diff options
| author | Volker Lendecke <vlendec@samba.org> | 2004-11-12 15:49:47 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:15 -0500 |
| commit | f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b (patch) | |
| tree | 226655c957de8578b3c3e0c854930b03e90d37a1 /source3/smbd/lanman.c | |
| parent | 69ddbbf97b4c37cba879f7dd9ce8cb5f4d336857 (diff) | |
| download | samba-f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b.tar.gz samba-f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b.tar.bz2 samba-f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b.zip | |
r3705: Nobody has commented, so I'll take this as an ack...
abartlet, I'd like to ask you to take a severe look at this!
We have solved the problem to find the global groups a user is in twice: Once
in auth_util.c and another time for the corresponding samr call. The attached
patch unifies these and sends them through the passdb backend (new function
pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further
optimize the corresponding call if the samba and posix accounts are unified by
issuing a specialized ldap query.
The parameter to activate this ldapsam behaviour is
ldapsam:trusted = yes
Volker
(This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989)
Diffstat (limited to 'source3/smbd/lanman.c')
| -rw-r--r-- | source3/smbd/lanman.c | 45 |
1 files changed, 22 insertions, 23 deletions
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index e7aa05b54a..1379877efc 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -1741,13 +1741,15 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para int count=0; SAM_ACCOUNT *sampw = NULL; BOOL ret = False; - DOM_GID *gids = NULL; - int num_groups = 0; + DOM_SID *sids; + gid_t *gids; + int num_groups; int i; fstring grp_domain; fstring grp_name; enum SID_NAME_USE grp_type; - DOM_SID sid, dom_sid; + struct passwd *passwd; + NTSTATUS result; *rparam_len = 8; *rparam = REALLOC(*rparam,*rparam_len); @@ -1778,6 +1780,11 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para /* Lookup the user information; This should only be one of our accounts (not remote domains) */ + + passwd = getpwnam_alloc(UserName); + + if (passwd == NULL) + return False; pdb_init_sam( &sampw ); @@ -1786,35 +1793,26 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para if ( !pdb_getsampwnam(sampw, UserName) ) goto out; - /* this next set of code is horribly inefficient, but since - it is rarely called, I'm going to leave it like this since - it easier to follow --jerry */ - - /* get the list of group SIDs */ - - if ( !get_domain_user_groups(conn->mem_ctx, &num_groups, &gids, sampw) ) { - DEBUG(1,("api_NetUserGetGroups: get_domain_user_groups() failed!\n")); + sids = NULL; + num_groups = 0; + + result = pdb_enum_group_memberships(pdb_get_username(sampw), + passwd->pw_gid, + &sids, &gids, &num_groups); + + if (!NT_STATUS_IS_OK(result)) goto out; - } - /* convert to names (we don't support universal groups so the domain - can only be ours) */ - - sid_copy( &dom_sid, get_global_sam_sid() ); for (i=0; i<num_groups; i++) { - /* make the DOM_GID into a DOM_SID and then lookup - the name */ - - sid_copy( &sid, &dom_sid ); - sid_append_rid( &sid, gids[i].g_rid ); - - if ( lookup_sid(&sid, grp_domain, grp_name, &grp_type) ) { + if ( lookup_sid(&sids[i], grp_domain, grp_name, &grp_type) ) { pstrcpy(p, grp_name); p += 21; count++; } } + + SAFE_FREE(sids); *rdata_len = PTR_DIFF(p,*rdata); @@ -1827,6 +1825,7 @@ out: unbecome_root(); /* END ROOT BLOCK */ pdb_free_sam( &sampw ); + passwd_free(&passwd); return ret; } |