summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/passdb/pdb_ads.c60
1 files changed, 57 insertions, 3 deletions
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index abd9f75a57..b87d43226c 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -24,6 +24,8 @@ static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m,
const DOM_SID *sid);
static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid,
DOM_SID *sid);
+static bool pdb_ads_dnblob2sid(struct tldap_context *ld, DATA_BLOB *dnblob,
+ struct dom_sid *psid);
struct pdb_ads_state {
@@ -713,10 +715,62 @@ static NTSTATUS pdb_ads_enum_group_mapping(struct pdb_methods *m,
static NTSTATUS pdb_ads_enum_group_members(struct pdb_methods *m,
TALLOC_CTX *mem_ctx,
const DOM_SID *group,
- uint32 **pp_member_rids,
- size_t *p_num_members)
+ uint32 **pmembers,
+ size_t *pnum_members)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct pdb_ads_state *state = talloc_get_type_abort(
+ m->private_data, struct pdb_ads_state);
+ const char *attrs[1] = { "member" };
+ char *sidstr;
+ struct tldap_message **msg;
+ int i, rc, num_members;
+ DATA_BLOB *blobs;
+ uint32_t *members;
+
+ sidstr = sid_binstring(talloc_tos(), group);
+ NT_STATUS_HAVE_NO_MEMORY(sidstr);
+
+ rc = tldap_search_fmt(state->ld, state->domaindn, TLDAP_SCOPE_SUB,
+ attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &msg,
+ "(objectsid=%s)", sidstr);
+ TALLOC_FREE(sidstr);
+ if (rc != TLDAP_SUCCESS) {
+ DEBUG(10, ("ldap_search failed %s\n",
+ tldap_errstr(debug_ctx(), state->ld, rc)));
+ return NT_STATUS_LDAP(rc);
+ }
+ switch talloc_array_length(msg) {
+ case 0:
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ break;
+ case 1:
+ break;
+ default:
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ break;
+ }
+
+ if (!tldap_entry_values(msg[0], "member", &num_members, &blobs)) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ members = talloc_array(mem_ctx, uint32_t, num_members);
+ if (members == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i<num_members; i++) {
+ struct dom_sid sid;
+ if (!pdb_ads_dnblob2sid(state->ld, &blobs[i], &sid)
+ || !sid_peek_rid(&sid, &members[i])) {
+ TALLOC_FREE(members);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ }
+
+ *pmembers = members;
+ *pnum_members = num_members;
+ return NT_STATUS_OK;
}
static NTSTATUS pdb_ads_enum_group_memberships(struct pdb_methods *m,