for our own domain */ - if (domain && strcmp(domain, ".") == 0) { + if (domain == NULL) { domain = get_winbind_domain(); + } else { + /* '.' is the special sign for our own domain */ + if ((domain[0] == '\0') || strcmp(domain, ".") == 0) { + domain = get_winbind_domain(); + /* '*' is the special sign for all domains */ + } else if (strcmp(domain, "*") == 0) { + domain = NULL; + } } wbc_status = wbcListGroups(domain, &num_groups, &groups); |