diff options
| author | Volker Lendecke <vlendec@samba.org> | 2004-11-12 15:49:47 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:15 -0500 |
| commit | f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b (patch) | |
| tree | 226655c957de8578b3c3e0c854930b03e90d37a1 /source3/rpc_server/srv_util.c | |
| parent | 69ddbbf97b4c37cba879f7dd9ce8cb5f4d336857 (diff) | |
| download | samba-f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b.tar.gz samba-f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b.tar.bz2 samba-f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b.zip | |
r3705: Nobody has commented, so I'll take this as an ack...
abartlet, I'd like to ask you to take a severe look at this!
We have solved the problem to find the global groups a user is in twice: Once
in auth_util.c and another time for the corresponding samr call. The attached
patch unifies these and sends them through the passdb backend (new function
pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further
optimize the corresponding call if the samba and posix accounts are unified by
issuing a specialized ldap query.
The parameter to activate this ldapsam behaviour is
ldapsam:trusted = yes
Volker
(This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989)
Diffstat (limited to 'source3/rpc_server/srv_util.c')
| -rw-r--r-- | source3/rpc_server/srv_util.c | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 215471b444..2689d89972 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -79,65 +79,6 @@ static const rid_name domain_group_rids[] = { 0 , NULL } }; -/******************************************************************* - gets a domain user's groups - ********************************************************************/ -BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass) -{ - - const char *username = pdb_get_username(sam_pass); - int n_unix_groups; - int i,j; - gid_t *unix_groups; - - *numgroups = 0; - *pgids = NULL; - - if (!getgroups_user(username, &unix_groups, &n_unix_groups)) { - return False; - } - - /* now setup the space for storing the SIDS */ - - if (n_unix_groups > 0) { - - *pgids = talloc(ctx, sizeof(DOM_GID) * n_unix_groups); - - if (!*pgids) { - DEBUG(0, ("get_user_group: malloc() failed for DOM_GID list!\n")); - SAFE_FREE(unix_groups); - return False; - } - } - - become_root(); - j = 0; - for (i = 0; i < n_unix_groups; i++) { - GROUP_MAP map; - uint32 rid; - - if (!pdb_getgrgid(&map, unix_groups[i])) { - DEBUG(3, ("get_user_groups: failed to convert gid %ld to a domain group!\n", - (long int)unix_groups[i+1])); - if (i == 0) { - DEBUG(1,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", username)); - DEBUGADD(1,("get_domain_user_groups: You should fix it, NT doesn't like that\n")); - } - } else if ((map.sid_name_use == SID_NAME_DOM_GRP) - && sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid)) { - (*pgids)[j].attr=7; - (*pgids)[j].g_rid=rid; - j++; - } - } - unbecome_root(); - - *numgroups = j; - - SAFE_FREE(unix_groups); - - return True; -} /******************************************************************* gets a domain user's groups from their already-calculated NT_USER_TOKEN |