diff options
Diffstat (limited to 'source3/nsswitch/winbindd_group.c')
| -rw-r--r-- | source3/nsswitch/winbindd_group.c | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 14ebb78466..b3ded2a2f4 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -193,8 +193,8 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) enum SID_NAME_USE name_type; fstring name_domain, name_group; char *tmp, *gr_mem; - int gr_mem_len; gid_t gid; + int gr_mem_len; /* Ensure null termination */ state->request.data.groupname[sizeof(state->request.data.groupname)-1]='\0'; @@ -210,6 +210,11 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) if (!parse_domain_user(tmp, name_domain, name_group)) return WINBINDD_ERROR; + /* fail if we are a PDC and this is our domain; should be done by passdb */ + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) ) + return WINBINDD_ERROR; + /* Get info for the domain */ if ((domain = find_domain_from_name(name_domain)) == NULL) { @@ -233,7 +238,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - if (NT_STATUS_IS_ERR(sid_to_gid(&group_sid, &gid))) { + if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) { DEBUG(1, ("error converting unix gid to sid\n")); return WINBINDD_ERROR; } @@ -278,7 +283,8 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) return WINBINDD_ERROR; /* Get rid from gid */ - if (NT_STATUS_IS_ERR(uid_to_sid(&group_sid, state->request.data.gid))) { + + if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &group_sid)) { DEBUG(1, ("could not convert gid %d to rid\n", state->request.data.gid)); return WINBINDD_ERROR; @@ -404,6 +410,9 @@ static BOOL get_sam_group_entries(struct getent_state *ent) if (ent->got_sam_entries) return False; + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp(lp_workgroup(), ent->domain_name)) + return False; if (!(mem_ctx = talloc_init("get_sam_group_entries(%s)", ent->domain_name))) { @@ -589,7 +598,9 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) sid_copy(&group_sid, &domain->sid); sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid); - if (NT_STATUS_IS_ERR(sid_to_gid(&group_sid, &group_gid))) { + if (!winbindd_idmap_get_gid_from_sid( + &group_sid, + &group_gid)) { DEBUG(1, ("could not look up gid for group %s\n", name_list[ent->sam_entry_index].acct_name)); @@ -738,6 +749,11 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) for (domain = domain_list(); domain; domain = domain->next) { struct getent_state groups; + + /* fail if we are a PDC and this is our domain; should be done by passdb */ + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) ) + continue; ZERO_STRUCT(groups); @@ -830,6 +846,11 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) name_user)) goto done; + /* fail if we are a PDC and this is our domain; should be done by passdb */ + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( name_domain, lp_workgroup()) ) + return WINBINDD_ERROR; + /* Get info for the domain */ if ((domain = find_domain_from_name(name_domain)) == NULL) { @@ -866,16 +887,16 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) goto done; for (i = 0; i < num_groups; i++) { - gid_t gid; - - if (NT_STATUS_IS_ERR(sid_to_gid(user_gids[i], &gid))) { + if (!winbindd_idmap_get_gid_from_sid( + user_gids[i], + &gid_list[num_gids])) { fstring sid_string; DEBUG(1, ("unable to convert group sid %s to gid\n", sid_to_string(sid_string, user_gids[i]))); continue; } - gid_list[num_gids] = gid; + num_gids++; } |