summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_group.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/nsswitch/winbindd_group.c')
-rw-r--r--source3/nsswitch/winbindd_group.c27
1 files changed, 21 insertions, 6 deletions
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index 38d47ca3d7..6e7a242379 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -41,8 +41,8 @@ static BOOL fill_grent(struct winbindd_gr *gr, const char *dom_name,
const char *gr_name, gid_t unix_gid)
{
fstring full_group_name;
- /* Fill in uid/gid */
- fill_domain_username(full_group_name, dom_name, gr_name);
+
+ fill_domain_username( full_group_name, dom_name, gr_name, False);
gr->gr_gid = unix_gid;
@@ -146,7 +146,7 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain,
/* Append domain name */
- fill_domain_username(name, domain->name, the_name);
+ fill_domain_username(name, domain->name, the_name, False);
len = strlen(name);
@@ -201,7 +201,8 @@ done:
void winbindd_getgrnam(struct winbindd_cli_state *state)
{
- DOM_SID group_sid;
+ DOM_SID group_sid, tmp_sid;
+ uint32 grp_rid;
struct winbindd_domain *domain;
enum SID_NAME_USE name_type;
fstring name_domain, name_group;
@@ -270,6 +271,20 @@ void winbindd_getgrnam(struct winbindd_cli_state *state)
return;
}
+ /* Make sure that the group SID is within the domain of the
+ original domain */
+
+ sid_copy( &tmp_sid, &group_sid );
+ sid_split_rid( &tmp_sid, &grp_rid );
+ if ( !sid_equal( &tmp_sid, &domain->sid ) ) {
+ DEBUG(3,("winbindd_getgrnam: group %s resolves to a SID in the wrong domain [%s]\n",
+ state->request.data.groupname, sid_string_static(&group_sid)));
+ request_error(state);
+ return;
+ }
+
+
+
/* Try to get the GID */
status = idmap_sid_to_gid(&group_sid, &gid, 0);
@@ -731,7 +746,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state)
/* Fill in group entry */
fill_domain_username(domain_group_name, ent->domain_name,
- name_list[ent->sam_entry_index].acct_name);
+ name_list[ent->sam_entry_index].acct_name, False);
result = fill_grent(&group_list[group_list_ndx],
ent->domain_name,
@@ -905,7 +920,7 @@ void winbindd_list_groups(struct winbindd_cli_state *state)
groups.sam_entries)[i].acct_name;
fstring name;
- fill_domain_username(name, domain->name, group_name);
+ fill_domain_username(name, domain->name, group_name, False);
/* Append to extra data */
memcpy(&extra_data[extra_data_len], name,
strlen(name));
generated by cgit (git 2.34.1) at 2024-07-24 02:53:09 +0000