diff options
author | Volker Lendecke <vlendec@samba.org> | 2004-11-05 23:34:00 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:09 -0500 |
commit | 154d5f913b4ce60f731227eb1bb3650c45fcde93 (patch) | |
tree | 6dcd8538e9cc97c4d891082280055d8fe3c8366a /source3/rpc_server/srv_samr_nt.c | |
parent | 55fe875a44bd63de766d4fbdb91bcc26be146a21 (diff) | |
download | samba-154d5f913b4ce60f731227eb1bb3650c45fcde93.tar.gz samba-154d5f913b4ce60f731227eb1bb3650c45fcde93.tar.bz2 samba-154d5f913b4ce60f731227eb1bb3650c45fcde93.zip |
r3566: Completely replace the queryuseraliases call. The previous implementation does
not exactly match what you would expect.
XP workstations during login actually do this, so we should better become a
bit more correct. The LDAP query issued is not really fully optimal, but it is
a lot faster and more correct than what was there before. The change in
passdb.h makes it possible that queryuseraliases is done with a single ldap
query.
Volker
(This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)
Diffstat (limited to 'source3/rpc_server/srv_samr_nt.c')
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 79 |
1 files changed, 35 insertions, 44 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 37617db5e8..f4348fc83e 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3119,31 +3119,19 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u) { - int num_groups = 0, tmp_num_groups=0; - uint32 *rids=NULL, *new_rids=NULL, *tmp_rids=NULL; + int num_groups = 0; + uint32 *rids=NULL; struct samr_info *info = NULL; - int i,j; + int i; NTSTATUS ntstatus1; NTSTATUS ntstatus2; - /* until i see a real useraliases query, we fack one up */ + DOM_SID *members; + DOM_SID *aliases; + int num_aliases; + BOOL res; - /* I have seen one, JFM 2/12/2001 */ - /* - * Explanation of what this call does: - * for all the SID given in the request: - * return a list of alias (local groups) - * that have those SID as members. - * - * and that's the alias in the domain specified - * in the policy_handle - * - * if the policy handle is on an incorrect sid - * for example a user's sid - * we should reply NT_STATUS_OBJECT_TYPE_MISMATCH - */ - r_u->status = NT_STATUS_OK; DEBUG(5,("_samr_query_useraliases: %d\n", __LINE__)); @@ -3166,40 +3154,43 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, !sid_check_is_builtin(&info->sid)) return NT_STATUS_OBJECT_TYPE_MISMATCH; + members = talloc(p->mem_ctx, sizeof(DOM_SID) * q_u->num_sids1); - for (i=0; i<q_u->num_sids1; i++) { + if (members == NULL) + return NT_STATUS_NO_MEMORY; - r_u->status=get_alias_user_groups(p->mem_ctx, &info->sid, &tmp_num_groups, &tmp_rids, &(q_u->sid[i].sid)); + for (i=0; i<q_u->num_sids1; i++) + sid_copy(&members[i], &q_u->sid[i].sid); - /* - * if there is an error, we just continue as - * it can be an unfound user or group - */ - if (!NT_STATUS_IS_OK(r_u->status)) { - DEBUG(10,("_samr_query_useraliases: an error occured while getting groups\n")); - continue; - } + become_root(); + res = pdb_enum_alias_memberships(members, + q_u->num_sids1, &aliases, + &num_aliases); + unbecome_root(); + + if (!res) + return NT_STATUS_UNSUCCESSFUL; - if (tmp_num_groups==0) { - DEBUG(10,("_samr_query_useraliases: no groups found\n")); + rids = NULL; + num_groups = 0; + + for (i=0; i<num_aliases; i++) { + uint32 rid; + + if (!sid_peek_check_rid(&info->sid, &aliases[i], &rid)) continue; - } - new_rids=(uint32 *)talloc_realloc(p->mem_ctx, rids, (num_groups+tmp_num_groups)*sizeof(uint32)); - if (new_rids==NULL) { - DEBUG(0,("_samr_query_useraliases: could not realloc memory\n")); + rids = talloc_realloc(p->mem_ctx, rids, + sizeof(*rids) * (num_groups+1)); + + if (rids == NULL) return NT_STATUS_NO_MEMORY; - } - rids=new_rids; - for (j=0; j<tmp_num_groups; j++) - rids[j+num_groups]=tmp_rids[j]; - - safe_free(tmp_rids); - - num_groups+=tmp_num_groups; + rids[num_groups] = rid; + num_groups += 1; } - + SAFE_FREE(aliases); + init_samr_r_query_useraliases(r_u, num_groups, rids, NT_STATUS_OK); return NT_STATUS_OK; } |