diff options
author | Volker Lendecke <vlendec@samba.org> | 2004-11-12 15:49:47 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:15 -0500 |
commit | f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b (patch) | |
tree | 226655c957de8578b3c3e0c854930b03e90d37a1 /source3/lib | |
parent | 69ddbbf97b4c37cba879f7dd9ce8cb5f4d336857 (diff) | |
download | samba-f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b.tar.gz samba-f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b.tar.bz2 samba-f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b.zip |
r3705: Nobody has commented, so I'll take this as an ack...
abartlet, I'd like to ask you to take a severe look at this!
We have solved the problem to find the global groups a user is in twice: Once
in auth_util.c and another time for the corresponding samr call. The attached
patch unifies these and sends them through the passdb backend (new function
pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further
optimize the corresponding call if the samba and posix accounts are unified by
issuing a specialized ldap query.
The parameter to activate this ldapsam behaviour is
ldapsam:trusted = yes
Volker
(This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989)
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/system_smbd.c | 90 | ||||
-rw-r--r-- | source3/lib/util_smbd.c | 16 |
2 files changed, 93 insertions, 13 deletions
diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 55c2338ebd..fd2ed24a17 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -109,7 +109,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in } #endif -int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) +static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { char *p; int retval; @@ -139,3 +139,91 @@ int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) return retval; } + +BOOL getgroups_user(const char *user, gid_t primary_gid, + gid_t **ret_groups, int *ngroups) +{ + int ngrp, max_grp; + gid_t *temp_groups; + gid_t *groups; + int i; + + max_grp = groups_max(); + temp_groups = (gid_t *)malloc(sizeof(gid_t) * max_grp); + if (! temp_groups) { + return False; + } + + if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) { + + gid_t *groups_tmp; + + groups_tmp = Realloc(temp_groups, sizeof(gid_t) * max_grp); + + if (!groups_tmp) { + SAFE_FREE(temp_groups); + return False; + } + temp_groups = groups_tmp; + + if (sys_getgrouplist(user, primary_gid, + temp_groups, &max_grp) == -1) { + DEBUG(0, ("get_user_groups: failed to get the unix " + "group list\n")); + SAFE_FREE(temp_groups); + return False; + } + } + + ngrp = 0; + groups = NULL; + + /* Add in primary group first */ + add_gid_to_array_unique(primary_gid, &groups, &ngrp); + + for (i=0; i<max_grp; i++) + add_gid_to_array_unique(temp_groups[i], &groups, &ngrp); + + *ngroups = ngrp; + *ret_groups = groups; + SAFE_FREE(temp_groups); + return True; +} + +NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, + const char *username, + gid_t primary_gid, + DOM_SID **sids, + gid_t **gids, + int *num_groups) +{ + int i; + + if (!getgroups_user(username, primary_gid, gids, num_groups)) { + return NT_STATUS_NO_SUCH_USER; + } + + if (*num_groups == 0) { + smb_panic("primary group missing"); + } + + *sids = malloc(sizeof(**sids) * *num_groups); + + if (*sids == NULL) { + SAFE_FREE(gids); + return NT_STATUS_NO_MEMORY; + } + + for (i=0; i<*num_groups; i++) { + if (!NT_STATUS_IS_OK(gid_to_sid(&(*sids)[i], (*gids)[i]))) { + DEBUG(1, ("get_user_groups: failed to convert " + "gid %ld to a sid!\n", + (long int)(*gids)[i+1])); + SAFE_FREE(*sids); + SAFE_FREE(*gids); + return NT_STATUS_NO_SUCH_USER; + } + } + + return NT_STATUS_OK; +} diff --git a/source3/lib/util_smbd.c b/source3/lib/util_smbd.c index 36c3104e55..fdb4cb3385 100644 --- a/source3/lib/util_smbd.c +++ b/source3/lib/util_smbd.c @@ -37,25 +37,20 @@ NOTE! uses become_root() to gain correct priviages on systems that lack a native getgroups() call (uses initgroups and getgroups) */ -BOOL getgroups_user(const char *user, gid_t **ret_groups, int *ngroups) +BOOL getgroups_user(const char *user, gid_t primary_gid, gid_t **ret_groups, int *ngroups) { - struct passwd *pwd; int ngrp, max_grp; gid_t *temp_groups; gid_t *groups; int i; - pwd = getpwnam_alloc(user); - if (!pwd) return False; - max_grp = groups_max(); temp_groups = (gid_t *)malloc(sizeof(gid_t) * max_grp); if (! temp_groups) { - passwd_free(&pwd); return False; } - if (sys_getgrouplist(user, pwd->pw_gid, temp_groups, &max_grp) == -1) { + if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) { gid_t *groups_tmp; @@ -67,9 +62,8 @@ BOOL getgroups_user(const char *user, gid_t **ret_groups, int *ngroups) } temp_groups = groups_tmp; - if (sys_getgrouplist(user, pwd->pw_gid, temp_groups, &max_grp) == -1) { + if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) { DEBUG(0, ("get_user_groups: failed to get the unix group list\n")); - passwd_free(&pwd); SAFE_FREE(temp_groups); return False; } @@ -79,9 +73,7 @@ BOOL getgroups_user(const char *user, gid_t **ret_groups, int *ngroups) groups = NULL; /* Add in primary group first */ - add_gid_to_array_unique(pwd->pw_gid, &groups, &ngrp); - - passwd_free(&pwd); + add_gid_to_array_unique(primary_gid, &groups, &ngrp); for (i=0; i<max_grp; i++) add_gid_to_array_unique(temp_groups[i], &groups, &ngrp); |