diff options
author | Volker Lendecke <vl@samba.org> | 2009-12-28 23:35:25 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2009-12-28 23:35:07 +0100 |
commit | e5fbff096373cf493f41ba2db921c14a884baf6a (patch) | |
tree | d8a335f7950bdcc8935bc5df2e492cd8876569fc /source3/winbindd | |
parent | c0289d63c39401e9555d4852ac74043d70a085f3 (diff) | |
download | samba-e5fbff096373cf493f41ba2db921c14a884baf6a.tar.gz samba-e5fbff096373cf493f41ba2db921c14a884baf6a.tar.bz2 samba-e5fbff096373cf493f41ba2db921c14a884baf6a.zip |
s3: Check for lp_winbind_trusted_domains_only in wb_gettoken()
This avoids one walk of the domain list
Diffstat (limited to 'source3/winbindd')
-rw-r--r-- | source3/winbindd/wb_gettoken.c | 7 | ||||
-rw-r--r-- | source3/winbindd/winbindd_getgroups.c | 24 |
2 files changed, 7 insertions, 24 deletions
diff --git a/source3/winbindd/wb_gettoken.c b/source3/winbindd/wb_gettoken.c index 26189e5a97..ca407b2117 100644 --- a/source3/winbindd/wb_gettoken.c +++ b/source3/winbindd/wb_gettoken.c @@ -60,6 +60,13 @@ struct tevent_req *wb_gettoken_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + if (lp_winbind_trusted_domains_only() && domain->primary) { + DEBUG(7, ("wb_gettoken: My domain -- rejecting getgroups() " + "for %s.\n", sid_string_tos(sid))); + tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); + return tevent_req_post(req, ev); + } + subreq = wb_lookupusergroups_send(state, ev, domain, &state->usersid); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); diff --git a/source3/winbindd/winbindd_getgroups.c b/source3/winbindd/winbindd_getgroups.c index 3bdf762c45..736eba698a 100644 --- a/source3/winbindd/winbindd_getgroups.c +++ b/source3/winbindd/winbindd_getgroups.c @@ -45,7 +45,6 @@ struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx, struct tevent_req *req, *subreq; struct winbindd_getgroups_state *state; char *domuser, *mapped_user; - struct winbindd_domain *domain; NTSTATUS status; req = tevent_req_create(mem_ctx, &state, @@ -76,29 +75,6 @@ struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } - domain = find_domain_from_name_noinit(state->domname); - if (domain == NULL) { - /* Retry with DNS name */ - char *p = strchr(domuser, '@'); - if (p != NULL) { - domain = find_domain_from_name_noinit(p+1); - } - } - if (domain == NULL) { - DEBUG(7, ("could not find domain entry for domain %s\n", - state->domname)); - tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); - return tevent_req_post(req, ev); - } - - if (lp_winbind_trusted_domains_only() && domain->primary) { - DEBUG(7,("winbindd_getgroups: My domain -- " - "rejecting getgroups() for %s\\%s.\n", - state->domname, state->username)); - tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); - return tevent_req_post(req, ev); - } - subreq = wb_lookupname_send(state, ev, state->domname, state->username, LOOKUP_NAME_NO_NSS); if (tevent_req_nomem(subreq, req)) { |