[SCM] Samba Shared Repository - branch master updated

Volker Lendecke vlendec at samba.org
Mon Dec 28 15:20:40 MST 2009


The branch, master has been updated
       via  c0289d6... s3: Move a lp_winbind_trusted_domains_only() check to wb_getgrsid()
      from  b8fcba9... s3: Pass netr_DomainTrustList instead of names and sids through (*trusted_domains)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c0289d63c39401e9555d4852ac74043d70a085f3
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Dec 28 23:14:43 2009 +0100

    s3: Move a lp_winbind_trusted_domains_only() check to wb_getgrsid()
    
    winbindd_getgrgid was not protected by this.

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/wb_getgrsid.c       |   11 +++++++++++
 source3/winbindd/winbindd_getgrnam.c |   23 +----------------------
 2 files changed, 12 insertions(+), 22 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index 03d71e4..bb93be2 100644
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -52,6 +52,17 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
 	state->ev = ev;
 	state->max_nesting = max_nesting;
 
+	if (lp_winbind_trusted_domains_only()) {
+		struct winbindd_domain *our_domain = find_our_domain();
+
+		if (sid_compare_domain(group_sid, &our_domain->sid) == 0) {
+			DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
+				  "getgrsid() for %s\n", sid_string_tos(group_sid)));
+			tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
+			return tevent_req_post(req, ev);
+		}
+	}
+
 	subreq = wb_lookupsid_send(state, ev, &state->sid);
 	if (tevent_req_nomem(subreq, req)) {
 		return tevent_req_post(req, ev);
diff --git a/source3/winbindd/winbindd_getgrnam.c b/source3/winbindd/winbindd_getgrnam.c
index d888393..3ca1aa6 100644
--- a/source3/winbindd/winbindd_getgrnam.c
+++ b/source3/winbindd/winbindd_getgrnam.c
@@ -40,7 +40,6 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
 {
 	struct tevent_req *req, *subreq;
 	struct winbindd_getgrnam_state *state;
-	struct winbindd_domain *domain;
 	char *tmp;
 	NTSTATUS nt_status;
 
@@ -77,27 +76,7 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
 		fstrcpy(state->name_domain, get_global_sam_name());
 	}
 
-	/* Get info for the domain */
-
-	domain = find_domain_from_name_noinit(state->name_domain);
-	if (domain == NULL) {
-		DEBUG(3, ("could not get domain sid for domain %s\n",
-			  state->name_domain));
-		tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
-		return tevent_req_post(req, ev);
-	}
-
-	/* should we deal with users for our domain? */
-
-	if ( lp_winbind_trusted_domains_only() && domain->primary) {
-		DEBUG(7,("winbindd_getgrnam: My domain -- rejecting "
-			 "getgrnam() for %s\\%s.\n", state->name_domain,
-			 state->name_group));
-		tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
-		return tevent_req_post(req, ev);
-	}
-
-	subreq = wb_lookupname_send(state, ev, domain->name, state->name_group,
+	subreq = wb_lookupname_send(state, ev, state->name_domain, state->name_group,
 				    0);
 	if (tevent_req_nomem(subreq, req)) {
 		return tevent_req_post(req, ev);


-- 
Samba Shared Repository


More information about the samba-cvs mailing list