summaryrefslogtreecommitdiff
path: root/source4/utils/net
diff options
context:
space:
mode:
authorWilco Baan Hofman <wilco@baanhofman.nl>2010-05-21 23:49:45 +0200
committerJelmer Vernooij <jelmer@samba.org>2010-06-20 17:19:12 +0200
commite1f22174e172971ef8b0460da076a138b1fa73e4 (patch)
tree5f99117811f20adacc55c67aa98f9dcb2e9eca73 /source4/utils/net
parent3895b8fbf84764ff603af91644198e518af97e74 (diff)
downloadsamba-e1f22174e172971ef8b0460da076a138b1fa73e4.tar.gz
samba-e1f22174e172971ef8b0460da076a138b1fa73e4.tar.bz2
samba-e1f22174e172971ef8b0460da076a138b1fa73e4.zip
Fix net gpo list to use the dsdb with extended DN's. Fixes memberOf group memberships.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Diffstat (limited to 'source4/utils/net')
-rw-r--r--source4/utils/net/net_gpo.c21
1 files changed, 19 insertions, 2 deletions
diff --git a/source4/utils/net/net_gpo.c b/source4/utils/net/net_gpo.c
index 45f568c192..6e2abc4b4d 100644
--- a/source4/utils/net/net_gpo.c
+++ b/source4/utils/net/net_gpo.c
@@ -28,6 +28,7 @@
#include "param/param.h"
#include "libcli/security/sddl.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
#include "lib/policy/policy.h"
static int net_gpo_list_all_usage(struct net_context *ctx, int argc, const char **argv)
@@ -211,22 +212,27 @@ static int net_gpo_list(struct net_context *ctx, int argc, const char **argv)
NTSTATUS status;
int rv;
unsigned int i;
+ struct auth_context *auth_context;
if (argc != 1) {
return net_gpo_list_usage(ctx, argc, argv);
}
+
status = gp_init(ctx, ctx->lp_ctx, ctx->credentials, ctx->event_ctx, &gp_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(status)));
return 1;
}
- rv = ldb_search(gp_ctx->ldb_ctx,
+ /* Find the user in the directory. We need extended DN's for group expansion
+ * in authsam_make_server_info */
+ rv = dsdb_search(gp_ctx->ldb_ctx,
gp_ctx,
&result,
ldb_get_default_basedn(gp_ctx->ldb_ctx),
LDB_SCOPE_SUBTREE,
NULL,
+ DSDB_SEARCH_SHOW_EXTENDED_DN,
"(&(objectClass=user)(sAMAccountName=%s))", argv[0]);
if (rv != LDB_SUCCESS) {
DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv),ldb_errstring(gp_ctx->ldb_ctx)));
@@ -241,6 +247,8 @@ static int net_gpo_list(struct net_context *ctx, int argc, const char **argv)
return 1;
}
+ /* We need the server info, as this will contain the groups of this
+ * user, needed for a token */
status = authsam_make_server_info(gp_ctx,
gp_ctx->ldb_ctx,
lp_netbios_name(gp_ctx->lp_ctx),
@@ -256,7 +264,16 @@ static int net_gpo_list(struct net_context *ctx, int argc, const char **argv)
return 1;
}
- status = auth_generate_session_info(gp_ctx, gp_ctx->ev_ctx, gp_ctx->lp_ctx, server_info, &session_info);
+ /* We do now need an auth context to create a session */
+ status = auth_context_create_from_ldb(gp_ctx, gp_ctx->ldb_ctx, &auth_context);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to get an auth context: %s\n", get_friendly_nt_error_msg(status)));
+ talloc_free(gp_ctx);
+ return 1;
+ }
+
+ /* The session info will contain the security token for this user */
+ status = auth_generate_session_info(gp_ctx, auth_context, server_info, 0, &session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to generate session information: %s\n", get_friendly_nt_error_msg(status)));
talloc_free(gp_ctx);