From 596b51c666e549fb518d92931d8837922154a2fe Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 10 Jul 2013 14:48:18 +0200
Subject: s4:server: avoid calling into nss_winbind from within 'samba'

The most important part is that the 'winbind_server' doesn't
recurse into itself. This could happen if the krb5 libraries
call getlogin().

As we may run in single process mode, we need to set
_NO_WINBINDD=1 everywhere, the only exception is the forked
'smbd'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 10 23:18:06 CEST 2013 on sn-devel-104
---
 source4/smbd/server.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'source4')

diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index 0ad3e6ba41..37aac625b6 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -43,6 +43,7 @@
 #include "cluster/cluster.h"
 #include "dynconfig/dynconfig.h"
 #include "lib/util/samba_modules.h"
+#include "nsswitch/winbind_client.h"
 
 /*
   recursively delete a directory tree
@@ -402,6 +403,12 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
 		}
 	}
 
+	/* make sure we won't go through nss_winbind */
+	if (!winbind_off()) {
+		DEBUG(0,("Failed to disable recusive winbindd calls.  Exiting.\n"));
+		exit(1);
+	}
+
 	gensec_init(); /* FIXME: */
 
 	ntptr_init();	/* FIXME: maybe run this in the initialization function 
-- 
cgit