summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2009-12-28 23:14:43 +0100
committerVolker Lendecke <vl@samba.org>2009-12-28 23:20:02 +0100
commitc0289d63c39401e9555d4852ac74043d70a085f3 (patch)
tree412acab7e99eb218fc998f363379c23f5d312f6b /source3/winbindd
parentb8fcba9cb8f508ffd97f00179dafa4537342c9c0 (diff)
downloadsamba-c0289d63c39401e9555d4852ac74043d70a085f3.tar.gz
samba-c0289d63c39401e9555d4852ac74043d70a085f3.tar.bz2
samba-c0289d63c39401e9555d4852ac74043d70a085f3.zip
s3: Move a lp_winbind_trusted_domains_only() check to wb_getgrsid()
winbindd_getgrgid was not protected by this.
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/wb_getgrsid.c11
-rw-r--r--source3/winbindd/winbindd_getgrnam.c23
2 files changed, 12 insertions, 22 deletions
diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index 03d71e45b9..bb93be2174 100644
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -52,6 +52,17 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
state->ev = ev;
state->max_nesting = max_nesting;
+ if (lp_winbind_trusted_domains_only()) {
+ struct winbindd_domain *our_domain = find_our_domain();
+
+ if (sid_compare_domain(group_sid, &our_domain->sid) == 0) {
+ DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
+ "getgrsid() for %s\n", sid_string_tos(group_sid)));
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
+ return tevent_req_post(req, ev);
+ }
+ }
+
subreq = wb_lookupsid_send(state, ev, &state->sid);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
diff --git a/source3/winbindd/winbindd_getgrnam.c b/source3/winbindd/winbindd_getgrnam.c
index d888393399..3ca1aa6111 100644
--- a/source3/winbindd/winbindd_getgrnam.c
+++ b/source3/winbindd/winbindd_getgrnam.c
@@ -40,7 +40,6 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
{
struct tevent_req *req, *subreq;
struct winbindd_getgrnam_state *state;
- struct winbindd_domain *domain;
char *tmp;
NTSTATUS nt_status;
@@ -77,27 +76,7 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
fstrcpy(state->name_domain, get_global_sam_name());
}
- /* Get info for the domain */
-
- domain = find_domain_from_name_noinit(state->name_domain);
- if (domain == NULL) {
- DEBUG(3, ("could not get domain sid for domain %s\n",
- state->name_domain));
- tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
- return tevent_req_post(req, ev);
- }
-
- /* should we deal with users for our domain? */
-
- if ( lp_winbind_trusted_domains_only() && domain->primary) {
- DEBUG(7,("winbindd_getgrnam: My domain -- rejecting "
- "getgrnam() for %s\\%s.\n", state->name_domain,
- state->name_group));
- tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
- return tevent_req_post(req, ev);
- }
-
- subreq = wb_lookupname_send(state, ev, domain->name, state->name_group,
+ subreq = wb_lookupname_send(state, ev, state->name_domain, state->name_group,
0);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);