diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-06-28 20:25:47 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-06-28 20:31:37 +0200 |
commit | a782eaa2fd6f9b7e7b1ebdab0e0b53e4123cca43 (patch) | |
tree | 1fbd38c5d4eafb511b4bb37b95cb99eab7a23111 /source4/auth | |
parent | 03ffed73db41e9433ddc41a6fddf79c2a632a043 (diff) | |
download | samba-a782eaa2fd6f9b7e7b1ebdab0e0b53e4123cca43.tar.gz samba-a782eaa2fd6f9b7e7b1ebdab0e0b53e4123cca43.tar.bz2 samba-a782eaa2fd6f9b7e7b1ebdab0e0b53e4123cca43.zip |
s4:auth/sam.c - "authsam_expand_nested_groups" - cosmetic/comments
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/sam.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 20e242b1cc..b26e5264a7 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -279,16 +279,16 @@ static bool sids_contains_sid(const struct dom_sid **sids, /* - * This function generates the transitive closure of a given SID "sid" (it - * basically expands nested groups of a SID). - * If the SID isn't located in the "res_sids" structure yet and the - * "only_childs" flag is negative, we add it to "res_sids". + * This function generates the transitive closure of a given SAM object "dn_val" + * (it basically expands nested memberships). + * If the object isn't located in the "res_sids" structure yet and the + * "only_childs" flag is false, we add it to "res_sids". * Then we've always to consider the "memberOf" attributes. We invoke the - * function recursively on each item of it with the "only_childs" flag set to + * function recursively on each of it with the "only_childs" flag set to * "false". - * The "only_childs" flag is particularly useful if you have a user SID and - * want to include all his groups (referenced with "memberOf") without his SID - * itself, or considering if that SID matches the filter + * The "only_childs" flag is particularly useful if you have a user object and + * want to include all it's groups (referenced with "memberOf") but not itself + * or considering if that object matches the filter. * * At the beginning "res_sids" should reference to a NULL pointer. */ @@ -320,6 +320,8 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, return NT_STATUS_INTERNAL_DB_CORRUPTION; } + /* We expect an extended DN with the SID included but we can fallback + * to search the extended components if they weren't provided. */ status = dsdb_get_extended_dn_sid(dn, &sid, "SID"); if (!NT_STATUS_IS_OK(status)) { ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs, @@ -333,7 +335,7 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, } if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, (__location__ ": when parsing DN %s we failed to find or parse SID component, so we cannot calculate the group token: %s\n", + DEBUG(0, (__location__ ": when parsing DN %s we failed to find or SID component, so we cannot calculate the group token: %s\n", ldb_dn_get_extended_linearized(tmp_ctx, dn, 1), nt_errstr(status))); talloc_free(tmp_ctx); |