diff options
| author | Andrew Tridgell <tridge@samba.org> | 2002-07-14 23:45:55 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2002-07-14 23:45:55 +0000 |
| commit | 4dd9357dd55e0b65f99b42bfc6082ae3e2a19b0d (patch) | |
| tree | b4992b1bba9e141b3f47a376704ee063010a67ae /source3 | |
| parent | 050126e6844519c0587776932063e54b5f2c527c (diff) | |
| download | samba-4dd9357dd55e0b65f99b42bfc6082ae3e2a19b0d.tar.gz samba-4dd9357dd55e0b65f99b42bfc6082ae3e2a19b0d.tar.bz2 samba-4dd9357dd55e0b65f99b42bfc6082ae3e2a19b0d.zip | |
after thinking about the env variable hack for avoiding group membership
enumeration I realised it could be a security hole for setuid progs.
This adds a proper nss function instead.
(This used to be commit c7c49d87af5e9a0bef058e6d79188d8b11fefc02)
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/nsswitch/winbind_nss.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/source3/nsswitch/winbind_nss.c b/source3/nsswitch/winbind_nss.c index 681bcd2bf7..5dc3d32279 100644 --- a/source3/nsswitch/winbind_nss.c +++ b/source3/nsswitch/winbind_nss.c @@ -1054,14 +1054,15 @@ _nss_winbind_endgrent(void) /* Get next entry from ntdom group database */ -NSS_STATUS -_nss_winbind_getgrent_r(struct group *result, - char *buffer, size_t buflen, int *errnop) +static NSS_STATUS +winbind_getgrent(enum winbindd_cmd cmd, + struct group *result, + char *buffer, size_t buflen, int *errnop) { NSS_STATUS ret; static struct winbindd_request request; static int called_again; - enum winbindd_cmd cmd; + #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: getgrent\n", getpid()); @@ -1085,16 +1086,6 @@ _nss_winbind_getgrent_r(struct group *result, request.data.num_entries = MAX_GETGRENT_USERS; - /* this is a hack to work around the fact that posix doesn't - define a 'list groups' call and listing all group members can - be *very* expensive. We use an environment variable to give - us a saner call (tridge) */ - if (getenv("WINBIND_GETGRLST")) { - cmd = WINBINDD_GETGRLST; - } else { - cmd = WINBINDD_GETGRENT; - } - ret = winbindd_request(cmd, &request, &getgrent_response); @@ -1153,6 +1144,21 @@ _nss_winbind_getgrent_r(struct group *result, return ret; } + +NSS_STATUS +_nss_winbind_getgrent_r(struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop); +} + +NSS_STATUS +_nss_winbind_getgrlst_r(struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop); +} + /* Return group struct from group name */ NSS_STATUS |