diff options
Diffstat (limited to 'source3/nsswitch')
| -rw-r--r-- | source3/nsswitch/winbindd_group.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index de19ee02b5..676bf918b4 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -1018,6 +1018,30 @@ void winbindd_getgroups(struct winbindd_cli_state *state) DEBUG(3, ("[%5lu]: getgroups %s\n", (unsigned long)state->pid, state->request.data.username)); + /* when using "winbind use default domain" we need to avoid that + * initgroups() requests from NSS hit our DC too badly for accounts + * that will never be on the remote DC */ + + if (lp_winbind_use_default_domain()) { + + const char **list = lp_winbind_initgroups_blacklist(); + int i; + + if (!list || !list[0]) { + goto parse; + } + + for (i=0; list[i] != NULL; i++) { + + if (strequal(state->request.data.username, list[i])) { + DEBUG(3,("ignoring blacklisted user [%s] for getgroups\n", + state->request.data.username)); + request_ok(state); + return; + } + } + } + parse: /* Parse domain and username */ s = TALLOC_P(state->mem_ctx, struct getgroups_state); |