diff options
| author | Günther Deschner <gd@samba.org> | 2007-05-11 13:33:37 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:21:59 -0500 |
| commit | 83564b43e3b8194b89e0fb8547a968e4f2ff022b (patch) | |
| tree | be76c6d0d1fef5ff71392570cdfe2e6f192a5ec3 /source3/libads | |
| parent | 75a0171857001bda9ac321e5f02dce516343f0ae (diff) | |
| download | samba-83564b43e3b8194b89e0fb8547a968e4f2ff022b.tar.gz samba-83564b43e3b8194b89e0fb8547a968e4f2ff022b.tar.bz2 samba-83564b43e3b8194b89e0fb8547a968e4f2ff022b.zip | |
r22800: Add GPO_SID_TOKEN and an LDAP function to get tokensids from the tokenGroup attribute.
Guenther
(This used to be commit e4e8f840605dfdf92ca60cc8fc6a4c85336565fb)
Diffstat (limited to 'source3/libads')
| -rw-r--r-- | source3/libads/ldap.c | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 48be73230e..f5f273d3f2 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -3196,4 +3196,108 @@ ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname) return status; } +/** + * pull all token-sids from an LDAP dn + * @param ads connection to ads server + * @param mem_ctx TALLOC_CTX for allocating sid array + * @param dn of LDAP object + * @param user_sid pointer to DOM_SID (objectSid) + * @param primary_group_sid pointer to DOM_SID (self composed) + * @param sids pointer to sid array to allocate + * @param num_sids counter of SIDs pulled + * @return status of token query + **/ + ADS_STATUS ads_get_tokensids(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const char *dn, + DOM_SID *user_sid, + DOM_SID *primary_group_sid, + DOM_SID **sids, + size_t *num_sids) +{ + ADS_STATUS status; + LDAPMessage *res = NULL; + int count = 0; + size_t tmp_num_sids; + DOM_SID *tmp_sids; + DOM_SID tmp_user_sid; + DOM_SID tmp_primary_group_sid; + uint32 pgid; + const char *attrs[] = { + "objectSid", + "tokenGroups", + "primaryGroupID", + NULL + }; + + status = ads_search_retry_dn(ads, &res, dn, attrs); + if (!ADS_ERR_OK(status)) { + return status; + } + + count = ads_count_replies(ads, res); + if (count != 1) { + ads_msgfree(ads, res); + return ADS_ERROR_LDAP(LDAP_NO_SUCH_OBJECT); + } + + if (!ads_pull_sid(ads, res, "objectSid", &tmp_user_sid)) { + ads_msgfree(ads, res); + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + if (!ads_pull_uint32(ads, res, "primaryGroupID", &pgid)) { + ads_msgfree(ads, res); + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + { + /* hack to compose the primary group sid without knowing the + * domsid */ + + DOM_SID domsid; + uint32 dummy_rid; + + sid_copy(&domsid, &tmp_user_sid); + + if (!sid_split_rid(&domsid, &dummy_rid)) { + ads_msgfree(ads, res); + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + if (!sid_compose(&tmp_primary_group_sid, &domsid, pgid)) { + ads_msgfree(ads, res); + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + } + + tmp_num_sids = ads_pull_sids(ads, mem_ctx, res, "tokenGroups", &tmp_sids); + + if (tmp_num_sids == 0 || !tmp_sids) { + ads_msgfree(ads, res); + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + if (num_sids) { + *num_sids = tmp_num_sids; + } + + if (sids) { + *sids = tmp_sids; + } + + if (user_sid) { + *user_sid = tmp_user_sid; + } + + if (primary_group_sid) { + *primary_group_sid = tmp_primary_group_sid; + } + + DEBUG(10,("ads_get_tokensids: returned %d sids\n", (int)tmp_num_sids + 2)); + + ads_msgfree(ads, res); + return ADS_ERROR_LDAP(LDAP_SUCCESS); +} + #endif |