diff options
author | Volker Lendecke <vl@samba.org> | 2009-12-28 23:14:43 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2009-12-28 23:20:02 +0100 |
commit | c0289d63c39401e9555d4852ac74043d70a085f3 (patch) | |
tree | 412acab7e99eb218fc998f363379c23f5d312f6b /source3/winbindd | |
parent | b8fcba9cb8f508ffd97f00179dafa4537342c9c0 (diff) | |
download | samba-c0289d63c39401e9555d4852ac74043d70a085f3.tar.gz samba-c0289d63c39401e9555d4852ac74043d70a085f3.tar.bz2 samba-c0289d63c39401e9555d4852ac74043d70a085f3.zip |
s3: Move a lp_winbind_trusted_domains_only() check to wb_getgrsid()
winbindd_getgrgid was not protected by this.
Diffstat (limited to 'source3/winbindd')
-rw-r--r-- | source3/winbindd/wb_getgrsid.c | 11 | ||||
-rw-r--r-- | source3/winbindd/winbindd_getgrnam.c | 23 |
2 files changed, 12 insertions, 22 deletions
diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c index 03d71e45b9..bb93be2174 100644 --- a/source3/winbindd/wb_getgrsid.c +++ b/source3/winbindd/wb_getgrsid.c @@ -52,6 +52,17 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx, state->ev = ev; state->max_nesting = max_nesting; + if (lp_winbind_trusted_domains_only()) { + struct winbindd_domain *our_domain = find_our_domain(); + + if (sid_compare_domain(group_sid, &our_domain->sid) == 0) { + DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting " + "getgrsid() for %s\n", sid_string_tos(group_sid))); + tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP); + return tevent_req_post(req, ev); + } + } + subreq = wb_lookupsid_send(state, ev, &state->sid); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); diff --git a/source3/winbindd/winbindd_getgrnam.c b/source3/winbindd/winbindd_getgrnam.c index d888393399..3ca1aa6111 100644 --- a/source3/winbindd/winbindd_getgrnam.c +++ b/source3/winbindd/winbindd_getgrnam.c @@ -40,7 +40,6 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx, { struct tevent_req *req, *subreq; struct winbindd_getgrnam_state *state; - struct winbindd_domain *domain; char *tmp; NTSTATUS nt_status; @@ -77,27 +76,7 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx, fstrcpy(state->name_domain, get_global_sam_name()); } - /* Get info for the domain */ - - domain = find_domain_from_name_noinit(state->name_domain); - if (domain == NULL) { - DEBUG(3, ("could not get domain sid for domain %s\n", - state->name_domain)); - tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP); - return tevent_req_post(req, ev); - } - - /* should we deal with users for our domain? */ - - if ( lp_winbind_trusted_domains_only() && domain->primary) { - DEBUG(7,("winbindd_getgrnam: My domain -- rejecting " - "getgrnam() for %s\\%s.\n", state->name_domain, - state->name_group)); - tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP); - return tevent_req_post(req, ev); - } - - subreq = wb_lookupname_send(state, ev, domain->name, state->name_group, + subreq = wb_lookupname_send(state, ev, state->name_domain, state->name_group, 0); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); |