diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-06-29 14:52:43 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-06-29 15:14:01 +0200 |
commit | 2198831e6b7c112b8f7551fccb25305742636df2 (patch) | |
tree | a88f76a2ad6d4fe3017c5b4e5261e54755b8c6ee | |
parent | 1662e383dd890d48e0e1207a51d4b3f9fb12ab65 (diff) | |
download | samba-2198831e6b7c112b8f7551fccb25305742636df2.tar.gz samba-2198831e6b7c112b8f7551fccb25305742636df2.tar.bz2 samba-2198831e6b7c112b8f7551fccb25305742636df2.zip |
Revert "s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN."
This reverts commit fa9557fee3ca546878d99b77f1ff37f724c37024.
See post "Endi's Bug 7530 patches (LDAP backend)" on samba-technical.
-rw-r--r-- | source4/auth/sam.c | 25 |
1 files changed, 4 insertions, 21 deletions
diff --git a/source4/auth/sam.c b/source4/auth/sam.c index cf2e2190e6..7a776b9b74 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -305,7 +305,7 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, struct ldb_dn *dn; struct dom_sid sid; TALLOC_CTX *tmp_ctx; - struct ldb_result *res = NULL; + struct ldb_result *res; NTSTATUS status; const struct ldb_message_element *el; @@ -321,22 +321,9 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, return NT_STATUS_INTERNAL_DB_CORRUPTION; } - /* We expect an extended DN with the SID included but we can fallback - * to search the extended components if they weren't provided. */ status = dsdb_get_extended_dn_sid(dn, &sid, "SID"); if (!NT_STATUS_IS_OK(status)) { - ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs, - DSDB_SEARCH_SHOW_EXTENDED_DN); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - dn = res->msgs[0]->dn; - status = dsdb_get_extended_dn_sid(dn, &sid, "SID"); - } - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, (__location__ ": when parsing DN %s we failed to find or SID component, so we cannot calculate the group token: %s\n", + DEBUG(0, (__location__ ": when parsing DN %s we failed to find our SID component, so we cannot calculate the group token: %s\n", ldb_dn_get_extended_linearized(tmp_ctx, dn, 1), nt_errstr(status))); talloc_free(tmp_ctx); @@ -344,12 +331,8 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, } if (only_childs) { - /* If we didn't get the SID as extended DN then we already have - * performed exactly this search. */ - if (res == NULL) { - ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs, - DSDB_SEARCH_SHOW_EXTENDED_DN); - } + ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs, + DSDB_SEARCH_SHOW_EXTENDED_DN); } else { /* This is an O(n^2) linear search */ already_there = sids_contains_sid((const struct dom_sid**) *res_sids, |