diff options
author | Gerald Carter <jerry@samba.org> | 2007-05-30 19:47:35 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:22:58 -0500 |
commit | bcc8a3290aaa0d2620e9d391ffbbf65541f6d742 (patch) | |
tree | 50f9374df3fc923d01a2f93d00ee378bb2bf1e21 /source/passdb | |
parent | 592e73dc31672c993aad5afde73b1c43dd31eed2 (diff) | |
download | samba-bcc8a3290aaa0d2620e9d391ffbbf65541f6d742.tar.gz samba-bcc8a3290aaa0d2620e9d391ffbbf65541f6d742.tar.xz samba-bcc8a3290aaa0d2620e9d391ffbbf65541f6d742.zip |
r23244: Fix loop with nscd and NSS recusive calls.
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
> winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
> getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent. So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ? But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now. The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
Diffstat (limited to 'source/passdb')
-rw-r--r-- | source/passdb/lookup_sid.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index dbc0e75e595..dd7ffa8d819 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -102,7 +102,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, goto ok; } - if (strequal(domain, unix_users_domain_name())) { + if (!(flags & LOOKUP_NAME_EXPLICIT) && strequal(domain, unix_users_domain_name())) { if (lookup_unix_user_name(name, &sid)) { type = SID_NAME_USER; goto ok; @@ -111,7 +111,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, return False; } - if (strequal(domain, unix_groups_domain_name())) { + if (!(flags & LOOKUP_NAME_EXPLICIT) && strequal(domain, unix_groups_domain_name())) { if (lookup_unix_group_name(name, &sid)) { type = SID_NAME_DOM_GRP; goto ok; @@ -262,13 +262,13 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, /* 11. Ok, windows would end here. Samba has two more options: Unmapped users and unmapped groups */ - if (lookup_unix_user_name(name, &sid)) { + if (!(flags & LOOKUP_NAME_EXPLICIT) && lookup_unix_user_name(name, &sid)) { domain = talloc_strdup(tmp_ctx, unix_users_domain_name()); type = SID_NAME_USER; goto ok; } - if (lookup_unix_group_name(name, &sid)) { + if (!(flags & LOOKUP_NAME_EXPLICIT) && lookup_unix_group_name(name, &sid)) { domain = talloc_strdup(tmp_ctx, unix_groups_domain_name()); type = SID_NAME_DOM_GRP; goto ok; |