diff --git a/source3/include/smb.h b/source3/include/smb.h index 819d3a8c4f5..e2d670fa04a 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -182,9 +182,8 @@ typedef union unid_t { #define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for valid users = @foo where foo also exists in as user. */ -#define LOOKUP_NAME_EXPLICIT 0x00000008 /* Only include - explicitly mapped names and not - the Unix {User,Group} domain */ +#define LOOKUP_NAME_NO_NSS 0x00000008 /* no NSS calls to avoid + winbind recursions */ #define LOOKUP_NAME_BUILTIN 0x00000010 /* builtin names */ #define LOOKUP_NAME_WKN 0x00000020 /* well known names */ #define LOOKUP_NAME_DOMAIN 0x00000040 /* only lookup own domain */ diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 112225d5049..4f8d6a4759d 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -106,7 +106,8 @@ bool lookup_name(TALLOC_CTX *mem_ctx, goto ok; } - if (!(flags & LOOKUP_NAME_EXPLICIT) && strequal(domain, unix_users_domain_name())) { + if (((flags & LOOKUP_NAME_NO_NSS) == 0) + && strequal(domain, unix_users_domain_name())) { if (lookup_unix_user_name(name, &sid)) { type = SID_NAME_USER; goto ok; @@ -115,7 +116,8 @@ bool lookup_name(TALLOC_CTX *mem_ctx, return false; } - if (!(flags & LOOKUP_NAME_EXPLICIT) && strequal(domain, unix_groups_domain_name())) { + if (((flags & LOOKUP_NAME_NO_NSS) == 0) + && strequal(domain, unix_groups_domain_name())) { if (lookup_unix_group_name(name, &sid)) { type = SID_NAME_DOM_GRP; goto ok; @@ -280,13 +282,15 @@ bool lookup_name(TALLOC_CTX *mem_ctx, /* 11. Ok, windows would end here. Samba has two more options: Unmapped users and unmapped groups */ - if (!(flags & LOOKUP_NAME_EXPLICIT) && lookup_unix_user_name(name, &sid)) { + if (((flags & LOOKUP_NAME_NO_NSS) == 0) + && lookup_unix_user_name(name, &sid)) { domain = talloc_strdup(tmp_ctx, unix_users_domain_name()); type = SID_NAME_USER; goto ok; } - if (!(flags & LOOKUP_NAME_EXPLICIT) && lookup_unix_group_name(name, &sid)) { + if (((flags & LOOKUP_NAME_NO_NSS) == 0) + && lookup_unix_group_name(name, &sid)) { domain = talloc_strdup(tmp_ctx, unix_groups_domain_name()); type = SID_NAME_DOM_GRP; goto ok; diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index 89eda3c820c..b959bfc9ad0 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -103,7 +103,7 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, break; default: /* Avoid any NSS calls in the lookup_name by default */ - flags |= LOOKUP_NAME_EXPLICIT; + flags |= LOOKUP_NAME_NO_NSS; DEBUG(10,("winbindd_passdb: limiting name_to_sid() to explicit mappings\n")); break; }