svn commit: samba r23733 - in branches: SAMBA_3_0/source/nsswitch
SAMBA_3_0_26/source/nsswitch
lmuelle at samba.org
lmuelle at samba.org
Fri Jul 6 18:49:49 GMT 2007
Author: lmuelle
Date: 2007-07-06 18:49:49 +0000 (Fri, 06 Jul 2007)
New Revision: 23733
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23733
Log:
Limit LDAP lookup in lookup_usergroups_member() to security groups.
Credits to Ralf Haferkamp for the discussion and help on this.
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c
branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c 2007-07-06 17:48:19 UTC (rev 23732)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c 2007-07-06 18:49:49 UTC (rev 23733)
@@ -570,7 +570,12 @@
goto done;
}
- if (!(ldap_exp = talloc_asprintf(mem_ctx, "(&(member=%s)(objectCategory=group))", escaped_dn))) {
+ ldap_exp = talloc_asprintf(mem_ctx,
+ "(&(member=%s)(objectCategory=group)(groupType:dn:%s:=%d))",
+ escaped_dn,
+ ADS_LDAP_MATCHING_RULE_BIT_AND,
+ GROUP_TYPE_SECURITY_ENABLED);
+ if (!ldap_exp) {
DEBUG(1,("lookup_usergroups(dn=%s) asprintf failed!\n", user_dn));
SAFE_FREE(escaped_dn);
status = NT_STATUS_NO_MEMORY;
Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c
===================================================================
--- branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c 2007-07-06 17:48:19 UTC (rev 23732)
+++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c 2007-07-06 18:49:49 UTC (rev 23733)
@@ -570,7 +570,12 @@
goto done;
}
- if (!(ldap_exp = talloc_asprintf(mem_ctx, "(&(member=%s)(objectCategory=group))", escaped_dn))) {
+ ldap_exp = talloc_asprintf(mem_ctx,
+ "(&(member=%s)(objectCategory=group)(groupType:dn:%s:=%d))",
+ escaped_dn,
+ ADS_LDAP_MATCHING_RULE_BIT_AND,
+ GROUP_TYPE_SECURITY_ENABLED);
+ if (!ldap_exp) {
DEBUG(1,("lookup_usergroups(dn=%s) asprintf failed!\n", user_dn));
SAFE_FREE(escaped_dn);
status = NT_STATUS_NO_MEMORY;
More information about the samba-cvs
mailing list