sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code

s3: Move a lp_winbind_trusted_domains_only() check to wb_getgrsid()

Browse Source 
winbindd_getgrgid was not protected by this.
This commit is contained in:
Volker Lendecke 2009-12-28 23:14:43 +01:00
parent b8fcba9cb8
commit c0289d63c3
2 changed files with 12 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
source3/winbindd/wb_getgrsid.c
View File

@ -52,6 +52,17 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
state->ev = ev;
state->max_nesting = max_nesting;
if (lp_winbind_trusted_domains_only()) {
struct winbindd_domain *our_domain = find_our_domain();
if (sid_compare_domain(group_sid, &our_domain->sid) == 0) {
DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
"getgrsid() for %s\n", sid_string_tos(group_sid)));
tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
return tevent_req_post(req, ev);
}
}
subreq = wb_lookupsid_send(state, ev, &state->sid);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);

23
source3/winbindd/winbindd_getgrnam.c
View File

@ -40,7 +40,6 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
{
struct tevent_req *req, *subreq;
struct winbindd_getgrnam_state *state;
struct winbindd_domain *domain;
char *tmp;
NTSTATUS nt_status;
@ -77,27 +76,7 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
fstrcpy(state->name_domain, get_global_sam_name());
}
/* Get info for the domain */
domain = find_domain_from_name_noinit(state->name_domain);
if (domain == NULL) {
DEBUG(3, ("could not get domain sid for domain %s\n",
state->name_domain));
tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
return tevent_req_post(req, ev);
}
/* should we deal with users for our domain? */
if ( lp_winbind_trusted_domains_only() && domain->primary) {
DEBUG(7,("winbindd_getgrnam: My domain -- rejecting "
"getgrnam() for %s\\%s.\n", state->name_domain,
state->name_group));
tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
return tevent_req_post(req, ev);
}
subreq = wb_lookupname_send(state, ev, domain->name, state->name_group,
subreq = wb_lookupname_send(state, ev, state->name_domain, state->name_group,
0);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);