diff options
| author | Wilco Baan Hofman <wilco@baanhofman.nl> | 2010-05-21 23:49:45 +0200 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2010-06-20 17:19:12 +0200 |
| commit | e1f22174e172971ef8b0460da076a138b1fa73e4 (patch) | |
| tree | 5f99117811f20adacc55c67aa98f9dcb2e9eca73 /source4/utils | |
| parent | 3895b8fbf84764ff603af91644198e518af97e74 (diff) | |
| download | samba-e1f22174e172971ef8b0460da076a138b1fa73e4.tar.gz samba-e1f22174e172971ef8b0460da076a138b1fa73e4.tar.bz2 samba-e1f22174e172971ef8b0460da076a138b1fa73e4.zip | |
Fix net gpo list to use the dsdb with extended DN's. Fixes memberOf group memberships.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Diffstat (limited to 'source4/utils')
| -rw-r--r-- | source4/utils/net/net_gpo.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/source4/utils/net/net_gpo.c b/source4/utils/net/net_gpo.c index 45f568c192..6e2abc4b4d 100644 --- a/source4/utils/net/net_gpo.c +++ b/source4/utils/net/net_gpo.c @@ -28,6 +28,7 @@ #include "param/param.h" #include "libcli/security/sddl.h" #include "dsdb/samdb/samdb.h" +#include "dsdb/common/util.h" #include "lib/policy/policy.h" static int net_gpo_list_all_usage(struct net_context *ctx, int argc, const char **argv) @@ -211,22 +212,27 @@ static int net_gpo_list(struct net_context *ctx, int argc, const char **argv) NTSTATUS status; int rv; unsigned int i; + struct auth_context *auth_context; if (argc != 1) { return net_gpo_list_usage(ctx, argc, argv); } + status = gp_init(ctx, ctx->lp_ctx, ctx->credentials, ctx->event_ctx, &gp_ctx); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Failed to connect to DC's LDAP: %s\n", get_friendly_nt_error_msg(status))); return 1; } - rv = ldb_search(gp_ctx->ldb_ctx, + /* Find the user in the directory. We need extended DN's for group expansion + * in authsam_make_server_info */ + rv = dsdb_search(gp_ctx->ldb_ctx, gp_ctx, &result, ldb_get_default_basedn(gp_ctx->ldb_ctx), LDB_SCOPE_SUBTREE, NULL, + DSDB_SEARCH_SHOW_EXTENDED_DN, "(&(objectClass=user)(sAMAccountName=%s))", argv[0]); if (rv != LDB_SUCCESS) { DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv),ldb_errstring(gp_ctx->ldb_ctx))); @@ -241,6 +247,8 @@ static int net_gpo_list(struct net_context *ctx, int argc, const char **argv) return 1; } + /* We need the server info, as this will contain the groups of this + * user, needed for a token */ status = authsam_make_server_info(gp_ctx, gp_ctx->ldb_ctx, lp_netbios_name(gp_ctx->lp_ctx), @@ -256,7 +264,16 @@ static int net_gpo_list(struct net_context *ctx, int argc, const char **argv) return 1; } - status = auth_generate_session_info(gp_ctx, gp_ctx->ev_ctx, gp_ctx->lp_ctx, server_info, &session_info); + /* We do now need an auth context to create a session */ + status = auth_context_create_from_ldb(gp_ctx, gp_ctx->ldb_ctx, &auth_context); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to get an auth context: %s\n", get_friendly_nt_error_msg(status))); + talloc_free(gp_ctx); + return 1; + } + + /* The session info will contain the security token for this user */ + status = auth_generate_session_info(gp_ctx, auth_context, server_info, 0, &session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Failed to generate session information: %s\n", get_friendly_nt_error_msg(status))); talloc_free(gp_ctx); |