summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-29 14:52:43 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-29 15:14:01 +0200
commit2198831e6b7c112b8f7551fccb25305742636df2 (patch)
treea88f76a2ad6d4fe3017c5b4e5261e54755b8c6ee /source4/auth
parent1662e383dd890d48e0e1207a51d4b3f9fb12ab65 (diff)
downloadsamba-2198831e6b7c112b8f7551fccb25305742636df2.tar.gz
samba-2198831e6b7c112b8f7551fccb25305742636df2.tar.bz2
samba-2198831e6b7c112b8f7551fccb25305742636df2.zip
Revert "s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN."
This reverts commit fa9557fee3ca546878d99b77f1ff37f724c37024. See post "Endi's Bug 7530 patches (LDAP backend)" on samba-technical.
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/sam.c25
1 files changed, 4 insertions, 21 deletions
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index cf2e2190e6..7a776b9b74 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -305,7 +305,7 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
struct ldb_dn *dn;
struct dom_sid sid;
TALLOC_CTX *tmp_ctx;
- struct ldb_result *res = NULL;
+ struct ldb_result *res;
NTSTATUS status;
const struct ldb_message_element *el;
@@ -321,22 +321,9 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- /* We expect an extended DN with the SID included but we can fallback
- * to search the extended components if they weren't provided. */
status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
if (!NT_STATUS_IS_OK(status)) {
- ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs,
- DSDB_SEARCH_SHOW_EXTENDED_DN);
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
- dn = res->msgs[0]->dn;
- status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
- }
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, (__location__ ": when parsing DN %s we failed to find or SID component, so we cannot calculate the group token: %s\n",
+ DEBUG(0, (__location__ ": when parsing DN %s we failed to find our SID component, so we cannot calculate the group token: %s\n",
ldb_dn_get_extended_linearized(tmp_ctx, dn, 1),
nt_errstr(status)));
talloc_free(tmp_ctx);
@@ -344,12 +331,8 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
}
if (only_childs) {
- /* If we didn't get the SID as extended DN then we already have
- * performed exactly this search. */
- if (res == NULL) {
- ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs,
- DSDB_SEARCH_SHOW_EXTENDED_DN);
- }
+ ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs,
+ DSDB_SEARCH_SHOW_EXTENDED_DN);
} else {
/* This is an O(n^2) linear search */
already_there = sids_contains_sid((const struct dom_sid**) *res_sids,