From e5fbff096373cf493f41ba2db921c14a884baf6a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 28 Dec 2009 23:35:25 +0100 Subject: s3: Check for lp_winbind_trusted_domains_only in wb_gettoken() This avoids one walk of the domain list --- source3/winbindd/wb_gettoken.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/winbindd/wb_gettoken.c') diff --git a/source3/winbindd/wb_gettoken.c b/source3/winbindd/wb_gettoken.c index 26189e5a97..ca407b2117 100644 --- a/source3/winbindd/wb_gettoken.c +++ b/source3/winbindd/wb_gettoken.c @@ -60,6 +60,13 @@ struct tevent_req *wb_gettoken_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + if (lp_winbind_trusted_domains_only() && domain->primary) { + DEBUG(7, ("wb_gettoken: My domain -- rejecting getgroups() " + "for %s.\n", sid_string_tos(sid))); + tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); + return tevent_req_post(req, ev); + } + subreq = wb_lookupusergroups_send(state, ev, domain, &state->usersid); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); -- cgit