diff options
author | Gerald Carter <jerry@samba.org> | 2007-05-30 19:47:35 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:22:58 -0500 |
commit | 9b78af1f64015ae63948de565754ad8f6af66cbe (patch) | |
tree | 0ba73b84f5118a3991433c23ca6983fc18d42b75 /source3/nsswitch/winbindd_passdb.c | |
parent | 4eab22b8938dfe846f7a12002c8ff8ae158acecd (diff) | |
download | samba-9b78af1f64015ae63948de565754ad8f6af66cbe.tar.gz samba-9b78af1f64015ae63948de565754ad8f6af66cbe.tar.bz2 samba-9b78af1f64015ae63948de565754ad8f6af66cbe.zip |
r23244: Fix loop with nscd and NSS recusive calls.
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
> winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
> getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent. So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ? But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now. The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
(This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
Diffstat (limited to 'source3/nsswitch/winbindd_passdb.c')
-rw-r--r-- | source3/nsswitch/winbindd_passdb.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/source3/nsswitch/winbindd_passdb.c b/source3/nsswitch/winbindd_passdb.c index 2a61908f0e..8b8c4c66c6 100644 --- a/source3/nsswitch/winbindd_passdb.c +++ b/source3/nsswitch/winbindd_passdb.c @@ -93,16 +93,28 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, /* convert a single name to a sid in a domain */ static NTSTATUS name_to_sid(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, + enum winbindd_cmd original_cmd, const char *domain_name, const char *name, DOM_SID *sid, enum lsa_SidType *type) { + uint32 flags = LOOKUP_NAME_ALL; + + switch ( original_cmd ) { + case WINBINDD_LOOKUPNAME: + /* This call is ok */ + break; + default: + /* Avoid any NSS calls in the lookup_name by default */ + flags |= LOOKUP_NAME_EXPLICIT; + DEBUG(10,("winbindd_passdb: limiting name_to_sid() to explicit mappings\n")); + break; + } + DEBUG(10, ("Finding name %s\n", name)); - if ( !lookup_name( mem_ctx, name, LOOKUP_NAME_ALL, - NULL, NULL, sid, type ) ) - { + if ( !lookup_name( mem_ctx, name, flags, NULL, NULL, sid, type ) ) { return NT_STATUS_NONE_MAPPED; } |