[SCM] Samba Shared Repository - branch master updated

Volker Lendecke Mon, 28 Dec 2009 14:20:19 -0800

The branch, master has been updated
       via  c0289d6... s3: Move a lp_winbind_trusted_domains_only() check to 
wb_getgrsid()
      from  b8fcba9... s3: Pass netr_DomainTrustList instead of names and sids 
through (*trusted_domains)


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c0289d63c39401e9555d4852ac74043d70a085f3
Author: Volker Lendecke <v...@samba.org>
Date:   Mon Dec 28 23:14:43 2009 +0100

    s3: Move a lp_winbind_trusted_domains_only() check to wb_getgrsid()
    
    winbindd_getgrgid was not protected by this.

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/wb_getgrsid.c       |   11 +++++++++++
 source3/winbindd/winbindd_getgrnam.c |   23 +----------------------
 2 files changed, 12 insertions(+), 22 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index 03d71e4..bb93be2 100644
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -52,6 +52,17 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
        state->ev = ev;
        state->max_nesting = max_nesting;
 
+       if (lp_winbind_trusted_domains_only()) {
+               struct winbindd_domain *our_domain = find_our_domain();
+
+               if (sid_compare_domain(group_sid, &our_domain->sid) == 0) {
+                       DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
+                                 "getgrsid() for %s\n", 
sid_string_tos(group_sid)));
+                       tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
+                       return tevent_req_post(req, ev);
+               }
+       }
+
        subreq = wb_lookupsid_send(state, ev, &state->sid);
        if (tevent_req_nomem(subreq, req)) {
                return tevent_req_post(req, ev);
diff --git a/source3/winbindd/winbindd_getgrnam.c 
b/source3/winbindd/winbindd_getgrnam.c
index d888393..3ca1aa6 100644
--- a/source3/winbindd/winbindd_getgrnam.c
+++ b/source3/winbindd/winbindd_getgrnam.c
@@ -40,7 +40,6 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
 {
        struct tevent_req *req, *subreq;
        struct winbindd_getgrnam_state *state;
-       struct winbindd_domain *domain;
        char *tmp;
        NTSTATUS nt_status;
 
@@ -77,27 +76,7 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX 
*mem_ctx,
                fstrcpy(state->name_domain, get_global_sam_name());
        }
 
-       /* Get info for the domain */
-
-       domain = find_domain_from_name_noinit(state->name_domain);
-       if (domain == NULL) {
-               DEBUG(3, ("could not get domain sid for domain %s\n",
-                         state->name_domain));
-               tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
-               return tevent_req_post(req, ev);
-       }
-
-       /* should we deal with users for our domain? */
-
-       if ( lp_winbind_trusted_domains_only() && domain->primary) {
-               DEBUG(7,("winbindd_getgrnam: My domain -- rejecting "
-                        "getgrnam() for %s\\%s.\n", state->name_domain,
-                        state->name_group));
-               tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
-               return tevent_req_post(req, ev);
-       }
-
-       subreq = wb_lookupname_send(state, ev, domain->name, state->name_group,
+       subreq = wb_lookupname_send(state, ev, state->name_domain, 
state->name_group,
                                    0);
        if (tevent_req_nomem(subreq, req)) {
                return tevent_req_post(req, ev);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to