summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2009-12-28 23:35:25 +0100
committerVolker Lendecke <vl@samba.org>2009-12-28 23:35:07 +0100
commite5fbff096373cf493f41ba2db921c14a884baf6a (patch)
treed8a335f7950bdcc8935bc5df2e492cd8876569fc /source3/winbindd
parentc0289d63c39401e9555d4852ac74043d70a085f3 (diff)
downloadsamba-e5fbff096373cf493f41ba2db921c14a884baf6a.tar.gz
samba-e5fbff096373cf493f41ba2db921c14a884baf6a.tar.bz2
samba-e5fbff096373cf493f41ba2db921c14a884baf6a.zip
s3: Check for lp_winbind_trusted_domains_only in wb_gettoken()
This avoids one walk of the domain list
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/wb_gettoken.c7
-rw-r--r--source3/winbindd/winbindd_getgroups.c24
2 files changed, 7 insertions, 24 deletions
diff --git a/source3/winbindd/wb_gettoken.c b/source3/winbindd/wb_gettoken.c
index 26189e5a97..ca407b2117 100644
--- a/source3/winbindd/wb_gettoken.c
+++ b/source3/winbindd/wb_gettoken.c
@@ -60,6 +60,13 @@ struct tevent_req *wb_gettoken_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
+ if (lp_winbind_trusted_domains_only() && domain->primary) {
+ DEBUG(7, ("wb_gettoken: My domain -- rejecting getgroups() "
+ "for %s.\n", sid_string_tos(sid)));
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
+ return tevent_req_post(req, ev);
+ }
+
subreq = wb_lookupusergroups_send(state, ev, domain, &state->usersid);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
diff --git a/source3/winbindd/winbindd_getgroups.c b/source3/winbindd/winbindd_getgroups.c
index 3bdf762c45..736eba698a 100644
--- a/source3/winbindd/winbindd_getgroups.c
+++ b/source3/winbindd/winbindd_getgroups.c
@@ -45,7 +45,6 @@ struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req, *subreq;
struct winbindd_getgroups_state *state;
char *domuser, *mapped_user;
- struct winbindd_domain *domain;
NTSTATUS status;
req = tevent_req_create(mem_ctx, &state,
@@ -76,29 +75,6 @@ struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
- domain = find_domain_from_name_noinit(state->domname);
- if (domain == NULL) {
- /* Retry with DNS name */
- char *p = strchr(domuser, '@');
- if (p != NULL) {
- domain = find_domain_from_name_noinit(p+1);
- }
- }
- if (domain == NULL) {
- DEBUG(7, ("could not find domain entry for domain %s\n",
- state->domname));
- tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
- return tevent_req_post(req, ev);
- }
-
- if (lp_winbind_trusted_domains_only() && domain->primary) {
- DEBUG(7,("winbindd_getgroups: My domain -- "
- "rejecting getgroups() for %s\\%s.\n",
- state->domname, state->username));
- tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
- return tevent_req_post(req, ev);
- }
-
subreq = wb_lookupname_send(state, ev, state->domname, state->username,
LOOKUP_NAME_NO_NSS);
if (tevent_req_nomem(subreq, req)) {