diff options
| -rw-r--r-- | source3/utils/net_rpc_samsync.c | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 909ed298cb..42bb480844 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -717,7 +717,145 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, static NTSTATUS fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) { +#if 0 /* + * commented out right now after talking to Volker. Can't + * do much with the membership but seemed a shame to waste + * somewhat working code. Needs testing because the membership + * that shows up surprises me. Also can't do much with groups + * in groups (e.g. Domain Admins being a member of Adminsitrators). + * --jerry + */ + int i; + TALLOC_CTX *t = NULL; + char **nt_members = NULL; + char **unix_members; + DOM_SID group_sid; + GROUP_MAP map; + struct group *grp; + enum SID_NAME_USE sid_type; + + if (delta->num_members == 0) { + return NT_STATUS_OK; + } + + sid_copy(&group_sid, &dom_sid); + sid_append_rid(&group_sid, rid); + + if (sid_equal(&dom_sid, &global_sid_Builtin)) { + sid_type = SID_NAME_WKN_GRP; + if (!get_builtin_group_from_sid(group_sid, &map, False)) { + DEBUG(0, ("Could not find builtin group %s\n", sid_string_static(&group_sid))); + return NT_STATUS_NO_SUCH_GROUP; + } + } else { + sid_type = SID_NAME_ALIAS; + if (!get_local_group_from_sid(group_sid, &map, False)) { + DEBUG(0, ("Could not find local group %s\n", sid_string_static(&group_sid))); + return NT_STATUS_NO_SUCH_GROUP; + } + } + + if (!(grp = getgrgid(map.gid))) { + DEBUG(0, ("Could not find unix group %d\n", map.gid)); + return NT_STATUS_NO_SUCH_GROUP; + } + + d_printf("Group members of %s: ", grp->gr_name); + + if (!(t = talloc_init("fetch_group_mem_info"))) { + DEBUG(0, ("could not talloc_init\n")); + return NT_STATUS_NO_MEMORY; + } + + nt_members = talloc_zero(t, sizeof(char *) * delta->num_members); + + for (i=0; i<delta->num_members; i++) { + NTSTATUS nt_status; + SAM_ACCOUNT *member = NULL; + DOM_SID member_sid; + + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(t, &member))) { + talloc_destroy(t); + return nt_status; + } + + sid_copy(&member_sid, &delta->sids[i].sid); + + if (!pdb_getsampwsid(member, &member_sid)) { + DEBUG(1, ("Found bogus group member: (member_sid=%s group=%s)\n", + sid_string_static(&member_sid), grp->gr_name)); + pdb_free_sam(&member); + continue; + } + + if (pdb_get_group_rid(member) == rid) { + d_printf("%s(primary),", pdb_get_username(member)); + pdb_free_sam(&member); + continue; + } + + d_printf("%s,", pdb_get_username(member)); + nt_members[i] = talloc_strdup(t, pdb_get_username(member)); + pdb_free_sam(&member); + } + + d_printf("\n"); + + unix_members = grp->gr_mem; + + while (*unix_members) { + BOOL is_nt_member = False; + for (i=0; i<delta->num_members; i++) { + if (nt_members[i] == NULL) { + /* This was a primary group */ + continue; + } + + if (strcmp(*unix_members, nt_members[i]) == 0) { + is_nt_member = True; + break; + } + } + if (!is_nt_member) { + /* We look at a unix group member that is not + an nt group member. So, remove it. NT is + boss here. */ + smb_delete_user_group(grp->gr_name, *unix_members); + } + unix_members += 1; + } + + for (i=0; i<delta->num_members; i++) { + BOOL is_unix_member = False; + + if (nt_members[i] == NULL) { + /* This was the primary group */ + continue; + } + + unix_members = grp->gr_mem; + + while (*unix_members) { + if (strcmp(*unix_members, nt_members[i]) == 0) { + is_unix_member = True; + break; + } + unix_members += 1; + } + + if (!is_unix_member) { + /* We look at a nt group member that is not a + unix group member currently. So, add the nt + group member. */ + smb_add_user_group(grp->gr_name, nt_members[i]); + } + } + + talloc_destroy(t); + +#endif /* end of fetch_alias_mem() */ + return NT_STATUS_OK; } |