diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-11-25 06:54:22 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-11-25 06:54:22 +0000 |
commit | af365408d5056ea5eeaafd5df23196d9ba19de58 (patch) | |
tree | 012d04940fed93eb52889723e66d1fb12a4f08d1 | |
parent | edc8dda5c0b2703ef5d3c2fe8709da97e94e287f (diff) | |
download | samba-af365408d5056ea5eeaafd5df23196d9ba19de58.tar.gz samba-af365408d5056ea5eeaafd5df23196d9ba19de58.tar.bz2 samba-af365408d5056ea5eeaafd5df23196d9ba19de58.zip |
Instead of walking the entire group database, grabbing all members of each
group, testing for membership etc, use the already calculated NT_USER_TOKEN.
(which is initgroups() based)
So far we only fill out the 'domain' groups - we need to fill out the
'other sids' as well, and we possibly need to filter the list for 'domain
groups' only (the old code did that), but Win2k doesn't seem to mind
this for now.
I also need to find out what the magic '7' is about. Fortunetly JF is in town,
so I'll grill him tomorrow :-).
Andrew Bartlett
(This used to be commit 7e846e7387247f8bc2b07a1a1006014c6978143b)
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 18 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 30 |
2 files changed, 38 insertions, 10 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index dee0866b12..89e46402cf 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -688,16 +688,14 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * pstrcpy(my_name, global_myname()); - /* - * This is the point at which we get the group - * database - we should be getting the gid_t list - * from /etc/group and then turning the uids into - * rids and then into machine sids for this user. - * JRA. - */ - - gids = NULL; - get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account); + if (!NT_STATUS_IS_OK(status + = nt_token_to_group_list(p->mem_ctx, + &domain_sid, + server_info->ptok, + &num_gids, + &gids))) { + return status; + } init_net_user_info3(p->mem_ctx, usr_info, user_rid, diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 519daff1f6..72a057b91c 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -342,6 +342,7 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name)); DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n")); + done: *pgids=gids; *numgroups=cur_gid; @@ -351,6 +352,35 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA } /******************************************************************* + gets a domain user's groups from their already-calculated NT_USER_TOKEN + ********************************************************************/ +NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, + const NT_USER_TOKEN *nt_token, + int *numgroups, DOM_GID **pgids) +{ + DOM_GID *gids; + int i; + + gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids); + + if (!gids) { + return NT_STATUS_NO_MEMORY; + } + + *numgroups=0; + + for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) { + if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) { + sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid)); + gids[*numgroups].attr=7; + (*numgroups)++; + } + } + *pgids = gids; + return NT_STATUS_OK; +} + +/******************************************************************* Look up a local (domain) rid and return a name and type. ********************************************************************/ NTSTATUS local_lookup_group_name(uint32 rid, char *group_name, uint32 *type) |