summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-12 12:14:59 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-12 16:45:48 +0200
commitd2c25e1b11c3ce1e59da2ee7148b5b4ad37a9167 (patch)
treed7d8484c897af5642ec0f82a0c5c4e99b5546bb9 /source4
parent4a8ee9a333ef2b9d0f0cc39c5debf9344cff1f83 (diff)
downloadsamba-d2c25e1b11c3ce1e59da2ee7148b5b4ad37a9167.tar.gz
samba-d2c25e1b11c3ce1e59da2ee7148b5b4ad37a9167.tar.bz2
samba-d2c25e1b11c3ce1e59da2ee7148b5b4ad37a9167.zip
s4:dcesrv_samr_GetAliasMembership - provide a correct implementation
We could also have no valid SID specified at all and also then we have to return an empty array with "NT_STATUS_OK". This shows the torture testsuite.
Diffstat (limited to 'source4')
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c62
1 files changed, 31 insertions, 31 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 78206d856f..9f44dc55d6 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1525,6 +1525,8 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
{
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
+ const char *filter;
+ const char * const attrs[] = { "objectSid", NULL };
struct ldb_message **res;
uint32_t i;
int count = 0;
@@ -1533,43 +1535,43 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
d_state = h->data;
- if (r->in.sids->num_sids > 0) {
- const char *filter;
- const char * const attrs[2] = { "objectSid", NULL };
-
- filter = talloc_asprintf(mem_ctx,
- "(&(|(grouptype=%d)(grouptype=%d))"
- "(objectclass=group)(|",
- GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
- GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
- if (filter == NULL)
- return NT_STATUS_NO_MEMORY;
-
- for (i=0; i<r->in.sids->num_sids; i++) {
- const char *memberdn;
+ filter = talloc_asprintf(mem_ctx,
+ "(&(|(grouptype=%d)(grouptype=%d))"
+ "(objectclass=group)(|",
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+ GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
+ if (filter == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- memberdn =
- samdb_search_string(d_state->sam_ctx,
- mem_ctx, NULL,
- "distinguishedName",
- "(objectSid=%s)",
- ldap_encode_ndr_dom_sid(mem_ctx,
- r->in.sids->sids[i].sid));
+ for (i=0; i<r->in.sids->num_sids; i++) {
+ const char *memberdn;
- if (memberdn == NULL)
- continue;
+ memberdn = samdb_search_string(d_state->sam_ctx,
+ mem_ctx, d_state->domain_dn,
+ "distinguishedName",
+ "(objectSid=%s)",
+ ldap_encode_ndr_dom_sid(mem_ctx, r->in.sids->sids[i].sid));
+ if (memberdn == NULL) {
+ continue;
+ }
- filter = talloc_asprintf(mem_ctx, "%s(member=%s)",
- filter, memberdn);
- if (filter == NULL)
- return NT_STATUS_NO_MEMORY;
+ filter = talloc_asprintf(mem_ctx, "%s(member=%s)", filter,
+ memberdn);
+ if (filter == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
+ }
+ /* Find out if we had at least one valid member SID passed - otherwise
+ * just skip the search. */
+ if (strstr(filter, "member") != NULL) {
count = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
d_state->domain_sid, "%s))", filter);
- if (count < 0)
+ if (count < 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
}
r->out.rids->count = 0;
@@ -1581,10 +1583,8 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal
struct dom_sid *alias_sid;
alias_sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
-
if (alias_sid == NULL) {
- DEBUG(0, ("Could not find objectSid\n"));
- continue;
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r->out.rids->ids[r->out.rids->count] =