summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/utils/net_ads.c72
1 files changed, 57 insertions, 15 deletions
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 8f76c0eb09..9ca52a87bc 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "utils/net.h"
#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "nsswitch/libwbclient/wbclient.h"
#ifdef HAVE_ADS
@@ -518,44 +519,84 @@ static int ads_user_add(struct net_context *c, int argc, const char **argv)
static int ads_user_info(struct net_context *c, int argc, const char **argv)
{
- ADS_STRUCT *ads;
+ ADS_STRUCT *ads = NULL;
ADS_STATUS rc;
- LDAPMessage *res;
- const char *attrs[] = {"memberOf", NULL};
+ LDAPMessage *res = NULL;
+ TALLOC_CTX *frame;
+ int ret = 0;
+ wbcErr wbc_status;
+ const char *attrs[] = {"memberOf", "primaryGroupID", NULL};
char *searchstring=NULL;
char **grouplist;
+ char *primary_group;
char *escaped_user;
+ DOM_SID primary_group_sid;
+ uint32_t group_rid;
+ enum SID_NAME_USE type;
if (argc < 1 || c->display_usage) {
return net_ads_user_usage(c, argc, argv);
}
- escaped_user = escape_ldap_string(talloc_tos(), argv[0]);
+ frame = talloc_new(talloc_tos());
+ if (frame == NULL) {
+ return -1;
+ }
+ escaped_user = escape_ldap_string(frame, argv[0]);
if (!escaped_user) {
d_fprintf(stderr, "ads_user_info: failed to escape user %s\n", argv[0]);
return -1;
}
if (!ADS_ERR_OK(ads_startup(c, false, &ads))) {
- TALLOC_FREE(escaped_user);
- return -1;
+ ret = -1;
+ goto error;
}
if (asprintf(&searchstring, "(sAMAccountName=%s)", escaped_user) == -1) {
- TALLOC_FREE(escaped_user);
- return -1;
+ ret =-1;
+ goto error;
}
rc = ads_search(ads, &res, searchstring, attrs);
SAFE_FREE(searchstring);
if (!ADS_ERR_OK(rc)) {
d_fprintf(stderr, "ads_search: %s\n", ads_errstr(rc));
- ads_destroy(&ads);
- TALLOC_FREE(escaped_user);
- return -1;
+ ret = -1;
+ goto error;
+ }
+
+ if (!ads_pull_uint32(ads, res, "primaryGroupID", &group_rid)) {
+ d_fprintf(stderr, "ads_pull_uint32 failed\n");
+ ret = -1;
+ goto error;
}
+ rc = ads_domain_sid(ads, &primary_group_sid);
+ if (!ADS_ERR_OK(rc)) {
+ d_fprintf(stderr, "ads_domain_sid: %s\n", ads_errstr(rc));
+ ret = -1;
+ goto error;
+ }
+
+ sid_append_rid(&primary_group_sid, group_rid);
+
+ wbc_status = wbcLookupSid((struct wbcDomainSid *)&primary_group_sid,
+ NULL, /* don't look up domain */
+ &primary_group,
+ (enum wbcSidType *) &type);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ d_fprintf(stderr, "wbcLookupSid: %s\n",
+ wbcErrorString(wbc_status));
+ ret = -1;
+ goto error;
+ }
+
+ d_printf("%s\n", primary_group);
+
+ wbcFreeMemory(primary_group);
+
grouplist = ldap_get_values((LDAP *)ads->ldap.ld,
(LDAPMessage *)res, "memberOf");
@@ -570,10 +611,11 @@ static int ads_user_info(struct net_context *c, int argc, const char **argv)
ldap_value_free(grouplist);
}
- ads_msgfree(ads, res);
- ads_destroy(&ads);
- TALLOC_FREE(escaped_user);
- return 0;
+error:
+ if (res) ads_msgfree(ads, res);
+ if (ads) ads_destroy(&ads);
+ TALLOC_FREE(frame);
+ return ret;
}
static int ads_user_delete(struct net_context *c, int argc, const char **argv)