s3: Move a lp_winbind_trusted_domains_only() check to wb_getgrsid()

winbindd_getgrgid was not protected by this.

diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index 03d71e45b918fe2ca55330b468e924964bb4ca87..bb93be2174138deea5df22beaeec65ffe4b6e951 100644 (file)
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -52,6 +52,17 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
        state->ev = ev;
        state->max_nesting = max_nesting;
 
+       if (lp_winbind_trusted_domains_only()) {
+               struct winbindd_domain *our_domain = find_our_domain();
+
+               if (sid_compare_domain(group_sid, &our_domain->sid) == 0) {
+                       DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
+                                 "getgrsid() for %s\n", sid_string_tos(group_sid)));
+                       tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
+                       return tevent_req_post(req, ev);
+               }
+       }
+
        subreq = wb_lookupsid_send(state, ev, &state->sid);
        if (tevent_req_nomem(subreq, req)) {
                return tevent_req_post(req, ev);

diff --git a/source3/winbindd/winbindd_getgrnam.c b/source3/winbindd/winbindd_getgrnam.c
index d888393399650aea03573c374517a041ffad7d83..3ca1aa61115695264b4b02c3b9861c0fa29b41d7 100644 (file)
--- a/source3/winbindd/winbindd_getgrnam.c
+++ b/source3/winbindd/winbindd_getgrnam.c
@@ -40,7 +40,6 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
 {
        struct tevent_req *req, *subreq;
        struct winbindd_getgrnam_state *state;
-       struct winbindd_domain *domain;
        char *tmp;
        NTSTATUS nt_status;
 
@@ -77,27 +76,7 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
                fstrcpy(state->name_domain, get_global_sam_name());
        }
 
-       /* Get info for the domain */
-
-       domain = find_domain_from_name_noinit(state->name_domain);
-       if (domain == NULL) {
-               DEBUG(3, ("could not get domain sid for domain %s\n",
-                         state->name_domain));
-               tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
-               return tevent_req_post(req, ev);
-       }
-
-       /* should we deal with users for our domain? */
-
-       if ( lp_winbind_trusted_domains_only() && domain->primary) {
-               DEBUG(7,("winbindd_getgrnam: My domain -- rejecting "
-                        "getgrnam() for %s\\%s.\n", state->name_domain,
-                        state->name_group));
-               tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
-               return tevent_req_post(req, ev);
-       }
-
-       subreq = wb_lookupname_send(state, ev, domain->name, state->name_group,
+       subreq = wb_lookupname_send(state, ev, state->name_domain, state->name_group,
                                    0);
        if (tevent_req_nomem(subreq, req)) {
                return tevent_req_post(req, ev);