summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-05-20 16:51:59 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-05-20 17:39:10 +1000
commita0b0dc16a6ca63e633f51d079bb76124965d254c (patch)
tree8d0e2cd91eed85a530bd604c947af44afa03429f
parent9c6b637ce8a750fa2fef6a5d3a303bf9e6c4eea5 (diff)
downloadsamba-a0b0dc16a6ca63e633f51d079bb76124965d254c.tar.gz
samba-a0b0dc16a6ca63e633f51d079bb76124965d254c.tar.bz2
samba-a0b0dc16a6ca63e633f51d079bb76124965d254c.zip
s4:auth handle addition of nested aliases of domain groups.
The challenge here is that we are asked not to add the domain groups again, but we need to search inside them for any aliases that we need to add. So, we can't short-circuit the operation just because we found the domain group. Andrew Bartlett
-rw-r--r--source4/auth/sam.c16
1 files changed, 8 insertions, 8 deletions
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 244ebc732e..d5dc4ded12 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -332,23 +332,23 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
}
v = ldb_dn_get_extended_component(dn, "SID");
- ndr_err = ndr_pull_struct_blob(v, sid, NULL, sid,
+ ndr_err = ndr_pull_struct_blob(v, sid, sid,
(ndr_pull_flags_fn_t)ndr_pull_dom_sid);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- /* This is an O(n^2) linear search */
- already_there = sids_contains_sid((const struct dom_sid**) *res_sids,
- *num_res_sids, sid);
- if (already_there) {
- return NT_STATUS_OK;
- }
-
if (only_childs) {
ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, NULL);
} else {
+ /* This is an O(n^2) linear search */
+ already_there = sids_contains_sid((const struct dom_sid**) *res_sids,
+ *num_res_sids, sid);
+ if (already_there) {
+ return NT_STATUS_OK;
+ }
+
ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "%s", filter);
}