r3566: Completely replace the queryuseraliases call. The previous implementation does

not exactly match what you would expect.

XP workstations during login actually do this, so we should better become a
bit more correct. The LDAP query issued is not really fully optimal, but it is
a lot faster and more correct than what was there before. The change in
passdb.h makes it possible that queryuseraliases is done with a single ldap
query.

Volker
(This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)

1 files changed, 0 insertions, 175 deletions

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index ce8e02fae7..215471b444 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -82,181 +82,6 @@ static const rid_name domain_group_rids[] =
 /*******************************************************************
  gets a domain user's groups
  ********************************************************************/
-NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
-{
-	SAM_ACCOUNT *sam_pass=NULL;
-	int i, cur_rid=0;
-	gid_t gid;
-	gid_t *groups = NULL;
-	int num_groups;
-	GROUP_MAP map;
-	DOM_SID tmp_sid;
-	fstring user_name;
-	fstring str_domsid, str_qsid;
-	uint32 rid,grid;
-	uint32 *rids=NULL, *new_rids=NULL;
-	gid_t winbind_gid_low, winbind_gid_high;
-	BOOL ret;
-	BOOL winbind_groups_exist;
-
-	*prids=NULL;
-	*numgroups=0;
-
-	winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high);
-
-
-	DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", 
-	          sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
-
-	pdb_init_sam(&sam_pass);
-	become_root();
-	ret = pdb_getsampwsid(sam_pass, q_sid);
-	unbecome_root();
-	if (ret == False) {
-		pdb_free_sam(&sam_pass);
-		return NT_STATUS_NO_SUCH_USER;
-	}
-
-	fstrcpy(user_name, pdb_get_username(sam_pass));
-	grid=pdb_get_group_rid(sam_pass);
-	if (!NT_STATUS_IS_OK(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
-		/* this should never happen */
-		DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n"));
-		pdb_free_sam(&sam_pass);
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
-	ret = getgroups_user(user_name, &groups, &num_groups);	
-	if (!ret) {
-		/* this should never happen */
-		DEBUG(2,("get_alias_user_groups: getgroups_user failed\n"));
-		pdb_free_sam(&sam_pass);
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
-	for (i=0;i<num_groups;i++) {
-
-		become_root();
-		ret = get_group_from_gid(groups[i], &map);
-		unbecome_root();
-		
-		if ( !ret ) {
-			DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
-			continue;
-		}
-		
-		/* if it's not an alias, continue */
-		if (map.sid_name_use != SID_NAME_ALIAS) {
-			DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
-			continue;
-		}
-
-		sid_copy(&tmp_sid, &map.sid);
-		sid_split_rid(&tmp_sid, &rid);
-		
-		/* if the sid is not in the correct domain, continue */
-		if (!sid_equal(&tmp_sid, sid)) {
-			DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
-			continue;
-		}
-
-		/* Don't return winbind groups as they are not local! */
-		if (winbind_groups_exist && (groups[i] >= winbind_gid_low) && (groups[i] <= winbind_gid_high)) {
-			DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
-			continue;
-		}
-
-		/* Don't return user private groups... */
-		if (Get_Pwnam(map.nt_name) != 0) {
-			DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
-			continue;			
-		}
-		
-		new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
-		if (new_rids==NULL) {
-			DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
-			pdb_free_sam(&sam_pass);
-			free(groups);
-			return NT_STATUS_NO_MEMORY;
-		}
-		rids=new_rids;
-		
-		sid_peek_rid(&map.sid, &(rids[cur_rid]));
-		cur_rid++;
-		break;
-	}
-
-	if(num_groups) 
-		free(groups);
-
-	/* now check for the user's gid (the primary group rid) */
-	for (i=0; i<cur_rid && grid!=rids[i]; i++)
-		;
-
-	/* the user's gid is already there */
-	if (i!=cur_rid) {
-		DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n"));
-		goto done;
-	}
-
-	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
-
-	if(!get_group_from_gid(gid, &map)) {
-		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your "
-		"/etc/passwd and /etc/group files\n", user_name));
-		goto done;
-	}	
-
-	/* the primary group isn't an alias */
-	if (map.sid_name_use!=SID_NAME_ALIAS) {
-		DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
-		goto done;
-	}
-
-	sid_copy(&tmp_sid, &map.sid);
-	sid_split_rid(&tmp_sid, &rid);
-
-	/* if the sid is not in the correct domain, continue */
-	if (!sid_equal(&tmp_sid, sid)) {
-		DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
-		goto done;
-	}
-
-	/* Don't return winbind groups as they are not local! */
-	if (winbind_groups_exist && (gid >= winbind_gid_low) && (gid <= winbind_gid_high)) {
-		DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
-		goto done;
-	}
-
-	/* Don't return user private groups... */
-	if (Get_Pwnam(map.nt_name) != 0) {
-		DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
-		goto done;			
-	}
-
-	new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
-	if (new_rids==NULL) {
-		DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
-		pdb_free_sam(&sam_pass);
-		return NT_STATUS_NO_MEMORY;
-	}
-	rids=new_rids;
-
- 	sid_peek_rid(&map.sid, &(rids[cur_rid]));
-	cur_rid++;
-
-done:
- 	*prids=rids;
-	*numgroups=cur_rid;
-	pdb_free_sam(&sam_pass);
-
-	return NT_STATUS_OK;
-}
-
-
-/*******************************************************************
- gets a domain user's groups
- ********************************************************************/
 BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
 {