diff options
author | Andrew Tridgell <tridge@samba.org> | 2002-07-14 23:45:55 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2002-07-14 23:45:55 +0000 |
commit | c7c49d87af5e9a0bef058e6d79188d8b11fefc02 (patch) | |
tree | cd1b64d623c4a732872fa9ef4e336e1269ef74b2 | |
parent | d378ac1e2efb0efc9a0f983d69cf678ca6255fd5 (diff) | |
download | samba-c7c49d87af5e9a0bef058e6d79188d8b11fefc02.tar.gz samba-c7c49d87af5e9a0bef058e6d79188d8b11fefc02.tar.xz samba-c7c49d87af5e9a0bef058e6d79188d8b11fefc02.zip |
after thinking about the env variable hack for avoiding group membership
enumeration I realised it could be a security hole for setuid progs.
This adds a proper nss function instead.
-rw-r--r-- | source/nsswitch/winbind_nss.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/source/nsswitch/winbind_nss.c b/source/nsswitch/winbind_nss.c index 681bcd2bf7b..5dc3d32279a 100644 --- a/source/nsswitch/winbind_nss.c +++ b/source/nsswitch/winbind_nss.c @@ -1054,14 +1054,15 @@ _nss_winbind_endgrent(void) /* Get next entry from ntdom group database */ -NSS_STATUS -_nss_winbind_getgrent_r(struct group *result, - char *buffer, size_t buflen, int *errnop) +static NSS_STATUS +winbind_getgrent(enum winbindd_cmd cmd, + struct group *result, + char *buffer, size_t buflen, int *errnop) { NSS_STATUS ret; static struct winbindd_request request; static int called_again; - enum winbindd_cmd cmd; + #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: getgrent\n", getpid()); @@ -1085,16 +1086,6 @@ _nss_winbind_getgrent_r(struct group *result, request.data.num_entries = MAX_GETGRENT_USERS; - /* this is a hack to work around the fact that posix doesn't - define a 'list groups' call and listing all group members can - be *very* expensive. We use an environment variable to give - us a saner call (tridge) */ - if (getenv("WINBIND_GETGRLST")) { - cmd = WINBINDD_GETGRLST; - } else { - cmd = WINBINDD_GETGRENT; - } - ret = winbindd_request(cmd, &request, &getgrent_response); @@ -1153,6 +1144,21 @@ _nss_winbind_getgrent_r(struct group *result, return ret; } + +NSS_STATUS +_nss_winbind_getgrent_r(struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop); +} + +NSS_STATUS +_nss_winbind_getgrlst_r(struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop); +} + /* Return group struct from group name */ NSS_STATUS |