summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_util.c2
-rw-r--r--source3/lib/util_sid.c9
-rw-r--r--source3/winbindd/winbindd_pam.c2
-rw-r--r--source3/winbindd/winbindd_util.c50
4 files changed, 20 insertions, 43 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index a95a59ea46..7013285809 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1620,7 +1620,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
nt_status = sid_array_from_info3(result, info3,
&result->sids,
&result->num_sids,
- False);
+ false, false);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(result);
return nt_status;
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index fd2e93a697..6b83f9ce65 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -668,7 +668,8 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
DOM_SID **user_sids,
size_t *num_user_sids,
- bool include_user_group_rid)
+ bool include_user_group_rid,
+ bool skip_ressource_groups)
{
NTSTATUS status;
DOM_SID sid;
@@ -728,6 +729,12 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
*/
for (i = 0; i < info3->sidcount; i++) {
+
+ if (skip_ressource_groups &&
+ (info3->sids[i].attributes & SE_GROUP_RESOURCE)) {
+ continue;
+ }
+
status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
&sid_array, &num_sids);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 972a3bf3b9..bc27f3db20 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -313,7 +313,7 @@ static NTSTATUS check_info3_in_group(TALLOC_CTX *mem_ctx,
status = sid_array_from_info3(mem_ctx, info3,
&token->user_sids,
&token->num_sids,
- True);
+ true, false);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 641fd5a9f5..ec97b49428 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1274,14 +1274,11 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain,
{
struct netr_SamInfo3 *info3 = NULL;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- int i;
size_t num_groups = 0;
- DOM_SID group_sid, primary_group;
-
+
DEBUG(3,(": lookup_usergroups_cached\n"));
-
+
*user_sids = NULL;
- num_groups = 0;
*p_num_groups = 0;
info3 = netsamlogon_cache_get(mem_ctx, user_sid);
@@ -1294,46 +1291,19 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain,
TALLOC_FREE(info3);
return NT_STATUS_UNSUCCESSFUL;
}
-
- /* always add the primary group to the sid array */
- sid_compose(&primary_group, info3->base.domain_sid, info3->base.rid);
-
- status = add_sid_to_array(mem_ctx, &primary_group, user_sids,
- &num_groups);
+
+ /* Skip Domain local groups outside our domain.
+ We'll get these from the getsidaliases() RPC call. */
+ status = sid_array_from_info3(mem_ctx, info3,
+ user_sids,
+ &num_groups,
+ true, true);
+
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(info3);
return status;
}
- for (i=0; i < info3->base.groups.count; i++) {
- sid_copy(&group_sid, info3->base.domain_sid);
- sid_append_rid(&group_sid, info3->base.groups.rids[i].rid);
-
- status = add_sid_to_array(mem_ctx, &group_sid, user_sids,
- &num_groups);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(info3);
- return status;
- }
- }
-
- /* Add any Universal groups in the other_sids list */
-
- for (i=0; i < info3->sidcount; i++) {
- /* Skip Domain local groups outside our domain.
- We'll get these from the getsidaliases() RPC call. */
- if (info3->sids[i].attributes & SE_GROUP_RESOURCE)
- continue;
-
- status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
- user_sids, &num_groups);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(info3);
- return status;
- }
- }
-
-
TALLOC_FREE(info3);
*p_num_groups = num_groups;
status = (user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;